We will have keynote talks from the following world-leading researchers.

Keynote Talk I: The First PQC Standards

Abstract

Abstract: In recent years, there has been a substantial amount of research on quantum computers – machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the internet and elsewhere. The goal of post-quantum cryptography is to develop cryptographic systems that are secure against both quantum and classical computers.

Eight years ago, the National Institute of Standards and Technology (NIST) initiated a public competition-like process to select new post-quantum cryptographic algorithms. After six years of evaluation and analysis, four algorithms were selected for standardization. In this talk, I will review the NIST PQC standardization project, and talk about the PQC standards that were recently published by NIST. I will also talk about future work in PQC.

Keynote Talk II: Automated Analysis for Pushing Performance Limits in Symmetric-Key Cryptography

Abstract

Symmetric-key cryptography is a crucial building block in security systems, with excellent performance being one of its main driver. Over the past decades, cryptography designers focused on various aspects of performance, from throughput, to latency, energy/power consumption, memory footprint, etc. and targeting more and more diverse platforms from high-end microprocessors to very small microcontrollers and constrained hardware. While pushing performances too much can have dramatic effects on the security of the new primitive, researchers now understand better the boundaries of this tradeoff and this pressure between performance and security led to creative constructions. In this talk, we will see how recent advances in automated cryptanalysis can assist designers in building more competitive primitives. In particular, we will revisit two high-profile use cases of symmetric-key cryptography and propose new ways to further push their current performance limits. First, we will focus on MAC constructions for high-end microprocessors with AES instructions: after a review of the state-of-the-art, we propose LeMac, a large-state primitive that is the fastest MAC as of today on these processors (0.068 c/B on Intel Ice Lake, an improvement of 60% in throughput compared to the state-of-the-art). Secondly, we will look at low-latency ciphers, used in several applications such as memory encryption, sensor data encryption, etc: we will show how automated cryptanalysis now allows to consider design spaces that were not reachable before, and how it can improve state-of-the-art low-latency records.

Keynote Talk III: Securely Working with Confidential Data: Threats and Mitigations across Layers from Infrastructure to AI Models

Abstract

Data could be the key driver of development and innovation. Yet, sensitivity or confidentiality constraints frequently hinder utilizing it to its fullest potential. In settings where data cannot be shared, thus relinquishing control over its use and distribution, how can we still enable data processing and use? Can sensitive or confidential data and research results obtained be FAIR (Findable, Accessible, Interoperable and Reuseable)? What threats exist at which layers of the infrastructure and in which steps of data analysis workflows?

In this talk we will take a look at the threats and requirements for processing sensitive or confidential data. We will start from the data infrastructure level, reviewing current approaches and safeguards in setting up trusted research environments (TREs) that enable data visiting and secure compute. We will then specifically take a look at the threats resulting from training deep neural network type machine learning models, considering disclosure risks such as membership inference attacks, data exfiltration or model stealing attacks and approaches to protect against these.