======== Agenda ======== 10:30-11:15 Mike Kudinov 11:30-12:15 João Faria Miranda Duarte 14:15-15:00 Monika Trimoska 15:15-16:00 Jelle Vos ==================================== Details ==================================== Mike Kudinov (TU/e) Title:   Latest results regarding the SPHINCS+ signature scheme Abstract:   In 2020, Kudinov, Kiktenko, and Fedorov pointed out a flaw in the tight security proof of the SPHINCS+ construction. In this talk, we discuss a new tight security proof for SPHINCS+. The flaw can be traced back to the security proof for the Winternitz one-time signature scheme (WOTS) used within SPHINCS+. We will talk about a security proof for WOTS and multi-instance WOTS against non-adaptive chosen message attacks where the adversary only learns the public key after it makes its signature queries. We argue that this is sufficient to give a tight security proof for SPHINCS+.   Moreover, we discuss new lower bounds on the quantum query complexity for generic attacks against properties of cryptographic hash functions.   Lastly, SPHINCS+C will be presented. This is a proposed modification to SPHINCS+ that allows for a better trade-off between the size of the signature, signature generation time, and verification time. --------------------------------- João Faria Miranda Duarte (TNO) Title:   The HAPKIDO Project: The Standardisation and Implementation of Hybrid Certificates Abstract:   Public-key infrastructures (PKI) are a crucial building block in providing and maintaining trust in digital communications through the use of cryptography. With the advent of large-scale quantum computers, PKIs are one of the most important digital systems that will be severely affected. Henceforth, the underlying cryptographic will need to be migrated to a new kind of quantum-safe cryptography. This transition is considered to be the most complex one in the history of cryptography due to its urgency and the lack of maturity of quantum-safe cryptography. Hence, the deployment of classical and quantum-safe cryptography will need to be carried out simultaneously, which can be done via a “hybrid” model which employs both classical and quantum-safe cryptography. This hybrid model will need to be standardised and multiple standards have been proposed, but some are not mature enough, or they do exist, but their implementation is either not available, incomplete, not open source, not production-ready or not compliant to standards.   HAPKIDO, Hybrid Approach for quantum-safe Public-Key Infrastructure Development for Organizations, is a project involving seven parties from the private and the public sector. In this talk, we will talk about the combined efforts, the challenges and the progress of the HAPKIDO Project, with a particular focus on the work done in the realm of hybrid certificates, which includes analysing standards, implementation and deployment challenges for said certificates. --------------------------------- Monika Trimoska (RU) Title:   Disorientation faults in CSIDH Abstract:   The cryptographic community is actively looking for alternatives for protecting our data and communications from adversaries with a large quantum computer. One of the families of post-quantum cryptography is based on the hardness of finding isogenies of elliptic curves. The isogeny-based scheme SIDH and its instantiation SIKE have recently been broken by a surprising polynomial-time attack. However, the CSIDH cryptosystem and protocols based on the CSIDH group action are not affected by the attack and remain a noteworthy target for cryptanalysis. In this work, we investigate a new class of fault-injection attacks against the CSIDH family of cryptographic group actions. Our disorientation attacks effectively flip the direction of some isogeny steps, resulting in an incorrect output curve. The placement of the disorientation fault during the algorithm influences the distribution of the output curve in a key-dependent manner. We explain how an attacker can post-process a set of faulty outputs to fully recover the private key. This presentation will focus on analysing the graph of faulty curves formed in the post-processing stage and getting an intuition on how it can be used to infer constraints on the secret key. This is joint work with Gustavo Banegas, Juliane Krämer, Tanja Lange, Michael Meyer, Lorenz Panny, Krijn Reijnders and Jana Sotáková. --------------------------------- Jelle Vos (TU Delft) Title:   TBA Abstract:   TBA