The program for SSR 2023 is as follows. See the Eurocrypt 2023 Affiliated Events page for venue information; SSR 2023 is held in room E.
The conference proceedings of SSR 2023 are published in the Springer LNCS series and available online (free online access during the conference from the link on this page).
Saturday, April 22
|Title||Session chairs / Authors|
|09:00–09:15||Welcome||PC Chairs: Felix Günther, Julia Hesse|
|09:15–10:15||Paper session 1: Post-quantum Protocols||Chair: Joseph Jaeger|
|Quantum-resistant MACsec and IPsec for Virtual Private Networks||
Stefan-Lukas Gazdag, Sophia Grundner-Culeman, Tobias Heider, Daniel Herzinger, Felix Schärtl, Joo Yeon Cho, Tobias Guggemos, and Daniel Loebenberger
genua GmbH, Ludwig-Maximilians-Universität Munich, –, genua GmbH, Fraunhofer Institut AISEC, ADVA Optical Networking, Ludwig-Maximilans-Universität Munich and University of Vienna, and Fraunhofer Institut AISEC
|Post-Quantum Security for the Extended Access Control Protocol||
Marc Fischlin, Jonas von der Heyden, Marian Margraf, Frank Morgner, Andreas Wallner, and Holger Bock
Technische Universität Darmstadt, Bergische Universität Wuppertal, Fraunhofer AISEC, Bundesdruckerei GmbH, Infineon Technologies, and Infineon Technologies
|10:45-12:00||Invited talk: Nadia Heninger (UC San Diego)||Chair: Julia Hesse|
|A collection of historical vulnerabilities in cryptographic standards|
|14:00–15:00||Joint session with STAP'23 (@ Salle des Thèses)|
Presentation by Luís Brandão (NIST/Strativia): Tackling advanced cryptography … toward standards?
Open discussion with the room on related topics
|15:30–16:00||Paper Session 2: Key Encapsulation Mechanisms||Chair: Marc Fischlin|
|A study of KEM generalizations||
Bertram Poettering and Simon Rastikian
IBM Research Europe - Zurich
|16:00–17:00||Paper session 3: Vision & Extended Discussion||Chair: Felix Günther|
|Vision Paper: Do we need to change some things? Open questions posed by the upcoming post-quantum migration to existing standards and deployments||
Panos Kampanakis and Tancrède Lepoint
Amazon Web Services
Sunday, April 23
|Title||Session chairs / Authors|
|09:00–10:15||Invited talk: Juraj Somorovsky (Paderborn University)||Chair: Felix Günther|
|Lessons learned from the recent TLS attacks|
|10:45–11:45||Paper session 4: IoT and Anonymous Credentials||Chair: Markulf Kohlweiss|
|On Reducing Underutilization of Security Standards by Deriving Actionable Rules: An Application to IoT||
Md Wasiuddin Pathan Shuvo, Md Nazmul Hoq, Suryadipta Majumdar, and Paria Shirani
Concordia University, Concordia University, Concordia University, and University of Ottawa
|SoK: Anonymous Credentials||
Saqib A. Kakvi, Keith M. Martin, Colin Putman, and Elisabeth A. Quaglia
Royal Holloway University of London
|14:00–15:15||Invited talk: Christopher Wood (Cloudflare Research)||Chair: Julia Hesse|
|Advancing Science and Software through Specifications|
|16:00–17:00||Panel: How to better integrate research and standardization processes?||Chair: Julia Hesse|
|with Joppe Bos (NXP), Luís Brandão (NIST/Strativia), Nadia Henninger (UC San Diego), Christopher Wood (Cloudflare Research)|
The panel on Sunday led to a lively discussion. Here is a summary of the main take-aways from that discussion.
Q: Should we still standardize non–quantum-safe protocols?
The panelists all agree that it is still viable to standardize non-quantum-safe cryptographic protocols. However, several further remarks were made on this.
- A focus should be on crypto agility and a path for standardizing a quantum-safe option later on. Useful lessons can be learned from standardizing the non-post-quantum method, enabling faster standardization of pq methods later.
- Standardization of non-post-quantum methods sends a mixed signal, and might confuse the consumers of such standards. One suggestion is to add a disclaimer to the standard.
- Tasks such as authentication or public key signature schemes with limited lifetime of verification keys can still use non-post-quantum methods for several years.
It was pointed out that approaches like GREASE can help to ensure protocols are post-quantum ready, e.g., testing with large, variable-length key and ciphertext fields.
Q: Competition (NIST) vs. community effort (IETF/IRTF) – What are the benefits of these different standardization bodies, and what are the drawbacks?
There is actually no clear separation between the NIST and IETF approaches. Competitions are also a community effort, and sometimes NIST and IETF interact (e.g., EdDSA, some AEAD modes). From the panelists’ experience, industry cares for government standards, but not for IETF ones. One benefit of the IETF is that it enables people from different companies to work together because they have to leave their IPR at the doorstep.
Q: How to incentivize research on ongoing standardization vs. attacking existing standards?
The clear and not very surprising reply was: money. Indeed, companies interested in shipping based on a to-be-standard might ask academics to do security analysis for money. Another remark is that dedicated workshops, like NIST’s or those on TLS 1.3 or QUIC, help to raise more interest in investing research on ongoing standardization efforts, in particular if they publish the results in the form of proceedings.
Q: Quo vadis SSR: Where to co-locate in the future? Crypto, Security?
From past editions, co-location with larger conferences has proven very effective. Alternating between crypto and security conferences may benefit attracting different audiences. One recommendation was to strengthen the links to standards bodies by considering to co-locate with an IETF meeting. Further, Real World Crypto was mentioned as an attractive event to co-locate with. The panelists also suggested welcoming negative results in the Call for Papers, or “uninteresting” ones that confirm that a standard works as expected, i.e., without finding any interesting attack on it.