Program

The program for SSR 2023 is as follows. See the Eurocrypt 2023 Affiliated Events page for venue information; SSR 2023 is held in room E.

The conference proceedings of SSR 2023 are published in the Springer LNCS series and available online (free online access during the conference from the link on this page).

Saturday, April 22

	Title	Session chairs / Authors
09:00–09:15	Welcome	PC Chairs: Felix Günther, Julia Hesse
09:15–10:15	Paper session 1: Post-quantum Protocols	Chair: Joseph Jaeger
	Quantum-resistant MACsec and IPsec for Virtual Private Networks	Stefan-Lukas Gazdag, Sophia Grundner-Culeman, Tobias Heider, Daniel Herzinger, Felix Schärtl, Joo Yeon Cho, Tobias Guggemos, and Daniel Loebenberger genua GmbH, Ludwig-Maximilians-Universität Munich, –, genua GmbH, Fraunhofer Institut AISEC, ADVA Optical Networking, Ludwig-Maximilans-Universität Munich and University of Vienna, and Fraunhofer Institut AISEC
	Post-Quantum Security for the Extended Access Control Protocol	Marc Fischlin, Jonas von der Heyden, Marian Margraf, Frank Morgner, Andreas Wallner, and Holger Bock Technische Universität Darmstadt, Bergische Universität Wuppertal, Fraunhofer AISEC, Bundesdruckerei GmbH, Infineon Technologies, and Infineon Technologies
10:15–10:45	Coffee break
10:45-12:00	Invited talk: Nadia Heninger (UC San Diego)	Chair: Julia Hesse
	A collection of historical vulnerabilities in cryptographic standards
12:00–14:00	Lunch break
14:00–15:00	Joint session with STAP'23 (@ Salle des Thèses)
	Presentation by Luís Brandão (NIST/Strativia): Tackling advanced cryptography … toward standards? Open discussion with the room on related topics
15:00–15:30	Coffee break
15:30–16:00	Paper Session 2: Key Encapsulation Mechanisms	Chair: Marc Fischlin
	A study of KEM generalizations	Bertram Poettering and Simon Rastikian IBM Research Europe - Zurich
16:00–17:00	Paper session 3: Vision & Extended Discussion	Chair: Felix Günther
	Vision Paper: Do we need to change some things? Open questions posed by the upcoming post-quantum migration to existing standards and deployments	Panos Kampanakis and Tancrède Lepoint Amazon Web Services

Sunday, April 23

	Title	Session chairs / Authors
09:00–10:15	Invited talk: Juraj Somorovsky (Paderborn University)	Chair: Felix Günther
	Lessons learned from the recent TLS attacks
10:15–10:45	Coffee break
10:45–11:45	Paper session 4: IoT and Anonymous Credentials	Chair: Markulf Kohlweiss
	On Reducing Underutilization of Security Standards by Deriving Actionable Rules: An Application to IoT	Md Wasiuddin Pathan Shuvo, Md Nazmul Hoq, Suryadipta Majumdar, and Paria Shirani Concordia University, Concordia University, Concordia University, and University of Ottawa
	SoK: Anonymous Credentials	Saqib A. Kakvi, Keith M. Martin, Colin Putman, and Elisabeth A. Quaglia Royal Holloway University of London
12:00–14:00	Lunch break
14:00–15:15	Invited talk: Christopher Wood (Cloudflare Research)	Chair: Julia Hesse
	Advancing Science and Software through Specifications
15:15-15:45	Coffee break
16:00–17:00	Panel: How to better integrate research and standardization processes?	Chair: Julia Hesse
	with Joppe Bos (NXP), Luís Brandão (NIST/Strativia), Nadia Henninger (UC San Diego), Christopher Wood (Cloudflare Research)

Panel Take-Aways

The panel on Sunday led to a lively discussion. Here is a summary of the main take-aways from that discussion.

Q: Should we still standardize non–quantum-safe protocols?

The panelists all agree that it is still viable to standardize non-quantum-safe cryptographic protocols. However, several further remarks were made on this.

A focus should be on crypto agility and a path for standardizing a quantum-safe option later on. Useful lessons can be learned from standardizing the non-post-quantum method, enabling faster standardization of pq methods later.
Standardization of non-post-quantum methods sends a mixed signal, and might confuse the consumers of such standards. One suggestion is to add a disclaimer to the standard.
Tasks such as authentication or public key signature schemes with limited lifetime of verification keys can still use non-post-quantum methods for several years.

It was pointed out that approaches like GREASE can help to ensure protocols are post-quantum ready, e.g., testing with large, variable-length key and ciphertext fields.

Q: Competition (NIST) vs. community effort (IETF/IRTF) – What are the benefits of these different standardization bodies, and what are the drawbacks?

There is actually no clear separation between the NIST and IETF approaches. Competitions are also a community effort, and sometimes NIST and IETF interact (e.g., EdDSA, some AEAD modes). From the panelists’ experience, industry cares for government standards, but not for IETF ones. One benefit of the IETF is that it enables people from different companies to work together because they have to leave their IPR at the doorstep.

Q: How to incentivize research on ongoing standardization vs. attacking existing standards?

The clear and not very surprising reply was: money. Indeed, companies interested in shipping based on a to-be-standard might ask academics to do security analysis for money. Another remark is that dedicated workshops, like NIST’s or those on TLS 1.3 or QUIC, help to raise more interest in investing research on ongoing standardization efforts, in particular if they publish the results in the form of proceedings.

Q: Quo vadis SSR: Where to co-locate in the future? Crypto, Security?

From past editions, co-location with larger conferences has proven very effective. Alternating between crypto and security conferences may benefit attracting different audiences. One recommendation was to strengthen the links to standards bodies by considering to co-locate with an IETF meeting. Further, Real World Crypto was mentioned as an attractive event to co-locate with. The panelists also suggested welcoming negative results in the Call for Papers, or “uninteresting” ones that confirm that a standard works as expected, i.e., without finding any interesting attack on it.