Diffie and Hellman received the ACM Turing Award

Yesterday, the Association for Computing Machinery (ACM) granted their most prestigious award the Turing award to Whitfield DIFFIE and Martin HELLMAN. If you read regularly this blog, you know probably them. In their seminal 1976 paper, they launched the foundations of asymmetric cryptography. Previously, only symmetric cryptography was known. Two years later, Rivest, Shamir and Adleman published the RSA algorithm based on these principles. Without public key cryptography, modern security would not be possible. We still use the DH protocol.

A well-deserved prize.

  • Diffie, W., and M. Hellman. “New Directions in Cryptography.” IEEE Transactions on Information Theory 22, no. 6 (1976): 644–54.
  • Rivest, R. L., A. Shamir, and L. Adleman. “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems.” Communications of the ACM 21, no. 2 (1978): 120–26.

CANS 2015 submissions

The 14th International Conference on Cryptology and Network Security (CANS 2015) will be at Marrakech in December.  The submission deadline is 19 june 2015.  The topics of interest are rather broad:

  • Access Control for Networks
  • Adware, Malware, and Spyware
  • Anonymity & Pseudonymity
  • Authentication, Identification
  • Cloud Security
  • Cryptographic Algorithms & Protocols
  • Denial of Service Protection
  • Embedded System Security
  • Identity & Trust Management
  • Internet Security
  • Key Management
  • Mobile Code Security
  • Multicast Security
  • Network Security
  • Peer-to-Peer Security
  • Security Architectures
  • Security in Social Networks
  • Sensor Network Security
  • Virtual Private Networks
  • Wireless and Mobile Security

The accepted papers will be published in Springer LNCS.  It is an IACR event.

CataCrypt 2014

In the tsunami of the catastrophic HeartBleed bug, this new IEEE workshop will be interesting.   cataCRYPT stands for “catastrophic events related to cryptography and security with their possible solutions.”

The main point is: many cryptographic protocols are only based on the security of one cryptographic algorithm (e.g. RSA) and  we don’t know the exact RSA security (including Ron Rivest). What if somebody finds a  clever and fast factoring algorithm? Well, it is indeed an hypothesis but we know several  instances of possible progress. A new fast algorithm is a possible catastroph if not handled  properly. And there are other problems with hash functions, elliptic curves, aso. Think also about the recent Heartbleed bug (April 2014, see http://en.wikipedia.org/wiki/Heartbleed): the discovery was very late and we were close to a catastrophic situation.

So we are thinking about a regular workshop, the name is CATACRYPT, about these possible problems and their solutions. It includes problems with cryptographic algorithms, protocols, PKI, DRM, TLS-SSL, smart cards, RSA dongles, MIFARE, aso. Quantum computing, resilience and agility are also on the program.

The birth of cataCRYPT is not opportunistic.  His founder, Jean Jacques Quisquater, had launched the idea last year.  Its announcement following HeartBleed is a pure coincidence.

The paper submission deadline is 2 June 2014.   Hurry up…

The conference’s site is http://catacrypt.net/

NSA spies us: what a surprise!

I twill start this new year (for which I wish you all the best) by some ranting.  Since the Snowden’s story started, I never commented.  Now I will a little bit as I start to be upset by all this hypocrisy.  Snowden shed some lights on the behavior and skillset of the NSA.   This is interesting.  But what is not acceptable, is that media seem to be surprised.  WE KNEW IT FOR YEARS.


NSA spies our electronic personal communications!  We knew it for years.  Echelon was  known in the 90s.  The new systems are just a natural evolution to new communication means and enhanced computing capacities. It was even known that the scope was larger than military/political actions.   NSA published patents about semantic analysis of natural speech.  The purpose was obvious.  I remember an initiative that asked people to generate random mails with gibberish inside but also some alleged keywords (such as terrorism, NSA,…) that should trigger the scrutiny of NSA.  The aim was to try to flood the system.


NSA is studying advanced techniques such as quantum computing to crack ciphers!  I would expect any serious governments to have their black cabinet studying this topic.  Once more, it is known that NSA may have some advances over the academic/public domain in this field.  In 1974, US banking industry asked IBM to design a commercial cipher to protect electronic banking transaction.  With the help of the NIST, IBM designed the famous DES.  End of 80s, academic world discovered a new devastating technique: differential cryptanalysis.  In 1991, Eli BIHAM and Adi SHAMIR demonstrated that surprisingly DES was immune to this ”unknown” attack (which was not the case for many other ciphers).  In 1994, Don COPPERSMITH, who was part of the DES design team, revealed that DES had been designed to resist to differential cryptanalysis.  In 1974, NSA knew already differential cryptanalysis but kept this knowledge secret as it gave a competitive edge to US secret agencies.

Secret services do not play fair democratic games!  This is why they are called secret services.  Hollywood told about that so often as well as John LE CARRE. 


So please, let us stop this hypocrite surprise: we knew about (but not the details).


E. Biham and A. Shamir, “Differential cryptanalysis of DES-like cryptosystems,” Journal of Cryptology, vol. 4, Jan. 1991, pp. 3–72 available at http://link.springer.com/article/10.1007/BF00630563.

D. Coppersmith, “The Data Encryption Standard (DES) and its strength against attacks,” IBM Journal of Research and Development, vol. 38, 1994, pp. 243–250.

Has NSA broken the crypto?

With the continuous flow of revelations by Snowden, there is not one day without somebody asking me if crypto is dead.  Indeed, if you read some simplifying headlines, it looks like the Internet is completely unsecure.


Last Friday, Bruce Schneier published an excellent paper in the guardian : “NSA surveillance: a guide to staying secure.”  For two weeks, he has analyzed documents provided by Snowden.   From this analysis, he drives some conclusions and provides some recommendations.  In view of the security profile of Bruce, we may trust the outcome.  I recommend the readers to read the article.

My personal highlights from this article.

  • The documents did not present any outstanding mathematical breakthrough.   Thus, algorithms such as AES are still secure.
  • To “crack” encrypted communications, NSA uses the same tools than hackers but at a level of sophistication far higher.   They have a lot of money.  The tricks used:
    • Look for used weak algorithms
    • Look for weak passwords with dictionary attacks
    • Powerful brute force attacks
  • The two most important means are:
    • Implementing back doors and weakening commercial implementations (poor random generator, poor factors in Elliptic Curve Cryptosystems (ECC), leaking keys…).   The same is true for hardware.

As was revealed today, the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about.

    • Compromising the computer that will encrypt or decrypt.  If you have access to the data before it is secured, then you do not care about the strength of the encryption.

These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.

His recommendations are common sense.   The most interesting one is to avoid using ECC as NSA seems to influence the choice of weak curves and constants in the curve.


His final statement

Trust the math.

is OK, but I would add “Do not trust the implementation.”  Always remember law 4: Trust No One.

Security Newsletter 22 is available

The  Security Newsletter 22 is available. We are proud to have as guest Joan DAEMEN. Joan is one of the authors of KECCAK, the new algorithm selected by NIST to become the new official SHA-3 function. Mohamed is presenting this new hash function. SSL is the most deployed security protocol on the Internet, thus it is highly scrutinized by the community. Olivier, Christoph and Benoit have a deep dive into the latest attacks against SSL.

Hoping that you will enjoy its reading. Do not hesitate to comment.

SHA-3 is born

In 2005, the first serious attacks on the widely use hash function SHA-1 were published.  Researchers were able to generate some collisions.   The new generation SHA-2 was also prone to these attacks.  In 2007, NIST launched a contest to select the future replacing algorithm.  At the first round, there were 63 submissions.  The second round kept only five algorithms.   On Tuesday, NIST published the winner: KECCAK

KECCAK was designed by researchers from STMicroelectronics and NXP.  According to NIST, KECCAK won because it was elegantly simple and had higher performance in hardware implementation than the other competitors.  As it is foreseen that SHA-3  may be used in many lite weight embedded devices (smart dust, intelligent captors, RFID…) , this was a strong asset.  No surprise that its implementation was optimized for hardware; Its four fathers are working for companies designing such chipset.  STMicroelectronics is one of the leaders in secure components for smart cards, whereas NXP is the leader in NFC.  Another interesting argument is as KECCAK uses totally different principles than SHA-2, attacks that would work on SHA-2, most likely will not work for SHA-3.

On September 24, 2012, Bruce Schneier, one of the five finalists with his Skein algorithm, called for a “no award”.  Currently, SHA-512 is still secure for many years.  Thus,according to him, there was no need to switch to another algorithm.

In its announcement of the winner, NIST confirmed that

SHA-2 has held up well and NIST considers SHA-2 to be secure and suitable for general use.

Thus, be not afraid when you will still find SHA-2 in designs for the coming years.  We’re safe.  It will take several years to tame this new algorithm.  Nevertheless, NIST estimates that having a successor to SHA-2, if ever it weakens, is a good insurance policy.