Prof Ronald Cramer

Speaker: Prof Ronald Cramer, CWI Amsterdam & Leiden University, the Netherlands

Title: Compressed Σ-Protocol Theory 

Short Biography

Ronald Cramer leads the Cryptology Group at CWI in Amsterdam and he is full professor at the Mathematical Institute, Leiden University (both since 2004). Since 2008, he is a visiting professor at Division of Mathematical Sciences at NTU. Cramer is a Fellow of IACR and he is Member of the KNAW, the Royal Netherlands Academy of Arts and Sciences. He is an author (with Damgard and Nielsen) of the book Secure Multiparty Computation and Secret Sharing (Cambridge University Press, 2015), the first textbook on secure computation. His research area  is cryptology,  particularly,  secure computation,  public-key cryptography,  cryptographic protocol theory, and mathematical cryptology at-large.


Σ-protocols provide a well-understood and widely-used basis for two-party secure algorithmics. Combining ideas from secure MPC and from so-called Bulletproofs, we show how the communication of Σ-Protocols for proving general constraint-satisfiability problems can be compressed significantly. Based on Thomas Attema & Ronald Cramer (CRYPTO 2020) and subsequent joint works with Serge Fehr, Matthieu Rambaud and Lisa Kohl.​

Prof Tsetu Iwata

Speaker: Prof Tetsu Iwata, Nagoya University, Japan

Title: Quantum Security of Feistel Ciphers

Short Biography

Tetsu Iwata is an associate professor at Nagoya University, Japan. His research interests are in symmetric key cryptography, and he is one of the designers of CMAC, which was adopted by NIST as a recommended block cipher mode of operation in 2005. In recent years, he is also interested in quantum security of symmetric key cryptosystems. He was the general co-chair of FSE 2017, and the program co-chairs of FSE 2010, Asiacrypt 2014, and Asiacrypt 2015. He currently serves on the editorial board of Journal of Cryptology (the IACR) and Designs, Codes and Cryptography (Springer). He co-authored the FSE 2015 best paper and the CRYPTO 2019 best paper. ​


The impact of quantum computers on the security of symmetric key cryptosystems is largely unexplored. In 2010, Kuwakado and Morii demonstrated that, based on Simon's quantum period finding algorithm [Simon, SIAM J. Comput., 1997], the 3-round Feistel cipher can be broken in polynomial time if an adversary can make superposition queries [Kuwakado, Morii, ISIT 2010]. Since then, the quantum security of various symmetric key cryptosystems has been analyzed. In this talk, we review the developments on the quantum security analysis of Feistel ciphers and their variants, covering both quantum attacks and provable security results. We also suggest possible open questions.

Prof Chris Mitchell

Speaker: Prof Chris Mitchell, University of London, UK

Title: Failures of Security Proofs

Short Biography

Chris Mitchell received his BSc and PhD degrees in Mathematics from Westfield College, University of London in 1975 and 1979 respectively; his PhD supervisor was Professor Fred Piper. He was a​ppointed as Professor of Computer Science at Royal Holloway in 1990, having previously worked at Racal Comsec, Salisbury, UK (1979-85) and Hewlett-Packard Laboratories, Bristol, UK (1985-90). After joining Royal Holloway he co-founded the Information Security Group with Fred Piper in 1990, and helped launch the Royal Holloway MSc in Information Security in 1992. His research interests lie within information security, focusing on applications of cryptography. Over the last 30 years he has supervised nearly 40 PhD students to completion. He has also been heavily involved in international security standardisation for well over 30 years, and in 2011 he received the IEC 1906 award in recognition of his efforts. He is co-editor-in-chief of Designs, Codes and Cryptography (Springer), and section editor for Section D of The Computer Journal (OUP).​


Modern cryptographic practice depends to a huge extent on proofs of security. New cryptographic primitives and protocols are routinely required to have an accompanying proof that their security is polynomially-related to the difficulty of a computational problem which is widely believed to be difficult. Although this is perhaps not cryp​tographic nirvana, since ‘hard’ problems can sometimes found to be not so hard in new computing paradigms or if new algorithms are found for existing paradigms, it has undoubtedly reduced the likelihood of the adoption of fundamentally flawed schemes. As such, the development of the complexity-based security models in which the security proofs are formulated is undoubtedly a major step forward in the study of cryptography. However, in practice, the situation is not as rosy as it might be, and in this talk we will explore a range of examples of how and why proofs of security have failed, and what lessons we might learn for the future.​

Prof Mike Rosulek

Speaker: Prof Mike Rosulek, Oregon State University, USA

Title: A Brief Overview of Private Set Intersection

Short Biography

Mike Rosulek is an Associate Professor in the School of EECS at Oregon State University. His research interests are in designing interactive protocoals for securely computing on private data. His research has been recognised with the NSF CAREER award as well as research awards from Google, Facebook and Visa Research.


Private set intersection (PSI) allows parties, who hold private data sets, to identify which items they have in common. PSI and closely related problems are some of the most successful ap​plications of secure multi-party computation finding real-world deployment. In this talk, I will explain how state-of-the art PSI protocols work, and some of my favorite tricks and techniques from the PSI literature. Finally, I will suggest several open problems and directions for future work.​

Prof Yu Yu

Speaker: Prof Yu Yu, Shanghai Jiao Tong University, China

Title: On Sub-exponential Learning Parity with Noise and Its Applications 

Short Biography

Yu Yu is currently a professor at Shanghai Jiao Tong University. He obtained his BSc from Fudan University in 2003, and then his PhD from Nanyang Technological University in 2006. He worked as a researcher at the ICT security lab at T-Systems Singapore from 2006 to 2008, and as a postdoctoral researcher at the UCL Crypto Group during 2008-2010. After returned to China, he was employed by East China Normal University (2011-2012) and Tsinghua University (2012-2014). His research focuses on cryptography, in particular, provable security, pseudo-randomness, and post-quantum cryptography.


Learning parity with noise (LPN) is a notorious hard problem that has been well studied in learning theory, coding theory and cryptography since the early 90's. Despite its simplicity, standard (aka. polynomially hard) LPN assumptions do not seem to imply anything beyond those implied by one-way functions. In this talk, we show that LPN with sufficient subexponential hardness public-key cryptography, oblivious transfers and collision resistant hash functions. Falsifying the hardness assumptions would imply significant improvement over the current state-of-the-art LPN solvers, namely, the BKW algorithm, which would be a breakthrough in cryptography and learning theory. ​