1

«Recent developments and applications of secret sharing schemes», Prof. Sakurai Kouichi


Secret sharing has played an important and fundamental role in various cryptographic application protocols.
Recently, Desmedt et al. presented the Framing problem in secret sharing and its countermeasures,
and cryptographers are also discussing the design of traceable secret sharing.

This talk introduces the trends in the theory and applications of secret sharing
from academic to social implementation.

2

«Nonlinearity of Boolean Functions: Existing Results & Open Problems», Prof. Subhamoy Maitra

Boolean functions are the most important primitives in Computing, Communication and Cryptology. In this talk we will consider several combinatorial properties of Boolean functions that are cryptographically significant. Further we will discuss availability and implementations of such functions. The most important results of the last three decades will be presented looking into the properties related to Walsh as well as autocorrelation spectra. A few open problems will also be discussed.

3

«Multiuser Security for PRBG and PRF for Cascade type Constructions», Prof. Mridul Nandi

In this talk, I will discuss the notion of multiuser security for Pseudorandom function (PRF) and Pseudorandom generator (PRBG). In the beginning, we discuss basic security notions and cascade constructions. Then, we discuss the multiuser security and its significance. We mostly focus on the cascade type constructions while analyzing security. As an important example of cascade construction, we discuss the multiuser security of NIST-recommended HMAC (FIPS 198-1). For security analysis of these constructions, I will discuss a reduction technique that would help to get better security bounds than the known existing bounds.

4

«Polynomial Hashing: Present State-of-the-Art», Prof. Palash Sarkar

One of the most important approaches to the construction of almost XOR universal (AXU) hash functions is based on polynomials over finite fields. Two famous examples are GHASH and Poly1305. In this talk, we will briefly review the present state-of-the-art of polynomial hashing over finite fields.

5

«MKV: A New Block Cipher of Vietnam for the Post-Quantum Cryptography Transition», Dr. Nguyen Bui Cuong

Many countries have launched their block cipher standards. These standards are selected carefully and meticulously through selection contests or cryptographic projects, such as the advanced encryption standard process of NIST, the NESSIE project of Europe, the lightweight cryptographic project of NIST, etc. The process of developing these cryptographic standards requires careful and ongoing evaluation.
In the field of civil cryptography, Vietnam does not have our own block cipher standard but uses common block cipher standards such as AES, triple-DES, etc. in their standards: VN 7816:2007, VN 11367-3:2016, etc. Therefore, we have designed and constructed a new block cipher with multiple variants of block size and key length that can be selected for standardization and suitable for information security in the field of civil cryptography in the context of post-quantum transition, namely MKV. There are two block size variants with block sizes of 256-bit for post-quantum and 128-bit for quantum migration. Each variant has three key length options with a flexible level of security suitable for application developers. MKV has achieved some design features as follows:
•Construction: MKV is designed based on the Four-Leaf-Clover scheme with an SDS-type round function, called SDS-FLC structure. Consequently, MKV achieves provable security in the Luby-Rackoff model and practical security against differential and linear cryptanalysis. Moreover, MKV has an optimal implementation by such a structure on popular platforms.
•The cryptographic components: In the FLC-SDS structure, we use an 8-bit S-box for confusion and Maximum distance separable matrices for diffusion to design MKV. These cryptographic components have good cryptographic properties and are considered to be optimized in software/hardware implementations.
•Security: We have evaluated the provable security for the two most popular cryptanalysis (differential and linear cryptanalysis) and the ability to resist some further important cryptanalysis of MKV. Among them, there is provable security with linear and differential cryptanalysis by inheriting the design from the FLC-SDS structure with cryptographic components with good cryptographic properties. Furthermore, MKV also achieves provable security against related-key differential cryptanalysis from the specific design of the key schedule. In addition, the preventive ability against quantum computation is also considered concerning block size and key length based on surveys of quantum resources.
•Performance: The implementation is suitable for common applications in information security of hardware and software.

6

«Crypto-coding method Against Passive Eavesdropping Attacks On Multiple-Input Multiple-Output Wireless Communication Systems», Dinh Van Linh, Hoang Thi Phuong Thao, Vu Van Yem

This paper proposes a crypto-coding method based on the Turbo codes to mitigate the passive eavesdropping attacks on the Multiple-Input Multiple-Output (MIMO) wireless communication systems. The proposed method is implemented by using a secret key to manage the working principles of the Turbo codes. The secret key is generated from the wireless channel characteristics. The performance of the proposed method is evaluated by comparing the bit error rate (BER) of the legitimate receiver (Bob) with the eavesdropper (Eve) in different MIMO configurations and channels. The obtained results indicate that the proposed method significantly reduces Eve’s decoding ability over the MIMO systems. Therefore, it is effective against passive eavesdropping attacks. Moreover, the proposed method gives a low computational complexity equivalent to normal Turbo codes.

7

«Two-party signature: how to sign securely using a mobile device», L.R. Akhmetzyanova, E.K. Alekseev, S.V. Smyshlyaev, L.O. Nikiforova

With the growing popularity of mobile devices, an increasing number of information processes—including digital signing—are shifting from desktop systems to mobile platforms. However, the elevated risk of mobile device compromise, such as theft, loss of physical control, and malware infection, renders traditional digital signature approaches insufficiently secure. This work examines the architectures of mobile signature systems, with a focus on two-party signature schemes that distribute key operations between the user's device and a trusted party. This approach provides resistance to various attacks while maintaining user convenience.

We analyze existing two-party implementations for RSA, Schnorr, and ElGamal-type signature algorithms (including GOST, ECDSA, KCDSA, EDS, SM2), and explore the potential of such techniques in the context of post-quantum cryptography. A comparative assessment is provided in terms of cryptographic security, performance, and suitability for mobile applications. The goal of this work is to offer practical recommendations for building secure and user-friendly digital signature systems on mobile devices.

8

«Matryoshka: flexible protection of storage devices», L.O. Nikiforova, L.R. Akhmetzyanova, E.K. Alekseev

We study the issue of data protection on information storage devices that have a block-based structure. Full-disk encryption (FDE) schemes are the most common methods used to provide this protection. We consider a hierarchy of adversary models that cover the main practical use cases for these schemes. For each model, we identify actual threats and propose an approach to prevent them.

We offer a new flexible full-disk encryption scheme Matryoshka. This scheme consists of several different configurations. Each configuration is designed to protect data in a specific practical scenario and configurations are nested within each other. So, if a protection scheme is implemented in one scenario, then to protect your data in another practical scenario, you can either remove unnecessary cryptographic mechanisms or add new ones, while the core of the scheme remains the same.

9

«On requirements for payment hardware secure modules», S.V. Smyshlyaev, E.K. Alekseev

The report examines the current security requirements of PCI HSM and the Central Bank of Russia for payment hardware security modules. Special attention is given to key aspects such as cryptographic key management, physical protection measures, security auditing, etc. We will also discuss potential directions for the evolution of hardware security modules, taking into account the regulatory framework in force in the Russian Federation regarding information security for payment devices.

10

«A review on invariant subspaces of cryptographically significant classes of the linear transformations and some new results», S. Davydov

Linear transformations are used as diffusion transformations in block ciphers and hash function. Invariant subspaces of the linear transformation may be used in the invariant subspace attack, firstly applied to PRINT block cipher in 2011. In this work a review on invariant subspaces of cryptographically significant classes of the linear transformations is provided. Circulant, binary circulant, recursive, Hadamard, Cauchy and other matrices are considered and some new results about recursive and binary circulant matrices are provided. These results are applicable to SM4 and LED block ciphers and PHOTON family of hash functions.

11

«Application of MILP to search for linear transformations with the largest number of active S-boxes and a low number of XOR elements in their implementation», Y. Shkuratov, S. Davydov

Linear and differential cryptanalysis are universal methods of attacking block ciphers and hash functions, based on XSL schemes. Linear programming is a method of minimizing or maximizing some function of many variables, limited by a system of linear inequalities. A special case of this method - MILP - can be applied for calculating the number of active (in the sense of linear or differential cryptanalysis) S-boxes in XSL schemes. The work shows the application of MILP for finding linear transformations that require a small number of XOR elements in the implementation, which give large number of active S-boxes.

12

«On the connection between the permutation equivalence of linear codes problem and the isomorphism of quadratic forms problem», I. Chijov

This work addresses the problem of permutation equivalence of linear codes (PEC). A connection is established between this problem and a special case of the isomorphism problem for quadratic form spaces over a finite field (IQ). Specifically, an algorithm is constructed that solves the PEC problem by reducing it to an instance of the IQ-problem.
Based on this algorithm, a modeling of the PEC problem using a system of quadratic equations over a finite field is proposed. In general, this system contains fewer variables than those used in previously known approaches to modeling this problem, and in some cases, it also involves fewer equations.

13

«KB-256 Wide Block Cipher: a five-year cryptanalysis overview», V.M. Fomichev, D.A. Bobrovskiy, A.B. Chuhno, A.M. Koreneva, D.I. Zadorozhny

This work provides a comprehensive overview of cryptanalytic research on the KB-256 wide block cipher conducted over the past five years. Various attack classes were investigated, including differential, linear, and structural cryptanalysis. In particular, a 16-round impossible differential based on deterministic difference properties (with probability 1) was discovered. A broad class of such deterministic differences has been described for both the original algorithm and its generalizations, enabling the identification of numerous impossible differentials.

14

«Revisiting ring oscillator-based TRNG models», D.A. Bobrovskiy, A.M. Koreneva, I.E. Nedomolkin, D.I. Zadorozhny

This work revisits the modeling of true random number generators based on ring oscillators, with particular attention to the effects of jitter, phase noise, and metastability in FPGA-based implementations. We analyze entropy accumulation and compare theoretical assumptions with empirical observations. Special emphasis is placed on accurate characterization and modeling of entropy sources relevant for secure and reliable TRNG design.

15

«Block cipher modes of operation in PQC», G.V. Firsov, A.M. Koreneva

Symmetric cryptography is believed to be less affected by quantum computing compared to asymmetric one. At the same time quantum effects (e.g. entanglement) affect security proofs methods by introducing new restrictions in contrast to classical model. In this way some symmetric schemes are insecure in case when an adversary has access to quantum computer. Therefore, existing algorithms need new security proofs in post-quantum models with potentially new assumptions. In this work, we review some existing results and highlight directions for future comprehensive research in post-quantum block cipher-based symmetric cryptography.

16

«Security Properties of Key Combiners Based on Block Ciphers and Hash-functions», V. Kiryukhin

Key combiners (also known as hybridization algorithms) are used to mix keys from different sources (KEM, QKD, preshared and others) into a single key. There are different scenarios for the application of key combiners, and formalizations of the former are considered. Different designs of key combiners based on various types of hash functions (MD, HAIFA, Sponge) and block ciphers are discussed. With similar security on a qualitative level, key combiners may differ significantly in quantitative bounds, we present a relevant comparison. We also point out possible vulnerabilities in some existing solutions and provide security proofs for other designs.

17

«Lightweight Cryptographic Industrial Security Protocol», O. Shemyakina

Cryptographic Industrial Security Protocol (CRISP) is a non-interactive cryptographic protocol designed for industrial systems. CRISP aims to provide integrity, authenticity, confidentiality and protection against replay attacks. The CRISP protocol defines a set of fields, rules of their composing and processing. An important advantage of CRISP is that it is application and transport protocol independent: It can be used with a virtually any data transport protocol capable of delivering any applied data to recipients. Other advantages of the CRISP protocol include using efficient symmetric algorithms and a small overhead. CRISP is standardized as a national standard of the Russian Federation.

18

«Integrating Mobile Devices with Quantum Key Distribution Networks», A. Zhilyaev, M. Borodin

Quantum key distribution (QKD) technology allows automatic generation of secrete key over public channels. However, existing QKD networks have limited functionality as pairs of network nodes for which a key to be generated must be determined at the time of key request and cannot change during the key generation process. Mobile devices are not permanently connected to the QKD-network nodes, so it is impossible to guarantee simultaneous connectivity for both devices required to obtain the key. Moreover, it may be impossible to predict in advance a particular pair of QKD-network nodes to which mobile devices will be connected. In this work, we discuss several options for integrating devices with QKD-networks while maintaining the devices' mobility.

19

«QUANTUM COMPUTER: MYTHS AND REALITY», Sergei Kulik, Quantum Technology Centre, Faculty of Physics, M. V. Lomonosov Moscow State University, 119991, Moscow, Russia

This talk provides an analysis of the physical principles underlying the construction of quantum computers, along with an examination of the associated challenges and prospects. The factors affecting the accuracy of quantum operations in the most realistic (brute-force) algorithms are discussed in detail, for instance, during the factorization of 2048-bit integers within the RSA algorithm. Various estimates of the resources required to break classical encryption algorithms are examined.

Among the prevalent 'myths' addressed are:
- Quantum computers will break all encryption tomorrow;
- Quantum cryptography (QKD - Quantum Key Distribution) is absolutely secure;
- Quantum technologies will grant someone absolute military superiority;
- Quantum computers will replace classical computers.
In conclusion, the Author proposes potential strategic options for countering the challenge of 'what to do now?'