1

Recent developments and applications of secret sharing schemes, Prof. Sakurai Kouichi


Secret sharing has played an important and fundamental role in various cryptographic application protocols.
Recently, Desmedt et al. presented the Framing problem in secret sharing and its countermeasures,
and cryptographers are also discussing the design of traceable secret sharing.

This tak introduces the trends in the theory and applications of secret sharing
from academic to social implementation.

2

Nonlinearity of Boolean Functions: Existing Results & Open Problems, Prof. Subhamoy Maitra

Boolean functions are the most important primitives in Computing, Communication and Cryptology. In this talk we will consider several combinatorial properties of Boolean functions that are cryptographically significant. Further we will discuss availability and implementations of such functions. The most important results of the last three decades will be presented looking into the properties related to Walsh as well as autocorrelation spectra. A few open problems will also be discussed.

3

«Two-party signature: how to sign securely using a mobile device», L.R. Akhmetzyanova, E.K. Alekseev, S.V. Smyshlyaev, L.O. Nikiforova

With the growing popularity of mobile devices, an increasing number of information processes—including digital signing—are shifting from desktop systems to mobile platforms. However, the elevated risk of mobile device compromise, such as theft, loss of physical control, and malware infection, renders traditional digital signature approaches insufficiently secure. This work examines the architectures of mobile signature systems, with a focus on two-party signature schemes that distribute key operations between the user's device and a trusted party. This approach provides resistance to various attacks while maintaining user convenience.

We analyze existing two-party implementations for RSA, Schnorr, and ElGamal-type signature algorithms (including GOST, ECDSA, KCDSA, EDS, SM2), and explore the potential of such techniques in the context of post-quantum cryptography. A comparative assessment is provided in terms of cryptographic security, performance, and suitability for mobile applications. The goal of this work is to offer practical recommendations for building secure and user-friendly digital signature systems on mobile devices.

4

«Matryoshka: flexible protection of storage devices», L.O. Nikiforova, L.R. Akhmetzyanova, E.K. Alekseev

We study the issue of data protection on information storage devices that have a block-based structure. Full-disk encryption (FDE) schemes are the most common methods used to provide this protection. We consider a hierarchy of adversary models that cover the main practical use cases for these schemes. For each model, we identify actual threats and propose an approach to prevent them.

We offer a new flexible full-disk encryption scheme Matryoshka. This scheme consists of several different configurations. Each configuration is designed to protect data in a specific practical scenario and configurations are nested within each other. So, if a protection scheme is implemented in one scenario, then to protect your data in another practical scenario, you can either remove unnecessary cryptographic mechanisms or add new ones, while the core of the scheme remains the same.

5

«On requirements for payment hardware secure modules», S.V. Smyshlyaev, E.K. Alekseev

The report examines the current security requirements of PCI HSM and the Central Bank of Russia for payment hardware security modules. Special attention is given to key aspects such as cryptographic key management, physical protection measures, security auditing, etc. We will also discuss potential directions for the evolution of hardware security modules, taking into account the regulatory framework in force in the Russian Federation regarding information security for payment devices.

6

«A review on invariant subspaces of cryptographically significant classes of the linear transformations and some new results», S. Davydov

Linear transformations are used as diffusion transformations in block ciphers and hash function. Invariant subspaces of the linear transformation may be used in the invariant subspace attack, firstly applied to PRINT block cipher in 2011. In this work a review on invariant subspaces of cryptographically significant classes of the linear transformations is provided. Circulant, binary circulant, recursive, Hadamard, Cauchy and other matrices are considered and some new results about recursive and binary circulant matrices are provided. These results are applicable to SM4 and LED block ciphers and PHOTON family of hash functions.

7

"Using MILP to search for linear transformations with the largest number of active S-blocks and a small number of XOR elements in their implementation", Yu. Shkuratov, S. Davydov

Linear and difference cryptanalysis are universal methods of attacking block ciphers and hash functions based on XSL schemes. Linear programming is a method of minimizing or maximizing some function of many variables bounded by a system of linear inequalities. A special case of this method, MILP, can be used to calculate the number of active (in the sense of linear or difference cryptanalysis) S-blocks in XSL schemes. The paper shows the use of MILP to search for linear transformations that require a small number of XOR elements in the implementation, which give a large number of active S-blocks.

8

"On the relationship between the problem of permutation equivalence of linear codes and the problem of isomorphism of quadratic forms", I. Chizhov

The paper considers the problem of permutation equivalence of linear codes (PEC). A connection is established between this problem and the problem of isomorphism of a special kind of spaces of quadratic forms over a finite field (IQ). Namely, an algorithm was built that solves the PEC problem using the IQ problem algorithm.

Based on the algorithm, a simulation of the PEC problem by a system of quadratic equations over a finite field was proposed. This system generally has fewer variables than known similar simulations of this problem, and in some cases fewer equations.

9

"KB-256: a five-year review of cryptanalysis of a wide-block cipher", V.M. Fomichev, D.A. Bobrovsky, A.B. Chukhno, A.M. Koreneva, D.I. Zadorozhny

The report provides an overview of the results of cryptanalysis of the KB-256 wide-block cipher over the past five years. Attacks based on differential, linear, and structural analysis are considered. Special attention is paid to the search for impossible differentials, in particular, for 16 rounds, obtained on the basis of the deterministic property of differences with probability 1. A generalized class of such differences is described both for the initial version of the algorithm and for its modifications, which makes it possible to identify many impossible differentials.

10

"Rethinking models of random number sensors based on ring oscillators", D.A. Bobrovsky, I.E. Nedomolkin, D.I. Zadorozhny

The report is devoted to the revision of models of physical random number sensors based on ring oscillators. Special attention is paid to the effects of jitter, phase noise, and metastability when implemented on programmable logic integrated circuits. The correspondence between theoretical models of entropy accumulation and experimental data is considered. The focus is on accurate modeling of entropy sources that are critical for the design of RNGs suitable for use in cryptographic applications.

11

"Modes of operation of block ciphers in the post-quantum era", G.V. Firsov, A.M. Koreneva

It is believed that quantum computing has less impact on symmetric cryptography compared to asymmetric cryptography. At the same time, effects of a quantum mechanical nature (for example, quantum entanglement or the prohibition of copying) affect the completeness of mathematical proofs of the security of symmetric algorithms that are valid in classical models (which do not involve access to a quantum computer by an intruder). Thus, existing regimes may prove unstable in quantum security models or require new security justifications that take into account quantum effects. In this paper, the authors provide an overview of existing results in the development of post-quantum modes of operation of block ciphers, as well as identify relevant areas of scientific and technical activity in the framework of post-quantum symmetric cryptography based on block ciphers.

12

Security properties of key hybridization algorithms based on block ciphers and hash functions Vitaly Kiryukhin

Key hybridization algorithms (also known as "key combiners") are used to mix keys from different sources (KEM, CRK, pre-distribution, and others) into a single key. The paper considers formal models reflecting various scenarios of application of hybridization algorithms. The latter can be based on both hash functions of various types (MD, HAIFA, Sponge) and block ciphers. At the same time, schemes with qualitatively similar properties may differ significantly in quantitative estimates of durability. The paper points out some shortcomings in existing key hybridization algorithms, and provides evidence of durability for a number of other designs.

13

Low-resolution industrial cryptographic protocol Olga Shemyakina

The CRyptographic Industrial Security Protocol (CRISP) is a non-interactive cryptographic protocol developed for use in industrial systems. CRISP ensures the integrity, authenticity, and confidentiality of transmitted data, as well as protection against repetition.

The CRISP protocol is a set of fields, rules for their formation and processing, and can be used with any transport protocol capable of delivering the generated data to recipients.

One of the advantages of the CRISP protocol is its independence from the application and transport protocols. Other advantages include the use of efficient symmetric cryptographic algorithms and a small amount of added data. CRISP is the national standard of the Russian Federation.

14

Integration of mobile devices into quantum key distribution networks Andrey Zhilyaev, Mikhail Borodin

KRK technology allows you to generate secret keys through open communication channels. However, existing CRC networks have limited functionality, since the pairs of CRC network nodes between which a key needs to be generated must be determined when requesting the next key and cannot change during its generation. Mobile devices are not permanently connected to the nodes of the KRK network, so it is impossible to guarantee their simultaneous connection, which is necessary to obtain the key. Moreover, it may be impossible to predict in advance a specific pair of nodes of the KRK network to which mobile devices will be connected to obtain secret keys. In this paper, we consider options for integrating mobile devices with quantum key distribution networks, while maintaining the mobility of these devices.

15

QUANTUM COMPUTER: MYTHS AND REALITY
Sergei Kulik, Quantum Technology Centre, Faculty of Physics, M. V. Lomonosov Moscow State University, 119991, Moscow, Russia

This talk provides an analysis of the physical principles underlying the construction of quantum computers, along with an examination of the associated challenges and prospects. The factors affecting the accuracy of quantum operations in the most realistic (brute-force) algorithms are discussed in detail, for instance, during the factorization of 2048-bit integers within the RSA algorithm. Various estimates of the resources required to break classical encryption algorithms are examined.

Among the prevalent 'myths' addressed are:
- Quantum computers will break all encryption tomorrow;
- Quantum cryptography (QKD - Quantum Key Distribution) is absolutely secure;
- Quantum technologies will grant someone absolute military superiority;
- Quantum computers will replace classical computers.
In conclusion, the Author proposes potential strategic options for countering the challenge of 'what to do now?'