Mount Allison University

Selected Areas in Cryptography 2015

The 22nd Conference on Selected Areas in Cryptography (SAC 2015) will be held at Mount Allison University in Sackville, New Brunswick, Canada, on August 12-14, 2015.

NEW! — In 2015, for the first time, SAC will be immediately preceded by the SAC Summer School (S3), which will run from August 10-12.

SAC 2015 Program

Stafford Tavares Lecture

Title: Trust Aware Traffic Security

Presenter: Paul Syverson

We will trace the development of trust-aware traffic security in onion routing networks 2009‒2015. Beginning with the question of how to mathematically model diversity of trust across an onion routing network, we will also discuss defining adversaries for a trust-aware context, representing trust in a usable way, accounting for all the network elements to which trust might be assigned, and making use of trust to design more secure routing.

SAC Invited Talk

Title: Generic Attacks against MAC Algorithms

Presenter: Gaëtan Leurent

In this talk we will discuss the security of some classical MAC constructions based on block ciphers or hash functions. These construction are widely deployed, and their security has been proven based on idealized behavior of the underlying primitive.

We will focus on generic attacks and how the relate to the complexity bounds of the security proof. The two approaches are complementary: generic attacks yields upper bounds on the security of a mode, and security proofs yield a lower bound. While there is usually an attack matching the proof, we point out that this only the case for the strongest security notion, resistance against existential forgery. For weaker security notions, there is usually a gap between the best attacks and the complexity bound of the proof, and the security loss when the bounds are exceeded is not well understood. Actually, constructions with similar security proofs can have very different security levels beyond the bound.

In particular, we will discuss recent attacks against hash-based MACs, showing that state recovery and universal forgery attacks require less than 2n work.