Indocrypt 2011 will feature two tutorial speakers on Sunday 11 December 2011:
Roger Dingledine (The Tor Project, USA)
and Tanja Lange (Technische Universiteit Eindhoven, the Netherlands).
It will also feature a tutorial speaker on Wednesday 14 December 2011:
Shay Gueron (University of Haifa and Intel Corporation, Israel).
Abstracts of tutorials
Roger Dingledine, The Tor Project, USA:
Tor and the Censorship Arms Race: Lessons Learned
Shay Gueron, University of Haifa and Intel Corporation, Israel:
Tor is a free-software anonymizing network that helps people around
the world use the Internet in safety. Tor's 2500 volunteer relays carry
traffic for several hundred thousand users, including ordinary citizens
who want protection from identity theft and prying corporations,
corporations who want to look at a competitor's website in private,
and soldiers and aid workers in the Middle East who need to contact
their home servers without fear of physical harm.
Tor was originally designed as a civil liberties tool for people in
the West. But if governments can block connections to the Tor network,
who cares that it provides great anonymity? A few years ago we started
adapting Tor to be more robust in countries like China. We streamlined its
network communications to look more like ordinary SSL, and we introduced
"bridge relays" that are harder for an attacker to find and block than
Tor's public relays.
Through the Iranian elections in June 2009, the periodic blockings in
China, the demonstrations in Tunisia and Egypt, and whatever's coming
next, we're learning a lot about how circumvention tools work in reality
for activists in tough situations. This talk will start with a brief
overview of the Tor design and its diverse users, and then jump into
the technical and social problems we're encountering, what technical
approaches we've tried so far (and how they went), and what approaches
I think we're going to need to try next.
Software Optimizations for Cryptographic Primitives on General Purpose x86_64 platforms
Tanja Lange, Technische Universiteit Eindhoven, The Netherlands:
The need for end-to-end security in the internet, constantly increases
the world-wide number (and percentage) of SSL/TLS connections. As a result,
the cryptographic algorithms that support such secure communications become
a critical computational load for servers, and therefore an important target for
optimization. We discuss here techniques for speeding up the software
performance of several important cryptographic primitives on the ubiquitous
x86_64 architectures that are used in most server platforms, and report new and
improved results. A few examples are the following performance numbers,
measured on the 2nd Generation Intel Core processor: RSA1024/2048
implementation which is ~1.6x faster than the current OpenSSL version
(1.0.0e), and SHA-1, SHA-256 and SHA-512 performing at, respectively, 5.75,
14, 9.71 cycles per byte.
Elliptic curves for applications
More than 25 years ago, elliptic curves over finite fields were
suggested as a group in which the Discrete Logarithm Problem (DLP) can be
hard. Since then many researchers have scrutinized the security of the
DLP on elliptic curves with the result that for suitably chosen curves
only exponential attacks are known. For comparison, the RSA cryptosystem
is broken if large numbers can be factored; factoring is possible in
subexponential time. As a consequence the parameters for elliptic-curve
cryptography (ECC) can be chosen significantly smaller than for RSA
at the same level of security and arithmetic becomes faster, too.
The NaCl library (Networking and Cryptography library) uses ECC as the
public-key component for authenticated encryption (using symmetric-key
cryptography for the authenticator and for generating the bulk of the
ciphertext) and for signatures. On all levels the algorithms are chosen
to simplify implementation without leaking information through software
side channels. All implementations in NaCl are timing-invariant and
do not have data-dependent branches.
This tutorial explains how
to compute on elliptic curves over fields of odd characteristic; how
to make the arithmetic efficient; how to avoid data-dependent branches
in single-scalar multiplication in the variable-base-point and in the
fixed-base-point scenario; how the algorithms in NaCl are designed;
and how to use NaCl.
NaCl is joint work with Daniel J. Bernstein
and Peter Schwabe. Software and documentation are available at
This is version 2011.10.02 of the tutorials.html web page.