Indocrypt 2011, 11–14 December 2011, Chennai

How to participate:
How to contribute:
Call for papers
Accepted papers


Indocrypt 2011 will feature two tutorial speakers on Sunday 11 December 2011: Roger Dingledine (The Tor Project, USA) and Tanja Lange (Technische Universiteit Eindhoven, the Netherlands). It will also feature a tutorial speaker on Wednesday 14 December 2011: Shay Gueron (University of Haifa and Intel Corporation, Israel).

Abstracts of tutorials

Roger Dingledine, The Tor Project, USA:
Tor and the Censorship Arms Race: Lessons Learned

Tor is a free-software anonymizing network that helps people around the world use the Internet in safety. Tor's 2500 volunteer relays carry traffic for several hundred thousand users, including ordinary citizens who want protection from identity theft and prying corporations, corporations who want to look at a competitor's website in private, and soldiers and aid workers in the Middle East who need to contact their home servers without fear of physical harm.

Tor was originally designed as a civil liberties tool for people in the West. But if governments can block connections to the Tor network, who cares that it provides great anonymity? A few years ago we started adapting Tor to be more robust in countries like China. We streamlined its network communications to look more like ordinary SSL, and we introduced "bridge relays" that are harder for an attacker to find and block than Tor's public relays.

Through the Iranian elections in June 2009, the periodic blockings in China, the demonstrations in Tunisia and Egypt, and whatever's coming next, we're learning a lot about how circumvention tools work in reality for activists in tough situations. This talk will start with a brief overview of the Tor design and its diverse users, and then jump into the technical and social problems we're encountering, what technical approaches we've tried so far (and how they went), and what approaches I think we're going to need to try next.

Shay Gueron, University of Haifa and Intel Corporation, Israel:
Software Optimizations for Cryptographic Primitives on General Purpose x86_64 platforms

The need for end-to-end security in the internet, constantly increases the world-wide number (and percentage) of SSL/TLS connections. As a result, the cryptographic algorithms that support such secure communications become a critical computational load for servers, and therefore an important target for optimization. We discuss here techniques for speeding up the software performance of several important cryptographic primitives on the ubiquitous x86_64 architectures that are used in most server platforms, and report new and improved results. A few examples are the following performance numbers, measured on the 2nd Generation Intel Core processor: RSA1024/2048 implementation which is ~1.6x faster than the current OpenSSL version (1.0.0e), and SHA-1, SHA-256 and SHA-512 performing at, respectively, 5.75, 14, 9.71 cycles per byte.

Tanja Lange, Technische Universiteit Eindhoven, The Netherlands:
Elliptic curves for applications

More than 25 years ago, elliptic curves over finite fields were suggested as a group in which the Discrete Logarithm Problem (DLP) can be hard. Since then many researchers have scrutinized the security of the DLP on elliptic curves with the result that for suitably chosen curves only exponential attacks are known. For comparison, the RSA cryptosystem is broken if large numbers can be factored; factoring is possible in subexponential time. As a consequence the parameters for elliptic-curve cryptography (ECC) can be chosen significantly smaller than for RSA at the same level of security and arithmetic becomes faster, too.

The NaCl library (Networking and Cryptography library) uses ECC as the public-key component for authenticated encryption (using symmetric-key cryptography for the authenticator and for generating the bulk of the ciphertext) and for signatures. On all levels the algorithms are chosen to simplify implementation without leaking information through software side channels. All implementations in NaCl are timing-invariant and do not have data-dependent branches.

This tutorial explains how to compute on elliptic curves over fields of odd characteristic; how to make the arithmetic efficient; how to avoid data-dependent branches in single-scalar multiplication in the variable-base-point and in the fixed-base-point scenario; how the algorithms in NaCl are designed; and how to use NaCl.

NaCl is joint work with Daniel J. Bernstein and Peter Schwabe. Software and documentation are available at


This is version 2011.10.02 of the tutorials.html web page.