Atsuko Miyaji (Osaka University/JAIST, Japan)

Post-Quantum Secure Group Key Exchange with Logarithmic Complexity

A group key exchange protocol (GKE) allows a group of $n$ parties to share a common secret key over an insecure channel and, thus, parties in the group can encrypt and decrypt messages among group members. Secure communication among $n$ parties has become an integral part of many applications. For example, ad hoc wireless networks are deployed in many areas such as homes, schools, disaster areas, etc., where a network is susceptible to attacks ranging from passive eavesdropping to active interference. Besides ad hoc networks, another environment where ad hoc groups are popular is in the context of new emerging social networks.

Widely-known GKEs based on the DH-key exchange protocol are BDI and BDII proposed by Burmester and Y. Desmedt.  The important difference in efficiency between BDI and BDII is that BDI needs communicational complexity $O(n)$ while BDII works with only communicational complexity $O(\log n)$. On the other hand, the emergence of quantum computers would become a real threat on both BDI and BDII. This is why we need to reconstruct GKEs in such a way that it is post-quantum secure. In this talk, we focus on post-quantum secure GKEs with logarithmic complexity.

We start from BDII and investigate how to construct post-quantum secure GKEs based on supersingular isogeny DH key exchange or Ring-LWE.

Kenny Paterson (ETH Zurich, Switzerland)

Probabilistic Data Structures in Adversarial Settings

Probabilistic data structures are ubiquitous in modern computing systems. Prominent examples include Bloom filters, Cuckoo filters, HyperLogLog and Quotient filters. Computing systems are also subject to adversarial behaviour, meaning that these data structures are often exposed to adversarial inputs. For example, cascades of Bloom filters are being trialled by Mozilla for use in certificate validation in Firefox, while network devices use HyperLogLog to count packets and thereby detect attacks. In this talk, I’ll describe what is known about the security of such data structures in the adversarial setting, highlighting new attacks on HyperLogLog demonstrating that it is exponentially bad at counting adversarial inputs.

About the speaker: Kenny Paterson is a Professor of Computer Science at ETH Zurich, where he leads the Applied Cryptography group. Kenny is a Fellow of the IACR, and currently serves as Editor-in-Chief of the Journal of Cryptology. He is co-founder of the “Real World Cryptography” workshop series. Further information:

Mathias Payer (EPFL, Switzerland)

Bluetooth and the Pitfalls of Wireless Protocols

Bluetooth ubiquitously enables devices to interact with each other. Common use cases for Bluetooth are IoT communication in smart watches, temperature/environmental sensors, smart locks, or camera controls but also headphones, keyboards, or mice. These peripherals have access to sensitive data that requires protection.

The combination of a massively complex Bluetooth standard, custom implementations, along with a slow update/patch cycle results in a brittle environment that exposes the data of its users. In this talk, we will highlight different aspects of the Bluetooth threat surface, from implementation to protocol bugs and discuss potential ways out of the Bluetooth security crisis.

About the speaker: Mathias Payer is a professor at EPFL, leading the HexHive research group ( Our research focuses on protecting applications in the presence of vulnerabilities. Complex systems will always have exploitable bugs, we systematically analyze potential threats and attack vectors. To mitigate threats we, on one hand, create techniques for developers to discover and fix bugs. On the other hand, we make systems resilient against the exploitation of unknown or unpatched vulnerabilities by designing carefully balanced mitigations. All our prototypes are released as open-source and we fixed vulnerabilities in, e.g., the Linux kernel, Android, Intel CPUs, or Bluetooth. Our research is generously funded, among others, by ERC, SNSF, NSF, DARPA, and ONR. His Twitter is @gannimo.

Zhiyun Qian (University of California Riverside, US)

Weaponizing Network Side Channels: From TCP Hijacking to DNS Cache Poisoning

Side channel attacks were never considered as part of the threat model when network protocols were designed. Even today, the impact of network side channels is vastly underestimated. Exploiting network side channels have been considered challenging, if not infeasible, due to its nature of being remote. In this talk, I will demonstrate a series of surprisingly powerful attacks where a blind off-path attacker can use side channels to hijack arbitrary remote TCP connections, as well as launch DNS cache poisoning attacks against popular DNS services. I will also give insights on how to systematically discover such problems. 

About the speaker: Zhiyun Qian is the Everett and Imogene Ross associate professor in the CSE department at the University of California Riverside. He is a recipient of the NSF CAREER Award for 2017. His main research interests are in the area of system and network security, including vulnerability discovery, side channel analysis, applied program analysis, system building, and measurement of real-world security problems. He is a recipient of the NSF CAREER Award in 2017, Applied Networking Research Prize from IRTF in 2019, Facebook Internet Defense Prize Finalist in 2016, and the most creative idea award from Geekpwn 2016.