Welcome to the first edition of our Ecrypt newsletter. This electronic newsletter will be available every 2 months from now on to the end of ECRYPT in July 2008.

For those readers who are not familiar with the ECRYPT network: ECRYPT stands for European Network of Excellence for Cryptology and it is a 4-year network of excellence funded within the Information Societies Technology (IST) Programme of the European Commission's Sixth Framework Programme (FP6) ECRYPT was launched on February 1st, 2004 and runs for 4.5 years. Its objective is to intensify the collaboration of European researchers in information security and more in particular in cryptology and digital watermarking.

Who is this newsletter for? This newsletter is meant for all partners involved in ECRYPT. But the focused audience is much broader than partners only. A whole research community focusing on cryptography and watermarking will find interesting information in it. This newsletter is particularly of interest to those with intentions of attending ECRYPT workshops and schools.

What can you find in the ECRYPT newsletter? You will be kept up to date on all latest developments within ECRYPT. Interesting documents will be presented as well as short reports on past visits within the network. Upcoming events will be clearly announced. If you missed out of some past events you will be able to read the event report. Eventually, some space will also be devoted to a more elaborate introduction of one of the 32 ECRYPT partners in the section partner of the month.

ECRYPT consists of 32 leading players in the field of cryptography and watermarking. Katholieke Universiteit Leuven takes up the role of project coordinator.

As ECRYPT Coordinator, I want to invite you to read this newsletter.  I am convinced that it will contribute to our goal of strengthening the European research community in cryptology and watermarking.  ECRYPT has the ambitious goal to bring together academia and industry in order to improve the impact of our research; we need the support of every ECRYPT researcher to achieve this goal.  I also want to stress that while ECRYPT has “only” 32 partners, we hope that the network can serve the larger research community in Europe. 

This is also a good occasion to thank Antoon Bosselaers for his help with managing ECRYPT during the first two years.  At the beginning of 2006, Saartje Verheyen has taken over as project administrator; she is also the driving force behind this Newsletter.

ECRYPT stimulates short visits to, from, and within ECRYPT to promote integration. The main purpose of these exchanges is not educational: both the visitor and the host have a considerable knowledge in the technical field discussed during the visit. You can read the reports of the most recent visits below.

Are you an ECRYPT partner and want to host a visitor? Apply for funding here.

Gemplus hosts Damien Vergnaud (University of Caen, France)
The visit took place in March 2006

Gemplus first welcomed Damien Vergnaud in May 2005 for a 3-day research meeting with Pascal Paillier on discrete log based signatures. The joint work was later presented at Asiacrypt'05 and received the Best Paper Award. Damien visited Gemplus in Paris again this year (March 2006) to collaborate on a somewhat more industry-oriented subject this time: Cryptographic implementations unconditionally secure against probing attacks. Most cryptosystems are known not to resist probing attacks where the attacker tracks data bits in internal variables. These attacks are extremely powerful and recover secret keys completely. The goal of this work consisted in securing a modular exponentiation against probing attacks by conferring unconditional resistance. A patent and a joint paper gathering the results of this work are currently underway. Several other topics of common interest (with a focus on new proof techniques and asymmetric primitives) are already identified for future research. Damien Vergnaud is carrying out a PhD thesis in Number Theory and Cryptography at the LMNO*/University of Caen, an
institution outside of Ecrypt.

Axalto hosts Gregory V. Bard (University of Maryland, USA)
Visit duration: 28 April 2006 – 18 August 2006

Gregory V. Bard (University of Maryland, USA) visited Axalto from April to August 2006.  The longer period made it possible to work intensively on different topics. The topic worked on was linear algebra: Method of Four Russians versus Strassen, making Strassen matrix inversion work over finite field and complexity evaluation. Another topic that has been worked on was CPU cache-aware and memory sensitive implementation. 2 papers by Gregory were posted on Eprint, and submitted to conferences. Some achievements have also been done in Syndrome Decoding. Successful experimental cryptanalytic attacks on block and stream ciphers have been done. The results will be published soon. Programming parts of it. One joint paper has been submitted to Indocrypt. On top of that Gregory has given talks at Université de Versailles, ENSTA and the YACC'06 conference. What the future cooperation is concerned: 3 other papers are under development and will be submitted to conferences in 2006.

RUB hosts Emmanuel Bresson (Cryptology Department, CELAR Technology,
France)
Visit duration: 01 to 07 May 2006

In the first week of May 2006 Emmanuel Bresson (Cryptology Department, CELAR
Technology, France) visited the Horst Görtz Institute for IT Security (HGI) in Bochum. He gave a talk in the cryptographic seminar "On security models for group key exchange protocols". Emmanuel Bresson is one of the leading researchers in this area.
This was also the topic for the joint research with Mark Manulis. A joint paper in the area of formal models for group key exchange protocols was written and submitted to ACM CCS conference. A second paper was planned. This cooperation was strengthened by a second visit of Mark at CELAR, and we hope to extend this in the future.  

ECRYPT organises yearly numerous schools and workshops. These schools and workshops bring many researchers together in Europe and therefore are an excellent means for integration and dissemination. You can read the reports of the most recent workshops and schools below.

Summer School on Cryptographic Hardware, Side-Channel and Fault Attacks
June 12-15, 2006, Louvain-la-Neuve, Belgium
Organizer: KUL and UCL Belgium on behalf of VAMPIRE
URL: http://www.dice.ucl.ac.be/crypto/sumschool.htm

The program committee consisted of professors from UCL and KULeuven.
The focus of the workshop was on all aspects of cryptographic hardware systems, from implementation concerns to physical security, including side-channel
and fault attacks. With many known speakers such as Ingrid Verbauwhede, Christof Paar and Sergei Skorobogatov, the workshop drew the attention of almost 100 attendees. More information on the workshop together with the slides of all presenters can be found at http://www.dice.ucl.ac.be/crypto/sumschool.htm.

Workshop on RFID Security 2006
July 12-14, 2006, Graz, Austria
Organizer: IAIK on behalf of VAMPIRE
URL:http://events.iaik.tugraz.at/RFIDSec06/index.htm

The "Workshop on RFID Security '06" is the second workshop on the security of RFID systems that the VAMPIRE lab has organized. In contrast to the previous workshop, which focused more on lightweight cryptography, this year's workshop focused on RFID security itself.

The central topics were:

• New applications for secure RFID systems
• Privacy-enhancing techniques for RFID
• Cryptographic protocols for RFID
• Integration of secure RFID systems
• Resource-efficient implementation of cryptography

The selection of the program was done by:

• Vincent Rijmen (chair), TU Graz, Austria
• Gildas Avoine, EPFL , Switzerland
• Christof Paar, RUB, Germany
• Bart Preneel, KULeuven, Belgium
• François X. Standaert, UCL, Belgium
• Johannes Wolkerstorfer, TU Graz , Austria

The workshop featured 14 contributed and 4 invited talks. Two of the invited speakers, Sanjay Sarma and Kevin Fu (both from MIT) focused on fundamental issues in RFID security. Marc Langheinrich (ETH Zurich) discussed privacy issues in RFID. Kim Nguyen talked about the use of RFID in electronic passports. The slides of all speakers, some of the articles, and some photos can be found on the workshop's website http://events.iaik.tugraz.at/ RFIDSec06/index.htm 
This year's RFID Security workshop attracted 79 participants from all over the world. The best conclusion for this workshop was probably given by one of the participants:
"I have been waiting for a workshop that brings together the RFID and the crypto people".

Workshop on Computational Number Theory for Cryptanalysis
July 28-29, 2006, Berlin, Germany
Organizer: Benne de Weger, Technische Universiteit Eindhoven and Florian Hess, Technische Universität Berlin on behalf of AZTEC
URL: http://www.win.tue.nl/~bdeweger/ecryptworkshop

During the workshops 6 topics were discussed. Each of these topics were introduced by a short 10 minute talk by the topic leader, the topics were then further discussed, mostly in parallel sessions.
Topics discussed (with topic leaders):

• Index Calculus (Claus Diem)
• Full Cost Analysis (Dan Bernstein)
• Relation between Elliptic Curves and Factoring (Ming-Deh Huang)
• The Steinfeld-Zheng RSA variant (Ellen Jochemsz and Alexander May)
• Assumptions for Provable Security (Abhi Shelat)
• Hidden Pairings (Alexander Dent)

Some results of these sessions were:

• Index Calculus: Obtaining rigorous runtime estimates for Enge's and Diem's index calculus methods is more or less a matter of working out technical details. Also, some possible improvements of the two algorithms by incorporating ideas from the other were obtained. For further asymptotic complexity improvements there are fundamental obstacles.
• Relation between Elliptic Curves and factoring: Using Huang/Burhanuddin's method it will be difficult to achieve faster factoring methods than those known today.
• The Steinfeld-Zheng RSA variant: A birthday attack was put forward which cuts the search space into square root size, but a different attack of similar complexity was already described in the original paper. No essentially better attack was found.
• Assumptions for Provable Security: The Wee assumption was shown to be false by a simple root-taking algorithm that works in super-polynomial complexity.
• Hidden Pairings: Dent and Galbraith's method of constructing a hidden pairing, based on Frey's idea of disguising an elliptic curve, was broken by showing how the essential structure of an elliptic curve can be recovered from the disguised curve.

Workshop on Models for Cryptographic Protocols
July 31-August 1, 2006, Århus, Denmark
Organizer: BRICS, on behalf of PROVILAB.
URL http://www.daimi.au.dk/~buus/mcp2006/

Recent years have seen increasing research on security models for cryptographic protocols, in particular for long-running and multi-session systems, and simulation-based models which allow for concurrent composition and security within general systems. Another new challenge is to include economic models in the security definitions. One application of such security models is to link formal models, as used in model checkers and theorem provers, and cryptography. This comprises sound abstractions from cryptography, as well as approaches at applying formal methods to cryptographic proofs without any intermediate sound abstractions.
The aim of this workshop was to bring together researchers from the various research areas working on, and with, models for cryptographic protocol, in order to present recent work and engage in a discussion about common goals and important research problems in the overlap of the areas.
The program consisted of invited talks by Michael Backes, Yehuda Lindell, Tal Rabin and Bogdan Warinschi, plus 12 contributed talks, all selected by a program committee consisting of Ran Canetti, Ivan Damgård, John Mitchell, Jesper Buus Nielsen (chair) and Birgit Pfitzmann.
Participant Statistics: We had 30 participants, of which 17% were female, 40% were students, and 43% were from institutes outside ECRYPT. The non-EU countries represented include Israel, Japan,Norway, Russian and U.S.A.

Conclusions:
The workshop was very successful in attracting researchers from the various areas in this rather diverse field.  Subjects covered by the talks include: practical integration of tools for proof support, models of information theoretic security, relating the symbolic and computational approach to security, applications and refinements of existing cryptographic models for protocol security, like the reactive simulatability and universal composability model, soundness of Dolev-Yao models, multiparty computation and game theory, composability, and new models of trust. These subjects cover areas which normally publish in different conferences, and the discussions at the workshop showed that it clearly served a purpose in collected researchers from these different areas for a focused workshop on models for cryptographic protocols.
A booklet with abstracts was distributed at the workshop.  Some abstracts are available at [http://www.daimi.au.dk/~buus/mcp2006/].

Every month one of the 32 ECRYPT partners will be put in the spotlight. In this newsletter we focus on ENS, Ecole Normale Superieure in France. There was good reason to choose ENS as partner of the month. On October 6 2006, Jacques Stern, Professor and Head of the IT Department at Ecole Normale Supérieure, was awarded the CNRS 2006 Gold Medal.

Who is involved in ECRYPT at ENS?

All the members of the ENS crypto group regularly participate in ECRYPT activities. The head of our group is David Pointcheval. In terms of ECRYPT management, Jacques Stern is the chair of the strategic committee, while Phong Nguyen (assisted by Dario Catalano) is the leader of Aztec.

In which virtual labs is ENS most active?

Aztec obviously, because of the management. as well as the many activities (research retreats, summer schools and workshops among others) But ENS also plays an active role in STVL, and is aware of what is going on in other virtual labs thanks to EMC meetings.

Jacques Stern is awarded the CNRS 2006 Gold Medal

On October 6 2006, Jacques Stern, Professor and Head of the IT Department at Ecole Normale Supérieure, was awarded the CNRS 2006 Gold Medal.

This honor is given each year in recognition of the work of a researcher who has made an exceptional contribution to the dynamism and influence of French research. In this case, it rewards the excellence of the work carried out by Jacques Stern in the fields of cryptography, mathematics and IT. Jacques Stern obtained a Doctorate in 1975. He is currently professor and IT Director at ENS. He is a Knight in the Legion of Honour. He is the author of more than 150 publications in scientific magazines and of a book entitled La science du secret (The Science of Secrecy). He holds ten patents. He is a member of many scientific committees and Chairman of the Eurocrypt 99 Program Committee. He is regularly consulted by businesses and other organisations. He is a member of the Scientific Defence Council and a registered expert with the Court of Appeal of Paris. Since 2004 he is chairman of ECRYPT's strategic committee.

The ECRYPT NoE is proud that this prestigious award has been given to a researcher of one of its partners and would like to congratulate him on this special occasion.

About the CNRS gold medal: for more information visit: ww2.cnrs.fr.

School on Zero Knowledge: Foundations and Applications
Place:	Bertinoro, Italy
Date:	October 28-November 3, 2006
url:	http://zk.dia.unisa.it/
The State of the Art of Stream Ciphers - SASC 2007
Place:	Bochum, Germany
Date:	January 31- February 1 2007
Link will soon be announced

Here you will find new interesting documents that have been launched within ECRYPT. In this newsletter we would like to present the following document:
''ECRYPT Challenges for Cryptology Research in Europe for 2007-2013 and beyond (2006)''
The goal of this document is the define goals in cryptography and to translate these goals into key research issues and challenges for Framework 7 (2007-2013) and beyond.
To download this document click here

Phishing and Pharming - Can cryptography help?
by Jörg Schwenk, HGI, Bochum

Successful phishing attacks often provoke responses like "how can someone be so stupid" from computer experts (or from those who think they are). This may have been true for the first wave of phishing attacks, but not for today's pharming and malware attacks. My personal favourite at the moment is SSL evading Trojans[http://www.infoworld.com/article/06/03/03/75970_10OPsecadvise_1.html]: you have a valid, strong crypto SSL connection to your own bank (you can even manually check all the 2048 Bit RSA public keys in the validation chain), but your password or PIN will not be sent to your bank only, but also to theattacker.
At Bochum we have set up an interdisciplinary working group consisting mainly of computer scientists and legal experts to document and study the problem. Our website [www.a-i3.org] (in German only) has an archive of German language mails, a news section, and some security tutorials for non-experts. We have established good contacts to German banks.
The main reason for setting up this website was that the Anti-Phishing Working Group (www.apwg.org) concentrates on attacks against American and international organisations. We are therefore looking for cooperation partners in Europe, because banks and the security mechanisms employed in online banking differ a lot from country to country.
Areas of cooperation include, but are not limited to

• legal aspects (banking law, penal law),new online banking protocols (e.g. using smart cards, token generators,
  client certificates, visual authentication)
• intrusion detection for online banking.