Organizer: Marc Fischlin, TU Darmstadt / CROSSING
Cryptography has turned out to be an invaluable tool for protecting the confidentiality and integrity of digital data. At the same time, cryptography does not yet provide satisfying solutions to all practical scenarios and threats. To accomplish appropriate protection of the data, cryptography needs to address several challenges.
First, cryptography needs to provide the fundamental primitives from which higher-level protocols can be derived. This requires to investigate the feasibility of building useful primitives, to scrutinize the hardness of the underlying problems and assumptions, and to explore the applicability of such primitives. Recently, advances in cryptanalytic techniques for finite fields with small characteristic and problems like subset sum, decoding of linear codes and the widely used LPN/LWE-assumptions have gained quite some attention in this area.
The second challenge is to make cryptographic primitives match the efficiency requirements for deployment in various scenarios, possibly iterating the fundamental design step. A recent example are the advances in indistinguishability obfuscation which is still at an early development stage. Here fundamental questions about feasibility and efficiency improvements are still open. A step ahead in this regard are fully homomorphic encryption schemes where people are already working on optimizations.
The third challenge is to make sure that the primitives are used appropriately in larger protocols, and to provide security analyses of practically deployed protocols. A striking example here is TLS where cryptographers still struggle to provide a comprehensive analysis of the current TLS standard 1.2, and yet the new version 1.3 is already at the horizon.
Each of the three challenge areas – cryptanalysis and foundations (investigating and evaluating new primitives), optimization (making solutions more efficient), and deployment (designing real-world protocols) – can be viewed as transitional steps to devise cryptographic solutions for protecting actual data. Since we view all steps of being equally important and an integral part of cryptographic research, the seminar should bring together experts from all these areas, stimulating interaction between the areas.
The overall objectives of this Dagstuhl Seminar are:
- For the cryptanalytic techniques we study the full extent to which they can be generalized and explore whether techniques from different areas interact and benefit from each other. This is crucial to establish well defined security levels for cryptographic assumptions, and to communicate secure parameter selection procedures to implementers of cryptographic protocols.
- Regarding the foundational aspects, the seminar offers the possibility to scrutinize the now emerging primitives and concepts of multilinear maps and indistinguishability obfuscation. We expect numerous new results along these lines in the upcoming years, till the proposed Dagstuhl Seminar would happen. The seminar's objective is to consolidate and to discuss future directions in these areas.
- Concerning the optimization aspects we expect further progress in the applicability of operational cryptography, especially (fully or somewhat) homomorphic encryption. The goal of the seminar in this area is to push the solutions even further in terms of efficiency, and to identify the obstacles for a larger deployment such as for Big Data.
- In terms of deployment the goal of the seminar is to advance the analysis of new real-world protocols, especially key exchange protocols such as TLS 1.3, and to provide feedback to designers and engineers of such protocols.