Tutorial 1:

Introduction to the sponge and duplex constructions

Gilles Van Assche, STMicroelectronics, Belgium

Abstract: In this presentation, we introduce the sponge construction that allows one to build an extendable output function (XOF) from a cryptographic permutation. Starting from this point, we then explore different variants along two axes. On the first axis, we highlight the differences in security when used for hashing (unkeyed) or for encryption and authentication (keyed). And on the second axis, we show how to add incremental input properties, using the duplex constructions and variants. We also set the stage with the indifferentiability and the indistinguishability frameworks for unkeyed and keyed applications, respectively.

Tutorial 2:

Cryptographic properties of Keccak

Gilles Van Assche, STMicroelectronics, Belgium

Abstract: In this presentation, we present the Keccak sponge function and its derivatives Ketje, Keyak and KangarooTwelve, all using the Keccak-p permutation family. We discuss the design rationale and detail Keccak-p's properties regarding the propagation of differences and linear masks. Finally, we conclude with techniques for searching for the optimal differential and linear trails, and their applications in Keccak.

Tutorial 3 and 4:

Public Key Encryption and Security against Chosen Ciphertext Attacks

Takahiro Matsuda, National Institute of Advanced Industrial Science and Technology (AIST), Japan.

Abstract: Public key encryption (PKE) is one of the most fundamental cryptographic primitives, and security against chosen ciphertext attacks (CCA security) is considered as a de-facto standard security notion required in most practical situations/applications. Due to its impact on modern cryptography, since the introduction of CCA secure PKE roughly 30 years ago, it has remained to be one of the most important research topics in the area of both theoretical and practical cryptography to this day.

This tutorial will consist of two parts. In the first part, I will review classical techniques for constructing and proving CCA secure PKE schemes. This will include the Naor-Yung construction, hash proof systems, Fujisaki-Okamoto transformation and so on. In the second part, I will give a survey on several recent topics related to the CCA security of PKE and discuss open problems.