Preliminary Program - Eurocrypt 2001

May 6-10, 2001
Innsbruck, Tyrol, Austria

Proceedings to appear as LNCS 2045, Springer-Verlag

Sunday, May 6, 2001

Sun 16:00-18:00: Conference Registration

Sun 18:00: Welcome Cocktails (at the Conference Site)

Monday, May 7, 2001

Mon 8:50-9:00: Opening Remarks
by Reinhard Posch (General Chair)

Mon 9:00-10:15: Elliptic Curves (chaired by Arjen Lenstra)
Mon 9:00-9:25 A Memory Efficient Version of Satoh's Algorithm
by Frederik Vercauteren (K. U. Leuven, Belgium), Bart Preneel (K. U. Leuven, Belgium), and Joos Vandewalle (K. U. Leuven, Belgium)
Mon 9:25-9:50 Finding Secure Curves with the Satoh-FGH Algorithm and an Early-Abort Strategy
by Mireille Fouquet (LIX, École polytechnique, France), Pierrick Gaudry (LIX, École polytechnique, France), and Robert Harley (ArgoTech, France)
Mon 9:50-10:15 How Secure are Elliptic Curves over Composite Extension Fields?
by Nigel P. Smart (University of Bristol, UK)

Mon 10:15-10:45: Coffee break

Mon 10:45-11:35: Commitments (chaired by Martin Hirt)
Mon 10:45-11:10 Efficient and Non-Interactive Non-Malleable Commitment
by Giovanni Di Crescenzo (Telcordia Technologies Inc., USA), Jonathan Katz (Telcordia Technologies Inc. and Columbia University, USA), Rafail Ostrovsky (Telcordia Technologies Inc., USA), and Adam Smith (Massachusetts Institute of Technology, USA)
Mon 11:10-11:35 How to Convert the Flavor of a Quantum Bit Commitment
by Claude Crépeau (McGill University, Canada), Frédéric Légaré (Zero-Knowledge Systems Inc., Canada), and Louis Salvail (BRICS, University of Århus, Denmark)

Mon 11:35-12:05: Break

Mon 12:05-12:55: Invited talk (chaired by Hugo Krawczyk)
Mon 12:05-12:55 Zero Knowledge Has Come of Age
by Silvio Micali (Massachusetts Institute of Technology, USA)

Mon 12:55-14:25: Lunch
Mon 12:55-14:25: IACR Board Meeting

Mon 14:25-15:40: Anonymity (chaired by Michael Waidner)
Mon 14:25-14:50 Cryptographic Counters and Applications to Electronic Voting
by Jonathan Katz (Telcordia Technologies Inc. and Columbia University, USA), Steven Myers (University of Toronto, Canada), and Rafail Ostrovsky (Telcordia Technologies Inc., USA)
Mon 14:50-15:15 An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation
by Jan Camenisch (IBM Zürich Research Laboratory, Switzerland) and Anna Lysyanskaya (Massachusetts Institute of Technology, USA)
Mon 15:15-15:40 Priced Oblivious Transfer: How to Sell Digital Goods
by Bill Aiello (AT&T Labs - Research, USA), Yuval Ishai (AT&T Labs - Research, USA), and Omer Reingold (AT&T Labs - Research, USA)

Mon 15:40-16:10: Coffee break

Mon 16:10-17:25: Signatures and Hash Functions (chaired by Jan Camenisch)
Mon 16:10-16:35 A Secure Three-move Blind Signature Scheme for Polynomially Many Signatures
by Masayuki ABE (NTT Laboratories, Japan)
Mon 16:35-17:00 Practical Threshold RSA Signatures Without a Trusted Dealer
by Ivan Damgård (BRICS, University of Århus, Denmark) and Maciej Koprowski (BRICS, University of Århus, Denmark)
Mon 17:00-17:25 Hash Functions: >>From Merkle-Damgård to Shoup
by Ilya Mironov (Stanford University, USA)

Tuesday, May 8

Tue 9:00-10:15: XTR and NTRU (chaired by David Naccache)
Tue 9:00-9:25 Key Recovery and Message Attacks on NTRU-Composite
by Craig Gentry (DoCoMo Communications Laboratories Inc., USA)
Tue 9:25-9:50 Evidence that XTR is more secure than supersingular elliptic curve cryptosystems
by Eric R. Verheul (PricewaterhouseCoopers, The Netherlands)
Tue 9:50-10:15 NSS: An NTRU Lattice-Based Signature Scheme
by Jeffrey Hoffstein (NTRU Cryptosystems Inc., USA), Jill Pipher (NTRU Cryptosystems Inc., USA), and Joseph H. Silverman (NTRU Cryptosystems Inc., USA)

Tue 10:15-10:45: Coffee break

Tue 10:45-11:35: Assumptions (chaired by Guillaume Poupard)
Tue 10:45-11:10 The Bit Security of Paillier's Encryption Scheme and its Applications
by Dario Catalano (University of Catania, Italy), Rosario Gennaro (IBM T. J. Watson Research Center, USA), and Nick Howgrave-Graham (IBM T. J. Watson Research Center, USA)
Tue 11:10-11:35 Assumptions Related to Discrete Logarithms: Why Subtleties Make a Real Difference
by Ahmad-Reza Sadeghi (Saarland University, Germany) and Michael Steiner (Saarland University, Germany)

Tue 11:35-12:05: Break

Tue 12:05-12:55: IACR Distinguished Lecture (chaired by Kevin Mc Curley)
Tue 12:05-12:55 Economics and Cryptography
by Andrew Odlyzko (AT&T Labs - Research, USA)

Tue 12:55-14:25: Lunch

Tue 14:30-18:30: Excursion Swarovski Crystal Worlds

Tue 19:00: Rump Session
Session Chair: Jean-Jacques Quisquater

Wednesday, May 9

Wed 9:00-10:15: Multiparty Protocols (chaired by Tal Rabin)
Wed 9:00-9:25 On Adaptive vs. Non-adaptive Security of Multiparty Protocols
by Ran Canetti (IBM T. J. Watson Research Center, USA), Ivan Damgård (BRICS, University of Århus, Denmark), Stefan Dziembowski (BRICS, University of Århus, Denmark), Yuval Ishai (DIMACS and AT&T Labs - Research, USA), and Tal Malkin (AT&T Labs - Research, USA)
Wed 9:25-9:50 Multiparty Computation from Threshold Homomorphic Encryption
by Ronald Cramer (BRICS, University of Århus, Denmark), Ivan Damgård (BRICS, University of Århus, Denmark), and Jesper B. Nielsen (BRICS, University of Århus, Denmark)
Wed 9:50-10:15 On Perfect and Adaptive Security in Exposure-Resilient Cryptography
by Yevgeniy Dodis (University of New York, USA), Amit Sahai (Princeton University, USA), and Adam Smith (Massachusetts Institute of Technology, USA)

Wed 10:15-10:45: Coffee break

Wed 10:45-11:35: Block Ciphers (chaired by Kaisa Nyberg)
Wed 10:45-11:10 Cryptanalysis of Reduced-Round MISTY
by Ulrich Kühn (Dresdner Bank AG, Germany)
Wed 11:10-11:35 The Rectangle Attack - Rectangling the Serpent
by Eli Biham (Technion, Israel), Orr Dunkelman (Technion, Israel), and Nathan Keller (Technion, Israel)

Wed 11:35-12:05: Break

Wed 12:05-12:55: Primitives (chaired by Amit Sahai)
Wed 12:05-12:30 Efficient Amplification of the Security of Weak Pseudo-Random Function Generators
by Steven Myers (University of Toronto, Canada)
Wed 12:30-12:55 Min-Round Resettable Zero-Knowledge in the Public-Key Model
by Silvio Micali (Massachusetts Institute of Technology, USA) and Leonid Reyzin (Massachusetts Institute of Technology, USA)

Wed 12:55-14:25: Lunch

Mon 14:25-15:40: Symmetric Ciphers (chaired by Kaoru Kurosawa)
Wed 14:25-14:50 Structural Cryptanalysis of SASAS
by Alex Biryukov (The Weizmann Institute, Israel) and Adi Shamir (The Weizmann Institute, Israel)
Wed 14:50-15:15 Hyper-Bent Functions
by Amr M. Youssef (University of Waterloo, Canada), and Guang Gong (University of Waterloo, Canada)
Wed 15:15-15:40 New Method for Upper Bounding the Maximum Average Linear Hull Probability for SPNs
by Liam Keliher (Queen's University at Kingston, Canada), Henk Meijer (Queen's University at Kingston, Canada), and Stafford Tavares (Queen's University at Kingston, Canada)

Wed 15:40-16:10: Coffee break

Wed 16:10-17:25: IACR Business Meeting

Wed 20:00-23:00: Presidential Dinner at Congress Innsbruck

Thursday, May 10

Thu 9:30-10:45: Key Exchange and Multicast (chaired by Carlo Blundo)
Thu 9:30-9:55 Lower Bounds for Multicast Message Authentication
by Dan Boneh (Stanford University, USA), Glenn Durfee (Stanford University, USA), and Matt Franklin (University of California, USA)
Thu 9:55-10:20 Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
by Ran Canetti (IBM T. J. Watson Research Center, USA) and Hugo Krawczyk (Technion, Israel)
Thu 10:20-10:55 Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords
by Jonathan Katz (Telcordia Technologies Inc. and Columbia University, USA), Rafail Ostrovsky (Telcordia Technologies Inc., USA), and Moti Yung (CertCo Inc., USA)

Thu 10:55-11:15: Coffee break

Thu 11:15-12:30: Authentication and Identification (chaired by Josh Benaloh)
Thu 11:15-11:40 Identification Protocols Secure Against Reset Attacks
by Mihir Bellare (University of California at San Diego, USA), Marc Fischlin (University of Frankfurt, Germany), Shafi Goldwasser (Massachusetts Institute of Technology, USA), and Silvio Micali (Massachusetts Institute of Technology, USA)
Thu 11:40-12:05 Does Encryption with Redundancy Provide Authenticity?
by Jee Hea An (University of California at San Diego, USA) and Mihir Bellare (University of California at San Diego, USA)
Thu 12:05-12:30 Encryption Modes with Almost Free Message Integrity
by Charanjit S. Jutla (IBM T. J. Watson Research Center, USA)

Thu 12:30-12:55: Closing Remarks

Thu 12:55-14:25: Lunch

Last revision: OCG, April 23, 2001