CRYPTOGRAPHY

• Local information
• Global issues
• High level stuff
• Selecting what to use
• Post Quantum
• People
• Conferences
• Math
• Standards
• Crypto R and D
• EMEA
• US and Canada
• Other
• EMEA private sector

Local information

• Crypto
• Crypto crashcourse

Global issues

High level stuff

• An outline of cryptography - Wikipedia
• IACR - International Association for Crytologic Research - Journal
• IACR's eprint archive - online - in .pdf and .ps
• ZKProof.org - standardisation of ZKProofs
• IFCA - International Financial Cryptographic Association - including conference and proceedings
• ecrypt.eu.org - including deliverables from Carlos Cid/Bart Preneel
• Freehaven's collection of Anonymity related papers such as Chaum's mixes
• Realworldcrypto - conference
• Wassenaar agreement
• The PKI Page - nice overview of CA's and some legislation
• jya.com - John Young - architecture, biology, crypto
• cryptome.org - note there's now also a cartome.org
• Generalized Certification Theory - Dr. Gerck - trustdef

Selecting what to use

• NIST - standards and guidelines
• SOGIS - Senior Officials Group Information Security
• Coordinates the standardisation of Common Criteria protection profiles and certification policies between European Certification Bodies in order to have a common position in the international CCRA group
• Coordinates the development of protection profiles whenever the European commission launches a directive that should be implemented in national laws as far as IT-security is involved
• As such, makes protection profiles (passports, tachograph, SSCD, ...) available
• ETSI - cryptographic suites
• ENISA- initial recommendations
• PQcrypto.eu.org - initial recommendations
• Symmetric encryption: AES-256 and Salsa20 with a 256-bit key
• Symmetric authentication: GCM using a 96-bit nonce and a 128-bit authenticator, and Poly1305
• Public key encryption: McEliece with binary Goppa codes
• Public key signatures: XMSS and SPHINCS-256 (both are hash-based) - it can be observed
• XMSS: size of the XMSS signature is about 2.5 kB, which is large compared with the ECDSA signature (71 bytes), and requires an increase in the block size; however, this is seen as an option for PQ signature in a blockchain
• Sphincs: for a 128-bit security level, the size of such a signature is about 41 kB, which is too expensive to use in a blockchain and is more suitable for authentication systems
• Keylenght.com - A. Lenstra/E. Verheul - key lengths etc
• Cryptosavvy - A. Lenstra/E. Verheul - key lengths etc

Post Quantum

• EU Quantum Technologies Flagship
• NIST PQ project - see also NISTIR 8105
• PQcrypto.eu.org - H2020 - cryptography for long-term security PQCRYPTO ICT-645622
• PQcrypto.org - Daniel J. Bernstein and Tanja Lange
• ETSI Quantum Safe Cryptography
• MinRank Foundation - Multivariate Cryptography for the 21 century (algebraic geometry)- tip from VR
• Magiq Technology - putting quantum technology to use
• Isara - post quantum solutions
• Sphincs.cr.yp.to - hash-based signatures
• Annual PQ conference

People

• Michele Mosca - quantum computing - Uni of Waterloo
• Steven Galbraith - ECC - Auckland, NZ - slides, publication, handbook
• Dieter Gollman
• Nigel Smart - MPC- at COSIC
• Wang Xiaoyun - MD5, SHA1 collisions, ...
• Jianying Zhou - private homepage - non-repudiation, cyber-physical, ...
• Jianying Zhou - SUTD homepage
• Thomas Hardjono - MIT
• Martin Helman
• Diffie-Hellman - New directions in cryptography - 1976
• Andrew Clark IACR's President
• Ron Rivest's homepage - with further crypto links ...
• David Chaum's homepage - Berkeley, CWI, DigiCash, ... see also www.vreceipt.com
• BE - COSIC - Bart Preneel - Vincent Rijmen
• Marc Stevens - hashing, MD5 - SHA1
• Ralph Merkle
• Cryptography Research - US, San Francisco, Paul Kocher - SSL V3.0 - differential power analysis - ...
• Sergei Skorobogatov - hacking iPhone 5c

Conferences - IACR (Crypto - EuroCrypt - AsiaCrypt - .../ IEEE / and also RSA

• IACR conferences
• IFCA - International Financial Cryptographic Association annual conference

Math aspects, formal verification and cryptanalysis

• Project Everest - Microsoft, INREA, CMU
• aims to build and deploy a verified HTTPS stack
• formally verified implementation of components in HTTPS ecosystem, including TLS and AES, SHA2 and X25519 (DH function on Curve25519)
• Everest consists of:
• F*- a verification language for effectful programs
• By default F* only verifies the input code, it does not execute it. To execute F* code one needs to extract it to OCaml or F# and then compile it using the OCaml or F# compiler
• miTLS, reference implementation of the TLS protocol in F*
• KreMLin, a compiler from a subset of F* to C
• HACL*, a verified library of cryptographic primitives written in F*
• Vale, a domain-specific language for verified cryptographic primitives in assembly
• EverCrypt, a verified crypto provider that combines HACL* and Vale via an agile, multi-platform, self-configuring cryptographic API
• EverParse, a library and tool to automatically generate verified parsers and serializers for binary data formats
• => When combined together, the projects above generate a mixture of C and assembly code that implements TLS 1.3, with proofs of safety, correctness, security and various forms of side-channel resistance
• SageMath
• The Random Oracle model
• DE - TU Darmstadt - Lindner - links to Jalgebra
• EFF - 1999-01-19 56 bit DES crack in 22 1/4 h.
• CWI - Lenstra, Te Riel, Montgomery - cracking RSA-155/512 bits
• MD5Crack - Gregory Duchemin
• DeCSS - decryption of DVD CSS - Dave Touretzky - Carnegie Mellon University - note that originally this seems to have been done by MoRE, a Norwegian group - Masters of Reverse Engineering
• Univ of Maryland - William Arbaugh - chosen plaintext against WEP/WEP2
• Copacobana - Cost-Optimized Parallel COde Breaker for e.g. DES (FPGA-based machine)

Standards

Crypto - R and D

EMEA R&D

• EU - STORK - STrategic Roadmap for Crypto - establishing a roadmap for future European research in cryptography within the EC's 6th Framework
• EU - eCrypt - Network of Excellence for Cryptology
• EU - Ripemd
• EU - CryptoNessie - refers to COSIC
• EU - PAMPAS - Pioneering Advanced Mobile Privacy and Security - an IST FP5 roadmap project - next generation GSM etc
• EU - EESSI - European Electronic Signature Standardization Initiative - Preneel, Rijmen, Bosselaers, Biham, Knudsen, Stern, JJQ, ...
• BE - K.U.Leuven - ESAT/COSIC
• BE - K.U.Leuven - links also to ICRI
• BE/VL - IBBT - Instituut voor BreedBand Technologie - Flemish/cross-university
• BE/DK - Alice and Bob Technologies - Preneel/Knudsen
• BE - UCL - J.J. Quisquater
• BE - K2Crypt - J.J. Quisquater and Francois Koeune
• BE - BlueKrypt - UCL
• BE - Integri - suggested by KDB
• NL - Kerckhoff Institute inclusief Eric Verheul
• NL - Radboud Universiteit Nijmegen - Eric Verheul
• NL - Radboud Universiteit Nijmegen - Digital Security group - Mifare hack demo - Wouter Teepe
• NL - XTR - Arjen Lenstra & Eric Verheul
• NL - Werkgemeenschap Informatie en Communicatietheorie - Henk van Tilborg
• NL - Tanja Lange PQcrypto - EC crypto
• UK - Royal Holloway - Information Security Group - Fred Piper, Chris Mitchell...
• UK - RHUL-ISG- Bulletin Board
• RHUL - ISG Notice Board
• UK - Royal Holloway - Smart Card Centre with Vodafone and G-and-D
• UK - Royal Holloway - affordable accomodation
• UK - Yahoo RHUL-ISG - informal alumni group
• CJM's homepage
• Chez's homepage
• UK - Ross Anderson - lecture notes, analysis, Serpent, stegano...
• UK - Bletchley Park
• UK - Brian Gladman - UK MOD/NATO - AES in C etc
• ES - Safelayer - Spanish PKI and security products and consulting - Spanish governemental PKI/e-Signature implementations
• DE - TU Darmstadt - Lindner - Algebra in Java
• DE - Fraunhofer/GMD
• DE - CAST Forum - Competence Centre for Applied Security Technology - Committee on Digital Watermarking
• PEPP-PT - centralised philosophy
• DP-3T Cosic et al. - decentralised philosophy
• CH - EPFL/Cosic - Carmela Troncoso - privacy and DP-3T
• CH - IBM-Zurich - Jan Camenisch - anonymous credentials - FP6/FP7 Prime/PrimeLife
• CH - IBM-Zurich - Jan Camenisch - anonymous credentials - FP6/FP7 Prime/PrimeLife
• CH - ETH-Zurich - James Massey
• CH - ETH-Zurich - Ueli Maurer
• CH - SWITCH - Swiss Academic and Research Network
• CH - IBM Zurich
• NO - Bergen Lars Knudsen - ...James Massey
• FI - University of Wasa in Finland, check out /pc/crypto
• IL - Weizmann - Oded Goldreich Crypto teaching
• IL - Technion - Eli Biham - Serpent
• IL - Technion - overview of courses

US/CA R&D

• CA - University of Waterloo - Guang's Gong homepage (COMSEC - UMTS etc)
• CA - University of Waterloo - Alfred Menezes' homepage
• CA - The HAC - Handbook of applied cryptography
• CA - Government's "Communication Security Establishment' - signals intelligence and protection
• US - Victor Shoup - editor of ISO 18033 on encryption - author of the Cramer–Shoup cryptosystem asymmetric encryption algorithm
• US - Victor Shoup - A Computational Introduction to Number Theory and Algebra
• US - Berkeley - Daw
• US - Berkeley - Cypherpunks
• US - Berkeley's cipherpunks ftp site, look in /pub/cypherpunks ...
• US - Stanford - crypto.standford.edu - Dan Boneh ...
• US - Stanford - Identity-Based Encryption
• US - Stanford - crypto.standford.edu - Identity-Based Encryption from the Weil Paring
• US - UC Davis - Phillip Rogaway - AES-OCB - PMAC - UMAC
• US - UCLA - Ingrid Verbauwhede - VLSI/DSP, AES chip with 2Gbps throughput ...
• US - Mihir Bellare - University of Califonia, San Diego
• CA - Zero Knowledge Systems - Freedom Architecture
• US - SRI's Computer Science Laboratory - Peter Neumann ...
• US - IBM Research on Security
• US - Counterpane - including Bruce Schneier's crypto-self-study for block ciphers

Other R&D - Israel, Asia/Japan ...

• JP - NTT
• Symmetric key algorithm: Camellia
• Public-key algorithms: EPOC and PSEC
• Digital signature algorithm: ESIGN
• Factoring
• PARI - tip from Eric Verheul - Number Theory & Factoring
• S-HTTP - status unsure ...

Crypto - EMEA private sector

Products related

• Unbound Smart/Lindell - MPC-based vHSM
• LU - Nowina DSS - QWACS and ntQWACS
• IL - ComSignTrust.il - Zeev Shetach
• IL - ComSignTrust.com
• IL - ARX - created by students of Adi Shamir
• UK - Admiral plc
• UK - PwC's original CA
• UK - nCipher - Nico Van Someren - nFast (used by e.g. beTRUSTed), SSL accelerators & key management - even a simulation applet ...
• UK - Ascertia - OCSP provider in Java - XKMS and .NET - used by e.g. EIDA
• IR - Baltimore - beTRUSTed (ex-Zergo) - UniCert - J/Crypto - J/SSL - Telepathy - HSM
• IR - Baltimore's KeyTools - Baltimore developer's guides and tools, ...
• IR - Baltimore's DevZone
• DE - Cryptovision
- used by Nigerian eID
• DE - Secardeo - PKI and tooling
• DE - Secrypt/digiSeal - used by PwC.BE
• DE - Sefirot - used by ESA
• DE - GMD - Forschungszentrum Informationstechnick GmbH - SECUDE toolkit Secure Development Environment for Open Systems
• DE - Guardeonic (Siemens, Cryptomathic, Infineon)
• DE/BE - Utimaco - PKI provider for EC, NATO, ...
• DE/BE Utimaco - DE, BE, FR, NL, NO, UK, CH, ...
• DE - Aloaha - pdf signer for smart-cards, used by a.o. PwC.be
• JCryptool now multiplatform from Sourceforge
• DE - cryptool.org
• DE - Deutsche Bank's free cryptool (Windows only - but includes cryptanalysis)
• AT - IAIK - Graz University of Technology (Austria) - includes work on Austrian Burgerkarte
• AT - IAIK - XaDES
• FR - Cryptosense, tracing crypto execution -
• FR - OpenTrust (ex-Keynectis) e.g. used by Council
• FR - Keynectis (legacy)
• FR - Cryptolog - used by eg EC - products include CUTE, Unicity, Serenity, Eternity, Perennity
• FR/UK - Thales - aerospace, defence, security and services - acquired nCipher
• FR - Sagem - crypto hard- and software
• FR - Magicaxess - mobile electronic signature
• FI - Valimo - mobile PKI as used eg in Oman, now part of Gemalto
• DK - Cryptomathic - Peter & Matt Landrock, Ivan Damgaard, Vincent Rijmen, ...
• DK - Ivan Damgaard
• EMV, CardInk
• PKI and trust products - including Crypto Signer (central signature generation)
• key management products
• OEM tools
• DK - Cryptomathic - Peter & Matt Landrock - PrimeInk library (ANSI C source, DES, RSA, RIPE-MD-160, ISO 9796, also sold as part of IBM's CBT)- ...
• SE - PointSec PC and device encryption

• BE - Integri - test tools, prototyping tools and test services for smart & sim cards, EMV, CEPS, Proton, m-applications, payment terminals, authorisation & clearing host simulators ...
• BE - D-Soft - pdf-signing
• CH - r3 - Rainer Rueppel - now part of Entrust
• NL - 'Replay' - strong crypto for download
• NL - FreeS/WAN - distributed as source - DH 1024, 3DES, 6MBit/s throughput on a regular PC, interoperates with 3DES IPsec

Crypto - IL

Crypto - America's/Canada

Crypto - US/CA private sector

• US - Venafi - Key Management
• US - AppSecInc - a.o. DBEncrypt, AppRadar (DB security) etc
• US - Decru Datafort storage encryption (used eg by FEDICT)
• Canada/Montreal - Credentica - Stephen Brands anonymous credentials - acquired by Microsoft
• US NTRU - lattice-based public key cryptography
• US - RSA - PKCS, BSAFE, Keon, SecureID/ACE Server (ex-Security Dynamics, based on proprietary and patented Time Synchronisation algorithm), cryptobytes, ...
• US - RSA LABS - Burt Kaliski (ex MIT, ex NIST)- Founded in 1991 - Applied research, standards development, education. Based in US-Bedford (MA) & Sweden-Stockholm
• US - Cryptography.com - Paul Kocher
• US - IBM - includes e.g. DES, MARS, cryptocards
• US - SafeNet - includes IRE, Securealink, Cylink, Rainbow Technologies (iKey)
• US - VeriSign's website - WHITEPAPERS, e.g. on Secure Server ID - SSL
• US/CAN - Entrust
• US - Intel - CDSA - Common Data Security Architecture
• US - Cygnacom - Chokani - validation path API ...
• US - SETco - Secure Electronic Transactions
• SET - Mastercard - Tandem...
• CA - Certicom - ECC
• US - Valicert, Mountain View, CA - key component of Identrus VA - Validation Authority, OCSP (request/response, but you still have to verify the chain yourself), SCVP-Simple Certificate Verification Protocol for lean clients (includes certificate chain validation on the server side), Secure-Transport, Digital Receipt
• US - Valicert.net - demo and download site
• US - Counterpane - now with BT - Bruce Schneier
• US - Netscape - creator of SSL
• US - Netscape SSL step-up security
• OpenSSL - for the latest version of SSLeay (unless you want to try RSA Australia ..)
• US - iButton - Maxim Semiconductor/Dallas
• US - John Atalla
• US - TriStrata - also from Atalla
• US - Cryptocard - Java/Linux/OPSEC/...
• US - Imaging Automation - secure documents, secure ID's etc
• US - NY - Phaos - Java crypto products, including Identrus compliant Java EJB - Phaos Financial Engine ...
• US - Corestreet - distributed OCSP and PIVman for first response identification

Crypto - US governement and standards

• NIST - AES project, FIPS standards, Bridge-CA,... Among many other things, NIST was responsible for:
• FIPS 140-1: Cryptographic Module Verification
• FIPS 81: DES
• FIPS 113: DAC (Data Authentication Code)
• FIPS 46-3: DES/3DES
• FIPS 185: ESS (Escrowed Encryption Standard)
• FIPS 186-2: DSS (Digital Signature Standard)
• FIPS 180-1: SHS (Secure Hash Standard - SHA)
• NIST - PKI Bridge CA, S/Mime, ...
• NIST - AES candidates
• NIST - AES discussion
• US export control
• Dorothy Denning on US Crypto export

Digital Rights Management / secure music and copying

• BluRay and HD security: AACS DVD: CSS (and DeCSS) - check wikipedia
• US - DigiMarc - digital watermarking, including Ghanian driving license
• SDMI - Secure Digital Music Initiative
• DE - Technical Committee on Digital Watermarking

Sundry

• MIT Christina Demello - overview of university homepages
• FSTC's Electronic Check project
• Cybercash

Browser step-up demo's (old stuff)

• Commerzbank with RC4/128 bit
• Lloyds-UK
• Westpac Bank Australia