Eurocrypt 2023 and Lattices Meet Hashes Workshop: Benjamin Bencina

For a lot of us CDT researchers, the past month and a half has been a period of travel and conferences. Soon after we returned from Japan, where we visited the wonderful Real World Crypto (see this blog post for more details of the trip), another conference was around the corner. At the end of April, a few of us had the pleasure of attending Eurocrypt 2023, one of the three main general conferences organised by the IACR, this year organised in Lyon, France. Moreover, the conference was followed by a workshop on post-quantum zero-knowledge proofs in Lausanne, Switzerland, a mere three hour train ride away on the shores of Lake Geneva, which made this trip even more worthwhile, as it almost felt like there was a 2-for-1 sale on cryptography events in Europe. 

Eurocrypt was scheduled over five days, from Sunday, April 23, to Thursday, April 27. Once I arrived to Lyon on Sunday afternoon and settled into my accommodation, I headed over to InterContinental Lyon, a short walk away from my hostel, for a welcome reception and registration. There I received my name tag, and met with Erin, Lenka, and Sasha from older CDT cohorts. To my great pleasure, some of my colleagues from Aarhus University, Denmark, were there as well, which gave us the opportunity to catch up over snacks and a glass of wine. The reception was over in the blink of an eye, so Sasha and I walked to a nearby street with lots of places to eat and had dinner in one of the restaurants serving traditional Lyonnaise dishes, called a bouchon. This marked the first of many encounters with exciting French cuisine.

On Monday, the conference properly began in Centre de Congrès de Lyon, just north of the serene Parc de la Tête d’or (Park of the Golden Head). After the opening remarks by the organizers, the first talk of the conference was an invited talk by Guy Rothblum on the topic of algorithmic fairness. While this is not my area of interest, I did find the attempts to properly mathematically define fairness intriguing to say the least. After that, the program was separated by topic into three concurrent tracks. This on the one hand meant that one sadly could not see all the talks, but on the other hand there was almost always a talk close to one’s interests on one of the tracks. At this point, we all went our separate ways, catching the talks that we wanted to see and socialising in the mean time. It is worth noting that Lenka presented her research on key recovery attacks on MEGA, the cloud hosting and file sharing service provider, during the Real World Crypto track this afternoon. At roughly the same time, Yixin Shen, a post-doctoral researcher at Royal Holloway, had a paper presented by a co-author in the Lattice Cryptanalysis track, which is the one I chose to attend. 

Tuesday was my favourite day of the conference for multiple reasons. Firstly, one of my main motivations to come to Eurocrypt was to see the talks on breaking Supersingular Isogeny Diffie-Hellman (SIDH). The first Isogenies session was the only session with 1 no overlapping tracks of the entire conference (must be important!), and in this session Thomas Decru from KU Leuven presented the attack he and Wouter Castryk posted on the Cryptology ePrint Archive in July last year, shaking the world of isogeny-based cryptography (see the recent blog post accompanying the talk and elaborating on the attack), and winning the Best Paper Award at Eurocrypt 2023. I have been somewhat closely following isogeny-based cryptography research for more than a year now, so this is the talk I wanted to see the most in the entire conference. Thomas’ talk successfully achieved two important goals: to clearly present the attack to non-isogenists, and more importantly, to dispel the rumours that isogeny-based cryptography is now somehow a dead field of study. Quite the opposite, the attack motivates multiple future directions in the research of isogenies for the purpose of public key cryptography. The talk was followed by two talks expanding on the Castryk-Decru attack, each receiving an Honourable Mention. From what I have heard, the three speakers coordinated their presentations, and indeed the entire session felt like a one hour coherent presentation on breaking SIDH. 

Secondly, there were no talks Tuesday afternoon, giving us the opportunity to explore the city a bit, and mostly socialise with colleagues without feeling bad for skipping a talk or two. Thirdly, Tuesday was the day of the evening Rump Session, a three hour session of five minute long more or less entertaining talks. Notable mentions include Bor de Kock’s (NTNU) comedy routine on cryptology versus astrology, Hummuscrypt Part II, and of course the song about SIDH we all sang together again after the session giving a proper funeral to SIDH, courtesy of The Isogeny Club. The video clip and the lyrics can be found on an ironically-named domain here.

On Wednesday the talks continued normally, starting with an invited talk by Vadim Lyubashevsky on lattice cryptography, and he managed to sneak in an entertaining (and agreeable) story about his problems with the intellectual property industry. After that, there were plenty of interesting sessions, such as the sadly concurrent sessions on Attribute Based Encryption and (Zero-Knowledge) Proofs, and the second Isogenies session. Following the talks, there was the Banquet, a catered feast within the conference centre, during which a colleague introduced me to a group of cryptographers from my country of Slovenia. Coming from a very small country, I though I knew of everyone academically interested in cryptography, yet there is a group of talented mathematicians working on symmetric primitives at a university near the seaside. Needless to say, I was positively surprised, very excited, and I am looking forward to meeting them again in the future. 

Thursday was again a half-day, and after the enlightening session on Lattice Constructions with great talks both from David Wu and Russell W. F. Lai, I spent the rest of the day in the park, lying on the grass and enjoying the sun. I had multiple pages of notes to organise, new contacts to save, and my head to clear. We parted ways with other CDT researchers, as I decided to stay in Lyon until the day before the workshop. During the next three days, I visited the Basilica of Notre-Dame de Fourvière on top of a small hill west of the city centre, all of the cathedrals below it, and walked through the entirety of the extended Vieux Lyon, the old city centre. I also got to experience the heavy metal music scene of Lyon, and practice my (very rusty) French with the locals. 

On Sunday, April 30, I boarded a coach to Lausanne, excited for a three day workshop on recent advances in post-quantum zero-knowledge proofs, named Lattices Meet Hashes and hosted by the Bernoulli Center at EPFL. The talks at the workshop were spread over three days, Monday to Wednesday. While Eurocrypt 2023 was IACR’s largest conference to date, amazingly counting 750 live participants, the Lattices Meet Hashes workshop had a more intimate atmosphere, provided by a mid-sized lecture room suitable for around 2 70 participants. A lot, if not most, of the people present at the workshop were like me, traveling directly from Eurocrypt, so the workshop provided a second opportunity to meet researchers with similar interests, this time in a less crowded venue. 

On Monday, I reconvened with Erin, Sasha, and my colleagues from Aarhus University at EPFL. The main topic of the day were lattice-based succinct arguments. We got to hear about the LaBRADOR proof system from Gregor Seiler, then Russell W. F. Lai and Jonathan Bootle each presented a version of lattice-based succinct arguments, the latter featuring fast verification. The talks were concluded with the longer version of David Wu’s talk he gave at Eurocrypt a few days prior. 

Tuesday’s talks featured multiple different topics. The talks given by Thomas Attema regarding knowledge soundness, and Nick Spooner about the implications of quantum rewinding on post-quantum zero-knowledge were especially of note, each enlightening in its own way. However, the highlight of the day were not only the talks but also the evening dinner organised by the workshop. After the talks, we met up on a parking lot near EPFL, where a coach picked us up and took us up the hill north of Lausanne and dropped us off near a restaurant. The restaurant itself was positioned on a vantage point, with a beautiful view of the mountains around Lausanne and Lake Geneva. The dinner was a great opportunity to socialise over delicious food, and I spent most of it talking about my summer project, and then somehow swordsmanship, with Martin Albrecht and Russell W. F. Lai. After the dinner, the evening concluded in a student pub around EPFL, over a pint of delicious white beer.

Wednesday, the last day of the workshop, hosted the last two talks, one about simulation-extractability I had already heard at Eurocrypt, and one about verifiable delay functions from post-quantum assumptions. After the farewell lunch, I headed into the city centre of Lausanne to see the famous cathedral and have a walk along the lake. The last evening in Lausanne I spent having dinner with a few hikers from Singapore I met at my hostel. The next day, I finally returned to London, ready to take on new challenges, and start working on my summer project. 

Eurocrypt 2023 and the Lattices Meet Hashes workshop was a pair of events that can only be described as awesome. From the inspiring talks that peak one’s interest, to the wildly entertaining Rump Session and the many new connections made and old ones strengthened, I can not think of a way I could have spent my time better than attending these events, with the hope that I will also get to present my research there some day.



Comments

Popular posts from this blog

Remote working and Cyber Security: Georgia Crossland and Amy Ertan

New Publication: Remote Working and (In)Security?: Amy Ertan

The Artificial Intelligence Monster: Nicola Bates