Asiacrypt 2025 (Melbourne, Australia), by Xiaohui Ding

 This past December, I was honoured to attend Asiacrypt 2025 in Melbourne, Australia. As one of the three flagship conferences organized by the International Association for Cryptologic Research (IACR), the event serves as a top venue for peer-reviewing and showcasing the most significant advancements in the field of cryptography. The 2025 program featured a rigorous selection of papers, with a notable emphasis on lattice-based cryptography, symmetric encryption, advanced cryptography, etc. Beyond theoretical perspective, the conference also highlighted various practical applications, including secure messaging and real-world implementations.

After a 21-hour journey, I landed in Melbourne. I’ve always felt a deep connection to this city because I completed my master's at Monash University - also one of the event organizers, yet I had never actually been to Australia. Due to the pandemic, my studies were entirely remote. It took three years after my graduation, but I finally made it here. Our paper ‘Policy Compliant Secure Messaging’, co-authored with Joël, Sanjam, and Yiannis, was accepted by Asiacrypt’25, and I was going to present it.

The preparation was quite intense; I spent my flight finalizing the slides and practiced the presentation until late the night before our session on Tuesday afternoon. Our paper introduces a security notion called Policy-Compliant Secure Messaging (PCSM), which allows for the auditing of encrypted messages against specific policies while maintaining the privacy of non-violating users. I didn’t present every detail of our security proof under the Universal Composability (UC) framework, as the sheer volume of technicalities would have made it impossible to conclude the talk on time. Instead, I focused on the security properties required by the PCSM notion and all associated functionalities. I also presented three protocols in our paper that comply with the PCSM notion. After the presentation, the host asked a question regarding the efficiency of our construction. I answered that our hash-based H-POCO protocol can be considered a promising, efficient solution because it benefits significantly from the well-established Apple PSI. However, further work remains to be done, and we also aim to conduct a systematic analysis of the trade-off between security and efficiency.

The session on Secure Messaging & Key Exchange featured several other compelling talks that caught my attention. The presentation immediately preceding mine focused on message franking, a technique we also referenced in our paper. While message franking is a report-based methodology, our approach is designed to be more proactive while still preserving end-to-end encryption (E2EE) privacy. This highlights a common theme in secure messaging: varying scenarios and system assumptions often necessitate different technical solutions. Notably, this paper expanded the concept of message franking to transcript franking, which allows a sequence of messages to be reported in their correct order. It’s an excellent paper that will likely inspire my next project.

After concluding my talk, I had the chance to catch up with my former Master's supervisors. It was wonderful to finally see them in person after so much time. We had a great conversation covering my experiences living in the UK, my time at Royal Holloway, and my current research on end-to-end content moderation. I also had the pleasure of meeting their current students. Interestingly, I had already met one of them and became friends in the UK last year, which made the reconnection even more special. The communication was excellent, and we had a very productive exchange of ideas. Discussing my future plans and potential directions for my work with the whole group was incredibly rewarding, and it was great to share how much I’ve grown since my master's studies.

There are also other interesting talks that I can talk nonstop. I also like the one that explores the practical challenges and lessons learned from using EasyCrypt to formally verify the security of the CryptoBox public-key encryption scheme in my session. My very good academic friend gave a talk on lattice-based multi-message multi-recipient KEM/PKE with malicious security. The work was of excellent quality, and I learned a lot from the well-prepared slides. There was a talk demonstrating that the standard non-adaptive 'One-Way to Hiding' lemma is surprisingly powerful enough to recover several complex adaptive reprogramming results in the Quantum Random Oracle Model (QROM), which related to what I used to study, and I found it quite interesting.

The conference also has a rump session. This is where the formal atmosphere of academic peer review gives way to a high-energy "talent show" for the crypto community. It’s a venue for lightning-fast updates on brand-new results discovered too late for the main program, alongside satirical skits, musical parodies, and inside jokes. With most talks strictly limited to just a few minutes, it’s a chaotic and entertaining evening that proves even the world's leading cryptographers can make jokes and have a bit of fun.

Overall, Asiacrypt 2025 in Melbourne was an unforgettable experience for me. I learned so much from all the talks and caught up on the latest progress in new research areas I’ve been following. But more than the papers, it was the people that made it special - sharing ideas and laughing with friends and experts felt great. Plus, getting to enjoy the beautiful Melbourne and the vibe of the Southern Hemisphere was the perfect bonus. I headed home with a lot of good memories and new knowledge. Thanks for the great time, Melbourne!

 



Comments

Post a Comment

Popular posts from this blog

Remote working and Cyber Security: Georgia Crossland and Amy Ertan

Introducing the project The shift to remote working represents a huge shift for employees and organisations alike, introducing significant implications for cyber security. Amy Ertan and Georgia Crossland are currently working on a research project, in collaboration with the Research Institute for Sociotechnical Cyber Security (RISCS) and funded by the UK National Cyber Security Centre (NCSC), on the impact of remote working on cyber security and wellbeing. This blog post will give an overview of a section of this project, how remote working impacts cyber security. In response to COVID-19, in March 2020, organisations across the world made the rapid shift away from physical office working to remote working, wherever possible. This shift has had a significant impact across many aspects of organisations. This blog post will offer a high-level overview of how the cyber threat landscape was impacted for many organisations and may further change organisational cyber resilience. Remote workin...
Read more

New Publication: Remote Working and (In)Security?: Amy Ertan

Image
A recent research report by CDT researchers Amy Ertan and Georgia Crossland has been published with the Research Institute for Sociotechnical Cyber Security (RISCS). The report examines ‘The Impact of Pandemic-Driven Remote Working on Employee Wellbeing, the Psychological Contract and Cyber Security’, with research carried out through a series of interviews with senior cyber security colleagues between January and April 2021. The full report can be found on the RISCS website: New publication: Remote Working and (In)Security | RISCS. Context In the UK and around the world, the impact of COVID-19 represented a total shift away from what was considered ‘normal living’. One aspect of this change was the rapid transition to remote working as people were encouraged to work from home and limit contact with others as far as possible through repeated lockdown conditions. Fellow CDT colleague Georgia Crossland and I were curious to explore how remote working has impacted the experiences - and se...
Read more

The Artificial Intelligence Monster: Nicola Bates

Image
Christopher Booker in 2004 wrote of the seven basic plots to any story, one of these being ‘overcoming the monster’. Within Hollywood, such ‘monsters’ often reflects the zeitgeist balancing commercial requirements with the political and societal preoccupations of the age. The monster evolves over time - from Russia in the Cold War years through to lone actors and terrorists and now to seemingly shadowy figures controlling intelligence. Whilst generally lighter in tone, such monsters also exist within children’s cinema. In recent years this monster has become increasingly defined by their use of highly sophisticated technology, finally becoming the technology in ‘The Mitchells vs. the Machine’*. Lethal technology and subversive machines aren’t new concepts in children’s movies. They can, for example, be found in ‘Short Circuit’ back in 1986. This movie begins with five United States military robots in a training exercise against tanks and focusses upon one of the robots becoming ‘alive’...
Read more