FSE 2016
20-23 March 2016
Bochum, Germany
23rd International Conference on Fast Software Encryption
Fast Software Encryption 2016



Invited Talks

FSE 2016 is proud to feature the two invited speakers below.

On White-Box Cryptography

  • Henri Gilbert
    ANSSI , France

    Henri Gilbert


    Short Bio: Henri Gilbert is the head of the Cryptography Laboratory at the French Network and Information Security Agency (ANSSI) since 2010. Before joining ANSSI, he was a Fellow Expert in cryptology at Orange Labs, France. His research interests are mostly - though not exclusively - focused around the design and cryptanalysis of symmetric algorithms and he has (co-)authored numerous publications and patents in this area. He has been a member of the program committees of many IACR conferences and has served as program and general co-chair of FSE 2005 and as program chair of EUROCRYPT 2010. He has been a member of the European standardisation group ETSI/SAGE in charge of security algorithms for the (mobile) telecommunications sector since its creation. Since 2014, he is the chairman of the SOG-IS Crypto working group in charge of specifying a cryptography evaluation scheme for the Common Criteria certification of security products in Europe.
  • Low entropy crypto

  • Ross Anderson
    University of Cambridge, UK

    Ross Anderson


    Short Bio: Ross Anderson organised the first Fast Software Encryption workshop in Cambridge in 1993. He was a designer of a number of ciphers and hash functions including Tiger, Bear, and Serpent - which was a finalist in the AES competition. He has also done extensive work on real-world cryptography; he pioneered API analysis, which led to the redesign of most of the world's hardware security modules, and has written extensively on the failures of payment systems.

    Abstract: In crypto research, we tend to assume that keys, nonces, ciphertexts and message authentication codes are "long enough" for us to disregard guessing attacks. In the real world this is often not consistent with usability, and many authenticators consist of just a few letters or digits, containing much less entropy than we would like. Four-digit codes are used to control access to bank accounts, and arm nuclear weapons. Three-digit codes authenticate credit cards for online payments. Most passwords are guessable. In this talk I will suggest that just as low-energy crypto has become a distinct area of research, so should low-entropy crypto. I shall discuss some historical examples, and a more recent payment protocol proposed to extend the phone payment systems used in less developed countries to places without a dependable network service, where payments have to be offline or at least delay-tolerant. There are many interesting design trade-offs and challenges.