The 8th BIU Winter School on Cryptography

Secure Key Exchange

February 11-15, 2018

School Overview

Secure key exchange is a fundamental primitive used to secure the digital world. The most well known examples are SSL/TLS and IPsec, although many different key exchange protocols are used to connect devices (wireless, bluetooth, and much more). Although the task of achieving secure key exchange may seem straightforward, it is remarkably tricky and is extremely hard to get right. Numerous attacks on real-world systems are due to poorly designed and implemented key exchange. Despite being so basic and important, key exchange is rarely taught in introductory cryptography courses. This is problematic given the ubiquity of key exchange in practice. In addition, secure key exchange is still a very active area of research in the crypto community. In the 8th BIU Winter School on Cryptography, we will study the problem of constructing secure key exchange protocols in depth. The program will cover definitional issues, protocol constructions, attacks, password protocols, and formal analysis. The following topics will be included:

1) Intro: motivation, intuition, examples, definitional approaches, design principles, advanced protocols, key derivation
2) Indistinguishability formalisms and proofs (selected protocol(s)) plus extensions (TLS 1.3), UC key exchange formalism, 0-RTT
3) Password protocols, hash proof systems
4) Attacks (incl. side channels) and automated tools
5) Secure channels (attacks and formalism)

The winter school program is designed to teach the topic from its basics up to the latest research. The program this year will be both comprehensive and in-depth, and will provide participants the understanding necessary to analyze existing protocols and carry out research in the area.

The target audience for the school is graduate students and postdocs in cryptography (we will assume that participants have taken at least one university-level course in cryptography). However, all faculty, undergrads and professionals with the necessary background are welcome. The winter school is open to participants from all over the world; all talks will be in English.

School Lecturers

  • Karthik Bhargavan, INRIA. France
  • Marc Fischlin, Darmstadt University of Technology, Germany
  • Hugo Krawczyk, IBM T.J. Watson Research Center, US
  • Kenny Paterson, Royal Holloway University of London, UK
  • David Pointcheval, ENS Paris, France

Additional Information

OrganizersYehuda Lindell and Benny Pinkas Department of Computer Science,  Bar-Ilan University, Israel.

Where: The winter school will take place at the Rayman hall at Kfar Hamaccabiah events & conference center in Ramat Gan

When: Sunday, February 11, 2018 to Thursday February 15, 2018

Registration: Due to rising costs, registration is 750 shekels for the entire school. Registration is free for overseas participants (due to costs already incurred due to travel). Israeli participants who have difficulty paying the registration fee can request a waiver; please include this in the special request box in the registration form. After registration has been confirmed, Israeli participants will receive a link to carry out the payment. Registration will be considered complete only after payment.

Registration includes school participation, lunch, refreshments and the excursion (accommodation is not included). A registration form will be available soon.

Contact: For any questions or queries, please send an e-mail to:

Hotel: We have arranged a special rate at the Kfar Hamaccabiah Hotel where the conference center is located. The rate is $170 a night for a single room, $190 a night for a double room (with two occupants) and $215 for a triple room (with three occupants). The rate includes breakfast. Hotel reservation form will be available soon.

Support: A limited number of stipends of $800 each (for flight and accommodation) will be awarded for overseas students needing support. The deadline for stipend application is December 15, 2018. Please have your advisor send a letter justifying the need for financial support.

Sponsorship: This winter school is graciously sponsored by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office and Bar-Ilan University.

Tentative Program

Sunday, February 11 – Hugo Krawczyk
Intro: motivation, intuition, examples, definitional approaches, design principles, advanced protocols, key derivation

Monday, February 12 – Marc Fischlin
Indistinguishability formalisms and proofs (selected protocol(s)) plus extensions (TLS 1.3), UC key exchange formalism, 0-RTT

Tuesday, February 13 – David Pointcheval
Password protocols, hash proof systems

Wednesday, February 14 – Karthik Bhargavan
Attacks (incl. side channels) and automated tools

Thursday, February 15 – Kenny Paterson
Secure channels (attacks and formalism)

Posted by