AWACS 2016

A Workshop About Cryptographic Standards

May 2016, Vienna, Austria (co-located with Eurocrypt 2016)

AWACS 2016 is a one-day workshop organized by CryptoExperts that will take place in Vienna, Austria, on Sunday 8th May 2016, in the same venue as Eurocrypt 2016.

Workshop focus

On behalf of the ECRYPT CSA european initiative, CryptoExperts organizes a one-time workshop on cryptography and standards. AWACS (A Workshop About Cryptography Standards) will be held on Sunday May 8, in the same venue as Eurocrypt. The program intends to cover the following themes:

  • Can we trust cryptography standards? What are the risks pertaining to standardization in our field?
  • Insights from within the crypto working groups in standardization bodies (ETSI, ISO, IETF,…),
  • Present and near-future trends in crypto standards (with an emphasis on the post-quantum rush),
  • Political and societal aspects of cryptography standards.

Trust in standardized cryptographic mechanisms is highly critical not only in Europe but across the globe, and has a direct impact on the security industry. This ECRYPT CSA workshop intends to provide a platform for the academic, industrial and gov-related cryptographers to foster discussion on standards within the cryptographic community.

The workshop will be composed of invited presentations as well as a discussion panel aiming at building a vision of the issues faced by standardization in cryptography and how to address them.

Colocated with

Organized by


This workshop is part of the EU Horizon 2020 ECRYPT-CSA project.

Registration is mandatory.

Another ECRYPT-CSA workshop on cryptographic protocols for small devices will take place the day after Eurocrypt (Friday May 13, 2016).

Speakers & Panel Members



The workshop will include four sessions with 25-minutes talks, and a panel hosted by Pascal Paillier (CryptoExperts).



Some Thoughts on Community, Responsibility, and Standards

Phillip Rogaway

In 1995 I vowed to myself that I would never again have anything to do with the nasty world of cryptographic standards. Happily, I didn’t quite keep that pledge. In this talk I’ll describe a few thoughts on the pitfalls, power, and promise of the standardization process.


The TLS 1.3 Protocol

Eric Rescorla

Transport Layer Security (TLS) is used for securing everything from Web transactions (HTTPS) to voice and video calls (DTLS-SRTP). However, the basic design of TLS dates back to the mid 1990s and the protocol is starting to show its age: TLS contains a number of features which no longer seem desirable and recent analytic work has discovered a number of protocol vulnerabilities (Triple Handshake, Logjam, etc.). In addition, as cryptographic algorithms have gotten faster, handshake latency has become a higher priority and TLS's current handshake does not reflect the state of the art.

In order to address these issues, the IETF TLS Working Group is currently developing a major revision of TLS, dubbed "TLS 1.3". TLS 1.3 has four major objectives:

  • Clean up: Remove unused or unsafe features
  • Security: Improve security by using modern security analysis techniques
  • Privacy: Encrypt more of the protocol
  • Performance: Our target is a 1-RTT handshake for naive clients; 0-RTT handshake for repeat connections
  • Continuity: Maintain existing important use cases

In this talk, we will cover the TLS 1.3 protocol and its design process, which has involved an unprecedented amount of collaboration between academia and the standards/implementation communities.

Coffee Break

Session 1: Inside the standardization processes

  • CFRG: What it is, how it works, and how to get involved

    Kenny Paterson

    In this talk, I'll talk about the Crypto Forum Research Group (CFRG), a research group of the IRTF. CFRG is a forum for discussing and reviewing uses of cryptographic mechanisms, both for network security in general and for the IETF in particular. The CFRG serves as a bridge between theory and practice, bringing new cryptographic techniques to the Internet community and promoting an understanding of the use and applicability of these mechanisms via Informational RFCs. Our goal is to provide a forum for discussing and analyzing general cryptographic aspects of security protocols, and to offer guidance on the use of emerging mechanisms and new uses of existing mechanisms. IETF working groups developing protocols that include cryptographic elements are welcome to bring questions concerning the protocols to the CFRG for advice. In this talk, I'll outline how CFRG works and how researchers can get involved.

  • Standardising cryptography — Trust issues and industries’ reaction to them

    Liqun Chen (ISO/IEC)

    When a cryptographic scheme is published in a well reputed journal or presented at the prestigious conference, the life of this scheme has only just begun. In order to let the scheme to be used there are still many hurdles to overcome; the road to acceptance is a long one. There is an enormous difference between a theoretically well founded cryptographic scheme and a practical cryptographic solution. Standardisation is a vitally important bridge between theory and practice. In this talk, we discuss why standardization is important and how cryptographic schemes are standardized by ISO/IEC. We also discuss trust issues in standardizing cryptography and how industry reacts to these issues.

  • Small insight on ETSI

    Steve Babbage

    ETSI is the European Telecommunications Standards Institute, and SAGE is its Security Algorithms Group of Experts – which specifies all of the new crypto algorithms in the 3GPP mobile telephony standards (GSM, GPRS, UMTS, LTE), amongst other things. This talk explains how SAGE works – and also why SAGE was created in the first place, and how its work has changed hugely as the political treatment of cryptography has evolved.

Lunch (included)

Session 2: Standards and trust

  • Standardization for the black hat

    Daniel J. Bernstein

    Do you think that your opponent's data is encrypted or authenticated by a particular cryptographic system? Do you think that your goal is to attack that system? Think bigger! There is a huge ecosystem that designs, evaluates, standardizes, selects, implements, and deploys cryptographic systems. This ecosystem is a much broader attack target than any particular cryptographic system is. This talk will give a few examples of ways that you can exploit the ecosystem.

  • The importance of rigidity in cryptographic standards

    Thomas Baignères

    This talk will discuss the concept of rigidity: what it is, and why it is an important factor to consider in cryptographic standards. We will provide several illustrations, based on real examples of existing or future standards, and discuss the strengths and weaknesses of each approach to rigidity.

Session 3: Post-quantum standards

  • The quantum threat to cryptography

    Michele Mosca

    Emerging quantum technologies will break currently deployed public-key cryptography which is one of the pillars of modern-day cybersecurity. Thus we need to migrate our systems and practices to ones that are quantum-safe before large-scale quantum computers are built.

    There are viable options for quantum-proofing our cryptographic infrastructure, but the road ahead is neither easy nor fast. Impressive progress in developing the building blocks of a fault-tolerant scalable quantum computer indicates that the prospect of a large-scale quantum computer is a medium-term threat. I believe organizations will soon be distinguished by whether or not they have a well-articulated plan for mitigating this quantum risk.

    I will discuss the quantum threat to cybersecurity and the process for mitigating the risk.

  • Standardization of Post-Quantum Cryptography

    Lily Chen

    This presentation shares a NIST plan on developing post-quantum cryptography standards and discusses challenges, possible approaches and collaborations.

  • Standardization of post-quantum cryptography

    Tanja Lange

    This presentation will give a short overview of the different standardization efforts in the area of post-quantum cryptography. It will present the recommendations for long-term secure post-quantum systems issued by the PQCRYPTO project.

Coffee Break


Hosted by Pascal Paillier

Community involvement, rigidity, trusting the standards, biodiversity, quantum-safe standards.
Panel members
  • Liqun Chen
  • Kenny Paterson
  • Daniel J. Bernstein
  • Michele Mosca
  • John Kelsey
  • Joppe Bos

End of the workshop

(and EUROCRYPT welcome reception and registration)


Workshop Will Be Held At

Aula der Wissenschaften

Wollzeile 27A, 1010 Wien, Austria.

(Same venue as Eurocrypt 2016)