ABSTRACTS 1) Can volcanoes help us against quantum computers? The theory of elliptic curves is an essential topic in number theory and, consequently, cryptography. Everyone [DEL: one :DEL] of us comes across [LŠ1] elliptic curves on a daily basis every time we [LŠ2] connect to the internet. At the core, the safety of these connections relies on hard[LŠ3] problems in number theory, including the discrete logarithm problem on an elliptic curve. However, with the introduction of quantum computing, these problems do not seem to be hard enough for secure communication. The solution [LŠ4] brings the isogeny based cryptography, which is based on particular maps between elliptic curves. These maps, called isogenies, form structures of a particular shape, [DEL: which is :DEL] called [DEL: a :DEL] volcano[INS: s :INS] . This presentation will be your guide to isogeny volcanoes and my work on them as well as their importance in the age of quantum computers. 2) Identification and Assessment of Active Cyber Threats One of the proactive approaches utilized to protect critical assets and govern cyber threats is the sharing of data describing threats[LŠ5] . Given the potentially large volume of data about threats, security teams need to select and efficiently process only information relevant from the perspective of protected assets. Existing standards and methods from threat, vulnerability, and asset management can solve separate issues belonging to this research area, but their restricted mutual interoperability hinders accurate identification of cyber threats and their properties. Besides, current mature[LŠ6] methods for threat assessment are too slow for near real-time prioritization of threats. In this talk, the contextualization of globally shared data about cyber threats with local knowledge about assets and consequent threat assessment using attack graphs will be introduced. Proposed approaches should improve the combination of data from various sources beyond simple joins of data and enable [INS: the :INS] prioritization of the most severe threats. 3) Minerva: The curse of ECDSA nonces This talk presents the Minerva group of side-channel vulnerabilities in implementations of the ECDSA signature algorithm in a widely used Atmel AT90SC FIPS 140-2 certified smartcard chip and five cryptographic libraries. Vulnerable implementations leak the bit-length of the scalar used in scalar multiplication via timing. Using the leaked bit-length, we[LŠ7] mount a lattice attack on a 256-bit curve, after observing enough signing operations. We propose two new methods to recover the full private key requiring just 500 signatures for simulated leakage data, 1200 for real cryptographic library data, and 2100 for smartcard data. We use the set of vulnerabilities reported in this paper, together with the recently published TPM-FAIL vulnerability as real-world leakage datasets to systematically compare our newly proposed methods and all previously published applicable lattice-based key recovery methods. The resulting exhaustive[LŠ8] comparison highlights the methods’ sensitivity to its proper parametrization and demonstrates that our methods are more efficient in most cases. For the TPM-FAIL dataset, we [DEL: decreased :DEL] [INS: reduced :INS] the number of required signatures from approximately 40 000 to mere[LŠ9] 900. 4) Secure Nonce Caching in Schnorr-Based Multi-Signatures [INS: The :INS] Schnorr signature is a type of digital signature, which is suitable for the construction of efficient multi-signature protocols. Multi-signature protocols allow [DEL: the :DEL] secret information used for signing to be divided among multiple parties, all of which need to participate in the signing protocol in order to create a valid signature. This property is used to better secure the secret information against compromise, which is especially valued in the context of cryptocurrencies, as the compromise leads to an immediate monetary loss. However, even with the use of Schnorr signatures, several subtle issues need to be addressed in order to obtain a secure multi-signature protocol, a[INS: s :INS] [DEL: nd :DEL] [INS: ? :INS] [INS: [LŠ10] :INS] seemingly insignificant change can introduce [DEL: a :DEL] vulnerability[LŠ11] . In this talk, we[LŠ12] focus on an optimization used in Schnorr multi-signatures to speed up signing by precomputation, which makes the protocol vulnerable to an attack via a solution [DEL: of :DEL] [INS: for the :INS] ROS problem, and discuss possible countermeasures against [DEL: the :DEL] [INS: such an :INS] attack. 5) Clustering of the motion capture data [INS: R :INS] [DEL: Nowadays :DEL] [INS: ecently :INS] , [LŠ13] a rapid rise in the amount of motion capture data [INS: has :INS] occur[INS: red :INS] [DEL: s :DEL] , which [INS: has :INS] le[DEL: a :DEL] d[DEL: s :DEL] to the necessity of new processing approaches of such data. To classify specifically selected short motion segments, neural networks can be used. However, they are not applicable in scenarios where the data is captured as a long sequence without semantic partitioning knowledge. A new approach [DEL: was :DEL] [INS: has :INS] recently [INS: been :INS] proposed, based on the transformation of the motion capture data into motion words, which can afterward[INS: s :INS] be processed by mature text processing algorithms. One of the crucial parts of this transformation is a clustering of segments, which make up one action (e.g., sitting down or walking a few steps). The purpose of our[LŠ14] work is to analyze and evaluate the quality of various clustering approaches. Considering the evaluation, we focus on both statistical measures and two real-world application scenarios, [INS: namely, :INS] [INS: [LŠ15] :INS] [INS: :INS] the action classification and searching for similar actions to a selected query action. ________________________________ [LŠ1]This first part of the sentence is a bit too informal. [LŠ2]Academic language prefers avoiding personal pronouns as they sound informal. [LŠ3]‘Hard problems’ is this a technical term, like e.g. hardware? If not, it is too informal again, we could use e.g. ’sophisticated’. [LŠ4]What solution is being referred to here? If the isogeny based cryptography is the solution, it needs to be re-worded. [LŠ5]I presume it is a technical term, but I am not sure what is meant by ‘data describing threats’: is it data that describes threats or threats to data describing? ..as the last noun in a chunk is usually the most important one, the defining one … so, here it seems more like “describing threats data” = data about threats, as mentioned in the following sentence. [LŠ6]Here, is “mature” a term? If it has been chosen to show how long these methods have been used, then, another word may be more appropriate, e.g. “traditional” or “well/long-established” methods. [LŠ7]We tend to avoid using personal pronouns in academic formal texts especially in the sections that resemble methodology. [LŠ8]‘Exhaustive’ is an accurate word to use, however, it may have some negative connotations, if we needed a more neutral word, we could use, e.g. ’comprehensive’. [LŠ9]This ‘mere’ is perfectly fine, if 900 is really a small number you need. It is a strong judgemental word, therefore, it needs to be precise. If 900 should be considered neutrally, “mere” is not necessary. [LŠ10]The sentence with “and” was not really clear to me, so, this is just a guess. [LŠ11]No “a” is needed in front of “vulnerability”, as it is used as a concept. [LŠ12]We tend to avoid using personal pronouns in academic formal texts. E.g. This talk focuses on… [LŠ13]‘Nowadays’ can be slightly informal, we can use ‘recently’, which is more formal and also links to the fact that changes that have happened to a point up until now are being discussed. [LŠ14]We tend to avoid using personal pronouns in academic formal texts. [LŠ15]…if the following two are those two scenarios, if not, this comment can be ignored.