| Warburger Str. 100, lecture hall L2
On January 15, 2018, Prof. Dr. Tibor Jager will give a talk about "Secure Communication with Minimal Latency in Times of Surveillance" in the context of the SFB 901.
Key establishment protocols are a cornerstone of secure communication on the Internet. For example, we use the TLS Handshake protocol whenever an Internet address starting with https:// is visited. Reducing latency while maintaining strong security guarantees like forward security (which makes large-scale Internet surveillance infeasible) has become a major design goal of modern key establishment protocols. Of particular interest in this regard are 0-RTT ("zero round-trip time") protocols, which can send cryptographically protected payload data "in 0-RTT", without the need for a prior interactive handshake that incurs latency. Prominent practical examples are Google's QUIC protocol and the 0-RTT mode of the upcoming TLS Version 1.3. The main difficulty in constructing 0-RTT key establishment protocols is to achieve forward security for the first message. According to cryptographic folklore, this was widely believed to be impossible. This talk will show that this belief is false, and describe the first 0-RTT key establishment protocol with full forward security. It will also present a very recent result, which introduces a new cryptographic building block called Bloom filter encryption and yields the first 0-RTT protocol with full forward security that is efficient enough for deployment in practice.