NIST Gaithersburg, MD
8:15 AM - Bus departs Gaithersburg Holiday Inn for NIST
8:30 AM - 9:00 AM - Registration — Continental Breakfast
9:00 AM - 9:15 AM
Opening Remarks
Shashi Phoha, Director, Information Technology Laboratory, NIST
William Burr, Manager, Security Technology Group, Computer Security Division, NIST
9:15 AM - 9:45 AM
Keynote Speech: Cryptanalysis of SHA-1 Hash Function (ppt only)
Xiaoyun Wang, Tsinghua University
9:45 AM - 11:55 AM Session 1: Papers - Hash Collisions: Impacts and Workarounds
Session Chair: Russ Housley, Vigil Security, LLC
9:45 AM - 10:05 AM
Deploying a New Hash Algorithm
Steven M. Bellovin, Columbia University
Eric K. Rescorla, Network Resonance
10:05 AM - 10:25 AM
A Note on Practical Value of Single Hash Collisions for Special File Formats
Max Gebhardt, Georg Illies, Werner Schindler, Bundesamt für Sicherheit in der Informationstechnik
10:25 AM - 10:55 AM - Break — Refreshments
10:55 AM - 11:15 AM
Strengthening Digital Signatures via Randomized Hashing
Shai Halevi, Hugo Krawczyk, IBM T.J. Watson Research Center
11:15 AM - 11:35 AM
Herding Hash Functions and the Nostradamus Attack
John Kelsey, NIST
Tadoyoshi Kohno, University of California, San Diego
11:35 AM - 11:55 M
Collision-Resistent Usage of MD5 and SHA-1 via Message Preprocessing
Michael Szydlo, RSA Laboratories
Yiqun Lisa Yin, Independent Security Consultant
11:55 AM - 12:45 PM Session 2: Panel / Open Discussion - SHA-1: Practical Security Implications of Continued Use
Session Chair: Donna F. Dodson, NIST
Panelists:
Steven Bellovin, Columbia University
Niels Ferguson, Microsoft
Georg Illies, Bundesamt für Sicherheit in der Informationstechnik
Hugo Krawczyk, IBM T.J. Watson Research Center
James Randall, RSA Security
1:00 PM - 2:00 PM — Lunch
2:00 PM - 3:20 PM Session 3: Papers - Status of SHA Family Hash Functions
Session Chair: Phillip Hawkes, Qualcomm International (Australia)
2:00 PM - 2:20 PM
Impact of Rotations in SHA-1 and Related Hash Functions
Norbert Pramstaller, Christian Rechberger, Vincent Rijmen, IAIK, TU-Graz
2:20 PM - 2:40 PM
Preliminary Analysis of the SHA-256 Message Expansion
Norbert Pramstaller, Christian Rechberger, Vincent Rijmen, IAIK, TU-Graz
2:40 PM - 3:00 PM
Some Applications of the Biham-Chen Attack to SHA-like Hash Functions
Hirotaka Yoshida, Hitachi, Ltd.
Alex Biryukov, Bart Preneel, Katholieke Universiteit Leuven
3:00 PM - 3:20 PM
Truncation Mode for SHA
John Kelsey, NIST
3:20 PM - 3:50 PM - Break — Refreshments
3:50 PM - 4:10 PM New Attacks?
John Kelsey, NIST
4:10 PM - 5:10 PM Session 4: Panel / Open Discussion - SHA-256: A Suitable Replacement for SHA-1?
Session Chair: John M. Kelsey, NIST
Panelists:
Orr Dunkelman, Technion
Antoine Joux, DGA & UVSQ
Christian Rechberger, IAIK, TU-Graz
Hirotaka Yoshida, Hitachi, Ltd.
Bus departs for Holiday Inn following conclusion of meeting.
5:30 PM - Reception — Holiday Inn
8:15 AM - Bus departs Gaithersburg Holiday Inn for NIST
8:30 AM - 9:00 AM - Registration — Continental Breakfast
9:00 AM - 9:30 AM
Keynote Speech: Design Principles for Hash Functions Revisited
Bart Preneel, Katholieke Universiteit Leuven
9:30 AM - 10:30 AM Session 5: Papers - Damgård Merkle Construction and Alternatives
Session Chair: Susan Landau, Sun Microsystems
9:30 AM - 9:50 AM
A New Design Criteria for Hash-Functions
Jean-Sebastien Coron, University of Luxembourg
Yevgeniy Dodis, New York University
Cecile Malinaud, Gemplus Card International
Prashant Puniya, New York University
9:50 AM - 10:10 AM
Abelian Square-free Dithering and Recoding for Iterated Hash Functions
Ronald L. Rivest, Massachusetts Institute of Technology (presented by John Kelsey, NIST)
10:10 AM - 10:30 AM
Enhancing the MD-Strengthening and Designing Scalable Families of One-Way Hash Algorithms
Neil Kauer, Tony Suarez, Corporate Information Security, Wachovia Bank, NC
Yulian Zheng, University of North Carolina at Charlotte
10:30 AM - 11:00 AM - Break — Refreshments
11:00 AM - 11:40 AM Session 6: Papers - Compression Function Design
Session Chair: Arjen Lenstra, Lucent Technologies' Bell Laboratories
11:00 AM - 11:20 AM
A Fix of the MD4 Family of Hash Functions - Quasigroup Fold
Danilo Gligoroski, Smile Markovski, University of Skopje
Svein J. Knapskog, Norwegian University of Science and Technology
11:20 AM - 11:40 AM
A Simple and Provable Good Code for SHA Message Expansion
Charanjit S. Jutla, IBM T.J. Watson Research Center
Anindya C. Patthak, University of Texas at Austin
11:40 AM - 12:45 PM: Session 7: Panel Discussion - Desiderata: Research Agenda for Future Hash Functions
Session Chair: Lily Chen, NIST
Panelists:
Don B. Johnson, Entrust CygnaCom
John M. Kelsey, NIST
Arjen K. Lenstra, Lucent Technologies' Bell Laboratories
Bart Preneel, Katholieke Universiteit Leuven
Thomas Shrimpton, Portland State University
1:00 PM - 2:00 PM — Lunch
2:00 PM - 3:00 PM Session 8: Papers - New Hash Algorithms
Session Chair: Miles Smid, Orion Security Solutions
2:00 PM - 2:20 PM
A New Dedicated 256-bit Hash Function: FORK-256
Deukjo Hong, Korea University
Jaechul Sung, University of Seoul
Seokhie Hong, Korea University
Sangjin Lee, Korea University
Dukjae Moon, National Security Research Institute, Korea
2:20 PM - 2:40 PM
A New 256-bit Hash Function DHA-256 - Enhancing the Security of SHA-256
Jesang Lee, Donghoon Chang, Hyun Kim, Eunjin Lee, Deukjo Hong, Korea University
Jaechul Sung, University of Seoul
Seokhie Hong, Sangjin Lee, Korea University
2:40 PM - 3:00 PM
VSH, an Efficient and Provable Collision Resistant Hash Function
Scott Contini, Macquarie University, Sydney
Arjen Lenstra, Lucent Technologies' Bell Laboratories
Ron Steinfeld, Macquarie University, Sydney
3:00 PM - 3:30 PM - Break — Refreshments
3:30 PM - 3:45 PM Rump Session
Cryptographic Hash Functions from Expander Graphs
Denis Charles, Microsoft Research
Eyal Goren, McGill University
Kristin Lauter, Microsoft Research
Presented by: Josh Benaloh, Microsoft Research
Improving Hash Function Padding
Don B. Johnson, Entrust CygnaCom
3:45 PM - 5:00 PM Session 9: Open Discussion - Future Strategy: Where Should We Go From Here?
Session Chair: William Burr, NIST
5:00 PM Adjourn
Hash Function Lifecycles and Future Resiliency, Don B. Johnson, Entrust CygnaCom
Hash Functions and Pseudorandomness, Don B. Johnson, Entrust CygnaCom