1st London Crypto Day

The event will start at 9.30am and will end at around 6.00pm.

The detailed program will be out soon!



List of speakers

The list of speakers for the first London Crypto Day includes

– Martin Albrecht, Royal Holloway, University of London

Primal and Dual Attacks on LWE-based Encryption Schemes

This talk will review lattice attacks on LWE-based constructions. Firstly, I will present variants  of the dual-lattice attack (Eurocrypt 2017) in the presence of an unusually short (and sparse) secret. Such LWE instances are common in homomorphic encryption libraries such as IBM’s HELib or Microsoft’s SEAL and our techniques lead to revised parameter choices for these libraries. Secondly, I will revisit primal attacks which proceed by finding an unusually short vector in a lattice. Here, two different success conditions are formulated in the literature. One going back to Gama & Nguyen’s work on predicting lattice reduction (Eurocrypt 2008) and one recently sketched by Alkim et al. (USENIX 2016). I will present empirical evidence confirming the correctness of the latter estimate and explain the observed behaviour by expanding on Alkim et al.’s work.

– Liqun Chen, University of Surrey


– Jens Groth, University College London

Snarky Signatures: Minimal Signatures of Knowledge from Simulation-Extractable SNARKs

Signatures of knowledge enable a signer to sign a message using a statement as the public key if she owns a witness to the truth of the statement. They are used in many cryptographic schemes including cryptocurrencies, anonymous credentials, ring and group signatures, and direct anonymous attestation. We will present succinct and highly efficient pairing-based signatures of knowledge. To do this we use that signatures of knowledge and simulation-extractable non-interactive zero-knowledge argument (SE-NIZK argument) are closely linked. We describe a succinct SE-NIZK argument (SE-SNARK) that consists of only 3 group elements and has highly efficient verification. The SNARK is perfectly complete, perfectly zero-knowledge and computationally simulation-extractable. As a consequence, we get signatures of knowledge consisting of only 3 group elements.

– Aggelos Kiayias, University of Edinburgh


– Markulf Kohlweiss, Microsoft Research Cambridge

A Cryptographically Verified Implementation of crypto_box

The crypto_box construction is a simple Diffie-Hellman based KEM-DEM construction introduced and implemented by Bernstein et al. in their crypto library NaCl. The construction was popularised by libsodium, a fork of NaCl, and is designed to be used modularly in a broad range of applications such as DNSCurve and Mega. The simplicity of crypto_box and its modular nature make it a great example to showcase code-based cryptographic verification techniques in F*, the program verification tool used by miTLS.

– Maura Paterson, Birkbeck, University of London

Reducing download complexity and storage requirements in PIR

Private Information Retrieval (PIR) involves a database consisting of several records and a user who wishes to learn one of the records without revealing which record they are seeking.  Traditionally, much of the literature in the unconditionally secure setting considers the case of multiple non-colluding servers that each store a copy of the entire database, and seeks to construct schemes where the size of the users’ queries is as small as possible.  Recently, however, there has been considerable interest in models focusing on slightly different aspects, such as the use of coded storage, rather than just replication, of the database in order to reduce the total storage overhead, and the consideration of smallest achievable sizes of the servers’ responses. In this talk we discuss recent developments in some of these areas.

Further details


Liz Quaglia and Kenny Paterson, from the Information Security Group of Royal Holloway, University of London, are the organisers of the first London Crypto Day.


The first London Crypto Day is a day of cryptography talks in the London area, aimed at attracting and bringing together the many talented researchers in cryptography in the area, and at helping create fruitful collaborations.


The event will be held in the Moore Auditorium of Royal Holloway, University of London.

You can find us here.


5th June 2017


Registration for the event is free thanks to the generous sponsorship from the London Mathematical Society and the Royal Holloway Academic Centre of Excellence in Cyber Security. Registration includes tea, coffee, and a buffet lunch.

Registration is now closed.

We hope you enjoy the 1st London Crypto Day!


Logo credit: Michele Villa