Special-Purpose Hardware for Attacking Cryptographic Systems
How to participate:
How to contribute:
Call for papers
Accepted papers
How to sponsor/exhibit:
Call for exhibitors
Platinum sponsor:


SHARCS 2012 will begin at 14:00 Saturday 17 March 2012 and will conclude at 17:00 Sunday 18 March 2012, half an hour before the FSE 2012 reception begins. The workshop sessions will be held in the West End Ballroom, Combined Rooms C and D.

Detailed schedule

17 Mar14:00–15:00Registration
15:00–15:15Welcome (PDF slides)
Session 1: Better than brute force (chair: Yang)
15:15–15:45 Biryukov, Großschädl: CAESAR: cryptanalysis of the full AES using GPU-like hardware (PDF slides)
15:45–16:15 Bogdanov, Kavun, Paar, Rechberger, Yalcin: Better than brute-force—optimized hardware architecture for efficient biclique attacks on AES-128 (PDF slides)
16:15–16:45 Sprengers, Batina: Speeding up GPU-based password cracking (PDF slides)
Session 2: Invited talk (chair: Paar)
17:15–18:15 Budiansky: Codebreaking with IBM machines in World War II
18:15–19:00Book signing
18 MarSession 3: Invited talk (chair: Gaj)
09:00–10:00 Hurd, Browning: Cryptol: The Language of Cryptography Cryptanalysis (PDF slides)
10:00–10:30Coffee break
Session 4: Discrete logarithms (chair: Lange)
10:30–11:00 Yasuda, Shimoyama, Izu, Kogure: On the strength comparison of ECC and RSA (PDF slides)
11:00–11:30 Judge, Schaumont: A flexible hardware ECDLP engine in Bluespec (PDF slides)
11:30–12:00 Henry, Goldberg: Solving discrete logarithms in smooth-order groups with CUDA (PDF slides)
Session 5: Invited talk (chair: Bernstein)
13:30–14:30 Stevens: Cryptanalysis of MD5 and SHA-1 (PDF slides)
Session 6: Algebraic attacks (chair: Courtois)
14:30–15:00 Cheng, Chou, Niederhagen, Yang: Solving quadratic equations with XL on parallel architectures
15:00–15:30 Dinur, Güneysu, Paar, Shamir, Zimmermann: Experimentally verifying a complex algebraic attack on the Grain-128 cipher using dedicated reconfigurable hardware (PDF slides)
15:30–16:00Coffee break
Session 7: Tools (chair: Rechberger)
16:00–16:30 Bernstein, Chen, Cheng, Lange, Niederhagen, Schwabe, Yang: Usable assembly language for GPUs: a success story (PDF slides)
16:30–17:00 Courtois, Hulme, Mourouzis: Solving circuit optimisation problems in cryptography and cryptanalysis (PDF slides)
17:00Closing (PDF slides)

Invited speakers

The following invited speakers have confirmed their participation:
  • Stephen Budiansky, author of "Battle of Wits"

    Title: Codebreaking with IBM machines in World War II

    Abstract: Many important enemy code systems were broken by the US Army and Navy during World War II with the help of a variety of special-purpose analytic machinery. Among the most important of these were special adaptations of commercial IBM card machines, developed to automate specific time-consuming tasks both in initially solving enemy cryptosystems and then in routinely deciphering intercepted messages. Other innovative cryptanalytic hardware developed during the war used optical, paper-tape, and other storage devices that pushed electro-mechanical computing to its technological limits in this era just prior to the dawn of the digital revolution.

  • Joe Hurd and Sally A. Browning, Galois, Inc.

    Title: Cryptol: The Language of Cryptography Cryptanalysis

    Abstract: Cryptol was designed by Galois for the NSA as a domain specific language for specifying cryptographic algorithms, eliminating the need for separate and voluminous natural language documentation. Cryptol is tailored to the unique needs of cryptography and cryptographic implementations. It is fully executable, allowing cryptographers to experiment with their programs incrementally as their designs evolve, with the compiler checking the consistency of data types and array lengths at every stage. These same attributes make Cryptol a good language for expressing cryptanalysis algorithms, providing a platform to explore different approaches and carry out experiments at low cost.

    In addition, Cryptol provides a refinement methodology to bridge the conceptual gap between specification and low-level implementation, and can generate both hardware and software implementations from high-level specifications, as well as formal models for verification. For example, Cryptol allows engineers and mathematicians to program cryptographic algorithms on FPGAs as if they were writing software, and the Cryptol verification toolset can show functional equivalence between the specification and the implementation at each stage of the tool-chain. In addition, the Cryptol verification toolset can be usefully applied to the reference specification of cryptographic algorithms. Proving desirable high-level properties of a cryptographic algorithm gives assurance of its robustness, while conversely finding counter-examples of desirable properties may inspire approaches to cryptanalysis.

  • Marc Stevens, Centrum voor Wiskunde en Informatica (CWI)

    Title: Cryptanalysis of MD5 and SHA-1

    Abstract: In this talk, I will review our most recent cryptanalytic methods on MD5 and SHA-1 and discuss implementation issues. In particular I will focus on a new exact disturbance vector analysis for SHA-1 that in contrast to current literature takes into account the dependence of local collisions. Furthermore, we show how it can be used to implement both an identical-prefix and a chosen-prefix collision attack on SHA-1 which improve on the respective best known attacks.


This is version 2012.03.27 of the schedule.html web page.