The field of asymmetric cryptography has been flourishing within the last years: researchers have been proposing various public key constructions ranging from well-established signature schemes to advanced protocols like homomorphic encryption, MPC or functional encryption. Almost all of them rely on certain hardness assumptions like factoring, discrete logarithm, lattice-based or code-based assumptions or those relying on solving multivariate systems. Understanding the concrete complexity of such problems is of paramount importance, not only in cryptography, but also in complexity theory and number theory. However, looking at the current trend in the cryptographic world, it appears that there are very few venues (if any) dedicated specifically to the cryptanalytic community: to people who design and implement new algorithms and provide new insights into the asymptotic and concrete hardness of cryptographic problems.

AAC 2024 fills the current gap in the cryptographic community by providing a dedicated platform for cryptanalysts. It aims to advance the field by bringing together experts in algorithm design and implementation, facilitating knowledge exchange, and encouraging collaboration. Additionally, AAC 2024 welcomes new joiners and less experienced attendees, aiming to expand the community and provide support for individuals at all levels of expertise.

Important Dates

08 mar

The Workshop Date

29 nov

Submission Deadline

22 Dec


Organizing Committee

Editorial/Program Chairs


Andre Esser(Technology Innovation Institute)


Elena Kirshanova(Technology Innovation Institute)

General Chair


Javier Verbel(Technology Innovation Institute)

Keynote Speakers


Damien Stehlé

Attacks Against the CPA-D Security of Exact FHE Schemes, and Threshold-FHE schemes

Abstract: A new security model for fully homomorphic encryption (FHE), called INDCPA-D security and introduced by Li and Micciancio [Eurocrypt'21], strengthens INDCPA security by giving the attacker access to a decryption oracle for ciphertexts for which it should know the underlying plaintexts. This includes ciphertexts that it (honestly) encrypted and those obtained from the latter by evaluating circuits that it chose. Li and Micciancio singled out the CKKS FHE scheme for approximate data [Asiacrypt'17] by giving an INDCPA-D attack on it and (erroneously) claiming that INDCPA-D security and INDCPA-D security coincide for FHEs on exact data.

In this talk, I will correct the widespread belief according to which INDCPA-D attacks are specific to approximate homomorphic computations. Indeed, the equivalency formally proved by Li and Micciancio assumes that the schemes are not only exact but have a negligible probability of incorrect decryption. However, almost all competitive implementations of exact FHE schemes give away strong correctness by analyzing correctness heuristically and allowing noticeable probabilities of incorrect decryption. I will show how to exploit this discrepancy to mount practical indistinguishability and key-recovery attacks against all major exact FHE schemes. I will also discuss the extension of the attacks to threshold versions of the exact FHE schemes, when the correctness is similarly loose.

The talk is based on joint work with Jung Hee Cheon, Hyeongmin Choe,
Alain Passelègue and Elias Suvant

Damien Stehlé is a Chief Researcher at Cryptolab https://www.cryptolab.co.kr/en/home/ Prior to this, he was a researcher at CNRS and a professor at ENS Lyon. His main research interests lie in lattice-based cryptography and homomorphic encryption. He is a co-author of the Kyber encryption scheme and Dilithium signature scheme, and is a renowned scientist in the foundations and cryptanalysis aspects of lattice-based cryptography.


Robert Merget

Hard-Hat Cryptanalysis - Drilling Down into Real-world TLS Protocol Failures

Abstract: In the dynamic landscape of cybersecurity, the TLS protocol stands as a crucial bastion for securing online communication. Wearing our metaphorical hard hats, we will embark on a journey through the coal mines of deployed cryptography, illuminating the challenges and pitfalls encountered when securing communications with TLS. The presentation will draw upon real-world exploits, bugs, and issues that have surfaced in the protocol and its implementations. We bridge the gap between theory and practice and will show that despite years of theoretic analysis and formal proofs the protocol and its implementations can still break and what we can do to prevent this in the future.

Dr. Robert Merget is a Senior Researcher at the Technology Innovation Institute in Abu Dhabi. The focus of his research is the practical analysis of the TLS protocol, where he contributed to the most recent attacks on the protocol specification (RACCOON/Alpaca Attack). He is also the maintainer of TLS-Attacker, (https://github.com/tls-attacker/TLS-Attacker) a project for dynamic protocol analysis for TLS. His efforts with TLS-Attacker have led to extensive studies across the TLS ecosystem, providing him with unique insights into real-world TLS deployments.

Program Committee

Leo Ducas

(CWI, Netherlands)

Eamonn Postlethwaite

(CWI, Netherlands)

Luca de Feo

(IBM Research, Switzerland)

Markku-Juhani O. Saarinen

(Tampere University, Finland & PQShield, UK)

Philippe Gaborit

(University of Limoges, France)

Paolo Santini

(Universita Politecnica delle Marche, Italy)

Ján Jančár

(Masaryk University, Czech Republic)

Damien Stehlé

(CryptoLab, Korea)

Alexander Karenin

(Technology Innovation Institute, UAE)

Jean-Pierre Tillich

(Inria de Paris, France)

Péter Kutas

(Eötvös Loránd University, Hungary)

Alexander May

(Ruhr University Bochum, Germany)

Monika Trimoska

(Radboud University, Netherlands)

Semyon Novoselov

I. Kant Baltic Federal University, Russia

Alexander Wallet

(Inria Rennes, France)

Lorenz Panny

(Technical University of Munich, Germany)

Violetta Weger

(Technical University of Munich, Germany)

Juliane Krämer

(University of Regensburg Germany)

Call for Papers

AAC 2024 invites paper submissions on any aspect of asymmetric cryptanalysis. This includes (but is not limited to): new algorithms for solving cryptographic relevant problems, efficient implementations of new or existing algorithms, algorithmic improvements to the state-of-the-art, detailed cost analyses or side-channel attacks. Additionally AAC 2024 also welcomes SoK (Systematization of Knowledge) papers, for which ”SoK” should be mentioned in the title. Submissions should be processed in LaTeX following the Springer LNCS template. The pagelimit for submissions is 18 pages excluding references and any clearly marked appendices. Reviewers are not required to read appendices, submissions should therefore be self-contained without it. Papers must not be already published or submitted to another venue with proceedings.

The single-page call for papers can be downloaded here

Authors of accepted papers must ensure that one of the authors will present their work in person at the workshop.

To encourage greater student participation, ACNS’24 offers travel grants for students.

More details about these grants can be found on ACNS’24 Student Travel Grants website https://wp.nyu.edu/acns2024/student-travel-grants.

In addition, ACNS’24 gives a best workshop paper award, with 500 EUR prize sponsored by Springer.

To submit a paper, please visit: https://easychair.org/my/conference?conf=aac24

Date and Place

Friday, 8th of March 2024

New York University Abu Dhabi campus


AAC '24- Advances in Asymmetric Cryptanalysis Program (Friday 8th of March)

Session Speaker Title Time
Welcome + Invited Talk Andre Esser, Elena Kirshanova and Javier Verbel Opening Remarks 09:30 09:40
Damien Stehlé Attacks Against the CPA-D Security of Exact FHE Schemes, and Threshold-FHE schemes 09:40 10:40
Coffee break 10:40 11:00
Accepted Papers Valérian Hatey Projective Space Stern Decoding and Application to SDitH 11:00 11:30
Lorenz Panny Forging tropical signatures 11:30 12:00
Simone Perriello Quantum Circuit Design for the Lee-Brickell based Information Set Decoding 12:00 12:30
Lunch 12:30 13:45
Invited + Closing Talk Robert Merget Hard-Hat Cryptanalysis - Drilling Down into Real-world TLS Protocol Failures 13:45 14:45
Andre Esser, Elena Kirshanova and Javier Verbel Closing Remarks 14:45 14:50

Accepted Papers

  • Kévin Carrier, Valérian Hatey and Jean-Pierre Tillich. Projective Space Stern Decoding and Application to SDitH
  • Lorenz Panny. Forging tropical signatures
  • Simone Perriello, Alessandro Barenghi and Gerardo Pelosi. Quantum Circuit Design for the Lee-Brickell based Information Set Decoding


Attendees of AAC '24 are required to register for the ACNS main event under https://wp.nyu.edu/acns2024/registration/