Financial Cryptography and Data Security 2016

International Financial Cryptography Association logo

Twentieth International Conference
February 22–26, 2016
Accra Beach Hotel & Spa

Ross Anderson live-blogged FC16. You can read his excellent summaries of all presentations, including during the rump session, over at Light Blue Touchpaper.

All events take place in the Khairoon at the Accra Beach Hotel unless otherwise indicated.
Sunday, February 21, 2016

16:00–18:00 Registration Reception
Location: Fig Tree
Monday, February 22, 2016

08:30–09:00 Registration

09:00–09:10 Opening Remarks

Session 1: Anniversary Keynote
David Chaum
Voting Systems Institute


PrivaTegrity allows smart phones to send and receive messages, with little extra bandwidth or battery usage, while achieving anonymity for senders and recipients among all messages sent globally in batches defined by each one-second time interval. To learn anything about which inputs correspond with which outputs of the batch of messages, the entire cascade of ten mix servers, each preferably operating independently in a different country, would have to be compromised. None of the real-time computation, neither by the mixes nor smartphones, uses public-key operations—achieving orders of magnitude performance improvement over comparable earlier work.

PrivaTegrity also takes a new approach to user identification, requiring each user to provide a small amount of different identifying information to each mix node. Each node would require its own particular type of identification. Answers to personal history questions or even photos may be requested by some nodes and mobile phone numbers or email addresses confirmed by other nodes. Comparatively little is revealed to each node individually, but if ever aggregated the user identification should become very effective. The mix nodes can obligate themselves contractually to trace and aggregate only according to a published policy, resulting in accountability and even identification of users who violate that policy.

Untraceable communication is fundamental to freedom of inquiry, freedom of expression, and increasingly to online privacy generally, including person-to-person communication. To address these needs a system should support, ideally within a combined anonymity set, the most common use cases: chat, photo/video sharing, feed following, searching, posting, payments, all with various types of potentially pseudonymous authentication. Rather than layering such services on top of its mixing and allowing widely varying payload sizes, PrivaTegrity integrates such services directly into its mixing with standardized formats and payload sizes. It includes what aims to be a comprehensive range of lightweight services efficiently supporting the above use cases, bringing much of them into the same anonymity sets as those for chat messages.

Widely recognized as the inventor of digital cash, David Chaum is also known for other fundamental innovations in cryptography, including privacy technology and secure election systems. With a PhD in Computer Science from UC Berkeley, he taught at NYU Graduate School of Business and the University of California, lead a number of breakthrough projects as well as founded the International Association for Cryptologic Research, the cryptography group at the Center for Mathematics and Computer Science in Amsterdam, DigiCash, the Voting Systems Institute, and the Spectoccular Technology Fund.

10:10–10:40 Break

Session 2: Fraud and Deception
Session Chair: Jens Grossklags

Youngsam Park, Damon McCoy and Elaine Shi. Understanding Craigslist Rental Scams

Ian Molloy, Suresh Chari, Ulrich Finkler, Mark Wiggerman, Coen Jonker, Ted Habeck, Youngja Park, Frank Jordens and Ron van Schaik. Graph Analytics for Real-time Scoring of Cross-channel Transactional Fraud

Earlence Fernandes, Qi Alfred Chen, Justin Paupore, Georg Essl, J. Alex Halderman, Z. Morley Mao and Atul Prakash. Android UI Deception Revisited: Attacks and Defenses

Jassim Aljuraidan, Lujo Bauer, Michael Reiter and Matthias Beckerle. Introducing Reputation Systems to the Economics of Outsourcing Computations to Rational Workers

12:20–13:50 Lunch
Location: Fig Tree

Session 3: Payments, Auctions, and e-Voting
Session Chair: Jeremy Clark

Christina Garman, Matthew Green and Ian Miers. Accountable Privacy for Decentralized Anonymous Payments

Amira Barki, Solenn Brunet, Nicolas Desmoulins, Sébastien Gambs, Saïd Gharout and Jacques Traoré. Private eCash in Practice (Short Paper)

Abdelrahaman Aly and Mathieu Van Vyve. Practically Efficient Secure Single-Commodity Multi-Market Auctions

Sandra Guasch and Paz Morillo. How to Challenge and Cast Your e-Vote

15:20–15:50 Break

Session 4: Multiparty Computation
Session Chair: Moti Yung

Aydin Abadi, Sotirios Terzis and Changyu Dong. VD-PSI: Verifiable Delegated Private Set Intersection on Outsourced Private Datasets

Ivan Damgård, Kasper Damgård, Kurt Nielsen, Peter Sebastian Nordholt and Tomas Toft. Confidential Benchmarking based on Multiparty Computation

Handan Kılınç and Alptekin Küpçü. Efficiently Making Secure Two-Party Computation Fair

Alptekin Küpçü and Payman Mohassel. Fast Optimistically Fair Cut-and-Choose 2PC

18:30–20:30 Welcome Reception and Poster Session
Location: Fig Tree

Artyom Nikitin and Panagiotis Karras. Algebra-based Encryption for Adaptive Indexing (Poster Presentation)

Cliff Joslyn, Chase Dowling, Sean Kreyling, Stephen Ranshous, Curtis West, and Amanda White. Transaction Hypergraph Models for Pattern Identification in the Bitcoin Blockchain (Poster Presentation)

Xianyi Zheng, Gang Shi, and Dan Meng. Memory Data Protection on TrustZone Enabled Platform (Poster Presentation)

Tuesday, February 23, 2016

Session 5: Mobile Malware
Session Chair: Avi Rubin

Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, and Engin Kirda. CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes

Alberto Coletta, Victor van der Veen and Federico Maggi. DroydSeuss: A Mobile Banking Trojan Tracker (Short Paper)

Stephan Heuser, Marco Negro, Praveen Kumar Pendyala and Ahmad-Reza Sadeghi. DroidAuditor: Forensic Analysis of Application-Layer Privilege Escalation Attacks on Android (Short Paper)

Session 6: Social Interaction and Policy
Session Chair: Jens Grossklags

Tristan Caulfield, Christos Ioannidis and David Pym. Discrete Choice, Social Interaction, and Policy in Encryption Technology Adoption (Short Paper)

10:10–10:35 Break

Session 7: Cryptanalysis
Session Chair: Ross Anderson

Abdalnaser Algwil and Jeff Yan. Failures of Security APIs: A New Case

Berry Schoenmakers. Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal

Luke Valenta, Shaanan Cohney, Alex Liao, Joshua Fried, Satya Bodduluri and Nadia Heninger. Factoring as a Service

Eric Verheul, Sietse Ringers and Jaap-Henk Hoepman. The self-blindable U-Prove Scheme from FC'14 is Forgeable (Short Paper)

S Abihishek Anand and Nitesh Saxena. A Sound for a Sound: Mitigating Acoustic Side Channel Attacks on Password Keystrokes with Active Sounds

14:30–19:30 Bitt Cruise
Pirate schooner cruise, includes buffet and swimming & snorkeling with the turtles.

20:30–21:30 IFCA General Meeting
Location: Khairoon

21:30–00:00 Rump Session and Privacy Panel
Location: Khairoon
Wednesday, February 24, 2016

Session 8: Anniversary Keynote
Adi Shamir
Computer Science Dept, The Weizmann Institute of Science, Israel

Financial Cryptography: Past, Present, and Future

Session 9: Surveillance and Anonymity
Session Chair: Ian Goldberg

Eline Vanrykel, Gunes Acar, Michael Herrmann and Claudia Diaz. Leaky Birds: Exploiting Mobile Application Traffic for Surveillance

Anna Krasnova, Moritz Neikes and Peter Schwabe. Footprint Scheduling for Dining-Cryptographer Networks

10:50–11:10 Break

Session 10: Anniversary Panel
Moderator: Ahmad-Reza Sadeghi (TU Darmstadt)
Panelists: David Chaum (Voting Systems Institute), Florian Kerschbaum (SAP), Peter Ryan (University of Luxembourg), Adi Shamir (The Weizmann Institute of Science, Israel), Nick Sullivan (ChangeCoin, Inc.)

The Promises and Pitfalls of Distributed Consensus Systems: From Contract Signing to Cryptocurrencies

12:30–14:00 Lunch
Location: Fig Tree

Session 11: Web Security and Data Privacy
Session Chair: Florian Kerschbaum

Radhesh Krishnan Konoth, Victor van der Veen and Herbert Bos. How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication

Juan Lang, Alexei Czeskis, Dirk Balfanz, Marius Schilder and Sampath Srinivas. Security Keys: Practical Cryptographic Second Factors for the Modern Web

Sajjad Arshad, Amin Kharraz and William Robertson. Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions

Liuhua Chen, Shenghai Zhong, Li-E Wang and Xianxian Li. A Sensitivity-Adaptive ρ-Uncertainty Model for Set-Valued Data

18:30–21:00 Conference BBQ
Location: Fig Tree
Thursday, February 25, 2016

Session 12: Bitcoin Mining
Session Chair: Sarah Meiklejohn

Okke Schrijvers, Joseph Bonneau, Dan Boneh and Tim Roughgarden. Incentive Compatibility of Bitcoin Mining Pool Reward Functions

Jason Teutsch, Sanjay Jain and Prateek Saxena. When Cryptocurrencies Mine Their Own Business

Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. Optimal Selfish Mining Strategies in Bitcoin

Session 13: Cryptographic Protocols
Session Chair: Yvo Desmedt

Lucjan Hanzlik and Kamil Kluczniak. A Short Paper on Blind Signatures from Knowledge Assumptions (Short Paper)

Joseph Carrigan, Paul Martin and Michael Rushanan. KBID: Kerberos Bracelet Identification (Short Paper)

10:45–11:15 Break

Session 14: Payment Use and Abuse
Session Chair: Aggelos Kiayias

Katharina Krombholz, Aljosha Judmayer, Matthias Gusenbauer and Edgar Weippl. The Other Side of the Coin: User Experiences with Bitcoin Security and Privacy

Patrick McCorry, Siamak F. Shahandashti and Feng Hao. Refund Attacks on Bitcoin's Payment Protocol

Steven J. Murdoch, Ross Anderson, Nicholas Bohm, Alice Hutchings, Angela Sasse, Ingolf Becker, Gianluca Stringhini and Ruba Abu-Salma. Are Payment Card Contracts Unfair? (Short Paper)

Marie Vasek, Joseph Bonneau, Ryan Castellucci, Cameron Keith and Tyler Moore. The Bitcoin Brain Drain: A Short Paper on the Use and Abuse of Bitcoin Brain Wallets (Short Paper)

12:35–12:40 Closing Remarks

12:40–13:30 Lunch
Location: Fig Tree

13:30–17:30 Anniversary Island Safari

18:00–20:00 Workshop Reception (for workshop registrants)
Location: Accra Deck
Friday, February 26, 2016

09:00–17:00 Workshops

18:45–22:00 Oistins Fish Fry (for workshop registrants)




This conference is organized annually by the International Financial Cryptography Association.