2nd Workshop on
Low-Latency Encryption
(LLE 2025)
May 3, 2025 - Madrid, Spain
affiliated with EUROCRYPT 2025
In recent years, the demand for cryptographic primitives with minimum execution time has greatly increased. Memory encryption, secure cache architectures and pointer authentication are among the most commonly cited use cases for cryptographic algorithms that feature a low latency in hardware, i.e., a short period between providing inputs and receiving outputs. While execution speed is clearly the main criterion for such designs, other factors such as area, power and energy consumption have to be considered as well. Arguably the most challenging aspect of designing dedicated low-latency primitives is that there is very little room for error in the security analysis. Considerable safety margins to account for uncertainties or potential improvements of attacks are hardly affordable, bold security claims and careful public scrutiny are needed. Hence, the concrete trade-offs between hardware implementation parameters and cryptanalytic properties need to be well understood to find designs with optimal performance for a desired security level.
To advance this emerging research field, the LLE workshop will provide an international forum for researchers to exchange ideas, explore new directions, and address key challenges. Affiliated with EUROCRYPT 2025 in Madrid, Spain, it will feature tutorials and invited talks from leading experts in the field.
Organizers
Shahram Rasoolzadeh (Ruhr University Bochum, Germany)
Sponsors
Keynote Speakers
Christoph Dobraunig
Intel Labs, USA.
Currently, Christoph is working for Intel. Before that, he worked for Lamarr Security Research, the Radboud University in Nijmegen, and the Graz University of Technology. So far, he has done research in cryptography (analysis and design of symmetric cryptography) and implementation security (side-channel and fault attacks). He is a co-designer of the winner of the NIST lightweight cryptography standardization process and the first choice for lightweight applications in CAESAR, Ascon. Furthermore, he is a co-designer of Elephant and ISAP, two finalists of the NIST lightweight cryptography standardization process.
Gregor Leander
Ruhr University Bochum, Germany.
Gregor Leander received his doctorate in cryptography and coding theory at RUB in 2004. In 2006, he moved to the Université Toulon, France, for one year. Between 2008 and 2012 he worked as Associate Professor at the Technical University of Denmark. Since 2015 he is professor at the Ruhr University Bochum in Germany. His research focuses on the design and the analysis of symmetric primitives and the theory of Boolean functions.
Florian Mendel
Infineon Technologies, Germany.
Florian Mendel is a cryptographer and security architect at Infineon Technologies working on the design and development of next generation secure hardware solutions and cryptographic hardware modules. Before joining Infineon Technologies in 2017, he worked for more than 10 years in research. He is well-known for his contributions in symmetric cryptography. Among others Florian is a co-designer of the hash function Grøstl, a NIST SHA-3 finalists, and the lightweight authenticated encryption algorithms Ascon that was recently selected by NIST as new standard for lightweight cryptography.
María Naya-Plasencia
INRIA Paris, France.
María Naya-Plasencia is an Inria researcher since 2012 and a senior researcher since 2018. She works in the field of cryptography, with an emphasis on symmetric cryptography and quantum cryptanalysis. She was the PI of the ERC QUASYModo, and is currently the PI of the ERC SoBaSyC on those topics. María was the co-editor-in-chief of ToSC in 2016-2017, in the editorial board of DCC from 2020 to 2024 and has served in many PC’s of the most important conferences in cryptography. She has co-organized several Dagstuhl seminars, is an elected member of the board of directors of the IACR since 2024 and received the Young Researcher Award from Inria-Academie des Sciences in France in 2019. She has given several invited talks, like for instance FSE 2019 and Eurocrypt 2022.
Gilles Van Assche
STMicroelectronics, Belgium.
Gilles Van Assche currently works for STMicroelectronics in Belgium, specializing in the field of secure microcontrollers. He focuses on the development of secure implementations of cryptographic solutions, starting from the software side and collaborating closely with hardware designers. In addition, Gilles is a professor at the University of Brussels (ULB), where he teaches courses in cryptography and cryptanalysis. Gilles received a PhD in quantum information theory from the University of Brussels in 2005. He continues to be an active researcher, focusing on the design and analysis of symmetric cryptographic primitives. One of his most notable achievements is his role as a co-designer of Keccak, the cryptographic algorithm selected by NIST to become SHA-3.
Program
| 09:25 – 09:30 | Opening |
| 09:30 – 10:00 | Tutorial by Thorben Moos |
| Basics on Hardware and Low-Latency | |
| 10:00 – 10:30 | Tutorial by Shahram Rasoolzadeh |
| State of the Art on Designing Low-Latency Primitives | |
| 10:30 – 11:00 | Coffee Break |
| 11:00 – 12:00 | Invited Talk by Gregor Leander: |
| Review of Low Latency Primitives – Focus on the Non-Linear Layer | |
| 12:00 – 12:45 | Invited Talk by Gilles Van Assche and Ruggero Susella: |
| External Memory Security on Microcontroller: An Impossible Quest? | |
| 12:45 – 14:15 | Lunch |
| 14:15 – 15:15 | Invited Talk by Florian Mendel: |
| Can We Have It All? Fast, Secure, and Side-Channel Resistant Encryption | |
| 15:15 – 15:45 | Coffee Break |
| 15:45 – 16:30 | Invited Talk by María Naya-Plasencia: |
| On Cryptanalysis of Low-Latency Primitives | |
| 16:30 – 17:15 | Invited Talk by Christoph Dobraunig: |
BipBip – A Low-latency Cipher for Cryptographic Capability Computing (C³) | |
| 17:15 – 17:20 | Closing |
Contact Information
Photo by Pexels user: Abhishek Verma.