SAFEcrypto’s suite of lattice-based crypto software routines

SAFEcrypto’s libsafecrypto, which provides a suite of software routines to implement lattice-based cryptographic schemes, is now available at: The related wiki describes the current status of libsafecrypto and provides an ongoing description of its current capabilities.

The following schemes are currently supported:

Signatures: BLISS-B; Dilithium / Dilithium-G; ENS; DLP; Ring-TESLA

KEM: ENS; Kyber

Encryption: RLWE; Kyber


NIST’s First PQC Standardization Conference, 12-13 April 2018

The first PQC Standardization Conference, will be held in Fort Lauderdale, FL, on 12-13 April 2018.

It is co-located with the 9th International Conference on Post-Quantum Cryptography (PQCrypto 2018), 9-11 April, 2018


16th IMA International Conference on Cryptography and Coding (IMACC 2017)

The 16th IMA International Conference on Cryptography and Coding (IMACC 2017), was held on 12 – 14 December 2017, St Catherine’s College, University of Oxford, UK, in co-operation with the IACR and supported by SAFEcrypto.

Invited Speakers included:

A special session on Lattice-based Cryptographic Constructions and Architectures was organised by Martin Albrecht & Máire O’Neill.

Further information and speakers’ slides can be found at the IMACC website: 

5th ETSI / IQC Quantum Safe Workshop

The 5th ETSI/IQC Workshop will take place in London (UK) on 13 – 15 September 2017.

Further details can be found here.

SAFEcrypto Project Review

We held a very successful project review last week (Wednesday 14 Sept) in Brussels for SAFEcrypto.  We were hosted in the Office of the NI Executive in Brussels (ONIEB) and we would like to thank ONIEB Director, Andrew Elliott and Senior EU Liaison Office Stephen Duffy for their support and hospitality during the review.  Andrew’s staff including Corrine Becquevort and Lucy Pollock where of invaluable help to us.


Deliverable D6.1 – Software Requirements Specification added to outcomes

One new deliverable has been added to the SAFEcrypto Outcomes page. This is:

SAFEcrypto: D6.1 – Software Requirements Specification

New SAFEcrypto deliverables have been added to Outcomes

Two new deliverables have been added to the SAFEcrypto Outcomes page. These are:

SAFEcrypto D3.1 Risk and Vulnerability Assessment of Lattice-based Cryptographic Architectures

SAFEcrypto D7.1 State-of-the-Art in Physical Side-Channel Attacks and Resistant Technologies

High-speed BLAKE2 Hash Function published as IETF RFC 7693

Internet Engineering Task Force (IETF), the main body behind standards for the Internet has on November 3 published RFC 7693 “The BLAKE2 Cryptographic Hash  and Message Authentication Code (MAC)”, edited by CSIT Research Fellow Dr.  Markku-Juhani O. Saarinen. RFC Text:

Publication of this SHA3 finalist as an RFC together with related ISO Object Identifiers enables its use in security protocols such as TLS and IPSec, in PKI  certificates, and other security applications. The algorithm comes in two variants, both of which have received extensive cryptanalysis. BLAKE2b  outperforms the MD5, MD6, SHA1, SHA2, and the SHA3 algorithm Keccak (by a factor of three), making it the fastest message integrity algorithm currently available. Thanks to its built-in MAC functionality we expect to see it used in high-performance applications such as VPN backbone links. The BLAKE2s variant is optimized for 8- to 32-bit platforms and has significantly smaller implementation footprint than any other secure cryptographic hash function. We expect to see it used in embedded, smart card, and Internet of Things (IoT) security applications. The design work of BLAKE was led by Jean-Philippe Aumasson, principal cryptographer at Kudelski Security, Switzerland. BLAKE2 is also described in the 2015 book “The Hash Function BLAKE”. For more information:

NSA announce plans to transition to Quantum-Safe algorithms

This month, the NSA announced plans that NIST’s Suite B cryptographic algorithms will be transitioning to quantum resistant algorithms in the not too distant future with the goal of providing cost-effective security against a potential quantum computer. They also advised vendors who have not yet transitioned to the Suite B elliptic curve algorithms to wait instead on the quantum-resistant algorithm suite. For the  full announcement, visit:


SAFEcrypto Deliverable D9.1 Case Study Specifications and Requirements added to Outcomes

SAFEcrypto Deliverable D9.1 Case Study Specifications and Requirements has been added to the Outcomes section and is available to download now.

The purpose of this document is to specify the case studies to be demonstrated in SAFEcrypto, and provide requirements that must be met by the technologies to be developed in Work Packages (WPs) 5-8. This specification of the case studies will also feed into WP3, in order to provide a basis for the vulnerability and risk analysis performed there.

This document specifies the three case studies used within SAFEcrypto:

  • Satellite Key Management – In this case study, satellites are considered as entities in a wider ‘network of space-based entities’, potentially involving other spacecraft, as well as on the ground multiple ground stations, Operational Control Centres (OCC) and end users. In terms of key management, each of these may need to establish keys with each other.
  • Commercial Off-The-Shelf (COTS) in Public Safety Communication – This case study aims towards the growing secure COTS communication marketplace. There is an increasing need for ‘critical communication’ markets (public safety, etc.) to require more secure communication but no longer have the economy of scale, nor budgets to build bespoke secure communication systems. Similarly, there are critical but insecure communication systems in operation (critical national infrastructure, power generation/grids, etc.) which will not encounter a technology refresh within a generation. In this case study we consider the possibility to ‘bolt on’ a security enabling component which can achieve this.
  • Privacy-Preserving Municipal Data Analytics – There are many areas in which analysis of large data sets owned by a governmental agency could provide significant opportunities for improvements in efficiency of operation, identification of fraud, government-citizen relationships, reduction of risk and other areas. The opportunity to derive insights from the large data sets owned by a government organization is greatly improved if the organization can invite academic and industry researchers to participate in collaborative analytics across the data set, both in shared projects and in sub-contracted projects. In this case study, we propose to use the SAFEcrypto cryptographic mechanisms, both to segment the data that it provides to the research participants and to protect information that may be subject to privacy concerns.

For each case study we provide a high level description, and assumptions about the scope and operating environment of the systems, or sub-systems, that we propose to consider in detail. A system architecture and corresponding security architecture are then provided. It is important to note that these architectures are not intended as detailed specifications of the systems, from which real development could take place. They are merely provided at the fairly low level of detail required to highlight the functionality used in each case study, and to generate the requirements for cryptographic algorithms and associated key management needed by WPs 3-8.

Based on the case study descriptions and architectures, requirements are then provided for the security solutions. These requirements cover functional requirements on the security solutions, non-functional requirements on the solutions (e.g. performance), and security assurance and certification requirements that may need to be kept in mind for the security solutions in the use-case context.