BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Drupal iCal API//EN
X-WR-CALNAME:Events items teaser
X-WR-TIMEZONE:America/Toronto
BEGIN:VTIMEZONE
TZID:America/Toronto
X-LIC-LOCATION:America/Toronto
BEGIN:DAYLIGHT
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
DTSTART:20250309T070000
END:DAYLIGHT
BEGIN:STANDARD
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
DTSTART:20251102T060000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
UID:69cea2f05dac3
DTSTART;TZID=America/Toronto:20251112T103000
SEQUENCE:0
TRANSP:TRANSPARENT
DTEND;TZID=America/Toronto:20251112T113000
URL:https://uwaterloo.ca/combinatorics-and-optimization/events/crypto-readi
 ng-group-yuheng-elle-wen
SUMMARY:Crypto Reading Group -Yuheng (Elle) Wen
CLASS:PUBLIC
DESCRIPTION:TITLE:Seems Legit: Automated Analysis of  Subtle Attacks on Pr
 otocols\nthat Use Signatures\n\nSpeaker\n Yuheng (Elle) Wen\n\nAffiliation
 \n University of Waterloo\n\nLocation\n MC 5479\n\nABSTRACT: The standard
  definition of security for digital\nsignatures—existential unforgeabili
 ty—does not ensure certain\nproperties that protocol designers might exp
 ect. For example\, in many\nmodern signature schemes\, one signature may v
 erify against multiple\ndistinct public keys. It is left to protocol desig
 ners to ensure that\nthe absence of these properties does not lead to atta
 cks. Modern\nautomated protocol analysis tools are able to provably exclud
 e large\nclasses of attacks on complex real-world protocols such as TLS 1.
 3 and\n5G. However\, their abstraction of signatures (implicitly) assumes 
 much\nmore than existential unforgeability\, thereby missing several class
 es\nof practical attacks. We give a hierarchy of new formal models for\nsi
 gnature schemes that captures these subtleties\, and thereby allows\nus to
  analyse (often unexpected) behaviours of real-world protocols\nthat were 
 previously out of reach of symbolic analysis. We implement\nour models in 
 the Tamarin Prover\, yielding the first way to perform\nthese analyses aut
 omatically\, and validate them on several case\nstudies. In the process\, 
 we find new attacks on DRKey and SOAP’s\nWS-Security\, both protocols wh
 ich were previously proven secure in\ntraditional symbolic models.
DTSTAMP:20260402T171008Z
END:VEVENT
END:VCALENDAR