The conference has come to an end last Thursday and I have already made my way back to Bristol. Before going back to the normal rhythm of work tomorrow, a lazy Sunday afternoon seems like a good opportunity to give an overall summary of the conference, roughly a week after it all started (on Sunday) with Shrimpy's 40th, a board meeting, and the welcome reception.
On Monday the technical program commenced, with as high points Ron Rivest's Distinguished Lecture on FlipIt and the presentation of the best paper. Both topics are quite distinct, but they share the impression that this is only just the beginning and that they might spawn far more research.
Tuesday was relatively short but had the rump session in the evening. The talk I found funniest was by Yuji Suga who extended the sponge methodology to various other cleaning-related household utensils (if I recollect correctly, he was also responsible for the "three degrees" talk at CHES'09's rump session). Also far funnier than it should have been was the panel discussion on leakage. The important point here was delivery, delivery, delivery! On a more serious note, Bogdanov, Khovratovich, and Rechberger announced the first theoretical single-key attack against the full AES-128: they achieve key recovery in time roughly 2^126 instead of 2^128. While shaving off two bits might not sound very impressive (and given the data complexity the usual exhaustive search arguably remains the most "practical"), it is a truly remarkable result. It will be presented at Asiacrypt (the notifications went out on Tuesday, so there was quite some gossiping about who got in and who did not).
Wednesday was again a full day and included the excellent invited talk by Roger Dingledine on Tor. Unfortunately I did not get the opportunity to speak to him in person. On Thursday the conference was drawing towards an end. This was clear especially from the last session, which really wasn't as well attended as it deserved to be. Cryptology based on coding theory or multivariate equations is still not very sexy: both suffered from too many broken early attempts, but like lattice-based and pairing-based cryptography, who knows a revival may be nigh?
Overall I consider Crypto'11 a very successful conference. It was (only) my fourth Crypto, but so far it has to be my favourite. Thanks to Tom Shrimpton and the UCSB team, everything ran smoothly and the atmosphere was wonderful. What struck me in this respect, was the seemingly larger number of spouses and especially offspring on campus. Phil Rogaway (and his PC) managed to come up with a broader program than is usual (certainly for Crypto, which in my opinion tends to be a bit narrower than Eurocrypt). Perhaps this was partly due to a relatively large number of accepted papers, but for a good broad program the battle for good submissions has to be won first. To accommodate presentation of all the papers, the schedule was quite tight and with shorter talks than usual. Surprisingly, I found that the shorter talks were far better to follow than the regular ones. Next year the program chairs are encouraged (by the Board) to accept even more papers, for instance by running sessions in parallel or sacrificing the free Tuesday afternoon. This year, I already skipped several sessions---mainly to discuss an ongoing project with Sasha Boldyreva---and I fear that accepting more papers (and having more presentations) might result in me dropping out of even more sessions and talks...
At the moment, it looks like our group will not be present at Asiacrypt in Korea, but we will be back in full force at Eurocrypt in Cambridge next year. Moreover, there are several other events in the mean time (CHES, Dagstuhl seminars and Nigel's Cambridgean adventures) plus, from October onwards, weekly blogging related to our study group.