Session 2 this morning had only one talk and it was the winner of the best paper award - "Computer-Aided Security Proofs for the Working Cryptographer". Can we automate proof checking in cryptography? There are existing tools but they require a lot of specialist knowledge. The authors presented EasyCrypt which builds on top of these tools but as the title hints, should be accessible to cryptographers rather than specialists in formal verification. It is also designed specifically for cryptograhpers' needs (security games, indistinguishability etc.)
Ron Rivest gave the IACR distinguished lecture, taking a game-theoretic perspective. We cannot prevent the occasional key compromise or system failure in practice. We don't even always know when a key has been compromised. Ron presented a model and developed the mathematical theory for questions such as: how often should I change passwords? Regularly or at unpredictable intervals?