Bilbao, 20 degrees centigrade, cloudy, 60% humidity – The clatter of dishes fills the room. Munching and mumbling noises barely dampen the sounds of metal softly scratching on pottery. Water is filled into glasses and meat is shoveled hastily onto plates. The queue is long and moving slowly, but steadily. It is 2 p.m. – a typical time for lunch in Spain.
Hungry, but filled with knowledge absorbed from this “morning’s” (9 a.m. to 2 p.m.) lectures, Fabian Knirsch and Andreas Unterweger are standing in line, in the top third of the queue in front of the cafeteria. Still digesting the implications of Bart Preneel’s third and final lecture on the cryptanalytic means of the NSA and their impact on privacy, they are eagerly awaiting their turn for something a bit lighter to digest.
Lunch is a crucial part of the International Summer School on Information Security in Bilbao. Not only does it separate the morning and afternoon lectures by a one-hour break to recover and refuel, but it offers a possibility for more casual conversations between students, fellow researchers and lecturers. Privacy and security are still the prevalent themes, while contact information is exchanged, different customs are discussed and the amount of food on the conversation partners’ plates diminishes steadily.
The schedule of the summer school is very tight. Between 9 a.m. and 9 p.m., there are three classes in the morning and three in the afternoon, with ten-minute breaks inbetween. At least in theory, that is, since nearly all of the lecturers fully live up to the cliché of professors constantly overrunning their time limits. Most of the time, however, the additional minutes of lecture provide valuable insights in and conclusions on state-of-the-art security topics in the narrow time frame of a one-week summer school with multiple courses.
Nervous voices from behind are rising while the tiniest of spaces open up in front. Driven by hunger to the edge of pushing, they pursuade their neighbors to advance by barely half a step. Others follow. The queue moves forward. ¡Que aproveche!

Bilbao, Spain, temperature 19 degrees centrigrade, cloudy, humidity 88% — It is a very calm morning with little traffic and only few people roaming the streets. The day has not yet started for most of the locals at 9 a.m. local time. But there is one notable exception: At the University of Deusto (see picture), technicians are eagerly preparing projectors, connectors and Windows updates. Meanwhile, the lecture hall is filling at a constant pace. International students, researchers and lecturers are eagerly, but quietly looking for seats with nearby power outlets in the lecture hall. To take notes, of course, that is. There is constant whispering and furious typing while the last participants, with coffee in their hands, close the door behind them – the key note is about to start.
It is a typical morning at the International Summer School on Information Security that takes place in Biblao from July 6 to July 10, 2015. As two of the participants, Fabian Knirsch and Andreas Unterweger are priviledged to report from the air-conditioned lecture hall, in the midst of the fellow participants in the key note talk. Doctoral and post-doctoral students of nearly all nationalities are present. Two hundred eyes are looking at the projector screen, quietly listening as Jan Camenisch talks about privacy in today’s world.
Privacy and security are the main themes of this summer school, similar to the main objectives of the Josef Ressel Center for User-Centric Smart Grid Privacy, Security and Control. The lectures cover both, basic and current topics in information security. From S-box design to quantum cryptography, a wide range of special topics allow everyone to learn something new, while, at the same time, combining expertise of different sub-fields of information security.
The most notable course, by far, is the outstanding three-part lecture of Bart Preneel on practical crypography and cryptanalysis. After introducing both, symmetric and asymmetric encryption, he gave recommendations on key sizes in the post-Snowden world and showed how cryptographic protocols and implementations can be broken in practice. From simple timing attacks to sophisticated bit fiddling with lasers, he showed what is done and can be done by physical means despite mathematically secure designs.
The audience is clapping their hands, mumbling starts, people are standing up, the door opens. There is a 10-minute break to rehydrate with water or coffee and, most importantly, to switch to the neighboring lecture hall before the third part of Bart Preneel’s lecture starts.