International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Damien Vergnaud

Affiliation: ENS de Paris, France

Publications

Year
Venue
Title
2017
CRYPTO
2017
TOSC
Security of Even-Mansour Ciphers under Key-Dependent Messages
Pooya Farshim Louiza Khati Damien Vergnaud
The iterated Even–Mansour (EM) ciphers form the basis of many blockcipher designs. Several results have established their security in the CPA/CCA models, under related-key attacks, and in the indifferentiability framework. In this work, we study the Even–Mansour ciphers under key-dependent message (KDM) attacks. KDM security is particularly relevant for blockciphers since non-expanding mechanisms are convenient in setting such as full disk encryption (where various forms of key-dependency might exist). We formalize the folklore result that the ideal cipher is KDM secure. We then show that EM ciphers meet varying levels of KDM security depending on the number of rounds and permutations used. One-round EM achieves some form of KDM security, but this excludes security against offsets of keys. With two rounds we obtain KDM security against offsets, and using different round permutations we achieve KDM security against all permutation-independent claw-free functions. As a contribution of independent interest, we present a modular framework that can facilitate the security treatment of symmetric constructions in models that allow for correlated inputs.
2017
CHES
Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures
Masking is a widespread countermeasure to protect implementations of block-ciphers against side-channel attacks. Several masking schemes have been proposed in the literature that rely on the efficient decomposition of the underlying s-box(es). We propose a generalized decomposition method for s-boxes that encompasses several previously proposed methods while providing new trade-offs. It allows to evaluate $$n\lambda $$ -bit to $$m\lambda $$ -bit s-boxes for any integers $$n,m,\lambda \ge 1$$ by seeing it a sequence of mn-variate polynomials over $$\mathbb {F}_{2^{\lambda }}$$ and by trying to minimize the number of multiplications over $$\mathbb {F}_{2^{\lambda }}$$ .
2016
EUROCRYPT
2016
PKC
2015
EPRINT
2015
EPRINT
2015
CHES
2013
PKC
2013
CRYPTO
2012
TCC
2012
PKC
2011
PKC
2011
ASIACRYPT
2010
EPRINT
Batch Groth-Sahai
In 2008, Groth and Sahai proposed a general methodology for constructing non-interactive zero-knowledge (and witness-indistinguishable) proofs in bilinear groups. While avoiding expensive NP-reductions, these proof systems are still inefficient due to a number of pairing computations required for verification. We apply recent techniques of batch verification to the Groth-Sahai proof systems and manage to improve significantly the complexity of proof verification. We give explicit batch verification formulas for generic Groth-Sahai equations (whose cost is less than a tenth of the original) and also for specific popular protocols relying on their methodology (namely Groth's group signatures and Belenkiy-Chase-Kohlweiss-Lysyanskaya's P-signatures).
2010
EPRINT
Fair Blind Signatures without Random Oracles
Georg Fuchsbauer Damien Vergnaud
A fair blind signature is a blind signature with revocable anonymity and unlinkability, i.e., an authority can link an issuing session to the resulting signature and trace a signature to the user who requested it. In this paper we first revisit the security model for fair blind signatures given by Hufschmitt and Traor\'e in 2007. We then give the first practical fair blind signature scheme with a security proof in the standard model. Our scheme satisfies a stronger variant of the Hufschmitt-Traor\'e model.
2010
EPRINT
On The Broadcast and Validity-Checking Security of PKCS \#1 v1.5 Encryption
This paper describes new attacks on PKCS \#1 v1.5, a deprecated but still widely used RSA encryption standard. The first cryptanalysis is a broadcast attack, allowing the opponent to reveal an identical plaintext sent to different recipients. This is nontrivial because different randomizers are used for different encryptions (in other words, plaintexts coincide only partially). The second attack predicts, using a single query to a validity checking oracle, which of two chosen plaintexts corresponds to a challenge ciphertext. The attack's success odds are very high. The two new attacks rely on different mathematical tools and underline the need to accelerate the phase out of PKCS \#1 v1.5.
2010
EPRINT
Huff's Model for Elliptic Curves
Marc Joye Mehdi Tibouchi Damien Vergnaud
This paper revisits a model for elliptic curves over Q introduced by Huff in 1948 to study a diophantine problem. Huff's model readily extends over fields of odd characteristic. Every elliptic curve over such a field and containing a copy of Z/4Z×Z/2Z is birationally equivalent to a Huff curve over the original field. This paper extends and generalizes Huff's model. It presents fast explicit formulas for point addition and doubling on Huff curves. It also addresses the problem of the efficient evaluation of pairings over Huff curves. Remarkably, the formulas we obtain feature some useful properties, including completeness and independence of the curve parameters.
2009
PKC
2008
PKC
2005
ASIACRYPT
2005
ASIACRYPT

Program Committees

Eurocrypt 2018
PKC 2010