International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2012-05-10
00:17 [Pub][ePrint]

Yao\'s garbled circuit construction transforms a boolean circuit $C:\\{0,1\\}^n\\to\\{0,1\\}^m$ into a garbled circuit\'\' $\\hat{C}$ along with $n$ pairs of $k$-bit keys, one for each input bit, such that $\\hat{C}$ together with the $n$ keys corresponding to an input $x$ reveal $C(x)$ and no additional information about $x$. The garbled circuit construction is a central tool for constant-round secure computation and has several other applications.

Motivated by these applications, we suggest an efficient arithmetic variant of Yao\'s original construction. Our construction transforms an arithmetic circuit $C : \\mathbb{Z}^n\\to\\mathbb{Z}^m$ over integers from a bounded (but possibly exponential) range into a garbled circuit $\\hat{C}$ along with $n$ affine functions $L_i : \\mathbb{Z}\\to \\mathbb{Z}^k$ such that $\\hat{C}$ together with the $n$ integer vectors $L_i(x_i)$ reveal $C(x)$ and no additional information about $x$. The security of our construction relies on the intractability of the learning with errors (LWE) problem.

00:17 [Pub][ePrint]

A prominent strand within the side-channel literature is the quest for generic strategies: methods by which data-dependent leakage measurements may be fruitfully analysed with minimal a priori insight into the processes occasioning that leakage. In this paper, we introduce a well-reasoned formal definition for a generic strategy\', enabling us, for the first time, to clarify precise conditions (on the target function) under which (asymptotic) success is possible. The range of vulnerable targets is shown to be limited---noninjectivity and nonlinearity being minimal requirements---and so the myth\' is somewhat dispelled. However, we then explore the particular opportunities presented by linear regression-based methods, which are able to operate generically, but can in fact be leveraged by non-specific intuition about the leakage through the application of a model building technique called stepwise regression. Thus a minor relaxation of the strict generic assumptions `magically\' produces asymptotically successful outcomes even against injective targets.

00:17 [Pub][ePrint]

The Galois configuration of Nonlinear Feedback Shift Registers

(NLFSRs) is attractive for stream ciphers for which high throughput

is very important. In this paper, we prove that any Galois NLFSR can be transformed into an equivalent NLFSR in the Fibonacci configuration, which is the conventional conguration of NLFSRs. The transformation is mentioned in the proof. The mapping between the initial states of the Galois NLFSR and its equivalent Fibonacci configuration is also derived. Moreover, some properties of Galois NLFSRs are presented.

00:17 [Pub][ePrint]

Developers building cryptography into security-sensitive applications

face a daunting task. Not only must they understand the security

guarantees delivered by the constructions they choose,

they must also implement and combine them correctly and

efficiently.

Cryptographic compilers free developers from having to implement

cryptography on their own by turning high-level specifications

of security goals into efficient implementations. Yet, trusting such

tools is hard as they rely on complex mathematical

machinery and claim security properties that are subtle and difficult

to verify.

In this paper, we present ZKCrypt, an optimizing cryptographic compiler that achieves an unprecedented level of assurance without sacrificing

practicality for a comprehensive class of cryptographic protocols, known

as Zero Knowledge Proofs of Knowledge. The pipeline of ZKCrypt tightly

integrates purpose-built verified compilers and verifying compilers

producing formal proofs in the CertiCrypt framework. By combining the

guarantees delivered by each stage in the pipeline, ZKCrypt provides

assurance that the implementation it outputs securely

realizes the high-level proof goal given as input. We report on the

main characteristics of ZKCrypt, highlight new definitions and concepts

at its foundations, and illustrate its applicability through a

representative example of an anonymous credential system.

00:17 [Pub][ePrint]

In this study, a novel pairing based strong designated verifier signature

scheme based on non-interactive zero knowledge proofs is proposed. The security of

the proposal is presented by sequences of games without random oracles; furthermore,

this scheme has a security proof for the property of privacy of the signer\'s identity in

comparison with the scheme proposed by Zhang et al. in 2007. In addition, this proposal

compared to the scheme presented by Huang et al. in 2011 supports non-delegatability.

The non-delegatability of our proposal is achieved since we do not use the common secret

key shared between the signer and the designated verifier in our construction. Furthermore,

if a signer delegates her signing capability which is derived from her secret key on

a specific message to a third party, then, the third party cannot generate a valid designated

verifier signature due to the relaxed special soundness of the non-interactive zero

knowledge proof. To the best of our knowledge, this construction is the first attempt to

generate a designated verifier signature scheme with non-delegatability in the standard

model, while satisfying of non-delegatability property is loose.

00:17 [Pub][ePrint]

In this paper, we point out a new weakness of the AES key schedule by revisiting an old observation exploited by many known attacks. We also discover a major cause for this weakness is that the column-by-column word-wise property in the key schedule matches nicely with the MixColumns operation in the cipher\'s diffusion layer. Then we propose a new key schedule by minor modification to increase the security level for AES. First, it reduces the number of rounds that some attacks are effective, such as SQUARE attacks and meet-in-the-middle attacks; Second, it is interesting that our new key schedule also protects AES from the most devastating related-key differential type attacks, which work against AES-192 and AES-256 with the full number of rounds. Compared with the original key schedule, ours just does a transposition on the output matrix of the subkeys. Compared with other proposed modifications of AES key schedule, our modification adds no non-linear operations, no need to complicate the diffusion method, or complicate the iteration process of generating subkeys. Finally, our results suggest that the route of diffusion propagation should get more attention in the design of key schedules.

00:17 [Pub][ePrint]

In this paper, we introduce the abstraction of Dual Form Signatures as a useful framework for proving security (existential unforgeability) from static assumptions for schemes with special structure that are used as a basis of other cryptographic protocols and applications. We demonstrate the power of this framework by proving security under static assumptions for close variants of pre-existing schemes:

\\begin{itemize}

\\item the LRSW-based Camenisch-Lysyanskaya signature scheme

\\item the identity-based sequential aggregate signatures of Boldyreva, Gentry, O\'Neill, and Yum.

\\end{itemize}

The Camenisch-Lysyanskaya signature scheme was previously proven only under the interactive LRSW assumption, and our result can be viewed as a static replacement for the LRSW assumption. The scheme of Boldyreva, Gentry, O\'Neill, and Yum was also previously proven only under an interactive assumption that was shown to hold in the generic group model. The structure of the public key signature scheme underlying the BGOY aggregate signatures is quite distinctive, and our work presents the first security analysis of this kind of structure under static assumptions.

We view our work as enhancing our understanding of the security of these signatures, and also as an important step towards obtaining proofs under the weakest possible assumptions.

Finally, we believe our work also provides a new path for proving security of signatures with embedded structure. Examples of these include:

attribute-based signatures, quoteable signatures, and signing group elements.

2012-05-09
09:58 [PhD][New]

Name: Christophe Giraud
Topic: Attacks on embedded cryptosystems and corresponding countermeasures
Category: implementation

Description: Side channel attacks are a very powerful tool used to recover secrets stored in embedded devices such as smart cards. By analysing the power consumption, the electromagnetic radiations or by disturbing the device, an attacker can easily obtain secret keys used by non protected embedded cryptosystems. The subject of this thesis is to extend the impact of side channel analysis by presenting new attacks and new countermeasures. The latter must have a very small impact on the performance of the algorithm since the embedded environment is limited in terms of both memory space and computation power.\r\nFirstly, we focus on Power Analysis countermeasures. We describe a method to protect the elliptic curve scalar multiplication from Simple Analysis. Then, we propose a countermeasure against Di?erential Analysis on DES and AES and a generic method to protect S-Box access. Secondly, we deal with Fault Attacks. After presenting a general overview of this ?eld, we propose new fault attacks on cryptosystems such as AES and XTR which haven’t yet been successfully impacted. Then, we improve some existing attacks on several signature schemes in order to be able to put these attacks into practice. Finally, we present new countermeasures on XTR and on the RSA cryptosystem.[...]

04:32 [Event][New]

Submission: 20 May 2012
From September 10 to September 14
Location: Singapore, Singapore

2012-05-08
18:51 [PhD][New]

Name: Nicolás González-Deleito
Topic: Trust relationships in exchange protocols
Category: cryptographic protocols

18:50 [PhD][New]

Name: Yves Roggeman