International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

21:17 [Pub][ePrint] Efficient UC-Secure Authenticated Key-Exchange for Algebraic Languages, by Olivier Blazy and CĂ©line Chevalier and David Pointcheval and Damien Vergnaud

  Authenticated Key Exchange (AKE) protocols enable two parties to

establish a shared, cryptographically strong key over an insecure network using various authentication means, such as cryptographic keys, short (i.e. low-entropy) secret keys or credentials. In this paper, we provide a general framework that encompasses several previous AKE primitives such as Password-Authenticated Key Exchange or Secret Handshakes. We call it LAKE for Language-Authenticated Key Exchange.

We first model this general primitive in the Universal Composability (UC) setting. Thereafter, we show that the Gennaro-Lindell approach can efficiently address this goal. But we need smooth projective hash functions on new languages, whose efficient implementations are of independent interest. We indeed provide such hash functions for languages defined by combinations of linear pairing product equations.

Combined with an efficient commitment scheme, derived from the highly-efficient UC-secure Lindell\'s commitment, we obtain a very practical realization of Secret Handshakes, but also Credential-Authenticated Key Exchange protocols.

All the protocols are UC-secure, in the standard model with a common reference string, under the classical Decisional Linear assumption.

21:17 [Pub][ePrint] Constant-Size Structure-Preserving Signatures: Generic Constructions and Simple Assumptions, by Masayuki Abe, Melissa Chase, Bernardo David, Markulf Kohlweiss, Ryo Nishimaki, Miyako Ohkubo

  This paper presents efficient structure-preserving signature schemes based on assumptions as simple as Decision-Linear. We first give two general frameworks for constructing fully secure signature schemes from weaker building blocks such as two-tier signatures and random-message secure signatures. They can be seen as refinements of the Even-Goldreich-Micali framework, and preserve many desirable properties of the underlying schemes such as constant signature size and structure preservation. We then instantiate them based on simple (i.e., not q-type) assumptions over symmetric and asymmetric bilinear groups. The resulting schemes are structure-preserving and yield constant-size signatures consisting of 11 to 17 group elements, which compares favorably to existing schemes relying on q-type assumptions for their security.

21:17 [Pub][ePrint] Protecting Last Four Rounds of CLEFIA is Not Enough Against Differential Fault Analysis, by Sk Subidh Ali and Debdeep Mukhopadhyay

  In this paper we propose a new differential fault analysis (DFA) on CLEFIA of 128-bit key. The proposed attack requires to induce byte faults at the fourteenth round of CLEFIA encryption. The attack uses only two pairs of fault-free and faulty ciphertexts and uniquely

determines the 128-bit secret key. The attacker does not need to know

the plaintext. The most efficient reported fault attack on CLEFIA, needs fault induction at the fifteenth round of encryption and can be performed with two pairs of fault-free and faulty ciphertexts and brute-force search of around 20 bits. Therefore, the proposed attack can evade the countermeasures against the existing DFAs which only protect the last four rounds of encryption. Extensive simulation results have been presented to validate the proposed attack. The simulation results show that the attack can retrieve the 128-bit secret key in around one minute of execution time. To the best of authors\' knowledge the proposed attack is the most efficient attack in terms of both the input requirements as well as the complexity.

21:17 [Pub][ePrint] Computationally-Fair Group and Identity-Based Key-Exchange, by Andrew C. Yao and Yunlei Zhao

  In this work, we re-examine some fundamental group key-exchange and identity-based key-exchange protocols, specifically the Burmester-Desmedet group key-exchange protocol [7] (re-ferred to as the BD-protocol) and the Chen-Kudla identity-based key-exchange protocol [9]

(referred to as the CK-protocol). We identify some new attacks on these protocols, showing in particular that these protocols are not computationally fair. Specifically, with our attacks, an

adversary can do the following damages:

(1) It can compute the session-key output with much lesser computational complexity than that of the victim honest player, and can maliciously nullify the contributions from the victim honest players.

(2) It can set the session-key output to be some pre-determined value, which can be efficiently and publicly computed without knowing any secrecy supposed to be held by the attacker.

We remark these attacks are beyond the traditional security models for group key-exchange and identity-based key-exchange.

Then, based on the computationally fair Diffie-Hellman key-

exchange in [21], we present some fixing approaches, and prove that the fixed protocols are computationally fair.

21:17 [Pub][ePrint] Fair Exchange of Short Signatures Without Trusted Third Party, by Philippe Camacho

  We propose a protocol to exchange Boneh-Boyen short signatures in a fair way, without relying on a trusted third party. Our protocol is quite practical and is the first of the sort to the bestof our knowledge.

Our construction uses a new non-interactive zero-knowledge (NIZK) argument to prove that a commitment is the encryption of a bit vector.

We also design a NIZK argument to prove that a commitment to a bit vector $v=(b_1,b_2,...,b_\\secparam)$ is such that $\\sum_{i \\in [\\secparam]}b_i2^{i-1}=\\Blinding$ where $\\Blinding$

is the discrete logarithm of some public value $\\BasicCommitment=g^\\Blinding$.These arguments may be of independent interest.

21:17 [Pub][ePrint] Ring Group Signatures, by Liqun Chen

  In many applications of group signatures, not only a signer\'s

identity but also which group the signer belongs to is sensitive

information regarding signer privacy. In this paper, we study these

applications and combine a group signature with a ring signature to

create a ring group signature, which specifies a set of possible

groups without revealing which member of which group produced the

signature. The main contributions of this paper are a formal

definition of a ring group signature scheme and its security model,

a generic construction and a concrete example of such a scheme. Both

the construction and concrete scheme are provably secure if the

underlying group signature and ring signature schemes are


21:17 [Pub][ePrint] Fully Homomorphic Message Authenticators, by Rosario Gennaro and Daniel Wichs

  We define and construct fully homomorphic message authenticators. In such a scheme, anybody can perform arbitrary computations over authenticated data and produce a short tag that authenticates the result of the computation. The user verifies this tag with her private key to ensure that the claimed result is indeed the correct output of the specified computation over previously authenticated data, without needing to know the underlying data itself. For example, a user can outsource the storage of large amounts of authenticated data to a remote server, and the server can later non-interactively certify the outputs of various computations over this data with only a short tag. Our construction uses fully homomorphic encryption in a novel way.

21:17 [Pub][ePrint] Efficient Dynamic Provable Possession of Remote Data via Update Trees, by Yihua Zhang and Marina Blanton

  The emergence and wide availability of remote storage service providers prompted work in

the security community that allows a client to verify integrity and availability of the data that

she outsourced to an untrusted remove storage server at a relatively low cost. Most recent

solutions to this problem allow the client to read and update (i.e., insert, modify, or delete)

stored data blocks while trying to lower the overhead associated with verifying the integrity

of the stored data. In this work we develop a novel scheme, performance of which favorably

compares with the existing solutions. Our solution enjoys a number of new features such as a

natural support for operations on ranges of blocks, revision control, and support for multiple

user access to shared content. The performance guarantees that we achieve stem from a novel

data structure termed a balanced update tree and removing the need to verify update operations.

21:17 [Pub][ePrint] An Adaptive-Ciphertext Attack against \"I $\\oplus$ C\'\' Block Cipher Modes With an Oracle, by Jon Passki and Tom Ritter

  Certain block cipher confidentiality modes are susceptible to an adaptive chosen-ciphertext attack against the underlying format of the plaintext. When the application decrypts altered ciphertext and attempts to process the manipulated plaintext, it may disclose information about intermediate values resulting in an oracle. In this paper we describe how to recognize and exploit such an oracle to decrypt ciphertext and control the decryption to result in arbitrary plaintext. We also discuss ways to mitigate and remedy the issue.

05:57 [PhD][Update] Olivier Markowitch: Non-repudiation protocols

  Name: Olivier Markowitch
Topic: Non-repudiation protocols
Category:cryptographic protocols

08:29 [Event][New] SecurIT: SecurIT 1st International Security Conference on Internet of Things

  Submission: 10 June 2012
From August 17 to August 19
Location: Kollam, India
More Information: