International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2012-07-11
18:17 [Pub][ePrint] On the Joint Security of Signature and Encryption Schemes under Randomness Reuse: Efficiency and Security Amplification, by Afonso Arriaga and Manuel Barbosa and Pooya Farshim

  We extend the work of Bellare, Boldyreva and Staddon on the systematic analysis of randomness reuse to construct multi-recipient

encryption schemes to the case where randomness is reused across different cryptographic primitives. We find that through the additional binding introduced through randomness reuse, one can actually obtain a security amplification with respect to the standard black-box compositions, and achieve a stronger level of security. We introduce stronger notions of security for encryption and signatures,

where challenge messages can depend in a restricted way on the random coins used in encryption, and show that two variants of the KEM/DEM paradigm give rise to encryption schemes that meet this enhanced notion of security. We obtain a very efficient signcryption scheme that is

secure against insider attackers without random oracles.



18:17 [Pub][ePrint] Formalization of Information-Theoretic Security for Encryption and Key Agreement, Revisited, by Junji Shikata

  In this paper, we revisit formalizations of information-theoretic security for symmetric-key encryption and key agreement protocols. In general, we can formalize information-theoretic security in various ways: some of them can be formalized as stand-alone security by extending (or relaxing) Shannon\'s perfect secrecy; some of them can be done based on composable security. Then, a natural question about this is: what is the gap between the formalizations? To answer the question, we investigate relationships between several formalizations of information-theoretic security for symmetric-key encryption and key agreement protocols. Specifically, for symmetric-key encryption protocols which may have decryption-errors, we deal with the following formalizations of security: formalizations extended (or relaxed) from Shannon\'s perfect secrecy by using mutual information and statistical distance; information-theoretic analogue of indistinguishability by Goldwasser and Micali; and the ones of composable security by Maurer et al. and Canetti. Then, we show that those formalizations are essentially equivalent under both one-time and multiple-use models. Under the both models, we also derive lower bounds of the adversary\'s (or distinguisher\'s) advantage and secret-key size required under all of the above formalizations. Although some of them are already known, we can derive them all at once through our relationships between the formalizations. In addition, we briefly observe impossibility results which easily follow from the lower bounds. The similar results are also shown for key agreement protocols which may have agreement-errors.



12:23 [Job][Update] Teaching Position (Tenure), Salary A13/A14, Ruhr University Bochum, Germany

  At the RUB a teaching position (tenured) is open. The German job name is \\\"Akademischer Rat\\\", with a teaching load of 13 hours per week. This is a postdoc position, a Ph.D. degree is required.

This teching position is located at the chair for Network and Data Security (www.nds.rub.de). Applicants should have a strong publication record in the areas of cryptographic protocols, web security, or webservice security.

Due to the large teaching load, excellent knowledge of German language is reqired.



2012-07-09
11:49 [Job][New] Teaching Position (Tenure), Salary A13/A14, Ruhr University Bochum, Germany

  At the RUB a teaching position (tenured) is open. The German job name is \"Akademischer Rat\", with a teaching load of 13 hours per week. This is a postdoc position, a Ph.D. degree is required.

This teching position is located at the chair for Network and Data Security (www.nds.rub.de). Applicants should have a strong publication record in the areas of cryptographic protocols, web security, or webservice security.

Due to the large teaching load, excellent knowledge of German language is reqired.

05:48 [PhD][New] Tal Malkin

  Name: Tal Malkin


05:47 [PhD][New] Ilya Kizhvatov: Physical Security of Cryptographic Algorithm Implementations

  Name: Ilya Kizhvatov
Topic: Physical Security of Cryptographic Algorithm Implementations
Category: implementation

Description:

This thesis deals with physical attacks on implementations of cryptographic algorithms and countermeasures against these attacks. Physical attacks exploit properties of an implementation such as leakage through physically observable parameters (side-channel analysis) or susceptibility to errors (fault analysis) to recover secret cryptographic keys. In the absence of adequate countermeasures such attacks are often much more efficient than classical cryptanalytic attacks. Particularly vulnerable to physical attacks are embedded devices that implement cryptography in a variety of security-demanding applications.

\r\n

In the area of side-channel analysis, this thesis addresses attacks that exploit observations of power consumption or electromagnetic leakage of the device and target symmetric cryptographic algorithms (at the notable example of the Advanced Encryption Standard (AES)). First, this work proposes a new combination of two well-known techniques of such attacks: differential side-channel analysis and side-channel collision attacks. The combination is more efficient than each of the attacks individually. As a further improvement, new dimension reduction techniques for side-channel acquisitions are introduced for side-channel collision detection and compared using an information-theoretic metric. Second, this work studies attacks exploiting leakage induced by microprocessor cache mechanism. We present an algorithm for cache-collision attacks that can recover the secret key in the presence of uncertainties in cache event detection from side-channel acquisitions, which may happen in a noisy measurement environment. Third, practical side-channel attacks are discovered against the AES engine of the AVR XMEGA, a recent versatile microcontroller for a variety of embedded applications.

\r\n

In the area of fault analysis, this thesis extends existing attacks against the RSA digital signature algorithm implemented with the Chinese remainder theorem to a setti[...]


05:47 [PhD][New] Seung Geol Choi: On Adaptive Security and Round Efficiency in Secure Multi-party Computation

  Name: Seung Geol Choi
Topic: On Adaptive Security and Round Efficiency in Secure Multi-party Computation
Category: cryptographic protocols





2012-07-08
12:52 [Conf][Crypto] Early Registration Deadline for CRYPTO is TODAY!

  Link to online registration --

http://www.iacr.org/conferences/crypto2012/registration-2012.html



2012-07-06
21:17 [Pub][ePrint] Enhancing Location Privacy for Electric Vehicles (at the right time), by Joseph Liu and Man Ho Au and Willy Susilo and Jianying Zhou

  An electric vehicle is a promising and futuristic automobile propelled by electric motor(s), using electrical energy stored in batteries or another energy storage device. Due to the need of battery recharging, the cars will be required to visit recharging infrastructure very frequently. This may disclose the users\' private information, such as their location, which may expose users\' privacy. In this paper, we provide mechanisms to enhance location privacy of electric vehicles at the right time, by proposing an anonymous payment system

with privacy protection support. Our technique further allows traceability in the case where the cars are stolen.



21:17 [Pub][ePrint] High-Throughput Hardware Architecture for the SWIFFT / SWIFFTX Hash Functions, by Tamás Györfi and Octavian Creţ and Guillaume Hanrot and Nicolas Brisebarre

  Introduced in 1996 and greatly developed over the last few years,

Lattice-based cryptography offers a whole set of primitives with nice

features, including provable security and asymptotic efficiency.

Going from ``asymptotic\'\' to ``real-world\'\' efficiency seems important

as the set of available primitives increases in size and

functionality. In this present paper, we explore the improvements that

can be obtained through the use of an FPGA architecture for

implementing an ideal-lattice based cryptographic primitive. We chose

to target two of the simplest, yet powerful and useful, lattice-based

primitives, namely the SWIFFT and SWIFFTX primitives. Apart from being

simple, those are also of central use for future primitives as

Lyubashevsky\'s lattice-based signatures.

We present a high-throughput FPGA architecture for the SWIFFT and

SWIFFTX primitives. One of the main features of this implementation is

an efficient implementation of a variant of the Fast Fourier Transform

of order 64 on $\\Z_{257}$. On a Virtex-5 LX110T FPGA, we are able to

hash 0.6GB/s, which shows a ca. 16$\\times$ speedup compared to SIMD

implementations of the literature. We feel that this demonstrates

the revelance of FPGA as a target architecture for the implementation

of ideal-lattice based primitives.



21:17 [Pub][ePrint] Construction of New Classes of Knapsack Type Public Key Cryptosystem Using Uniform Secret Sequence, K(II)$\\Sigma\\Pi$PKC, Constructed Based on Maximum Length Code, by Masao KASAHARA

  In this paper, we present a new class of knapsack type PKC referred to as K(II)$\\Sigma\\Pi$PKC.

In K(II)$\\Sigma\\Pi$PKC, Bob randomly constructs a very small subset of Alice\'s set of public key whose order is very large,

under the condition that the coding rate $\\rho$ satisfies $0.01 < \\rho < 0.5$.

In K(II)$\\Sigma\\Pi$PKC, no secret sequence such as super-increasing sequence or shifted-odd sequence but the sequence whose component is constructed by a product of the same number of many prime numbers of the same size, is used.

We show that K(II)$\\Sigma\\Pi$PKC is secure against the attacks such as LLL algorithm, Shamir\'s attack etc. , because a subset of Alice\'s public keys

is chosen entirely in a probabilistic manner at the sending end.

We also show that K(II)$\\Sigma\\Pi$PKC can be used as a member of the class of common key cryptosystems because the list

of the subset randomly chosen by Bob can be used as a common key between Bob and Alice,

provided that the conditions given in this paper are strictly observed,

without notifying Alice of his secret key through a particular secret channel.