Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via
To receive your credentials via mail again, please click here.
You can also access the full news archive.
scheme which has everlasting privacy towards observers: all the information published on the bulletin board by the mixes (audit information etc) reveals no information about the identity of any of the messages published. The correctness of the mixing process is statistical: even if all authorities conspire, they cannot change the contents of any message without being detected with overwhelming probability. We accomplish this by encoding the messages submitted using so-called Pedersen commitments. Decoding (opening) these is possible because we create a parallel mix-net run by the same mixes to which the public has no access. This private mix-net uses the same permutations as the public one, but uses homomorphic encryption, which is used to send auxiliary information (messages, decommitment values) through the mix-net to allow decoding.
field $GF(2^m)$ generated with an irreducible all-one polynomial.
Redundant representation is used to reduce the time delay of the
proposed multiplier, while a three-term Karatsuba-like formula is
combined with this representation to decrease the space complexity.
As a result, the proposed multiplier requires about 10 percent fewer
AND/XOR gates than the most efficient bit-parallel multipliers using
an all-one polynomial, while it has almost the same time delay as
the previously proposed ones.
key bits in the diffusion path of round function.
This reminds us of the importance of the diffusion\'s relation between key schedule and round function.
We present new cryptanalysis results by exploring such diffusion relation and propose a new criterion for necessary key schedule diffusion.
We discuss potential attacks and summarize the causes for key schedules without satisfying this criterion.
One major cause is that overlapping between the diffusion of key schedule and round function leads to information leakage of key bits.
Finally, a measure to estimate our criterion for recursive key schedules is presented.
Today designing key schedule still lacks practical and necessary principles.
For a practical key schedule with limited diffusion, our work adds more insight to its requirements and helps to maximize the security level.
We propose two new game-based security models for KE protocols. First, we formalize a slightly stronger variant of the eCK security model that we call eCKw. Second, we integrate perfect forward secrecy into eCKw, which gives rise to the even stronger eCK-PFS model. We propose a security-strengthening transformation (i.e., a compiler) between our new models. Given a two-message Diffie-Hellman type protocol secure in eCKw, our transformation yields a two-message protocol that is secure in eCK-PFS. As an example, we show how our transformation can be applied to the NAXOS protocol.
variety of different cryptographic devices to reveal the imported
key. The attacks are padding oracle attacks, where error messages
resulting from incorrectly padded plaintexts are used as a side
channel. In the asymmetric encryption case, we modify and improve
Bleichenbacher\'s attack on RSA PKCS#1v1.5 padding, giving new
cryptanalysis that allows us to carry out the `million message
attack\' in a mean of 49 000 and median of 14 500 oracle calls in the
case of cracking an unknown valid ciphertext under a 1024 bit key
(the original algorithm takes a mean of 215 000 and a median of 163
000 in the same case). We show how implementation details of certain
devices admit an attack that requires only 9 400 operations on
average (3 800 median). For the symmetric case, we adapt Vaudenay\'s
CBC attack, which is already highly efficient. We demonstrate the
vulnerabilities on a number of commercially available cryptographic
devices, including security tokens, smartcards
and the Estonian electronic ID card. The attacks are
efficient enough to be practical: we give timing details for all
the devices found to be vulnerable, showing how our optimisations make a qualitative difference to the practicality of the attack.
We give mathematical analysis of the effectiveness of the attacks,
extensive empirical results, and a discussion of countermeasures and manufacturer reaction.
Ciphertext-Policy Attribute-based Encryption (CP-ABE) is a promising technique for access control of encrypted data. It requires a trusted authority manages all the attributes and distributes keys in the system. In cloud storage systems, there are multiple authorities co-exist and each authority is able to issue attributes independently.
However, existing CP-ABE schemes cannot be directly applied to the access control for multi-authority cloud storage systems, due to the inefficiency of decryption and revocation. In this paper, we propose DAC-MACS (Data Access Control for Multi-Authority Cloud Storage), an effective and secure data access control scheme with efficient decryption and revocation. Specifically, we construct a new multi-authority CP-ABE scheme with efficient decryption and also design an efficient attribute revocation method that can achieve both forward security and backward security. The analysis and the simulation results show that our DAC-MACS is highly efficient and provably secure under the security model.
Abstract Three time-memory tradeoff algorithms are compared in this paper. Specifically, the classical tradeoff algorithm by Hellman, the distinguished point tradeoff method, and the rainbow table method, in their non-perfect table versions, are treated. We show that, under parameters and assumptions that are typically considered in theoretic discussions of the tradeoff algorithms, the Hellman and distinguished point tradeoffs perform very close to each other and the rainbow table method performs somewhat better than the other two algorithms. Our method of comparison can easily be applied to other situations, where the conclusions could be different. The analysis of tradeoff efficiency presented in this paper does not ignore the effects of false alarms and also covers techniques for reducing storage, such as ending point truncations and index tables. Our comparison of algorithms fully takes into account success probabilities and precomputation efforts.