*07:37*[Event][New] TCC2013: The Tenth Theory of Cryptography Conference

Submission: 1 September 2012

Notification: 1 December 2012

From March 3 to March 6

Location: Tokyo, Japan

More Information: http://tcc2013.com/

Get an update on changes of the IACR web-page here. For questions, contact *newsletter (at) iacr.org*.
You can also get this service via

- eMail subscription
- RSS (select channels below)
- Web (all channels)

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

Submission: 1 September 2012

Notification: 1 December 2012

From March 3 to March 6

Location: Tokyo, Japan

More Information: http://tcc2013.com/

2012-08-11

Submission: 30 September 2012

Notification: 15 November 2012

From January 11 to January 12

Location: Greater Noida, India

More Information: http://qshine.org/2013/show/home

2012-08-09

The APSIA Group (APplied Security and Information Assurance), led by Prof P Y A Ryan, along with the University of Applied Science in Berne, has recently been awarded a joint INTER project (funded by the FNR in Luxembourg and the SNF in Switzerland), to study verifiable, secure internet voting. The APSIA Group is seeking a highly qualified post-doctoral researcher for this project.

The VIVO project, a joint project with Prof Rolf Haenni of the University of Applied Sciences in Berne, will develop and evaluate novel approaches to ensuring the security (verifiability, coercion-resistance etc.) of internet voting. You will be working with Prof Ryan and members of the APSIA team as well as collaborating with Prof Haenni and members of the Berne e-voting group (http://e-voting.bfh.ch/).

Submission: 7 October 2012

Notification: 5 November 2012

From December 14 to December 16

Location: Washington DC, USA

More Information: http://www.securityengineeringforum.org/rise12/

Submission: 27 March 2012

Notification: 7 July 2012

From September 13 to September 13

Location: Leuven, Belgium

More Information: http://www.proofs-workshop.org/

2012-08-08

At CRYPTO 2008 Stam conjectured that if an $(m\\!+\\!s)$-bit

to $s$-bit compression function $F$ makes $r$ calls to a primitive $f$

of $n$-bit input, then a collision for $F$ can be obtained (with high

probability) using $r2^{(nr-m)/(r+1)}$ queries to $f$, which is sometimes

less than the birthday bound. Steinberger (Eurocrypt 2010) proved Stam\'s

conjecture up to a constant multiplicative factor for most cases in

which $r = 1$ and for certain other cases that reduce to the case

$r = 1$. In this paper we prove the general case of Stam\'s conjecture

(also up to a constant multiplicative factor). Our result is

qualitatively different from Steinberger\'s, moreover, as we show the

following novel threshold phenomenon: that exponentially many (more

exactly, $2^{s-2(m-n)/(r+1)}$) collisions are obtained with high

probability after $O(1)r2^{(nr-m)/(r+1)}$ queries. This in particular

shows that threshold phenomena observed in practical compression

functions such as JH are, in fact, unavoidable for compression

functions with those parameters. (This is the full version of the

same-titled article that appeared at CRYPTO 2012.)

2012-08-07

In this paper, we focus on the problem of minimizing ciphertext overhead, and discuss the (im)possibility of constructing key encapsulation mechanisms (KEMs) with low ciphertext overhead. More specifically, we rule out the existence of algebraic black-box reductions from the (bounded) CCA security of a natural class of KEMs to any non-interactive problem. The class of KEMs captures the structure of the currently most efficient KEMs defined in standard prime order groups, but restricts an encapsulation to consist of a single group element and a string. This result suggests that we cannot rely on existing techniques to construct a CCA secure KEM in standard prime order groups with a ciphertext overhead lower than two group elements. Furthermore, we show how the properties of an (algebraic) programmable hash function can be exploited to construct a simple, efficient and CCA secure KEM based on the hardness of the decisional Diffie-Hellman problem with the ciphertext overhead of just a single group element. Since this KEM construction is covered by the above mentioned impossibility result, this enables us to derive a lower bound on the hash key size of an algebraic programmable hash function, and rule out the existence of algebraic $({\\sf poly},n)$-programmable hash functions in prime order groups for any integer $n$. The latter result answers an open question posed by Hofheinz and Kiltz (CRYPTO\'08) in the case of algebraic programmable hash functions in prime order groups.

Sensitive electronic data may be required to remain confidential for long periods of time. Yet encryption under a computationally secure cryptosystem cannot provide a guarantee of long term confidentiality, due to potential advances in computing power or cryptanalysis. Long term confidentiality is ensured by information theoretically secure ciphers, but at the expense of impractical key agreement and key management.

We overview known methods to alleviate these problems, whilst retaining some form of information theoretic security relevant for long term confidentiality.

Liskov, Rivest and Wagner formalized the tweakable blockcipher (TBC) primitive at CRYPTO\'02. The typical recipe for instantiating a TBC is to start with a blockcipher, and then build up a construction that admits a tweak. Almost all such constructions enjoy provable security only to the birthday bound, and the one that does achieve security beyond the birthday bound (due to Minematsu) severely restricts the tweak size and requires per-invocation blockcipher rekeying.

This paper gives the first TBC construction that simultaneously allows for arbitrarily \"wide\" tweaks, does not rekey, and delivers provable security beyond the birthday bound. Our construction is built from a blockcipher and an $\\eAXU$ hash function.

As an application of the TBC primitive, LRW suggest the TBC-MAC construction (similar to CBC-MAC but chaining through the tweak), but leave open the question of its security. We close this question, both for TBC-MAC as a PRF and a MAC. Along the way, we find a nonce-based variant of TBC-MAC that has a tight reduction to the security of the underlying TBC, and also displays graceful security degradation when nonces are misused. This result is interesting on its own, but it also serves as an application of our new TBC construction, ultimately giving a variable input-length PRF with beyond birthday-bound security.

CHES 2012 will feature 2 invited talks

Steven Murdoch

University of Cambridge, UK

Title: "Banking Security: Attacks and Defences"

Christof Tarnovsky

Flylogic Engineering

Title: TBD

2012-08-06

We present a generalization to genus 2 of the probabilistic

algorithm in Sutherland~\\cite{Sutherland} for computing Hilbert class polynomial˻s. The improvement over the algorithm presented

in~\\cite{BGL} for the genus 2 case, is that we do not need to find a

curve in the isogeny class with endomorphism ring which is the maximal

order: rather we present a probabilistic algorithm for ``going up\'\' to a {\\it

maximal} curve (a curve with maximal endomorphism ring), once we find {\\it

any} curve in the right isogeny class. Then we use the structure of the

Shimura class group and the computation of $(\\ell,\\ell)$-isogenies to

compute all isogenous maximal curves from an initial one.