International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2012-10-16
15:17 [Pub][ePrint] Concurrent Signatures without Random Oracles, by Xiao Tan and Qiong Huang and Duncan S. Wong

  Concurrent signatures provide a way to exchange digital signature among parties in an efficient and fair manner. To the best of our knowledge, all the existing solutions are all proven secure in the random oracle model, which is only heuristic. How to build an efficient concurrent signature scheme in the standard model has been remaining an open problem since the introduction in EUROCRYPT 2004. In this paper we answer the problem affirmatively and propose a novel construction of concurrent signature, the security of which does not rely on the random oracle assumption. The ambiguity of our scheme is slightly different from the existing schemes, requiring that any one can produce indistinguishable ambiguous signatures using merely public information. Security of the new scheme is based on Computational Diffie-Hellman (CDH) assumption in the standard model, which is a rather standard and well-studied assumption in cryptography.



15:17 [Pub][ePrint] A Framework for Unique Ring Signatures, by Matthew Franklin and Haibin Zhang

  We propose a simple, general, and unified framework for constructing unique ring signatures that simplify and capture the spirit of linkable ring signatures. The framework, which can be efficiently instantiated in the random oracle and the standard model, is obtained by generalizing the Bellare-Goldwasser ``PRF made public\" paradigm. Security of the first instantiation can be tightly related to the DDH problem. The scheme leads to the most efficient linkable/unique ring signature in the random oracle model, for a given level of provable security. The second one based on stronger assumptions partly simplifies and slightly improves sublinear size traceable ring signature of Fujisaki. Both of the improvements would be difficult without the general framework in hand.



15:17 [Pub][ePrint] Security Evaluations Beyond Computing Power: How to Analyze Side-Channel Attacks you Cannot Mount? , by Nicolas Veyrat-Charvillon and Benoît Gérard and François-Xavier Standaert

  Present key sizes for symmetric cryptography are usually required to be at least 80-bit long for short-term protection, and 128-bit long for long-term protection. However, current tools for security evaluations against side-channel attacks do not provide a precise estimation of the remaining key strength after some leakage has been observed, e.g. in terms of number of candidates to test. This leads to an uncomfortable situation, where the security of an implementation can be anywhere between enumerable values (i.e. $2^{40}$ -- $2^{50}$ key candidates to test) and the full key size (i.e. $2^{80}$ -- $2^{128}$ key candidates to test). In this paper, we mitigate this important issue, and describe a key rank estimation algorithm that provides tight bounds for the security level of leaking cryptographic devices. As a result and for the first time, we are able to analyze the full complexity of \"standard\" (i.e. divide-and-conquer) side-channel attacks, in terms of their tradeoff between time, data and memory complexity.



15:17 [Pub][ePrint] Defending Against the Unknown Enemy: Applying FlipIt to System Security, by Kevin D. Bowers and Marten van Dijk and Robert Griffin and Ari Juels and Alina Oprea and Ronald L. Rivest and Nikos Triandop

  Most cryptographic systems carry the basic assumption that entities

are able to preserve the secrecy of their keys. With attacks today showing ever increasing sophistication, however, this tenet is eroding. \"Advanced Persistent Threats\" (APTs), for instance, leverage zero-day exploits and extensive system knowledge to achieve full compromise of cryptographic keys and other secrets.Such compromise is often silent, with defenders failing to detect the loss of private

keys critical to protection of their systems. The growing virulence of today\'s threats clearly calls for new models of defenders\' goals and abilities.

In this paper, we explore applications of FlipIt, a novel game-theoretic model of system defense introduced recently. In FlipIt, an attacker periodically gains complete control of a system, with the unique feature that system compromises are stealthy, i.e., not immediately detected by the system owner, called the defender. We distill out several lessons from our study of FlipIt and demonstrate

their application to several real-world problems, including password reset policies, key rotation, VM refresh and cloud auditing.



15:17 [Pub][ePrint] Cryptanalysis of the OKH Authenticated Encryption Scheme, by Peng Wang and Wenling Wu and Liting Zhang

  Alomair proposed a new authenticated encryption scheme OKH at ACNS 2012, and proved the security, i.e. authenticity and privacy, of OKH. Our research shows that it is not the case. We only need one query to break the authenticity of OKH with success probability of $1$, and two queries to break the privacy of OKH with success probability of $1-1/2^n$, where $n$ is the block-length of underlying blockcipher.



15:17 [Pub][ePrint] On the security of two smart-card-based remote user authentication schemes for WSN, by Ding Wang and Chun-guang Ma

  Understanding security failures of cryptographic protocols is the key to both patching existing protocols and designing future schemes. The design of secure and efficient remote user authentication schemes for real-time data access in wireless sensor networks (WSN) is still an open and quite challenging problem, though many schemes have been proposed lately. In this study, we analyze two recent proposals in this research domain. Firstly, Das et al.\'s scheme is scrutinized, demonstrating its vulnerabilities to smart card security breach attack and privileged insider attack, which are among the security objectives pursued in their protocol specification. Then, we investigate a temporal-credential-based password authentication scheme introduced by Xue et al. in 2012. This protocol only involves hash and XOR operations and thus is suitable for the resource-constrained WSN environments where an external user wants to obtain real-time data from the sensor nodes inside WSN. However, notwithstanding their security arguments, we point out that Xue et al.\'s protocol is still vulnerable to smart card security breach attack and privileged insider attack, and fails to provide identity protection. The proposed cryptanalysis discourages any use of the two schemes under investigation in practice and reveals some subtleties and challenges in designing this type of schemes. Besides reporting the security flaws, we put forward a principle that is vital for designing more robust two-factor authentication schemes for WSN.



15:17 [Pub][ePrint] Using Randomizers for Batch Verification of ECDSA Signatures, by Sabyasachi Karati and Abhijit Das and Dipanwita Roychowdhury

  Randomizers are popularly used to prevent various types of attacks on batch-verification schemes. Recently, several algorithms based upon symbolic computation are proposed for the batch verification of ECDSA signatures. In this article, we demonstrate that the concept of randomizers can be easily embedded in these symbolic-computation algorithms. The performance degradation caused by randomizers is comparable with that associated with ECDSA*.



15:17 [Pub][ePrint] New Constructions and Proof Methods for Large Universe Attribute-Based Encryption, by Yannis Rouselakis and Brent Waters

  We propose two large universe Attribute-Based Encryption constructions. In a large universe ABE construction any string can be used as an attribute and attributes need not be enumerated at system setup. Our first construction establishes a novel large universe Ciphertext-Policy ABE scheme on prime order bilinear groups, while the second achieves

a significant efficiency improvement over the large universe Key-Policy ABE systems of Lewko-Waters and Lewko. Both schemes are selectively secure in the standard model under two \"q-type\" assumptions similar to ones used in prior works. Our work brings back \"program and cancel\" techniques to this problem.

We provide implementations and benchmarks of our constructions

in Charm; a programming environment for rapid prototyping of cryptographic primitives.



15:17 [Pub][ePrint] Quantitative Analysis of the Full Bitcoin Transaction Graph, by Dorit Ron and Adi Shamir

  The Bitcoin scheme is a rare example of a large scale global

payment system in which all the transactions are publicly

accessible (but in an anonymous way). We downloaded the full history

of this scheme, and analyzed many statistical properties of its

associated transaction graph. In this paper we answer for the

first time a variety of interesting questions about the typical

behavior of account owners, how they acquire and how they spend

their Bitcoins, the balance of Bitcoins they keep in their

accounts, and how they move Bitcoins between their various

accounts in order to better protect their privacy. In addition, we

isolated all the large transactions in the system, and discovered

that almost all of them are closely related to a single large

transaction that took place in November 2010, even though the

associated users apparently tried to hide this fact with many

strange looking long chains and fork-merge structures in the

transaction graph.



15:17 [Pub][ePrint] ON PROVABLY SECURE CODE-BASED SIGNATURE AND SIGNCRYPTION SCHEME, by Preetha Mathew K and Sachin Vasant and C Pandu Rangan

  Signcryption is a cryptographic protocol that provides authentication and confidentiality as a single primitive at a cost lower than the combined cost of sign and encryption. Due to the improved efficiency, signcryption schemes have found significant applications in areas related to E-commerce. Shor\'s algorithm [22] poses a threat to number-theoretic algorithms, as it can solve the number-theoretic hard problems in polynomial time using quantum computers. Therefore, code-based cryptography offers an exciting alternative to number-theoretic cryptography, as it is not only resistant to quantum algorithms, but also, the base operation (matrix-vector multiplication) is far less computationally intensive

compared to the modular exponentiation required in number-theoretic schemes. Courtois, Finiasz and Sendrier proposed the only practical code-based signature(CFS signature) [7]. It can be used to realise

many cryptographic primitives. But the signature is currently not provably secure due to the existence

of the high rate distinguisher [11]. In this paper, we make use of an alternate key-construct for the CFS

signature, and thus prove its existential unforgeability under chosen message attacks (EUF-CMA). Also,

we propose a code-based signcryption scheme and proved its security. To the best of our knowledge,

this is the first code-based, provably secure signature and signcryption scheme in literature.



15:17 [Pub][ePrint] SHADE: Secure HAmming DistancE computation from oblivious transfer, by Julien Bringer and Herve Chabanne and Alain Patey

  We introduce two new schemes for securely computing Hamming distance in the two-party setting. Our first scheme is a very efficient protocol, based solely on 1-out-of-2 Oblivious Transfer, that achieves full security in the semi-honest setting and one-sided security in the malicious setting. Moreover we show that this protocol is significantly more efficient than the previous proposals, that are either based on garbled circuits or on homomorphic encryption. Our second scheme achieves full security against malicious adversaries and is based on Committed Oblivious Transfer. These protocols have direct applications to secure biometric identification.