International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2012-12-18
13:17 [Pub][ePrint] Cryptanalysis of WIDEA, by Gaëtan Leurent

  WIDEA is a family of block ciphers designed by Junod and Macchetti in

2009 as an extension of IDEA to larger block sizes (256 and 512 bits for

the main instances WIDEA-4 and WIDEA-8) and key sizes (512 and 1024

bits), with a focus on using them to design a hash function. WIDEA is

based on the trusted IDEA design, and was expected to inherit its good

security properties. WIDEA-w is composed of w parallel copies of the

IDEA block cipher, with an MDS matrix to provide diffusion between them.

In this paper we present low complexity attacks on WIDEA based on

truncated differentials. We show a distinguisher for the full WIDEA

with complexity only 2^65, and we use the distinguisher in a

key-recovery attack with complexity w·2^68. We also show a collision

attack on WIDEA-8 if it is used to build a hash function using the

Merkle-Damgård mode of operation.

The attacks exploit the parallel structure of WIDEA and the limited

diffusion between the IDEA instances, using differential trails where

the MDS diffusion layer is never active. In addition, we use structures

of plaintext to reduce the data complexity.



13:17 [Pub][ePrint] Calling out Cheaters: Covert Security With Public Verifiability, by Gilad Asharov and Claudio Orlandi

  We introduce the notion of covert security with public verifiability, building on the covert security model introduced by Aumann and Lindell (TCC 2007). Protocols that satisfy covert security guarantee that the honest parties involved in the protocol will notice any cheating attempt with some constant probability $\\epsilon$. The idea behind the model is that the fear of being caught cheating will be enough of a deterrent to prevent any cheating attempt. However, in the basic covert security model, the honest parties are not able to persuade any third party (say, a judge) that a cheating occurred.

We propose (and formally define) an extension of the model where, when an honest party detects cheating, it also receives a certificate that can be published and used to persuade other parties, without revealing any information about the honest party\'s input. In addition, malicious parties cannot create fake certificates in the attempt of framing innocents.

Finally, we construct a secure two-party computation protocol for any functionality $f$ that satisfies our definition, and our protocol is almost as efficient as the one of Aumann and Lindell. We believe that the fear of a public humiliation or even legal consequences vastly exceeds the deterrent given by standard covert security. Therefore, even a small value of the deterrent factor $\\epsilon$ will suffice in discouraging any cheating attempt.

As the overall complexity of covert security and the parameter $\\epsilon$ are inversely proportional to each other, we believe that the small price to pay to get the public verifiability property on top of covert security will be dominated by the efficiency gain obtained by using a smaller value $\\epsilon$.





2012-12-17
14:09 [Job][New] PostDoc Position in Lightweight Cryptography for the Internet of Things, Laboratory of Algorithmics, Cryptology and Security (LACS), University of Luxembourg

 

LACS at the University of Luxembourg is looking for a post-doctoral researcher in the area of lightweight cryptography. The successful candidate will contribute to a research project entitled Applied Cryptography for the Internet of Things (ACRYPT), which is funded by the Fonds National de la Recherche (FNR). Besides conducting high-quality research, the tasks associated with this position include the co-supervision of a Ph.D. student and the dissemination of research results. The ACRYPT project is led by Prof. Alex Biryukov and expected to start in summer 2013.

Candidates must hold a Ph.D. degree (or be in the final stages of a Ph.D. program) in cryptography or a closely related discipline. Applications from researchers with experience in embedded systems security, network security, privacy/anonymity, or mobile/wireless security will also be considered. Preference will be given to candidates with a strong publication record including papers in top-tier crypto/security conference proceedings or journals. Candidates with an interest to conduct leading-edge research in one of the following areas are particularly encouraged to apply:

  • Design and analysis of symmetric cryptographic primitives
  • Efficient implementation of cryptosystems in hardware and/or software
  • Physical attacks (SPA, DPA, fault attacks, etc.) and countermeasures

The position is offered on basis of a fixed-term contract for a duration of three years, which includes a probation period of six months. The monthly salary is roughly 3,600 € net (i.e. after deduction of taxes and social security contributions). Interested candidates are invited to submit their application by email to lacs.acrypt(at)gmail.com. The application material should contain a cover letter explaining the candidate\'s motivation and research interests, a detailed CV (including photo), a list of publications, copies of diploma certificates, and names and contact detai

07:01 [Event][New] STCT-CISIS2013: Security and Trusted Computing Track at CISIS 2013

  Submission: 15 January 2013
Notification: 1 March 2013
From July 3 to July 5
Location: Taichung, Taiwan
More Information: http://voyager.ce.fit.ac.jp/conf/cisis/2013/committee.html#security




2012-12-15
13:12 [Event][New] PST 2013: Eleventh annual Conference on Privacy, Security and Trust

  Submission: 17 March 2013
Notification: 10 May 2013
From July 10 to July 12
Location: Tarragona, Catalonia, Spain
More Information: http://unescoprivacychair.urv.cat/pst2013/index.php


13:11 [Job][Update] GCHQ Sponsored PhD Studentship , Queen’s University Belfast, Centre for Secure Information Technologies (CSIT), UK

  The Government Communications Headquarters (GCHQ) in Cheltenham has agreed in principle to sponsor a PhD/Doctoral Studentship at CSIT, Queens University Belfast in the area of Novel Application of Advanced Machine Learning Techniques for use in Side Channel Analysis Attacks.

This GCHQ-sponsored PhD studentship provides funding for 3.5 years and commences on 31 September 2013 with a proposed end date of March/April 2017. GCHQ will cover the costs of university fees and will provide an annual stipend to the student corresponding to the National Minimum Stipend (currently £13,590 per annum) plus an additional sum of £7,000 per annum (both tax free). For comparison this is equivalent to approx. £26,555 annual salary. A further £5k of funding will also be available per annum for travel to conferences, collaborative partners, and GCHQ visits.

The studentship is only open to UK nationals and the successful candidate will be required to spend in the region of 2 - 4 weeks per year at GCHQ headquarters in Cheltenham. To be considered for this studentship, candidates must therefore be prepared to undergo GCHQ\\\'s security clearance procedures.



13:11 [Job][New] GCHQ Sponsored PhD Studentship , Queen’s University Belfast, Centre for Secure Information Technologies (CSIT)

  The Government Communications Headquarters (GCHQ) in Cheltenham has agreed in principle to sponsor a PhD/Doctoral Studentship at CSIT, Queens University Belfast in the area of Novel Application of Advanced Machine Learning Techniques for use in Side Channel Analysis Attacks.

This GCHQ-sponsored PhD studentship provides funding for 3.5 years and commences on 31 September 2013 with a proposed end date of March/April 2017. GCHQ will cover the costs of university fees and will provide an annual stipend to the student corresponding to the National Minimum Stipend (currently £13,590 per annum) plus an additional sum of £7,000 per annum (both tax free). For comparison this is equivalent to approx. £26,555 annual salary. A further £5k of funding will also be available per annum for travel to conferences, collaborative partners, and GCHQ visits.

The studentship is only open to UK nationals and the successful candidate will be required to spend in the region of 2 - 4 weeks per year at GCHQ headquarters in Cheltenham. To be considered for this studentship, candidates must therefore be prepared to undergo GCHQ\'s security clearance procedures.





2012-12-14
22:17 [Pub][ePrint] Cryptanalysis of RAKAPOSHI Stream Cipher, by Lin Ding and Jie Guan

  RAKAPOSHI is a hardware oriented stream cipher designed by Carlos Cid et al. in 2009. The stream cipher is based on Dynamic Linear Feedback Shift Registers, with a simple and potentially scalable design, and is particularly suitable for hardware applications with restricted resources. The RAKAPOSHI stream cipher offers 128-bit security. In this paper, we point out some weaknesses in the cipher. Firstly, it shows that there are 2^192 weak (key, IV) pairs in RAKAPOSHI stream cipher. Secondly, for weak (key, IV) pairs of RAKAPOSHI, they are vulnerable to linear distinguishing attack and algebraic attack. Finally, we propose a real time related key chosen IV attack on RAKAPOSHI. The attack on RAKAPOSHI recovers the 128-bit secret key of with a computational complexity of 2^37, requiring 47 related keys, 2^8 chosen IVs and 2^14.555 keystream bits. The success probability of this attack is 0.999, which is quite close to 1. The experimental results corroborate our assertion.



22:17 [Pub][ePrint] Verifiable Elections That Scale for Free, by Melissa Chase and Markulf Kohlweiss and Anna Lysyanskaya and Sarah Meiklejohn

  In order to guarantee a fair and transparent voting process, electronic voting schemes must be verifiable. Most of the time, however, it is important that elections also be anonymous. The notion of a verifiable shuffle describes how to satisfy both properties at the same time: ballots are submitted to a public bulletin board in encrypted form, verifiably shuffled by several mix servers (thus guaranteeing anonymity), and then verifiably decrypted by an appropriate threshold decryption mechanism. To guarantee transparency, the intermediate shuffles and decryption results, together with proofs of their correctness, are posted on the bulletin board throughout this process.

In this paper, we present a verifiable shuffle and threshold decryption scheme in which, for security parameter k, L voters, M mix servers, and N decryption servers, the proof that the end tally corresponds to the original encrypted ballots is only O(k(L + M + N)) bits long. Previous verifiable shuffle constructions had proofs of size O(kLM + kLN), which, for elections with thousands of voters, mix servers, and decryption servers, meant that verifying an election on an ordinary computer in a reasonable amount of time was out of the question.

The linchpin of each construction is a controlled-malleable proof (cm-NIZK), which allows each server, in turn, to take a current set of ciphertexts and a proof that the computation done by other servers has proceeded correctly so far. After shuffling or partially decrypting these ciphertexts, the server can also update the proof of correctness, obtaining as a result a cumulative proof that the computation is correct so far. In order to verify the end result, it is therefore sufficient to verify just the proof produced by the last server.



22:17 [Pub][ePrint] 5PM: Secure Pattern Matching, by Joshua Baron and Karim El Defrawy and Kirill Minkovich and Rafail Ostrovsky and Eric Tressler

  In this paper we consider the problem of secure pattern matching that allows

single-character wildcards and substring matching in the malicious (stand-alone) setting.

Our protocol, called 5PM, is executed between

two parties: Server, holding a text of length $n$, and

Client, holding a pattern of length $m$ to be matched

against the text, where our notion of matching is more general and includes non-binary alphabets, non-binary Hamming distance and non-binary substring matching.

5PM is the first secure expressive pattern matching protocol designed to optimize round complexity by carefully specifying the entire protocol round by round. In the malicious model, 5PM requires $O((m+n)k^2)$ bandwidth and $O(m+n)$ encryptions, where $m$ is the pattern length and $n$ is the text length. Further, 5PM can hide pattern size with no asymptotic additional costs in either computation or bandwidth. Finally, 5PM requires only two rounds of communication

in the honest-but-curious model and eight rounds in the malicious model. Our techniques reduce

pattern matching and generalized Hamming distance problems to a novel linear algebra formulation that allows for generic solutions based on any additively homomorphic encryption. We believe our efficient algebraic techniques are of independent interest.



22:17 [Pub][ePrint] Is Public-Key Encryption Based on LPN Practical?, by Ivan Damg{\\aa}rd and Sunoo Park

  We conduct a practically oriented study of the cryptosystem suggested by Alekhnovich based on the Learning Parity with Noise (LPN) problem. We consider several improvements to the scheme, inspired by similar existing variants of Regev\'s LWE-based cryptosystem. Our conclusion is that LPN-based public-key cryptography indeed seems practical. Based on known attacks on LPN, we found that for 80-bit security, while making very conservative choices of parameters for LPN, the timings for transmitting a key for a symmetric cryptosystem are somewhat worse than for RSA, but not prohibitive for practical use.