International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

19:17 [Pub][ePrint] Lower Bounds on the Information Ratio of Linear Secret Sharing Schemes, by Carles Padro

  Superpolynomial lower bounds on the average information ratio of linear secret sharing scheme are presented in this note for the first time. The previously known superpolynomial lower bounds applied only to the average information ratio of linear schemes in which the secret is a single field element. The new bounds are obtained by a simple adaptation of the techniques in those previous works.

04:17 [Pub][ePrint] Efficient Computation Outsourcing for Inverting a Class of Homomorphic Functions, by Fangguo Zhang and Xu Ma and Shengli Liu

  The rise of cloud computing and the proliferation of mobile devices make computation outsourcing popular. However, the servers are not fully trusted, and a critical problem is the verifiability and privacy of such computations. Although some computation outsoucing schemes provided a general method, the complicated cryptographic tools involved result in great inefficiency. The existing efficient computation outsourcing schemes however aim only at a specific computation task, lacking in generality. In this paper, we show how to construct a generic outsourcing computation scheme for inverting a class of homomorphic functions with computation disequilibrium. Extensive analysis shows that many cryptographic computations fall into this category. The formal security analysis proves that our scheme satisfies verifiability, input and output privacy in information-theoretic sense. Since the construction of our scheme tactfully takes advantage of the intrinsic property of the computation task being outsourced, no public key operations are used in the scheme, thus our solution clearly outperforms the existing schemes in terms of efficiency. In addition, we instantiate our generic construction with concrete examples, and the experimental result testifies the efficiency of our construction.

04:17 [Pub][ePrint] Towards Efficient Verifiable SQL Query for Outsourced Dynamic Databases in Cloud, by anonymized for paper review

  With the raising trend of outsourcing databases to the cloud server, it is important to efficiently and securely assure that the clients\' queries on the databases are executed correctly. To address this issue, server schemes have been proposed based on various cryptographic tools. However, these existing schemes have limitations in either communication cost or computational cost for verification. Meanwhile, only four types of SQL functional queries are supported in these schemes. It still remains as an open problem to design a verifiable SQL query scheme that provides affordable storage overhead, communication cost, computational cost and more SQL functional queries.

In this paper, we investigate this open problem and propose an efficient verifiable SQL query scheme for outsourced dynamic databases. Different from the previous state-of-the-art schemes, we reduce the complexity of storage overhead from O(mn) to O(n) and move most computation tasks from client side to cloud server side. Compared with the recently proposed scheme that also achieves O(n) storage overhead, we not only cut the communication complexity for verification from O(n) to O(log^n), but also release the client from O(n) exponentiation operations to O(1). In addition, our proposed scheme improves the previous ones by allowing more aggregate queries including variance query, weighted exponentiation sum query of any degrees, etc. Thorough analysis shows the efficiency and scalability of our proposed scheme. The security of our scheme is proved based on Strong Diffie-Hellman Assumption, Bilinear Strong Diffie-Hellman Assumption and Computational Diffie-Hellman Assumption.

04:17 [Pub][ePrint] Fast and Maliciously Secure Two-Party Computation Using the GPU, by Tore Kasper Frederiksen and Jesper Buus Nielsen

  We describe, and implement, a maliciously secure protocol for secure two-party computation, based on Yao\'s garbled circuit and an efficient OT extension, in a parallel computational model. The implementation is done using CUDA and yields the fastest results for maliciously secure two-party computation in a realistic and practical setting by using a simple consumer grade CPU and GPU. Our protocol further introduces some novel constructions in order to combine garbled circuits and an OT extension in a parallel and maliciously secure setting.

01:17 [Pub][ePrint] EMV Key Agreement, by Christina Brzuska and Nigel P. Smart and Bogdan Warinschi and Gaven J. Watson

  We present an analysis of the recently proposed key agreement protocol for use by EMV cards (a.k.a. chip-and-pin cards).

01:17 [Pub][ePrint] Detection of Cheaters in Non-interactive Polynomial Evaluation, by Maki Yoshida and Satoshi Obana

  In this paper, we consider both theoretical and practical aspects of

robust NI-PE (non-interactive polynomial evaluation with detection of

cheaters). First, we give a necessary condition of adversary structures for which perfectly robust NI-PE with small communication complexity exists. More precisely, we show that for any positive integers $n$, $m$ and $d>1$, an $n$-player access structure $U$, and an $n$-player adversary structure $T$, there exists a $U$-participating NI-PE scheme for $m$-variate polynomials over a finite field $F$ with $T$-private inputs such that (1) perfectly robust (i.e., successful cheating probability $\\epsilon=0$), (2) any polynomial of degree $d$ can be evaluated, and (3) the total size of shares of the output for some participating set is $o(m)\\times \\log |F|$, {\\em only if} $T$ is of type $Q_{d+1}$ for $U$, meaning that no $d+1$ sets in $T$ cover any set in $U$. Second, we give constructions of perfectly robust NI-PE schemes against threshold adversary and general adversary, respectively. All the proposed schemes ensure perfect robustness against $Q_{d+1}$ adversary, and computability of arbitrary polynomial of degree $d$. Third, we show that efficient robust NI-PE schemes against general adversary can be constructed by allowing cheaters very small chance of successful cheating. Namely, we construct two robust NI-PE schemes with $\\epsilon=1/|F|$ and the total size for shares of the output is only three times larger compared to the perfectly robust NI-PE scheme against threshold adversary.

01:17 [Pub][ePrint] CCA-Secure IB-KEM from Identity-Based Extractable Hash Proof Systems, by Yu Chen and Zongyang Zhang and Dongdai Lin and Zhenfu Cao

  In this paper, we introduce a general paradigm called identity-based extractable hash proof system (IB-EHPS), which is an extension of extractable hash proof system (EHPS) proposed by Wee (CRYPTO \'10). We show how to construct identity-based key encapsulation mechanism

(IB-KEM) from IB-EHPS in a simple and modular fashion. Our construction provides a generic method of building and interpreting CCA-secure IB-KEMs based on computational assumptions.

As instantiations, we realize IB-EHPS from the bilinear Diffie-Hellman assumption and the modified bilinear Diffie-Hellman assumption, respectively.

01:17 [Pub][ePrint] New Smooth Projective Hash Functions and One-Round Authenticated Key Exchange, by Fabrice Ben Hamouda and Olivier Blazy and C{\\\'e}line Chevalier and David Pointcheval and Damien Vergnaud

  Password-Authenticated Key Exchange (PAKE) has received deep

attention in the last few years, with a recent strong improvement by

Katz-Vaikuntanathan, and their one-round protocol: the two players just have to send simultaneous flows to each other, that depend on their own passwords only, to agree on a shared high entropy secret key. We follow their work with a further study of their new Smooth-Projective Hash Function framework, and namely we introduce new efficient instantiations on IND-CCA ciphertexts.

It allows us to design the most efficient PAKE known so far: a

one-round PAKE with two simultaneous flows consisting of 6 group elements each only, in any DDH-group.

Our scheme resists off-line dictionary attacks in the

Bellare-Pointcheval-Rogaway model, under the DDH assumption with a CRS.

We thereafter show how our new instantiations can prove more complex equations.

We then apply them to propose quite efficient instantiations in

the standard model of the more general family of protocols, termed

Langage-Authenticated Key Exchange.

They include quite concrete key exchange protocols, such as PAKE,

Verifier-based PAKE and Secret Handshakes.

In Verifier-based PAKE, the server knows a transformation of the password only, which limits impact of the corruption of the server, since exhaustive search would still have to be performed to recover the actual passwords.

In Secret Handshakes, two members of the same group want to identify each other secretly, in the sense that each party reveals his affiliation to the other only if they are members of the same group. Outsiders do not learn anything about the outcome of the protocol.

01:17 [Pub][ePrint] Improvements to NFC Mobile Transaction and Authentication Protocol, by Muhammad Qasim Saeed

  A protocol for NFC mobile authentication and transaction is recently proposed by W. Chen et al. This protocol is used for micropayments, where the Mobile Network Operator (MNO) pays for its customers. The main advantage of this protocol is its compatibility with the existing GSM network. This paper suggests some improvements in this protocol from security point of view. As this protocol is used for monetary transactions, it should be as secure as possible. This paper presents an improved version of the existing protocol with a detailed analysis at the end. The user interaction with the system is improved making

it more user friendly. An additional layer of security has been added by introducing PIN authentication by the user. Mutual authentication is improved by adding freshness by the mobile device in order to resist replay attack. We also add digital signatures with the transaction messages for data integrity and non-repudiation.

01:17 [Pub][ePrint] Batch Fully Homomorphic Encryption over the Integers, by Jean-Sébastien Coron and Tancrède Lepoint and Mehdi Tibouchi

  We extend the fully homomorphic encryption scheme over the integers of van Dijk et al. (DGHV) to batch fully homomorphic encryption, i.e. to a scheme that supports encrypting and homomorphically processing a vector of plaintext bits as a single ciphertext. Our variant remains semantically secure under the (error-free) approximate GCD problem. We also show how to perform arbitrary permutations on the underlying plaintext vector given the ciphertext and the public key. Our scheme offers competitive performance: we describe an implementation of the fully homomorphic evaluation of AES encryption, with an amortized cost of about 12 minutes per AES ciphertext on a standard desktop computer; this is comparable to the timings presented by Gentry et al. at Crypto 2012 for their implementation of a Ring-LWE based fully homomorphic encryption scheme.

01:17 [Pub][ePrint] Provably Secure Identity-Based Aggregate Signcryption Scheme in Random Oracles, by Jayaprakash Kar

  This article proposes a provably secure aggregate signcryption scheme in random oracles. Security of the scheme is based on computational infesibility of solving Decisional Bilinear Diffie-Hellman Problem and Discrete Logarithm Problems. Confidentiality

and authenticity are two fundamental security requirement of Public key Cryptography. These are achieved by encryption scheme and digital signatures respectively. Signcryption scheme is a cryptographic primitive that performs signature and encryption simultaneously in a single logical steps. An aggregate signcryption scheme can be constructed of the aggregation of individual signcryption. The aggreagtion is done taking n distinct signcryptions

on n messages signed by n distinct users.