*05:21* [Pub][ePrint]
Cryptanalysis of Grigoriev-Shpilrain Physical Asymmetric Scheme With Capacitors, by Nicolas T. Courtois
Few days ago Grigoriev and Shpilrain have proposed to build a system for transmission of information without a shared secret, or essentially a sort of public key cryptosystem, based on properties of physical systems. In this paper we show that their second scheme based on capacitors is insecure and extremely easy to break in practice.

*05:21* [Pub][ePrint]
Theory of masking with codewords in hardware: low-weight $d$th-order correlation-immune Boolean functions, by Shivam Bhasin and Claude Carlet and Sylvain Guilley
In hardware, substitution boxes for block ciphers can be saved already masked in the implementation.The masks must be chosen under two constraints:

their number is determined by the implementation area and their properties should allow to deny high-order zero-offset attacks of highest degree.

First, we show that this problem translates into a known trade-off in Boolean functions, namely

finding correlation-immune functions of lowest weight.

For instance, this allows to prove that a byte-oriented block cipher such as AES can be protected with only $16$ mask values against zero-offset correlation power attacks of orders $1$, $2$ and $3$.

Second, we study $d$th-order correlation-immune Boolean functions $\\F_2^n \\to \\F_2$ of low-weight

and exhibit such functions of minimal weight found by a satisfiability modulo theory tool.

In particular, we give the minimal weight for $n \\leq 10$.

Some of these results were not known previously, such as the minimal weight for

$(n=9, d=4)$ and

$(n=10, d \\in \\{4,5,6\\})$.

These results set new bounds for the minimal number of lines of binary orthogonal arrays.

In particular, we point out that the minimal weight $w_{n,d}$ of a $d$th-order correlation-immune function might not be increasing with the number of variables $n$.

*05:21* [Pub][ePrint]
Maliciously Circuit-private FHE, by Rafail Ostrovsky and Anat Paskin-Cherniavsky and Beni Paskin-Cherniavsky
We present a framework for constructing compact FHE (fully homomorphic encryption) which is circuit-private in the malicious setting. That is, even if both maliciously formed public key and cyphertext are used, encrypted outputs only reveal the evaluation of the circuit on some well-formed input $x^*$.Previous literature on FHE only considered semi-honset circuit privacy.

Circuit-private FHE schemes have direct applications to computing on encrypted data. In that setting, one party (a receiver) holding an input $x$ wishes to learn the evaluation of a circuit $C$ held by another party (a sender). The goal is to make receiver\'s work sublinear (and ideally independent) of $\\mathcal{C}$, using a 2-message protocol.

Maliciously circuit-private FHE immediately gives rise to such a protocol which is secure against malicious receivers.

*05:21* [Pub][ePrint]
Lattice-Based Group Signatures with Logarithmic Signature Size, by Fabien Laguillaumie and Adeline Langlois and Benoit Libert and Damien Stehle
Group signatures are cryptographic primitives where users cananonymously sign messages in the name of a population they belong

to. Gordon et al. (Asiacrypt 2010) suggested the first realization of group signatures based on lattice assumptions in the random oracle model. A significant drawback of their scheme is its linear signature size in the cardinality $N$ of the group. A recent extension proposed by Camenisch et al. (SCN 2012) suffers from the same overhead. In this paper, we describe the first lattice-based group signature schemes where the signature and public key sizes are essentially logarithmic in $N$ (for any fixed security level). Our basic construction only satisfies a relaxed definition of anonymity (just like the Gordon et al. system) but readily extends into a fully anonymous group signature (i.e., that resists adversaries equipped with a signature opening

oracle). We prove the security of our schemes in the random oracle

model under the SIS and LWE assumptions.

*05:21* [Pub][ePrint]
Bypassing Passkey Authentication in Bluetooth Low Energy, by Tomas Rosa
This memo describes new cryptographic weakness of the passkey-based pairing of Bluetooth Low Energy (also known as Bluetooth Smart). The vulnerability discussed here extends the set of possible attacking scenarios that were already elaborated before by Mike Ryan at Shmoocon 2013.Instead of the passive sniffing attack on pairing secrets, we show how an active fraudulent Responder can gracefully bypass passkey authentication, despite it being possibly based on even one-time generated PIN.

*06:59* [Job][New]
Professor / Associate Professor in Information Security, *Queensland University of Technology, Brisbane, Australia*
The Queensland University of Technology (QUT) in Brisbane, Australia, is seeking to appoint a Professor or Associate Professor to play a senior leadership role in integrating research and teaching in the Information Security Discipline. The successful applicant will have an outstanding research publication and external funding track record. Women, Indigenous Australians and Torres Strait Islander people are strongly encouraged to apply.

The Information Security discipline undertakes research and teaching in the areas of cryptography, network security and digital forensics. The discipline group continues the 25 year pedigree of information security research excellence at QUT, and has a strong track record of success in competitive research funding, high quality publications and international collaboration.