International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-06-20
12:17 [Pub][ePrint] Function-Private Subspace-Membership Encryption and Its Applications, by Dan Boneh and Ananth Raghunathan and Gil Segev

  Boneh, Raghunathan, and Segev (CRYPTO \'13) have recently put forward the notion of function privacy and applied it to identity-based encryption, motivated by the need for providing predicate privacy in public-key searchable encryption. Intuitively, their notion asks that decryption keys reveal essentially no information on their corresponding identities, beyond the absolute minimum necessary. While Boneh et al. showed how to construct function-private identity-based encryption (which implies predicate-private encrypted keyword search), searchable encryption typically requires a richer set of predicates.

In this paper we significantly extend the function privacy framework. First, we introduce the new notion of subspace-membership encryption, a generalization of inner-product encryption, and formalize a meaningful and realistic notion for capturing its function privacy. Then, we present a generic construction of a function-private subspace-membership encryption scheme based on any inner-product encryption scheme. This is the first generic construction that yields a function-private encryption scheme based on a non-function-private one.

Finally, we present various applications of function-private subspace-membership encryption. Among our applications, we significantly improve the function privacy of the identity-based encryption schemes of Boneh et al.: whereas their schemes are function private only for identities that are highly unpredictable (with min-entropy of at least

$\\lambda + \\omega(\\log \\lambda)$ bits, where $\\lambda$ is the security parameter), we obtain function-private schemes assuming only the minimal required unpredictability (i.e., min-entropy of only $\\omega(\\log \\lambda)$ bits). This improvement offers a much more realistic function privacy guarantee.



12:17 [Pub][ePrint] The SIMON and SPECK Families of Lightweight Block Ciphers, by Ray Beaulieu and Douglas Shors and Jason Smith and Stefan Treatman-Clark and Bryan Weeks and Louis Wingers

  In this paper we propose two families of block ciphers, SIMON and SPECK, each of which comes in a variety of widths and key sizes. While many lightweight block ciphers exist, most were designed to perform well on a single platform and were not meant to provide high performance across a range of devices. The aim of SIMON and SPECK is to fill the need for secure, flexible, and analyzable lightweight block ciphers. Each offers excellent performance on hardware and software platforms, is flexible enough to admit a variety of implementations on a given platform, and is amenable to analysis using existing techniques. Both perform exceptionally well across the full spectrum of lightweight applications, but SIMON is tuned for optimal performance in hardware, and SPECK for optimal performance in software.



12:17 [Pub][ePrint] New Quadratic Bent Functions in Polynomial Forms with Coefficients in Extension Fields, by Chunming Tang, Yanfeng Qi, Maozhi Xu

  In this paper, we first discuss the bentness of a large class of quadratic Boolean functions in polynomial form

$f(x)=\\sum_{i=1}^{\\frac{n}{2}-1}Tr^n_1(c_ix^{1+2^i})+ Tr_1^{n/2}(c_{n/2}x^{1+2^{n/2}})$, where

$c_i\\in GF(2^n)$ for $1\\leq i \\leq \\frac{n}{2}-1$ and $c_{n/2}\\in GF(2^{n/2})$.

The bentness of these functions can be connected with linearized permutation

polynomials. Hence, methods for constructing quadratic bent functions are given. Further, we consider a subclass of quadratic Boolean functions of the form

$f(x)=\\sum_{i=1}^{\\frac{m}{2}-1}Tr^n_1(c_ix^{1+2^{ei}})+

Tr_1^{n/2}(c_{m/2}x^{1+2^{n/2}})$ , where $c_i\\in GF(2^e)$, $n=em$ and $m$ is even. The bentness of these functions are characterized and some methods for constructing new quadratic bent functions are given. Finally, for a special case: $m=2^{v_0}p^r$ and

$gcd(e,p-1)=1$, we present the enumeration of quadratic bent functions.



12:17 [Pub][ePrint] Attribute-Based Server-Aided Verfication Signature, by Zhiwei Wang and Ruirui Xie and Wei Zhang and Liwen He and Guozi Sun and Wei Chen

  Attribute based signature (ABS) is a novel cryptographic primitive, which enables a party can sign messages for any predicate satisfy by their attributes. However, heavy computational cost is required during the verification procedure in most existing ABS schemes, which may needs many pairing operations. Pairing are costly operation when compared to exponentiation in the base group. As a result, this presents a greatly challenge for resource-limited users, such as smart cards and wireless sensor. In other words, verification can hardly be done in these devices if attribute based signature is employed. We solve this

problem by proposing a new notion called \\emph{Attribute-Based Server-Aided Verification Signature}. It is similar to normal ABS scheme, but it further enables the verifier to verify the signature with the assistance of an external server. In this paper, we provide the security definition of Attribute-Based Server-Aided Verification Signature, and design a concrete server-aided verification protocol for Li et al.\'s attribute based signature. We also prove that our protocol is secure with random oracles.



06:28 [PhD][New] Enrico Thomae: About the Security of Multivariate Quadratic Public Key Schemes

  Name: Enrico Thomae
Topic: About the Security of Multivariate Quadratic Public Key Schemes
Category: public-key cryptography

Description: The primary goal of this thesis is to evaluate the security of multivariate quadratic public key schemes. We investigate three main topics related to the security of MQ-schemes, namely the MQ-Problem, the IP-Problem and the MinRank-Problem.
\r\nSection 2 discusses the MQ-Problem, which relates to direct pre-image attacks using the\r\npublic key, i.e. finding x for a given y and P(x) = y, which is known to be difficult in\r\ngeneral. In section 2.1 we provide a brief survey on algorithms to solve such systems, like F4, F5, XL and MutantXL. We recap the complexity analysis of the first three algorithms and provide a detailed complexity analysis of the latter. Our contribution is a proof of theorem 2.7 which is hopefully simpler than that in [CKPS, Section 8]. Further we derived theorem 2.29 and thus confirmed results from Yang and Chen [YC04a] in a different way.
\r\nIn section 2.2 we present a new direct attack on the Unbalanced Oil and Vinegar signature scheme, which forces to raise parameters in order to obtain the same\r\nsecurity level again. More generally we present an algorithm to solve underdetermined\r\nsystems of MQ-equations faster than before.
\r\nSection 3 presents the main part of this work and is dedicated to algebraic key recovery\r\nattacks on MQ-schemes.\r\nUnfortunately naive algebraic attacks are usually far from being efficient due to the large number of variables. So we first formalize the underlying class of problems and introduce the Isomorphism of Polynomials with partial Knowledge (IPpK) Problem in section 3.3. We relate this new problem to known problems, like the Isomorphism of Polynomials Problem with one and two secrets. Our main contribution is to provide a general algebraic\r\nframework to tackle the IPpK-Problem. Therefore we generalize the notion of equivalent keys to so-called good keys. In a nutshell equivalent keys allow to reduce the number of variables of an algebraic attack. Good keys further reduce the number of vari[...]




2013-06-19
06:17 [Forum] [IACR Publication Reform] Automatic follow up by cbw

  Hello, In case you want to follow up this forum - but not to poll it every other day, there are several options: * RSS feed: http://eprint.iacr.org/forum/rss.php * IACR News system (eMail, Twitter) via "Forum": http://www.iacr.org/news/ Best, Christopher From: 2013-19-06 04:56:53 (UTC)

06:17 [Forum] [General] Re: RSS feeds by cbw

  Hello, Apart from the RSS feed at http://eprint.iacr.org/forum/rss.php there is also the IACR News system system (eMail, Twitter). Just use the tag / channel "Forum": http://www.iacr.org/news/ Best, Christopher www.christopher-wolf.de Ruhr-University Bochum Germany From: 2013-19-06 05:02:11 (UTC)



2013-06-18
15:17 [Pub][ePrint] Attack on Liao and Hsiao\'s Secure ECC-based RFID Authentication Scheme integrated with ID-Verifier Transfer Protocol, by Roel Peeters and Jens Hermans

  We show that the Liao and Hsiao\'s protocol achieves neither tag-authentication nor privacy.



12:17 [Forum] [IACR Publication Reform] Testable change by amitsahai

  The problem with radical redesign is that it is hard to understand what change has caused which effect. I suggest that we as a community focus on one problem at a time. If we want to focus on multiple problems, maybe each conference should attack one at a time, so at least each variable can be tested separately. Let\'s start with the problem of low quality reviews. Here is a modest initial proposal based on an economic model: Each review should have two components: (1) technical summary and feedback, and (2) subjective evaluation wholly supported by technical evaluation in (1) The technical summary should be presented to the authors before decisions are made, and the authors will rate reviews based on understanding. So will other PC members (anonymously). The results will be used to rate PC members and reviewers and provide them with tokens. PC members and reviewers will need to spend these tokens to get their papers published at top conferences in the future. The monetary system will need to be worked out, but we can let junior researchers borrow tokens from the central bank at the start of their careers so as not to harm their initial careers. But eventually everyone has to pay in quality reviews for papers that they want to publish. These are initial thoughts and the proposal should certainly be refined to address potential abuses. For example, technical parts of the review should be devoid of all subjective opinions and hidden praise, so that the temptation to flatter the authors for earning tokens can be avoided. Also, probably feedback from authors of papers in the bottom 33% should not be counted towards awarding tokens. Amit From: 2013-18-06 09:28:41 (UTC)

12:17 [Pub][ePrint] Practical Secure Logging: Seekable Sequential Key Generators, by Giorgia Azzurra Marson and Bertram Poettering

  In computer forensics, log files are indispensable resources that support auditors in identifying and understanding system threats and security breaches. If such logs are recorded locally, i.e., stored on the monitored machine itself, the problem of log authentication arises: if a system intrusion takes place, the intruder might be able to manipulate the log entries and cover her traces. Mechanisms that cryptographically protect collected log messages from manipulation should ideally have two properties: they should be *forward-secure* (the adversary gets no advantage from learning current keys when aiming at forging past log entries), and they should be *seekable* (the auditor can verify the integrity of log entries in any order or access pattern, at virtually no computational cost).

We propose a new cryptographic primitive, a *seekable sequential key generator* (SSKG), that combines these two properties and has direct application in secure logging. We rigorously formalize the required security properties and give a provably-secure construction based on the integer factorization problem. We further optimize the scheme in various ways, preparing it for real-world deployment. As a byproduct, we develop the notion of a *shortcut one-way permutation* (SCP), which might be of independent interest.

Our work is highly relevant in practice. Indeed, our SSKG implementation has become part of the logging service of the systemd system manager, a core component of many modern commercial Linux-based operating systems.



12:17 [Pub][ePrint] ASICS: Authenticated Key Exchange Security Incorporating Certification Systems, by Colin Boyd and Cas Cremers and Michèle Feltz and Kenneth G. Paterson and Bertram Poettering and Douglas Stebila

  Most security models for authenticated key exchange (AKE) do not explicitly model the associated certification system, which includes the certification authority (CA) and its behaviour. However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside the scope of these models. We provide the first systematic analysis of AKE security incorporating certification systems (ASICS). We define a family of security models that, in addition to allowing different sets of standard AKE adversary queries, also permit the adversary to register arbitrary bitstrings as keys. For this model family we prove generic results that enable the design and verification of protocols that achieve security even if some keys have been produced maliciously. Our approach is applicable to a wide range of models and protocols; as a concrete illustration of its power, we apply it to the CMQV protocol in the natural strengthening of the eCK model to the ASICS setting.