Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via
To receive your credentials via mail again, please click here.
You can also access the full news archive.
text, a session key is produced, which is required to be indistinguishable from random. Such a scheme can
provide public encryption functionality in combination with a symmetric encryption through the hybrid en-
cryption paradigm. The Boneh-Gentry-Waters scheme of 2005 proposed a broadcast scheme with constant-size
ciphertext. It is one of the most efficient broadcast encryption schemes regarding overhead size. In this work we
consider the improved scheme of Phan-Pointcheval-Shahandashi-Ste
er [PPSS12] which provides an adaptive
CCA broadcast encryption scheme. These two schemes may be tweaked to use bilinear pairings[DGS].
This document details our choices for the implementation of the PPSS scheme. We provide a complete golden sequence
of the protocol with efficient pairings (Tate, Ate and Optimal Ate). We target a 128-bit security
level, hence we use a BN-curve [BN06]. The aim of this work is to contribute to the use and the standardization of
PPSS scheme and pairings in concrete systems.
Dealing with these challenges, the contribution of this article is two-fold. Firstly, together with emergency practioners, we follow a participatory design approach. We define security requirements, patterns for efficient communication and derive a design proposal. Secondly, we devise a novel approach to multilaterally end-to-end secure, user-friendly attribute-based messaging for one-to-many communication. It builds on a hybrid encryption technique, which efficiently combines ciphertext-policy attribute-based encryption, location-based encryption and symmetric encryption. The hybrid encryption approach supports dynamic location attributes as user-friendly selectors for targeted messaging with dynamic groups of mobile and anonymous receivers. The achieved security of the approach and concrete application scenarios are discussed.
a technique for remote authentication of objects. The security
is based on basic quantum information theoretic principles
and the assumption that the adversary cannot efficiently implement arbitrary unitary transformations.
We analyze the security of QR-PUF schemes in the case where
each challenge consists of precisely $n$ quanta and the dimension $K$ of the Hilbert space is larger than $n^2$.
We consider a class of attacks where the adversary first tries to learn as much as possible about the challenge and then bases his response on his estimate of the challenge.
For this class of attacks we derive an upper bound on the adversary\'s success probability as a function of $K$ and~$n$.
1. Design a protocol for a small number of parties (say, 3 or 4)
which achieves security against a single corrupted party. Such
protocols are typically easy to construct as they may employ
techniques that do not scale well with the number of corrupted
2. Recursively compose with itself to obtain an efficient n-party
protocol which achieves security against a constant fraction of
The second step of our approach combines the player emulation
technique of Hirt and Maurer (J. Cryptology, 2000) with
constructions of logarithmic-depth formulae which compute
threshold functions using only constant fan-in threshold gates.
Using this approach, we simplify and improve on previous results
in cryptography and distributed computing. In particular:
- We provide conceptually simple constructions of efficient
protocols for Secure Multiparty Computation (MPC) in the
presence of an honest majority, as well as broadcast protocols
from point-to-point channels and a 2-cast primitive.
- We obtain new results on MPC over blackbox groups and other
The above results rely on the following complexity-theoretic
contributions, which may be of independent interest:
- We show that for every integers j,k such that m = (k-1)/(j-1)
is an integer, there is an explicit (poly(n)-time) construction
of a logarithmic-depth formula which computes a good
approximation of an (n/m)-out-of-n threshold function using only
j-out-of-k threshold gates and no constants.
- For the special case of n-bit majority from 3-bit majority
gates, a non-explicit construction follows from the work of
Valiant (J. Algorithms, 1984). For this special case, we provide
an explicit construction with a better approximation than for the
general threshold case, and also an exact explicit construction
based on standard complexity-theoretic or cryptographic
In this paper, we aim to bridge this fundamental gap. Our main result is a quantitative connection between a bound on the EDP of differential characteristics and the highest
number of input pairs that actually satisfy a characteristic for a fixed key. This is particularly important for the design of permutation-based hash functions such as sponge functions, where the EDP value itself is not informative for the absence of rekeying. We apply our theoretical result to revisit the security arguments of some prominent recent block ciphers and hash functions. For most of those, we have good news: a characteristic is followed by a small number of pairs only. For Keccak, though, currently much more rounds would be needed for our technique to guarantee any reasonable maximum number of pairs.
Thus, our work --- for the first time --- sheds light on the fixed-key differential behaviour of block ciphers in general and substitution-permutation networks in particular which has been a long-standing fundamental problem in symmetric-key cryptography.
an overhead. In this paper, we propose a search technique which has a negligible amount of computation for fake responses. Multiple tags in the same object increases the detection probability and also the probability of success in search process. Our aim is to search a particular object efficiently preserving the possible security requirements amid various resource limitations in low-cost RFID tag.
may access classified information about an object tagged with RFID tag. Therefore, authentication is a necessary requirement. Use of multiple tags in an object increases the detection probability and simultaneously ensures availability of multiple resources in the form of memory and computability. Authentication process in multi-tag arrangement may increase the traffic between reader and object and/or decrease the detection probability. Therefore the challenge is to keep intact the detection probability without increasing the traffic. Existence of multiple number of tags helps to distribute the authentication responsibility for an object among multiple number of tags. In this paper, we assume that an object is attached with multiple number of active tags and in each session a randomly selected tag is responsible for authentication process. The detection probability is intact since an active tag within the range of reader can be an inter-mediator.