Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via
To receive your credentials via mail again, please click here.
You can also access the full news archive.
We analyze the computational and communication complexities of our construction, and show that it is much more efficient than the existing protocols in the literature.
Finally, we show that our basic protocol is efficiently transformed into a stronger protocol secure in the presence of malicious adversaries, together with performance and security analysis.
cryptographic primitive in parallel to the execution of the operations. The result of the division are two primitives that have smaller input sizes and thus require lower attack complexities.
However, the division is not completely independent and the sub-primitives depend (output of one is the input for the other) mutually on a certain number of bits. When the number of such bits is relatively small, we show a technique based on three classical meet-in-the-middle attacks that can recover the secret key of the cipher faster than an exhaustive search. We apply our findings to the lightweight block cipher KLEIN and show attacks on 10/11/13 rounds of KLEIN-64/-80/-96.
Our approach requires only one or two pairs of known plaintexts and always recovers the secret key.
anonymity - strongest-possible anonymity requirements and
adversaries. We begin with rigorous definition of anonymity
against wide range of computationally-bounded attackers,
including eavesdroppers, malicious peers, malicious destina-tions, and their combinations. Following the work of Hevia and Micciancio , our definition is generic, and captures dierent notions of anonymity (e.g., unobservability and sender anonymity).
We then study the feasibility of ultimate anonymity. We
show there is a protocol satisfying this requirement, but with
absurd (although polynomial) inefficiency and overhead. We
show that such inefficiency and overhead is unavoidable for
`ultimate anonymity\'. We then present a slightly-relaxed
requirement and present feasible protocols for it.
bilinear pairing on the Jacobian variety of a hyperelliptic curve.
We prove that, for supersingular elliptic curves with embedding degree
two, square of the Ate pairing is nothing but the Weil pairing.
Using the formula, we develop an X-coordinate only pairing inversion method.
However, the algorithm is still infeasible for cryptographic size problems.
gossipers, we want to schedule a cyclic calendar
of meetings between all of them, such that: (1) each gossiper communicates
(gossips) only once a day, with one other gossiper, (2) in every (n 1) consecutive
days, each gossiper meets all other gossipers, and (3) every gossip, initiated by
any gossiper, will reach all gossipers within k = log(n) days.
In this paper we study the above stated meet-all gossipers problem, by den-ing and constructing the Gossip Latin Square (GLS), a combinatorial structure
which solves the problem.
unobservable, anonymous reporting to an untrusted destination,
with low latency and overhead. DURP provably ensures strong
anonymity properties, as required for some applications (and not
provided by existing systems and practical designs, e.g., Tor),
Provable unobservability against global eavesdropper and
Provable source anonymity against a malicious destination.
Probable-innocence against a malicious destination which is
also a global eavesdropper.
DURP design is a modular combination of two modules: a
queuing module, ensuring fixed rates for certain events, together
with an anonymization module, which can use either Onion-Routing (DURP^OR) or Crowds (DURP^Crowds). We present anal-ysis, backed by simulation results, of the network properties and
performance of DURP, and show it has reasonable overhead. We
also use the analysis results to create an optimized version of
We present detailed experimental results to support our claims made in this paper.