*15:17* [Pub][ePrint]
Improved Linear Sieving Techniques with Applications to Step-Reduced LED-64, by Itai Dinur and Orr Dunkelman and Nathan Keller and Adi Shamir
In this paper, we describe new techniques in meet-in-the-middle attacks. Our basic technique is called a \\emph{linear key sieve} since it exploits as filtering conditions linear dependencies between key bits that are guessed from both sides of the attack. This should be contrasted with related previous attacks, which only exploiteda \\emph{linear state sieve} (i.e., linear dependencies between state bits that are computed from

both sides of the attack). We apply these techniques to the lightweight block cipher LED-64, and improve some of the best known attacks on step-reduced variants of this cipher in all attack models. As a first application of the linear key sieve, we describe a chosen plaintext attack on 2-step LED-64, which reduces the time complexity of the

best previously published attack on this variant from $2^{56}$ to $2^{48}$. Then, we present the first attack on 2-step LED-64 in the \\emph{known plaintext model}. In this attack, we show for the first time that the splice-and-cut technique (which inherently requires chosen messages) can also be applied in the known plaintext model, and we use the linear key sieve in order to obtain an attack with the same time complexity as our chosen plaintext attack. Finally, we describe a related-key attack on 3-step LED-64 which improves the best previously published attack (presented at Asiacrypt 2012) in all the complexity parameters of time/data/memory from $2^{60}$ to $2^{49}$. As our first two single-key attacks, the related-key attack is also based on the linear key sieve, but it uses additional techniques in differential meet-in-the-middle which are interesting in their own right.

*15:17* [Pub][ePrint]
Detection of Algebraic Manipulation in the Presence of Leakage, by Hadi Ahmadi and Reihaneh Safavi-Naini
We investigate the problem of algebraic manipulation detection (AMD) over a communication channel that partially leaks information to an adversary. We assume the adversary is computationally unbounded and there is no shared key or correlated randomness between the sender and the receiver. We introduce leakage-resilient (LR)-AMD codes to detect algebraic manipulation in this model.We consider two leakage models. The first model, called \\emph{linear leakage}, requires the adversary\'s uncertainty (entropy) about the message (or encoding randomness) to be a constant fraction of its length. This model can be seen as an extension of the original AMD study by Cramer et al. \\cite{CDFPW08} to when some leakage to the adversary is allowed. We study \\emph{randomized strong} and \\emph{deterministic weak} constructions of linear (L)LR-AMD codes. We derive lower and upper bounds on the redundancy of these codes and show that known optimal (in rate) AMD code constructions can serve as optimal LLR-AMD codes. In the second model, called \\emph{block leakage}, the message consists of a sequence of blocks and at least one block remains with uncertainty that is a constant fraction of the block length. We focus on deterministic block (B)LR-AMD codes. We observe that designing optimal such codes is more challenging: LLR-AMD constructions cannot function optimally under block leakage. We thus introduce a new optimal BLR-AMD code construction and prove its security in the model.

We show an application of LR-AMD codes to tampering detection over wiretap channels. We next show how to compose our BLR-AMD construction, with a few other keyless primitives, to provide both integrity and confidentiality in transmission of messages/keys over such channels. This is the best known solution in terms of randomness and code redundancy. We discuss our results and suggest directions for future research.

*15:17* [Pub][ePrint]
DFA-Based Functional Encryption: Adaptive Security from Dual System Encryption, by Somindu C. Ramanna
We present an adaptively secure functional encryption (FE) scheme based on deterministic finite automata (DFA). The construction uses composite-order bilinear

pairings and is built upon the selectively secure DFA-based FE scheme of Waters (Crypto 2012).

The scheme is proven secure using the dual system methodology under static subgroup decision assumptions.

A dual system proof requires generating of semi-functional components from the instance.

In addition, these components must be shown to be properly distributed in an attacker\'s view.

This can be ensured by imposing a restriction on the automata and strings over which the

scheme is built i.e., every symbol can appear at most once in a string and in the set of

transition tuples of an automata.

First a basic construction with the restrictions is obtained and proved to be adaptively secure.

We then show how to extend this basic scheme to a full scheme where the restrictions can be relaxed

by placing a bound on the number of occurrences of any symbol in a string and in

the set of transitions. With the relaxed restrictions, our system

supports functionality defined by a larger class of regular languages.

*06:25* [Job][New]
Two Postdoc Positions, *Technical University of Denmark, DTU*
Department of Applied Mathematics and Computer Science, Technical University of Denmark, www.compute.dtu.dk/english would like to invite applications for two Postdoc positions of each 18 months, both starting 1 January 2014 or soon thereafter. The topic of the project is lightweight cryptology, which regards scenarios involving strongly resource-constrained devices.Candidates for the first postdoc position should have a strong cryptanalytic and mathematical background and be able to analyze the security of ciphers to be designed. Candidates for the second postdoc should have a solid background in hardware design and automation and be able to work on the physical constraints and optimization of the hardware implementations.

*06:25* [Job][New]
Lecturer in Secure Digital Systems, *Centre for Secure Information Technologies (CSIT), Queen’s University Belfast, UK*
Applications are invited for Lectureships in Secure Digital Systems to undertake research in Data, Network and/or Malware security within the Centre for Secure Information Technologies (CSIT), which is part of the School of Electronics, Electrical Engineering and Computer Science (EEECS). Candidates will also be required to undertake lecturing duties at undergraduate and post-graduate level and to actively engage in major research with industry.Applicants must have at least a 2:1 Honours Degree (or equivalent) in Electrical and Electronics Engineering, Computer Science, Mathematics or closely related discipline and a PhD, or expect, within 6 months, to obtain a PhD, in a relevant subject. Evidence of high quality research in a relevant field commensurate with stage of academic career, or extensive industrial experience in a relevant area, is essential. Applicants with research expertise in one or more of the following areas are strongly encouraged to apply: applied cryptography, side channel analysis, security protocols, malware/botnet analysis, network forensics, cloud security, threat and attack mitigation, insider threat behaviour, software security.