*19:17* [Pub][ePrint]
Cryptosystems Resilient to Both Continual Key Leakages and Leakages from Hash Function, by Guangjun Fan and Yongbin Zhou and Chengyu Hu and Dengguo Feng
Yoneyama et al. introduced Leaky Random Oracle Model (LROM for short) at ProvSec2008 in order to discuss security (or insecurity) of cryptographic schemes which use hash functions as building blocks when leakages from pairs of input and output of hash functions occur in the experiment of security definition. This kind of leakages occurs due to various attacks caused by sloppy usages or implementations. Their results showed that this kind of leakages may threaten the security of some cryptographic scheme. However, an important fact is that such attacks would leak not only pairs of input and output of hash functions, but also the secret key. Therefore, LROM is very limited in the sense that it considers leakages from pairs of input and output of hash functions alone, instead of taking into consideration other possible leakages from the secret key simultaneously. On the other hand, many recent leakage models mainly concentrate on leakages from the secret key and ignore leakages from hash functions for a cryptographic scheme exploiting hash functions. This is a weakness of these leakage models and there exist some schemes in these leakage models but is not secure any more when leakages from hash functions occur.In this paper, we present an augmented model of both LROM and some leakage models. In our new model, both the secret key and pairs of input and output of hash functions can be leaked. Furthermore, the secret key can be leaked continually during the whole lifecycle of a cryptographic scheme. Hence, our new model is more universal and stronger than LROM and some leakage models (e.g. only computation leaks model and bounded memory leakage model). As an application example, we also present a public key encryption scheme which is provably IND-CCA secure in our new model.

*19:17* [Pub][ePrint]
Fully, (Almost) Tightly Secure IBE from Standard Assumptions, by Jie Chen and Hoeteck Wee
We present the first fully secure Identity-Based Encryption scheme(IBE) from the standard assumptions where the security loss depends

only on the security parameter and is independent of the number of

secret key queries. This partially answers an open problem posed by

Waters (Eurocrypt 2005). Our construction combines Waters\' dual

system encryption methodology (Crypto 2009) with the Naor-Reingold

pseudo-random function (J. ACM, 2004) in a novel way. The security

of our scheme relies on the DLIN assumption in prime-order groups.

*19:17* [Pub][ePrint]
Group Signature with relaxed-privacy and revocability for VANET, by Mohammad Saiful Islam Mamun and Atsuko Miyaji
This paper adapts a new group signature (GS) scheme tothe specific needs of certain application e.g., a vehicular adhoc network (VANET). Groth GS is the first efficient GS scheme in the BSZ-model with security proofs in the standard model. We modify the Groth GS in order to meet a restricted, but arguably sufficient set of privacy proper-ties. Although there are some authentication schemes using GS none of them satisfy all the desirable security and privacy properties. Either they follow GSs that rely on Random Oracle Model, or unable to satisfy potential application requirements. In particular, link management which allows any designated entities to link messages, whether they are coming from the same member or a certain group of members without revealing their identities; opening soundness that prevents malicious accusations by the opener against some honest member of the group; revocation system that privileges from fraudulent member like the traditional Public Key infrastructure (PKI). In order to achieve the aforementioned security properties together, we propose a new GS model where linkability, sound

opening and revocability properties are assembled in a single scheme. The novelty of our proposal stems from extending the Groth GS by relaxing strong privacy properties to a scheme with a lightly lesser privacy in order to fit an existing VANET application requirements. In addition, we partially minimize the Groth GS scheme to expedite efficiency.

*07:17* [Pub][ePrint]
Wide-weak Privacy Preserving RFID Mutual Authentication Protocol, by Raghuvir Songhela and Manik Lal Das
Radio Frequency IDentification (RFID) systems are gaining enormousinterests at industry due to their vast applications such as supply chain, access control, inventory, transport, health care and home appliances. Although tag identification is the primary security goal of an RFID system, privacy issue is equally, even more, important concern in RFID system because of pervasiveness of RFID tags. Over the years, many protocols have been proposed for RFID tags\' identification using different cryptographic primitives. It has been observed that most of them provide tags\' identification, but they fail to preserve tags\' privacy. It has been also proven that public-key primitives are essential for strong privacy and security

requirements in RFID systems. In this paper, we present a mutual authentication protocol for RFID systems using elliptic curves arithmetic.

Precisely, the proposed protocol provides narrow-strong and wide-weak

privacy and resists tracking attacks under standard complexity assumption. The protocol is compared with related works and found efficient in comparison to others.

*07:17* [Pub][ePrint]
Improved Authenticity Bound of EAX, and Refinements, by Kazuhiko Minematsu and Stefan Lucks and Tetsu Iwata
EAX is a mode of operation for blockciphers to implement an authenticated encryption. The original paper of EAX proved that EAX is unforgeable up to $O(2^{n/2})$ data with one verification query. However, this generally guarantees a rather weak bound for the unforgeability under multiple verification queries, i.e., only $(2^{n/3})$ data is acceptable. This paper provides an improvement over the previous security proof, by showing that EAX is unforgeable up to $O(2^{n/2})$ data with multiple verification queries. Our security proof is based on the techniques appeared in a paper of FSE 2013 by Minematsu et al. which studied the security of a variant of EAX called EAX-prime.

We also provide some ideas to reduce the complexity of EAX while keeping our new security bound. In particular, EAX needs three blockcipher calls and keep them in memory as a pre-processing, and our proposals can effectively reduce three calls to one call. This would be useful when computational power and memory are constrained.

*07:17* [Pub][ePrint]
A fast integer-based batch full-homomorphic encryption scheme over finite field, by Long Zhang and Qiuling Yue
In view of the problems that the plaintext space is too small in the existing schemes. In this paper, a new improved scheme is presented by improving the DGHV scheme. The plaintext space of the improved scheme is extended from finite prime field $F_{2}$ in the original scheme to finite prime field $F_{p}$. Combine and apply the method of encryption in the batch encryption scheme was proposed in 2013, and the plaintext space is further extended to finite fields $F_{q}$.The new improved scheme encrypts the message by applying the modular mathematical operation

and the Chinese remainder theorem, and the security of the scheme is based on the the difficulty of approximate greatest common divisor problem and the spare subset sum problem. The improved scheme we got has the advantages of encrypt fast, and the size of ciphertext is small. So compared with the original scheme, it is better for practical application.