International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-01-28
19:17 [Pub][ePrint] Verifiable Computation in Multiparty Protocols with Honest Majority, by Peeter Laud and Alisa Pankova

  A lot of cryptographic protocols have been proposed for semi-honest model. In general, they are much more efficient than those proposed for the malicious model. In this paper, we propose a method that allows to detect the parties that have violated the protocol rules after the computation has ended, thus making the protocol secure against covert attacks. This approach can be useful in the settings where for any party it is fatal to be accused in violating protocol rules. In this way, up to the verification, all the computation can be performed in semi-honest model, which makes it very efficient in practice. The verification is statistical zero-knowledge, and it is based on linear probabilistically checkable proofs ($\\PCP$) for verifiable computation. Each malicious party is detected with probability $1 - \\varepsilon$ for a negligible $\\varepsilon$ that is defined by the failure of the corresponding linear $\\PCP$. The initial protocol has to be executed only once, and the verification requires in total $3$ additional rounds (if some parties act dishonestly, in the worst case they may force the protocol to substitute each round with $4$ rounds, due to the transmission functionality that prevents the protocol from stopping). The verification also ensures that all the parties have sampled all the randomness from an appropriate distribution. Its efficiency does not depend on whether the inputs of the parties have been shared, or each party uses its own private input.

The major drawback of the proposed scheme is that the number of values sent before and after the protocol is exponential in the number of parties. Nevertheless, the settings make the verification very efficient for a small number of parties.



19:17 [Pub][ePrint] Bounded-Collusion Identity-Based Encryption from Semantically-Secure Public-Key Encryption: Generic Constructions with Short Ciphertexts, by Stefano Tessaro and David A. Wilson

  Identity-based encryption (IBE) is a special case of public-key encryption where user identities replace public keys. Every user is given a corresponding secret key for decryp- tion, and encryptions for his or her identity must remain confidential even to attackers who learn the secret keys associated with other identities. Several IBE constructions are known to date, but their security relies on specific assumptions, such as quadratic residuosity, as well as different pairing-based and lattice-based assumptions.

To circumvent the lack of generic constructions, Dodis et al. (EUROCRYPT \'02) introduced the notion of bounded-collusion IBE (BC-IBE), where attackers only learn secret keys of an a-priori bounded number t of identities. They provided a generic BC-IBE construction from any semantically-secure encryption scheme which, however, suffers from a ω(t) blow-up in ciphertext size. Goldwasser et al. (TCC 2012) recently presented a generic construction with no ciphertext-length blow-up. Their construction requires an underlying public-key scheme with a key homomorphism, as well as a hash-proof-style security definition that is strictly stronger than semantic security. This latter requirement in particular reduces the applicability of their construction to existing schemes.

In this paper, we present the first generic constructions of BC-IBE from semantically-secure encryption schemes with no ciphertext-length blow-up. Our constructions require different degrees of key-homomorphism and malleability properties that are usually easy to verify. We provide concrete instantiations based on the DDH, QR, NTRU, and LWE assumptions. For all of these assumptions, our schemes present the smallest BC-IBE ciphertext size known to date. Our NTRU-based construction is particularly interesting, due to the lack of NTRU- based IBE constructions as well as the fact that it supports fully-homomorphic evaluation. Our results also yield new constructions of bounded CCA-secure cryptosystems.



19:17 [Pub][ePrint] A Comparison of the Homomorphic Encryption Schemes FV and YASHE, by Tancrède Lepoint and Michael Naehrig

  We conduct a theoretical and practical comparison of two Ring-LWE-based, scale-invariant, leveled homomorphic encryption schemes -- Fan and Vercauteren\'s adaptation of BGV and the YASHE scheme proposed by Bos, Lauter, Loftus and Naehrig. In particular, we explain how to choose parameters to ensure correctness and security against lattice attacks. Our parameter selection improves the approach of van de Pol and Smart to choose parameters for schemes based on the Ring-LWE problem by using the BKZ-2.0 simulation algorithm.

We implemented both schemes in C++, using the arithmetic library FLINT, and compared them in practice to assess their respective strengths and weaknesses. In particular, we performed a homomorphic evaluation of the lightweight block cipher SIMON. Combining block ciphers with homomorphic encryption allows to solve the gargantuan ciphertext expansion in cloud applications.



19:17 [Pub][ePrint] Cryptanalysis on \"Secure untraceable off-line electronic cash system\", by Yalin Chen and Jue-Sam Chou*

  Recently, Baseri et al. proposed a secure untraceable off-line electronic cash system. They claimed that their scheme could achieve security requirements of an e-cash system such as, untraceability, anonymity, unlinkability, double spending checking, un-forgeability, date-attachability, and prevent forging coins. They further prove the un-forgeability security feature by using the hardness of discrete logarithm problems. However, after cryptanalysis, we found that the scheme cannot attain the security feature, untraceability. We, therefore, modify it to comprise this desired requirement, which is very important in an e-cash system.



19:17 [Pub][ePrint] A Polynomial Time Attack against Algebraic Geometry Code Based Public Key Cryptosystems, by Alain Couvreur and Irene Márquez-Corbella and Ruud Pellikaan

  We give a polynomial time attack on the McEliece public key cryptosystem based on algebraic geometry codes. Roughly speaking, this attacks runs in $O(n^4)$ operations in $\\mathbb F_q$, where $n$ denotes the code length. Compared to previous attacks, allows to recover a decoding algorithm for the public key even for codes from high genus curves.



13:17 [Pub][ePrint] Cuckoo Cycle; a memory-hard proof-of-work system, by John Tromp

  we propose an elegant memory-hard proof-of-work system based on cuckoo hashing



04:48 [PhD][New] Claude Carlet

  Name: Claude Carlet


04:47 [PhD][New] Abdelaziz Elaabid: Side channel attacks: advanced experimentations on template attacks

  Name: Abdelaziz Elaabid
Topic: Side channel attacks: advanced experimentations on template attacks
Category: secret-key cryptography

Description: In the 90\'s, the emergence of new cryptanalysis methods revolutionized the security of cryptographic devices. These attacks are based on power consumption analysis, when the microprocessor is running the cryptographic algorithm. Especially, we analyse in this thesis some properties of the template attack, with examples from attacks against an unprotected ASIC implementation. We point out that the efficiency of template attacks can be unleashed by using a relevent power model, and we provide some practical improvements by the use of different signal processing techniques. Furthermore, we investigate the relevance of the theoretical framework on profiled SCAs presented by F.-X. Standaert et al. at Eurocrypt 2009. The analyse consists in a case-study based on side-channel measurements acquired experimentally from a hardwired cryptographic accelerator. Therefore, with respect to previous formal analyses carried out on software measurements or on simulated data, the investigations we describe are more complex, due to the underlying chip\'s architecture and to the large amount of algorithmic noise.In this context, we explore the appropriateness of different choices for the sensitive variables, and we show that a skilled attacker aware of the register transfers occurring during the cryptographic operations can select the most adequate distinguisher, thus increasing its success rate. The principal component analysis (PCA) is used to represent the templates in some dimensions, and we give a physical interpretation of the templates eigenvalues and eigenvectors. We introduce a method based on the thresholding of leakage data to accelerate the profiling or the matching stages. This method empowers an attacker, in that it saves traces when converging towards correct values of the secret. Concretely, we demonstrate a 5 times speed-up in the on-line phase of the attack. Also, it has been underlined that the various samples garnered during the same acquisition can carry complement[...]


04:47 [PhD][Update] Constantin Catalin Dragan: Security of CRT-based Secret Sharing Schemes

  Name: Constantin Catalin Dragan
Topic: Security of CRT-based Secret Sharing Schemes
Category:(no category)

Description:

The Chinese Remainder Theorem (CRT) is a very useful tool in many areas of theoretical and practical cryptography. One of these areas is the theory of threshold secret sharing schemes. A (t+1,n)-threshold secret sharing scheme is a method of partitioning a secret among n users by providing each user with a share of the secret such that any t+1 users can uniquely reconstruct the secret by pulling together their shares. Several threshold schemes based on CRT are known. These schemes use sequences of pairwise co-prime positive integers with special properties. The shares are obtained by dividing the secret or a secret-dependent quantity by the numbers in the sequence and collecting the remainders. The secret can be reconstructed by some sufficient number of shares by using CRT. It is well-known that the CRT-based threshold secret sharing schemes are not perfect (and, therefore, not ideal) but some of them are asymptotically perfect and asymptotically ideal and perfect zero-knowledge if sequences of consecutive primes are used for defining them.

In this thesis we introduce (k-)compact sequences of co-primes and their applications to the security of CRT-based threshold secret sharing schemes is thorough investigated. Compact sequences of co-primes may be significantly denser than sequences of consecutive primes of the same length, and their use in the construction of CRT-based threshold secret sharing schemes may lead to better security properties. Concerning the asymptotic idealness property for CRT-based threshold schemes, we have shown there exists a necessary and sufficient condition for the Goldreich-Ron-Sudan (GRS) scheme and Asmuth-Bloom scheme if and only if (1-)compact sequences of co-primes are used. Moreover, the GRS and Asmuth-Bloom schemes based on k-compact sequences of co-primes are asymptotically perfect and perfect zero-knowledge. The Mignotte scheme is far from being asymptotically perfect and pe[...]




2014-01-27
14:48 [Job][New] Postdoc in Cryptology, Technical University of Denmark, DTU

  Department of Applied Mathematics and Computer Science, Technical University of Denmark, would like to invite applications for a Postdoc position of 18 months, starting 1 April 2014 or soon thereafter. The topic of the project is lightweight cryptology, which regards scenarios involving strongly resource-constrained devices.

Candidates for the position should have a solid background in hardware design and automation and be able to work on the physical constraints and optimization of the hardware implementations or, alternatively, we will consider candidates with a strong cryptanalytic and mathematical background who are able to analyse the security of ciphers to be designed.

14:44 [Job][New] Post-Doc in Applied Cryptography, University of Trier, Germany

  The Chair for Information Security and Cryptography at the University of Trier, Germany, offers

a full-time position for a postdoctoral researcher

in a project funded by the German Research Foundation (DFG). The goal of the project is to develop methods for the modular analysis of real-world cryptographic protocols, such as TLS, SSH, WPA2, etc., based on the approach of universal composability, and to apply the developed methods to such protocols.

The position is available immediately, with an internationally competitive salary. The starting date is negotiable. Contracts can initially be offered for up to three years, with the perspective of an extension.

There are no teaching obligations.

The successful candidate must have a Master`s degree (or an equivalent degree) in Computer Science, Mathematics, or a related discipline, and have completed, or be near completion of a PhD degree relevant to the research area of the project. You should have a proven high level of analytical capability and mathematical skills. Good English skills are expected; knowledge of German is not required.

Applications will be considered until the position is filled.