International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

19:17 [Pub][ePrint] Implementation and Comparison of Lattice-based Identification Protocols on Smart Cards and Microcontrollers, by Ahmad Boorghany and Rasool Jalili

  Most lattice-based cryptographic schemes which enjoy a security proof suffer from huge key sizes and heavy computations. This is also true for the simpler case of identification protocols. Recent progress on ideal lattices has significantly improved the efficiency, and made it possible to implement practical lattice-based cryptography on constrained devices like FPGAs and smart phones. However, to the best of our knowledge, no previous attempts were made to implement lattice-based schemes on smart cards. In this paper, we report the results of our implementation of several state-of-the-art and highly-secure lattice-based identification protocols on smart cards and microcontrollers. Our results show that only a few of such protocols fit into the limitations of these devices. We also discuss the implementation challenges and techniques to perform lattice-based cryptography on constrained devices, which may be of independent interest.

19:17 [Pub][ePrint] Unifying Leakage Models: from Probing Attacks to Noisy Leakage, by Alexandre Duc and Stefan Dziembowski and Sebastian Faust

  A recent trend in cryptography is to formally show the leakage resilience of cryptographic implementations in a given leakage model. One of the most prominent leakage models -- the so-called bounded leakage model -- assumes that the amount of leakage is a-priori bounded. Unfortunately, it has been pointed out that the assumption of bounded leakages is hard to verify in practice. A more realistic assumption is to assume that leakages are sufficiently noisy, following the engineering observation that real-world physical leakages are inherently noisy. While the noisy leakage assumption has first been studied in the seminal work of Chari et al. (CRYPTO 99), the recent work of Prouff and Rivain (Eurocrypt 2013) provides the first analysis of a full masking scheme under a physically motivated noise model. In particular, the authors show that a block-cipher implementation that uses an additive masking scheme is secure against noisy leakages. Unfortunately, the security analysis of Prouff and Rivain has three important shortcomings: (1) it requires leak-free gates, (2) it considers a restricted adversarial model (random message attacks), and (3) the security proof has limited application for cryptographic settings. In this work, we provide an alternative security proof in the same noisy model that overcomes these three challenges. We achieve this goal by a new reduction from noisy leakage to the important theoretical model of probing adversaries (Ishai et al~ -- CRYPTO 2003). Our work can be viewed as a next step of closing the gap between theory and practice in leakage resilient cryptography: while our security proofs heavily rely on concepts of theoretical cryptography, we solve problems in practically motivated leakage models.

16:17 [Pub][ePrint] One-Pass Authenticated Key Establishment Protocol on Bilinear Pairings for Wireless Sensor Networks, by Manoj Ranjan Mishra, Jayaprakash Kar and Banshidhar Majhi

  The article proposes one-pass authenticated key establishment protocol

in random oracles for Wireless Sensor Networks. Security of the protocol relies on Computational Diffie-Hellman Problem on Bilinear Pairings. In one-pass key establishment protocol, the initiator computes a session key and a related message. The key token is to be sent to the intended receiver using receiver\'s public key and sender

secret key. From the received key token the receiver compute the session key, which is the same as the one computed by the sender, using sender public key and receiver\'s secret key. Because of low communication overhead, the scheme is better suited for Wireless Sensor Networks(WSNs) than the traditional key establishment protocol to establish the session key between two adjacent nodes.

16:17 [Pub][ePrint] Lattice Cryptography for the Internet, by Chris Peikert

  In recent years, \\emph{lattice-based} cryptography has been recognized

for its many attractive properties, such as strong provable security

guarantees and apparent resistance to quantum attacks, flexibility for

realizing powerful tools like fully homomorphic encryption, and high

asymptotic efficiency. Indeed, several works have demonstrated that

for basic tasks like encryption and authentication, lattice-based

primitives can have performance competitive with (or even surpassing)

those based on classical mechanisms like RSA or Diffie-Hellman.

However, there still has been relatively little work on developing

lattice cryptography for deployment in \\emph{real-world} cryptosystems

and protocols.

In this work we take a step toward that goal, by giving efficient

and practical lattice-based protocols for key transport, encryption,

and authenticated key exchange that are suitable as ``drop-in\'\'

components for proposed Internet standards and other open protocols.

The security of all our proposals is provably based (sometimes in the

random-oracle model) on the well-studied ``learning with errors over

rings\'\' problem, and hence on the conjectured worst-case hardness of

problems on ideal lattices (against quantum algorithms).

One of our main technical innovations (which may be of independent

interest) is a simple, low-bandwidth \\emph{reconciliation} technique

that allows two parties who ``approximately agree\'\' on a secret value

to reach \\emph{exact} agreement, a setting common to essentially all

lattice-based encryption schemes. Our technique reduces the

ciphertext length of prior (already compact) encryption schemes nearly

twofold, at essentially no cost.% in security, key size, or runtime.

16:17 [Pub][ePrint] Implementing Pairing-Based Cryptosystems in USB Tokens, by Zhaohui Cheng

  In the last decade, pairing-based cryptography has been the most intensively studied subject in the cryptography field. Various optimization techniques have been developed to speed up the pairing computation. However, implementing a pairing-based cryptosystem in resource constrained devices has been less tried. Moreover, due to progress on solving the discrete logarithm problem, those implementations are no longer safe to use. In this paper, we report an implementation of a couple of pairing-based cryptosystems at a high security level on a 32-bit microcontroller in a USB token. It shows that USB tokens supporting secure pairing-based cryptosystems are viable.

06:15 [Event][New] Post-quantum Cryptography Summer School

  From September 29 to September 30
Location: Waterloo, Canada
More Information:

21:56 [Job][New] PhD Positions in Applied Cryptology, Worcester Polytechnic Institue, MA, USA

  The Vernam Group for Security and Privacy at WPI in Worcester, MA has open PhD positions in applied cryptology. In particular there are two openings in side channel analysis and leakage resilient implementation.

Candidates should have a Master’s degree in electronics, computer science or applied mathematics, with strong interest in algorithms and signal processing. Prior experience in side channel analysis and embedded software or hardware design is an asset.

We offer a competitive salary and an international cutting-edge research program in an attractive working environment. WPI is one of the highest-ranked technical colleges in the US. Located in the greater Boston area, it maintains close interaction with many of the nearby universities and companies.

12:54 [Event][New] SAC'2014: Selected Areas in Cryptography

  Submission: 28 May 2014
From August 14 to August 15
Location: Montreal, Quebec, Canada
More Information:

08:49 [Event][New] CANS 2014: 13rd International Conference on Cryptology and Network Security

  Submission: 10 June 2014
Notification: 25 July 2014
From October 22 to October 24
Location: Heraklion, Crete, Greece
More Information:

13:17 [Pub][ePrint] Some security bounds for the DGHV scheme, by Franca Marinelli and Riccardo Aragona and Chiara Marcolla and Massimiliano Sala

  The correctness in decrypting a ciphertext after some operations in the DGVH scheme depends heavily on the dimension of the secret key. In this paper we compute two bounds on the size of the secret key for the DGHV scheme to decrypt correctly a ciphertext after a fixed number of additions and a fixed number of multiplication. Moreover we improve the original bound on the dimension of the secret key for a general circuit.

13:17 [Pub][ePrint] A Subexponential Construction of Graph Coloring for Multiparty Computation, by Hassan Jameel Asghar, Yvo Desmedt, Josef Pieprzyk, and Ron Steinfeld

  We show the first deterministic construction of an unconditionally secure multiparty computation (MPC) protocol in the passive adversarial model over black-box non-Abelian groups which is both optimal and has subexponential complexity of construction. More specifically, following the result of Desmedt et al. (2012) that the problem of MPC over non-Abelian groups can be reduced to finding a $t$-reliable $n$-coloring of planar graphs, we show the construction of such a graph which allows a path from the input nodes to the output nodes when any $t$-party subset is in the possession of the adversary. Unlike the (deterministic) constructions from Desmedt et al. (2012) our construction is subexponential and optimal at the same time, i.e., it is secure for any $t < \\frac{n}{2}$.