International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

00:17 [Pub][ePrint]


00:17 [Pub][ePrint] Resilient Aggregation in Simple Linear Sensor Networks, by Kevin J. Henry and Douglas R. Stinson

  A sensor network is a network comprised of many small, wireless, resource-limited nodes that sense data about their environment and report readings to a base station. One technique to conserve power in a sensor network is to aggregate sensor readings hop-by-hop as they travel towards a base station, thereby reducing the total number of messages required to collect each sensor reading. In an adversarial setting, the ability of a malicious node to alter this aggregate total must be limited. We present three aggregation protocols inspired by three natural key pre-distribution schemes for linear networks. Assuming no more than k consecutive nodes are malicious, each of these protocols limits the capability of a malicious node to altering the aggregate total by at most a single valid sensor reading. Additionally, our protocols are able to detect malicious behavior as it occurs, allowing the protocol to be aborted early, thereby conserving energy in the remaining nodes. A rigorous proof of security is also given for each protocol.

00:17 [Pub][ePrint] An Empirical Study and some Improvements of the MiniMac Protocol for Secure Computation, by Ivan Damgaard and Rasmus Lauritsen, and Tomas Toft

  Recent developments in Multi-party Computation (MPC) has resulted in very efficient protocols for dishonest majority in the preprocessing model. In particular, two very promising protocols for Boolean circuits have been proposed by Nielsen et al. (nicknamed TinyOT) and by Damg ̊ard and Zakarias (nicknamed MiniMac). While TinyOT has already been implemented, we present in this paper the first implementation of MiniMac, using the same platform as the existing TinyOT implementation. We also suggest several improvements of MiniMac, both on the protocol design and implementation level. In particular, we suggest a modification of MiniMac that achieves increased parallelism at no extra communication cost. This gives an asymptotic improvement of the original protocol as well as an 8-fold speed-up of our implementation. We compare the resulting protocol to TinyOT for the case of secure computation in parallel of a large number of AES encryptions and find that it performs better than results reported so far on TinyOT, on the same hardware.

00:17 [Pub][ePrint] Optimal Resilience Broadcast against Locally Bounded and General Adversaries, by Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas

  We study the Reliable Broadcast problem in incomplete networks, under the locally bounded adversarial model (Koo, 2004), that is, there is a known bound on the number of players that a Byzantine adversary controls in each player\'s neighborhood. We generalize the model

to the more realistic non-uniform case, by allowing this bound to vary from node to node.

We first settle an open question of Pelc and Peleg (2005) in the affirmative, by showing that Koo\'s Certified Propagation Algorithm (CPA) for ad hoc networks is indeed unique, that is, it can tolerate as many local corruptions as any other non-faulty algorithm, thus having optimal resilience. Actually, we prove the stronger result that a natural extension of CPA is unique for the non-uniform model. We do this by providing a necessary and sufficient condition for reliable broadcast in ad hoc networks. On the other hand, we show that it is NP-hard to check whether this condition holds for a given graph G.

We also study known topology networks and prove that a topological condition, shown by Pelc and Peleg to be necessary for the existence of a Broadcast algorithm, is also sufficient. This leads to an optimal resilience algorithm for known networks as well. On the downside, we prove that PPA is inefficient. However, we are able to provide evidence showing that probably no efficient protocol of optimal resilience exists.

We take one more step, by considering a hybrid between ad hoc and known topology networks: each node knows a part of the network, namely a connected subgraph containing itself. We show that this partial knowledge model allows for more accurate reliable broadcast


Finally, we show that our results extend to the general adversary model. This, among others, means that an appropriate adaptation of CPA is unique against general adversaries in ad hoc networks.

13:40 [Event][New] ASK 2014: The Fourth Asian Workshop on Symmetric Key Cryptography

  Submission: 30 November 2014
From December 19 to December 23
Location: Chennai, India
More Information: http://

00:17 [Pub][ePrint] Stronger Security Notions for Decentralized Traceable Attribute-Based Signatures and More Efficient Constructions, by Essam Ghadafi

  Traceable attribute-based signatures extend standard attribute-based signatures by granting a designated tracing authority the power to revoke the anonymity of signatures by revealing who signed them. Such a feature is important in deterring abuse and enforcing accountability.

In this work, we revisit the notion of Decentralized Traceable Attribute-Based Signatures (DTABS) introduced by El Kaafarani et al. (CT-RSA 2014) and improve the state-of-the-art in two directions: Firstly, we provide a new stronger security model which circumvents some shortcomings in existing models. Our model minimizes the trust placed in attribute authorities and hence provides, among other things, a stronger definition for non-frameability. In addition, unlike previous models, our model

captures the notion of tracing soundness which ensures that even if all parties in the system are fully corrupt, no one but the user who produced the signature could claim authorship of the signature.

Secondly, we provide a generic construction that is secure w.r.t.\\

our strong security model and show two example instantiations in the standard model which are much more efficient than existing constructions (secure under weaker security definitions).

00:17 [Pub][ePrint] Improved Impossible Differential Attacks against Round-Reduced LBlock, by Christina Boura and Marine Minier and Mar\\\'ia Naya-Plasencia and Valentin Suder

  Impossible differential attacks are among the most powerful forms of cryptanalysis against block ciphers. We present in this paper an in-depth complexity analysis of these attacks. We show an unified way to mount such attacks and provide generic formulas for estimating their time, data and memory complexities. LBlock is a well studied lightweight block cipher with respect to impossible differential attacks. While previous single-key cryptanalysis reached up to 22 rounds, by applying our method we are able to break 23 rounds with time complexity $2^{75.36}$ and data complexity $2^{59}$. Other time/data trade-offs are equally possible. This is to our knowledge the best (non-exhaustive search like) cryptanalysis of this function in the single-key model.

00:17 [Pub][ePrint] MSEA: Modified Symmetric Encryption Algorithm, by Rajul Kumar and K. K. Mishra and Ashish Tripathi and Abhinav Tomar and Surendra Singh

  In this article, a new symmetric block cipher named MSEA is proposed. MSEA is based on ARX cryptographic design technique. MSEA is simple in nature due to the use of combinations of elementary operations like modular addition, bit-wise rotation and bit-wise XOR. In MSEA, plain text block, secret key, and number of encryption rounds are variable in size, while the size of cipher text is double of size of plain text. Data-dependant rotation is the most vital feature of MSEA through which the unpredictability of encrypted text is increasing. Key formation and encryption/decryption schemes of MSEA are significantly fast.

00:17 [Pub][ePrint] WCFB: a tweakable wide block cipher, by Andrey Jivsov

  We define a model for applications that process large data sets in a way that enables additional optimizations of encryption operations. We designed a new strong pseudo-random tweakable permutation, WCFB, to take advantage of identified characteristics. WCFB is built with only 2m+1 block cipher invocation for m cipherblocks and approximately 5m XOR operations.

WCFB can benefit from commonly occurring plaintext, such as encryption of a 0^nm sector, and repeated operations on the same wide block.

We prove the birthday-bound security of the mode, expressed in terms of the security of the underlying block cipher.

A case analysys of disk block access requests by Windows 8.1 is provided.

00:17 [Pub][ePrint] On The Orthogonal Vector Problem and The Feasibility of Unconditionally Secure Leakage Resilient Computation, by Ivan Damgård and Frédéric Dupuis and Jesper Buus Nielsen

  We consider unconditionally secure leakage resilient two-party

computation, where security means that the leakage obtained by an

adversary can be simulated using a similar amount of leakage from the

private inputs or outputs. A related problem is known as circuit

compilation, where there is only one device doing a computation on

public input and output. Here the goal is to ensure that the adversary

learns only the input/output behaviour of the computation, even given

leakage from the internal state of the device. We study these

problems in an enhanced version of the ``only computation leaks\'\'

model, where the adversary is additionally allowed a bounded amount of

{\\em global} leakage from the state of the entity under attack. In

this model, we show the first unconditionally secure leakage resilient

two-party computation protocol. The protocol assumes access to

correlated randomness in the form of a functionality $\\fOrt$ that

outputs pairs of orthogonal vectors $(\\vec{u}, \\vec{v})$ over some

finite field, where the adversary can leak independently from

$\\vec{u}$ and from $\\vec{v}$. We also construct a general circuit

compiler secure in the same leakage model. Our constructions work,

even if the adversary is allowed to corrupt a constant fraction of the

calls to $\\fOrt$ and decide which vectors should be output. On the

negative side, we show that unconditionally secure two-party

computation and circuit compilation are in general impossible in the

plain version of our model. For circuit compilation we need a

computational assumption to exhibit a function that cannot be securely

computed, on the other hand impossibility holds even if global leakage

is not allowed. It follows that even a somewhat unreliable version of

$\\fOrt$ cannot be implemented with unconditional security in the plain

leakage model, using classical communication. However, we show that an

implementation using quantum communication does exist. In particular,

we propose a simple ``prepare-and-measure\'\' type protocol which we

show secure using a new result on sampling from a quantum

population. Although the protocol may produce a small number of

incorrect pairs, this is sufficient for leakage resilient computation

by our other results.

00:17 [Pub][ePrint] Structural Lattice Reduction: Generalized Worst-Case to Average-Case Reductions, by Nicolas Gama and Malika Izabachene and Phong Q. Nguyen and Xiang Xie

  In lattice cryptography, worst-case to average-case reductions rely on two problems: Ajtai\'s SIS and Regev\'s LWE,

which refer to a very small class of random lattices related to the group G=Z_q^n.

We generalize worst-case to average-case reductions to (almost) all integer lattices,

by allowing G to be any (sufficiently large) finite abelian group.

In particular, we obtain a partition of the set of full-rank integer lattices of large volume

such that finding short vectors in a lattice chosen uniformly at random from any of the partition cells is as hard as finding short vectors in any integer lattice.

Our main tool is a novel group generalization of lattice reduction, which we call structural lattice reduction: given a finite abelian group $G$ and a lattice $L$,

it finds a short basis of some lattice $\\bar{L}$ such that $L \\subseteq \\bar{L}$ and $\\bar{L}/L \\simeq G$.

Our group generalizations of SIS and LWE allow us to abstract lattice cryptography, yet preserve worst-case assumptions.