International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

21:17 [Pub][ePrint] Arithmetic on Abelian and Kummer Varieties, by David Lubicz and Damien Robert

  A Kummer variety is the quotient of an abelian variety by

the automorphism $(-1)$ acting on it.

Kummer varieties can be seen as a higher dimensional generalisation of

the $x$-coordinate representation of a point of an elliptic curve

given by its Weierstrass model. Although there is no group law on the

set of points of a Kummer variety, there remains enough arithmetic

to enable the computation of exponentiations via a

Montgomery ladder based on differential additions.

In this paper, we explain that the arithmetic of a Kummer variety

is much richer than

usually thought. We describe a set of composition laws

which exhaust this arithmetic and show that these

laws may turn out to be useful in order to improve certain

algorithms. We explain how to compute efficiently these laws in the model of

Kummer varieties provided by level $2$ theta functions. We also

explain how to recover the full group law of the abelian variety

with a representation almost as compact and in many cases as efficient as

the level $2$ theta functions model of Kummer varieties.

21:17 [Pub][ePrint] Hardness of k-LWE and Applications in Traitor Tracing, by San Ling and Duong Hieu Phan and Damien Stehle and Ron Steinfeld

  We introduce the k-LWE problem, a Learning With Errors variant of the

k-SIS problem. The Boneh-Freeman reduction from SIS to k-SIS suffers from an exponential loss in k. We improve and extend it to an LWE to k-LWE reduction with a polynomial loss in k, by relying on a new technique involving trapdoors for random integer kernel lattices. Based on this hardness result, we present the first algebraic construction of a traitor tracing scheme whose security relies on the worst-case hardness of standard lattice problems. The proposed LWE traitor tracing is almost as efficient as the LWE encryption. Further, it achieves public traceability, i.e., allows the authority to delegate the tracing capability to untrusted parties. To this aim, we introduce the notion of projective sampling family in which each sampling function is keyed and, with a projection of the key on a well chosen space, one can simulate the sampling function in a computationally indistinguishable way. The construction of a projective sampling family from k-LWE allows us to achieve public traceability, by publishing the projected keys of the users. We believe that the new lattice tools and the projective sampling

family are quite general that they may have applications in other areas.

21:17 [Pub][ePrint] Improved Short Lattice Signatures in the Standard Model, by Léo Ducas and Daniele Micciancio

  We present a signature scheme provably secure in the standard model (no random oracles) based on the

worst-case complexity of approximating the Shortest Vector Problem in ideal lattices within polynomial

factors. The distinguishing feature of our scheme is that it achieves short signatures (consisting of a

single lattice vector), and relatively short public keys (consisting of O(log n) vectors.) Previous lattice

schemes in the standard model with similarly short signatures, due to Boyen (PKC 2010) and Micciancio

and Peikert (Eurocrypt 2012), had substantially longer public keys consisting of Ω(n) vectors (even when

implemented with ideal lattices). We also present a variant of our scheme that further reduces the public

key size to just O(log log n) vectors and allows for a tighther security proof by making the signer stateful.

21:17 [Pub][ePrint]


21:17 [Pub][ePrint]


21:17 [Pub][ePrint]


21:17 [Pub][ePrint] Security and Efficiency Analysis of The Hamming Distance Computation Protocol Based On Oblivious Transfer, by Mehmet Sabır Kiraz and Ziya Alper Genç and Süleyman Kardaş

  In Financial Cryptography 2013, Bringer, Chabanne

and Patey proposed two biometric authentication schemes between

a prover and a verifier where the verifier has biometric

data of the users in plain form. The protocols are based on secure

computation of Hamming distance in the two-party setting. Their

first scheme uses Oblivious Transfer (OT) and provides security

in the semi-honest model. The other scheme uses Committed

Oblivious Transfer (COT) and is claimed to provide full security

in the malicious case.

In this paper, we show that their protocol against malicious

adversaries is not actually secure. We propose a generic attack

where the Hamming distance can be minimized without knowledge

of the real input of the user. Namely, any attacker can

impersonate any legitimate user without prior knowledge. We

propose an enhanced version of their protocol where this attack

is eliminated. We provide a simulation based proof of the security

of our modified protocol. In addition, for efficiency concerns, the

modified version also utilizes Verifiable Oblivious Transfer (VOT)

instead of COT. The use of VOT does not reduce the security of

the protocol but improves the efficiency significantly.

21:17 [Pub][ePrint]


21:12 [PhD][New] J. C. Migliore

  Name: J. C. Migliore

21:12 [PhD][Update] Elisa Gorla: Lifting properties from the general hyperplane section of a projective scheme

  Name: Elisa Gorla
Topic: Lifting properties from the general hyperplane section of a projective scheme
Category:(no category)

15:17 [Pub][ePrint] Universally Composable Non-Interactive Key Exchange, by Eduarda S.V. Freire and Julia Hesse and Dennis Hofheinz

  We consider the notion of a non-interactive key exchange (NIKE). A NIKE scheme allows a party \\(A\\) to compute a common shared key with another party \\(B\\) from \\(B\\)\'s public key and \\(A\\)\'s secret key alone. This computation requires no interaction between \\(A\\) and \\(B\\), a feature which distinguishes NIKE from regular (i.e., interactive) key exchange not only quantitatively, but also qualitatively.

Our first contribution is a formalization of NIKE protocols as ideal

functionalities in the Universal Composability (UC) framework.

As we will argue, existing NIKE definitions (all of which are game-based) do not support a modular analysis either of NIKE schemes themselves, or of the use of NIKE schemes. We provide a simple and natural UC-based NIKE definition that allows for a modular analysis both of NIKE schemes and their use in larger protocols.

We proceed to investigate the properties of our new definition, and in

particular its relation to existing game-based NIKE definitions. We find that

(a) game-based NIKE security is equivalent to UC-based NIKE security

against \\emph{static} corruptions, and

(b) UC-NIKE security against adaptive corruptions cannot be achieved

without additional assumptions (but \\emph{can} be achieved in the random oracle model).

Our results suggest that our UC-based NIKE definition is a useful and simple abstraction of non-interactive key exchange.