*09:17* [Pub][ePrint]
Constructing hyper-bent functions from Boolean functions with the Walsh spectrum taking the same value twice, by Chunming Tang and Yanfeng Q
Hyper-bent functions as a subclass of bent functions attract much interest and it is elusive to completely characterize hyper-bent functions. Most of known hyper-bent functions are Boolean functions with Dillon exponents and they are often characterized by special values of Kloosterman sums.In this paper, we present a method for characterizing hyper-bent functions

with Dillon exponents. A class of hyper-bent functions with Dillon exponents

over $\\mathbb{F}_{2^{2m}}$ can be characterized by

a Boolean function over $\\mathbb{F}_{2^m}$, whose Walsh spectrum takes the same value twice.

Further, we show several classes of

hyper-bent functions with Dillon exponents characterized by

Kloosterman sum identities and the Walsh

spectra of some common Boolean functions.

*09:17* [Pub][ePrint]
Curve41417: Karatsuba revisited, by Daniel J. Bernstein and Chitchanok Chuengsatiansup and Tanja Lange
This paper introduces constant-time ARM Cortex-A8 ECDH software that(1) is faster than the fastest ECDH option in the latest version of OpenSSL but

(2) achieves a security level above 2^200 using a prime above 2^400.

For comparison, this OpenSSL ECDH option is not constant-time and has a security level of only 2^80.

The new speeds are achieved in a quite different way

from typical prime-field ECC software:

they rely on a synergy between Karatsuba\'s method

and choices of radix smaller than the CPU word size.

*18:17* [Pub][ePrint]
Cryptography from Compression Functions: The UCE Bridge to the ROM, by Mihir Bellare and Viet Tung Hoang and Sriram Keelveedhi
This paper suggests and explores the use of UCE security for the task ofturning VIL-ROM schemes into FIL-ROM ones. The benefits we offer over

indifferentiability, the current leading method for this task, are the ability

to handle multi-stage games and greater efficiency. The paradigm consists of

(1) Showing that a VIL UCE function can instantiate the VIL RO in the scheme,

and (2) Constructing the VIL UCE function given a FIL random oracle. The main

technical contributions of the paper are domain extension transforms that

implement the second step. Leveraging known results for the first step we

automatically obtain FIL-ROM constructions for several primitives whose

security notions are underlain by multi-stage games. Our first domain extender

exploits indifferentiability, showing that although the latter does not work

directly for multi-stage games it can be used indirectly, through UCE, as a

tool for this end. Our second domain extender targets performance. It is

parallelizable and shown through implementation to provide significant

performance gains over indifferentiable domain extenders.

*21:17* [Pub][ePrint]
On Constrained Implementation of Lattice-based Cryptographic Primitives and Schemes on Smart Cards, by Ahmad Boorghany and Siavash Bayat Sarmadi and Rasool Jalili
Most lattice-based cryptographic schemes with a security proof suffer from large key sizes and heavy computations. This is also true for the simpler case of authentication protocols which are used on smart cards, as a very-constrained computing environment.Recent progress on ideal lattices has significantly improved the efficiency, and made it possible to implement practical lattice-based cryptography on constrained devices. However, to the best of our knowledge, no previous attempts were made to implement lattice-based schemes on smart cards.

In this paper, we provide the results of our implementation of several state-of-the-art lattice-based authentication protocols on smart cards and a microcontroller widely used in smart cards. Our results show that only a few of the proposed lattice-based authentication protocols can be implemented using limited resources of such constrained devices, however, cutting-edge ones are suitably-efficient to be used practically on smart cards.

Moreover, we have implemented fast Fourier transform (FFT) and discrete Gaussian sampling with different typical parameters sets, as well as versatile lattice-based public-key encryptions. These results have noticeable points which help to design or optimize lattice-based schemes for constrained devices.