International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2012-04-26
21:47 [Event][New]

Submission: 16 July 2012
From October 15 to October 15
Location: Raleigh, USA

12:09 [PhD][Update]

Name: Kazuo Sakiyama
Topic: Secure Design Methodology and Implementation for Embedded Public-key Cryptosystems
Category:implementation

Description: Efficient embedded systems are implemented taking into account both hardware and software (HW/SW). In the security domain, cryptosystems need to be resistant against Side-Channel Attacks (SCAs) to protect secret information. Therefore trade-offs between cost, performance and security need to be explored when implementing cryptosystems. The goal for this thesis is to find the best architecture by investigating the trade-offs. The first contribution of this thesis focuses on a HW/SW architecture for Public-Key Cryptography (PKC). We introduce a new scalable and flexible Modular Arithmetic Logic Unit (MALU) that can be used for both RSA and curve-based cryptosystems such as Elliptic Curve Cryptography (ECC) and Hyper-Elliptic Curve Cryptography (HECC). The MALU is the main block in the hardware coprocessor and can accelerate modulo n operations and modular operations over GF(2^m) efficiently. We conclude that the proposed HW/SW platform can be used commonly for developing public-key cryptosystems. The second part of this thesis deals with several case studies that explore the cost and performance trade-offs based on the proposed platform. Two extreme examples of public-key implementations will be introduced; one offers very high performance that is necessary for powerful security systems such as banking servers. By exploiting multi-level parallelism, the proposed ECC processor can perform more than 80 000 point multiplications per second. Another one is targeting a low-power application such as passive RFID tags. We show that the compact version of the MALU consumes less than 30 uW @500 kHz. In addition, we discuss a system-level design flow that can be used for evaluating the security level of hardware implementations against power analysis attacks. The design flow offers an environment to get a quick and correct evaluation of the first order attacks. In this way, we can take the cost for SCA resistance into account in an early stage of the design.[...]

09:01 [PhD][Update]

Name: Amos Beimel
Topic: Secure Schemes for Secret Sharing and Key Distribution
Category:foundations

2012-04-25
07:14 [Event][Update]

Submission: 20 August 2012
From November 28 to November 30
Location: Graz, Austria

2012-04-24
15:54 [Event][New]

Submission: 15 October 2012
From November 28 to November 30
Location: Graz, Austria

2012-04-23
20:24 [Job][New]

Orange Labs and the ENS (Ecole Normale Supérieure) are searching Ph.D. candidates to work on the way to securely delegate some basic cryptographic operations to a more powerful but not necessarily trusted entity.

The candidate should have a Master degree with a strong knowledge in cryptography. In particular, mathematical and algorithmic aspects of cryptography are very important for this Ph.D. thesis.

20:19 [Event][New]

Submission: 25 May 2012
From September 13 to September 14
Location: Pisa, Italy

09:23 [Event][Update]

Submission: 20 April 2012
From September 26 to September 28
Location: Chengdu, China

00:17 [Pub][ePrint]

In Europe and North America, the most widely used stream cipher to ensure privacy and confidentiality of conversations in GSM mobile phones is the A5/1. In this paper, we present a new attack on the A5/1 stream cipher with a minimum time complexity of around 2^(40) and an average complexity of 2^(48.5), which is much lesser than the brute-force attack with a complexity of 2^(64). The attack has a 100% success rate and requires about 5.65GB storage. We provide a detailed description of our new attack along with its implementation and results.

00:17 [Pub][ePrint]

In the last few years, the need to design new cryptographic hash

functions has led to the intense study of when desired hash

multi-properties are preserved or assured under compositions and

domain extensions. In this area, it is important to identify the

exact notions and provide often complex proofs of the resulting

properties. Getting this analysis right (as part of provable security

studies) is, in fact, analogous to cryptanalysis. We note that it is

important and quite subtle to get indeed the right\'\' notions and

properties, and right\'\' proofs in this relatively young

area. Specifically, the security notion we deal with is adaptive

preimage resistance\'\' (apr) which was introduced by Lee and Park as an extension of preimage resistance\'\' (pr). In

Eurocrypt 2010, in turn, Lee and Steinberger already

used the apr security notion to prove preimage awareness\'\' and

indifferentiable security\'\' of their new double-piped mode of

operation. They claimed that if $H^P$ is collision-resistant (cr) and apr,

then $F(M)=\\mathcal{R}(H^P(M))$ is indifferentiable from a variable

output length (VIL) random oracle $\\mathcal{F}$, where $H^P$ is a

function based on an ideal primitive $P$ and $\\mathcal{R}$ is a fixed

input length (FIL) random oracle. However, there are some limitations in their claim, because they considered only indifferentiability security notion in the information-theoretic adversarial model, not in the computation-theoretic adversarial model. As we show in the current

work, the above statement is \\textit{not} correct in the computation-theoretic adversarial model. First in our

studies, we give a counterexample to the above. Secondly, we describe

\\textit{a new requirement} on $H^P$ (called admissibility\'\') so that

the above statement is correct even in the computation-theoretic adversarial model. Thirdly, we show that apr is, in fact,

not a strengthened notion of preimage resistance. Fourthly, we

explain the relation between preimage awareness and cr+apr+(our new

requirement) in the computation-theoretic adversarial model. Finally, we show that a polynomial-based mode of

operation \\cite{LeSt10} satisfies our new requirement; namely, the

polynomial-based mode of operation with fixed-input-length random

oracles is indifferentiable from a variable-input-length random oracle in the computation-theoretic adversarial model.

00:17 [Pub][ePrint]

It has been pointed out that an $n$-variable Boolean function $f$ has optimal resistance against fast algebraic attacks if and only if there does not exist a nonzero $n$-variable Boolean function $g$ of degree lower than $\\frac{n}{2}$ such that $fg=h$ and \$\\mathrm{deg}(g)+\\mathrm{deg}(h)