International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

14:20 [PhD][New] Özgül Küçük: Design and Analysis of Cryptographic Hash Functions

  Name: Özgül Küçük
Topic: Design and Analysis of Cryptographic Hash Functions
Category: secret-key cryptography

Description: The topic of this thesis is the design and analysis of cryptographic hash functions. \r\n\r\nA hash function is a map from variable-length input bit strings to fixed-length output bit strings. Despite their simple \r\ndefinition, hash functions play an essential role in a wide area \r\nof applications such as digital signature algorithms, message \r\nauthentication codes, password verification, and key derivation. \r\n\r\n\r\nThe main contribution of this thesis is a novel and elegant proposal \r\nof a cryptographic hash function. \r\nIn this thesis, we approach the problem of the design and analysis of \r\ncryptographic hash functions with a particular example, the hash function Hamsi.\r\nThe design of Hamsi is based on the use of a relatively light underlying\r\nprimitive in each iteration of the mode of operation, combined with \r\na strong message expansion function.\r\nWe investigate the design constraints of this approach by analyzing Hamsi.\r\nIn the first part, we cover the design aspects of Hamsi \r\nand also propose a variant called Hamsi$^\\oplus$. \r\nIn the sequent parts we provide analysis results, namely\r\nindifferentiability analysis and collision analysis. \r\nFinally, as a separate research study we analyze the initialization \r\nof the stream cipher Grain.[...]

12:17 [Pub][ePrint] Compress Multiple Ciphertexts Using ElGamal Encryption Schemes, by Myungsun Kim and Jihye Kim and Jung Hee Cheon

  In this work we deal with the problem of how to squeeze multiple ciphertexts without losing original message information. To do so, we formalize the notion of decomposability for public-key encryption and investigate why adding decomposability is challenging. We construct an ElGamal encryption scheme over extension fields, and show that it supports the efficient decomposition. We then analyze security of our scheme under the standard DDH assumption, and evaluate the performance of our construction.

12:17 [Pub][ePrint] Cryptography from tensor problems, by Leonard J. Schulman

  We describe a new proposal for a trap-door one-way function.

The new proposal belongs to the ``multivariate quadratic\'\'

family but the trap-door is different from existing methods,

and is simpler.

Known quantum algorithms do not appear to help an adversary

attack this trap-door. (Beyond the asymptotic

square-root-speedup which applies to all oracle search


12:17 [Pub][ePrint] On the Equivalence between the Set Covering Problem and the Problem of Finding Optimal Cumulative Assignment Schemes, by Qiang Li and Xiangxue Li and Dong Zheng and Zheng Huang and Kefei Chen

  A cumulative assignment scheme (CAS for short) is a special type of secret sharing schemes. For any given access structure (AS), a CAS which minimizes the cardinality of the primitive share set (the average information rate, or the worst information rate) is called an optimal CAS and can be constructed via solving some binary integer programming (BIP). The problem of finding optimal CAS\'s for complete AS\'s is solved.

We consider in this paper the problem of finding optimal CAS\'s for incomplete AS\'s. The paper introduces some notions including the connected-super-forbidden-family and the lower-forbidden-family for AS\'s. We show that an optimal CAS can be derived from some smaller sized BIP whose variables (constraints, resp.) are based on the connected-super-forbidden-family (lower-forbidden-family, resp.) of the given AS. The paper further builds the close relationship between the problem of finding optimal CAS\'s and the set covering problem (SCP). We prove that the problem of finding a CAS with minimum cardinality of the primitive share set (or minimum average information rate) is equivalent to the SCP, and thus is NP-hard. Other contributions of the paper include: 1) two types of AS\'s are recognized so that we can construct the corresponding optimal CAS\'s directly; and 2) a greedy algorithm is proposed to find CAS\'s with smaller worst information rate.

12:17 [Pub][ePrint] A Secret Sharing Scheme Based on Group Presentations and the Word Problem, by Maggie Habeeb and Delaram Kahrobaei and Vladimir Shpilrain

  A $(t,n)$-threshold secret sharing scheme is a method to distribute a secret among $n$ participants in such a way that any $t$ participants can recover the secret, but no $t-1$ participants can.

In this paper, we propose two secret sharing schemes using non-abelian groups. One scheme is the special case where all the participants must get together to recover the secret. The other one is a $(t,n)$-threshold scheme that is a combination of Shamir\'s scheme and the group-theoretic scheme proposed in this paper.

12:17 [Pub][ePrint] On Efficient Pairings on Elliptic Curves over Extension Fields, by Xusheng Zhang and Kunpeng Wang and Dongdai Lin

  In implementation of elliptic curve cryptography, three kinds of finite fields have been widely studied, i.e. prime field, binary field and optimal extension field. In pairing-based cryptography, however, pairing-friendly curves are usually chosen among ordinary curves over prime fields and supersingular curves over extension fields with small characteristics.

In this paper, we study pairings on elliptic curves over extension fields from the point of view of accelerating the Miller\'s algorithm to present further advantage of pairing-friendly curves over extension fields, not relying on the much faster field arithmetic. We propose new pairings on elliptic curves over extension fields can make better use of the multi-pairing technique for the efficient implementation. By using some implementation skills, our new pairings could be implemented much more efficiently than the optimal ate pairing and the optimal twisted ate pairing on elliptic curves over extension fields. At last, we use the similar method to give more efficient pairings on Estibals\'s supersingular curves over composite extension fields in parallel implementation.

12:17 [Pub][ePrint] Two Bitcoins at the Price of One? Double-Spending Attacks on Fast Payments in Bitcoin, by Ghassan O. Karame and Elli Androulaki and Srdjan Capkun

  Bitcoin is a decentralized payment system that is based on Proof-of-Work. Bitcoin is currently gaining popularity as a digital currency; several businesses are starting to accept Bitcoin transactions. An example case of the growing use of Bitcoin was recently reported in the media; here, Bitcoins were used as a form of fast payment in a local fast-food restaurant.

In this paper, we analyze the security of using Bitcoin for fast payments, where the time between the exchange of currency and goods is short (i.e., in the order of few seconds). We focus on double-

spending attacks on fast payments and demonstrate that these attacks can be mounted at low cost on currently deployed versions of Bitcoin. We further show that the measures recommended by Bitcoin developers for the use of Bitcoin in fast transactions are not always effective in resisting double-spending; we show that if those recommendations are integrated in future Bitcoin implementations, double-spending

attacks on Bitcoin will still be possible. Finally, we leverage on our findings and propose a lightweight countermeasure that enables the detection of double-spending attacks in fast transactions.

12:17 [Pub][ePrint] Binary and q-ary Tardos codes, revisited, by Boris Skoric and Jan-Jaap Oosterwijk

  The Tardos code is a much studied collusion-resistant fingerprinting code, with the special property that it has asymptotically optimal

length $m\\propto c_0^2$, where $c_0$ is the number of colluders.

In this paper we simplify the security proofs for this code,

making use of the Bernstein inequality and Bennett inequality instead of

the typically used Markov inequality. This simplified proof technique also slightly improves the tightness of the bound on the false negative error probability. We present new results on code length optimization, for both small and asymptotically large coalition sizes.

12:17 [Pub][ePrint] New Identity Based Encryption And Its Proxy Re-encryption, by Xu An Wang and Xiaoyuan Yang

  Identity based encryption (IBE) has received great attention since Boneh and Franklin\'s breakthrough work on bilinear group based IBE [4]. Till now, many IBE schemes relying on bilinear groups with dierent properties have been proposed [5, 25, 29, 14]. However, one part of the user\'s private key in all these IBE schemes is constructed as y = f(msk), where msk is the master key and y is an element in the underlying bilinear group G. In this paper, we propose a new IBE: one part of the private key is y = f(msk), where msk is the master key and y is an element in Zp . Here p is the underlying bilinear group\'s prime order. By using some novel techniques, we prove this new IBE is semantic secure under the selective identity chosen plaintext attacks (IND-sID-CPA) in the standard model. Based on this IBE scheme, we construct

an IND-ID-CCA secure identity based proxy re-encryption (IBPRE) scheme

which is master secret secure and ecient for the proxy compared with

other IND-ID-CCA (IBPRE) schemes.

15:50 [Event][Update] SCC2012: Third international conference on Symbolic Computation and Cryptography

  Submission: 12 May 2012
Notification: 18 May 2012
From July 11 to July 13
Location: Castro Urdiales(Cantabria), Spain
More Information:

18:17 [Pub][ePrint] A secret sharing scheme of prime numbers based on hardness of factorization, by Kai-Yuen Cheong

  Secret sharing schemes usually have perfect information theoretic security. This implies that each share must be as large as the secret. In this work we propose a scheme where the shares are smaller, while the security becomes computational. The computational security assumption is hardness of factorization, which is a simple and rather standard assumption in cryptography. In our scheme, the shared secret can only be a set of prime numbers.