*18:45*[Event][New] crypt@b-it 2012: crypt@b-it 2012: Summer school on Cryptography

From July 16 to July 20

Location: Bonn, Germany

More Information: http://cosec.bit.uni-bonn.de/students/events/cryptabit2012/

Get an update on changes of the IACR web-page here. For questions, contact *newsletter (at) iacr.org*.
You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

From July 16 to July 20

Location: Bonn, Germany

More Information: http://cosec.bit.uni-bonn.de/students/events/cryptabit2012/

2012-05-07

Abstract A new technique for combinational logic optimization is described. The technique is a two-step process. In the first step, the nonlinearity of a circuit—as measured by the number of nonlinear gates it contains—is reduced. The second step reduces the number of gates in the linear components of the already reduced circuit. The technique can be applied to arbitrary combinational logic problems, and often yields improvements even after optimization by standard methods has been performed. In this paper we show the results of our technique when applied to the S-box of the Advanced Encryption Standard (FIPS in Advanced Encryption Standard (AES), National Institute of Standards and Technology, 2001). We also show that, in the second step, one is faced with an NP-hard problem, the Shortest Linear Program (SLP) problem, which is to minimize the number of linear operations necessary to compute a set of linear forms. In addition to showing that SLP is NP-hard, we show that a special case of the corresponding decision problem is Max SNP-complete, implying limits to its approximability. Previous algorithms for minimizing the number of gates in linear components produced cancellation-free straight-line programs, i.e., programs in which there is no cancellation of variables in GF(2). We show that such algorithms have approximation ratios of at least 3/2 and therefore cannot be expected to yield optimal solutions to nontrivial inputs. The straight-line programs produced by our techniques are not always cancellation-free. We have experimentally verified that, for randomly chosen linear transformations, they are significantly smaller than the circuits produced by previous algorithms.

- Content Type Journal Article
- Pages 1-33
- DOI 10.1007/s00145-012-9124-7
- Authors
- Joan Boyar, Department of Mathematics and Computer Science, University of Southern Denmark, Odense, Denmark
- Philip Matthews, Aarhus University, Aarhus, Denmark
- René Peralta, Information Technology Laboratory, NIST, Gaithersburg, MD, USA

- Journal Journal of Cryptology
- Online ISSN 1432-1378
- Print ISSN 0933-2790

2012-05-05

Submission: 11 May 2012

Notification: 1 June 2012

From July 9 to July 10

Location: Vigo, Spain

More Information: https://www.cosic.esat.kuleuven.be/ecrypt/provpriv2012/

The 18th Annual International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2012, will be held in Beijing, China. Beijing is a dynamic city rich in contrast and colour where you will find a harmonious blend of culture, cuisine, arts and architecture here.

Submission Deadline:

Notifications to Authors: August 16, 2012

Proceedings Version Deadline: September 9, 2012

ASIACRYPT 2012 Conference: December 2-6, 2012

2012-05-04

Name: Özgül Küçük

Topic: Design and Analysis of Cryptographic Hash Functions

Category:secret-key cryptography

Description: The topic of this thesis is the design and analysis of cryptographic hash functions. A hash function is a map from variable-length input bit strings to fixed-length output bit strings. Despite their simple definition, hash functions play an essential role in a wide area of applications such as digital signature algorithms, message authentication codes, password verification, and key derivation. The main contribution of this thesis is a novel and elegant proposal of a cryptographic hash function. In this thesis, we approach the problem of the design and analysis of cryptographic hash functions with a particular example, the hash function Hamsi. The design of Hamsi is based on the use of a relatively light underlying primitive in each iteration of the mode of operation, combined with a strong message expansion function. We investigate the design constraints of this approach by analyzing Hamsi. In the first part, we cover the design aspects of Hamsi and also propose a variant called Hamsi$^\oplus$. In the sequent parts we provide analysis results, namely indifferentiability analysis and collision analysis. Finally, as a separate research study we analyze the initialization of the stream cipher Grain.[...]

Name: Özgül Küçük

Topic: Design and Analysis of Cryptographic Hash Functions

Category: secret-key cryptography

Description: The topic of this thesis is the design and analysis of cryptographic hash functions. \r\n\r\nA hash function is a map from variable-length input bit strings to fixed-length output bit strings. Despite their simple \r\ndefinition, hash functions play an essential role in a wide area \r\nof applications such as digital signature algorithms, message \r\nauthentication codes, password verification, and key derivation. \r\n\r\n\r\nThe main contribution of this thesis is a novel and elegant proposal \r\nof a cryptographic hash function. \r\nIn this thesis, we approach the problem of the design and analysis of \r\ncryptographic hash functions with a particular example, the hash function Hamsi.\r\nThe design of Hamsi is based on the use of a relatively light underlying\r\nprimitive in each iteration of the mode of operation, combined with \r\na strong message expansion function.\r\nWe investigate the design constraints of this approach by analyzing Hamsi.\r\nIn the first part, we cover the design aspects of Hamsi \r\nand also propose a variant called Hamsi$^\\oplus$. \r\nIn the sequent parts we provide analysis results, namely\r\nindifferentiability analysis and collision analysis. \r\nFinally, as a separate research study we analyze the initialization \r\nof the stream cipher Grain.[...]

2012-05-03

In this work we deal with the problem of how to squeeze multiple ciphertexts without losing original message information. To do so, we formalize the notion of decomposability for public-key encryption and investigate why adding decomposability is challenging. We construct an ElGamal encryption scheme over extension fields, and show that it supports the efficient decomposition. We then analyze security of our scheme under the standard DDH assumption, and evaluate the performance of our construction.

We describe a new proposal for a trap-door one-way function.

The new proposal belongs to the ``multivariate quadratic\'\'

family but the trap-door is different from existing methods,

and is simpler.

Known quantum algorithms do not appear to help an adversary

attack this trap-door. (Beyond the asymptotic

square-root-speedup which applies to all oracle search

problems.)

A cumulative assignment scheme (CAS for short) is a special type of secret sharing schemes. For any given access structure (AS), a CAS which minimizes the cardinality of the primitive share set (the average information rate, or the worst information rate) is called an optimal CAS and can be constructed via solving some binary integer programming (BIP). The problem of finding optimal CAS\'s for complete AS\'s is solved.

We consider in this paper the problem of finding optimal CAS\'s for incomplete AS\'s. The paper introduces some notions including the connected-super-forbidden-family and the lower-forbidden-family for AS\'s. We show that an optimal CAS can be derived from some smaller sized BIP whose variables (constraints, resp.) are based on the connected-super-forbidden-family (lower-forbidden-family, resp.) of the given AS. The paper further builds the close relationship between the problem of finding optimal CAS\'s and the set covering problem (SCP). We prove that the problem of finding a CAS with minimum cardinality of the primitive share set (or minimum average information rate) is equivalent to the SCP, and thus is NP-hard. Other contributions of the paper include: 1) two types of AS\'s are recognized so that we can construct the corresponding optimal CAS\'s directly; and 2) a greedy algorithm is proposed to find CAS\'s with smaller worst information rate.

A $(t,n)$-threshold secret sharing scheme is a method to distribute a secret among $n$ participants in such a way that any $t$ participants can recover the secret, but no $t-1$ participants can.

In this paper, we propose two secret sharing schemes using non-abelian groups. One scheme is the special case where all the participants must get together to recover the secret. The other one is a $(t,n)$-threshold scheme that is a combination of Shamir\'s scheme and the group-theoretic scheme proposed in this paper.

In implementation of elliptic curve cryptography, three kinds of finite fields have been widely studied, i.e. prime field, binary field and optimal extension field. In pairing-based cryptography, however, pairing-friendly curves are usually chosen among ordinary curves over prime fields and supersingular curves over extension fields with small characteristics.

In this paper, we study pairings on elliptic curves over extension fields from the point of view of accelerating the Miller\'s algorithm to present further advantage of pairing-friendly curves over extension fields, not relying on the much faster field arithmetic. We propose new pairings on elliptic curves over extension fields can make better use of the multi-pairing technique for the efficient implementation. By using some implementation skills, our new pairings could be implemented much more efficiently than the optimal ate pairing and the optimal twisted ate pairing on elliptic curves over extension fields. At last, we use the similar method to give more efficient pairings on Estibals\'s supersingular curves over composite extension fields in parallel implementation.