International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

18:17 [Pub][ePrint] Cross-Unlinkable Hierarchical Group Signatures, by Julien Bringer and Herve Chabanne and Alain Patey

  We introduce the notion of Cross-Unlinkability for group signature schemes. Considering groups organized in a tree structure, where belonging to the parent group is required to join a new group, Cross-Unlinkability enables a cascade revocation process that takes into account the underlying tree structure, while ensuring anonymity for non-revoked users, in particular, towards the managers of the other groups. We show how to achieve Cross-Unlinkability using the Verifier-Local Revocation group signature scheme of Bringer and Patey at Secrypt 2012, by exploiting its property of Backward Unlinkability.

18:17 [Pub][ePrint] Efficient Implementation of Bilinear Pairings on ARM Processors, by Gurleen Grewal, Reza Azarderakhsh, Patrick Longa, Shi Hu, and David Jao

  As hardware capabilities increase, low-power devices such

as smartphones represent a natural environment for the efficient

implementation of cryptographic pairings. Few works in the literature

have considered such platforms despite their growing importance in a

post-PC world. In this paper, we investigate the efficient computation

of the Optimal-Ate pairing over Barreto-Naehrig curves in software at

different security levels on ARM processors. We exploit

state-of-the-art techniques and propose new optimizations to speed up

the computation in the tower field and curve arithmetic. In

particular, we extend the concept of lazy reduction to inversion in

extension fields, analyze an efficient alternative for the sparse

multiplication used inside the Miller\'s algorithm and reduce further

the cost of point/line evaluation formulas in affine and projective

homogeneous coordinates. In addition, we study the efficiency of using

M-type sextic twists in the pairing computation and carry out a

detailed comparison between affine and projective coordinate

systems. Our implementations on various mass-market smartphones and

tablets significantly improve the state-of-the-art of pairing

computation on ARM-powered devices, outperforming by at least a factor

of 3.5 the best previous results in the literature.

04:48 [Event][New] (IJCSS): International Journal of Computer Science and Security

  Submission: 31 July 2012
Notification: 15 September 2012
From October 31 to October 31
More Information:

12:17 [Pub][ePrint] An ID-Based Key Agreement Protocol Based on ECC Among Users of Separate Networks, by Mohammad Sabzinejad Farash and Mahmoud Ahmadian Attari

  In this article we propose an identity based key agreement protocol based on elliptic curve cryptography (ECC) between users of different networks with independent private key generations (PKGs). Our protocol is based on Cao et al.\'s protocol ,proposed in 2010, in which instead of bilinear pairings, elliptic curves are used for constructing an ID-based key agreement protocol . Our protocol develops Cao et al\'s protocol for situations that two users of independent organizations or networks with separate servers (that in this article, are named PKGs, because their main duty is generating private keys for the users) want to share a secret key via an insecure link. We also prove the security of the protocol in the random oracle model.

12:17 [Pub][ePrint] A New Efficient Authenticated ID-Based Group Key Agreement Protocol, by Morteza Arifi and Mahmoud Gardeshi and Mohammad Sabzinejad Farash

  Group key agreement (GKA) protocols Play a main role in constructing secure multicast channels. These protocols are algorithms that describe how a group of parties communicating over a public network can gain a common secret key. ID-based authenticated group key agreement (AGKA) cryptosystems based on bilinear pairings are update researching subject because of the simplicity of their public key management and their efficiency. The key agreement protocol is a good way to establish a common session key for communication. But in a group of member\'s communication, we not only need to establish a common session key, but also need to concern the member changing situation. In this paper we propose a protocol based on Weil pairing, ID-based authentication and complete ternary tree architecture. We show that our protocol satisfies all known security requirements, and therefore it is more secure and efficient than the compared group key exchange protocols that we discuss in this article.

12:17 [Pub][ePrint] On second-order nonlinearity and maximum algebraic immunity of some bent functions in $\\cP S^+$, by Brajesh Kumar Singh

  In this paper, by modifying a subclass of bent functions in

$\\mathcal P S_{ap}$, we construct another subclass of bent functions

in $\\mathcal P S^+$ with maximum algebraic degree. We demonstrate

that the algebraic immunity of the constructed functions is maximum.

The result is proved by using the well known conjecture proposed by

Tu and Deng (Des. Codes Cryptogr. 60(1), pp. 1-14, 2011) which has

been proved recently by Cohen and Flori (

2011/400.pdf). Finally, we identify a class of $\\cD_0$ type bent

functions constructed by modifying Dillon functions whose lower

bound on second-order nonlinearity is very high.

12:17 [Pub][ePrint] Cross-Domain Password-Based Authenticated Key Exchange Revisited, by Liqun Chen and Hoon Wei Lim and Guomin Yang

  We revisit the problem of cross-domain secure communication between two users belonging to different security domains within an open and distributed environment. Existing approaches presuppose that either the users are in possession of public key certificates issued by a trusted certificate authority (CA), or the associated domain authentication servers share a long-term secret key. In this paper, we propose a four-party password-based authenticated key exchange (4PAKE) protocol that takes a different approach from previous work. The users are not required to have public key certificates, but they simply reuse their login passwords they share with their respective domain authentication servers. On the other hand, the authentication servers, assumed to be part of a standard PKI, act as ephemeral CAs that ``certify\'\' some key materials that the users can subsequently exchange and agree on a session key. Moreover, we adopt a compositional approach. That is, by treating any secure two-party password-based key exchange protocol and two-party asymmetric-key based key exchange protocol as black boxes, we combine them to obtain a generic and provably secure 4PAKE protocol.

12:17 [Pub][ePrint] PIRMAP: Efficient Private Information Retrieval for MapReduce, by Travis Mayberry and Erik-Oliver Blass and Agnes Hui Chan

  Private Information Retrieval (PIR) allows for retrieval of bits from a

database in a way that hides a user\'s access pattern from the server. However, its practicality in a cloud computing setting has recently been questioned. In such a

setting, PIR\'s enormous computation and communication overhead is

expected to outweigh any cost saving advantages of cloud computing.

This paper presents PIRMAP, a practical, highly efficient protocol for

PIR in MapReduce, a widely supported cloud computing API. PIRMAP focuses especially on the retrieval of

large files from the cloud, where it achieves optimal communication

complexity ($O(l)$ for retrieval of an $l$ bit file) with query times significantly faster than previous schemes. To achieve this, PIRMAP arranges files so parallel evaluation can be done during the ``Map\'\' phase

of MapReduce and aggregation can be carried out via an efficient additively

homomorphic encryption scheme in the ``Reduce\'\' phase. PIRMAP has been implemented and tested in Amazon\'s public cloud with total database sizes of up to 1~TByte. Our performance evaluations show that

PIRMAP is more than one order of magnitude cheaper and faster than

``trivial PIR\'\' on Amazon and adds only $20\\%$ overhead to a

theoretical optimal PIR.

12:17 [Pub][ePrint] Differential Fault Analysis on Block Cipher Piccolo, by Kitae Jeong

  Piccolo is a 64-bit block cipher suitable for the constrained environments such as wireless sensor network environments. In this paper, we propose differential fault analysis on Piccolo. Based on a random byte fault model, our attack can recover the secret key of Piccolo-80 by using an exhaustive search of 2^{24} and six random byte fault injections on average. It can be simulated on a general PC within a few seconds. In the case of Piccolo-128, we require an exhaustive search of 2^{40} and eight random byte fault injections on average. This attack can be simulated on a general PC within one day. These results are the first known side-channel attack results on them.

12:17 [Pub][ePrint] An Algebraic Fault Attack on the LED Block Cipher, by Philipp Jovanovic and Martin Kreuzer and Ilia Polian

  In this paper we propose an attack on block ciphers where we combine techniques derived from algebraic and fault based cryptanalysis. The recently introduced block cipher LED serves us as a target for our attack. We show how to construct an algebraic representation of the encryption map and how to cast the side channel information gained from a fault injection into polynomial form. The resulting polynomial system is converted into a logical formula in conjunctive normal form and handed over to a SAT solver for reconstruction of the secret key. Following this approach we were able to mount a new, successful attack on the version of LED that uses a 64-bit secret key, requiring only a single fault injection.

12:17 [Pub][ePrint] An All-In-One Approach to Differential Cryptanalysis for Small Block Ciphers, by Martin Albrecht and Gregor Leander

  We present a framework that unifies several standard differential techniques. This unified view allows us to consider many, potentially all, output differences for a given input difference and to combine the information derived from them in an optimal way. We then propose a new attack that implicitly mounts several standard, truncated, impossible, improbable and possible future variants of differential attacks in parallel and hence allows to significantly improve upon known differential attacks using the same input difference. To demonstrate the viability of our techniques, we apply them to KATAN-32. In particular, our attack allows us to break 115 rounds of KATAN-32, which is 37 rounds more than previous work. For this, our attack exploits the non-uniformity of the difference distribution after 91 rounds which is 20 rounds more than the previously best known differential characteristic.

Since our results still cover less than 1/2 of the cipher, they further strengthen our confidence in KATAN-32\'s resistance against differential attacks.