International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

15:17 [Pub][ePrint] Dynamic Proofs of Retrievability via Oblivious RAM, by David Cash and Alptekin Kupcu and Daniel Wichs

  Proofs of retrievability allow a client to store her data on a remote server (``in the cloud\'\') and periodically execute an efficient audit protocol to check that all of the data is being maintained correctly and can be recovered from the server. For efficiency, the computation and communication of the server and client during an audit protocol should be significantly smaller than reading/transmitting the data in its entirety. Although the server is only asked to access a few locations of its storage during an audit, it must maintain full knowledge of all client data to be able to pass.

Starting with the work of Juels and Kaliski (CCS \'07), all prior solutions to this problem crucially assume that the client data is static and do not allow it to be efficiently updated. Indeed, they all store a redundant encoding of the data on the server, so that the server must delete a large fraction of its storage to `lose\' any actual content. Unfortunately, this means that even a single bit modification to the original data will need to modify a large fraction of the server storage, which makes updates highly inefficient.

Overcoming this limitation was left as the main open problem by all prior works.

In this work, we give the first solution providing proofs of retrievability for dynamic storage, where the client can perform arbitrary reads/writes on any location within her data by running an efficient protocol with the server. At any point in time, the client can execute an efficient audit protocol to ensure that the server maintains the latest version of the client data. The computation and communication complexity of the server and client in our protocols is only polylogarithmic in the size of the client\'s data. The starting point of our solution is to split up the data into small blocks and redundantly encode each block of data individually, so that an update inside any data block only affects a few codeword symbols. The main difficulty is to prevent the server from identifying and deleting too many codeword symbols belonging to any single data block. We do so by hiding where the various codeword symbols for any individual data lock are stored on the server and when they are being accessed by the client, using the algorithmic techniques of oblivious RAM.

12:17 [Pub][ePrint] Private Top-k Aggregation Protocols, by Myungsun Kim and Abedelaziz Mohaisen and Jung Hee Cheon and Yongdae Kim

  In this paper, we revisit the private top-κ data aggregation problem. First we formally define the problem\'s security requirements as both data and user privacy goals. To achieve both goals, and to strike a balance between efficiency and functionality, we devise a novel cryptographic construction that comes in two schemes; a fully decentralized simple construction and its practical and semi-decentralized variant. Both schemes are provably secure in the semi-honest model. We analyze the computational and communi- cation complexities of our construction, and show that it is much more efficient than the existing protocols in the literature.

12:17 [Pub][ePrint] Efficient Implementation of RSA Algorithm with MKE, by Sami A. Nagar and Dr. Saad Alshamma

  The aim of this paper is to improve the implementation of RSA algorithm in some certain situations. This improvement is based on the ideas of H. Ren-Junn, S. Feng-Fu, Y. Yi-Shiung and C. Chia-Yao and allows us to speed up the transmission of data between various nodes in networks. We realized our idea in the C{\\#} language and in the database that was created by SQL Server 2008 R2. Identical database must be used in all networks gateways. The special protocol (RSA Handshake Database Protocol) was designed for controlling the creation of this database. Each gateway, that runs a RSA-Key Generations Offline procedure, is controlled according to specific issues and necessaries. This stage is called RSA-Key Generations Offline. We propose the new method for exchanging values of the keys among gateways. Roughly speaking gateways exchange indexes (Indexes Exchange) that refer to fields that contain the values of public and private keys.

12:17 [Pub][ePrint] A Comparison of Perfect Table Cryptanalytic Tradeoff Algorithms, by Ga Won Lee and Jin Hong

  Analyses of three major time memory tradeoff algorithms were presented by a recent paper in such a way that facilitates comparisons of the algorithm performances at arbitrary choices of the algorithm parameters. The algorithms considered there were the classical Hellman tradeoff and the non-perfect table versions of the distinguished point method and the rainbow table method. This paper adds the perfect table versions of the distinguished point method and the rainbow table method to the list, so that all the major tradeoff algorithms may now be compared against each other.

The algorithm performance information provided by this and the preceding paper is aimed at making practical comparisons possible. Comparisons that take both the cost of pre-computation and the efficiency of the online phase into account, at parameters that achieve a common success rate, can now be carried out with ease. Comparisons can be based on the expected execution complexities rather than the worst case complexities, and details such as the effects of false alarms and various storage optimization techniques need no longer be ignored.

A large portion of this paper is allocated to accurately analyzing the execution behavior of the perfect table distinguished point method. In particular, we obtain a closed-form formula for the average length of chains associated with a perfect distinguished point table.

12:17 [Pub][ePrint] 2048XKS - A Software Oriented High Security Block Cipher, by Dieter Schmidt

  The block cipher 2048XKS is a derivative of the block ciphers 1024 and 1024XKS, which in turn used the block ciphers MMB, SAFER, and Blowfish as building blocks. The block cipher 2048XKS has a block size of 2048 bis and a key length of 4096 bits and 8192 bits, respectively. 2048XKS is a Substition-Permutation-Network (SPN). It is designed for 32 bit microprocessors with a hardware integer multiplier.

12:17 [Pub][ePrint] Salus: A System for Server-Aided Secure Function Evaluation, by Seny Kamara and Payman Mohassel and Ben Riva

  Secure function evaluation (SFE) allows a set of mutually distrustful parties to

evaluate a function of their joint inputs without revealing their inputs

to each other.

SFE has been the focus of active research and recent work suggests that it can

be made practical. Unfortunately, current protocols and implementations have

inherent limitations that are hard to overcome using standard and practical

techniques. Among them are: (1) requiring participants to do work linear in

the size of the circuit representation of the function; (2) requiring all

parties to do the same amount of work; and (3) not being able to provide

complete fairness.

A promising approach for overcoming these limitations is to augment the SFE

setting with a small set of untrusted servers that have no input to the

computation and that receive no output, but that make their computational

resources available to the parties. In this model, referred to as

server-aided SFE, the goal is to tradeoff the parties\' work at the

expense of the servers. Motivated by the emergence of public cloud services

such as Amazon EC2 and Microsoft Azure, recent work has explored the extent to

which server-aided SFE can be achieved with a single server.

In this work, we revisit the sever-aided setting from a practical perspective

and design single-server-aided SFE protocols that are considerably more

efficient than all previously-known protocols. We achieve this in part by

introducing several new techniques for garbled-circuit-based protocols,

including a new and efficient input-checking mechanism for cut-and-choose and a

new pipelining technique that works in the presence of malicious adversaries.

Furthermore, we extend the server-aided model to guarantee fairness which is an

important property to achieve in practice.

Finally, we implement and evaluate our constructions experimentally and show

that our protocols (regardless of the number of parties involved) yield implementations that are 4 and 6 times

faster than the most optimized two-party SFE implementation when the server is

assumed to be malicious and covert, respectively.

12:17 [Pub][ePrint] Enhanced Chosen-Ciphertext Security and Applications, by Dana Dachman-Soled and Georg Fuchsbauer and Payman Mohassel and Adam O\'Neill

  We introduce and study a new notion of enhanced chosen-ciphertext security (ECCA) for public- key encryption. Loosely speaking, in ECCA, when the decryption oracle returns a plaintext to the adversary, it also provides coins under which the returned plaintext encrypts to the queried ciphertext (when they exist). Our results mainly concern the case where such coins can also be recovered efficiently. We provide constructions of ECCA encryption from adaptive trapdoor functions as defined by Kiltz et al. (EUROCRYPT 2010), resulting in ECCA encryption from standard number-theoretic assumptions. We then give two applications of ECCA encryption: (1) We use it as a unifying concept in showing equivalence of adaptive trapdoor functions and tag-based adaptive trapdoor functions (namely, we show that both primitives are equivalent to ECCA encryption), resolving a main open question of Kiltz et al. (2) We show that ECCA encryption can be used to securely realize an approach to public-key encryption with non-interactive opening (PKENO) suggested by Damg{\\aa}rd and Thorbek (EUROCRYPT 2007), resulting in new and practical PKENO schemes quite different from those in prior work. We believe our results indicate that ECCA is an intriguing notion that may prove useful in further work.

12:17 [Pub][ePrint] Differential Analysis of the LED Block Cipher, by Florian Mendel and Vincent Rijmen and Deniz Toz and Kerem Varici

  In this paper, we present a security analysis of the lightweight block cipher LED proposed by Guo et al. at CHES 2011. Since the design of LED is very similar to the Even-Mansour scheme, we first review existing attacks on this scheme and extend them to related-key and related-key-cipher settings before we apply them to LED. We obtain results for $12$ and $16$ rounds (out of $32$) for LED-$64$ and $16$ and $24$ rounds (out of $48$) for LED-$128$. Furthermore, we present an observation on full LED in the related-key-cipher setting. For all these attacks we need to find good differentials for one step (4 rounds) of LED. Therefore, we extend the study of plateau characteristics for AES-like structures from two rounds to four rounds when the key addition is replaced with a constant addition. We introduce an algorithm that can be used to find good differentials and right pairs for one step of LED. To be more precise, we can find more than $2^{10}$ right pairs for one step of LED with complexity of $2^{16}$ and memory requirement of $5 \\times 2^{17}$. Moreover, a similar algorithm can also be used to find iterative characteristics for LED.

12:17 [Pub][ePrint] A Versatile Multi-Input Multiplier over Finite Fields, by Haibo Yi, Shaohua Tang

  Multiplication of three elements over finite fields is used extensively in multivariate public key cryptography and solving system of linear equations over finite fields. This contribution shows the enhancements of multiplication of three elements over finite fields by using specific architecture. We firstly propose a versatile multi-input multiplier over finite fields. The parameters of this multiplier can be changed according to the requirement of the users which makes it reusable in different applications. Our evaluation of this multiplier gives optimum choices for multiplication of three elements over finite fields. Implemented results show that we takes $22.062$ ns and $16.354$ ns to execute each multiplication of three elements over $GF((2^4)^2)$ based on table look-up and polynomial basis on a FPGA respectively. Experimental results and mathematical proofs clearly demonstrate the improvement of the proposed versatile multiplier over finite fields.

09:17 [Pub][ePrint] Pairing computation on Edwards curves with high-degree twists, by Liangze Li and Hongfeng Wu and Fan Zhang

  In this paper, we propose an elaborate geometry approach to explain the group law on twisted Edwards curves which are seen as the intersection of quadric surfaces in place. Using the geometric interpretation of the group law we obtain the Miller function for Tate pairing computation on twisted Edwards curves. Then we present the explicit formulae for pairing computation on twisted Edwards curves. Our formulae for the doubling step are a littler faster than that proposed by Arene Finally, to improve the efficiency of pairing computation we present twists of degree 4 and 6 on twisted Edwards curves.

09:17 [Pub][ePrint] Solving Hard Lattice Problems and the Security of Lattice-Based Cryptosystems, by Thijs Laarhoven and Joop van de Pol and Benne de Weger

  This paper is a tutorial introduction to the present state-of-the-art in the field of security of lattice-based cryptosystems. After a short introduction to lattices, we describe the main hard problems in lattice theory that cryptosystems base their security on, and we present the main methods of attacking these hard problems, based on lattice basis reduction. We show how to find shortest vectors in lattices, which can be used to improve basis reduction algorithms. Finally we give a framework for assessing the security of cryptosystems based on these hard problems.