International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

15:17 [Pub][ePrint] ON PROVABLY SECURE CODE-BASED SIGNATURE AND SIGNCRYPTION SCHEME, by Preetha Mathew K and Sachin Vasant and C Pandu Rangan

  Signcryption is a cryptographic protocol that provides authentication and confidentiality as a single primitive at a cost lower than the combined cost of sign and encryption. Due to the improved efficiency, signcryption schemes have found significant applications in areas related to E-commerce. Shor\'s algorithm [22] poses a threat to number-theoretic algorithms, as it can solve the number-theoretic hard problems in polynomial time using quantum computers. Therefore, code-based cryptography offers an exciting alternative to number-theoretic cryptography, as it is not only resistant to quantum algorithms, but also, the base operation (matrix-vector multiplication) is far less computationally intensive

compared to the modular exponentiation required in number-theoretic schemes. Courtois, Finiasz and Sendrier proposed the only practical code-based signature(CFS signature) [7]. It can be used to realise

many cryptographic primitives. But the signature is currently not provably secure due to the existence

of the high rate distinguisher [11]. In this paper, we make use of an alternate key-construct for the CFS

signature, and thus prove its existential unforgeability under chosen message attacks (EUF-CMA). Also,

we propose a code-based signcryption scheme and proved its security. To the best of our knowledge,

this is the first code-based, provably secure signature and signcryption scheme in literature.

15:17 [Pub][ePrint] SHADE: Secure HAmming DistancE computation from oblivious transfer, by Julien Bringer and Herve Chabanne and Alain Patey

  We introduce two new schemes for securely computing Hamming distance in the two-party setting. Our first scheme is a very efficient protocol, based solely on 1-out-of-2 Oblivious Transfer, that achieves full security in the semi-honest setting and one-sided security in the malicious setting. Moreover we show that this protocol is significantly more efficient than the previous proposals, that are either based on garbled circuits or on homomorphic encryption. Our second scheme achieves full security against malicious adversaries and is based on Committed Oblivious Transfer. These protocols have direct applications to secure biometric identification.

05:35 [Event][New] ICEND 2013: 2nd International Conference on e-Technologies and Networks for Development

  Submission: 15 December 2012
Notification: 1 January 2013
From March 4 to March 6
Location: Kuala Lumpur, Malaysia
More Information:

19:49 [Event][New] Africacrypt 2013

  Submission: 31 January 2013
Notification: 15 March 2013
From June 24 to June 26
Location: Cairo, Egypt
More Information:

02:41 [Event][New] NSS 2013: The 7th International Conference on Network and System Security (NSS 2013)

  Submission: 15 December 2012
Notification: 15 February 2013
From June 3 to June 4
Location: Madrid, Spain
More Information:

02:41 [Event][New] ICICS 2013: The 4th International Conference on Information and Communication Systems

  Submission: 1 December 2012
Notification: 20 January 2013
From April 23 to April 25
Location: Irbid, Jordan
More Information:

15:17 [Pub][ePrint] Zero-Correlation Linear Cryptanalysis of Reduced-Round LBlock , by Hadi Soleimany

  Zero-correlation linear attack is a new method for cryptanalysis of block ciphers. In this paper we adapt Matrix method to find zero-correlation approximations. Then we present several zero-correlation linear approximations for 14 rounds of Lblock. Finally, we describe a cryptanalysis for 22 rounds of the reduced Lblock. While the previous attacks on Lblock used chosen plaintexts, the new attack needs distinct known plaintexts which is a more realistic model. Also the time complexity is $2^8$ times faster than the previous attack.

15:17 [Pub][ePrint] Improved side channel attack on the block cipher NOEKEON, by Changyong Peng and Chuangying zhu and Yuefei Zhu and Fei Kang

  NOEKEON is a block cipher having key-size 128 and block size 128,proposed by Daemen, J et al.Shekh Faisal

Abdul-Latip et al. give a side channel attack(under the single bit leakage model) on the cipher at ISPEC 2010.Their

analysis shows that one can recover the 128-bit key of the cipher, by considering a one-bit information leakage from

the internal state after the second round, with time complexity of O(2^68) evaluations of the cipher, and data complexity

of about 2^10 chosen plaintexts.Our side channel attack improves upon the previous work of Shekh Faisal Abdul-Latip

et al. from two aspects. First, we use the Hamming weight leakage model(Suppose the Hamming weight of the lower

64 bits and the higher 64 bits of the output of the first round can be obtained without error) which is a more relaxed

leakage assumption, supported by many previously known practical results on side channel attacks, compared to the

more challenging leakage assumption that the adversary has access to the \"exact\" value of the internal state bits as

used by Shekh Faisal Abdul-Latip et al. Second, our attack has also a reduced complexity compared to that of Shekh

Faisal Abdul-Latip et al. Namely, our attack of recovering the 128-bit key of NOEKEON has a time complexity 20.1

seconds on a PC with 2.6 GHZ CPU and 8G RAM and data complexity of 99 known plaintexts; whereas, that of

Shekh Faisal Abdul-Latip et al. has time complexity of O(2^68) and needs about 2^10 chosen plaintexts.

15:17 [Pub][ePrint] On Constant-Round Concurrent Zero-Knowledge from a Knowledge Assumption, by Divya Gupta and Amit Sahai

  In this work, we consider the long-standing open question of constructing constant-round concurrent zero-knowledge protocols in the plain model. Resolving this question is known to require non-black-box techniques.

We consider non-black-box techniques for zero-knowledge based on knowledge assumptions, a line of thinking initiated by the work of Hada and Tanaka (CRYPTO 1998). Prior to our work, it was not known whether knowledge assumptions could be used for achieving security in the concurrent setting, due to a number of significant limitations that we discuss here. Nevertheless, we obtain the following results:

1. We obtain the first constant round concurrent zero-knowledge argument for \\textbf{NP} in the plain model based on a new variant of knowledge of exponent assumption. Furthermore, our construction avoids the inefficiency inherent in previous non-black-box techniques such that those of Barak (FOCS 2001); we obtain our result through an efficient protocol compiler.

2. Unlike Hada and Tanaka, we do not require a knowledge assumption to argue the soundness of our protocol. Instead, we use a discrete log like assumption, which we call Diffie-Hellman Logarithm Assumption, to prove the soundness of our protocol.

3. We give evidence that our new variant of knowledge of exponent assumption is in fact plausible. In particular, we show that our assumption holds in the generic group model.

4. Knowledge assumptions are especially delicate assumptions whose plausibility may be hard to gauge. We give a novel framework to express knowledge assumptions in a more flexible way, which may allow for formulation of plausible assumptions and exploration of their impact and application in cryptography.

15:17 [Pub][ePrint] On the Power of Random Oracles, by Iftach Haitner and Eran Omri and Hila Zarosim

  In the random oracle model, the parties are given oracle access to a random member of

a (typically huge) function family, and are assumed to have unbounded computational power

(though they can only make a bounded number of oracle queries). This model provides powerful

properties that allow proving the security of many protocols, even such that cannot be proved

secure in the standard model (under any hardness assumption). The random oracle model is also

used to show that a given cryptographic primitive cannot be used in a black-box way to construct

another primitive; in their seminal work, Impagliazzo and Rudich [STOC \'89] showed that in the

random function model - when the function family is the set of all functions - it is impossible

to construct (secure) key-agreement protocols, yielding that key-agreement cannot be black-box

reduced to one-way functions. Their work has a long line of followup works (Simon [EC \'98],

Gertner et al. [STOC \'00] and Gennaro et al. [SICOMP \'05], to name a few), showing that given

oracle access to a certain type of function family (e.g., the family that \"implements\" public-key

encryption) is not sufficient for building a given cryptographic primitive (e.g., oblivious transfer).

Yet, in the more general sense, the following fundamental question remained open:

What is the exact power of the random oracle model, and more specifically, of the

random function model?

We make progress towards answering the above question, showing that any (no private input)

semi-honest two-party functionality that can be securely implemented in the random function

model, can be securely implemented information theoretically (where parties are assumed to be

all powerful, and no oracle is given). We further generalize the above result to function families

that provide some natural combinatorial property.

To exhibit the power of our result, we use the recent information theoretic impossibility result

of McGregor et al. [FOCS \'10], to show the existence of functionalities (e.g., inner product) that

cannot be computed both accurately and in a differentially private manner in the random

function model; yielding that protocols for computing these functionalities cannot be black-box

reduced to the existence of one-way functions.

15:17 [Pub][ePrint] Quantum algorithm for the discrete logarithm problem for matrices over finite group rings, by A. D. Myasnikov and A. Ushakov

  We propose a polynomial time quantum algorithm for solving the

discrete logarithm problem in matrices over finite group rings.

The hardness of this problem was recently employed in the design

of a key-exchange protocol proposed by D. Kahrobaei, C. Koupparis,

and V. Shpilrain. Our result implies that the Kahrobaei et al.

protocol does not belong to the realm of post-quantum cryptography.