*12:09*[PhD][New] Shi Bai: Polynomial selection for the number field sieve

Name: Shi Bai

Topic: Polynomial selection for the number field sieve

Category: foundations

Get an update on changes of the IACR web-page here. For questions, contact *newsletter (at) iacr.org*.
You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

Name: Shi Bai

Topic: Polynomial selection for the number field sieve

Category: foundations

Name: Flavio D. Garcia

Topic: Formal and Computational Cryptography: Protocols, Hashes and Commitments

Category: cryptographic protocols

Description: In modern society we are surrounded by distributed systems. Most electronic devices that are currently on the market have some networking capability or are able to communicate with each other. Communication\r\nover shared media is inherently insecure. Therefore, proper design of security protocols is of primary concern. The design and analysis of security protocols is a challenging task. Several protocols have been proposed in the\r\nliterature which later were found to be flawed. This is a consequence of the intrinsic complexity associated with the presence of a malicious adversary. The traditional complexity-theoretical adversarial model is realistic but complex. As a consequence of this, designing and analyzing protocols in\r\nthis model is error prone. The Dolev-Yao model refers to the attacker model in which an adversary has complete control over the communication media. In this model, the adversary is not bounded in running time but\r\nis completely unable to break any cryptographic primitive. This model is satisfactory as it provides a good level of abstraction. Proofs are simpler than the complexity-theoretical ones, and therefore less error prone, still capturing most common mistakes in the design of security protocols. This thesis addresses the problem of secure protocol design from both formal and computational perspectives and also studies the relation among them. We present four original contributions:\r\n• We present a decentralized digital currency for peer-to-peer and grid applications that is able to detect double-spending of the coins and\r\nother types of fraud.\r\n• We develop a formal framework for the analysis of anonymizing protocols in terms of epistemic logic. We illustrate our approach by proving sender anonymity and unlinkability of some well-known anonymizing protocols.\r\n• We relate the Dolev-Yao model, extended with hash functions, with a realistic computational model. We use a special randomized construction to interpret hashes.[...]

Name: Hans Dobbertin

Topic: Verfeinerungsmonoide, Vaught Monoide und Boolesche Algebren

Category: (no category)

Name: Pouyan Sepehrdad

Topic: Statistical and Algebraic Cryptanalysis of Lightweight and Ultra-Lightweight Symmetric Primitives

Category: secret-key cryptography

Description:

Symmetric cryptographic primitives such as block and stream ciphers are the building blocks in many cryptographic \r\nprotocols. Having such blocks which provide provable security against various types of attacks is often hard. On the \r\nother hand, if possible, such designs are often too costly to be implemented and are usually ignored by practitioners.\r\nMoreover, in RFID protocols or sensor networks, we need lightweight and ultra-lightweight algorithms. Hence, \r\ncryptographers often search for a fair trade-off between security and usability depending on the application. Contrary \r\nto public key primitives, which are often based on some hard problems, security in symmetric key is often based on some\r\nheuristic assumptions. Often, the researchers in this area argue that the security is based on the confidence level the \r\ncommunity has in their design. Consequently, everyday symmetric protocols appear in the literature and stay secure \r\nuntil someone breaks them. In this thesis, we evaluate the security of multiple symmetric primitives against statistical \r\nand algebraic attacks. This thesis is composed of two distinct parts:

\r\n\r\nIn the first part, we investigate the security of RC4 stream cipher against statistical attacks. We focus on its applications \r\nin WEP and WPA protocols. We revisit the previous attacks on RC4 and optimize them. In fact, we propose a framework\r\non how to deal with a pool of biases for RC4 in an optimized manner. During this work, we found multiple new weaknesses \r\nin the corresponding applications. We show that the current best attack on WEP can still be improved. We compare our \r\nresults with the state of the art implementation of the WEP attack on Aircrack-ng program and improve its success rate.\r\nNext, we propose a theoretical key recovery and distinguishing attacks on WPA, which cryptographically break the protocol. \r\nWe perform an extreme amount of experiments to make sure that the proposed theor[...]

Name: Vincent Verneuil

Topic: Elliptic curve cryptography and security of embedded devices

Category: implementation

Description:

Elliptic curve based cryptosystems are nowadays increasingly used in protocols involving public-key cryptography. This is particularly true in the context of embedded devices which are subject to strong cost, resources, and efficiency constraints, since elliptic curve cryptography requires significantly smaller key sizes compared to other cryptosystems such as RSA.

\r\nThe following study focuses in the first part on secure and efficient implementation of elliptic curve cryptography in embedded devices, especially smart cards. Designing secure implementations requires to take into account physical attacks which can target embedded devices. These attacks include in particular side-channel analysis which may infer information on a secret key manipulated from a component by monitoring how it interacts with its environment, and fault analysis in which an adversary can disturb the normal functioning of a device with the same goal.

\r\nIn the second part of this thesis, we study these attacks and their impact on the implementation of the most used public-key cryptosystems. In particular, we propose new analysis techniques and new countermeasures for these cryptosystems, together with specific attacks on the AES block cipher.

[...]Name: Joern-Marc Schmidt

Topic: Implementation Attacks - Manipulating Devices to Reveal Their Secrets

Category: implementation

Description: Nowadays, embedded systems and smart cards are part of everyday life. With the proliferation of these devices the need for security increases. In order to meet this demand, cryptographic algorithms are applied. However, for implementations of such algorithms on mobile devices, not only the security from a cryptanalytical point of view, i.e. in a black box model, is important. This is because the practical realization of a theoretically secure algorithm can be insecure.

\r\n\r\nAn adversary with physical access to the device can benefit from its characteristics or influence its behavior. Methods that measure the properties of a device are passive implementation attacks. In contrast to passive methods, active implementation attacks try to manipulate the computation and benefit from the erroneous results. These methods are called fault attacks.

\r\n\r\nIn this thesis, we discuss the theory of implementation attacks as well as their practical realizations. New attacks and algorithmic countermeasures are presented. We show how to attack RSA implementations that make use of the square and multiply algorithm by manipulating the program flow. The attack is expanded to work on ECC and ECDSA. In order to protect devices against such attacks, we developed a countermeasure that secures the program flow of RSA and ECC implementations by an implicitly calculated program signature. Moreover, we present a probing attack on AES and discuss the problem of an untrusted external memory.

\r\n\r\nFurthermore, we describe our setups for different practical attacks. The possibilities range from low-cost methods using equipment for about 50 Euro up to high-end attacks, involving a focused ion beam (FIB). In particular, we performed non-invasive spike and glitch attacks, semi-invasive optical and electromagnetic fault induction, as well as an invasive chemical attack. In addition, we used a FIB for chip modification attacks.

\r\n\r\nMoreover, we applied fault i[...]