International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2012-11-05
16:17 [Pub][ePrint]

We further the study of order-preserving symmetric encryption (OPE), a primitive for allowing efficient range queries on encrypted data, recently initiated (from a cryptographic perspective) by Boldyreva et al.~(Eurocrypt \'09).

First, we address the open problem of characterizing what encryption via a random order-preserving function (ROPF) leaks about underlying data (ROPF being the ideal object\'\' in the security definition, POPF, satisfied by their scheme.)

In particular, we show that, for a database of randomly distributed plaintexts and appropriate choice of parameters, ROPF encryption leaks neither the precise value of any plaintext nor the precise distance between any two of them.

The analysis here introduces useful new techniques.

On the other hand, we show that ROPF encryption leaks approximate value of any plaintext as well as approximate distance between any two plaintexts, each to an accuracy of about square root of the domain size.

We then study schemes that are not order-preserving, but which nevertheless allow efficient range queries and achieve security notions stronger than POPF. In a setting where the entire database is known in advance of key-generation (considered in several prior works), we show that recent constructions of monotone minimal perfect hash functions\'\' allow to efficiently achieve (an adaptation of) the notion of IND-O(rdered) CPA also considered by Boldyreva et al., which asks that \\emph{only} the order relations among the plaintexts is leaked.

Finally, we introduce {\\em modular} order-preserving encryption (MOPE), in which the scheme of Boldyreva et al. is prepended with a random shift cipher. MOPE improves the security of OPE in a sense, as it does not leak any information about plaintext location.

We clarify that our work should not be interpreted as saying the original scheme of Boldyreva et al., or the variants that we introduce, are secure\'\' or insecure.\'\' Rather, the goal of this line of research is to help practitioners decide whether the options provide a suitable security-functionality tradeoff for a given application.

07:15 [Election]

Tom Roeder at Microsoft Research has written an independent verifier for the Helios system. You can access it via the 2012 election page or via this link.

2012-11-02
17:54 [Job][Update]

Required:

• Senior hands-on engineer with broad experience in cryptography

• Experienced with designing and implementing cryptographic algorithms and key management systems

• Must be familiar with algorithms and protocols including AES-CBC, AES-GCM, SHA, EC-DH, EC-DSA, random number generation, PKI

• Knowledge of Suite B crypto, TLS, smartcards/CAC, X.509, soft certificates, PKCS11

• Experience developing crypto APIs for both internal and external use

• Must have strong skills with C/C++ and/or Java programming languages on multiple platforms

• Ability to work with and mentor a team of programmers

• Ability to obtain US security clearance.

Highly desired:

• Familiar with FIPS 140-2 process, VPNs, S/MIME, data at rest crypto, and other cryptographic products.

• Familiar with DoD and US Federal requirements and regulations related to cryptography for SBU/CUI and classified data.

• Familiar with secure voice protocols, such as SRTP, SIP/TLS, SSIP, zRTP, etc.

• Ability to create high-level software design documents.

• Experience writing device drivers, low-level APIs, or software development kits.

• Familiar with implementing crypto in hardware in ASIC or FPGA-based systems

• BA/BS, MS, Ph.D. degree in Cryptography, Mathematics, Computer Science, Software Engineering, Computer Engineering, Electrical Engineering or equivalent experience.

• CISSP, CSSLP, or SANS certifications

12:09 [PhD][New]

Name: Shi Bai
Topic: Polynomial selection for the number field sieve
Category: foundations

12:08 [PhD][New]

Name: Richard Brent

12:06 [PhD][New]

Name: Flavio D. Garcia
Topic: Formal and Computational Cryptography: Protocols, Hashes and Commitments
Category: cryptographic protocols

Description: In modern society we are surrounded by distributed systems. Most electronic devices that are currently on the market have some networking capability or are able to communicate with each other. Communication\r\nover shared media is inherently insecure. Therefore, proper design of security protocols is of primary concern. The design and analysis of security protocols is a challenging task. Several protocols have been proposed in the\r\nliterature which later were found to be flawed. This is a consequence of the intrinsic complexity associated with the presence of a malicious adversary. The traditional complexity-theoretical adversarial model is realistic but complex. As a consequence of this, designing and analyzing protocols in\r\nthis model is error prone. The Dolev-Yao model refers to the attacker model in which an adversary has complete control over the communication media. In this model, the adversary is not bounded in running time but\r\nis completely unable to break any cryptographic primitive. This model is satisfactory as it provides a good level of abstraction. Proofs are simpler than the complexity-theoretical ones, and therefore less error prone, still capturing most common mistakes in the design of security protocols. This thesis addresses the problem of secure protocol design from both formal and computational perspectives and also studies the relation among them. We present four original contributions:\r\n• We present a decentralized digital currency for peer-to-peer and grid applications that is able to detect double-spending of the coins and\r\nother types of fraud.\r\n• We develop a formal framework for the analysis of anonymizing protocols in terms of epistemic logic. We illustrate our approach by proving sender anonymity and unlinkability of some well-known anonymizing protocols.\r\n• We relate the Dolev-Yao model, extended with hash functions, with a realistic computational model. We use a special randomized construction to interpret hashes.[...]

12:06 [PhD][New]

Name: Jaap-Henk Hoepman

12:06 [PhD][New]

Name: Bart Jacobs

12:05 [PhD][New]

Name: Christophe Clavier

12:05 [PhD][New]

Name: Hans Dobbertin
Topic: Verfeinerungsmonoide, Vaught Monoide und Boolesche Algebren
Category: (no category)

12:04 [PhD][New]

Name: Benoit Feix