International Association for Cryptologic Research

IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-02-20
10:17 [Pub][ePrint]

L\\\"ondahl and Johansson proposed last year a variant of the McEliece cryptosystem which

replaces Goppa codes by convolutional codes. This modification is supposed to make

structural attacks more difficult since the public generator matrix of this scheme contains

large parts which are generated completely at random. They proposed two schemes of this

kind, one of them consists in taking a Goppa code and extending it by adding a generator matrix of

a time varying convolutional code. We show here that this scheme can be successfully attacked by looking

for low-weight codewords in the public code of this scheme and using it to unravel the convolutional part.

It remains to break the Goppa part of this scheme which can be done in less than a day of computation in

the case at hand.

10:17 [Pub][ePrint]

Beginning with the work of Lindell and Pinkas, researchers have proposed several protocols for secure two-party computation based on the cut-and-choose paradigm. In existing instantiations of this paradigm, one party generates $\\kappa$ garbled circuits; some fraction of those are checked\'\' by the other party, and the remaining fraction are evaluated.

We introduce here the idea of symmetric cut-and-choose protocols, in which each party generates $\\kappa$ circuits to be checked by the other party. The main advantage of our technique is that the number $\\kappa$ of garbled circuits can be reduced by a factor of 3 while attaining the same statistical security level as in prior work. Since the number of garbled circuits dominates the costs of the protocol, especially as larger circuits are evaluated, our protocol is expected to run up to 3 times faster than existing schemes. Preliminary experiments validate this claim.

10:17 [Pub][ePrint]

Beimel and Orlov proved that all information inequalities on four or five variables, together with all information inequalities on more than five variables that are known to date, provide lower bounds on the size of the shares in secret sharing schemes that are at most linear on the number of participants. We present here another negative result about the power of information inequalities in the search for lower bounds in secret sharing. Namely, we prove that all information inequalities on a bounded number of variables only can provide lower bounds that are polynomial on the number of participants.

2013-02-19
23:46 [Job][New]

* The Chair for Information Security and Cryptography at University of Trier, Germany, offers a full-time PhD/Postdoc position.

* The position involves both research and teaching in the area of cryptography/information security. The successful candidate is expected to contribute to research in applied cryptography.

* The position is available immediately and is fully funded. The salary scale for the position is TV-L E13. The gross income depends on the candidate\\\'s experience level. At the lowest level it corresponds to approx. 40,000 EUR per year.

* Contracts are initially offered for two years. An extension to a total duration of up to six years is possible.

* He or she is given the possiblity to carry out a Ph.D. or, for Postdocs, a Habilitation.

* The successful candidate should have a Master\\\'s degree or a Ph.D. (or should be very close to completion thereof) in Computer Science, Mathematics, Information Security, or a related field, with a strong background in Theoretical Computer Science/Mathematics. Knowledge in cryptography is an asset. Since teaching is mostly done in German, sufficient knowledge of German is required.

* The deadline for applications is March 17th, 2013. However, late applications will be considered until the position is filled.

* See http://infsec.uni-trier.de/job-openings.html for the official job announcement (in German).

23:41 [Event][New]

Submission: 31 March 2013
From July 15 to July 19
Location: Providence, RI, United States

2013-02-18
09:51 [Event][New]

Submission: 10 May 2013
From August 14 to August 16

09:50 [Event][New]

Submission: 30 March 2013
From September 2 to September 6
Location: Regensburg, Germany

2013-02-14
12:19 [Event][New]

Submission: 8 March 2013
From September 2 to September 6
Location: Regensburg, Germany

2013-02-12
10:17 [Pub][ePrint]

We introduce a variant of the Universal Composability framework (UC; Canetti, FOCS 2001) that uses symbolic cryptography. Two salient properties of the UC framework are secure composition and the possibility of easily defining security by giving an ideal functionality as specification. These advantages are now also available in a symbolic modeling of cryptography, allowing for a modular analysis of complex protocols.

We furthermore introduce a new technique for modular design of protocols that uses UC but avoids the need for powerful cryptographic primitives that often comes with UC protocols; this \"virtual primitives\" approach is unique to the symbolic setting and has no counterpart in the original computational UC framework.

10:17 [Pub][ePrint]

In the various 1-out-of-$n$ distributed oblivious transfer protocols (DOT) designed in an unconditionally secure environment, a receiver contacts $k$ out of $m$ servers to obtain one of the $n$ secrets held by a sender. After a protocol has been executed, the sender has no information on the choice of the receiver and the receiver has no information on the secrets she did not obtain. Likewise, a coalition of $k - 1$ servers is unable to infer any information, neither on the sender\'s secrets, nor on the receiver\'s choice.

These protocols are based on a semi-honest model: no mechanism prevents a group of malicious servers from disrupting the protocol such that the secret obtained by the receiver does not correspond to the chosen secret. Actually, to verify the information transmitted by the servers seems to require some properties difficult to reconcile: on one hand the receiver has to collect more information from the servers to discard the incorrect data generated by the malicious servers; on the other hand, if the receiver is allowed to gather more information from the servers, the sender\'s security may be compromised.

We study the first unconditionally secure DOT protocol in the presence of an active adversary who may corrupt up to $k - 1$ servers. In addition to the active adversary, we also assume that the sender may (passively) corrupt up to $k - 1$ servers to learn the choice of the receiver. Similarly, the receiver may (passively) corrupt up to $k - 1$ servers to learn more than the chosen secret. However, we assume that the sender, receiver, and active adversary do not collaborate with each other. Our DOT protocol allows the receiver to contact $4k - 3$ servers to obtain one secret, while the required security is maintained.

10:17 [Pub][ePrint]

Crypto-computing is a set of well-known techniques for computing with encrypted data. The security of the corresponding protocols are usually proven in the semi-honest model. In this work, we propose a new class of zero- knowledge proofs, which are tailored for crypto-computing protocols. First, these proofs directly employ properties of the underlying crypto systems and thus many facts have more concise proofs compared to generic solutions. Second, we show how to achieve universal composability in the trusted set-up model where all zero-knowledge proofs share the same system-wide parameters. Third, we de- rive a new protocol for multiplicative relations and show how to combine it with several crypto-computing frameworks to get security in the malicious model.