International Association for Cryptologic Research

# IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-02-27
19:17 [Pub][ePrint]

We define a novel notion of quasi-adaptive non-interactive zero knowledge (NIZK) proofs for probability distributions on parametrized languages. It is quasi-adaptive in the sense that the common reference string (CRS) generator can generate the CRS depending on the language parameters. However, the simulation is required to be uniform, i.e., a single efficient simulator should work for the whole class of parametrized languages. For distributions on languages that are linear subspaces of vector spaces over bilinear groups, we give quasi-adaptive NIZKs that are shorter and more efficient than Groth-Sahai NIZKs. For many cryptographic applications quasi-adaptive NIZKs suffice, and our constructions can lead to significant improvements in the standard model. Our construction can be based on any $k$-linear assumption, and in particular under the Symmetric eXternal Diffie Hellman (SXDH) assumption our proofs are even competitive with Random-Oracle based $\\Sigma$-protocol NIZK proofs.

We also show that our system can be extended to include integer tags in the defining equations, where the tags are provided adaptively by the adversary. This leads to applicability of our system to many applications that use tags, e.g. applications using Cramer-Shoup projective hash proofs. Our techniques also lead to the shortest known (ciphertext) fully secure identity based encryption (IBE) scheme under standard static assumptions (SXDH).

19:17 [Pub][ePrint]

It is well known that it is impossible for two parties to toss a coin fairly (Cleve, STOC 1986). This result implies that it is impossible to securely compute with fairness any function that can be used to toss a coin fairly. In this paper, we focus on the class of deterministic Boolean functions with finite domain, and we ask for which functions in this class is it possible to information-theoretically toss an unbiased coin, given a protocol for securely computing the function with fairness. We provide a \\emph{complete characterization} of the functions in this class that imply and do not imply fair coin tossing. This characterization extends our knowledge of which functions cannot be securely computed with fairness. In addition, it provides a focus as to which functions may potentially be securely computed with fairness, since a function that cannot be used to fairly toss a coin is not ruled out by the impossibility result of Cleve (which is the \\emph{only} known impossibility result for fairness). In addition to the above, we draw corollaries to the feasibility of achieving fairness in two possible fail-stop models.

19:17 [Pub][ePrint]

Message Authentication Code (MAC) is one of most basic primitives in cryptography. After Biham (EUROCRYPT 1993) proposed related-key attacks (RKAs), RKAs have damaged MAC\'s security. To relieve MAC of RKA distress, Bellare and Cash proposed pseudo-random functions (PRFs) secure against multiplicative RKAs (EUROCRYPT 2010). They also proposed PRFs secure against additive RKAs, but their reduction requires sub-exponential time. Since PRF directly implies Fixed-Input Length (FIL) MAC, their PRFs result in MACs secure against multiplicative RKAs.

In this paper, we proposed Variable-Input Length (VIL) MAC secure against \\emph{additive} RKAs, whose reductions are polynomial time in the security parameter. Our construction stems from MACs from number-theoretic assumptions proposed by Dodis, Kiltz, Pietrzak, Wichs (EUROCRYPT 2012) and public-key encryption schemes secure against additive RKAs proposed by Wee (PKC 2012).

19:17 [Pub][ePrint]

We show in this paper how several proposed Strong

Physical Unclonable Functions (PUFs) can be broken by numerical

modeling attacks. Given a set of challenge-response pairs

(CRPs) of a Strong PUF, our attacks construct a computer

algorithm which behaves indistinguishably from the original PUF

on almost all CRPs. This algorithm can subsequently impersonate

the PUF, and can be cloned and distributed arbitrarily. This

breaks the security of almost all applications and protocols that

are based on the respective PUF.

The PUFs we attacked successfully include standard Arbiter

PUFs and Ring Oscillator PUFs of arbitrary sizes, and XOR

Arbiter PUFs, Lightweight Secure PUFs, and Feed-Forward

Arbiter PUFs of up to a given size and complexity. The attacks

are based upon various machine learning techniques, including

a specially tailored variant of Logistic Regression and Evolution

Strategies.

Our results were obtained on a large number of CRPs

coming from numerical simulations, as well as four million CRPs

collected from FPGAs and ASICs. The performance on silicon

CRPs is very close to simulated CRPs, confirming a conjecture

from earlier versions of this work. Our findings lead to new

design requirements for secure electrical PUFs, and will be useful

to PUF designers and attackers alike.

19:17 [Pub][ePrint]

The cryptographic hash functions BLAKE and Skein are built from the ChaCha stream cipher and the tweakable Threefish block cipher, respectively. Interestingly enough, they are based on the same arithmetic operations, and the same design philosophy allows one to design lightweight coprocessors for hashing and encryption. The key element of our approach is to take advantage of the parallelism of the algorithms to deeply pipeline our Arithmetic an Logic Units, and to avoid data dependencies by interleaving independent tasks. We show for instance that a fully autonomous implementation of BLAKE and ChaCha on a Xilinx Virtex-6 device occupies 144 slices and three memory blocks, and achieves competitive throughputs. In order to offer the same features, a coprocessor implementing Skein and Threefish requires a substantial higher slice count.

19:17 [Pub][ePrint]

We offer a public key exchange protocol in the spirit of Diffie-Hellman, but we use (small) matrices over a group ring of a (small) symmetric group as the platform. This nested structure\" of the platform makes computation very efficient for legitimate parties. We discuss security of this scheme by addressing the Decision Diffie-Hellman (DDH) and Computational Diffie-Hellman (CDH) problems for our platform.

19:17 [Pub][ePrint]

To allow a delegator not only to delegate the keyword-controlled decryption rights of a broadcast encryption to a set of specified recipients, but also to control when the decryption rights will be delegated, in this paper, for the first time, we introduce a new notion called timed-release conditional proxy broadcast re-encryption (TR-CPBRE). We also propose a concrete construction for TR-CPBRE which can be proven selective identity adaptive CCA secure under the (P,Q,f)-GDDHE assumption, and chosen-time period chosen-ciphertext secure under the BDH assumption. When compared with the existing CPBRE and TR-PRE schemes, our scheme achieves better efficiency, and enables the delegator to make a fine-grained delegation of decryption rights to multiple delegatees.

19:17 [Pub][ePrint]

The Advanced Encryption Standard (AES) was specified in 2001 by the National Institute of Standards and Technology. This paper expand the method and make it possible to realize a new AES-like algorithm that has 256 bits fixed block size, which is named AAES algorithm. And we use Verilog to simulate the arithmetic and use Lattice Diamond to simulate the hardware property and action. We get the conclusion that the algorithm can be easily used on indestury and it is more robustness and safety than AES. And they are on the same order of magnitude in hardware implementation.

19:17 [Pub][ePrint]

We present an r-th root extraction algorithm over a finite field

F_q. Our algorithm precomputes a primitive r^s-th root of unity where s is the largest positive integer satisfying r^s| q-1, and is applicable for the cases when s is small. The proposed algorithm requires one exponentiation for the r-th root computation and is favorably compared to the existing algorithms.

06:57 [Event][New]

Submission: 15 April 2013
Notification: 29 April 2013
From June 26 to June 28
Location: Telc, Czech Republic