International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-07-09
09:31 [Event][New]

Submission: 1 September 2013
From October 23 to October 25
Location: Dubai, United Arab Emirates

2013-07-07
17:43 [Job][New]

We are seeking for candidates for four funded theses.

The candidates will work on the following topics:

Thesis 1 - Faut and side-channel attacks.

Thesis 2 - Formal proofs of hardware and software implementations.

Thesis 3 - Lightweight cryptography (theory and practice).

Thesis 4 - Embedded equipment securit.

Due to employment visa constraints, the candidates must be of EU citizenship or Swiss.

2013-07-05
18:17 [Pub][ePrint]

In this paper, we first prove beyond-birthyday-bound security for the Misty structure. Specifically, we show that an $r$-round Misty structure is secure against CCA attacks up to $O(2^{\\frac{rn}{r+7}})$ query complexity, where $n$ is the size of each round permutation. So for any $\\epsilon>0$, a sufficient number of rounds would guarantee the security of the Misty structure up to $2^{n(1-\\epsilon)}$ query complexity.

09:01 [Job][New]

The Centre for Telematics and Information Technology (CTIT) at the University of Twente invites applications for a Post-Doc position in system security with a strong focus on security of industrial control and SCADA systems.

We search for a candidate with a strong background in practical system level security. The candidate is expected to support supervision of PhD students, contribute to our on-going projects, and also contribute to future project proposals to strengthen our research profile. Our group is member of multiple national and European research projects with strong links to industry. One example is the currently ongoing CRISALIS FP7 project (http://www.crisalisproject.eu/).

Successful candidates must hold a PhD degree in computer science or a closely related discipline and have demonstrated their excellence by top-class publications.

• motivation letter specifically addressing our position,

• full curriculum vitae including a list of all courses and marks,

• publication list incl. a one-page summary of your PhD thesis,

• two recommendation letters (or alternatively the names and email addresses of two references).

The position will be closed as soon as a suitable candidate is found.

2013-07-03
17:22 [Event][New]

Submission: 15 November 2013
From February 20 to February 21
Location: Redmond, USA

11:51 [PhD][Update]

Name: Alexander Meurer
Topic: A Coding-Theoretic Approach to Cryptanalysis
Category:foundations

Description: In this thesis we study the applicability of coding-theoretic algorithms to cryptanalysis and provide new insights into the practical security of different cryptographic primitives. The main results can be summarised as follows:
• We introduce a new generalised framework for the class of "Information Set Decoding" (ISD) algorithms. This class contains all instantiations of the best-known generic decoding algorithms for random linear codes to date.
• By applying the so-called representation technique, we design a new ISD algorithm which asymptotically achieves an exponential improvement over all known methods. Within the generalised ISD framework we provide a rigorous formal proof of superiority of the new algorithm for arbitrary code rates.
• We discuss different practical applications, e.g. we study the security of concrete parameter sets for the McEliece one-way function and we efficiently break all low-noise instances of the "Learning Parities with Noise" (LPN) problem. The main technical contribution of this part is a refined non-asymptotic analysis of the proposed algorithm.
• A new algorithm that allows for error correction in RSA private keys is presented. This algorithms allows to recover the original RSA secret key in polynomial time (w.r.t. the bit length of the modulus) given a noisy copy, i.e. given a copy very every individual bit is independently flipped with (unknown) p[...]

• 10:03 [PhD][New]

Name: Alexander Meurer
Topic: A Coding-Theoretic Approach to Cryptanalysis
Category: foundations

Description: In this thesis we study the applicability of coding-theoretic algorithms to cryptanalysis and provide new insights into the practical security of different cryptographic primitives. We introduce a new generalised framework for the class of \"Information Set Decoding\" (ISD) algorithms. By applying the so-called representation technique, we design a new ISD algorithm which asymptotically achieves an exponential improvement over all known methods. Within the generalised ISD framework we provide a rigorous formal proof of superiority of the new algorithm for arbitrary code rates 0[...]

09:17 [Pub][ePrint]

Besides Karatsuba algorithm, optimal Toeplitz matrix-vector product (TMVP) formulae is another approach to design GF(2^n) subquadratic multipliers. However, when GF(2^n) elements are represented using a shifted polynomial basis, this approach is currently appliable only to GF(2^n)s generated by all irreducible trinomials and a special type of irreducible pentanomials, not all general irreducible pentanomials. The reason is that no transformation matrix, which transforms the Mastrovito matrix into a Toeplitz matrix, has been found. In this article, we propose such a transformation matrix and its inverse matrix for an arbitrary irreducible pentanomial. Because there is no known value of n for which either an irreducible trinomial or an irreducible pentanomial does not exist, this transformation matrix makes the TMVP approach a universal tool, i.e., it is applicable to all practical GF(2^n)s.

09:17 [Pub][ePrint]

The 3GPP Task Force recently supplemented mobile LTE network security with an additional set of confidentiality and integrity algorithms, namely 128-EEA3 and 128-EIA3 built on top of ZUC, a new keystream generator. We propose two novel techniques to improve the software performance of these algorithms. We show how delayed modular reduction increases the efficiency of the LFSR feedback function, yielding performance gains for ZUC and thus both 128-EEA3 and 128-EIA3. We also show how to leverage carryless multiplication to evaluate the universal hash function making up the core of 128-EIA3. Our software implementation results on Qualcomm\'s Hexagon DSP architecture indicate significant performance gains when employing these techniques: up to roughly a 2-fold and 2.5-fold throughput improvement for 128-EEA3 and 128-EIA3, respectively.

09:17 [Pub][ePrint]

Cloud storage service providers such as Dropbox, Mozy, and others perform deduplication to save space by only storing one copy of each file uploaded. Should clients conventionally encrypt their files, however, savings are lost. Message-locked encryption (the most prominent manifestation of which is convergent encryption) resolves this tension. However it is inherently subject to brute-force attacks that can recover files falling into a known set. We propose an architecture that provides secure deduplicated storage resisting brute-force attacks, and realize it in a system called DupLESS. In DupLESS, clients encrypt under message-based keys obtained from a key-server via an oblivious PRF protocol. It enables clients to store encrypted data with an existing service, have the service perform deduplication on their behalf, and yet achieves strong confidentiality guarantees. We show that encryption for deduplicated storage can achieve performance and space savings close to that of using the storage service with plaintext data.

2013-07-02
21:17 [Pub][ePrint]

We develop secure \\emph{threshold} protocols for two important

operations in lattice cryptography, namely, generating a hard lattice

$\\Lambda$ together with a strong\'\' trapdoor, and sampling from a

discrete Gaussian distribution over a desired coset of $\\Lambda$ using

the trapdoor. These are the central operations of many cryptographic

schemes: for example, they are exactly the key-generation and signing

operations (respectively) for the GPV signature scheme, and they are

the public parameter generation and private key extraction operations

(respectively) for the GPV IBE. We also provide a protocol for

trapdoor delegation, which is used in lattice-based hierarchical IBE

schemes. Our work therefore directly transfers all these systems to

the threshold setting.

Our protocols provide information-theoretic (i.e., statistical)

security against adaptive corruptions in the UC framework, and they

are private and robust against an

optimal number of semi-honest or malicious parties. Our Gaussian

sampling protocol is both noninteractive and efficient, assuming

either a trusted setup phase (e.g., performed as part of key

generation) or a sufficient amount of interactive but offline

precomputation, which can be performed before the inputs to the

sampling phase are known.