*06:17* [Pub][ePrint]
Obfuscating Conjunctions, by Zvika Brakerski and Guy N. Rothblum
We show how to securely obfuscate the class of conjunction functions (functions like $f(x_1, \\ldots, x_n) = x_1 \\land \\lnot x_4 \\land \\lnot x_6 \\land \\cdots \\land x_{n-2}$). Given any function in the class, we produce an obfuscated program which preserves the input-output functionality of the given function, but reveals nothing else.Our construction is based on multilinear maps, and can be instantiated using the recent candidates proposed by Garg, Gentry and Halevi (EUROCRYPT 2013) and by Coron, Lepoint and Tibouchi (CRYPTO 2013). We show that the construction is secure when the conjunction is drawn from a distribution, under mild assumptions on the distribution. Security follows from multilinear entropic variants of the Diffie-Hellman assumption. We conjecture that our construction is secure for any conjunction, regardless of the distribution from which it is drawn. We offer supporting evidence for this conjecture, proving that our obfuscator is secure for any conjunction against generic adversaries.

*06:17* [Pub][ePrint]
Partially blind password-based signatures using elliptic curves, by Kristian Gjøsteen
Password-based signatures allow a user who can only remember a password to create digital signatures with the help of a server, without revealing the messages to be signed to the server.Certain applications require the ability to disclose part of the message to the server. We define partially blind password-based signatures and construct a scheme based that we prove secure, based on a novel computational problem related to computing discrete logarithms.

Our scheme is based on Nyberg-Rueppel signatures. We give a variant of Nyberg-Rueppel signatures that we prove secure based on our novel computational problem.

Unlike previous password-based signature schemes, our scheme can be instantiated using elliptic curve arithmetic over small prime fields. This is important for many applications

*06:17* [Pub][ePrint]
The Norwegian Internet Voting Protocol, by Kristian Gjøsteen
The Norwegian government ran a trial of internet remote voting during the 2011 local government elections, and will run another trial during the 2013 parliamentary elections. A new cryptographic voting protocol will be used, where so-called return codes allow voters to verify that their ballots will be counted as cast.This paper discusses this cryptographic protocol, and in particular the ballot submission phase.

The security of the protocol relies on a novel hardness assumption similar to Decision Diffie-Hellman. While DDH is a claim that a random subgroup of a non-cyclic group is indistinguishable from the whole group, our assumption is related to the indistinguishability of certain special subgroups. We discuss this question in some detail.

*06:17* [Pub][ePrint]
A note on verifying the APN property, by Pascale Charpin and Gohar M. Kyureghyan
We show that for an arbitrary mapping $F$ on $F_2^n$ to verify that it is APN, it is enough to consider the difference mappings of $F$defined by elements from an hyperplane.

*15:17* [Pub][ePrint]
How To Construct Extractable One-Way Functions Against Uniform Adversaries, by Nir Bitansky and Ran Canetti and Omer Paneth
A function $f$ is extractable if it is possible to algorithmically ``extract,\'\' from any program that outputs a value $y$ in the image of $f,$ a preimage of $y$. When combined with hardness properties such as one-wayness or collision-resistance, extractability has proven to be a powerful tool. However, so far, extractability has not been explicitly shown. Instead, it has only been considered as a non-standard {\\em knowledge assumption} on certain functions.

We give the first construction of extractable one-way functions assuming only standard hardness assumptions (e.g.,subexponential security of Decision Diffie-Hellman or Quadratic Residousity).

Our functions are extractable against adversaries with bounded polynomial advice and unbounded polynomial running time. We then use these functions to construct the first 2-message zero-knowledge arguments and 3-message zero-knowledge arguments of knowledge, against the same class of adversarial verifiers, from essentially the same assumptions.

The construction uses ideas from [Barak, FOCS01] and [Barak, Lindell, and Vadhan, FOCS03], and rely on the recent breakthrough construction of privately verifiable $\\P$-delegation schemes [Kalai, Raz, and Rothblum]. The extraction procedure uses the program evaluating $f$ in a non-black-box way, which we show to be necessary.

*15:17* [Pub][ePrint]
Verifiable Delegation of Computation on Outsourced Data, by Michael Backes and Dario Fiore and Raphael M. Reischuk
We address the problem in which a client stores a large amount of data with an untrusted server in such a way that, at any moment, the client can ask the server to compute a function on some portion of its outsourced data. In this scenario, the client must be able to efficiently verify the correctness of the result despite no longer knowing the inputs of the delegated computation, it must be able to keep adding elements to its remote storage, and it does not have to fix in advance (i.e., at data outsourcing time) the functions that it will delegate. Even more ambitiously, clients should be able to verify in time independent of the input-size - a very appealing property for computations over huge amounts of data.In this work we propose novel cryptographic techniques that solve the above problem for the class of computations of quadratic polynomials over a large number of variables. This class covers a wide range of significant arithmetic computations - notably, many important statistics. To confirm the efficiency of our solution, we show encouraging performance results, e.g., correctness proofs have size below 1 kB and are verifiable by clients in less than 10 milliseconds.

*08:05* [Job][New]
Post-Doc, *Telecom ParisTech, Communication and Electrical Engineering Department, Sophia-Antipolis, France*
We are looking for a postdoctoral researcher to contribute a project named LibreCloud on self hosted, distributed, redundant and secured cloud services. The main goal of the LibreCloud project is to help end users to better control their personal information and data, at a very low cost and with the quality of service of a commercial cloud solution.

The LibreCloud project aims at packaging a GNU/Linux distribution tailored for cheap and power efficient personal computers (Raspberry Pi, Parallella, Plug Computers). The distribution shall be easy to install and manage and shall embed the largest possible set of services (agenda, notes, address books, bookmarks, keyring, storage, e-mail,...) that are usually found on commercial cloud infrastructures. Its main characteristics shall be strong security (privacy, confidentiality, integrity) and safety (redundancy, backups, continuous availability across time and space).

*06:17* [Pub][ePrint]
Verifiable Attribute-based Keyword Search over Outsourced Encrypted Data, by Qingji Zheng and Shouhuai Xu and Giuseppe Ateniese
It is quite common nowadays for data owners to outsource their data to the cloud.However, since the cloud is not fully trusted, the outsourced data should be encrypted, which brings a range of problems, such as: How can authorized data users search over a data owner\'s outsourced encrypted data?

How should a data owner grant search capabilities to data users?

How can data users be assured that the cloud faithfully executed the search operations? Towards ultimately addressing these problems, in this paper we propose a novel cryptographic scheme, called {\\em verifiable attribute-based keyword search} (\\vabks). This scheme

allows a data user, whose attributes or credentials satisfy a data owner\'s access control policy,

to (i) search over the data owner\'s outsourced encrypted data,

(ii) outsource the tedious search operations to the cloud, and

(iii) verify whether the cloud has faithfully executed the search operations.

We define \\vabks\'s security properties, and present concrete constructions that are proven to possess these properties. Performance evaluation shows that the proposed schemes are practical.