*07:09*[Event][New] IJISS: International Journal of Information Security Science

Submission: 31 July 2014

From August 31 to July 31

More Information: http://www.ijiss.org

Get an update on changes of the IACR web-page here. For questions, contact *newsletter (at) iacr.org*.
You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

Submission: 31 July 2014

From August 31 to July 31

More Information: http://www.ijiss.org

2013-08-25

I'm looking for a volunteer to edit the videos from TCC 2013. The data consists of about 30 DVDs, or about 100GB of video data. There are two DVDs for each session (the stage and the presentation screen), and they need to be re-encoded for streaming distribution on youtube. If we decide that this is too much, we might opt for only the presentation screen videos from the invited talks, but ideally I'd like to do the following: 1. split the VOB files into one file per talk. The files should be named in such a way that they can be matched to cryptodb, e.g., 24520.mp4 for http://www.iacr.org/cryptodb/data/paper.php?pubkey=24520 2. encode each file as AAC-LC audio with H.264 video, as described on https://support.google.com/youtube/answer/1722171?hl=en. 3. upload the resulting files to www.iacr.org so that they can be archived and uploaded to the IACR youtube channel. If interested, contact cryptodb@iacr.org.

2013-08-24

Submission: 10 September 2013

Notification: 31 October 2013

From November 27 to November 29

Location: Berlin, Germany

More Information: http://cardis.sec.t-labs.tu-berlin.de/index.html

2013-08-23

- Mitsuru Matsui (director)
- Christof Paar (director)
- David Pointcheval (director)
- Bart Preneel (president)
- Christian Cachin (vice president)
- Greg Rose (treasurer)
- Martijn Stam (secretary)

- Michel Abdalla (Returning Officer)
- Josh Benaloh (Chair)
- Tom Berson

2013-08-22

Name: Daniel Wichs

Topic: Cryptographic Resilience to Continual Information Leakage

Category: foundations

Description: In this thesis, we study the question of achieving cryptographic security on\r\ndevices that leak information about their internal secret state to an external attacker. This study is motivated by the prevalence of side-channel attacks, where\r\nthe physical characteristics of a computation (e.g. timing, power-consumption,\r\ntemperature, radiation, acoustics, etc.) can be measured, and may reveal useful information about the internal state of a device. Since some such leakage is\r\ninevitably present in almost any physical implementation, we believe that this\r\nproblem cannot just be addressed by physical countermeasures alone. Instead, it\r\nshould already be taken into account when designing the mathematical specication of cryptographic primitives and included in the formal study of their security.\r\nIn this thesis, we propose a new formal framework for modeling the leakage\r\navailable to an attacker. This framework, called the continual leakage model, assumes that an attacker can continually learn arbitrary information about the internal secret state of a cryptographic scheme at any point in time, subject only to the\r\nconstraint that the rate of leakage is bounded. More precisely, our model assumes\r\nsome abstract notion of time periods. In each such period, the attacker can choose\r\nto learn arbitrary functions of the current secret state of the scheme, as long as\r\nthe number of output bits leaked is not too large. In our solutions, cryptographic\r\nschemes will continually update their internal secret state at the end of each time\r\nperiod. This will ensure that leakage observed in dierent time periods cannot be\r\nmeaningfully combined to break the security of the cryptosystem. Although these\r\nupdates modify the secret state of the cryptosystem, the desired functionality of\r\nthe scheme is preserved, and the users can remain oblivious to these updates. We\r\nconstruct signatures, encryption, and secret sharing/storage schemes in this model.[...]

Name: Marina Samokhina

Topic: The construction and research of cryptographic systems based on linear codes in projective metrics

Category:public-key cryptography

Description:

Main scientific goal of the work was the construction of new real life usable cryptosystem based on linear codes, this system cryptanalysis and its cryptographic strength demonstration.

There are several public key cryptosystems based on linear codes formerly designed. However most of them aren't strong enough.

In my work I review and analyze most substantial and cryptostrong existing systems. I provide detailed description of these systems limitations and vulnerabilities. As a quintessence of my research I introduce new system based on Gabidulin Rank codes in a projective metric. The new system is flexible and can be easily modified into two different structure based systems.

In the conclusion I describe all possible cryptanalytic methods for the new cryptosystem and ensure for its good security level. Few examples of successful implementation of new cryptosystem described in certain section of my work is a strong argue to use the system as a real-life application.

[...]

Submission: 20 February 2014

Notification: 30 April 2014

From August 7 to August 11

Location: Gyeongju, Korea

More Information: http://ants2014.kookmin.ac.kr

We introduce the notion of locally updatable and locally decodable codes (LULDCs). While, intuitively, updatability and error-correction seem to be contrasting goals, we show that for a suitable, yet meaningful, metric (which we call the Prefix Hamming metric), one can construct such codes. Informally, the Prefix Hamming metric allows the adversary to corrupt an arbitrary (constant fraction of) bits of the codeword subject to the constraint that he does not corrupt more than a $\\delta$ fraction of the $t$ ``most-recently changed\" bits of the codeword (for all $1\\leq t\\leq n$, where $n$ is the length of the codeword).

We first construct binary LULDCs for messages in $\\{0,1\\}^{k}$ with constant rate, update locality of $\\bigo(\\log^2 k)$, and read locality of $\\bigo(k^\\epsilon)$ for any constant $\\epsilon

2013-08-21

The soundness of language-level reasoning about programs relies on program execution adhering to the language semantics. However, in a distributed computation, when a value is sent from one party to another, the receiver faces the question of whether the value is *well-traced*, i.e., could it have produced by a computation that respects the language semantics? Otherwise, accepting the value may lead to bugs or vulnerabilities.

Proof-Carrying Data (PCD) is a recently-introduced cryptographic mechanism that allows messages in a distributed computation to be accompanied by proof that the message, and the history leading to it, complies with a specified predicate. Using PCD, a verifier can be convinced that the predicate held throughout the distributed computation, even in the presence of malicious parties, and at a verification cost that is independent of the size of the computation producing the value. With a suitable choice of predicate, a program may use PCD to check that values received from the network are well-traced. Unfortunately, previous approaches to using PCD required tailoring a specialized predicate for each application, using an inconvenient formalism and with little methodological support.

This work introduces a novel, PCD-based approach to enforcing language semantics in a distributed computation. We show how to construct a runtime, for an object-oriented language, which ensures that objects received from potentially untrusted parties are well-traced with respect to any prescribed class definitions. This means programmers can analyze language-level properties of distributed programs in a trusted setting, and then use the runtime to generically enforce the same properties in the presence of malicious parties, without needing to be aware of the the underlying cryptographic techniques.

Client-side deduplication is a very effective mechanism to reduce both storage and communication cost in cloud storage service. Halevi~\\emph{et al.} (CCS \'11) discovered security vulnerability in existing implementation of client-side deduplication and proposed a cryptographic primitive called ``proofs of ownership\'\' (PoW) as a countermeasure. In a proof of ownership scheme, any owner of the same file can prove to the cloud storage server that he/she owns that file in an efficient and secure manner, even if a bounded amount of any efficiently extractable information of that file has been leaked.

We revisit Halevi~\\emph{et al.}\'s formulation of PoW and significantly improve the understanding and construction of PoW.

Our contribution is twofold:

\\begin{itemize}

\\item

First, we propose a generic and conceptually simple approach to construct \\emph{Privacy-Preserving} Proofs of Ownership scheme, by leveraging on well-known primitives (i.e. Randomness Extractor and

Proofs of Retrievability) and technique (i.e. sample-then-extract). Our approach can be roughly described as \\textsf{Privacy-Preserving PoW = Randomness Extractor $+$ Proofs of Retrievability}.

Based on our PoW scheme, we also construct a secure client-side deduplication method which is leakage resilient against bot outside attack and inside attack.

\\item

Second, in order to provide a better instantiation of Privacy-Preserving-PoW, we propose a novel design of randomness extractor which improves the state of art by reducing both the random seed length and entropy loss (i.e. the difference between the entropy of input and output) simultaneously.

\\end{itemize}

Large scale data processing brings new challenges to the design of privacy-preserving protocols: how to meet the increasing requirements of speed and throughput of modern applications, and how to scale up smoothly when data being protected is big. Efficiency and scalability become critical criteria for privacy preserving protocols in the age of Big Data. In this paper, we present a new Private Set Intersection (PSI) protocol that is extremely efficient and highly scalable compared with existing protocols. The protocol is based on a novel approach that we call oblivious Bloom intersection. It has linear complexity and relies mostly on efficient symmetric key operations. It has high scalability due to the fact that most operations can be parallelized easily. The protocol has two versions: a basic protocol and an enhanced protocol, the security of the two variants is analyzed and proved in the semi-honest model and the malicious model respectively. A prototype of the basic protocol has been built. We report the result of performance evaluation and compare it against the two previously fastest PSI protocols. Our protocol is orders of magnitude faster than these two protocols. To compute the intersection of two million-element sets, our protocol needs only 41 seconds (80-bit security) and 339 seconds (256-bit security) on moderate hardware in parallel mode.