International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-09-09
03:17 [Pub][ePrint]

Physically Unclonable Functions (PUFs) are emerging as hardware security primitives. They are typically employed to generate device-unique secret keys. As PUF output bits are noisy and possibly biased or correlated, on-chip digital post-processing is required. Fuzzy

extractors are used to generate reproducible and uniformly distributed keys. Traditionally, they employ an error-correcting code and a cryptographic hash function. Pattern matching key generators

have been proposed as an alternative. In this work, we demonstrate the latter construction to be vulnerable against manipulation of the public helper data. Full key recovery might be possible, although depending on some design choices and one system parameter. We demonstrate our attacks using a 4-XOR arbiter PUF, manufactured in 65nm CMOS technology. We also propose a simple but efficient countermeasure.

03:17 [Pub][ePrint]

03:17 [Pub][ePrint]

Simon and Speck are two families of ultra-lightweight block ciphers which were proposed by the U.S. National Security Agency in June 2013. Yet, the specification paper discusses only the design and the performance of both cipher families, the task of analyzing their security has been left to the research community.

In this paper we present conventional differential as well as rectangle attacks for almost all members of the \\speck cipher family, where we target up to 11/22, 12/23, 14/16, 15/29, and 18/34 rounds of the 32-, 48-, 64-, 96-, and 128-bit version, respectively. In addition, we discuss rotational attacks, where we show that these attacks can be easily mounted for the full or almost the full number of rounds for large groups of weak keys.

03:17 [Pub][ePrint]

At Eurocrypt 2013, Joye and Libert proposed a method for constructing public key cryptosystems (PKCs) and lossy trapdoor functions (LTDFs) from $(2^\\alpha)^{th}$-power residue symbols. Their work can be viewed as non-trivial extensions of the well-known PKC scheme due to Goldwasser and Micali, and the LTDF scheme due to Freeman et al., respectively. In this paper, we will demonstrate that this kind of work can be extended \\emph{more generally}: all related constructions can work for any $k^{th}$ residues if $k$ only contains small prime factors, instead of $(2^\\alpha)^{th}$-power residues only. The resultant PKCs and LTDFs are more efficient than that from Joye-Libert method in terms of decryption speed with the same message length.

03:17 [Pub][ePrint]

Identity Based Encryption (IBE) systems are often constructed using pairings or lattices. Three exceptions are due to Cocks in 2001, Boneh, Gentry and Hamburg in 2007, and Paterson and Srinivasan in 2009. In this paper, we propose an efficient identity-based encryption scheme of which the security is rooted in the intractability assumption of integer factorization. We believe that our construction has some essential differences from all existing IBEs.

03:17 [Pub][ePrint]

Secure multi-party computation (MPC) allows a set P of n players to evaluate a function f in presence of an adversary who corrupts a subset of the players. In this paper we consider active, general adversaries, characterized by a so-called adversary structure Z which enumerates all possible subsets of corrupted players. In particular for small sets of players general adversaries better capture real-world requirements than classical threshold adversaries.

Protocols for general adversaries are efficient\'\' in the sense that they require |Z|^O(1) bits of communication. However, as |Z| is usually very large (even exponential in n), the exact exponent is very relevant. In the setting with perfect security, the most efficient protocol known to date communicates |Z|^3 bits; we present a protocol for this setting which communicates |Z|^2 bits. In the setting with statistical security, |Z|^3 bits of communication is needed in general (whereas for a very restricted subclass of adversary structures, a protocol with communication

|Z|^2 bits is known); we present a protocol for this setting (without limitations) which communicates |Z|^1 bits.

03:17 [Pub][ePrint]

RC4 has remained the most popular software stream cipher since the last two decades. In parallel to cryptanalytic attempts, researchers have come up with many variants of RC4, some targeted to more security, some towards more throughput. We observe that the design of RC4 has been changed a lot in most of the variants. Since the RC4 structure is quite secure if the cipher is used with proper precautions, an arbitrary change in the design may lead to potential vulnerabilities, such as the distinguishing attack (Tsunoo et al., 2007) on the word-oriented variant GGHN (Gong et al., 2005). Some variants keep the RC4 structure (Maitra et al., 2008), but is byte-oriented and hence is an overkill for modern wide-word processors. In this paper, we try to combine the best of both the worlds. We keep the basic RC4 structure which guarantees reasonable security (if properly used) and we combine 4 RC4 states tacitly to design a high throughput stream cipher called {\\em Quad-RC4} that produces $32$-bit output at every round. The storage requirement for the internal state is only $1024$ bits. In terms of speed, this cipher performs much faster than normal RC4 and is comparable with HC-128, the fastest software stream cipher amongst the eSTREAM finalists. We also discuss the issue of generalizing the structure of Quad-RC4 to higher word-width variants.

2013-09-08
02:34 [Event][New]

Submission: 8 January 2014
From May 28 to May 30
Location: Marrakech, Morroco

02:31 [Job][Update]

Crypto Engineer is to Design, Develop, Engineer the next generation Digital Currency across all platforms for the global world market to use. (e.g. Internet, Mobile Technology, ect)

2013-09-06
17:47 [Job][New]

Crypto Engineer is to Design, Develop, Engineer the next generation Digital Currency across all platforms for the global world market to use. (e.g. Internet, Mobile Technology, ect)

have interesting applications in cryptographic schemes and protocols. In this paper, we explore the computation of the self-pairings on supersingular elliptic curves with embedding degree $k = 3$. We construct a novel self-pairing which has the same Miller loop as the Eta/Ate pairing. However, the proposed self-pairing has a simple final exponentiation. Our results suggest that the proposed self-pairings are more efficient than the other ones on the corresponding curves. We compare the efficiency of self-pairing computations on different curves
over large characteristic and estimate that the proposed self-pairings on curves with $k=3$ require $44\\%$ less field multiplications than the fastest ones on curves with $k=2$ at AES 80-bit security level.