International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

03:17 [Pub][ePrint] Attacking PUF-Based Pattern Matching Key Generators via Helper Data Manipulation, by Jeroen Delvaux and Ingrid Verbauwhede

  Physically Unclonable Functions (PUFs) are emerging as hardware security primitives. They are typically employed to generate device-unique secret keys. As PUF output bits are noisy and possibly biased or correlated, on-chip digital post-processing is required. Fuzzy

extractors are used to generate reproducible and uniformly distributed keys. Traditionally, they employ an error-correcting code and a cryptographic hash function. Pattern matching key generators

have been proposed as an alternative. In this work, we demonstrate the latter construction to be vulnerable against manipulation of the public helper data. Full key recovery might be possible, although depending on some design choices and one system parameter. We demonstrate our attacks using a 4-XOR arbiter PUF, manufactured in 65nm CMOS technology. We also propose a simple but efficient countermeasure.

03:17 [Pub][ePrint]


03:17 [Pub][ePrint] Cryptanalysis of the Speck Family of Block Ciphers, by Farzaneh Abed and Eik List and Stefan Lucks and Jakob Wenzel

  Simon and Speck are two families of ultra-lightweight block ciphers which were proposed by the U.S. National Security Agency in June 2013. Yet, the specification paper discusses only the design and the performance of both cipher families, the task of analyzing their security has been left to the research community.

In this paper we present conventional differential as well as rectangle attacks for almost all members of the \\speck cipher family, where we target up to 11/22, 12/23, 14/16, 15/29, and 18/34 rounds of the 32-, 48-, 64-, 96-, and 128-bit version, respectively. In addition, we discuss rotational attacks, where we show that these attacks can be easily mounted for the full or almost the full number of rounds for large groups of weak keys.

03:17 [Pub][ePrint] More Efficient Cryptosystems From k-th Power Residues, by Zhenfu Cao and Xiaolei Dong and Licheng Wang and Jun Shao

  At Eurocrypt 2013, Joye and Libert proposed a method for constructing public key cryptosystems (PKCs) and lossy trapdoor functions (LTDFs) from $(2^\\alpha)^{th}$-power residue symbols. Their work can be viewed as non-trivial extensions of the well-known PKC scheme due to Goldwasser and Micali, and the LTDF scheme due to Freeman et al., respectively. In this paper, we will demonstrate that this kind of work can be extended \\emph{more generally}: all related constructions can work for any $k^{th}$ residues if $k$ only contains small prime factors, instead of $(2^\\alpha)^{th}$-power residues only. The resultant PKCs and LTDFs are more efficient than that from Joye-Libert method in terms of decryption speed with the same message length.

03:17 [Pub][ePrint] New Efficient Identity-Based Encryption From Factorization, by Jun Shao and Licheng Wang and Xiaolei Dong and Zhenfu Cao

  Identity Based Encryption (IBE) systems are often constructed using pairings or lattices. Three exceptions are due to Cocks in 2001, Boneh, Gentry and Hamburg in 2007, and Paterson and Srinivasan in 2009. In this paper, we propose an efficient identity-based encryption scheme of which the security is rooted in the intractability assumption of integer factorization. We believe that our construction has some essential differences from all existing IBEs.

03:17 [Pub][ePrint] Efficient General-Adversary Multi-Party Computation, by Martin Hirt and Daniel Tschudi

  Secure multi-party computation (MPC) allows a set P of n players to evaluate a function f in presence of an adversary who corrupts a subset of the players. In this paper we consider active, general adversaries, characterized by a so-called adversary structure Z which enumerates all possible subsets of corrupted players. In particular for small sets of players general adversaries better capture real-world requirements than classical threshold adversaries.

Protocols for general adversaries are ``efficient\'\' in the sense that they require |Z|^O(1) bits of communication. However, as |Z| is usually very large (even exponential in n), the exact exponent is very relevant. In the setting with perfect security, the most efficient protocol known to date communicates |Z|^3 bits; we present a protocol for this setting which communicates |Z|^2 bits. In the setting with statistical security, |Z|^3 bits of communication is needed in general (whereas for a very restricted subclass of adversary structures, a protocol with communication

|Z|^2 bits is known); we present a protocol for this setting (without limitations) which communicates |Z|^1 bits.

03:17 [Pub][ePrint] Quad-RC4: Merging Four RC4 States towards a 32-bit Stream Cipher, by Goutam Paul and Subhamoy Maitra and Anupam Chattopadhyay

  RC4 has remained the most popular software stream cipher since the last two decades. In parallel to cryptanalytic attempts, researchers have come up with many variants of RC4, some targeted to more security, some towards more throughput. We observe that the design of RC4 has been changed a lot in most of the variants. Since the RC4 structure is quite secure if the cipher is used with proper precautions, an arbitrary change in the design may lead to potential vulnerabilities, such as the distinguishing attack (Tsunoo et al., 2007) on the word-oriented variant GGHN (Gong et al., 2005). Some variants keep the RC4 structure (Maitra et al., 2008), but is byte-oriented and hence is an overkill for modern wide-word processors. In this paper, we try to combine the best of both the worlds. We keep the basic RC4 structure which guarantees reasonable security (if properly used) and we combine 4 RC4 states tacitly to design a high throughput stream cipher called {\\em Quad-RC4} that produces $32$-bit output at every round. The storage requirement for the internal state is only $1024$ bits. In terms of speed, this cipher performs much faster than normal RC4 and is comparable with HC-128, the fastest software stream cipher amongst the eSTREAM finalists. We also discuss the issue of generalizing the structure of Quad-RC4 to higher word-width variants.

02:34 [Event][New] Africacrypt 2014

  Submission: 8 January 2014
Notification: 1 March 2014
From May 28 to May 30
Location: Marrakech, Morroco
More Information: http://