International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

13:30 [Event][New] ACISP 2014: 19th Australasian Conference on Information Security and Privacy

  Submission: 23 February 2014
Notification: 13 April 2014
From July 7 to July 9
Location: Wollongong, Australia
More Information:

00:17 [Pub][ePrint] Smashing MASH-1, by Vladimir Antipkin

  MASH-1 is modular arithmetic based hash function. It is presented in Part 4 of ISO/IEC 10118

standard for one and a half decade. Cryptographic strength of MASH-1 hash function is based on

factorization problem of an RSA modulus along with redundancy in the input blocks of compression

functions. Despite of this, we are able to introduce two large classes of moduli which allow

practical time collision finding algorithm for MASH-1. In one case even multicollisions of

arbitrary length can be constructed.

00:17 [Pub][ePrint] EyeDecrypt -- Private Interactions in Plain Sight, by Andrea Forte and Juan Garay and Trevor Jim and Yevgeniy Vahlis

  We introduce EyeDecrypt, a novel technology for privacy-preserving human-computer interaction. EyeDecrypt allows only authorized users to decipher data shown on a public display, such as an electronic screen or printed material; in the former case, the authorized user can then interact with the system (e.g., by pressing buttons), without revealing the details of the interaction to others who may be watching.

The user views data on a closely-held personal device, such as a pair of smart glasses with a camera and heads-up display, or a smartphone. The decrypted data is displayed as an image overlay on the personal device--a form of augmented reality. The user\'s inputs are protected through randomization.

EyeDecrypt consists of three main components: a visualizable encryption scheme; a dataglyph-based visual encoding scheme for the ciphertexts generated by the encryption scheme; and a randomized input and augmented reality scheme that protects user inputs without harming usability. We describe all aspects of EyeDecrypt, from security definitions, constructions and formal analysis, to implementation details of a prototype developed on a smartphone.

00:17 [Pub][ePrint] Analysis of the Rainbow Tradeoff Algorithm Used in Practice, by Jung Woo Kim and Jin Hong and Kunsoo Park

  Cryptanalytic time memory tradeoff is a tool for inverting one-way functions, and the rainbow table method, the best-known tradeoff algorithm, is widely used to recover passwords. Even though extensive research has been performed on the rainbow tradeoff, the algorithm actually used in practice differs from the well-studied original algorithm. This work provides a full analysis of the rainbow tradeoff algorithm that is used in practice. Unlike existing works on the rainbow tradeoff, the analysis is done in the external memory model, so that the practically important issue of table loading time is taken into account. As a result, we are able to provide tradeoff parameters that optimize the wall-clock time.

00:17 [Pub][ePrint] Cryptanalysis of the Toorani-Falahati Hill Ciphers, by Liam Keliher and Anthony Z. Delaney

  In 2009 and 2011, Toorani and Falahati introduced two variants of the classical Hill Cipher, together with protocols for the exchange of encrypted messages. The designers claim that the new systems overcome the weaknesses of the original Hill Cipher, and are resistant to any ciphertext-only, known-plaintext, chosen-plaintext, or chosen-ciphertext attack. However, we describe a chosen-plaintext attack that easily breaks both Toorani-Falahati Hill Ciphers, and we present computational results that confirm the effectiveness of our attack.

00:17 [Pub][ePrint] One-Sided Adaptively Secure Two-Party Computation, by Carmit Hazay and Arpita Patra

  Adaptive security is a strong security notion that captures additional security threats that are not addressed by static corruptions. For instance, it captures scenarios in which the attacker chooses which party to corrupt based on the protocol communication. It further captures real-world scenarios where ``hackers\'\' actively break into computers, possibly while they are executing secure protocols. Studying this setting is interesting from both theoretical and practical points of view. The former is because the theoretical understanding of this setting is not yet profound and important questions are still unresolved; a notable example is the question regarding the feasibility of constant round adaptively secure protocols. From practical viewpoint, generic adaptively secure protocols are far more complicated and less efficient than static protocols.

A primary building block in designing adaptively secure protocols is a non-committing encryption or NCE that implements secure communication channels in the presence of adaptive corruptions. Current NCE constructions require a number of public key operations that grows linearly with the length of the message. Furthermore, general two-party protocols require a number of NCE calls that is linear in the circuit size (or otherwise the protocol is not round efficient). As a result the number of public key operations is inflated and depends on the circuit size as well.

In this paper we study the two-party setting in which at most one of the parties is adaptively corrupted, which we believe is the right security notion in the two-party setting. We study the feasibility of (1) NCE with constant number of public key operations for any message space. (2) Oblivious transfer with constant number of public key operations for any sender\'s input space, and (3) constant round secure computation protocols with a number of NCE calls, and an overall number of public key operations, that are independent of the circuit size. Our study demonstrates that such primitives indeed exist in the presence of single corruptions, while this is not the case for fully adaptive security (where both parties may get corrupted).

00:17 [Pub][ePrint] A Local-Global Approach to Solving Ideal Lattice Problems, by Yuan Tian and Rongxin Sun and Xueyong Zhu

  We construct an innovative SVP(CVP) solver for ideal lattices in case of any relative extension of number fields L/K of degree n where L is real(contained in R). The solver, by exploiting the relationships between the so-called local and global number fields, reduces solving SVP(CVP) of the input ideal A in field L to solving a set of (at most n) SVP(CVP) of the ideals Ai in field Li with relative degree 1≤ni

00:17 [Pub][ePrint] Enhanced certificate transparency (how Johnny could encrypt), by Mark D. Ryan

  The ``certificate authority\'\' model for authenticating public keys of websites has been attacked in recent years, and several proposals have been made to reinforce it. We develop and extend ``certificate transparency\'\', a proposal in this direction, so that it efficiently handles certificate revocation. We show how this extension can be used to build a secure end-to-end email or messaging system using PKI with no requirement to trust certificate authorities, or to rely on complex peer-to-peer key-signing arrangements such as PGP. We believe this finally makes end-to-end encrypted email as usable as encrypted web browsing is today, addressing the concerns of a classic paper explaining the difficulties users face in encrypting emails (``Why Johnny can\'t encrypt\'\', 1999). Underlying these ideas is a new attacker model appropriate for cloud computing, which we call ``malicious-but-cautious\'\'.

00:17 [Pub][ePrint] Solving the Elliptic Curve Discrete Logarithm Problem Using Semaev Polynomials, Weil Descent and Gröbner Basis Methods -- an Experimental Study, by Michael Shantz and Edlyn Teske

  At ASIACRYPT 2012, Petit and Quisquater suggested that there may be a subexponential-time index-calculus type algorithm for the Elliptic Curve Discrete Logarithm Problem (ECDLP) in characteristic two fields. This algorithm uses Semaev polynomials and Weil Descent to create a system of polynomial equations that subsequently is to be solved with Gröbner basis methods. Its analysis is based on heuristic assumptions on the performance of Gröbner basis methods in this particular setting. While the subexponential behaviour would manifest itself only far beyond the cryptographically interesting range, this result, if correct, would still be extremely remarkable. We examined some aspects of the work by Petit and Quisquater experimentally.

13:27 [Event][New] DigitalSec: The International Conference on Digital Security and Forensics

  Submission: 24 May 2014
Notification: 3 June 2014
From June 24 to June 26
Location: Ostrava, Czech Republic
More Information:

09:17 [Pub][ePrint] SPHF-Friendly Non-Interactive Commitments, by Michel Abdalla and Fabrice Benhamouda and Olivier Blazy and Céline Chevalier and David Pointcheval

  In 2009, Abdalla et al. proposed a reasonably practical password-authenticated key exchange (PAKE) secure against adaptive adversaries in the universal composability (UC) framework. It exploited the Canetti-Fischlin methodology for commitments and the Cramer-Shoup smooth projective hash functions (SPHFs), following the Gennaro-Lindell approach for PAKE. In this paper, we revisit the notion of non-interactive commitments, with a new formalism that implies UC security. In addition, we provide a quite efficient instantiation. We then extend our formalism to SPHF-friendly commitments. We thereafter show that it allows a blackbox application to one-round PAKE and oblivious transfer (OT), still secure in the UC framework against adaptive adversaries, assuming reliable erasures and a single global common reference string, even for multiple sessions. Our instantiations are more efficient than the Abdalla et al. PAKE in Crypto 2009 and the recent OT protocol proposed by Choi~et al. in PKC 2013. Furthermore, the new PAKE instantiation is the first one-round scheme achieving UC security against adaptive adversaries.