International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

21:17 [Pub][ePrint] Combined Modeling and Side Channel Attacks on Strong PUFs, by Ahmed Mahmoud and Ulrich Rührmair and Mehrdad Majzoobi and Farinaz Koushanfar

  Physical Unclonable Functions (PUFs) have established themselves

in the scientific literature, and are also gaining ground

in commercial applications. Recently, however, several attacks

on PUF core properties have been reported. They concern

their physical and digital unclonability, as well as their

assumed resilience against invasive or side channel attacks.

In this paper, we join some of these techniques in order

to further improve their effectiveness. The combination of

machine-learning based modeling techniques with side channel

information allows us to attack so-called XOR Arbiter

PUFs and Lightweight PUFs up to a size and complexity

that was previously out of reach. For Lightweight PUFs,

for example, we report successful attacks for bitlengths of

64, 128 and 256, and for up to nine single Arbiter PUFs

whose output is XORed. Previous work at CCS 2010 and

IEEE TIFS 2013, which provides the currently most efficient

modeling results, had only been able to attack this structure

for up to five XORs and bitlength 64.

Our attack employs the first power side channel (PSC) for

Strong PUFs in the literature. This PSC tells the attacker

the number of single Arbiter PUF within an XOR Arbiter

PUF or Lightweight PUF architecture that are zero or one.

This PSC is of little value if taken by itself, but strongly

improves an attacker\'s capacity if suitably combined with

modeling techniques. At the end of the paper, we discuss efficient

and simple countermeasures against this PSC, which

could be used to secure future PUF generations.

15:05 [Election] IACR Election & Referendum - Please Vote

  The 2013 Election for Directors and Officers of the IACR Board and the Referendum on Bylaws Amendments are open from October 1st until November 15, 2013. All 2013 members of the IACR (generally, people who attended an IACR conference or workshop in 2012) should receive voting credentials from sent to their email address of record with the IACR on October 1st, 2013.

18:17 [Pub][ePrint] Improved Linear Attacks on the Chinese Block Cipher Standard, by Mingjie Liu and Jiazhe Chen

  The block cipher used in the Chinese Wireless LAN Standard (WAPI), SMS4, was recently renamed as SM4, and became the block cipher standard issued by the Chinese government. This paper improves the previous linear cryptanalysis of SMS4 by giving the first 19-round one-dimensional approximations. The 19-round approximations hold with bias 2^{−62.27}; we use one of them to leverage a linear attack on 23-round SMS4. Our attack improves the previous 23-round attacks by reducing the time complexity. Furthermore, the data complexity of our attack is further improved by the multidimensional linear approach.

18:17 [Pub][ePrint] Flexible and Publicly Verifiable Aggregation Query for Outsourced Databases in Cloud, by Jiawei Yuan and Shucheng Yu

  For securing databases outsourced to the cloud, it is important to allow cloud users to verify that their queries to the cloud-hosted databases are correctly executed by the cloud. Existing solutions on this issue suffer from a high communication cost, a heavy storage overhead or an overwhelming computational cost on clients. Besides, only simple SQL queries (e.g., selection query, projection query, weighted sum query, etc) are supported in existing solutions. For practical considerations, it is desirable to design a client-verifiable (or publicly verifiable) aggregation query scheme that supports more flexible queries with affordable storage overhead, communication and computational cost for users. This paper investigates this challenging problem and proposes an efficient publicly verifiable aggregation query scheme for databases outsourced to the cloud. By designing a renewable polynomial-based authentication tag, our scheme supports a wide range of practical SQL queries including polynomial queries of any degrees, variance query and many other linear queries. Remarkably, our proposed scheme only introduces constant communication and computational cost to cloud users. Our scheme is provably secure under the Static Diffie-Hellman problem, the t-Strong Diffie-Hellman problem and the Computational Diffie-Hellman problem. We show the efficiency and scalability of our scheme through extensive numerical analysis.

18:17 [Pub][ePrint] Parallelizable Authenticated Encryption from Functions, by Kazuhiko Minematsu

  A new authenticated encryption (AE) mode for blockcipher is presented.

The proposed scheme has attractive features for fast and compact operation.

It requires rate-1 blockcipher call, and uses the encryption function of a blockcipher for both encryption and decryption.

Moreover, the scheme enables one-pass, parallel operation under two-block partition.

The proposed scheme thus attains similar characteristics as the seminal OCB mode, without using the inverse blockcipher.

The key idea of our proposal is a novel usage of two-round Feistel permutation, where the round functions are derived from the theory of tweakable blockcipher.

We also describe an instantiation of our idea using a non-invertible primitive, such as a keyed hash function.

18:17 [Pub][ePrint] Secure Key Management in the Cloud, by Ivan Damgård and Thomas P. Jakobsen and Jesper Buus Nielsen and Jakob I. Pagter

  We consider applications involving a number of servers in the cloud that go through a sequence of online periods where the servers communicate, separated by offline periods where the servers are idle. During the offline periods, we assume that the servers need to

securely store sensitive information such as cryptographic keys. Applications like this include many cases where secure multiparty computation is outsourced to the cloud, and in particular

a number of online auctions and benchmark computations with confidential inputs. We consider fully autonomous servers that switch between online and offline periods without communicating with anyone from outside the cloud, and semi-autonomous

servers that need a limited kind of assistance from outside the cloud when doing the transition. We study the levels of security one can - and cannot - obtain in this model, propose light-weight protocols achieving maximal security, and report on their practical performance.

18:17 [Pub][ePrint] Estimating Key Sizes For High Dimensional Lattice Based Systems, by Joop van de Pol and Nigel P. Smart

  We revisit the estimation of parameters for use in applications of the BGV homomorphic encryption system, which generally require high dimensional lattices. In particular, we utilize the BKZ-2.0 simulator of Chen and Nguyen to identify the best lattice attack that can be mounted using BKZ in a given dimension at a given security level. Using this technique, we show that it should be possible to work with lattices of smaller dimensions than previous methods have recommended, while still maintaining reasonable levels of security. As example applications we look at the evaluation of AES via FHE operations presented at Crypto 2012, and the parameters for the SHE variant of BGV used in the SPDZ protocol from Crypto 2012.

18:17 [Pub][ePrint] Securing the Data in Big Data Security Analytics, by Kevin D. Bowers and Catherine Hart and Ari Juels and Nikos Triandopoulos

  Big data security analytics is an emerging approach to intrusion detection at the scale of a large organization. It involves a combination of automated and manual analysis of security logs and alerts from a wide and varying array of sources, often aggregated into a massive (\"big\") data repository. Many of these sources are host

facilities, such as intrusion-detection systems and syslog, that we generically call Security Analytics Sources (SASs).

Security analytics are only as good as the data being analyzed. Yet nearly all SASs today lack even basic protections on data collection. An attacker can undetectably suppress or tamper with SAS messages to conceal attack evidence. Moreover, by merely monitoring network traffic they can discover sensitive SAS instrumentation and message-generation behaviors.

We introduce PillarBox, a tool for securely relaying SAS messages in a security analytics system. PillarBox enforces integrity: It secures SAS messages against tampering, even against an attacker that controls the network and compromises a message-generating host. It also (optionally) offers stealth: It can conceal alert generation, hiding select SAS alerting rules and actions from an adversary.

We present an implementation of PillarBox and show experimentally that it can secure messages against attacker suppression or tampering even in the most challenging environments where SASs generate real-time security alerts. We also show, based on data from a large enterprise and on-host performance measurements, that PillarBox has minimal overhead and is practical for real-world big data security analytics systems.

18:17 [Pub][ePrint] Decentralized Anonymous Credentials, by Christina Garman and Matthew Green and Ian Miers

  Anonymous credentials provide a powerful tool for making assertions about identity while maintaining privacy. However, a limitation of today\'s anonymous credential systems is the need for a trusted credential issuer --- which is both a single point of failure and a target for compromise. Furthermore, the need for such a trusted issuer can make it challenging to deploy credential systems in practice, particularly in the ad hoc network setting (e.g., anonymous peer-to-peer networks) where no single party can be trusted with this responsibility.

In this work we propose a novel anonymous credential scheme that eliminates the need for a trusted credential issuer. Our approach builds on recent results in the area of electronic cash and uses techniques --- such as the calculation of a distributed transaction ledger --- that are currently in widespread deployment in the Bitcoin payment system. Using this decentralized ledger and standard cryptographic primitives, we propose and provide a proof of security for a basic anonymous credential system that allows users to make flexible identity assertions with strong privacy guarantees. Finally, we discuss a number of practical applications for our techniques, including resource management in ad hoc networks and prevention of Sybil attacks. We implement our scheme and measure its efficiency.

18:17 [Pub][ePrint] Off-Path Hacking: The Illusion of Challenge-Response Authentication, by Yossi Gilad and Amir Herzberg and Haya Shulman

  Everyone is concerned about Internet security, yet most

traffic is not cryptographically protected. Typical justification is that most

attackers are off-path and cannot intercept traffic; hence, intuitively,

challenge-response defenses should suffice to ensure authenticity. Often,

the challenges re-use existing header fields to protect widelydeployed

protocols such as TCP and DNS.

We argue that this practice may often give an illusion of security.

We review recent off-path TCP injection and DNS poisoning attacks,

enabling attackers to circumvent existing challenge-response defenses.

Both TCP and DNS attacks are non-trivial, yet practical. The attacks

foil widely deployed security mechanisms, and allow a wide range of

exploits, such as long-term caching of malicious objects and scripts.

We hope that this review article will help improve defenses against

off-path attackers. In particular, we hope to motivate, when feasible,

adoption of cryptographic mechanisms such as SSL/TLS, IPsec and

DNSSEC, providing security even against stronger Man-in-the-Middle


18:17 [Pub][ePrint] New Integer-FFT Multiplication Architectures and Implementations for Accelerating Fully Homomorphic Encryption, by Xiaolin Cao and Ciara Moore

  This paper proposes a new hardware architecture of Integer-FFT multiplier for super-size integer multiplications. Firstly, a basic hardware archi-tecture, with the feature of low hardware cost, of the Integer-FFT multiplication algorithm using the serial FFT architecture, is proposed. Next, a modified hardware architecture with a shorter multiplication latency than the basic archi-tecture is presented. Thirdly, both architectures are implemented, verified and compared on the Xilinx Virtex-7 FPGA platform using 256, 512, 1024, 2048 and 8192 point Integer-FFT algorithm respectively with multiplication operands ranging from bits to bits in size. Experimental results show that the hardware cost of the proposed architecture is no more than 1/10 of the prior FPGA solution, and is perfectly within the implementable range of the Xilinx Virtex-7 FPGA platform, and outperforms the software implementations of the same bit-length operand multiplication on the Core-2 Q6600 and Core-i7 870 platforms. Finally, the proposed implementations are employed to evaluate the super-size multiplication in an encryption primitive of fully homomorphic en-cryption (FHE) over the integers. The analysis shows that the speed improve-ment factor is up to 26.2 compared to the corresponding integer-based FHE software implementation on the Core-2 Duo E8400 platform.