International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-10-15
09:17 [Pub][ePrint]

Physical Unclonable Functions (PUFs) are increasingly becoming

a well-known security primitive for secure key storage

and anti-counterfeiting. For both applications it is imperative

that PUFs provide enough entropy. The aim of this paper

is to propose a new model for binary-output PUFs such as

SRAM, DFF, Latch and Buskeeper PUFs, and a method to

accurately estimate their entropy. In our model the measurable

property of a PUF is its set of cell biases. We determine

an upper bound on the \'extractable entropy\', i.e. the number

of key bits that can be robustly extracted, by calculating the

mutual information between the bias measurements done at

enrollment and reconstruction.

In previously known methods only uniqueness was studied

using information-theoretic measures, while robustness was

typically expressed in terms of error probabilities or distances.

It is not always straightforward to use a combination of these

two metrics in order to make an informed decision about

the performance of different PUF types. Our new approach

has the advantage that it simultaneously captures both of

properties that are vital for key storage: uniqueness and

robustness. Therefore it will be possible to fairly compare

performance of PUF implementations using our new method.

Statistical validation of the new methodology shows that

it clearly captures both of these properties of PUFs. In other

words: if one of these aspects (either uniqueness or robustness)

is less than optimal, the extractable entropy decreases.

Analysis on a large database of PUF measurement data shows

very high entropy for SRAM PUFs, but rather poor results

for all other memory-based PUFs in this database.

09:17 [Pub][ePrint]

An asymmetric pairing over groups of composite order is a bilinear map $e: G_1 \\times G_2 \\to G_T$ for groups $G_1$ and $G_2$ of composite order $N=pq$. We observe that a recent construction of pairing-friendly elliptic curves in this setting by Boneh, Rubin, and Silverberg exhibits surprising and unprecedented structure: projecting an element of the order-$N^2$ group $G_1 \\oplus G_2$ onto the bilinear groups $G_1$ and $G_2$ requires knowledge of a trapdoor. This trapdoor, the square root of a certain number modulo $N$, seems strictly weaker than the trapdoors previously used in composite-order bilinear cryptography.

In this paper, we describe, characterize, and exploit this surprising structure. It is our thesis that the additional structure available in these curves will give rise to novel cryptographic constructions, and we initiate the study of such constructions. Both the subgroup hiding and SXDH assumptions appear to hold in the new setting; in addition, we introduce custom-tailored assumptions designed to capture the trapdoor nature of the projection maps into $G_1$ and $G_2$. Using the old and new assumptions, we describe an extended variant of the Boneh-Goh-Nissim cryptosystem that allows a user, at the time of encryption, to restrict the homomorphic operations that may be performed. We also present a variant of the Groth-Ostrovsky-Sahai NIZK, and new anonymous IBE, signature, and encryption schemes.

09:17 [Pub][ePrint]

The authentication encryption (AE) scheme based on the duplex construction can no be paralellized at the algorithmic level. To be competitive with some block cipher based modes like OCB (Offset CodeBook) or GCM (Galois Counter Mode), a scheme should allow parallel processing. In this note we show how parallel AE can be realized within the framework provided by the duplex construction. The first variant, pointed by the duplex designers, is a tree-like structure. Then we simplify the scheme replacing the final node by the bitwise xor operation and show that such a scheme has the same security level.

09:17 [Pub][ePrint]

In order to protect the proxy signers\' privacy, many anonymous proxy signature schemes which are also called proxy ring signatures, have been proposed. Although the provable security in the random oracle model has received a lot of criticism, there is no provable secure anonymous proxy signature scheme without random oracles. In this paper, we propose the ﬁrst provable secure anonymous proxy signature scheme without random oracles which is the combination of proxy signature and ring signa-ture. For the security analysis, we categorize the adversaries into three types accord-ing to different resources they can get and prove in the standard model that, our pro-posal is anonymous against full key exposure and existential unforgeable against all kinds of adversaries with the computational Difﬁe-Hellman and the subgroup hiding assumptions in bilinear groups.

04:47 [Event][New]

Submission: 20 January 2014
From June 2 to June 4
Location: Marrakech, Morocco

04:46 [Event][New]

Submission: 3 March 2014
From September 23 to September 26
Location: Busan, Korea

2013-10-14
16:30 [Job][New]

The Government Communications Headquarters (GCHQ) in Cheltenham has agreed in principle to sponsor two PhD/Doctoral Studentships at Bristol University in the area of Cryptography. See the link below for the two project descriptions.

The studentships are only open to UK nationals and the successful candidate will be required to spend in the region of 2 - 4 weeks per year at GCHQ headquarters in Cheltenham. To be considered for this studentship, candidates must therefore be prepared to undergo GCHQ\\\'s security clearance procedures.

The studentships will be funded for a period of 3.5 years. GCHQ will cover the costs of university fees (currently £ 3828 per annum) and will provide an annual stipend to the student corresponding to the National Minimum Stipend (currently £ 13,590 per annum) plus an additional stipend of £ 7,000 per annum. Making a total tax-free stipend of £ 20,590 per annum. A generous travel budget is also provided to enable attendance at international conferences and workshops.

2013-11-21
08:41 [News]

Nominations and endorsements for IACR Fellows are due on December 31. Instructions are available at http://www.iacr.org/fellows/#Nominations

2013-10-11
13:03 [Job][New]

We are looking for two Post-Docs in coding and lattice based cryptography. Contact us if you have (or will have soon) a PhD in Cryptography or a related subject, an excellent publication record and would like to work in a fun environment in Singapore.

More information on Coding and Crypto Research Group at Nanyang Technological University can be found at http://www1.spms.ntu.edu.sg/~ccrg/index.html

The applications will be considered immediately. The positions are for 1 year, but renewable up to 3 years.

2013-10-10
18:17 [Pub][ePrint]

We present a new technique to realize attribute-based encryption (ABE) schemes secure in the standard model against chosen-ciphertext attacks (CCA-secure). Our approach is to extend certain concrete chosen-plaintext secure (CPA-secure) ABE schemes to achieve more efficient constructions than the known generic constructions of CCA-secure ABE schemes. We restrict ourselves to the construction of attribute-based key encapsulation mechanisms (KEMs) and present two concrete CCA-secure schemes: a key-policy attribute-based KEM that is based on Goyal\'s key-policy ABE and a ciphertext-policy attribute-based KEM that is based on Waters\' ciphertext-policy ABE. To achieve our goals, we use an appropriate hash function and need to extend the public parameters and the ciphertexts of the underlying CPA-secure encryption schemes only by a single group element. Moreover, we use the same hardness assumptions as the underlying CPA-secure encryption schemes.

18:17 [Pub][ePrint]

In this note we describe some general-purpose, high-efficiency elliptic curves targeting at security levels beyond $2^{128}$. As a bonus, we also include legacy-level curves. The choice was made to facilitate state-of-the-art implementation techniques.