*01:17* [Pub][ePrint]
An efficient FHE proposal based on the hardness of solving systems of nonlinear multivariate equations (II), by GÃ©rald Gavin
We propose a general framework to develop fully homomorphic encryption schemes (FHE) without using Gentry\'s technique. Initially, a private-key cryptosystemis built over $\\mathbb{Z}_n$

($n$ being an RSA modulus). An encryption of $x\\in \\mathbb{Z}_n$

is a randomly chosen vector $e$ such that $\\Phi(e)=x$ where $\\Phi$ is a secret multivariate polynomial.

This private-key cryptosystem is not homomorphic in the sense that the vector sum is not a homomorphic operator. Non-linear homomorphic operators are then

developed. The security relies on the difficulty of solving systems of nonlinear equations (which is a $\\mathcal{NP}$-complete problem). While the security of our scheme has not been reduced to a provably hard instance of this problem,

its security is globally investigated.

*19:17* [Pub][ePrint]
On the Resilience and Uniqueness of CPA for Secure Broadcast, by Chris Litsas and Aris Pagourtzis and Giorgos Panagiotakos and Dimitris Sakavalas
We consider the Secure Broadcast problem in incomplete networks. We study the resilience of the Certified Propagation Algorithm (CPA),which is particularly suitable for ad hoc networks. We address the issue of determining the maximum number of corrupted players $t^{\\mathrm{CPA}}_{\\max}$ that CPA can tolerate under the $t$-locally bounded adversary model, in which the adversary may corrupt at most

$t$ players in each player\'s neighborhood. For any graph $G$ and dealer-node $D$ we provide upper and lower bounds on $t^{\\mathrm{CPA}}_{\\max}$ that can be efficiently computed in terms of a graph theoretic parameter that we introduce in this work. Along the way we obtain an efficient 2-approximation algorithm for $t^{\\mathrm{CPA}}_{\\max}$. We further introduce two more graph parameters, one of which matches $t^{\\mathrm{CPA}}_{\\max}$exactly. Our approach allows to provide an affirmative answer to the open problem of CPA Uniqueness posed by Pelc and Peleg in 2005.

*12:18* [Job][New]
Tenure-track Assistant/Associate Professor, *University of Connecticut, USA*
The Computer Science and Engineering (CSE) Department at the University of Connecticut invites applications for a tenure-track faculty position at the assistant or associate professor level, with an expected start date of August 23, 2014. The research specialties of interest are:

- Machine Learning,

- Privacy, Cryptography or Computer Security, or

- Techniques for the analysis of Big Data with applications in diverse areas including biomedical informatics.

The successful candidate will:

- Develop and sustain an internationally-recognized, externally-funded research program in one of these areas of interest;

- Teach undergraduate and graduate courses that meet the curricular needs of our CSE department;

- Advise and mentor undergraduate and graduate students;

- Provide service and leadership to all units of the University of Connecticut, to external academic and scientific communities, and to the general public.

Minimum Qualifications:

- Completed all requirements for a Ph.D. in computing or a related discipline by the time of the appointmentâ€”equivalent foreign degrees are acceptable;

- Research credentials in Computer Science, with a specialty in one of the topics prescribed above.

Preferred Qualifications:

- A record of consistent, outstanding research contributions in one of the topics prescribed above;

- Significant relevant teaching experience.

This is a 9-month, tenure-track position with an expected start date of August 23, 2014. The successful candidate`s primary academic

appointment will be at the Storrs campus with the option to work at UConn`s regional campuses across the state. Salary and rank will be

commensurate with qualifications.

To apply, applications must be submitted using Acade

*07:17* [Pub][ePrint]
SSS-V2: Secure Similarity Search, by Hyun-A Park
Encrypting information has been regarded as one of the most substantial approaches to protect users\' sensitive information in radically changing internet technology era. In prior research, researchers have considered similarity search over encrypted documents infeasible, because the single-bit difference of a plaintext would result in an enormous bits difference in the corresponding ciphertext. However, we propose a novel idea of Security Similarity Search (SSS) over encrypted documents by applying character-wise encryption with approximate string matching to keyword index search systems. In order to do this, we define the security requirements of similarity search over encrypted data, propose two similarity search schemes, and formally prove the security of the schemes. The first scheme is more efficient, while the second scheme achieves perfect similarity search privacy. Surprisingly, the second scheme turns out to be faster than other keyword index search schemes with keywordwise encryption, while enjoying the same level of security. The schemes of SSS support \"like query(\'ab%\')\" and a query with misprints in thatthe character-wise encryption preserves the degree of similarity between two plaintexts, and renders approximate string matching between the corresponding ciphertexts possible without decryption.

*07:17* [Pub][ePrint]
A Key Compromise Impersonation attack against Wang\'s Provably Secure Identity-based Key Agreement Protocol, by Maurizio Adriano Strangio
In a 2005 IACR report, Wang published an efficient identity-based key agreement protocol (IDAK) suitable for resource constraint devices. The author shows that the IDAK key agreement protocol is secure in the Bellare-Rogaway model with random oracles and also provides an ad-hoc security proof claiming that the IDAK protocol is not vulnerable to Key Compromise Impersonation attacks.

In this report, we claim that the IDAK protocol is vulnerable to key-compromise impersonation attacks. Indeed, Wang\'s results are valid only for a passive adversary that can corrupt parties or reveal certain session-specific data but is not allowed to manipulate protocol transcripts; a model considering this type of adversary is unable to afford KCI resilience.

*07:17* [Pub][ePrint]
Weakness of F_{3^{6*1429}} and F_{2^{4*3041}} for Discrete Logarithm Cryptography, by Gora Adj and Alfred Menezes and Thomaz Oliveira and Francisco Rodriguez-Henriquez
In 2013, Joux and then Barbulsecu et al. presented new algorithms for computing discrete logarithms in finite fields of small characteristic. Shortly thereafter, Adj et al. presented a concrete analysis showing that, when combined with some steps from classical algorithms, the new algorithms render the finite field F_{3^{6*509}} weak for pairing-based cryptography. Granger and Zumbragel then presented a modification of the new algorithms that extends their effectiveness to a wider range of fields.In this paper, we study the effectiveness of the new algorithms combined with a carefully crafted descent strategy for the fields F_{3^{6*1429}} and F_{2^{4*3041}}. The intractability of the discrete logarithm problem in these fields is necessary for the security of pairings derived from supersingular curves with embedding degree 6 and 4 defined, respectively, over F_{3^{1429}} and F_{2^{3041}}; these curves were believed to enjoy a security level of 192 bits against attacks by Coppersmith\'s algorithm. Our analysis shows that these pairings offer security levels of at most 91 and 129 bits, respectively, leading us to conclude that they are dead for pairing-based cryptography.

*07:17* [Pub][ePrint]
Multi-Input Functional Encryption, by Shafi Goldwasser and Vipul Goyal and Abhishek Jain and Amit Sahai
We introduce the problem of Multi-Input Functional Encryption, where a secret key SK_f can correspond to an n-ary function f that takes multiple ciphertexts as input. Multi-input functional encryption is a general tool for computing on encrypting data which allows for mining aggregate information from several different data sources (rather than just a single source as in single input functional encryption). We show wide applications of this primitive to running SQL queries over encrypted database, non-interactive differentially private data release, delegation of computation, etc.We formulate both indistinguishability-based and simulation-based definitions of security for this notion, and show close connections with indistinguishability and virtual black-box definitions of obfuscation. Assuming indistinguishability obfuscation for circuits, we present constructions achieving indistinguishability security for a large class of settings. We show how to modify this construction to achieve simulation-based security as well, in those settings where simulation security is possible. Assuming differing-inputs obfuscation [Barak et al., FOCS\'01], we also provide a construction with similar security guarantees as above, but where the keys and ciphertexts are compact.