International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-12-18
08:54 [Job][New]

3 PhD Fellowships in the area of hardware Security. A strong background in VLSI Design, Nano-electronics. VLSI Testing, Reliability, Security. Highly competitive, 4-year guaranteed fellowships are available.

2013-12-17
19:17 [Pub][ePrint]

We propose a tool for automatic search for differential trails in ARX ciphers. By introducing the concept of a partial difference distribution table (pDDT) we extend Matsui\'s algorithm, originally proposed for DES-like ciphers, to the class of ARX ciphers. To the best of our knowledge this is the first application of Matsui\'s algorithm to ciphers that do not have S-boxes. The tool is applied to the block ciphers TEA, XTEA, SPECK and RAIDEN. For RAIDEN we find an iterative characteristic on all 32 rounds that can be used to break the full cipher using standard differential cryptanalysis. This is the first cryptanalysis of the cipher in a non-related key setting. Differential trails on 9, 10 and 13 rounds are found for SPECK32, SPECK48 and SPECK64 respectively. The 13 round trail covers half of the total number of rounds. These are the first public results on the security analysis of SPECK. For TEA multiple full (i.e. not truncated) differential trails are reported for the first time, while for XTEA we confirm the previous best known trail reported by Hong et al. We also show closed formulas for computing the exact additive differential probabilities of the left and right shift operations. The source code of the tool is publicly available as part of a larger toolkit for the analysis of ARX at the following address: https://github.com/vesselinux/yaarx .

16:17 [Pub][ePrint]

Reducing the entropy of the mask is a technique which has been proposed to mitigate the high performance overhead of masked software implementations of symmetric block ciphers. Rotating S-box Masking (RSM) is an example of such schemes applied to AES with the purpose of maintaining the security at least against univariate first-order side-channel attacks. This article examines the vulnerability of a realization of such technique using the side-channel measurements publicly available through DPA contest V4. Our analyses which focus on exploiting the first-order leakage of the implementation discover a couple of potential attacks which can recover the secret key. Indeed the leakage we exploit is due to a design mistake as well as the characteristics of the implementation platform, none of which has been considered during the design of the countermeasure (implemented in naive C code).

16:17 [Pub][ePrint]

The famous Goldbach\'s conjecture and Polignac\'s conjecture are two of all unsolved problems in the field of number theory today. As well known, the Goldbach\'s conjecture and the Polignac\'s conjecture are equivalent. Most of the literatures does not introduce about internal equivalence in Polignac\'s conjecture. In this paper, we would like to discuss the internal equivalence to the Polignac\'s conjecture, say $T_{2k}(x)$ and $T(x)$ are equivalent. Since $T_{2k}\\sim T(x)\\sim 2c\\cdot \\frac{x}{(\\ln x)^{2}}$, we rewrite and re-express to $T(x)\\sim T_{4}(x)\\sim T_{8}(x)\\sim T_{16}(x)\\sim T_{32}(x)\\sim T_{2^{n}}(x)\\sim 2c\\cdot \\frac{x}{(\\ln x)^{2}}$. And then connected with the Goldbach\'s conjecture. Finally, we will point out the important prime number symmetry role of play in these two conjectures.

16:17 [Pub][ePrint]

At Eurocrypt 2011, Wee presented a generalization of threshold public key encryption, threshold signatures, and revocation schemes arising from threshold extractable hash proof systems. In particular, he gave instances of his generic revocation scheme from the DDH assumption (which led to the Naor-Pinkas revocation scheme), and from the factoring assumption (which led to a new revocation scheme). We expand on Wee\'s work in two directions:

(a) We propose threshold extractable hash proof instantiations from the \"Extended Decisional Diffie-Hellman\" (EDDH) assumption due to Hemenway and Ostrovsky (PKC 2012). This in particular yields EDDH-based variants of threshold public key encryption, threshold signatures, and revocation schemes. In detail, this yields a DCR-based revocation scheme.

(b) We show that our EDDH-based revocation scheme allows for a mild form of traitor tracing (and, thus, yields a new trace-and-revoke scheme). In particular, compared to Wee\'s factoring-based scheme, our DCR-based scheme has the advantage that it allows to trace traitors.

16:17 [Pub][ePrint]

How is it possible to prevent the sharing of cryptographic

functions? This question appears to be fundamentally hard to address

since in this setting the owner of the key {\\em is} the adversary:

she wishes to share a program or device that (potentially only

partly) implements her main cryptographic functionality. Given that

she possesses the cryptographic key, it is impossible for her to be

{\\em prevented} from writing code or building a device that uses

that key. She may though be {\\em deterred} from doing so.

We introduce {\\em leakage-deterring} public-key cryptographic

primitives to address this problem. Such primitives have the feature

of enabling the embedding of owner-specific private data into the

partially functional) implementation of the primitive, the recovery

of the data can be facilitated. We formalize the notion of

leakage-deterring in the context of encryption, signature, and

identification and we provide efficient generic constructions that

facilitate the recoverability of the hidden data while retaining

privacy as long as no sharing takes place.

16:17 [Pub][ePrint]

In this paper, we consider an RSA modulus $N=pq$, where the prime factors $p$, $q$ are of the same size. We present an attack on RSA when the decryption exponent $d$ is in the form $d=Md_1+d_0$ where $M$ is a given positive integer and $d_1$ and $d_0$ are two suitably small unknown integers. In 1999, Boneh and Durfee~\\cite{BODU} presented an attack on RSA when \$d

16:17 [Pub][ePrint]

RFID (Radio Frequency Identification) is one of the most growing technologies among the pervasive systems. Non line of sight capability makes RFID systems much faster than its other contending systems such as barcodes and magnetic taps etc. But there are some allied security apprehensions with RFID systems. RFID security has been acquired a lot of attention in last few years as evinced by the large number of publications (over 2000).

In this paper, a brief survey of eminent ultralightweight authentication protocols has been presented & then a four-layer security model, which comprises of various passive and active attacks, has been proposed. Cryptanalysis of these protocols has also been performed under the implications of the proposed security model

16:17 [Pub][ePrint]

Key agreement allows multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. In recent years, several identity-based authenticated key agreement protocols have been proposed. In this study, we analyze three identity-based tripartite authenticated key agreement protocols.

After the analysis, we found that these protocols do not possess the desirable security attributes.

16:17 [Pub][ePrint]

Profiling power attacks like Template attack and Stochastic attack optimize their performance by jointly evaluating the leakages of multiple sample points. However, such multivariate approaches are rare among non-profiling Differential Power Analysis (DPA) attacks, since integration of the leakage of a higher SNR sample point with the leakage of lower SNR sample point might result in a decrease in the overall performance. One of the few successful multivariate approaches is the application of Principal Component Analysis (PCA) for non-profiling DPA. However, PCA also performs sub-optimally in the presence of high noise. In this paper, a multivariate model for an FPGA platform is introduced for improving the performances of non-profiling DPA attacks. The introduction of the proposed model

greatly increases the success rate of DPA attacks in the presence of high noise. The experimental results on both simulated power traces and real power traces are also provided as an evidence.

16:17 [Pub][ePrint]

In this paper we show that it is possible and, indeed, feasible to use secure multiparty computation for calculating the probability of a collision between two satellites. For this purpose, we first describe basic floating-point arithmetic operators (addition and multiplication) for multiparty computations. The operators are implemented on the SHAREMIND secure multiparty computation engine. We discuss the implementation details, provide methods for evaluating example elementary functions (inverse, square root, exponentiation of e, error function). Using these primitives, we implement a satellite conjunction analysis algorithm and give benchmark results for the primitives as well as the conjunction analysis itself.