International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-01-15
07:05 [PhD][Update] Serge Vaudenay: The Security of Cryptographic Primitives

  Name: Serge Vaudenay
Topic: The Security of Cryptographic Primitives
Category:secret-key cryptography

Description: In the early fifties, Claude Shannon initiated the theory of cryptographic primitives. He defined the notion of diffusion and confusion. However, this theory did not developed very much until nowadays. Recently, the differential cryptanalysis and the linear cryptanalysis gave a significant advance in the analysis of the primitives. Security criteria for confusion, essentially nonlinearity criteria, has been proposed. In this thesis, we show how to define a notion of complexity on the graph structure of the primitives and how to study it. This gives security criteria of the computational network. We propose new criteria for diffusion. Finally, we unify the two types of cryptanalysis, getting rid of their linear aspects by a statistical approach.[...]


04:17 [Pub][ePrint] Homomorphic AES Evaluation using NTRU, by Yarkin Doroz and Yin Hu and Berk Sunar

  Since its introduction more than a decade ago the homomorphic properties of the NTRU encryption scheme have gone largely ignored. A variant of NTRU proposed by Stehle and Steinfeld was recently extended into a full fledged multi-key fully homomorphic encryption scheme by Alt-Lopez, Tromer and Vaikuntanathan (ATV). This NTRU based FHE presents a viable alternative to the currently dominant BGV style FHE schemes. While the scheme appears to be more efficient, a full implementation and comparison to BGV style implementations has been missing in the literature. In this work, we develop a customized implementation of the ATV scheme. First parameters are selected to yield an efficient and yet secure ATV instantiation. We present an analysis of the noise growth that allows us to formulate a modulus cutting strategy for arbitrary circuits. Furthermore, we introduce a specialization of the ring structure that allows us to drastically reduce the public key size making evaluation of deep circuits such as the AES block cipher viable on a standard computer with a reasonable amount of memory. Moreover, with the modulus specialization the need for key switching is eliminated. Finally, we present a generic bit-sliced implementation of the ATV scheme that embodies a number of optimizations. To assess the performance of the scheme we homomorphically evaluate the full 10 round AES circuit in 31 hours with 2048 message slots resulting in 55 sec per AES block evaluation time.





2014-01-14
16:17 [Pub][ePrint] Extending and Applying a Framework for the Cryptographic Verification of Java Programs., by Ralf Küsters and Enrico Scapin and Tomasz Truderung and Jürgen Graf

  In our previous work, we have proposed a framework which allows tools

that can check standard noninterference properties but a priori

cannot deal with cryptography to establish cryptographic

indistinguishability properties, such as privacy properties, for

Java programs. We refer to this framework as the CVJ framework

(Cryptographic Verification of Java Programs) in this paper.

While so far the CVJ framework directly supports public-key

encryption (without corruption and without a public-key

infrastructure) only, in this work we further instantiate the

framework to support, among others, public-key encryption and

digital signatures, both with corruption and a public-key

infrastructure, as well as (private) symmetric encryption. Since

these cryptographic primitives are very common in security-critical

applications, our extensions make the framework much more widely

applicable.

To illustrate the usefulness and applicability of the extensions

proposed in this paper, we apply the framework along with the tool

Joana, which allows for the fully automatic verification of

noninterference properties of Java programs, to establish

cryptographic privacy properties of a (non-trivial) cloud storage

application, where clients can store private information on a remote

server.



13:17 [Pub][ePrint] Extending and Applying a Framework for the Cryptographic Verification of Java Programs., by Ralf K\\\"usters and Enrico Scapin and Tomasz Truderung and J\\\"urgen Graf

  In our previous work, we have proposed a framework which allows tools

that can check standard noninterference properties but a priori

cannot deal with cryptography to establish cryptographic

indistinguishability properties, such as privacy properties, for

Java programs. We refer to this framework as the CVJ framework

(Cryptographic Verification of Java Programs) in this paper.

While so far the CVJ framework directly supports public-key

encryption (without corruption and without a public-key

infrastructure) only, in this work we further instantiate the

framework to support, among others, public-key encryption and

digital signatures, both with corruption and a public-key

infrastructure, as well as (private) symmetric encryption. Since

these cryptographic primitives are very common in security-critical

applications, our extensions make the framework much more widely

applicable.

To illustrate the usefulness and applicability of the extensions

proposed in this paper, we apply the framework along with the tool

Joana, which allows for the fully automatic verification of

noninterference properties of Java programs, to establish

cryptographic privacy properties of a (non-trivial) cloud storage

application, where clients can store private information on a remote

server.



01:17 [Pub][ePrint]

 



2014-01-13
22:17 [Pub][ePrint] A Secure Text Messaging Protocol, by Gary Belvin

  Mobile text messages are currently vulnerable to inspection, modification, and replay by network operators and those that influence network operators. This paper describes a set of protocols that provide end-to-end message confidentiality, integrity, and authenticity over the high latency, low bandwidth, Short Message Service provided by GSM networks.





2014-01-12
16:17 [Pub][ePrint] Channel Equalization for Side Channel Attacks, by Colin O\'Flynn and Zhizhang (David) Chen

  This paper introduces the use of channel equalization as a method of simplifying side channel analysis attacks, by eeffectively collapsing all points in a power measurement trace into a single random variable. This uses a simple Finite Impulse Response (FIR) linear equalizer, which has been studied extensively in communications systems. In addition the estimation of a channel model is used in developing the Channel Estimation Analysis (CEA), which is a generic attack requiring similar assumptions to the Correlation Power Analysis (CPA) attack. Both channel equalization and the CEA attack are straight-forward to apply to real systems, and Python examples are provided. Results of attacking unprotected AES-128 and protected AES-256RSM on a microcontroller are provided.



16:17 [Pub][ePrint] General Impossibility of Group Homomorphic Encryption in the Quantum World, by Frederik Armknecht and Tommaso Gagliardoni and Stefan Katzenbeisser and Andreas Peter

  Group homomorphic encryption represents one of the most important building blocks in modern cryptography. It forms the basis of widely-used, more sophisticated primitives, such as CCA2-secure encryption or secure multiparty computation. Unfortunately, recent advances in quantum computation show that many of the existing schemes completely break down once quantum computers reach maturity (mainly due to Shor\'s algorithm). This leads to the challenge of constructing quantum-resistant group homomorphic cryptosystems.

In this work, we prove the general impossibility of (abelian) group homomorphic encryption in the presence of quantum adversaries, when assuming the IND-CPA security notion as the minimal security requirement. To this end, we prove a new result on the probability of sampling generating sets of finite (sub-)groups if sampling is done with respect to an arbitrary, unknown distribution. Finally, we provide a sufficient condition on homomorphic encryption schemes for our quantum attack to work and discuss its satisfiability in non-group homomorphic cases. The impact of our results on recent fully homomorphic encryption schemes poses itself as an open question.



16:17 [Pub][ePrint] Lyra: Password-Based Key Derivation with Tunable Memory and Processing Costs, by Leonardo C. Almeida and Ewerton R. Andrade and Paulo S. L. M. Barreto and Marcos A. Simplicio Jr.

  We present Lyra, a password-based key derivation scheme based on cryptographic sponges. Lyra was designed to be strictly sequential (i.e., not easily parallelizable), providing strong security even against attackers that use multiple processing cores (e.g., custom hardware or a powerful GPU). At the same time, it is very simple to implement in software and allows legitimate users to fine-tune its memory and processing costs according to the desired level of security against brute force password guessing. We compare Lyra with similar-purpose state-of-the-art solutions, showing how our proposal provides a higher security level and overcomes limitations of existing schemes. Specfically, we show that if we fix Lyra\'s total processing time t in a legitimate platform, the cost of a memory-free attack against the algorithm is exponential, while the best known result in the literature (namely, against the scrypt algorithm) is quadratic. In addition, for an identical same processing time, Lyra allows for a higher memory usage than its counterparts, further increasing the cost of brute force attacks.



16:17 [Pub][ePrint] On the Design of LIL Tests for (Pseudo) Random Generators and Some Experimental Results, by Yongge Wang

  Random numbers have been one of the most useful

objects in statistics, computer science, cryptography, modeling,

simulation, and other applications though it is very dicult to

construct true randomness. Many solutions (e.g., cryptographic

pseudorandom generators) have been proposed to harness or

simulate randomness and many statistical testing techniques have

been proposed to determine whether a pseudorandom generator

produces high quality randomness. NIST SP800-22 (2010) proposes

the state of art testing suite for (pseudo) random generators

to detect deviations of a binary sequence from randomness. On

the one hand, as a counter example to NIST SP800-22 test suite,

it is easy to construct functions that are considered as GOOD

pseudorandom generators by NIST SP800-22 test suite though

the output of these functions are easily distinguishable from the

uniform distribution. Thus these functions are not pseudorandom

generators by definition. On the other hand, NIST SP800-22

does not cover some of the important laws for randomness. Two

fundamental limit theorems about random binary strings are

the central limit theorem and the law of the iterated logarithm

(LIL). Several frequency related tests in NIST SP800-22 cover

the central limit theorem while no NIST SP800-22 test covers

LIL.

This paper proposes techniques to address the above challenges

that NIST SP800-22 testing suite faces. Firstly, we propose

statistical distance based testing techniques for (pseudo) random

generators to reduce the above mentioned Type II errors in NIST

SP800-22 test suite. Secondly, we propose LIL based statistical

testing techniques, calculate the probabilities, and carry out

experimental tests on widely used pseudorandom generators

by generating around 30TB of pseudorandom sequences. The

experimental results show that for a sample size of 1000 sequences

(2TB), the statistical distance between the generated sequences

and the uniform distribution is around 0.07 (with 0 for statistically

indistinguishable and 1 for completely distinguishable)

and the root-mean-square deviation is around 0.005. Though the

statistical distance 0.07 and RMSD 0.005 are acceptable for some

applications, for a cryptographic \"random oracle\", the preferred

statistical distance should be smaller than 0.03 and RMSD be

smaller than 0.001 at the sample size 1000. These results justify

the importance of LIL testing techniques designed in this paper.

The experimental results in this paper are reproducible and the

raw experimental data are available at author\'s website.



16:17 [Pub][ePrint] Scale-Invariant Fully Homomorphic Encryption over the Integers, by Jean-Sébastien Coron and Tancrède Lepoint and Mehdi Tibouchi

  At Crypto 2012, Brakerski constructed a scale-invariant fully homomorphic encryption scheme based on the LWE problem, in which the same modulus is used throughout the evaluation process, instead of a ladder of moduli when doing \"modulus switching\". In this paper we describe a variant of the van Dijk et al. FHE scheme over the integers with the same scale-invariant property. Our scheme has a single secret modulus whose size is linear in the multiplicative depth of the circuit to be homomorphically evaluated, instead of exponential; we therefore construct a leveled fully homomorphic encryption scheme. This scheme can be transformed into a pure fully homomorphic encryption scheme using bootstrapping, and its security is still based on the Approximate-GCD problem.

We also describe an implementation of the homomorphic evaluation of the full AES encryption circuit, and obtain significantly improved performance compared to previous implementations: about 23 seconds (resp. 3 minutes) per AES block at the 72-bit (resp. 80-bit) security level on a mid-range workstation.

Finally, we prove the equivalence between the (error-free) decisional Approximate-GCD problem introduced by Cheon et al. (Eurocrypt 2013) and the classical computational Approximate-GCD problem. This equivalence allows to get rid of the additional noise in all the integer-based FHE schemes described so far, and therefore to simplify their security proof.