International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-02-27
04:17 [Pub][ePrint]

In this paper we propose an efficient technique to compute algebraic degree of an S-box (minimum of algebraic degrees of its component functions). Using our technique we have calculated algebraic degree of a $26\\times 64$ S-box.

04:17 [Pub][ePrint]

Coherent light, as produced by lasers, gives rise to an intrinsic noise, known as quantum noise, optical noise or shot noise. AlphaEta is a protocol which exploits this physical phenomenon to obtain secure data encryption or key distribution over a fiber-optic channel

in the presence of an eavesdropper. In this paper we focus on the cryptographic aspects of AlphaEta and its variants. Moreover, we propose a new protocol for which we can provide a rigorous proof

that the eavesdropper obtains neglible information. In comparison to single-photon quantum cryptography, AlphaEta provide much higher throughputs combined with a well-known technology.

2014-02-25
16:17 [Pub][ePrint]

We calculate the probability of success of block-hiding mining strategies in bitcoin-like networks.

These strategies involve building a secret branch of the block-tree and publishing it opportunistically, aiming to replace the top of the main branch and rip the reward associated with the secretly mined blocks. We identify two types of block-hiding strategies and chart the parameter space where those are more beneficial than the standard mining strategy described in Nakamoto\'s paper.

Our analysis suggests a generalization of the notion of the relative hashing power as a measure for a miner\'s influence on the network. Block-hiding strategies are beneficial only when this measure of influence exceeds a certain threshold.

2014-02-24
04:17 [Pub][ePrint]

We propose a simple and efficient sorting algorithm for secure multi-party computation (MPC). The algorithm is designed to be efficient when the number of parties and the size of the underlying field are small. For a constant number of parties and a field with a constant size, the algorithm has $O(\\gm\\log\\gm)$ communication complexity, which is asymptotically the same as the best previous algorithm but achieves $O(1)$ round complexity, where $\\gm$ is the number of items. The algorithm is constructed with the help of a new technique called shuffle-and-reveal.\'\' This technique can be seen as an analogue of the frequently used technique of add random number and reveal.\'\' The feasibility of our algorithm is demonstrated by an implementation on an MPC scheme based on Shamir\'s secret-sharing scheme with three parties and corruption tolerance of $1$. Our implementation sorts 1 million 32-bit word secret-shared values in 197 seconds.

04:17 [Pub][ePrint]

In this paper, a new way to construct cryptographic hash function is given. The cryptographic hash function is generalized to uncertain function which has various specific function forms. When computing hash value, the specific form of the function is determined by the message, but the codebreaker cannot know the message, and hence cannot know the specific form of random function. This provides a new kind of one-wayness, the one-wayness of the specific function makes the breaking of hash is very difficult because in most cryptographic analysis of hash function, the function should be known and fixed. As fixed function is just a special case of uncertain function, when the function is uncertain, we obviously have more choices and can choose more secure function.

Keywords:I.Introduction

04:17 [Pub][ePrint]

This paper suggests a model and a definition for forward-secure authenticated key exchange (AKE) protocols, which can be satisfied without depending on the Diffie-Hellman assumption. Protocols conforming to our model can be highly efficient, since they do not require the resource-intensive modular exponentiations of the Diffie-Hellman protocol. The basic idea is to use key-evolving schemes (KES), where the long-term keys of the system get updated regularly and irreversibly. We also introduce a protocol, called FORSAKES, and prove rigorously that it is a forward-secure AKE protocol in our model. FORSAKES is a very efficient protocol, and can be implemented by merely using hash functions.

04:17 [Pub][ePrint]

A secret sharing scheme is non-perfect if some subsets of participants cannot recover the secret value but have some information about it. This work is dedicated to the search of efficient non-perfect secret sharing schemes. The efficiency is measured by means of the information ratio, the ratio between the maximum length of the shares and the length of the secret value.

In order to study perfect and non-perfect secret sharing schemes with all generality, we describe the structure of the schemes through their access function, a real function that measures the amount of information that every subset of participants knows about the secret value. We present new tools for the construction of secret sharing schemes. In particular, we construct a secret sharing scheme for every access function.

We extend the connections between polymatroids and perfect secret sharing schemes to the non-perfect ones to find new results on the information ratio. We find a new lower bound on the information ratio that is better than the ones previously known. In particular, this bound is tight for uniform access functions. The access function of a secret sharing scheme is uniform if all participants play the same role in a scheme (e.g. ramp secret sharing schemes). Moreover, we construct a secret sharing scheme with optimal information ratio for every rational uniform access function.

04:17 [Pub][ePrint]

04:17 [Pub][ePrint]

Wee (PKC\'12) proposed a generic public-key encryption scheme in the setting of related-key attacks. Bellare, Paterson and Thomson (Asiacrypt\'12) provided a framework enabling related-key attack (RKA) secure cryptographic primitives for a class of non-linear related-key derivation functions. However, in both of their constructions, the instantiations to achieve the full (strong) RKA security are given under the scenario regarding the private key composed of single element. In other words, each element of the private key shares the same modification. However, this is impractical in real world. In this paper, we concentrate on the security of public-key encryption schemes under linear related-key attacks in the setting of multi-element private keys (that is, the private key is composed of more than one element), where an adversary is allowed to tamper any part of this private key stored in a hardware device, and subsequently observe the outcome of a public-key encryption system under this targeted modified private key.We define the security model for RKA secure public-key encryption schemes as chosen-ciphertext and related-key attack (CC-RKA) security, which means that a public-key encryption scheme remains secure even when an adversary is allowed to issue the decryption oracle on linear shifts of any component of the private key. After that, we present a detailed public-key encryption schemes with the private key formed of several elements, of which the CC-RKA security is under the decisional BDH assumption in the standard model.

04:17 [Pub][ePrint]

Modular addition modulo a power of two, is one of the most applicable operators in symmetric cryptography; therefore, investigating cryptographic properties of this operator has a significant role in design and analysis of symmetric ciphers.

Algebraic properties of modular addition modulo a power of two have been studied for two operands by Braeken in fse\'05. Also, the authors of this paper, have studied this operator, in some special cases, before. In this paper, taking advantage of previous researches in this area, we generalize the algebraic properties of this operator for more than two summands. More precisely, we

determine the algebraic degree of the component Boolean functions of modular addition of arbitrary number of summands modulo a power of two, as a vectorial Boolean function, along with the number of terms and variables in these component functions. As a result, algebraic degrees of the component Boolean functions of Generalized Pseudo-Hadamard Transforms are driven.

04:17 [Pub][ePrint]

With relatively few exceptions, the literature on efficient (practical) secure computation has focused on secure two-party computation~(2PC). It is, in general, unclear whether the techniques used to construct practical 2PC protocols---in particular, the \\emph{cut-and-choose} approach---can be adapted to the multi-party setting.

In this work we explore the possibility of using cut-and-choose for practical secure \\emph{three-party} computation. The three-party case has been studied in prior work in the semi-honest setting, and is motivated by the observation that real-world deployments of multi-party computation are likely to involve few parties. We propose a constant-round protocol for three-party computation tolerating any number of malicious parties, whose computational cost is essentially only \\emph{twice} that of state-of-the-art two-party protocols.