International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-03-06
22:17 [Pub][ePrint]

We initiate the study of the following problem:

Suppose Alice and Bob would like to outsource their encrypted private data sets to the cloud, and they also want to conduct the set intersection operation on their plaintext data sets. The straightforward solution for them is to download their outsourced ciphertexts, decrypt the ciphertexts locally, and then execute a commodity two-party set intersection protocol. Unfortunately, this solution is not practical.

We therefore motivate and introduce the novel notion of {\\em Verifiable Delegated Set Intersection on outsourced encrypted data} (VDSI).

The basic idea is to delegate the set intersection operation to the cloud, while (i) not giving the decryption capability to the cloud,

and (ii) being able to hold the misbehaving cloud accountable.

We formalize security properties of VDSI and present a construction.

In our solution, the computational and communication costs on the users are linear to the size of the intersection set,

meaning that the efficiency is optimal up to a constant factor.

22:17 [Pub][ePrint]

We study a method for key predistribution in a network of $n$ users where pairwise keys are computed by hashing users\' IDs along with secret information that has been (pre)distributed to the network users by a trusted entity. A communication graph $G$ can be specified to indicate which pairs of users should be able to compute keys. We determine necessary and sufficient conditions for schemes of this type to be secure. We also consider the problem of minimizing the storage requirements of such a scheme; we are interested in the total storage as well as the maximum storage required by any user. Minimizing the total storage is NP-hard, whereas minimizing the maximum storage required by a user can be computed in polynomial time.

2014-03-05
16:17 [Pub][ePrint]

In this paper, analysis of a simply modified RC4 algorithm is presented. RC4 is the most widely used stream cipher and it is not considered as a cipher that is strong in security. Many alternatives have been proposed to improve RC4 key generation and pseudo random number generation but the thoughts behind this work is to try out a simple modification of RC4\'s PRGA, where we can mention like this:

Output = M XOR GeneratedKey XOR j

After having done the modification the modified algorithm is tested for its secrecy and performance and analyzed over the variable key length with respect to those of the original RC4. The results show that the modified algorithm is better than the original RC4 in the aspects of secrecy and performance.

16:17 [Pub][ePrint]

In open literature there is a lack of focus on Shannon\'s secrecy of ciphers as a security measurement of symmetric key encryption, hence in this research, Shannon\'s theories on secrecy of ciphers were used to calculate the average secrecy of each symmetric cipher used in this research. All secrecy and performance analysis were done using a newly created tool. Analysis is done based on the secrecy level and performance of the algorithm. This paper presents an analysis of some of the widely used symmetric key algorithms which fall under the categories of block and stream ciphers together with the two combined algorithms. [DES, TripleDES, AES, RC2, RC4, Hybrid1(TripleDES+RC4) and Hybrid2 (AES+RC4) are used]. Analysis is pivoted around on two measurement criteria under two circumstances which are described later in this paper. All the algorithms are implemented in Core Java

using classes available in JAVA package javax.crypto. Separate classes are written to calculate the secrecy of ciphers and the encryption time. And also the tool is created using Core Java with the help of Netbeans IDE. As far as the outcome of the research is concerned, the performances of all stream ciphers are higher than that of block ciphers and the combined algorithms have similar performance level to block ciphers. Secrecy levels of block ciphers are comparatively higher than that of stream ciphers as the history says, it is further proved by Shannon\'s theories in this research. The combined algorithms have more stable secrecy levels.

16:17 [Pub][ePrint]

In this work, we explore the connection between witness indistinguishability (WI) and indistinguishability obfuscation (iO). We construct a one-round witness indistinguishable protocol for all of NP based on the the existence of indistinguishability obfuscator (the first candidate construction of indistinguishability obfuscator was recently put forward by Garg et.al. in 2013). Based on our one-round WI, we also

construct a two-round oblivious transfer (OT) protocol and by a slight modification of our OT protocol, we get a noninteractive bit commitment scheme.

16:05 [Job][New]

Job Opening ID: 93077

Please see the job posting at UMJOBS.ORG for the full description, salary range, and requirements.

ALL APPLICANTS MUST APPLY DIRECTLY TO THE UNIVERSITY OF MICHIGAN AT UMJOBS.ORG. APPLICATIONS SUBMITTED ELSEWHERE WILL NOT BE CONSIDERED.

Job Summary

UMTRI is currently establishing a world-class transportation cyber-security team. For this team we seek motivated, energetic, independently working team players. The incumbent for this position will assist in the design, and development of Cybersecurity project plans, and tests. Hands-on security system penetration strategies will be tested along with security strategies for projects housed at the University of Michigan Transportation Research Institute (UMTRI)l, including work for industrial partners, government sponsors and the Safety Pilot Model Deployment (http://safetypilot.umtri.umich.edu/) project. The successful candidate for this position will be required to interact with sponsors and other engineering and technical staff, prepare components of related research proposals, and other plans related to large cyber security projects. You will also prepare documentation and participate in the development of publications and technical reports.

Please visit the posting on UMJOBS.ORG for more information regarding require and desired qualifications, underfill requirements and the mandatory background screening.

U-M EEO/AA Statement

The University of Michigan is an equal opportunity/affirmative action employer.

15:36 [Event][New]

Submission: 6 April 2014
From September 22 to September 24
Location: Lublin, Poland

15:20 [Job][New]

Job Opening ID: 93081

Please see the job posting at UMJOBS.ORG for the full description, salary range, and requirements.

ALL APPLICANTS MUST APPLY DIRECTLY TO THE UNIVERSITY OF MICHIGAN AT UMJOBS.ORG. APPLICATIONS SUBMITTED ELSEWHERE WILL NOT BE CONSIDERED.

Job Summary

UMTRI is currently establishing a world-class transportation cyber-security team. For this team we seek motivated, energetic, independently working team players. The successful candidate for this position will lead and manage the design, planning, coordination, staffing, development and testing of large cyber-security projects at the University of Michigan Transportation Research Institute (UMTRI), including work for industrial partners, government sponsors and Safety Pilot Model Deployment (http://safetypilot.umtri.umich.edu/). The successful incumbent will be required to interact with sponsors, industry partners, principal investigators, other engineering and technical staff, and project stakeholders in defining project scope, preparation of components of related research proposals, and other plans related to cyber security projects. The incumbent will be expected to prepare documentation and participate in the development of publications and technical reports, and present results.

Duties will also include supervision and management of programming and engineering staff on project planning, development, integration and execution. At the senior level, experience in the area of project design and deployment is included, but leadership will not include supervision of 3+ programmers and/or engineers.

Please visit the posting on UMJOBS.ORG for more information regarding required and desired qualifications, underfill requirements, and the mandatory background screening.

U-M EEO/AA Statement

The University of Michigan is an equal opportunity/affirmative action employer.

09:00 [Job][Update]

The Vernam Group for Security and Privacy at WPI in Worcester, MA has open PhD positions in applied cryptology. In particular there are two openings in side channel analysis and leakage resilient implementation.

Candidates should have a Master’s degree in electronics, computer science or applied mathematics, with strong interest in algorithms and signal processing. Prior experience in side channel analysis and embedded software or hardware design is an asset.

We offer a competitive salary and an international cutting-edge research program in an attractive working environment. WPI is one of the highest-ranked technical colleges in the US. Located in the greater Boston area, it maintains close interaction with many of the nearby universities and companies.

05:47 [Job][New]

The Institute of Technology at the University of Washington Tacoma has been undergoing unprecedented growth due to the high demand for its programs. We are seeking a highly motivated, full-time lecturer for its Computer Engineering and Systems program. This position requires a Master’s degree or higher or foreign equivalent in Computer Engineering or a closely related field. Commitment to high-quality teaching and excellent communication skills are also required. This is a 9-month renewable position with appointment terms of 1-5 years and begins on September 16, 2014. Candidates with experience in the industry, especially with embedded systems design are encouraged to apply. The successful candidate will have demonstrated capabilities teaching embedded and real-time systems, digital system design, or VLSI design. We seek individuals who have a balance of hardware and software teaching experience (MATLAB, Verilog, VHDL, C/C++). Currently the emphasis of the program is on embedded systems; however we anticipate developing additional tracks in the near future to accommodate the breadth of demand for our graduates.Applicants should include (1) a cover letter describing academic qualifications and professional experiences and how they specifically relate to the Computer Engineering and Systems curriculum, and previous activities mentoring minorities and/or advancing minorities, women, or members of other under-represented groups, (2) a description of teaching philosophy (including a list of courses the candidate is qualified to teach, refer to http://www.washington.edu/students/crscatt/tces.html#tces103), (3) evidence of teaching effectiveness (4) a curriculum vitae, and (5) contact information for three references.

2014-03-04
22:17 [Pub][ePrint]

RC4 is the most widely used stream cipher around. A lot of modifications of RC4 cipher can be seen in open literature. Most of them enhance the secrecy of the cipher and the security levels have been analyzed theoretically by using mathematics. In this paper, a new effective RC4 cipher is proposed and the security analysis has been done using Shannon\'s Secrecy theories where numerical values are obtained to depict the secrecy. The proposed cipher is a combination of Improved RC4 cipher proposed by Jian Xie et al and modified RC4 cipher proposed by T.D.B Weerasinghe, which were published prior to this work. Combination is done in such a way that the concept used in the modified RC4 algorithm is used in the Improved RC4 cipher by Jian Xie et al. Importantly, an immense improvement of performance and secrecy are obtained by this combination. Hence this particular modification of RC4 cipher can be used in software applications where there is a need to improve the throughput as well as secrecy.