International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

15:17 [Pub][ePrint] Breaking POET Authentication with a Single Query, by Jian Guo and Jérémy Jean and Thomas Peyrin and Wang Lei

  In this short article, we describe a very practical and simple attack on the authentication part of POET authenticated encryption mode proposed at FSE 2014. POET is a provably secure scheme that was designed to resist various attacks where the adversary is allowed to repeat the nonce, or even when the message is output before verifying the validity of the tag when querying the decryption oracle. However, we demonstrate that using only a single encryption query and a negligible amount of computations, even without any special misuse from the attacker, it is possible to generate many valid ciphertext/tag pairs for POET. Our work shows that one should not use POET for any application where authentication property is required. Furthermore, we propose a possible patch to overcome this particular issue, yet without backing up this patch with a security proof.

21:17 [Pub][ePrint] Cryptanalysis and Security Enhancement of Two Advanced Authentication Protocols, by Sai Raghu Talluri and Swapnoneel Roy

  In this work we consider two protocols for performing cryptanalysis and security enhancement. The first one by Jiang et al., is a password-based authentication scheme which does not use smart cards. We note that this scheme is an improvement over Chen et al.\'s scheme shown vulnerable to the off-line dictionary attack by Jiang et al. We perform a cryptanalysis on Jiang at al.\'s improved protocol and observe that it is prone to the clogging attack, a kind of denial of service (DoS) attack. We then suggest an improvement on the protocol to prevent the clogging attack.

The other protocol we consider for analysis is by Wang et al. This is a smart card based authentication protocol. We again perform the clogging (DoS) attack on this protocol via replay. We observe that all smart card based authentication protocols which precede the one by Wang et al., and require the server to compute the computationally

intensive modular exponentiation are prone to the clogging attack. We suggest (another) improvement on the protocol to prevent the clogging attack, which also applies to the protocol by Jiang et. al.

21:17 [Pub][ePrint] Low Overhead Broadcast Encryption from Multilinear Maps, by Dan Boneh and Brent Waters and Mark Zhandry

  We use multilinear maps to provide a solution to the long-standing problem of public-key broadcast encryption where all parameters in the system are small. In our constructions, ciphertext overhead, private key size, and public key size are all poly-logarithmic in the total number of users. The systems are fully secure against any number of colluders. All our systems are based on an O(logN)-way multilinear map to support a broadcast system for N users. We present three constructions based on different types of multilinear maps and providing different security guarantees. Our systems naturally give identity-based broadcast systems with short parameters.

18:14 [Event][New] ESORICS 2014: 19th European Symposium on Research in Computer Security

  Submission: 2 April 2014
Notification: 10 June 2014
From September 7 to September 11
Location: Wroclaw, Poland
More Information:

15:17 [Pub][ePrint] JHAE: An Authenticated Encryption Mode Based on JH, by Javad Alizadeh, Mohammad Reza Aref and Nasour Bagheri

  In this paper we present JHAE, an authenticated encryption (AE) mode based on the JH hash mode. JHAE is a dedicated AE mode based on permutation. We prove that this mode, based on ideal permutation, is provably secure.

10:43 [Job][New] Ph.D. students, TELECOM-ParisTech

  TELECOM-ParisTech crypto group seeks 4 PhD students

TELECOM-ParisTech crypto group develops prototype solutions to fight against cyber and physical penetration of embedded devices.

Our contributions in this field of research are:

  • Security building blocks:

    • with security / cost tradeoffs (quantifiable), e.g. \\\"Low Entropy Masking Schemes\\\" (LEMS), where security and cost are tunable by the amount of injected randomness,

    • resistance against invasive attacks (e.g., circuit editing, backside probing),

    • processor aware of malware usual attack strategies

  • Security policies:

    How to implement a responsive \\\"security driver\\\" that collects all the alarms and take adequate actions?

    Such piece of software is critical: it must be functionally validated and tamper resistant

  • Formal proofs:

    • Both security-oriented hardware and software codes must be proven, as compliant with their specification and implementing indeed the properties they are assumed to have

    • Mathematical analysis of proposed countermeasures (e.g. LEMS)

We seek four PhD candidates on those subjects:

  1. \\\"Calculer dans les codes comme contremesure aux attaques physiques\\\",

  2. \\\"Native Protection of Processors against Cyber-Attacks\\\",

  3. \\\"Insertion automatique de contre-mesures dans des circuits de sécurité\\\",

  4. \\\"Attaques FIRE : Rétroconception de cryptographie secrète\\\",

Working language is French or English.

Positions are open until Aug 2014.

To ap

10:33 [Event][New] BalkanCryptSec: International Conference on Cryptography and Information Security

  Submission: 1 August 2014
Notification: 15 September 2014
From October 16 to October 17
Location: Istanbul, Turkey
More Information:

21:17 [Pub][ePrint] A Second Look at Fischlin\'s Transformation, by Özgür Dagdelen and Daniele Venturi

  Fischlin\'s transformation is an alternative to the standard Fiat-Shamir transform to turn a certain class of public key identification schemes into digital signatures (in the random oracle model).

We show that signatures obtained via Fischlin\'s transformation are existentially unforgeable even in case the adversary is allowed to get arbitrary (yet bounded) information on the entire state of the signer (including the signing key and the random coins used to generate signatures). A similar fact was already known for the Fiat-Shamir transform, however, Fischlin\'s transformation allows for a significantly higher leakage parameter than Fiat-Shamir.

Moreover, in contrast to signatures obtained via Fiat-Shamir, signatures obtained via Fischlin enjoy a tight reduction to the underlying hard problem. We use this observation to show (via simulations) that Fischlin\'s transformation, usually considered less efficient, outperforms the Fiat-Shamir transform in verification time for a reasonable choice of parameters. In terms of signing Fiat-Shamir is faster for equal signature sizes. Nonetheless, our experiments show that the signing time of Fischlin\'s transformation becomes, e.g., 22% of the one via Fiat-Shamir if one allows the signature size to be doubled.

21:17 [Pub][ePrint] Practical Receipt-Free Sealed-Bid Auction in the Coercive Environment, by Jaydeep Howlader, Sanjit Kumar Roy, Ashis Kumar Mal

  Sealed-Bid auction is an efficient and rational method to

establish the price in open market. However sealed-bid auctions are sub-

ject to bid-rigging attack. Receipt-free mechanisms were proposed to

prevent bid-rigging. The prior receipt-free mechanisms are based on two

assumptions; firstly, existence of untappable channel between bidders

and auction authorities. Secondly, mechanisms assume the authorities

to be honest (not colluding). Moreover the bandwidth required to com-

municate the receipt-free bids is huge. This paper presents a sealed-bid

auction mechanism to resist bid-rigging. The proposed method does not

assume untappable channel nor consider the authorities to be necessarily

honest. The proposed mechanism also manages the bandwidth efficiently,

and improves the performance of the system.

21:17 [Pub][ePrint] The Temperature Side Channel and Heating Fault Attacks, by Michael Hutter and Jörn-Marc Schmidt

  In this paper, we present practical results of data leakages of CMOS devices via the temperature side channel---a side channel that has been widely cited in literature but not well characterized yet. We investigate the leakage of processed data by passively measuring the dissipated heat of the devices. The temperature leakage is thereby linearly correlated with the power leakage model but is limited by the physical properties of thermal conductivity and capacitance. We further present heating faults by operating the devices beyond their specified temperature ratings. The efficiency of this kind of attack is shown by a practical attack on an RSA implementation. Finally, we introduce data remanence attacks on AVR microcontrollers that exploit the Negative Bias Temperature Instability (NBTI) property of internal SRAM cells. We show how to recover parts of the internal memory and present first results on an ATmega162. The work encourages the awareness of temperature-based attacks that are known for years now but not well described in literature. It also serves as a starting point for further research investigations.

21:17 [Pub][ePrint] Side-Channel Analysis on Blinded Regular Scalar Multiplications, by Benoit Feix and Mylène Roussellet and Alexandre Venelli

  We present a new side-channel attack path threatening state-of-the-art protected implementations of elliptic curves embedded scalar multiplications. Regular algorithms such as the double-and-add-always and the Montgomery ladder are commonly used to protect the scalar multiplication from simple side-channel analysis. Combining such algorithms with scalar and/or point blinding countermeasures lead to scalar multiplications protected from all known attacks. Scalar randomization, which consists in adding a random multiple of the group order to the scalar value, is a popular countermeasure due to its efficiency. Amongst the several curves defined for usage in elliptic curves products, the most used are those standardized by the NIST. The modulus, hence the orders, of these curves are sparse, primarily for efficiency reasons. In this paper, we take advantage of this specificity to present new attack paths and recover the secret scalar of state-of-the-art protected elliptic curve implementations.