International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-03-26
18:08 [Event][New]

Submission: 15 April 2014
From September 2 to September 4
Location: Vienna, Austria

18:08 [Job][New]

RSA Laboratories invites applications for a full staff position in the area of systems security, preferably by candidates demonstrating some expertise in data analysis for security. Both well-established scientists with strong research records and graduating PhDs of exceptional caliber are encouraged to apply.

Staff scientists will have an opportunity to blend academic research with leadership in architecting next-generation security systems together with RSA Engineering. Applicants should possess enthusiasm for both cutting-edge research and real-world deployment; also valuable are either implementation skills or a desire to work with development staff to create prototypes. A PhD in Computer Science or a closely related field is required, as is residence in or relocation to the Boston, MA area. To apply, please send a resume to labs_hiring (at) rsa.com. The review of applications will begin immediately and will continue until the position is filled.

RSA is the security division of EMC, the world leader in information infrastructure solutions. RSA Laboratories’ charter is to produce research with practical impact on the products and strategy of RSA and its parent company EMC and scholarly influence in the larger research community.

18:07 [Job][New]

If you enjoy getting your hands dirty hacking Android code-base, this project is for you. The goal of the project is to extend an existing prototype implementation of a mobile honeypot running on a Samsung Galaxy SII Android phone with auditing capabilities to enable logging facilities for Android apps.

You will be working with a SGSII phone, coding mostly in C/C++. Knowledge of Java is beneficial. Since the prototype is running on top of a microkernel (Fiasco.OC), prior knowledge of virtualization architectures will be useful but can also be picked up during the course of the project. To apply, please email an updated CV/Resume to the email address below indicating in the body of the email why the project interests you. The internship will cover living costs for a student in Berlin.

2014-03-24
18:17 [Pub][ePrint]

We clarify and generalize a cube root algorithm in $\\mathbb F_q$ proposed by Pocklington, and later rediscovered by Padr\\\'o and S\\\'aez. We correct some mistakes in the result of Padr\\\'o and S\\\'aez and give a full generalization of their result. We also give the comparison of the implementation of our proposed algorithm with two most popular cube root algorithms, namely the Adleman-Manders-Miller algorithm and the Cipolla-Lehmer algorithm. To the authors\' knowledge, our comparison is the first one which compares three fundamental algorithms together.

18:17 [Pub][ePrint]

A computational secret-sharing scheme is a method that enables a dealer, that has a secret, to distribute this secret among a set of parties such that a \"qualified\" subset of parties can reconstruct the secret while any \"unqualified\" subset of parties cannot efficiently learn anything about the secret. The collection of \"qualified\" subsets is defined by a monotone Boolean function.

It has been a major open problem to understand which (monotone) functions can be realized by a computational secret-sharing schemes. Yao suggested a method for secret-sharing for any function that has a polynomial-size monotone circuit (a class which is strictly smaller than the class of monotone functions in P). Around 1990 Rudich raised the possibility of obtaining secret-sharing for all monotone functions in NP: In order to reconstruct the secret a set of parties must be \"qualified\" and provide a witness attesting to this fact.

Recently, there has been much excitement regarding the possibility of obtaining program obfuscation satisfying the \"indistinguishability obfuscation\" requirement: A transformation that takes a program and outputs an obfuscated version of it so that for any two functionally equivalent programs the output of the transformation is computationally indistinguishable.

Our main result is a construction of a computational secret-sharing scheme for any monotone function in NP assuming the existence of an efficient indistinguishability obfuscator for P and one-way functions. Furthermore, we show how to get the same result but relying on a weaker obfuscator: an efficient indistinguishability obfuscator for CNF formulas.

18:17 [Pub][ePrint]

Increasing amounts of information that needs to be protecting put in claims specific requirements for information security systems. The main goal of this paper is to find ways to increase performance of cryptographic transformation with public key by increasing performance of integers squaring. Authors use delayed carry mechanism and approaches of effective parallelization for Comba multiplication algorithm, which was previously proposing by authors. They use the idea of carries accumulation by addition products of multiplying the relevant machine words in columns. As a result, it became possible to perform addition of such products in the column independently of each other. However, independent accumulation of products and carries require correction of the intermediate results to account for the accumulated carries. Due to the independence of accumulation in the columns, it became possible to parallelize the process of products accumulation that allowed formulating several approaches. In this paper received theoretical estimates of the computational complexity for proposed squaring algorithms. Software implementations of algorithms in C++ allowed receiving practical results of the performance, which are not contrary to theoretical estimates. The authors first proposed applying the method of delayed carry and parallelization techniques for squaring algorithms, which was previously proposing for integer multiplication.

18:17 [Pub][ePrint]

In 2000 Ko gave potential hard problem is proposed called the Markov

problem. We give an algorithm, for certain parameters, for solution of the Markov problem. The Markov problem is related to the knot recognition problem. Hence we also a new algorithm the knot recognition problem. This knot recognition algorithm may be used for previously proposed cryptosystem that uses knots.

18:17 [Pub][ePrint]

The Partial Sum Attack is one of the most powerful attacks developed in the last 15

years against reduced-round versions of AES. We introduce a slight improvement to

the basic attack which lowers the number of chosen plaintexts needed to successfully

mount it. Our version of the attack on 6-round AES can be carried out completely

in practice, as we demonstrate providing a full implementation. We also detail the

structure of our implementation, showing the performances we achieve.

18:17 [Pub][ePrint]

\\panda~is an authenticated encryption scheme designed by Ye {\\it et al.}, and submitted to the CAESAR competition.

The designers claim that \\pandas, which is one of the designs of the \\panda-family, provides 128-bit security in the nonce misuse model.

In this note, we describe our forgery attack against \\pandas.

Our attack works in the nonce misuse model.

It exploits the fact that the message processing function and the finalization function are identical,

and thus a variant of the length-extension attack can be applied.

We can find a tag for a pre-specified formatted message with 2 encryption oracle calls, $2^{64}$ computational cost, and negligible memory.

18:17 [Pub][ePrint]

\\paes~is an authenticated encryption scheme designed by Ye {\\it et al.},

and submitted to the CAESAR competition.

The designers claim that \\paese, which is one of the designs of the \\paes-family,

provides 128-bit security in the nonce misuse model.

In this note, we show our forgery attack against \\paese.

Our attack works in the nonce misuse model.

The attack exploits the slow propagation of message differences.

The attack is very close to the universal forgery attack.

As long as the target message is not too short, {\\it e.g.} more than 10 blocks (160 bytes),

a tag is forged only with $2^{11}$ encryption oracle calls, $2^{11}$ computational cost, and negligible memory.

18:13 [Job][New]

The research group Computer Algebra and Cryptography at TU Darmstadt headed by Prof. Buchmann is looking for doctoral students. TU Darmstadt is a partner in the Center for Advanced Security Research Darmstadt CASED, one of the internationally leading research institutions in cyber security. The successful candidate will greatly benefit from the excellent CASED research environment.

The applicants are expected to hold a master degree in computer science, mathematics, or a related area and to have a background in cryptography.

(1) We look for a doctoral student in the area of lattice-based cryptography at the earliest possible date. Lattice-based cryptography is a very promising direction in cryptography offering both (presumably) quantum immunity and additional features, e.g., fully homomorphic encryption. We are interested in both cryptanalysis (the concrete hardness of lattice problems) and the construction of provably secure and practical lattice-based schemes.

Previous experience in algebra, number theory, the geometry of numbers, and/or lattice-based cryptography is advantageous. The successful candidate will work in a research team of several doctoral students led by Dr. Özgür Dagdelen.