International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-04-30
12:17 [Pub][ePrint]

The Ihara limit (or constant) $A(q)$ has been a central problem of study in the asymptotic theory of global function fields (or equivalently, algebraic curves over finite fields). It addresses global function fields with many rational points and,

so far, most applications of this theory do not

require additional properties. Motivated by recent applications, we require global function fields

with the additional property that their zero class divisor groups contain at most a small number of $d$-torsion points. We capture this with the notion of torsion limit, a new asymptotic quantity for global function fields.

It seems that it is even harder to determine values of this new quantity than the Ihara constant.

Nevertheless, some non-trivial upper bounds are derived.

Apart from this new asymptotic quantity and bounds on it, we also introduce Riemann-Roch systems of equations. It turns out that this type of equation system

plays an important role in the study of several other problems in each of these areas: arithmetic secret sharing, symmetric bilinear complexity of multiplication in finite fields, frameproof codes and the theory of error correcting codes.

Finally, we show how our new asymptotic quantity, our bounds on it and Riemann-Roch systems can be used to improve results in these areas.

06:17 [Pub][ePrint]

A fair contract-signing protocol is an important mechanism which allows two participants to sign a digital contract via the public computer networks in a fair way. Based on the RSA signature scheme and Σ-protocol, we propose a new contract-signing protocol in this paper. The proposed protocol is not only fair and optimistic, but also efficient and abuse-free. Moreover, security and efficiency analysis are provided.

06:17 [Pub][ePrint]

M3lcrypt (canonical M3lcryptH) is a password based key derivation

function built around the Merkle-Damgard hash function H. It supports

large [pseudo]random salt values ( 128-bit) and password lengths.

06:17 [Pub][ePrint]

We present new constructions of two-message and one-message witness-indistinguishable proofs (ZAPs and NIWIs). This includes:

\\begin{itemize}

\\item

ZAP (or, equivalently, non-interactive zero-knowledge in the common random string model) from indistinguishability obfuscation and one-way functions.

\\item

NIWIs from indistinguishability obfuscation and one-way permutations.

\\end{itemize}

The previous construction of ZAPs [Dwork and Naor, FOCS 00] was based on trapdoor permutations. The two previous NIWI constructions were based either on ZAPs and a derandomization-type complexity assumption [Barak, Ong, and Vadhan CRYPTO 03], or on a specific number theoretic assumption in bilinear groups [Groth, Sahai, and Ostrovsky, CRYPTO 06].

2014-04-29
21:17 [Pub][ePrint]

The Discrete Logarithm Problem is at the base of the famous Diffie Hellman key agreement algorithm and many others. The key idea behind Diffie Helmann is the usage of the Discrete Logarithm function in (Z/pZ)∗ as a trap door function. The Discrete Logarithm function output in (Z/pZ)∗ seems to escape to any attempt of finding some sort of pattern. Nevertheless some new characterization will be introduced together with a novel and more efficient trial multi- plication algorithm.

21:17 [Pub][ePrint]

Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. In this paper, we focus on the key-recovery attacks on reduced-round Camellia-192/256 with meet-in-the-middle methods. We utilize multiset and the differential enumeration methods which are popular to analyse AES in the recent to attack Camellia-192/256. We propose a 7-round property for Camellia-192, and achieve a 12-round attack with $2^{180}$ encryptions, $2^{113}$ chosen plaintexts and $2^{130}$ 128-bit memories. Furthermore, we present an 8-round property for Camellia-256, and apply it to break the 13-round Camellia-256 with $2^{232.7}$ encryptions, $2^{113}$ chosen ciphertexts and $2^{227}$ 128-bit memories.

11:39 [Event][New]

2014-04-28
07:54 [PhD][Update]

Name: Nicolas Moro
Topic: Security of assembly programs against attacks on embedded processors
Category:implementation

Description: This thesis aims at defining software-level countermeasures against fault attacks on an up-to-date microcontroller. To perform such an analysis, this thesis relies on a hardware-level attacker's fault model. This fault model is obtained by using an electromagnetic fault injection experimental process.[...]

2014-04-27
00:17 [Pub][ePrint]

We show that a recently proposed password authentication scheme based on geometric hashing has several security weaknesses, and that the use of this scheme should be avoided in practice.

00:17 [Pub][ePrint]

00:17 [Pub][ePrint]

A sensor network is a network comprised of many small, wireless, resource-limited nodes that sense data about their environment and report readings to a base station. One technique to conserve power in a sensor network is to aggregate sensor readings hop-by-hop as they travel towards a base station, thereby reducing the total number of messages required to collect each sensor reading. In an adversarial setting, the ability of a malicious node to alter this aggregate total must be limited. We present three aggregation protocols inspired by three natural key pre-distribution schemes for linear networks. Assuming no more than k consecutive nodes are malicious, each of these protocols limits the capability of a malicious node to altering the aggregate total by at most a single valid sensor reading. Additionally, our protocols are able to detect malicious behavior as it occurs, allowing the protocol to be aborted early, thereby conserving energy in the remaining nodes. A rigorous proof of security is also given for each protocol.