International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

09:17 [Pub][ePrint] A Tamper and Leakage Resilient Random Access Machine, by Sebastian Faust and Pratyay Mukherjee and Jesper Buus Nielsen and Daniele Venturi

  We present a ``universal\'\' Random Access Machine (RAM in short) for tamper and leakage resilient computation. The RAM has one CPU that accesses three storages (called disks in the following), two of them are secret, while the other one is public. The CPU has constant size for each fixed value of security parameter $k$. We construct a compiler for this architecture which transforms any keyed primitive into a RAM program where the key is encoded and stored on the two secret disks and the instructions for evaluating the functionality are stored on the public disk.

The compiled program tolerates arbitrary independent tampering of the disks. That is, the adversary can tamper with the intermediate values produced by the CPU, and the program code of the compiled primitive on the public disk. In addition, it tolerates bounded independent leakage from the disks and continuous leakage from the communication channels between the disks and the CPU.

Although it is required that the circuit of the CPU is tamper and leakage proof, its design is independent of the actual primitive being computed and its internal storage is non-persistent, i.e., all secret registers are reset between invocations. Hence, our result can be interpreted as reducing the problem of shielding arbitrary complex computations to protecting a single, simple and ``universal\'\' component. As a main ingredient of our construction we use continuous

non-malleable codes that satisfy certain additional properties.

09:17 [Pub][ePrint] Public-Coin Concurrent Zero-Knowledge in Logarithmic Rounds, by Yi Deng


09:17 [Pub][ePrint] A Strong and Efficient Certificateless Digital Signature Scheme, by Mohammed Alfateh Hassouna and Mohsin Hashim

  This paper extends the certificateless public key infrastructure model that was proposed by Hassouna et al by proposing new digital signature scheme to provide true non-repudiation,

the proposed signature scheme is short and efficient, it is also has strength point that the KGC has no contribution in signature generation/verification process, therefore any compromise

of the KGC does not affect the non-repudiation service of the system. Furthermore, even the KGC cannot do signature forgery by (temporary) replacing the user\'s public key.

09:17 [Pub][ePrint] Formal Analysis of Chaumian Mix Nets with Randomized Partial Checking, by Ralf Kuesters and Tomasz Truderung and Andreas Vogt

  Mix nets with randomized partial checking (RPC mix nets) have been introduced by Jakobsson, Juels, and Rivest as particularly simple and efficient verifiable mix nets. These mix nets have been used in several implementations of prominent e-voting systems to provide vote privacy and verifiability. In RPC mix nets, higher efficiency is traded for a lower level of privacy and verifiability. However, these mix nets have never undergone a rigorous formal analysis. Recently, Kahazei and Wikstroem even pointed out several severe problems in the original proposal and in implementations of RPC mix nets in e-voting systems, both for so-called re-encryption and Chaumian RPC mix nets. While Kahazei and Wikstroem proposed several fixes, the security status of Chaumian RPC mix nets (with the fixes applied) has been left open; re-encryption RPC mix nets, as they suggest, should not be used at all.

In this paper, we provide the first formal security analysis of Chaumian RPC mix nets. We propose security definitions that allow one to measure the level of privacy and verifiability RPC mix nets offer, and then based on these definitions, carry out a rigorous analysis. Altogether, our results show that these mix nets provide a reasonable level of privacy and verifiability, and that they are still an interesting option for the use in e-voting systems.

00:19 [News] Mass Surveillance and the Subversion of Cryptography


Statement of Principle from the IACR Membership on Mass Surveillance and the Subversion of Cryptography

The membership of the IACR repudiates mass surveillance and the undermining of cryptographic solutions and standards. Population-wide surveillance threatens democracy and human dignity. We call for expediting research and deployment of effective techniques to protect personal privacy against governmental and corporate overreach.

09:17 [Pub][ePrint] An Optimal Strong Password Authentication Protocol with USB Sticks, by Vikram D

  Authentication is the process for identify the user authorized or not. The identity contains mainly the username and passwords for verifying the two entities. The authentication information\'s are stored in the form encryption in a device which is properly registered in the server. At the time of authentication process perform between user and server the intruder can eves-dropping the communication channel and login into the system by an authorized user. To overcome this optimal strong password authentication (OSPA) protocol uses the multiple hash operation the time of authentication for the users. The server chooses the hash function only at the time of user request for the login process. So the intruder cannot know the information which is transferred at the time of authentication process.

The OSPA can improve the authentication process for obtaining mutual communication between user and server. The authentication information will not know to the intruder. So the multiple hash function obtains the secure authentication information process. The OSPA protect information of the user & server and protect from the guessing attack. The guessing attack prevention performs by the server using the multiple hash function & USB Stick.

09:17 [Pub][ePrint] Affine-evasive Sets Modulo a Prime, by Divesh Aggarwal

  In this work, we describe a simple and efficient construction of a large subset S of F_p, where p is a prime, such that the set A(S) for any non-identity affine map A over F_p has small intersection with S.

Such sets, called affine-evasive sets, were defined and constructed in~\\cite{ADL14} as the central step in the construction of non-malleable codes against affine tampering over F_p, for a prime p. This was then used to obtain efficient non-malleable codes against split-state tampering.

Our result resolves one of the two main open questions in~\\cite{ADL14}. It improves the rate of non-malleable codes against affine tampering over F_p from log log p to a constant, and consequently the rate for non-malleable codes against split-state tampering for n-bit messages is improved from n^6 log^7 n to n^6.

09:17 [Pub][ePrint] Explicit Optimal Binary Pebbling for One-Way Hash Chain Reversal, by Berry Schoenmakers

  We present explicit optimal binary pebbling algorithms for reversing one-way hash chains. For a hash chain of length $2^k$, the number of hashes performed per output round is at most $\\lceil \\tfrac{k}{2}\\rceil$, whereas the number of hash values stored throughout is at most $k$. This is optimal for binary pebbling algorithms characterized by the property that the midpoint of the hash chain is computed just once and stored until it is output, and that this property applies recursively to both halves of the hash chain.

We develop a framework for easy comparison of explicit binary pebbling algorithms, including simple speed-1 binary pebbles, Jakobsson\'s binary speed-2 pebbles, and our optimal binary pebbles. Explicit schedules describe for each pebble exactly how many hashes need to be performed in each round. The optimal schedule exhibits a nice recursive structure, which allows fully optimized implementations that can readily be deployed. In particular, we develop in-place implementations with minimal storage overhead (essentially, storing only hash values), and fast implementations with minimal computational overhead.

09:17 [Pub][ePrint] Build a Compact Cryptocurrency System Purely Based on PoS, by qianxiaochao

  In this paper we propose a new framework of cryptocurrency system. The major parts what we have changed include removing the bloated history transactions from data synchronization, no mining, no blockchain, it\'s environmentally friendly, no checkpoint, no exchange hub needed, it\'s purely decentralized and purely based on proof of stake. The logic is very simple and intuitive, 51% stakes talk. A new data synchronization mechanism named \"Converged Consensus\" is proposed to ensure the system reaches a consistent distributed consensus. We think the famous blockchain mechanism based on PoW is no longer an essential element of a cryptocurrency system. In aspect of security, we propose TILP & SSS strategies to secure our system.

09:17 [Pub][ePrint] Machine Learning Classification over Encrypted Data, by Raphael Bost and Raluca Ada Popa and Stephen Tu and Shafi Goldwasser

  Machine learning classification is used in numerous settings nowadays, such as medical or genomics predictions, spam detection, face recognition, and financial predictions. Due to privacy concerns in some of these applications, it is important that the data and the classifier remain confidential.

In this work, we construct three major classification protocols that satisfy this privacy constraint: hyperplane decision, Na\\\"ive Bayes, and decision trees. These protocols may also be combined with AdaBoost. They rely on a library of building blocks for constructing classifiers securely, and we demonstrate the versatility of this library by constructing a face detection classifier.

Our protocols are efficient, taking milliseconds to a few seconds to perform a classification when running on real medical datasets.

09:17 [Pub][ePrint] Using More Points in One Clock Cycle to Achieve Better Performance of Template Attacks, by Guangjun Fan, Yongbin Zhou, Hailong Zhang, and Dengguo Feng

  Template Attacks are widely accepted to be the most powerful side-channel attacks from an information theoretic point of view. For classical Template Attacks, several papers suggested that one should not choose more than one point as the interesting point per clock cycle when he conducts Template Attacks. Disobeying this constraint leads to poorer classification performance even if a higher number of interesting points is chosen. A more systematic approach, which relies on the data variability, is to choose the interesting points based on principal component analysis (PCA). In this paper, we present a new way of conducting Template Attacks when one uses more than one point as the interesting point per clock cycle. This new way has better classification performance compared with classical Template Attacks and PCA-based Template Attacks. Moreover, the computational price of the new way is low and practical. Therefore, we suggest that one should use this new way to better understand practical threats of Template Attacks when one want to use more than one point as the interesting point per clock cycle.