International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

09:17 [Pub][ePrint] A mechanical approach to derive identity-based protocols from Diffie-Hellman-based protocols, by Kim-Kwang Raymond Choo and Junghyun Nam and Dongho Won

  We describe a mechanical approach to derive identity-based (ID-based) protocols from existing Diffie-Hellman-based ones. As case studies, we present the ID-based versions of the Unified Model protocol, UMP-ID, Blake-Wilson, Johnson & Menezes (1997)\'s protocol, BJM-ID, and Krawczyk (2005)\'s HMQV protocol, HMQV-ID. We describe the calculations required to be modified in existing proofs. We conclude with a comparative security and efficiency of the three proposed ID-based protocols (relative to other similar published protocols) and demonstrate that our proposed ID-based protocols are computationally efficient.

09:17 [Pub][ePrint] Explicit endomorphism of the Jacobian of a hyperelliptic function field of genus 2 using base field operations, by Eduardo Ruiz Duarte and Octavio P\\\'{a}ez Osuna

  We present an efficient endomorphism for the Jacobian of a curve $C$ of genus 2 for divisors having a Non disjoint support. This extends the work of Costello in ~\\cite{Costello} who calculated explicit formul\\ae\\space for divisor doubling and addition of divisors with disjoint support in $\\jacobian(C)$ using only base field operations. Explicit formul\\ae\\space is presented for this third case and a different approach for divisor doubling.

09:17 [Pub][ePrint] McEliece in the world of Escher, by Danilo Gligoroski and Simona Samardjiska and H{\\aa}kon Jacobsen and Sergey Bezzateev

  We present a new family of linear binary codes of length $n$ and dimension $k$ accompanied with a fast list decoding algorithm that can correct up to $\\frac{n}{2}$ errors in a bounded channel with an error density $\\rho$. The decisional problem of decoding random codes using these generalized error sets is NP-complete. Next we use the properties of these codes to design both an encryption scheme and a signature scheme. Although in the open literature there have been several proposals how to produce digital signatures from the McEliece public key scheme, as far as we know, this is the first public key scheme based on codes where signatures are produced in a straightforward manner from the decryption procedure of the scheme. The security analysis of our scheme have two main parts:

1. An extensive list of attacks using the Information Set Decoding techniques adopted for our codes; 2. An analysis of the cost of a distinguishing attack based on rank attacks on the generator matrix of the code or on its dual code. Based on this security analysis we suggest some concrete parameters for the security levels in the range of $2^{80} - 2^{128}$.

16:40 [PhD][Update] Nizamuddin: On the Design of signcryption Schemes

  Name: Nizamuddin
Topic: On the Design of signcryption Schemes
Category:public-key cryptography

16:40 [PhD][Update] Mehmet Sabir Kiraz: Secure and Fair Two-Party Computation

  Name: Mehmet Sabir Kiraz
Topic: Secure and Fair Two-Party Computation
Category:cryptographic protocols

Description: Consider several parties that do not trust each other, yet they wish to correctly compute some common function of their local inputs while keeping these inputs private. This problem is known as “Secure Multi-Party Computation”, and was introduced by Andrew Yao in 1982. Secure multi-party computations have some real world examples like electronic auctions, electronic voting or Fingerprinting. In this thesis we consider the case where there are only two parties involved. This is known as “Secure Two-Party Computation”. If there is a trusted third party called Carol, then the problem is pretty straightforward. The participating parties could hand their inputs in Carol who can compute the common function correctly and could return the outputs to the corresponding parties. The goal is to achieve (almost) the same result when there is no trusted third party. Cryptographic protocols are designed in order to solve these kinds of problems. These protocols are analyzed within an appropriate model in which the behavior of parties is structured. The basic level is called the Semi-Honest Model where parties are assumed to follow the protocol specification, but later can derive additional information based on the messages which have been received so far. A more realistic model is the so-called Malicious Model. The common approach is to First analyze a protocol in the semi-honest model and then later extend it into the malicious model. Any cryptographic protocol for secure two-party computation must satisfy the following security requirements: correctness, privacy and fairness. It must guarantee the correctness of the result while preserving the privacy of the parties’ inputs, even if one of the parties is malicious and behaves arbitrarily throughout the protocol. It must also guarantee fairness. This roughly means that whenever a party aborts the protocol prematurely, he or she should not have any advantage over the other party in discovering the o[...]

16:39 [PhD][New] Zubair Naqvi: Security using Cryptographic Systems in Banks

  Name: Zubair Naqvi
Topic: Security using Cryptographic Systems in Banks
Category: public-key cryptography

Description: In this thesis, we describe how security is implemented in the banking systems using the art of cryptography and analyse the security of distributed computations. Since a computational process is always inseparable from physical phenomena thatmake it observable,simplified mathematical models,such as finite automata and Turingmachines have their limitations. Namely,\r\nsome artifacts that are observable in theoretical models might not be present or\r\nmeaningful in practice. Therefore, we must make a constant conscious effort to\r\nassure that theoretical models adequately represent the reality.[...]

16:39 [PhD][New] George Summers: Cryptographic Systems

  Name: George Summers
Topic: Cryptographic Systems
Category: (no category)

16:38 [PhD][New]


16:37 [PhD][New] Josep Balasch: Implementation Aspects of Security and Privacy in Embedded Design

  Name: Josep Balasch
Topic: Implementation Aspects of Security and Privacy in Embedded Design
Category: implementation

Description: Embedded devices are nowadays largely represented across the compute continuum. From mobile phones to smart cards and RFID tags, digital devices are becoming increasingly ubiquitous, mobile and integrated with their environment. This gradual shift towards pervasive computing envisions many benefits in sectors as diverse as financial, entertainment, health care, information access, or automotive. Along with these possibilities however, there are also inherent risks to be addressed. It is in this context that this dissertation is situated. It provides contributions to the security of embedded devices and the privacy of the humans interacting with them.\r\n\r\nThe first part of the thesis is devoted to physical security. Many existing and future applications have built-in security capabilities which rely on keeping cryptographic keys secret. Typical examples include payment tokens, digital identity documents, or access control cards. As these devices operate in hostile environments, they need protection against physical attacks. Among these, side channel attacks and fault attacks represent two of the major threats in the security of embedded devices. \r\n\r\nOur contributions in this area encompass three different but related aspects. First, we provide an in-depth analysis of vulnerabilities that lead to physical attacks. In particular, we characterize the effects of fault injections based on setup-time violations on a low-end microcontroller. Second, we show how physical attacks are still a prominent threat for secure devices by successfully attacking a widely used family of secure memories. And third, we devise and thoroughly evaluate a high-level mitigation against side channel attacks. More specifically, we employ the inner product construction to design a masking-based countermeasure implementable at any order. \r\n\r\nThe second part of the thesis deals with privacy aspects. Systems such as location-based services, health-care monitoring, or smart homes rely on [...]

09:17 [Pub][ePrint] Folding Alternant and Goppa Codes with Non-Trivial Automorphism Groups, by Jean-Charles Faugère and Ayoub Otmani and Ludovic Perret and Frédéric de Portzamparc and Jean-Pierre Tillich

  The main practical limitation of the McEliece public-key encryption scheme is probably the size of its key. A famous trend to overcome this issue is to focus on subclasses of alternant/Goppa codes with a non trivial automorphism group. Such codes display then symmetries allowing compact parity-check or generator matrices. For

instance, a key-reduction is obtained by taking quasi-cyclic (QC) or quasi-dyadic (QD) alternant/Goppa codes.

We show that the use of such symmetric alternant/Goppa codes in cryptography introduces a fundamental weakness. It is indeed possible to reduce the key-recovery on the original symmetric public-code to the key-recovery on a (much) smaller code that has not anymore symmetries. This result is obtained thanks to a new operation on codes called folding that exploits the knowledge of the automorphism group. This operation consists in adding the coordinates of codewords which belong to the same orbit under the action of the automorphism group. The advantage is twofold:

the reduction factor can be as large as the size of the orbits, and it preserves a fundamental property: folding the dual of an alternant (resp. Goppa) code provides the dual of an alternant (resp. Goppa) code. A key point is to show that all the existing constructions of alternant/Goppa codes with symmetries follow a common principal of taking codes whose support is globally invariant under the action of affine transformations (by building upon prior works of T. Berger and A. D¨ur). This enables not only to present a unified view but also to generalize the construction of QC, QD and even quasi-monoidic (QM) Goppa codes. All in all, our results can be harnessed to boost up any key-recovery attack on McEliece systems based on symmetric alternant or Goppa codes, and in particular algebraic attacks.

09:17 [Pub][ePrint] Optimizing Information Set Decoding Algorithms to Attack Cyclosymmetric MDPC Codes, by Ray Perlner

  The most important drawback to code-based cryptography has historically been its large key sizes. Recently, several promising approaches have been proposed to reduce keysizes. In particular, significant keysize reduction has been achieved by using structured, but non-algebraic codes, such as quasi-cyclic (QC) Moderate Density Parity Check (MDPC) codes. Biasi et al. propose further reducing the keysizes of code-based schemes using cyclosymmetric (CS) codes. Biasi et al analyze the complexity of attacking their scheme against standard information-set-decoding attacks. However, the research presented here shows that information set decoding algorithms can be modified, by choosing the columns of the information set in a way that takes advantage of the added symmetry. The result is an attack that significantly reduces the security of the proposed CS-MDPC schemes to the point that they no longer offer an advantage in keysize over QC-MDPC schemes of the same security level.