International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-05-25
12:17 [Pub][ePrint]

The problem of secure data erasure has been extensively studied in the past with a rich body of literature available. All existing software-based solutions can be summarized as following the same one-bit-return protocol: the deletion program performs data erasure and returns either success or failure. However, such a one-bit-return protocol turns the data deletion system into a black box -- the user has to trust the outcome but cannot easily verify it. This is especially problematic when the deletion program is encapsulated within a Trusted Platform Module (TPM), and the user has no access to the code inside.

In this paper, we initiate a study on how to delete secret data with public verifiability. This is a subject that has not been investigated before, partly because it seems intuitively impossible. In this paper, we show a solution is possible by applying appropriate cryptographic primitives. Based on combining DHIES, Chaum-Pedersen Zero Knowledge Proof and ECDSA, we present a Secure Storage and Erasure (SSE) protocol. The key idea in our solution is based on a trust-but-verify\'\' paradigm, which is generally applicable to many security problems but has been largely neglected in the field of secure data deletion. Finally, we present a concrete implementation of the SSE system to demonstrate its practical feasibility.

2014-05-24
18:33 [Job][New]

The CWI Cryptology Group is opening a position for a research staff member (post-doc). We encourage candidates with an excellent research track-record in (theoretical) cryptology, preferably with substantial emphasis on its mathematical aspects, to apply.

Excellent candidates whose research has emphasized the interface between theory of computation and discrete mathematics (e.g., (algorithmic) coding theory) may also consider to apply if active interests in pursuing cryptologic research can be shown.

The initial appointment is for 1 year, with a possible extension of (at least) 1 year. Review of applications starts immediately until the position is filled. The starting date is negotiable.

2014-05-23
13:11 [Job][New]

09:17 [Pub][ePrint]

We describe a mechanical approach to derive identity-based (ID-based) protocols from existing Diffie-Hellman-based ones. As case studies, we present the ID-based versions of the Unified Model protocol, UMP-ID, Blake-Wilson, Johnson & Menezes (1997)\'s protocol, BJM-ID, and Krawczyk (2005)\'s HMQV protocol, HMQV-ID. We describe the calculations required to be modified in existing proofs. We conclude with a comparative security and efficiency of the three proposed ID-based protocols (relative to other similar published protocols) and demonstrate that our proposed ID-based protocols are computationally efficient.

09:17 [Pub][ePrint]

We present an efficient endomorphism for the Jacobian of a curve $C$ of genus 2 for divisors having a Non disjoint support. This extends the work of Costello in ~\\cite{Costello} who calculated explicit formul\\ae\\space for divisor doubling and addition of divisors with disjoint support in $\\jacobian(C)$ using only base field operations. Explicit formul\\ae\\space is presented for this third case and a different approach for divisor doubling.

09:17 [Pub][ePrint]

We present a new family of linear binary codes of length $n$ and dimension $k$ accompanied with a fast list decoding algorithm that can correct up to $\\frac{n}{2}$ errors in a bounded channel with an error density $\\rho$. The decisional problem of decoding random codes using these generalized error sets is NP-complete. Next we use the properties of these codes to design both an encryption scheme and a signature scheme. Although in the open literature there have been several proposals how to produce digital signatures from the McEliece public key scheme, as far as we know, this is the first public key scheme based on codes where signatures are produced in a straightforward manner from the decryption procedure of the scheme. The security analysis of our scheme have two main parts:

1. An extensive list of attacks using the Information Set Decoding techniques adopted for our codes; 2. An analysis of the cost of a distinguishing attack based on rank attacks on the generator matrix of the code or on its dual code. Based on this security analysis we suggest some concrete parameters for the security levels in the range of $2^{80} - 2^{128}$.

2014-05-22
16:40 [PhD][Update]

Name: Nizamuddin
Topic: On the Design of signcryption Schemes
Category:public-key cryptography

16:40 [PhD][Update]

Name: Mehmet Sabir Kiraz
Topic: Secure and Fair Two-Party Computation
Category:cryptographic protocols

Description: Consider several parties that do not trust each other, yet they wish to correctly compute some common function of their local inputs while keeping these inputs private. This problem is known as “Secure Multi-Party Computation”, and was introduced by Andrew Yao in 1982. Secure multi-party computations have some real world examples like electronic auctions, electronic voting or Fingerprinting. In this thesis we consider the case where there are only two parties involved. This is known as “Secure Two-Party Computation”. If there is a trusted third party called Carol, then the problem is pretty straightforward. The participating parties could hand their inputs in Carol who can compute the common function correctly and could return the outputs to the corresponding parties. The goal is to achieve (almost) the same result when there is no trusted third party. Cryptographic protocols are designed in order to solve these kinds of problems. These protocols are analyzed within an appropriate model in which the behavior of parties is structured. The basic level is called the Semi-Honest Model where parties are assumed to follow the protocol specification, but later can derive additional information based on the messages which have been received so far. A more realistic model is the so-called Malicious Model. The common approach is to First analyze a protocol in the semi-honest model and then later extend it into the malicious model. Any cryptographic protocol for secure two-party computation must satisfy the following security requirements: correctness, privacy and fairness. It must guarantee the correctness of the result while preserving the privacy of the parties’ inputs, even if one of the parties is malicious and behaves arbitrarily throughout the protocol. It must also guarantee fairness. This roughly means that whenever a party aborts the protocol prematurely, he or she should not have any advantage over the other party in discovering the o[...]

16:39 [PhD][New]

Name: Zubair Naqvi
Topic: Security using Cryptographic Systems in Banks
Category: public-key cryptography

Description: In this thesis, we describe how security is implemented in the banking systems using the art of cryptography and analyse the security of distributed computations. Since a computational process is always inseparable from physical phenomena thatmake it observable,simplified mathematical models,such as finite automata and Turingmachines have their limitations. Namely,\r\nsome artifacts that are observable in theoretical models might not be present or\r\nmeaningful in practice. Therefore, we must make a constant conscious effort to\r\nassure that theoretical models adequately represent the reality.[...]

16:39 [PhD][New]

Name: George Summers
Topic: Cryptographic Systems
Category: (no category)

16:38 [PhD][New]