International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-06-12
03:17 [Pub][ePrint]

We propose \\emph{RAW Path ORAM}, an ORAM construction that improves the state of the art Path ORAM in several ways.

First, RAW Path ORAM reduces the amount of encryption operations by $4\\times$ compared with Path ORAM.

Second, RAW Path ORAM enables a much more efficient and simpler integrity verification scheme.

Third, RAW Path ORAM dramatically simplifies the theoretical analysis on client storage requirement (stash size).

We build RAW Path ORAM in hardware and name it \\emph{Tiny ORAM}.

Tiny ORAM is the first hardware ORAM design that efficiently supports small client storage, arbitrary block sizes (e.g., 64~Bytes to 4096~Bytes) and integrity verification.

Block size flexibility allows Tiny ORAM to greatly reduce the worst-case access latency for ORAM running programs with erratic data locality.

To reduce the performance overhead that comes with small client storage, we add \\emph{Unified ORAM} scheme that further decreases ORAM access latency by up to 39\\% on real workloads.

We demonstrate a complete working prototype on a stock FPGA board.

Tiny ORAM requires $5\\%/15\\%$ of the FPGA logic/memory (including encryption and integrity verification)

and can complete an ORAM access for a 64 Byte block in $1.25-4.75\\mu s$.

03:17 [Pub][ePrint]

Message authentication is one of the most basic tasks of cryptography, and authentication based on public-key infrastructure (PKI) is one of the most prevalent methods for message and entity authentication. Still, the state of the art in composable security analysis of PKI-based authentication is somewhat unsatisfactory. Specifically, existing treatments either (a)~make the unrealistic assumption that the PKI is accessible only within the confines of the authentication protocol itself, thus failing to capture real-world PKI-based authentication, or (b)~impose often-unnecessary requirements---such as strong on-line non-transferability---on candidate protocols, thus ruling out natural candidates.

We give a modular and composable analytical framework for PKI-based message authentication protocols. This framework guarantees security even when the PKI is pre-existing and globally available, without being unnecessarily restrictive. Specifically, we model PKI as a global set-up functionality within the \\emph{Global~UC} security model [Canetti \\etal, TCC 2007] and relax the ideal authentication functionality accordingly. We then demonstrate the security of a simple signature-based authentication protocol. Our modeling makes minimal security assumptions on the PKI in use; in particular, knowledge of the secret key\'\' is not guaranteed or verified. To enable our treatment, we formulate two new composition theorems.

03:17 [Pub][ePrint]

A popular effective countermeasure to protect block cipher implementations against differential power analysis (DPA) attacks is to mask the internal operations of the cryptographic algorithm with random numbers. While the masking technique resists against first-order (univariate) DPA attacks, higher-order (multivariate) attacks were able to break masked devices. In this paper, we formulate a statistical model for higher-order DPA attack. We derive an analytic success rate formula that distinctively shows the effects of algorithmic confusion property, signal-noise-ratio (SNR), and masking on leakage of masked devices. It further provides a formal proof for the centered product combination function being optimal for higher-order attacks in very noisy scenarios. We believe that the statistical model fully reveals how the higher-order attack works around masking, and would offer good insights for embedded system designers to implement masking techniques.

2014-06-11
21:17 [Pub][ePrint]

Passwords are inherently vulnerable to dictionary attacks, but are quite secure if guessing attempts can be slowed down, for example by an online server. If this server gets compromised, however, the attacker can again perform an offline attack. The obvious remedy is to distribute the password verification process over multiple servers, so that the password remains secure as long as no more than a threshold of the servers are compromised. By letting these servers additionally host shares of a strong secret that the user can recover upon entering the correct password, the user can perform further cryptographic tasks using this strong secret as a key, e.g., encrypting data in the cloud. Threshold password-authenticated secret sharing (TPASS) protocols provide exactly this functionality, but the two only known schemes by Bagherzandi et al. (CCS 2011) and Camenisch et al. (CCS 2012) leak the password if a user mistakenly executes the protocol with malicious servers. Authenticating to the wrong servers is a common scenario when users are tricked in phishing attacks.

We propose the first t-out-of-n TPASS protocol for any n > t that does not suffer from this shortcoming. We prove our protocol secure in the UC framework, which for the particular case of password-based protocols offers important advantages over property-based definitions, e.g., by correctly modeling typos in password attempts.

13:06 [Job][New]

What we offer:

We offer a post-doctoral research contract at Universitat Rovira i Virgili, for up to three years. The selected candidate will work in a new generously funded research project at the UNESCO Chair in Data Privacy/CRISES research group within the Department of Computer Engineering and Mathematics.

What we require:

Candidates should have provable research expertise in game theory (specifically mechanism design and/or implementation theory) and also be familiar with cryptographic protocols. Suitable backgrounds include but are not limited to computer science, mathematics, economics and engineering.

Where we are:

Universitat Rovira i Virgili (URV) is based in Tarragona (Catalonia), which is a coastal city 90 km south of Barcelona. URV has been ranked by Times Higher Education 2014 as the world´s 66th best university under 50 years of age. Also, according to the CWTS Leiden 2014 ranking, URV has the second highest research impact on Math., Comp. Sci. and Engineering´´ among European universities.

What candidates should send:

Send your CV and publication record, plus two recommendation letters to Prof. Josep Domingo-Ferrer ( josep.domingo (at) urv.cat ).

08:13 [Event][New]

From July 3 to July 4
Location: Bochum, Germany

2014-06-10
21:17 [Pub][ePrint]

Dual system encryption techniques introduced by Waters in Crypto\'09 are powerful approaches for constructing fully secure functional encryption (FE) for many predicates. However, there are still some FE for certain predicates to which dual system encryption techniques seem inapplicable, and hence their fully-secure realization remains an important problem. A notable example is FE for regular languages, introduced by Waters in Crypto\'12.

We propose a generic framework that abstracts the concept of dual system encryption techniques. We introduce a new primitive called \\emph{pair encoding} scheme for predicates and show that it implies fully secure functional encryption (for the same predicates) via a generic construction. Using the framework, we obtain the first fully secure schemes for functional encryption primitives of which only selectively secure schemes were known so far. Our three main instantiations include FE for regular languages, unbounded attribute-based encryption (ABE) for large universes, and ABE with constant-size ciphertexts.

Our main ingredient for overcoming the barrier of inapplicability for the dual system techniques to certain predicates is a computational security notion of the pair encoding scheme which we call \\emph{doubly selective security}. This is in contrast with most of the previous dual system based schemes, where information-theoretic security are implicitly utilized. The doubly selective security notion resembles that of selective security and its complementary notion, co-selective security, and hence its name. Our framework can be regarded as a method for boosting doubly selectively security (of encoding) to full security (of functional encryption).

Besides generality of our framework, we remark that improved security is also obtained, as our security proof enjoys tighter reduction than previous schemes, notably the reduction cost does not depend on the number of all queries, but only that of \\emph{pre-challenged} queries.

17:49 [Job][Update]

The Informatics Institute at Istanbul Technical University (ITU) invites applications from accomplished scholars for several full-time/part time open rank faculty positions in Cyber Security related areas:

• wireless and network security,

• secure software,

• cyber supply chain security,

• cybersecurity policy,

• cryptography,

• multimedia forensics.

Applicants should have a well-established record of research. Duties of these positions include mainly research and teaching at graduate level. The salaries for these positions are internationally competitive and commensurate with candidates’ qualifications and academic ranks. “Information Security and Cryptography” department is a newly opening division at ITU and the prospective candidates for these positions are supposed to assume duties as early as September, 2015.

Istanbul Technical University, located at the heart of Istanbul, is one of the most prominent research universities of Turkey. Admission to ITU is highly competitive and the student body is from top scorers of the nationwide university entrance exam. With its well-qualified departments and institutions, ITU provides an excellent research environment for engineers and scientists. As a state university, ITU provides a free of charge health and dental insurance for its faculty members and their families.

To apply please send your application package including a cover letter, CV, research plan, and the names of 3 or 4 references to:

hiring (at) be.itu.edu.tr

17:49 [Job][New]

A fully funded 3.5 year PhD Studentship is available from October 2014 to work on “Model-Based Assessment of Compromising Emanations”. The project aims to improve our understanding of electro-magnetic emissions that are unintentionally emitted by computing equipment, and the eavesdropping risks they pose. In particular, it aims to improve test and measurement procedures (TEMPEST) for computing equipment that processes extremely confidential data. We are looking for an Electrical Engineering, Computer Science or Physics graduate with an interest in electronics, radio communication, hardware security, side-channel cryptanalysis, digital signal processing, electromagnetic compatibility, or machine learning.

This Studentship is funded through Government Communication Headquarters (GCHQ) under their Academic Centres of Excellence in Cyber Security Research (ACE-CSR) programme. As part of this programme, the doctoral student will be able to visit and work with GCHQ experts in Cheltenham. To enable such collaboration, this studentship is awarded under the condition that the applicant obtains an advanced UK government security clearance (“developed vetting”). To make this feasible, the applicant should have lived in the UK for the last 10 years and ideally be a British National.

17:33 [Event][New]

Submission: 20 June 2014