Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:
To receive your credentials via mail again, please click here.
You can also access the full news archive.
settings---symmetric or asymmetric (leveled) k-linear groups---and by
proving \"computational soundness\" theorems for the symbolic models.
Based on this result, we formulate a very general master theorem that formally relates the hardness of a (possibly interactive) assumption in these models to solving problems in polynomial algebra. Then, we systematically analyze these problems. We identify different classes of assumptions and obtain decidability and undecidability results.
Then, we develop and implement automated procedures for verifying the conditions of master theorems, and thus the validity of hardness assumptions in generic group models. The concrete outcome of this work is an automated tool which takes as input the statement of an assumption, and outputs either a proof of its
generic hardness or shows an algebraic attack against the assumption.
eavesdrop on tamper-resistant hardware. They use a profiling step to
compute the parameters of a multivariate normal distribution from a
training device and an attack step in which the parameters obtained
during profiling are used to infer some secret value (e.g.
cryptographic key) on a target device. Evaluations using the same
device for both profiling and attack can miss practical problems
that appear when using different devices. Recent
studies showed that variability caused by the use of either
different devices or different acquisition campaigns on the same
device can have a strong impact on the performance of template
attacks. In this paper, we explore further the effects that lead to
this decrease of performance, using four different Atmel XMEGA 256
A3U 8-bit devices. We show that a main difference between devices is
a DC offset and we show that this appears even if we use the same
device in different acquisition campaigns. We then explore several
variants of the template attack to compensate for these differences.
Our results show that a careful choice of compression method and
parameters is the key to improving the performance of these attacks
across different devices. In particular we show how to maximise the
performance of template attacks when using Fisher\'s Linear
Discriminant Analysis or Principal Component Analysis. Overall, we
can reduce the entropy of an unknown 8-bit value below 1.5 bits even
when using different devices.
In this work, we construct the first leveled fully homomorphic signature schemes that can evaluate arbitrary circuits over signed data, where only the maximal depth $d$ of the circuit needs to be fixed a priori. The size of the evaluated signature grows polynomially in $d$, but is otherwise independent of the circuit size or the data size. Our solutions are based on the hardness of the small integer solution (SIS) problem, which is in turn implied by the worst-case hardness of problems in standard lattices. We get a scheme in the standard model, albeit with large public parameters whose size must exceed the total size of all signed data. In the random-oracle model, we get a scheme with short public parameters. These results offer a significant improvement in capabilities and assumptions over the best prior homomorphic signature scheme due to Boneh and Freeman (Eurocrypt \'11).
As a building block of independent interest, we introduce a new notion called homomorphic trapdoor functions (HTDF). We show to how construct homomorphic signatures using HTDFs as a black box. We construct HTDFs based on the SIS problem by relying on a recent technique developed by Boneh et al. (Eurocrypt \'14) in the context of attribute based encryption.
difficult to identify the solution that performs best in a respective scenario, especially since they were not all implemented and compared in the same setting.
In this work, we give an overview on existing PSI protocols that are secure against semi-honest adversaries. We take advantage of the most recent efficiency improvements in OT extension to propose significant optimizations to previous PSI protocols and to suggest a new PSI protocol whose runtime is superior to that of existing protocols. We compare the performance of the protocols both theoretically and experimentally, by implementing all protocols on the same platform, and give recommendations on which protocol to use in a particular setting.