International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-06-26
21:17 [Pub][ePrint]

21:17 [Pub][ePrint]

21:17 [Pub][ePrint]

21:17 [Pub][ePrint]

In Financial Cryptography 2013, Bringer, Chabanne

and Patey proposed two biometric authentication schemes between

a prover and a verifier where the verifier has biometric

data of the users in plain form. The protocols are based on secure

computation of Hamming distance in the two-party setting. Their

first scheme uses Oblivious Transfer (OT) and provides security

in the semi-honest model. The other scheme uses Committed

Oblivious Transfer (COT) and is claimed to provide full security

in the malicious case.

In this paper, we show that their protocol against malicious

adversaries is not actually secure. We propose a generic attack

where the Hamming distance can be minimized without knowledge

of the real input of the user. Namely, any attacker can

impersonate any legitimate user without prior knowledge. We

propose an enhanced version of their protocol where this attack

is eliminated. We provide a simulation based proof of the security

of our modified protocol. In addition, for efficiency concerns, the

modified version also utilizes Verifiable Oblivious Transfer (VOT)

instead of COT. The use of VOT does not reduce the security of

the protocol but improves the efficiency significantly.

21:17 [Pub][ePrint]

2014-06-25
21:12 [PhD][New]

Name: J. C. Migliore

21:12 [PhD][Update]

Name: Elisa Gorla
Topic: Lifting properties from the general hyperplane section of a projective scheme
Category:(no category)

2014-06-23
15:17 [Pub][ePrint]

We consider the notion of a non-interactive key exchange (NIKE). A NIKE scheme allows a party \$$A\$$ to compute a common shared key with another party \$$B\$$ from \$$B\$$\'s public key and \$$A\$$\'s secret key alone. This computation requires no interaction between \$$A\$$ and \$$B\$$, a feature which distinguishes NIKE from regular (i.e., interactive) key exchange not only quantitatively, but also qualitatively.

Our first contribution is a formalization of NIKE protocols as ideal

functionalities in the Universal Composability (UC) framework.

As we will argue, existing NIKE definitions (all of which are game-based) do not support a modular analysis either of NIKE schemes themselves, or of the use of NIKE schemes. We provide a simple and natural UC-based NIKE definition that allows for a modular analysis both of NIKE schemes and their use in larger protocols.

We proceed to investigate the properties of our new definition, and in

particular its relation to existing game-based NIKE definitions. We find that

(a) game-based NIKE security is equivalent to UC-based NIKE security

against \\emph{static} corruptions, and

(b) UC-NIKE security against adaptive corruptions cannot be achieved

without additional assumptions (but \\emph{can} be achieved in the random oracle model).

Our results suggest that our UC-based NIKE definition is a useful and simple abstraction of non-interactive key exchange.

15:17 [Pub][ePrint]

15:17 [Pub][ePrint]

15:17 [Pub][ePrint]