International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

18:17 [Pub][ePrint] Privacy preserving delegated word search in the cloud, by Kaoutar Elkhiyaoui and Melek Onen and Refik Molva

  In this paper, we address the problem of privacy preserving delegated word search in the cloud. We consider a scenario where a data owner outsources its data to a cloud server and delegates the search capabilities to a set of third party users. In the face of semi-honest cloud servers, the data owner does not want to disclose any information about the outsourced data; yet it still wants to benefit from the highly parallel cloud environment. In addition, the data owner wants to ensure that delegating the search functionality to third parties does not allow these third parties to jeopardize the confidentiality of the outsourced data, neither does it prevent the data owner from efficiently revoking the access of these authorized parties. To these ends, we propose a word search protocol that builds upon techniques of keyed hash functions, oblivious pseudo-random functions and Cuckoo hashing to construct a searchable index for the outsourced data, and uses private information retrieval of short information to guarantee that word search queries do not reveal any information about the data to the cloud server. Moreover, we combine attribute-based encryption and oblivious pseudo-random functions to achieve an efficient revocation of authorized third parties. The proposed scheme is suitable for the cloud as it

can be easily parallelized.

18:17 [Pub][ePrint] A Probabilistic Algebraic Attack on the Grain Family of Stream Cipher, by Pratish Datta and Dibyendu Roy and Sourav Mukhopadhyay

  In 2005, Hell, Johansson and Meier submitted a stream cipher proposal named Grain

v1 to the estream call for stream cipher proposals and it also became one estream nalists in the

hardware category. The output function of Grain v1 connects its 160 bits internal state divided

equally between an LFSR and an NFSR, using a non-linear lter function in a complex way. Over

the last years many cryptanalyst identied several weaknesses in Grain v1. As a result in 2011 the

inventors modied Grain v1 and published a new version of Grain named Grain-128a which has

a similar structure as Grain v1 but with a 256 bits internal state with an optional authentication

is the latest version of Grain family resisting all known attacks on Grain v1. However both these

ciphers are quite resistant against the classical algebraic attack due to the rapid growth of the degree

of the key-stream equations in subsequent clockings caused by the NFSR. This paper presents a

probabilistic algebraic attack on both these Grain versions. The basic idea of our attack is to

develop separate probabilistic equations for the LFSR and the NFSR bits from each key-stream

equations. Surprisingly it turns out that in case of Grain-128a our proposed equations hold with all

most sure probability, which makes the sure retrieval of the LFSR bits. We also outline a technique

to reduce the growth of degree of the equations involving the NFSR bits for Grain v1. Further

we high light that the concept of probabilistic algebraic attack as proposed in this paper can be

considered as a generic attack strategy against any stream cipher having similar structure of the

output function as in case of the Grain family.

18:17 [Pub][ePrint] Constructing CCA-secure predicate encapsulation schemes from CPA-secure schemes and universal one-way hash functions, by Johannes Blömer and Gennadij Liske

  We present a new transformation of chosen-plaintext secure predicate encryption schemes with public index into chosen-ciphertext secure schemes. Our construction requires only a universal one-way hash function and is selectively secure in the standard model. The transformation is not generic but can be applied to various existing schemes constructed from bilinear groups. Using common structural properties of these schemes we provide an efficient and simple transformation without overhead in form of one-time signatures or message authentication codes as required in the known generic transformations.

18:17 [Pub][ePrint] Rmind: a tool for cryptographically secure statistical analysis, by Dan Bogdanov and Liina Kamm and Sven Laur and Ville Sokk

  Secure multi-party computation platforms are becoming more and more practical. This has paved the way for privacy-preserving statistical analysis using secure multi-party computation. Simple statistical analysis functions have been emerging here and there in literature, but no comprehensive system has been compiled. We describe and implement the most used statistical analysis functions in the privacy-preserving setting including simple statistics, t-test, $\\chi^{2}$ test, Wilcoxon tests and linear regression. We give descriptions of the privacy-preserving algorithms and benchmark results that show the feasibility of our solution.

07:34 [Event][New] ICIEIS2014: International Conference on Informatics Engineering and Information science

  Submission: 20 August 2014
Notification: 4 September 2014
From September 22 to September 24
Location: Lodz, Poland
More Information:

15:17 [Pub][ePrint] How to Generate and use Universal Parameters, by Dakshita Khurana and Amit Sahai and Brent Waters

  We introduce the notion of \\emph{universal parameters} as a method for generating the

trusted parameters for many schemes from just a single trusted setup. In such a scheme

a trusted setup process will produce universal parameters $U$. These parameters can

then be combined with the description, $d(\\cdot)$ of any particular cryptographic setup

algorithm to produce parameters $p_d$ that can be used by the cryptographic system associated

with $d$. We give a solution in the random oracle model based on indistinguishability obfuscation.

10:10 [Event][New] ICISSP 2015: 1st International Conference on Information Systems Security and Privacy

  From February 9 to February 11
Location: Angers, Loire Valley, France
More Information:

00:17 [Pub][ePrint] Lighter, Faster, and Constant-Time: WhirlBob, the Whirlpool variant of StriBob, by Markku-Juhani O. Saarinen

  WhirlBob is a new Authenticated Encryption with Associated Data (AEAD)

algorithm derived from the first round CAESAR candidate StriBob

and the Whirlpool hash algorithm. The main advantage of WhirlBob over

StriBob is its greatly reduced implementation footprint on

resource-constrained platforms. Remarkably, the entire C reference

implementation of WhirlBob $\\pi$ fits onto a single page of the Appendix.

On most low-end microcontrollers the total software footprint of

$\\pi$+BLNK = WhirlBob AEAD is less than half a kilobyte. The greatly

reduced hardware gate count is also reflected as efficient bitsliced

straight-line implementations, especially on 64-bit platforms. Bitslicing

works as an efficient countermeasure against AES-style cache timing

side-channel attacks. The new design utilizes only the LPS or $\\rho$

keying line of Whirlpool in a flexible domain-separated Sponge mode BLNK

and adds the number of rounds in $\\pi$ permutation from 10 to 12 as a

countermeasure against Rebound Distinguishing attacks of ASIACRYPT \'09.

As with StriBob, the reduced-size Sponge design has a strong provable

security link with the original hash algorithm. We finally present some

discussion and analysis on differences between Whirlpool, the Russian

GOST Streebog hash, and the recently proposed draft Russian

Encryption Standard Kuznyechik.

00:17 [Pub][ePrint] What\'s the Gist? Privacy-Preserving Aggregation of User Profiles, by Igor Bilogrevic \\and Julien Freudiger \\and Emiliano De Cristofaro \\and Ersin Uzun

  Over the past few years, online service providers have started gathering increasing amounts of personal information to build user profiles and monetize them with advertisers and data brokers. Users have little control of what information is processed and are often left with an all-or-nothing decision between receiving free services or refusing to be profiled. This paper explores an alternative approach where users only disclose an aggregate model -- the ``gist\'\' -- of their data. We aim to preserve data utility and simultaneously provide user privacy. We show that this approach can be efficiently supported by letting users contribute encrypted and differentially-private data to an aggregator. The aggregator combines encrypted contributions and can only extract an aggregate model of the underlying data. We evaluate our framework on a dataset of 100,000 U.S. users obtained from the U.S. Census Bureau and show that (i) it provides accurate aggregates with as little as 100 users, (ii) it generates revenue for both users and data brokers, and (iii) its overhead is appreciably low.

00:17 [Pub][ePrint] Efficient Hidden Vector Encryption with Constant-Size Ciphertext, by Tran Viet Xuan Phuong and Guomin Yang and Willy Susilo

  A Hidden Vector Encryption (HVE) scheme is a special type of anonymous identity-based encryption (IBE) scheme where the attribute string associated with the ciphertext or the user secret key can contain wildcards. In this paper, we introduce two constant-size ciphertext-policy hidden vector encryption (CP-HVE) schemes. Our first scheme is constructed on composite order bilinear groups, while the second one is built on prime order bilinear groups. Both schemes are proven secure in a selective security model which captures plaintext (or payload) and attribute hiding. To the best of our knowledge, our schemes are the first HVE constructions that can achieve constant-size ciphertext among all the existing HVE schemes.

00:17 [Pub][ePrint] A Provable Security Analysis of Intel\'s Secure Key RNG, by Thomas Shrimpton and R. Seth Terashima

  We provide the first provable-security analysis of the Intel Secure Key hardware RNG (ISK-RNG), versions of which have appeared in Intel processors since late 2011. To model the ISK-RNG, we generalize the PRNG-with-inputs primitive, introduced Dodis et al. introduced at CCS\'13 for their /dev/[u]random analysis. The concrete security bounds we uncover tell a mixed story. We find that ISK-RNG lacks backward-security altogether, and that the forward-security bound for the ``truly random\'\' bits fetched by the RDSEED instruction is potentially worrisome. On the other hand, we are able to prove stronger forward-security bounds for the pseudorandom bits fetched by the RDRAND instruction. En route to these results, our main technical efforts focus on the way in which ISK-RNG employs CBCMAC as an entropy extractor.