*09:17* [Pub][ePrint]
Curve41417: Karatsuba revisited, by Daniel J. Bernstein and Chitchanok Chuengsatiansup and Tanja Lange
This paper introduces constant-time ARM Cortex-A8 ECDH software that(1) is faster than the fastest ECDH option in the latest version of OpenSSL but

(2) achieves a security level above 2^200 using a prime above 2^400.

For comparison, this OpenSSL ECDH option is not constant-time and has a security level of only 2^80.

The new speeds are achieved in a quite different way

from typical prime-field ECC software:

they rely on a synergy between Karatsuba\'s method

and choices of radix smaller than the CPU word size.

*18:17* [Pub][ePrint]
Cryptography from Compression Functions: The UCE Bridge to the ROM, by Mihir Bellare and Viet Tung Hoang and Sriram Keelveedhi
This paper suggests and explores the use of UCE security for the task ofturning VIL-ROM schemes into FIL-ROM ones. The benefits we offer over

indifferentiability, the current leading method for this task, are the ability

to handle multi-stage games and greater efficiency. The paradigm consists of

(1) Showing that a VIL UCE function can instantiate the VIL RO in the scheme,

and (2) Constructing the VIL UCE function given a FIL random oracle. The main

technical contributions of the paper are domain extension transforms that

implement the second step. Leveraging known results for the first step we

automatically obtain FIL-ROM constructions for several primitives whose

security notions are underlain by multi-stage games. Our first domain extender

exploits indifferentiability, showing that although the latter does not work

directly for multi-stage games it can be used indirectly, through UCE, as a

tool for this end. Our second domain extender targets performance. It is

parallelizable and shown through implementation to provide significant

performance gains over indifferentiable domain extenders.

*21:17* [Pub][ePrint]
On Constrained Implementation of Lattice-based Cryptographic Primitives and Schemes on Smart Cards, by Ahmad Boorghany and Siavash Bayat Sarmadi and Rasool Jalili
Most lattice-based cryptographic schemes with a security proof suffer from large key sizes and heavy computations. This is also true for the simpler case of authentication protocols which are used on smart cards, as a very-constrained computing environment.Recent progress on ideal lattices has significantly improved the efficiency, and made it possible to implement practical lattice-based cryptography on constrained devices. However, to the best of our knowledge, no previous attempts were made to implement lattice-based schemes on smart cards.

In this paper, we provide the results of our implementation of several state-of-the-art lattice-based authentication protocols on smart cards and a microcontroller widely used in smart cards. Our results show that only a few of the proposed lattice-based authentication protocols can be implemented using limited resources of such constrained devices, however, cutting-edge ones are suitably-efficient to be used practically on smart cards.

Moreover, we have implemented fast Fourier transform (FFT) and discrete Gaussian sampling with different typical parameters sets, as well as versatile lattice-based public-key encryptions. These results have noticeable points which help to design or optimize lattice-based schemes for constrained devices.

*21:17* [Pub][ePrint]
On the Connection between Leakage Tolerance and Adaptive Security, by Jesper Buus Nielsen and Daniele Venturi and Angela Zottarel
We revisit the context of leakage-tolerant interactive protocols asdefined by Bitanski, Canetti and Halevi (TCC 2012). Our contributions

can be summarized as follows:

\\begin{enumerate}

\\item

For the purpose of secure message transmission, any encryption

protocol with message space $\\cM$ and secret key space $\\cSK$

tolerating poly-logarithmic leakage on the secret state of the

receiver must satisfy $|\\cSK| \\ge (1-\\epsilon)|\\cM|$, for every $0