International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-08-21
03:17 [Pub][ePrint]

In this paper, we consider a setting where a user wants to outsource storage of a large amount of private data, and then perform pattern matching queries on the data; that is, given a data string $s$ and a

pattern\'\' string $p$, find all occurrences of $p$ as a substring of $s$.

We formalize the security properties desired in this type of setting by defining a type of encryption called \\emph{queryable

encryption}. In a queryable encryption scheme, a user can encrypt a

message $M$ under a secret key, and using the secret key can

generate tokens for queries $q$. Applying a token for a query $q$

to an encryption of $M$ gives the answer to the query $q$ on $M$. We consider security against both honest-but-curious and malicious adversaries, and define properties guaranteeing both the correctness of the user\'s results and the privacy of the user\'s data. Following the line of work started by \\cite{CGKO06}, to allow for efficient constructions, we allow the protocol to leak some information about the user\'s data, however we ensure that this leakage can be precisely captured in the definition. In addition, we allow the query protocol to involve a small constant number of rounds of interaction.

We construct a queryable encryption scheme for pattern matching queries that is correct and secure in the malicious model. Our construction is based on efficient symmetric-key building blocks and scales well with the size of the input: encryption of a data string of length $n$ with security parameter $\\lambda$ takes $O(n)$ time and produces a ciphertext of size $O(n\\lambda)$, and a query for a pattern string of length $m$ that occurs $k$ times takes $O(m+k)$ time and three rounds of communication.

03:17 [Pub][ePrint]

This paper proposes a novel approach for automated implementation of an arbiter-based physical unclonable function (PUF)

on field programmable gate arrays (FPGAs). We introduce a high resolution programmable delay logic (PDL) that is implemented

by harnessing the FPGA lookup-table (LUT) internal structure. PDL allows automatic fine tuning of delays that

can mitigate the timing skews caused by asymmetries in interconnect routing and systematic variations. To thwart the arbiter metastability problem, we present and analyze methods for majority voting of responses. A method to classify and group challenges into different robustness sets is introduced that enhances the corresponding responses\' stability in the face of operational variations. The trade-off between response stability and response entropy (uniqueness) is investigated through comprehensive measurements. We exploit the correlation between the impact of temperature and power supply on responses and perform less costly power measurements to predict the temperature impact on PUF. The measurements are performed on 12 identical Virtex 5 FPGAs across 9 different accurately controlled operating temperature and voltage supply points. A database of challenge response pairs (CRPs) are collected and made openly available for the research community.

2014-08-20
23:42 [Election]

## IACR 2014 Election

The 2014 election is being held to fill three of nine IACR Director positions. The election will again be run electronically and further information will be available on the IACR website.

### Nominations Are Now Open

Nominations are due by October 10, 2014. A nomination form is available at the elections page.

### Election of Directors

The directors whose terms are expiring are
• Josh Benaloh (director)
• Shai Halevi (director)
• Moti Yung (director)

### Election Committee

• Michel Abdalla (Returning Officer)
• Anna Lysyanskaya
• Bart Preneel (Chair)

21:17 [Pub][ePrint]

We demonstrate physical side-channel attacks on a popular software implementation of RSA and ElGamal, running on laptop computers. Our attacks use novel side channels, based on the observation that the \"ground\" electric potential, in many computers, fluctuates in a computation-dependent way. An attacker can measure this signal by touching exposed metal on the computer\'s chassis with a plain wire, or even with a bare hand. The signal can also be measured at the remote end of Ethernet, VGA or USB cables.

Through suitable cryptanalysis and signal processing, we have extracted 4096-bit RSA keys and 3072-bit ElGamal keys from laptops, via each of these channels, as well as via power analysis and electromagnetic probing. Despite the GHz-scale clock rate of the laptops and numerous noise sources, the full attacks require a few seconds of measurements using Medium Frequency signals (around 2 MHz), or one hour using Low Frequency signals (up to 40 kHz).

21:17 [Pub][ePrint]

This work deals with the various requirements of encryption and authentication in cryptographic applications. The approach

is to construct suitable modes of operations of a block cipher to achieve the relevant goals. A variety

of schemes suitable for specific applications are presented. While none of the schemes are built completely from scratch,

there is a common unifying framework which connects them. All the schemes described have been implemented and the implementation

details are publicly available. Performance figures are presented when the block cipher is the AES and the Intel AES-NI

instructions are used. These figures suggest that the constructions presented here compare well with previous works

such as the famous OCB mode of operation. In terms of features, the constructions provide several new offerings which

are not present in earlier works. This work significantly widens the range of choices of an actual designer of

cryptographic system.

21:17 [Pub][ePrint]

In this paper, we present an efficient $k$-out-of-$n$ secret sharing scheme, which can identify up to $t$ rushing cheaters, with probability at least $1 - \\epsilon$, where \$0

21:17 [Pub][ePrint]

We show how to realize two-factor authentication for a Bitcoin wallet employing the two-party ECDSA signature protocol adapted from MacKenzie & Reiter (2004). We also present a prototypic implementation of a Bitcoin wallet that offers both: two-factor authentication and verification over a separate channel. Since we use a smart phone as the second authentication factor, our solution can be used with hardware already available to most users and the user experience is quite similar to the existing online banking authentication methods.

21:17 [Pub][ePrint]

In this note we describe efficient protocols to perform in parallel many reads and writes in private arrays according to private indices. The protocol is implemented on top of the Arithmetic Black Box (ABB) and can be freely composed to build larger privacy-preserving applications. For a large class of secure multiparty computation (SMC) protocols, we believe our technique to have better practical performance than any previous ORAM technique that has been adapted for use in SMC. We also argue that for a significant class of SMC protocols, our technique has better asymptotic performance than previous approaches.

01:05 [Event][New]

Submission: 24 October 2014
From May 5 to May 7
Location: Washington DC Metro Area, USA

2014-08-18
15:54 [Job][New]

A postdoc position is available at CTIC, Department of Computer Science, to be filled as soon as possible. The position is for 1 year with the possibility of extension.

We are looking for an applicant committed to playing an active part in continuously building strong research collaborations between the Department of Computer Science at Aarhus University (http://www.cs.au.dk) and IIIS at Tsinghua University, Beijing. In particular, the successful applicant will spend significant time at IIIS, with funding for such visits being part of the position.

The applicant should have a background in at least one of the four focus areas of CTIC: Computational complexity theory, cryptography, quantum information theory or algorithmic game theory.

CTIC is a collaboration between the Department of Computer Science at Aarhus University, Denmark and IIIS at Tsinghua University, Beijing, China. The center leaders are Andrew Chi-Chih Yao, Tsinghua University and Peter Bro Miltersen, Aarhus University. More information about CTIC can be found at the center website: http://ctic.au.dk/.

Salary depends on seniority as agreed between the Danish Ministry of Finance and the Confederation of Professional Unions.

The application should be in English and include a curriculum vitae, degree certificate, a complete list of publications, a statement of future research plans and information about research activities.

Please apply by email to Katrine Aakjær Nielsen at katnie (at) cs.au.dk.

For more information on the position, you may contact Peter Bro Miltersen at bromille (at) cs.au.dk.

15:54 [Event][New]

Submission: 27 September 2015
From October 27 to October 29
Location: Kuala Lumpur, Malaysia