International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

06:17 [Pub][ePrint] Efficient Implementation of Keyless Signatures with Hash Sequence Authentication, by Ahto Buldas and Risto Laanoja and Ahto Truu

  We present new ideas for decreasing the size of secure memory needed for hardware implementations of

hash-sequence based signatures proposed recently by Buldas, Laanoja and Truu (in the following referred to as BLT).

In their scheme, a message $m$ is signed by time-stamping a concatenation $m\\| z_t$ of the message and the one-time

pseudo-random password $z_t$ intended to sign messages at a particular time $t$.

The signature is valid only if the time-stamp points to the same time $t$. Hence, the one time passwords cannot be abused after their use.

To efficiently and securely implement such a scheme at the client side, dedicated hardware is needed and thereby, the solutions that save the (secure) memory and computational time are important. For such schemes, the memory consumption directly depends on the efficiency of the \\emph{hash sequence reversal algorithms}.

The best known reversal algorithm for the BLT scheme uses $O(\\log^2 \\ell)$ memory.

This means that for a signing key that is valid for one year (i.e. $\\ell\\approx 2^{25}$ with one-second time resolution), the device needs to store about $25^2=625$ hash

values which for SHA-256 hashing algorithm means about $20$ K bytes of secure memory.

Another problem with hash sequence reversal algorithms is that they mostly assume that the signature device is always

connected to the computer or has an independent power supply. This is a serious limitation for smart-card implementations of the scheme.

We show first that a mini Public Key Infrastructure in the signature device can be used to lower the memory consumption about twice.

There is a master key (i.e. a hash sequence) that is used to certify short term (about five minutes) signing keys

so that a signature consists of a short term certificate which is a hash chain in the master hash tree (used to authenticate the master hash sequence), and a hash chain that is used to authenticate a particular hash value $z_t$ in the sequence.

We also discuss how to implement hash sequence signatures in devices that have no power supply and are not regularly connected to

computers, such as smart-cards which are often used as personal digital signature devices. General-purpose cryptographic smart-cards also have many

restrictions that limit the use of hash sequence signatures. For example, their hashing speed is relatively low: up to 500 hashing steps per second;

their secure memory is of limited size, etc. This all combined with irregular usage patterns makes the use of hash sequence signatures questionable.

We show why the hash sequence signature (in its original form) cannot be used as the CA signature in the mini PKI solution.

Finally, we propose a new type of hash sequence signature that is more suitable for smart-card implementations.

06:17 [Pub][ePrint] Efficient Interval Check in the Presence of Malicious Adversaries, by Genqiang Wu and Yeping He and Yi Lu and Liping Ding

  We consider the following problem: Assuming that Alice and Bob have an integer interval $[a, e]$ and an integer $b$ respectively, for a commitment $c$ to $b$, Alice and Bob jointly check whether $b$ is within $[a, e]$ without revealing their inputs, where either party may behave maliciously. A special case of the problem is the secure integer comparison in the malicious model. This problem mainly arises from location-based access control systems where one party needs to assure to the other party that its location is within some definite area.

Our main result is a constant-round protocol that exhibit the square of $\\log e$ communication and the square of $\\log e$ exponentiations with simulation-based security. At the heart of the construction is perfect $k$-ary index and corresponding zero-knowledge proof techniques.

We consider a more general case of the problem where the interval is substituted by a union of intervals.

17:02 [Event][New] ACNS'15: 13th International Conference on Applied Cryptography and Network Security

  Submission: 16 January 2015
Notification: 17 March 2015
From June 2 to June 5
Location: New York, USA
More Information:

16:56 [Event][New] Crypto: Crypto 2016

  From August 14 to August 18
Location: Santa Barbara, USA
More Information:

16:56 [Event][New] Crypto: Crypto 2015

  From August 16 to August 20
Location: Santa Barbara, USA
More Information:

09:17 [Pub][ePrint] Bits Security of the CDH Problems over Finite Fields, by Mingqiang Wang and Tao Zhan and Haibin Zhang

  It is a long-standing open problem to prove the existence of (deterministic) hard-core predicates for the Diffie-Hellman problem over finite fields, without resorting to the generic approaches for any one-way functions (e.g., the Goldreich-Levin hard-core predicates). Fazio et al. (FGPS, Crypto \'13) make important progress on this problem by defining a weaker Computational Diffie-Hellman (CDH) problem over $\\mathbb{F}_{p^2}$, i.e., Partial-CDH problem, and proving the unpredictability of every single bit of one of the coordinates of the secret Diffie-Hellman value. However, the existence of specific hard-core predicates for the regular CDH problems defined over finite fields remains unproven. This paper closes this gap and resolves all the open problems left in FGPS:

1. We prove that the Partial-CDH problem over finite fields $\\mathbb{F}_{p^2}$ is as hard as the regular CDH problem over the same fields.

2. We show a much stronger and more generalized result over finite fields $\\mathbb{F}_{p^2}$---not only the regular CDH problem over $\\mathbb{F}_{p^2}$ admits hard-core predicates but every individual bit of the CDH value is unpredictable.

3. We extend the Partial-CDH problem to define the $d$-th CDH problem over finite fields $\\mathbb{F}_{p^t}$ for any polynomial $t>1$ and for any $0\\leq d \\leq t-1$. We show that computing any single coordinate of the CDH value over $\\mathbb{F}_{p^t}$ is equivalent to computing the entire CDH value.

4. We prove that over finite fields $\\mathbb{F}_{p^t}$ for any polynomial~$t>1$, each $d$-th CDH problem except $d \\neq 0$ admits a large class of hard-core predicates, including every individual bit of the $d$-th coordinate. Hence almost all individual bits of the CDH value of the regular CDH problem over finite fields $\\mathbb{F}_{p^t}$ for $t>1$ are hard-core.

09:17 [Pub][ePrint] The Adjacency Graph of Some LFSRs, by Ming Li and Dongdai Lin

  In this paper, we discuss the adjacency graph of feedback shift registers (FSRs) whose characteristic polynomial can be written as $g=(x_0+x_1)*f$ for some linear function $f$. For $f$ contains an odd number of terms, we present a method to calculate the adjacency graph of FSR$_{(x_0+x_1)*f}$ from the adjacency graph of FSR$_f$. The parity of the weight of cycles in FSR$_{(x_0+x_1)*f}$ can also be determined easily. For $f$ contains an even number of terms, the theory is not so much complete. We need more information than the adjacency graph of FSR$_f$ to determine the adjacency graph of FSR$_{(x_0+x_1)*f}$.

Besides, some properties about the cycle structure of linear feedback shift registers (LFSR) are presented.

07:12 [Event][New] ASK 2014: The Fourth Asian Workshop on Symmetric Key Cryptography - Cryptology School

  Submission: 30 November 2014
From December 19 to December 22
Location: Chennai, India
More Information:

07:03 [Event][New] School on Cryptographic Attacks

  From October 13 to October 16
Location: Porto, Portugal
More Information:

16:33 [Job][New] Ph.D. student or Post-Doc (cryptographic protocols and/or electronic voting), University of Trier, Germany

  The Chair for Information Security and Cryptography at University of Trier, Germany, offers a full-time PhD/Postdoc position.

The position involves both research and teaching in the area of cryptography/information security. The successful candidate is expected to contribute to research in cryptographic protocols and/or electronic voting.

The position is available immediately and is fully funded, with an internationally competitive salary.

Contracts are initially offered for two years. An extension to a total duration of up to six years is possible.

He or she is given the possibility to carry out a Ph.D. or, for Postdocs, a Habilitation.

The successful candidate should have a Master\'s degree or a Ph.D. (or should be very close to completion thereof) in Computer Science, Mathematics, Information Security, or a related field, with strong analytical and mathematical skills. Knowledge in cryptography is an asset. Since teaching is mostly done in German, sufficient knowledge of German is required.

The deadline for applications is October 5th, 2014. However, late applications will be considered until the position is filled.

See for the official job announcement (in German).

15:17 [Pub][ePrint] A Unified Formalism for Physical Attacks, by Hélène Le Bouder , Ronan Lashermes , Yanis Linge , Bruno Robisson and Assia Tria

  The security of cryptographic algorithms can be consideredin two contexts. On the one hand, these algorithms can be proven secure mathematically. On the other hand, physical attacks can weaken the implementation of an algorithm yet proven secure. Under the common name of physical attacks, different attacks are regrouped: side channel

attacks and fault injection attacks. This paper presents a common formalism for these attacks and highlights their underlying principles. All physical attacks on symmetric algorithms can be described with a 3-step process. Moreover it is possible to compare different physical attacks, by separating the theoretical attack path and the experimental parts of the attacks.