International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

00:17 [Pub][ePrint] Resizable Tree-Based Oblivious RAM, by Tarik Moataz and Travis Mayberry and Erik-Oliver Blass

  Although newly proposed, tree-based Oblivious RAM schemes are drastically more efficient than older techniques, they come with a significant drawback: an inherent dependence on a fixed-size database. This capability is vital for real-world use of Oblivious RAM since one of its most promising deployment scenarios is for cloud storage, where scalability and elasticity are crucial. We revisit the original construction by Shi et al. [16] and propose several ways to support both increasing and decreasing the ORAM\'s size with sublinear communication. We show that increasing capacity can be accomplished by adding leaf nodes to the tree, but that it must be done carefully in order to preserve the probabilistic integrity of the data structures. We also provide new, tighter bounds for the size of interior and leaf nodes in the scheme, saving bandwidth and storage over previous constructions. Finally, we define an oblivious pruning technique for removing leaf nodes and decreasing the size of the tree. We show that this pruning method is both secure and efficient.

00:17 [Pub][ePrint] Augmented Learning with Errors: The Untapped Potential of the Error Term, by Rachid El Bansarkhani and Özgür Dagdelen and Johannes Buchmann

  The Learning with Errors (LWE) problem has gained a lot of attention in recent years leading to a series of new cryptographic applications. Specifically, it states that it is hard to distinguish random linear equations disguised by some small error from truly random ones. Interestingly, cryptographic primitives based on LWE often do not exploit the full potential of the error term beside of its importance for security.

To this end, we introduce a novel LWE-close assumption, namely Augmented Learning with Errors (A-LWE), which allows to hide auxiliary data injected into the error term by a technique that we call message embedding. In particular, it enables existing cryptosystems to strongly increase the message throughput per ciphertext. We show that A-LWE is for certain instantiations at least as hard as the LWE problem. This inherently leads to new cryptographic constructions providing high data load encryption and customized security properties as required, for instance, in economic environments such as stock markets resp. for financial transactions. The security of those constructions basically stems from the hardness to solve the A-LWE problem.

As an application we introduce (among others) the first lattice-based replayable chosen-ciphertext secure encryption scheme from A-LWE.

00:17 [Pub][ePrint] S-box pipelining using genetic algorithms for high-throughput AES implementations: How fast can we go?, by Lejla Batina and Domagoj Jakobovic and Nele Mentens and Stjepan Picek and Antonio de la Piedr

  In the last few years, several practitioners have proposed a

wide range of approaches for reducing the implementation area of the

AES in hardware. However, an area-throughput trade-off that undermines high-speed is not realistic for real-time cryptographic applications. In this manuscript, we explore how Genetic Algorithms (GAs) can be used for pipelining the AES substitution box based on composite field arithmetic. We implemented a framework that parses and analyzes a Verilog netlist, abstracts it as a graph of interconnected cells and generates circuit statistics on its elements and paths. With this information, the GA extracts the appropriate arrangement of Flip-Flops (FFs) that maximizes the throughput of the given netlist. In doing so, we show that it is possible to achieve a 50 % improvement in throughput with only an 18 % increase in area in the UMC 0.13 um low-leakage standard cell library.

00:17 [Pub][ePrint] Dealer-Leakage Resilient Verifiable Secret Sharing, by Ruxandra F. Olimid

  Verifiable Secret Sharing (VSS) guarantees that honest parties reconstruct a consistent secret even in the presence of a malicious dealer that distributes invalid shares. We empower the dishonest dealer and consider the case when he subliminally leaks information in valid shares, allowing an adversary to access the secret prior to the reconstruction phase. We define the concept of Dealer-Leakage Resilient Verifiable Secret Sharing (DLR-VSS) as a stronger notion of VSS that achieves security under this settings. We propose an efficient DLR-VSS and prove its properties in the semi-honest adversarial model.

00:17 [Pub][ePrint] Cube Attacks and Cube-attack-like Cryptanalysis on the Round-reduced Keccak Sponge Function, by Itai Dinur and Pawel Morawiecki and Josef Pieprzyk and Marian Srebrny and Michal Straus

  In this paper, we comprehensively study the resistance of keyed variants of SHA-3 (Keccak) against algebraic attacks. This analysis covers a wide range of key recovery, MAC forgery and other types of attacks, breaking up to 9 rounds (out of the full 24) of the Keccak internal permutation much faster than exhaustive search. Moreover, some of our attacks on the 6-round Keccak are completely practical and were verified on a desktop PC. Our methods combine cube attacks (an algebraic key recovery attack) and related algebraic techniques with structural analysis of the Keccak permutation. These techniques should be useful in future cryptanalysis of Keccak and similar designs.

Although our attacks break more rounds than previously published techniques, the security margin of Keccak remains large. For Keyak -- a Keccak-based authenticated encryption scheme -- the nominal number of rounds is 12 and therefore its security margin is smaller (although still sufficient).

21:17 [Pub][ePrint] Protecting Encrypted Cookies from Compression Side-Channel Attacks, by Janaka Alawatugoda and Douglas Stebila and Colin Boyd

  Compression is desirable for network applications as it saves bandwidth; however, when data is compressed before being encrypted, the amount of compression leaks information about the amount of redundancy in the plaintext. This side channel has led to successful real-world attacks (the CRIME and BREACH attacks) on web traffic protected by the Transport Layer Security (TLS) protocol. The general guidance in light of these attacks has been to disable compression, preserving confidentiality but sacrificing bandwidth. In this paper, we examine two techniques---heuristic separation of secrets and fixed-dictionary compression---for enabling compression while protecting high-value secrets, such as cookies, from attack. We model the security offered by these techniques and report on the amount of compressibility that they can achieve.

06:31 [Event][New] IoTPTS 2015: ASIACCS Workshop on IoT Privacy, Trust, and Security

  Submission: 7 January 2015
Notification: 31 January 2015
From April 14 to April 14
Location: Singapore, Singapore
More Information:

21:17 [Pub][ePrint] Crypto-analyses on \"secure and efficient privacy-preserving public auditing scheme for cloud storage\", by Yalin Chen and Jue-Sam Chou*

  Recently, Worku et al. pointed out that the work \"privacy-preserving public auditing for data storage security in cloud computing\" proposed by Wang et al. is insecure and their second work \"privacy- preserving public auditing for secure cloud the storage\" is inefficient. Thus, they offered a secure and efficient-privacy public auditing scheme for cloud storage. They claimed that their system is provably secure in the random oracle model and the operation is effective. However, after crypto-analysis, we found that the scheme cannot reach the security goal, it has the existential forgery attack. We, therefore, alter it to incorporate the desired privacy preserving requirement, which is very significant in a privacy-preserving public auditing protocol for cloud storage.

18:17 [Pub][ePrint] A comprehensive empirical comparison of parallel ListSieve and GaussSieve, by Artur Mariano and Ozgur Dagdelen and Christian Bischof

  The security of lattice-based cryptosystems is determined by

the performance of practical implementations of, among others, algo-

rithms for the Shortest Vector Problem (SVP).

In this paper, we conduct a comprehensive, empirical comparison of two

SVP-solvers: ListSieve and GaussSieve. We also propose a practical par-

allel implementation of ListSieve, which achieves super-linear speedups

on multi-core CPUs, with efficiency levels as high as 183%. By compar-

ing our implementation with a parallel implementation of GaussSieve, we

show that ListSieve can, in fact, outperform GaussSieve for a large num-

ber of threads, thus answering a question that was still open to this day.

18:17 [Pub][ePrint] Cryptanalysis on `Robust Biometrics-Based Authentication Scheme for Multi-server Environment\', by Vanga Odelu and Ashok Kumar Das and Adrijit Goswami

  Authentication plays an important role in an open network environment in order to authenticate two communication parties among each other. Authentication protocols should protect the sensitive information against a malicious adversary by providing a variety of services, such as authentication, user credentials\' privacy, user revocation and re-registration, when the smart card is lost/stolen or the private key of a user or a server is revealed. Unfortunately, most of the existing multi-server authentication schemes proposed in the literature do not support the fundamental security property such as the revocation and re-registration with same identity. Recently, in 2014, He and Wang proposed a robust and efficient multi-server authentication scheme using biometrics-based smart card and elliptic curve cryptography (ECC). In this paper, we analyze the He-Wang\'s scheme and show that He-Wang\'s scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addition, we show that their scheme does not provide strong user\'s anonymity. Furthermore, He-Wang\'s scheme cannot support the revocation and re-registration property. Apart from these, He-Wang\'s scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase.

18:17 [Pub][ePrint] Wire-Tap Codes as Side-Channel Countermeasure - an FPGA-based experiment, by Amir Moradi

  In order to provide security against side-channel attacks a masking scheme which makes use of wire-tap codes has recently been proposed. The scheme benefits from the features of binary linear codes, and its application to AES has been presented in the seminal article. In this work - with respect to the underlying scheme - we re-iterate the fundamental operations of the AES cipher in a hopefully more understandable terminology. Considering an FPGA platform we address the challenges each AES operation incurs in terms of implementation complexity. We show different scenarios on how to realize the SubBytes operation as the most critical issue is to deal with the large S-boxes encoded by the underlying scheme. Constructing various designs to actualize a full AES-128 encryption engine of the scheme, we provide practical side-channel evaluations based on traces collected from a Spartan-6 FPGA platform. As a result, we show that - despite nice features of the scheme - with respect to its area and power overhead its advantages are very marginal unless its fault-detection ability is also being employed.