International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-09-24
13:26 [Event][New]

Submission: 22 November 2015
From June 30 to July 2

13:26 [Event][New]

Submission: 20 October 2014
From December 16 to December 17
Location: Beijing, China

2014-09-23
09:17 [Pub][ePrint]

LED and PHOTON are new ultra-lightweight cryptographic algorithms aiming at resource-constrained devices. In this article, we describe three different hardware architectures of the LED and PHOTON family optimized for Field-Programmable Gate Array (FPGA) devices. In the first architecture we propose a round-based implementation while the second is a fully serialized architecture performing operations on a single cell per clock cycle. Then, we propose a novel architecture that is designed with a focus on utilizing commonly available building blocks (SRL16). This new architecture, organized in a complex scheduling of the operations, seems very well suited for recent designs that use serial matrices. We implemented both the lightweight block cipher LED and the lightweight hash function PHOTON on the Xilinx FPGA series Spartan-3 (low-cost) and Artix-7 (high-end) devices and our new proposed architecture provides very competitive area-throughput trade-offs. In comparison with other recent lightweight block ciphers, the implementation results of LED show a significant improvement of hardware efficiency and we obtain the smallest known FPGA implementation (as of today) of any hash function.

09:17 [Pub][ePrint]

In this paper we define a trapdoor function called SBIM(Q) by using multivariate polynomials over the field of rational numbers $\\mathbb Q.$ The public key consists of $2n$ multivariate polynomials with $3n$ variables $y_1,\\dots,y_n,$ $z_1,\\dots,z_{2n}$. The $y_i$ variables take care for the information content, while the $z_i$ variables are for redundant information. Thus, for encryption of a plaintext of $n$ rational

numbers, a ciphertext of $2n$ rational numbers is used. The security is based on the fact that there are infinitely many solutions of a system with $2n$ polynomial equations of $3n$ unknowns.

The public key is designed by quasigroup transformations obtained from quasigroups presented in matrix form. The quasigroups presented in matrix form allow numerical as well as symbolic computations, and here we exploit that possibility. The private key consists of several $1\\times n$ and $n\\times n$ matrices over $\\mathbb Q$, and one $2n\\times 2n$ matrix.

09:17 [Pub][ePrint]

Search of rich Boolean function for designing a good cryptosystem

is most important. In this search from the infinite domain of integers,cases where rejection of integers for the existence of Generalized bent

function is very helpful. With the help of some necessary condition

of GBF here we show the non existence of [n,5] type Generalized Bent

functions.

2014-09-22
15:54 [Event][New]

From May 31 to June 5
Location: Sibenik, Croatia

2014-09-21
14:37 [PhD][New]

14:37 [PhD][Update]

Name: Elisabeth Oswald
Topic: On Side-Channel Attacks and the Application of Algorithmic Countermeasures
Category:implementation

Description: This thesis is devoted to the investigation of implementation attacks on di?erent types of cryptosystems. We focus on the passive types of such attacks, which exploit the running time, the power consumption or the electromagnetic radiation of the attacked device. In particular, most of the attacks which we will discuss in this thesis have been implemented in practice by using power consumption information. In the ?rst part of this thesis, we concentrate on the concepts on which sidechannel attacks are based. We demonstrate how such attacks can be applied to implementations of secret-key cryptosystems and how similar attacks can be used to break implementations of public-key cryptosystems as well. Besides the introductory chapter which addresses the currently exploited side-channels, this part also addresses the di?erent statistical methods which we used for our attacks and which models (or assumptions) we developed to perform attacks on di?erent types of cryptosystems. The second part of this thesis is concerned with the practical aspects of conducting side-channel attacks. We concentrate in this part on power-analysis attacks. Experimental attacks are described and some practical aspects of their realization are discussed. Our main contributions for this thesis are the introduction of a software-based approach to estimate the success for power analysis attacks, which has been published in [AO00], and the investigations on a speci?c type of countermeasures for securing implementations of elliptic curve cryptosystems, see [OA01] (joined work with M. Aigner) and [Osw03]. We developed a highly e?cient representation for the AES S-box [WOL02] (joint work with J. Wolkerstorfer and M. Lamberger). We also conducted experiments on applying power-analysis attcks on implementations of elliptic curve cryptosystems on FPGAs [OOP] (joint work with S. B. ¨ Ors and B. Preneel).Moreover, we have contributed to the NESSIE project by evaluating the vulnerability of some of the NESSI[...]

2014-09-20
18:17 [Pub][ePrint]

In this paper, we propose an efficient and provably secure certificateless public key cryptography (CL-PKC) based authenticated group key agreement (CL-AGKA) protocol that meets practicability, simplicity, and strong notions of security. Our protocol focuses on certificateless public key cryptography (CL-PKC) which simplifies the complex certificate management in the traditional public key cryptography (PKC) and resolves the key escrow problem in identity-based cryptography (IBC). The authenticated group key exchange (AGKA) protocols allow participants to communicate over a public network to exchange a shared secret key. The CL-AGKA protocol is designed to established a group key between group of participants by ensuring that no other outsiders can learn any information about the agreed session key. Our CL-AGKA protocol presents a security notion in random oracle model. It is formally proven that our CL-AGKA protocol provides strong Authenticated Key Exchange (AKE) security. Thus, the proposed protocol provides provable security along with low message exchange cost and computational cost to form the shared group key.

00:17 [Pub][ePrint]

Present-day public-key cryptosystems such as RSA and Elliptic Curve Cryptography (ECC) will become insecure when quantum computers become a reality. This paper presents the new state of the art in efficient software implementations of a post-quantum secure public-key encryption scheme based on the ring-LWE problem. We use a 32-bit ARM Cortex-M4F microcontroller as the target platform. Our contribution includes optimization techniques for fast discrete Gaussian sampling and efficient polynomial multiplication. This implementation beats all known software implementations, on any architecture, by at least one order of magnitude. We further show that our scheme beats all ECC-based public-key encryption schemes by at least one order of magnitude. At 128-bit security we require 121166 cycles per encryption and 43324 cycles per decryption, while at a 256-bit security we require 261939 cycles per encryption and 96520 cycles per decryption. Gaussian sampling is done at an average of 28.5 cycles per sample.

00:17 [Pub][ePrint]

Security is one of the most important features of industrial products. Cryptographic algorithms are mainly used for this purpose to obtain confidentiality and integrity of data in industry. One of the main concerns of researchers in designing cryptographic algorithms is efficiency in either software implementation or hardware implementation. However, the efficiency of some well-known algorithms is highly questionable. The main goal of this paper is to present a novel processor architecture called CIARP (stands for Crypto Instruction-Aware RISC Processor) being feasible for high speed implementation of low throughput cryptographic algorithms. CIARP has been designed based on a proposed instruction set named Crypto Specific Instruction Set (CSIS), that can speed up encryption and decryption processes of data.