International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-10-08
23:53 [Event][New] COSADE 2015: 6th Int. Workshop on Constructive Side-Channel Analysis and Secure Design

  Submission: 8 December 2014
Notification: 4 February 2015
From April 13 to April 14
Location: Berlin, Germany
More Information: http://www.cosade.org/


09:23 [Event][New] 5th Bar-Ilan Winter School on Cryptography: Advances in Practical MPC

  From February 15 to February 19
Location: Tel Aviv, Israel
More Information: http://crypto.2bwebsite.co.il/5th-biu-winter-school




2014-10-07
15:25 [Job][New] Two full-time PhD or Postdoc positions in the area of Wireless Sensor Networks (WSN) Security, Universität Mannheim (Germany) and Friedrich-Alexander-Universität Erlangen-Nürnberg (Germany)

  The positions are funded by the German Research Foundation (DFG) in the project WSNSec (Wireless Sensor Network Security). The project is a collaboration between the Universität Mannheim (Germany) and the Friedrich-Alexander Universität Erlangen-Nürnberg (Germany) where the two positions are located, respectively.

========

Position 1 at the Working Group for Theoretical Computer Science and IT-Security at Universität Mannheim (Germany) focuses on the theoretical aspects of WSNSec:

- Formalization of attacker models and security goals

- Cryptanalysis of existing cryptographic protocols

- Development of provably secure cryptographic protocols

========

Position 2 at the Chair for IT-Security Infrastructures (Informatik 1) at the Friedrich-Alexander-Universität Erlangen-Nürnberg (Germany) focuses on the practical aspects of WSNSec:

- Investigation of security strengths and weaknesses of the real WSNs at both the hardware and the software levels

- Implementation of cryptographic protocols for WSNs in simulation environments and on the real sensor nodes

========

13:29 [Job][New] 4 Research Scientists, Temasek Laboratories at Nanyang Technological University, Singapore

  Temasek Laboratories at Nanyang Technological University, Singapore is seeking candidates for 4 research scientist positions (from fresh post-docs to senior research scientists) in the areas of symmetric key cryptography and lightweight cryptography, supported by a government funded project of duration 2 years.

Salaries are globally competitive and are determined according to the successful applicants accomplishments, experience and qualifications. Interested applicants are encouraged to send early their detailed CVs, cover letter and reference letters.

Review process starts immediately and will continue until all positions are filled.

06:17 [Pub][ePrint] Tuning GaussSieve for Speed, by Robert Fitzpatrick and Christian Bischof and Johannes Buchmann and Ozgur Dagdelen and Florian Gopfert and Artur Mariano and Bo-Yin Yang

  The area of lattice-based cryptography is growing ever-more prominent as a paradigm for quantum-resistant cryptography. One of the most important hard problem underpinning the security of lattice- based cryptosystems is the shortest vector problem (SVP). At present, two approaches dominate methods for solving instances of this problem in practice: enumeration and sieving. In 2010, Micciancio and Voulgaris presented a heuristic member of the sieving family, known as GaussSieve, demonstrating it to be comparable to enumeration methods in practice. With contemporary lattice-based cryptographic proposals relying largely on the hardness of solving the shortest and closest vector problems in ideal lattices, examining possible improvements to sieving algorithms becomes highly pertinent since, at present, only sieving algorithms have been successfully adapted to solve such instances more efficiently than in the random lattice case. In this paper, we propose a number of heuristic improvements to GaussSieve, which can also be applied to other sieving algorithms for SVP.



06:17 [Pub][ePrint] Statistical Properties of the Square Map Modulo a Power of Two, by S. M. Dehnavi and A. Mahmoodi Rishakani and M. R. Mirzaee Shamsabad and Einollah Pasha

  The square map is one of the functions that is used in cryptography. For instance, the square map is used in Rabin encryption scheme, block cipher RC6 and stream cipher Rabbit, in different forms. In this paper we study a special case of the square map, namely the square function modulo a power of two. We obtain probability distribution of the output of this map as a vectorial Boolean function. We find probability distribution of the component Boolean functions of this map. We present the joint probability distribution of the component Boolean functions of this function. We introduce a new function which is similar to the function that is used in Rabbit cipher and we compute the probability distribution of the component Boolean functions of this new map.



03:17 [Pub][ePrint] Weak Instances of PLWE, by Kirsten Eisentraeger and Sean Hallgren and Kristin Lauter

  In this paper we present a new attack on the polynomial version of the Ring-LWE assumption, for certain carefully chosen number fields. This variant of RLWE, introduced in [BV11] and called the PLWE assumption, is known to be as hard as the RLWE assumption for 2-power cyclotomic number fields, and for cyclotomic number fields in general with a small cost in terms of error growth. For general number fields, we articulate the relevant properties and prove security reductions for number fields with those properties. We then present an attack on PLWE for number fields satisfying certain properties.



03:17 [Pub][ePrint] Divisible E-Cash Made Practical, by Sébastien Canard, David Pointcheval, Olivier Sanders and Jacques Traoré

  Divisible E-cash systems allow users to withdraw a unique coin of value $2^n$ from a bank, but then to spend it in several times to distinct merchants. In such a system, whereas users want anonymity of their transactions, the bank wants to prevent, or at least detect, double-spending, and trace the defrauders. While this primitive was introduced two decades ago, quite a few (really) anonymous constructions have been introduced. In addition, all but one were just proven secure in the random oracle model, but still with either weak security models or quite complex settings and thus costly constructions.

The unique proposal, secure in the standard model, appeared recently and is unpractical. As evidence, the authors left the construction of an efficient scheme secure in this model as an open problem.

In this paper, we answer it with the first efficient divisible E-cash system secure in the standard model.

It is based on a new way of building the coins, with a unique and public global tree structure for all the coins. Actually, we propose two constructions: a very efficient one in the random oracle model and a less efficient, but still practical, in the standard model. They both achieve constant time for withdrawing and spending coins, while allowing the bank to quickly detect double-spendings by a simple comparison of the serial numbers of deposited coins to the ones of previously spent coins.



03:17 [Pub][ePrint] On the Indifferentiability of Key-Alternating Feistel Ciphers with No Key Derivation, by Chun Guo and Dongdai Lin

  Feistel constructions have been shown to be indifferentiable

from random permutations (STOC 2011). Whereas how to properly

mix the keys into an un-keyed Feistel construction (without

appealing to domain separation technique) to obtain a block

cipher which resists known-key and chosen-key attacks remains

an open problem. We study this. NSA\'s SIMON family of block

ciphers takes a construction which has the subkey xored into a

halve of the state at each round. More clearly, at the $i$-th

round, the state is updated according to

$$(x_i,x_{i-1})\\mapsto(x_{i-1}\\oplus F_i(x_i)\\oplus k_i,x_i)$$

For such key-alternating Feistel ciphers, we show that 21

rounds are sufficient to achieve indifferentiability from ideal

ciphers with $2n$-bit blocks and $n$-bit keys, assuming the

$n$-to-$n$-bit round functions $F_1,\\ldots,F_{21}$ to be random

and public and an identical user-provided $n$-bit key to be

applied at each round. This gives a solution to the problem

mentioned before, and is the first to study the

indifferentiability of key-alternating Feistel ciphers to our

knowledge.



03:17 [Pub][ePrint] Another Tor is possible, by Amadou Moctar Kane

  The aim of this paper is to introduce some modifications in Tor, in order to improve user\'s anonymity and relay\'s security. Thus, we introduced a system that will ensure anonymity for all users, while

maintaining the ability to break the anonymity of a sender in case of misconduct. The revocation of the anonymity will require the use of secret sharing schemes, since we assume that, the lifting of the

anonymity of the dishonest user should not depend on a single entity, but on a consensus within the network. In addition to the revocation of the anonymity, we propose in this paper further improvements

such as mixing Tor traffic with those of the major internet groups, using the camouflage, or introducing a honeypot in the network.



00:17 [Pub][ePrint] Precise Fault-Injections using Voltage and Temperature Manipulation for Differential Cryptanalysis, by Raghavan Kumar and Philipp Jovanovic and Ilia Polian

  State-of-the-art fault-based cryptanalysis methods are capable of breaking most

recent ciphers after only a few fault injections. However, they require temporal

and spatial accuracies of fault injection that were believed to rule out

low-cost injection techniques such as voltage, frequency or temperature

manipulation. We investigate selection of supply-voltage and temperature values

that are suitable for high-precision fault injection even up to a single bit.

The object of our studies is an ASIC implementation of the recently presented

block cipher PRINCE, for which a two-stage fault attack scheme has been

suggested lately. This attack requires, on average, about four to five fault

injections in well-defined locations. We show by electrical simulations that

voltage-temperature points exist for which faults show up at locations required

for a successful attack with a likelihood of around 0.1\\%. This implies that the

complete attack can be mounted by approximately 4,000 to 5,000 fault injection

attempts, which is clearly feasible.