International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-10-28
18:17 [Pub][ePrint] CM55: special prime-field elliptic curves almost optimizing den Boer\'s reduction between Diffie-Hellman and discrete logs, by Daniel R. L. Brown

  Using the Pohlig--Hellman algorithm, den Boer reduced the discrete logarithm problem to the Diffie--Hellman problem in groups of an order whose prime factors were each one plus a smooth number. This report reviews some related general conjectural lower bounds on the Diffie-Hellman problem in elliptic curve groups that relax the smoothness condition into a more commonly true condition.

This report focuses on some elliptic curve parameters defined over a prime field size of size 9+55(2^288), whose special form may provide some efficiency advantages over random fields of similar sizes. The curve has a point of Proth prime order 1+55(2^286), which helps to nearly optimize the den Boer reduction. This curve is constructed using the CM method. It has cofactor 4, trace 6, and fundamental discriminant -55.

This report also tries to consolidate the variety of ways of deciding between elliptic curves (or other algorithms) given the efficiency and security of each.



16:08 [Event][New] DBSec 2015: 29th IFIP WG11.3 Working Conf. on Data and Applications Security & Privacy

  Submission: 21 February 2015
Notification: 20 April 2015
From July 13 to July 15
Location: Fairfax, Virginia, USA
More Information: http://dbsec2015.di.unimi.it


16:02 [Job][New] Senior Cryptographic/Software Obfuscation Engineer, DARPA-i_SW Corp, Arlington, VA

  i_SW is looking for a Staff Scientist with a background in mathematics and cryptography to support a DARPA program focused on program obfuscation to protect DoD assets. Candidate will provide Scientific, Engineering and Technical Assistance (SETA) support to assist in the management and evaluation of the research underlying this effort. Candidate should have experience planning and developing technical projects of a research and development (R&D) nature, concerned with unique or controversial problems which have an important effect on major Department of Defense programs.

This work will be collaborative with DARPA and i_SW corporation located in Arlington, VA

Required Skills

• Demonstrated skill in successfully performing technical assignments including conducting research in problem areas of considerable scope and complexity requiring unconventional or novel approaches and sophisticated research techniques, risk analysis and resolution, tracking technical milestones, and report preparations

• Research focus on the theoretical sides of cryptography

• Demonstrated skill in conceiving, planning, and conducting research in problem areas of considerable scope and complexity requiring unconventional or novel approaches and sophisticated research techniques.

• Demonstrated the ability to independently conduct the appropriate analyses to offer recommendations, solutions, and alternatives to resolve R&D issues, concerns, problems, or methods.

Applicants must be US Citizens in order to obtain security clearances.

Education

BS/MS Math or Computer Science

Some post-graduate work in mathematics and cryptography preferred.



03:55 [News] Video of IACR Distinguished Lecture

  The video of Mihir Bellare's IACR distinguished lecture at Crypto is now online.



2014-10-27
18:38 [Job][New] Senior Cryptographic/Software Obfuscation Engineer, DARPA- i_SW Corporation

  I_SW is looking for a Staff Scientist with a background in mathematics and cryptography to support a DARPA program focused on program obfuscation to protect DoD assets. Candidate will provide Scientific, Engineering and Technical Assistance (SETA) support to assist in the management and evaluation of the research underlying this effort. Candidate should have experience planning and developing technical projects of a research and development (R&D) nature, concerned with unique or controversial problems which have an important effect on major Department of Defense programs.

This work will be collaborative with DARPA and i_SW corporation located in Arlington, VA

Required Skills

• Demonstrated skill in successfully performing technical assignments including conducting research in problem areas of considerable scope and complexity requiring unconventional or novel approaches and sophisticated research techniques, risk analysis and resolution, tracking technical milestones, and report preparations

• Research focus on the theoretical sides of cryptography

• Demonstrated skill in conceiving, planning, and conducting research in problem areas of considerable scope and complexity requiring unconventional or novel approaches and sophisticated research techniques.

• Demonstrated the ability to independently conduct the appropriate analyses to offer recommendations, solutions, and alternatives to resolve R&D issues, concerns, problems, or methods.

Education

Some post-graduate work in mathematics and cryptography preferred.

To apply for this position, please email your resume or C.V. to Robert.Lunsford Robert.lunsford (at) iswcorp.com





2014-10-25
17:20 [Event][New] CECC '15: 15th Central European Conference on Cryptology

  Submission: 15 February 2015
Notification: 1 April 2015
From July 8 to July 10
Location: Klagenfurt, Austria
More Information: http://www.math.aau.at/cecc2015/


06:17 [Pub][ePrint] Side-channel Power Analysis of Different Protection Schemes Against Fault Attacks on AES, by Pei Luo, Yunsi Fei, Liwei Zhang, and A. Adam Ding

  A protection circuit can be added into cryptographic systems to detect both soft errors and injected faults required by Differential Fault Analysis (DFA) attacks. While such protection can improve the reliability of the target devices significantly and counteract DFA, they will also incur extra power consumption and other resource overhead. In this paper, we analyze the side-channel power leakage of AES protection methods against fault attacks and quantify the amount. We implement six different schemes and launch correlation power analysis attacks on them. The results show that the protection circuits have all increased the power leakage and therefore make the system more vulnerable to power analysis attacks. We further compare different protection schemes in terms of power consumption, area, fault coverage, and side-channel leakage. Our results demonstrate trade-offs among multiple design metrics, and suggest that reliability, security, and costs have to be all considered together in the design phase of cryptographic systems.





2014-10-23
00:17 [Pub][ePrint] Accelerating Bliss: the geometry of ternary polynomials, by Léo Ducas

  The signature scheme Bliss proposed by Ducas, Durmus, Lepoint and Lyubashevsky at Crypto\'13, is currently the most compact and efficient lattice-based signature scheme that is provably secure under lattice assumptions. It does compare favourably with the standardized schemes RSA and ECDSA on both Software and Hardware.

In this work, we introduce a new technique that improves the above scheme, offering an acceleration factor up to 2.8, depending on the set of parameters.

Namely, we improve the unnatural geometric bound used in Bliss to a tighter and much more natural bound by using some extra degree of freedom: the ternary representations of binary challenges. Precisely, we efficiently choose a ternary representation that makes the result deterministically shorter than the expected length for a random challenges.

Our modified scheme Bliss-b is rather close to the original scheme, and both versions are compatible. The patch has been implemented on the Open-Source Software implementation of Bliss, and will be released under similar license.





2014-10-22
21:17 [Pub][ePrint] Leakage-Resilient Circuits Revisited -- Optimal Number of Computing Components without Leak-free Hardware, by Dana Dachman-Soled and Feng-Hao Liu and Hong-Sheng Zhou

  Side channel attacks -- attacks that exploit implementation-dependent information of a cryptosystem -- have been shown to be highly detrimental, and the cryptographic community has recently

focused on developing techniques for securing implementations against such attacks. An important model called \\emph{Only Computation Leaks} (OCL) [Micali and Reyzin, TCC \'04] and its stronger variants were proposed to model a broad class of leakage attacks (a type of

side-channel attack). These models allow for unbounded, arbitrary leakage as long as (1) information in each leakage observation is bounded, and (2) different parts of the computation leak independently. Various results and techniques have been developed for these models and we continue this line of research in the current work.

We address the problem of compiling any circuit into a circuit secure against OCL attacks. In order to leverage the OCL assumption, the resulting circuit will be split into components, where at any point in time only a single component is active. Optimally, we would like to output a circuit that has only one component, and no part of the computation needs to be leak-free. However, this task is impossible due to the result of Barak et al. [JACM \'12].The current state-of-the-art constructions achieve either two components with additional leak-free hardware, or many components without leak-free hardware.

In this work, we show how to achieve the best of both worlds: We construct two-component OCL schemes without relying on leak-free components. Our approach is general and modular -- we develop generic techniques to remove the hardware component from hardware-based constructions, when the functionality provided by the hardware satisfies some properties. Our techniques use universal deniable encryption (recently constructed by Sahai and Water [STOC \'14] using indistinguishable obfuscation) and non-committing encryption in a novel way. Then, we observe that the functionalities of the hardware used in previous two-component constructions of Juma and Vahlis [Crypto \'10], and Dziembowski and Faust [TCC \'12] satisfy the required properties.

The techniques developed in this paper have deep connections with adaptively secure and leakage tolerant multi-party computation (MPC).

Our constructions immediately yield adaptively secure and leakage tolerant MPC protocols for any no-input randomized functionality in the semi-honest model. The result holds in the CRS model, without pre-processing. Our results also have implications to two-party leakage tolerant computation for arbitrary functionalities, which we obtain by combining our constructions with a recent result of Bitansky, Dachman-Soled, and Lin [Crypto \'14].



21:17 [Pub][ePrint] Pseudonymous Secure Computation from Time-Lock Puzzles, by Jonathan Katz and Andrew Miller and Elaine Shi

  In standard models of secure computation, point-to-point channels between parties are as-

sumed to be authenticated by some pre-existing means. In other cases, even stronger pre-existing

setup--e.g., a public-key infrastructure (PKI)--is assumed. These assumptions are too strong

for open, peer-to-peer networks, where parties do not necessarily have any prior relationships

and can come and go as they please. Nevertheless, these assumptions are made due to the

prevailing belief that nothing \"interesting\" can be achieved without them.

Taking inspiration from Bitcoin, we show that precise bounds on computational power can

be used in place of pre-existing setup to achieve weaker (but nontrivial) notions of security.

Specifically, under the assumptions that digital signatures exist and each party can solve cryp-

tographic \"time-lock\" puzzles only at a bounded rate, we show that without prior setup and

with no bound on the number of corruptions, a group of parties can agree on a PKI with which

they can then realize pseudonymous notions of authenticated communication, broadcast, and

secure computation. Roughly, \"pseudonymous\" here means that inputs/outputs are (effectively)

bound to pseudonyms rather than parties\' true identities.



21:17 [Pub][ePrint] Adaptively Secure, Universally Composable, Multi-Party Computation in Constant Rounds, by Dana Dachman-Soled and Jonathan Katz and Vanishree Rao

  Cryptographic protocols with adaptive security ensure that security holds against an adversary who can dynamically determine which parties to corrupt as the protocol progresses---or even after the protocol is finished. In the setting where all parties may potentially be corrupted, and secure erasure is not assumed, it has been a long-standing open question to design secure-computation protocols with adaptive security running in constant rounds.

Here, we show a constant-round, universally composable protocol for computing any functionality, tolerating a malicious, adaptive adversary corrupting any number of parties. Interestingly, our protocol can compute all functionalities, not just adaptively well-formed ones.