International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-10-31
16:43 [Event][New]

Submission: 21 November 2014
From April 3 to April 3

16:42 [Job][New]

Summary:

Serve as a SME (Subject Matter Expert) advising SafeNet customers, partners and prospects on SafeNet Data Protection solutions to secure data while at rest (storage, file and database encryption), in use (hardware security modules, encryption technologies), and in transit (wide area network encryption).

This focused expertise will drive increased revenue for SafeNet StorageSecure, Hardware Security Modules, KeySecure and ProtectV products.

Technical Requirements

• Experienced in the concepts of Cryptography, Security and PKI

• Experience with Hardware Security Modules (HSM)

• Experience with the concept and practice of Key Management

• Experience with virtualisation products such as VMWare, XEN and HyperV is beneficial, as well as prior involvement with Amazon Web Services

• Strong familiarity with Windows and Linux based systems

• Familiarity with a range of enterprise security solutions would be beneficial as they relate to the wider SafeNet portfolio. These include database encryption, data tokenization, storage encryption, wide area network encryption, and authentication.

The position will require significant travel throughout the EMEA region.

16:41 [Job][New]

We are looking for two Post-Docs (Research Fellows) on symmetric key cryptography and computer security. The positions are for 2 years.

We encourage candidates with an excellent track-record in cryptography and computer security to apply. Please send your application with a CV, a cover letter and two reference letters.

Review starts immediately until suitable candidates have been hired.

15:17 [Pub][ePrint]

The study of monotonicity and negation complexity for Boolean

functions has been prevalent in complexity theory as well as in computational learning theory, but little attention has been given to

it in the cryptographic context. Recently, Goldreich and

Izsak (2012) have initiated a study of whether cryptographic

primitives can be monotone, and showed that one-way functions can be

monotone (assuming they exist), but a pseudorandom generator cannot.

In this paper, we start by filling in the picture and proving that many

other basic cryptographic primitives cannot be monotone. We then

initiate a quantitative study of the power of negations,

asking how many negations are required. We provide several

lower bounds, some of them tight,

for various cryptographic primitives and building blocks

including one-way permutations, pseudorandom functions, small-bias generators, hard-core predicates, error-correcting codes, and randomness extractors.

Among our results, we highlight the following.

i) Pseudorandom functions can only be computed by circuits

containing at least log n - O(1) negations

(which is optimal up to the additive term).

ii) We prove that error-correcting codes with optimal distance

parameters require log n - O(1) negations (again, optimal up to

iii) Unlike one-way functions, one-way permutations cannot be

monotone.

iv) We prove a general result for monotone functions,

showing a lower bound on the depth of any

circuit with t negations on the bottom that computes a monotone function f in terms of the monotone

circuit depth of f. This result addresses a question posed by Koroth and Sarma (2014) in the context of the circuit complexity

of the Clique problem.

Our results lead to a few intriguing open problems, and to interesting directions for further research.

00:17 [Pub][ePrint]

RC4+ stream cipher was proposed by Maitra et. al.

at Indocrypt 2008. It was claimed by the authors that this new

stream cipher is designed to overcome all the weaknesses reported

on the alleged RC4 stream cipher. In the design specifications of

RC4+, the authors make use of an 8-bit design parameter called

pad which is fixed to the value 0xAA. The first Distinguishing

Attack on RC4+ based on the bias of its first output byte was shown by Banik et. al. in Indocrypt 2013. In this paper, it was also mentioned that the distinguishing attack would still hold if the pad used in RC4+ is fixed to any even 8-bit constant other than 0xAA. Therefore, the question that arises is whether the design of RC4+ can be protected by fixing the pad parameter to some constant odd value. In this paper, we try to answer this very question. We show that the design is still vulnerable by mounting a distinguishing attack even if the pad is fixed to some constant 8-bit odd value. Surprisingly we find that if the value of the pad is made equal to 0x03, the design provides maximum resistance to distinguishing attacks. Lastly we return to the original cipher i.e. in which pad is set to 0xAA and unearth another bias in the second output byte of the cipher, thereby showing that practical implementations of this cipher should discard the use of the first two output bytes for encryption.

00:17 [Pub][ePrint]

The HIVE hidden volume encryption system was proposed by Blass et al. at ACM-CCS 2014. Even though HIVE has a security proof, this paper demonstrates an attack on its implementation that breaks the main security property claimed for the system by its authors, namely plausible hiding against arbitrary-access adversaries. Our attack is possible because of HIVE\'s reliance on the RC4 stream cipher to fill unused blocks with pseudorandom data. While the attack can be easily eliminated by using a better pseudorandom generator, it serves as an example of why RC4 should be avoided in all new applications and a reminder that one has to be careful when instantiating primitives.

2014-10-30
15:17 [Pub][ePrint]

Clock glitch based Differential Fault Analysis (DFA) attack is a serious threat to cryptographic devices. Previous error detection schemes for cryptographic devices target improving the circuit reliability and cannot resist such DFA attacks. In this paper, we propose a novel faulty clock detection method which can be easily implemented either in FPGAs or integrated circuits to detect the glitches in system clock. Results show that the proposed method can detect glitches efficiently while needs very few system resource. It is also highly reconfigurable to tolerant clock inherent jitters, and will not involve complex design work for different processing technologies.

15:17 [Pub][ePrint]

Template attacks and stochastic models are among the most powerful

side-channel attacks. However, they can be computationally expensive

when processing a large number of samples. Various compression

techniques have been used very successfully to reduce the data

dimensionality prior to applying template attacks, most notably

Principal Component Analysis (PCA) and Fisher\'s Linear Discriminant

Analysis (LDA). These make the attacks more efficient computationally

and help the profiling phase to converge faster. We show how these

ideas can also be applied to implement stochastic models more

efficiently, and we also show that they can be applied and evaluated

even for more than eight unknown data bits at once.

15:17 [Pub][ePrint]

We introduce Accountable Storage (AS), a framework allowing a client with small local space to outsource n file blocks to an untrusted server and be able (at any point in time after outsourcing) to provably compute how many bits have been discarded by the server.

Such protocols offer provable storage insurance\" to a client: In case of a data loss, the client can be compensated with a dollar amount proportional to the damage that has occurred, forcing the server to be more accountable\" for his behavior.

The insurance can be captured in the SLA between the client and the server.

Although applying existing techniques (e.g., proof-of-storage protocols) could address the problem,

the related costs of such approaches are prohibitive. Instead, our protocols can provably compute the damage that has occurred through an efficient recovery process of the lost or corrupted file blocks, which requires only sublinear $O(\\delta\\log n)$ communication, computation and local space, where $\\delta$ is the maximum number of corrupted file blocks that can be tolerated. Our technique is based on an extension of invertible Bloom filters, a data structure used to quickly compute the distance between two sets.

Finally, we show how our protocol can be integrated with Bitcoin,

to support automatic compensations proportional to the number of corrupted bits at the server. We also build and evaluate our protocols showing that they perform well in practice.

15:17 [Pub][ePrint]

Shamir\'s secret sharing scheme is an effective way to distribute secret to a group of shareholders. But this scheme is vulnerable to cheaters and attackers and thus how to protect the system from cheating and attacks is a big problem. In this paper, we proposed to use robust codes and algebraic manipulation detection (AMD) codes to protect the secret sharing module. Simulation and synthesis results show that the proposed architecture can improve the security level significantly even under strong cheating and attack models with some extra area and timing overheads.

15:17 [Pub][ePrint]

Distance (upper)-bounding (DUB) allows a verifier to know whether a proving party is located within a certain distance bound. DUB protocols have many applications in secure authentication and location based services. We consider the dual problem of distance lower bounding (DLB), where the prover proves it is outside a distance bound to the verifier. We motivate this problem through a number of application scenarios, and model security against distance fraud (DF), Man-in-the-Middle (MiM), and collusion fraud (CF) attacks. We prove impossibility of security against these attacks without making physical assumptions. We propose approaches to the construction of secure protocols under reasonable assumptions, and give detailed design of our DLB protocol and prove its security using the above model. This is the first treatment of the DLB problem in the untrusted prover setting, with a number of applications and raising new research questions. We discuss our results and propose directions for future research.