International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-11-13
10:17 [Pub][ePrint] Improved Parameters and an Implementation of Graded Encoding Schemes from Ideal Lattices, by Martin R. Albrecht and Catalin Cocis and Fabien Laguillaumie and Adeline Langlois

  We discuss how to set parameters for GGH-like graded encoding schemes approximating cryptographic multilinear maps from ideal lattices and propose a strategy which reduces parameter sizes for concrete instances. Secondly, we discuss a first software implementation of a graded encoding scheme based on GGHLite, an improved variant of Garg, Gentry and Halevi\'s construction (GGH) due to Langlois, Stehlé and Steinfeld. Thirdly, we provide an implementation of non-interactive $N$-partite Diffie-Hellman key exchange. We discuss our implementation strategies and show that our implementation outperforms previous work.



10:17 [Pub][ePrint] Zeroizing without zeroes: Cryptanalyzing multilinear maps without encodings of zero, by Craig Gentry and Shai Halevi and Hemanta K. Maji and Amit Sahai

  We extend the recent zeroizing attacks of Cheon et al. on multilinear maps to some settings where no encodings of zero below the maximal level are available. Some of the new attacks apply to the CLT scheme (resulting in total break) while others apply to the GGH scheme (resulting in a weak-DL attack).



10:17 [Pub][ePrint] Immunizing Multilinear Maps Against Zeroizing Attacks, by Dan Boneh and David J. Wu and Joe Zimmerman

  In recent work Cheon, Han, Lee, Ryu, and Stehle presented an attack on the multilinear map of Coron, Lepoint, and Tibouchi (CLT). They show that given many low-level encodings of zero, the CLT multilinear map can be completely broken, recovering the secret factorization of the CLT modulus. The attack is a generalization of the \"zeroizing\" attack of Garg, Gentry, and Halevi.

We first strengthen the attack of Cheon, Han, Lee, Ryu, and Stehle by showing that CLT can be broken even without low-level encodings of zero. This strengthening is sufficient to show that the subgroup elimination assumption does not hold for the CLT multilinear map.

We then present a generic defense against this type of \"zeroizing\" attack. For an arbitrary asymmetric composite-order multilinear map (including CLT), we give a functionality-preserving transformation that ensures that no sequence of map operations will produce valid encodings (below the zero-testing level) whose product is zero. We prove security of our transformation in a generic model of composite-order multilinear maps. Our new transformation rules out \"zeroizing\" leaving no currently known attacks on the decision linear assumption, subgroup elimination assumption, and other related problems for the CLT multilinear map. Of course, in time, it is possible that different attacks on CLT will emerge.





2014-11-12
10:17 [Pub][ePrint] Physical functions : the common factor of side-channel and fault attacks ?, by Bruno Robisson and Hélène Le Bouder

  Security is a key component for information technologies and

communication. Among the security threats, a very important one is

certainly due to vulnerabilities of the integrated circuits that implement

cryptographic algorithms. These electronic devices (such as smartcards)

could fall into the hands of malicious people and then could be sub-

ject to \\physical attacks\". These attacks are generally classied into two

categories : fault and side-channel attacks. One of the main challenges

to secure circuits against such attacks is to propose methods and tools

to estimate as soundly as possible, the eciency of protections. Numer-

ous works attend to provide tools based on sound statistical techniques

but, to our knowledge, only address side-channel attacks. In this article,

a formal link between fault and side-channel attacks is presented. The

common factor between them is what we called the \'physical\' function

which is an extension of the concept of \'leakage function\' widely used

in side-channel community. We think that our work could make possible

the re-use (certainly modulo some adjustments) for fault attacks of the

strong theoretical background developed for side-channel attacks. This

work could also make easier the combination of side-channel and fault

attacks and thus, certainly could facilitate the discovery of new attack

paths. But more importantly, the notion of physical functions opens from

now new challenges about estimating the protection of circuits.



03:52 [Event][New] WiSec 2015: 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks

  Submission: 17 February 2015
Notification: 7 April 2015
From June 22 to June 26
Location: New York City, NY, USA
More Information: http://www.sigsac.org/wisec/WiSec2015/




2014-11-11
17:50 [Event][New] FSP 2015: The 2015 International Workshop on Future Security and Privacy

  Submission: 28 November 2014
From January 26 to January 28
Location: Jeju, Korea
More Information: http://www.platcon.org/workshops/fsp-14


13:17 [Pub][ePrint] Differential Analysis of Block Ciphers SIMON and SPECK, by Alex Biryukov and Arnab Roy and Vesselin Velichkov

  In this paper we continue the previous line of research on the analysis of the differential properties of the lightweight block ciphers Simon and Speck. We apply a recently proposed technique

for automatic search for differential trails in ARX ciphers and improve the trails in Simon32 and Simon48 previously reported as best. We further extend the search technique for the case of differen-

tials and improve the best previously reported differentials on Simon32, Simon48 and Simon64 by exploiting more effectively the strong differential effect of the cipher. We also present improved trails and differentials on Speck32, Speck48 and Speck64. Using these new results we improve the currently best known attacks on several versions of Simon and Speck. A second major contribution of the paper

is a graph based algorithm (linear time) for the computation of the exact differential probability of the main building block of Simon: an AND operation preceded by two bitwise shift operations. This gives

us a better insight into the differential property of the Simon round function and differential effect in the cipher. Our algorithm is general and works for any rotation constants. The presented techniques

are generic and are therefore applicable to a broader class of ARX designs.



13:17 [Pub][ePrint] New Cryptosystem Using The CRT And The Jordan Normal Form, by Hemlata Nagesh and Birendra Kumar Sharma

  In this paper we introduce a method for improving the implementation of

GGH cryptosystem using the Chinese Remainder Theorem (CRT) and jordan

normal form. In this paper we propose a method for improving the speed of Babai\'s Round- Off CVP approximation algorithm [1] in lattices using the Chinese Remainder Theorem (CRT) then formulate a new lattice-based cryptosystem usng jordan normal form instead of hermite normal form would improve substantially the efficiency of the lattice based cryptosystem having Goldreich-Goldwaser-Halevi cryptosystem.



13:17 [Pub][ePrint] Improving the Polynomial time Precomputation of Frobenius Representation Discrete Logarithm Algorithms - Simplified Setting for Small Characteristic Finite Fields, by Antoine Joux and Cécile Pierrot

  In this paper, we revisit the recent small characteristic discrete logarithm algorithms. We show that a simplified description of the algorithm, together with some additional ideas, permits to obtain an improved complexity for the polynomial time precomputation that arises during the discrete logarithm computation. With our new improvements, this is reduced to O(q^6), where q is the cardinality of the basefield we are considering. This should be compared to the best currently documented complexity for this part, namely O(q^7). With our simplified setting, the complexity of the precomputation in the general case becomes similar to the complexity known for Kummer (or twisted Kummer) extensions.



13:17 [Pub][ePrint] Indistinguishability Obfuscation for Turing Machines with Unbounded Memory, by Venkata Koppula and Allison Bishop Lewko and Brent Waters

  We show how to build indistinguishability obfuscation (iO) for Turing Machines where the overhead is polynomial in the security parameter lambda, machine description |M| and input size |x| (with only a negligible correctness error). In particular, we avoid growing polynomially with the maximum space of a computation. Our construction is based on iO for circuits, one way functions and injective pseudo random generators.

Our results are based on new \'\'selective enforcement\'\' techniques. Here we first create a primitive called positional accumulators that allows for a small commitment to a much larger storage. The commitment is unconditionally sound for a select piece of the storage. This primitive serves as an \'\'iO-friendly\'\' tool that allows us to make two different programs equivalent at different stages of a proof. The pieces of storage that are selected depend

on what hybrid stage we are at in a proof.

We first build up our enforcement ideas in a simpler context of \'\'message hiding encodings\'\' and work our way up to indistinguishability obfuscation.



13:17 [Pub][ePrint] Road-to-Vehicle Communications with Time-Dependent Anonymity: A Light Weight Construction and its Experimental Results, by Keita Emura and Takuya Hayashi

  This paper describes techniques that enable vehicles to collect local information (such as road conditions and traffic information) and report it via road-to-vehicle communications. To exclude malicious data, the collected information is signed by each vehicle. In this communications system, the location privacy of vehicles must be maintained. However, simultaneously linkable information (such as travel routes) is also important. That is, no such linkable information can be collected when full anonymity is guaranteed through the use of cryptographic tools such as group signatures. Similarly, continuous linkability (via pseudonyms, for example) may also cause problem from the viewpoint of privacy.

In this paper, we propose a road-to-vehicle communication system with relaxed anonymity by considering time-dependent linking properties via group signatures with time-token dependent linking (GS-TDL). These techniques are used to construct an anonymous time-dependent authentication system via GS-TDL. Briefly, a vehicle is unlinkable unless it generates multiple signatures simultaneously. In addition, we describe vulnerability in the anonymous authentication system proposed by Wu, Domingo-Ferrer and Gonz{\\\'a}lez-Nicol{\\\'a}s (IEEE T. Vehicular Technology 2010), where an unauthorized individual can create a valid group signature without using signing key. Moreover, our GS-TDL scheme supports verifier-local revocation (VLR), which maintains constant signing and verification costs by using the linkable part of signatures. These appear to be related to independent interests. Finally, we provide our experimental results (using the TEPLA library) and confirm that our system is feasible in practice.