International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-11-20
19:17 [Pub][ePrint] Tree-Structured Composition of Homomorphic Encryption: How to Weaken Underlying Assumptions, by Koji Nuida and Goichiro Hanaoka and Takahiro Matsuda

  Cryptographic primitives based on infinite families of progressively weaker assumptions have been proposed by Hofheinz-Kiltz and by Shacham (the n-Linear assumptions) and by Escala et al. (the Matrix Diffie-Hellman assumptions). All of these assumptions are extensions of the decisional Diffie-Hellman (DDH) assumption. In contrast, in this paper, we construct (additive) homomorphic encryption (HE) schemes based on a new infinite family of assumptions extending the decisional Composite Residuosity (DCR) assumption. This is the first result on a primitive based on an infinite family of progressively weaker assumptions not originating from the DDH assumption. Our assumptions are indexed by rooted trees, and provides a completely different structure compared to the previous extensions of the DDH assumption.

Our construction of a HE scheme is generic; based on a tree structure, we recursively combine copies of building-block HE schemes associated to each leaf of the tree (e.g., the Paillier cryptosystem, for our DCR-based result mentioned above). Our construction for depth-one trees utilizes the \"share-then-encrypt\" multiple encryption paradigm, modified appropriately to ensure security of the resulting HE schemes. We prove several separations between the CPA security of our HE schemes based on different trees; for example, the existence of an adversary capable of breaking all schemes based on depth-one trees, does not imply an adversary against our scheme based on a depth-two tree (within a computational model analogous to the generic group model). Moreover, based on our results, we give an example which reveals a type of \"non-monotonicity\" for security of generic constructions of cryptographic schemes and their building-block primitives; if the building-block primitives for a scheme are replaced with other ones secure under stronger assumptions, it may happen that the resulting scheme becomes secure under a weaker assumption than the original.



19:17 [Pub][ePrint] Modified Alternating Step Generators with Non-Linear Scrambler, by Robert Wicik and Tomasz Rachwalik and RafaƂ Gliwa

  Pseudorandom generators, which produce keystreams for stream ciphers by the exclusive-or sum of output bits from alternately clocked linear feedback shift registers, are vulnerable to cryptanalysis. In order to increase their resistance to attacks, we introduce a nonlinear scrambler at the output of these generators. The role of the scrambler plays the nonlinear feedback shift register. In addition, we propose the Modified Alternating Step Generator (MASG1S) built with the nonlinear scrambler and regularly or irregularly clocked linear feedback shift registers with nonlinear filtering functions.





2014-11-19
23:51 [Job][New] PhD students and Postdoctoral Fellowships in Post-Quantum Cryptography, University of Waterloo

  The Institute for Quantum Computing and the Centre for Applied Cryptographic Research at the University of Waterloo seek qualified applicants for postdoctoral fellowships and graduate student positions in post-quantum cryptography, in particular in public-key cryptography based on computational assumptions believed to be secure against quantum computers (e.g. systems based on lattices, error-correcting codes codes, multivariate functions, elliptic curve isogenies, and also signature schemes based on hash-functions).

Projects may include studying new attacks (classical or quantum) on proposed systems, improved implementation methods for such systems, and reductions or equivalences between candidate post-quantum systems.

Successful applications will join a broad team of leading researchers in quantum computing and applied cryptography. They will also be able to take advantage of the CryptoWorks21 supplementary training program, which develops the technical and professional skills and knowledge needed to create cryptographic solutions that will be safe in a world with quantum computing technologies.



13:17 [Pub][ePrint] EUF-CMA-Secure Structure-Preserving Signatures on Equivalence Classes, by Georg Fuchsbauer and Christian Hanser and Daniel Slamanig

  At ASIACRYPT\'14 Hanser and Slamanig proposed a new primitive called structure-preserving signatures on equivalence classes (SPS-EQ) and used it to construct very efficient attribute-based anonymous credentials. They also presented a candidate construction of an SPS-EQ scheme and claimed that the scheme was existentially unforgeable under adaptive chosen message attacks (EUF-CMA). Fuchsbauer has however recently shown that the construction is insecure under adaptive queries and consequently the security claim is invalid. We fix this issue by providing an EUF-CMA-secure construction of an SPS-EQ, which is also more efficient than the original construction in every respect. We prove our scheme secure in the generic group model for Type-3 bilinear groups.



13:17 [Pub][ePrint] Boomerang Attack on Step-Reduced SHA-512, by Hongbo Yu, Dongxia Bai

  SHA-2 (SHA-224, SHA-256, SHA-384 and SHA-512) is hash function family issued by the National Institute of Standards and Technology (NIST) in 2002 and is widely used all over the world. In this work, we analyze the security of SHA-512 with respect to boomerang attack. Boomerang distinguisher on SHA-512 compression function reduced to 48 steps is proposed, with a practical complexity of $2^{51}$. A practical example of the distinguisher for 48-step SHA-512 is also given. As far as we know, it is the best practical attack on step-reduced SHA-512.



13:17 [Pub][ePrint] On a new fast public key cryptosystem, by Samir Bouftass.

  This paper presents a new fast public key cryptosystem namely : A key exchange algorithm, a public key encryption algorithm and a digital signature algorithm, based on a the difficulty to invert the following function :

$F(X) =(A\\times X)Mod(2^r)Div(2^s)$ .\\\\* Mod is modulo operation , Div is integer division operation , A , r and s are known natural numbers while $( r > s )$ .\\\\* In this paper it is also proven that this problem is equivalent to SAT problem which is NP complete .



13:17 [Pub][ePrint] The SIMON and SPECK Block Ciphers on AVR 8-bit Microcontrollers, by Ray Beaulieu and Douglas Shors and Jason Smith and Stefan Treatman-Clark and Bryan Weeks and Louis Wingers

  The last several years have witnessed a surge of activity in

lightweight cryptographic design. Many lightweight block ciphers have

been proposed, targeted mostly at hardware applications. Typically software performance has not been a priority, and consequently software

performance for many of these algorithms is unexceptional. SIMON and

SPECK are lightweight block cipher families developed by the U.S. National Security Agency for high performance in constrained hardware and software environments. In this paper, we discuss software performance and demonstrate how to achieve high performance implementations of SIMON and SPECK on the AVR family of 8-bit microcontrollers. Both ciphers compare favorably to other lightweight block ciphers on this platform. Indeed, SPECK seems to have better overall performance than any existing block cipher --- lightweight or not.



13:17 [Pub][ePrint] Lattice Point Enumeration on Block Reduced Bases, by Michael Walter

  When analyzing lattice based cryptosystems, we often need to solve the Shortest Vector Problem (SVP) in some lattice associated to the system under scrutiny. The go-to algorithms in practice to solve SVP are enumeration algorithms, which usually consist of a preprocessing step, followed by an exhaustive search. Obviously, the two steps offer a trade-off and should be balanced in their running time in order to minimize the overall complexity. In practice, the most common approach to control this trade-off is to use block reduction algorithms during the preprocessing. Despite the popularity of this approach, it lacks any well founded analysis and all practical approaches seem to use ad hoc parameters. This weakens our confidence in the cryptanalysis of the systems. In this work, we aim to shed light on at least one side of this trade-off and analyze the effect of block reduction on the exhaustive search. For this, we give asymptotic worst case bounds and presents results from both experiments and simulation that show its average case behavior in practice.



13:17 [Pub][ePrint] Simplification/complication of the basis of prime Boolean ideal, by Alexander Rostovtsev and Anna Shustrova

  Prime Boolean ideal has the basis of the form (x1 + e1, ..., xn + en) that consists of linear binomials. Its variety consists of the point (e1, ..., en). Complication of the basis is changing the simple linear binomials by non-linear polynomials in such a way, that the variety of ideal stays fixed. Simplification of the basis is obtaining the basis that consists of linear binomials from the complicated one that keeps its variety.

Since any ideal is a module over the ring of Boolean polynomials, the change of the basis is uniquely determined by invertible matrix over the ring.

Algorithms for invertible simplifying and complicating the basis of Boolean ideal that fixes the size of basis are proposed. Algorithm of simplification optimizes the choose of pairs of polynomials during the Groebner basis computation, and eliminates variables without using resultants.





2014-11-18
19:17 [Pub][ePrint] Boosting Higher-Order Correlation Attacks by Dimensionality Reduction, by Nicolas Bruneau and Jean-Luc Danger and Sylvain Guilley and Annelie Heuser and Yannick Teglia

  Multi-variate side-channel attacks allow to break higher-order masking protections by combining several leakage samples.

But how to optimally extract all the information contained in all possible $d$-tuples of points?

In this article, we introduce preprocessing tools that answer this question.

We first show that maximizing the higher-order CPA coefficient is equivalent to finding the maximum of the covariance.

We apply this equivalence to the problem of trace dimensionality reduction by linear combination of its samples.

Then we establish the link between this problem and the Principal Component Analysis. In a second step we present the optimal solution for the problem of maximizing the covariance.

We also theoretically and empirically compare these methods.

We finally apply them on real measurements, publicly available under the DPA Contest v4, to evaluate how the proposed techniques improve the second-order CPA (2O-CPA).



19:17 [Pub][ePrint] Outsourcing Secure Two-Party Computation as a Black Box, by Henry Carter and Benjamin Mood and Patrick Traynor and Kevin Butler

  Secure multiparty computation (SMC) offers a technique to preserve functionality and data privacy in mobile applications. Current protocols that make this costly cryptographic construction feasible on mobile devices securely outsource the bulk of the computation to a cloud provider. However, these outsourcing techniques are built on specific secure computation assumptions and tools, and applying new SMC ideas to the outsourced setting requires the protocols to be completely rebuilt and proven secure. In this work, we develop a generic technique for lifting any secure two-party computation protocol into an outsourced two-party SMC protocol. By augmenting the function being evaluated with auxiliary consistency checks and input values, we can create an outsourced protocol with low overhead cost. Our implementation and evaluation show that in the best case, our outsourcing additions execute within the confidence intervals of two servers running the same computation, and consume approximately the same bandwidth. In addition, the mobile device itself uses minimal bandwidth over a single round of communication. This work demonstrates that efficient outsourcing is possible with any underlying SMC scheme, and provides an outsourcing protocol that is efficient and directly applicable to current and future SMC techniques.