International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-11-28
07:17 [Pub][ePrint]

A novel internal state recovery attack on the whole Grain family of ciphers is proposed in this work. It basically uses the ideas of BSW sampling along with employing a weak placement of the tap positions of the driving LFSRs. The currently best known complexity trade-offs are obtained, and due to the structure of Grain family these attacks are also key recovery attacks. It is shown that the internal state of Grain-v1 can be recovered with the time complexity of about $2^{66}$ operations using a memory of about $2^{58.91}$ bits, assuming availability of $2^{45}$ keystream sequences each of length $2^{49}$ bits generated for different initial values. Moreover, for Grain-128 or Grain-128a, the attack requires about $2^{105}$ operations using a memory of about $2^{82.59}$ bits, assuming availability of $2^{75}$ keystream sequences each of length $2^{76}$ bits generated for different initial values. These results further show that the whole Grain family, due to the choice of tap positions mainly, does not provide enough security margins against internal state recovery attacks. A simple modification of the selection of the tap positions, as a countermeasure against the attacks described here, is given.

07:17 [Pub][ePrint]

We show that the step \"modulo the degree-n field generating irreducible polynomial\" in the classical definition of the GF(2^n) multiplication operation can be avoided. This leads to an alternative representation of the finite field multiplication operation. Combining this representation and the Chinese Remainder Theorem, we design bit-parallel GF(2^n) multipliers for irreducible trinomials u^n + u^k + 1 on GF(2). For some values of n, our architectures have the same time complexity as the fastest bit-parallel multipliers - the quadratic multipliers, but their space complexities are reduced. Take the special irreducible trinomial u^2k +u^k +1 for example, the space complexity of the proposed design is reduced by about 1/8, while the time complexity matches the best result. Our experimental results show that among the 539 values of n such that 4

2014-11-27
22:17 [Forum]

See the following link for the Nit-Picking PLAID response to this Paper https://dl.dropboxusercontent.com/u/41736374/UnpickingReport%20V1.pdf From: 2014-27-11 22:00:58 (UTC)

20:56 [Job][New]

You will consult our customers in the areas concerning embedded and automotive cyber security. The consulting includes, but is not limited to, security analysis of existing security applications, security concepts, architecture of security solutions, and design of secure systems. In addition, your task will be the adjustment and enhancement of existing embedded security solutions. Furthermore you will compile surveys and decision memos for new embedded security technologies and products. Depending on your background, you will also develop customized software for client projects in the area of embedded data security and engage in product development. You will assist sales meetings as a technical expert.

Bachelors Degree in Computer Science, Information Technology or Information Security. Masters Degree preferred

Experience in a position as Security Engineer, Security Consultant, or Information Security Analyst is beneficial, ideally with industry experience and special knowledge in one of the following fields: Cryptography, security, privacy, software development (C/C++ and Java), and embedded systems

Willingness to work in a flexible team; reliable; independent and thoughtful Customer oriented

Send us your application to jobs (at) escrypt.com

20:54 [Event][New]

Submission: 1 May 2015
From May 26 to May 27
Location: Moscow, Russia

05:54 [Event][New]

Submission: 27 April 2015
From September 28 to October 2
Location: Tokyo, Japan

2014-11-26
16:07 [Event][New]

Submission: 10 February 2015
From July 14 to July 17
Location: Verona, Italy

10:17 [Pub][ePrint]

We construct a lattice-based predicate encryption scheme for

multi-dimensional range and multi-dimensional subset queries. Our

scheme is selectively secure and weakly attribute-hiding, and its

security is based on the standard learning with errors (LWE)

assumption. Multi-dimensional range and subset queries capture many interesting applications pertaining to searching on encrypted data. To the best of our knowledge, these are the first lattice-based predicate encryption schemes for functionalities beyond IBE and inner product.

2014-11-25
22:17 [Pub][ePrint]

This paper presents a new and more realistic model for fault attacks and statistical and algebraic techniques to improve fault analysis in general. Our algebraic techniques is an adapted solver for systems of equations based on ElimLin and XSL.

We use these techniques to introduce two new fault attacks on the hardware oriented block cipher Katan32 from the Katan family of block ciphers.

We are able to break full Katan using $4$ faults and $2^{29.04}$ Katan evaluations with a theoretical statistical fault attack and $7.19$ faults in $2^{27.2}$ Katan evaluations with a tested algebraic one.

This is a great improvement over the existing fault attacks which need $115$ and $140$ faults respectively.

Furthermore, our algebraic attack can be executed on a normal computer.

22:17 [Pub][ePrint]

A necessary and sufficient condition for the asymptotic idealness of the Asmuth-Bloom threshold secret sharing scheme is proposed. Apart from this, a comprehensive analysis of the known variants of the Asmuth-Bloom threshold secret sharing scheme is provided, clarifying the security properties achieved by each of them.

22:17 [Pub][ePrint]

We consider a public and keyless code $(\\Enc,\\Dec)$ which is used to encode a message $m$ and derive a codeword $c = \\Enc(m)$. The codeword can be adversarially tampered via a function $f \\in \\F$ from some tampering function family $\\F$, resulting in a tampered value $c\' = f(c)$. We study the different types of security guarantees that can be achieved in this scenario for different families $\\F$ of tampering attacks.

Firstly, we initiate the general study of tamper-detection codes, which must detect that tampering occurred and output $\\Dec(c\') = \\bot$. We show that such codes exist for any family of functions $\\F$ over $n$ bit codewords, as long as $|\\F| < 2^{2^n}$ is sufficiently smaller than the set of all possible functions, and the functions $f \\in \\F$ are further restricted in two ways: (1) they can only have a few fixed points $x$ such that $f(x)=x$, (2) they must have high entropy of $f(x)$ over a random $x$. Such codes can also be made efficient when $|\\F| = 2^{\\poly(n)}$. For example, $\\F$ can be the family of all low-degree polynomials excluding constant and identity polynomials. Such tamper-detection codes generalize the algebraic manipulation detection (AMD) codes of Cramer et al. (EUROCRYPT \'08).

Next, we revisit non-malleable codes, which were introduced by Dziembowski, Pietrzak and Wichs (ICS \'10) and require that $\\Dec(c\')$ either decodes to the original message $m$, or to some unrelated value (possibly $\\bot$) that doesn\'t provide any information about $m$. We give a modular construction of non-malleable codes by combining tamper-detection codes and leakage-resilient codes. This gives an alternate proof of the existence of non-malleable codes with optimal rate for any family $\\F$ of size $|\\F| < 2^{2^n}$, as well as efficient constructions for families of size $|\\F| = 2^{\\poly(n)}$.

Finally, we initiate the general study of continuous non-malleable codes, which provide a non-malleability guarantee against an attacker that can tamper a codeword multiple times. We define several variants of the problem depending on: (I) whether tampering is persistent and each successive attack modifies the codeword that has been modified by previous attacks, or whether tampering is non-persistent and is always applied to the original codeword, (II) whether we can self-destruct and stop the experiment if a tampered codeword is ever detected to be invalid or whether the attacker can always tamper more. In the case of persistent tampering and self-destruct (weakest case), we get a broad existence results, essentially matching what\'s known for standard non-malleable codes. In the case of non-persistent tampering and no self-destruct (strongest case), we must further restrict the tampering functions to have few fixed points and high entropy. The two intermediate cases correspond to requiring only one of the above two restrictions.

These results have applications in cryptography to related-key attack (RKA) security and to protecting devices against tampering attacks without requiring state or randomness.