International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

07:17 [Pub][ePrint] Jackpot Stealing Information From Large Caches via Huge Pages, by Gorka Irazoqui and Thomas Eisenbarth and Berk Sunar

  The cloud computing infrastructure relies on virtualized servers that provide isolation across guest OS\'s through sandboxing. This isolation was demonstrated to be imperfect in past work whichexploited hardware level information leakages to gain access to sensitive information across co-locatedvirtual machines (VMs). In response virtualization companies and cloud services providers have disabled features such as deduplication to prevent such attacks.

In this work, we introduce a ne-grain cross-core cache attack that exploits access time variations on the last level cache. The attack exploits huge pages to work across VM boundaries without requiring

deduplication. No conguration changes on the victim OS are needed, making the attack quite viable. Furthermore, only machine co-location is required, while the target and victim OS can still reside on

diferent cores of the machine. Our new attack is a variation of the prime and probe cache attack whose applicability at the time is limited to L1 cache. In contrast, our attack works in the spirit of the flush and reload attack targeting the shared L3 cache instead. Indeed, by adjusting the huge page size our attack can be customized to work virtually at any cache level/size. We demonstrate the viability of the attack by targeting an OpenSSL1.0.1f implementation of AES. The attack recovers AES keys in the cross-VM setting on Xen 4.1 with deduplication disabled, being only slightly less ecient than the flush and reload attack. Given that huge pages are a standard feature enabled in the memory management unit of OS\'s and that besides co-location no additional assumptions are needed, the attack we present poses a signicant risk to existing cloud servers.

07:17 [Pub][ePrint] Key recovery attacks on Grain family using BSW sampling and certain weaknesses of the filtering function, by Y. Wei and E. Pasalic and F. Zhang and W. Wu

  A novel internal state recovery attack on the whole Grain family of ciphers is proposed in this work. It basically uses the ideas of BSW sampling along with employing a weak placement of the tap positions of the driving LFSRs. The currently best known complexity trade-offs are obtained, and due to the structure of Grain family these attacks are also key recovery attacks. It is shown that the internal state of Grain-v1 can be recovered with the time complexity of about $2^{66}$ operations using a memory of about $2^{58.91}$ bits, assuming availability of $2^{45}$ keystream sequences each of length $2^{49}$ bits generated for different initial values. Moreover, for Grain-128 or Grain-128a, the attack requires about $2^{105}$ operations using a memory of about $2^{82.59}$ bits, assuming availability of $2^{75}$ keystream sequences each of length $2^{76}$ bits generated for different initial values. These results further show that the whole Grain family, due to the choice of tap positions mainly, does not provide enough security margins against internal state recovery attacks. A simple modification of the selection of the tap positions, as a countermeasure against the attacks described here, is given.

07:17 [Pub][ePrint] A Chinese Remainder Theorem Approach to Bit-Parallel GF(2^n) Polynomial Basis Multipliers for Irreducible Trinomials, by Haining Fan

  We show that the step \"modulo the degree-n field generating irreducible polynomial\" in the classical definition of the GF(2^n) multiplication operation can be avoided. This leads to an alternative representation of the finite field multiplication operation. Combining this representation and the Chinese Remainder Theorem, we design bit-parallel GF(2^n) multipliers for irreducible trinomials u^n + u^k + 1 on GF(2). For some values of n, our architectures have the same time complexity as the fastest bit-parallel multipliers - the quadratic multipliers, but their space complexities are reduced. Take the special irreducible trinomial u^2k +u^k +1 for example, the space complexity of the proposed design is reduced by about 1/8, while the time complexity matches the best result. Our experimental results show that among the 539 values of n such that 4

22:17 [Forum] [IACR Publication Reform] 2014/728 Unpicking PLAID response - Nit-Picking PLAID by Graeme.Freedman

  See the following link for the Nit-Picking PLAID response to this Paper From: 2014-27-11 22:00:58 (UTC)

20:56 [Job][New] Security Engineer, ESCRYPT INC

  Your responsibilities:

You will consult our customers in the areas concerning embedded and automotive cyber security. The consulting includes, but is not limited to, security analysis of existing security applications, security concepts, architecture of security solutions, and design of secure systems. In addition, your task will be the adjustment and enhancement of existing embedded security solutions. Furthermore you will compile surveys and decision memos for new embedded security technologies and products. Depending on your background, you will also develop customized software for client projects in the area of embedded data security and engage in product development. You will assist sales meetings as a technical expert.

Your competencies and qualifications:

Bachelors Degree in Computer Science, Information Technology or Information Security. Masters Degree preferred

Experience in a position as Security Engineer, Security Consultant, or Information Security Analyst is beneficial, ideally with industry experience and special knowledge in one of the following fields: Cryptography, security, privacy, software development (C/C++ and Java), and embedded systems

Willingness to work in a flexible team; reliable; independent and thoughtful Customer oriented

Send us your application to jobs (at)

20:54 [Event][New] PHDays: Positive Hack Days

  Submission: 1 May 2015
From May 26 to May 27
Location: Moscow, Russia
More Information:

05:54 [Event][New] QCrypt 2015: The 5th International Conference on Quantum Cryptography

  Submission: 27 April 2015
Notification: 22 June 2015
From September 28 to October 2
Location: Tokyo, Japan
More Information:

16:07 [Event][New] CSF'15: 28th IEEE Computer Security Foundations Symposium

  Submission: 10 February 2015
Notification: 6 April 2015
From July 14 to July 17
Location: Verona, Italy
More Information:

10:17 [Pub][ePrint] Predicate Encryption for Multi-Dimensional Range Queries from Lattices, by Romain Gay and Pierrick Méaux and Hoeteck Wee

  We construct a lattice-based predicate encryption scheme for

multi-dimensional range and multi-dimensional subset queries. Our

scheme is selectively secure and weakly attribute-hiding, and its

security is based on the standard learning with errors (LWE)

assumption. Multi-dimensional range and subset queries capture many interesting applications pertaining to searching on encrypted data. To the best of our knowledge, these are the first lattice-based predicate encryption schemes for functionalities beyond IBE and inner product.

22:17 [Pub][ePrint] Algebraic Fault Analysis of Katan, by Frank Quedenfeld

  This paper presents a new and more realistic model for fault attacks and statistical and algebraic techniques to improve fault analysis in general. Our algebraic techniques is an adapted solver for systems of equations based on ElimLin and XSL.

We use these techniques to introduce two new fault attacks on the hardware oriented block cipher Katan32 from the Katan family of block ciphers.

We are able to break full Katan using $4$ faults and $2^{29.04}$ Katan evaluations with a theoretical statistical fault attack and $7.19$ faults in $2^{27.2}$ Katan evaluations with a tested algebraic one.

This is a great improvement over the existing fault attacks which need $115$ and $140$ faults respectively.

Furthermore, our algebraic attack can be executed on a normal computer.

22:17 [Pub][ePrint] On the Asymptotic Idealness of the Asmuth-Bloom Threshold Secret Sharing Scheme, by Constantin Catalin Dragan and Ferucio Laurentiu Tiplea

  A necessary and sufficient condition for the asymptotic idealness of the Asmuth-Bloom threshold secret sharing scheme is proposed. Apart from this, a comprehensive analysis of the known variants of the Asmuth-Bloom threshold secret sharing scheme is provided, clarifying the security properties achieved by each of them.