International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2015-01-12
10:17 [Pub][ePrint] Multilinear Maps Using Ideal Lattices without Encodings of Zero, by Gu Chunsheng

  Recently, Garg, Gentry and Halevi (GGH) described the first candidate multilinear maps using ideal lattices. However, there exists zeroizing attack in the GGH construction. We first describe an improved construction of multilinear maps from ideal lattices, by multiplying matrices on both sides of the level-1 encoding of non-zero element. The security of our construction depends upon new hardness assumption, which is seemingly closely related to hardness problems of lattices. Then, we describe an asymmetric construction to avoid any nontrivial encoding of zero. Using our constructions over polynomial ring instead of integer ring, we implement one-round multipartite Diffie-Hellman key exchange protocol to decrease the public parameter size.



10:17 [Pub][ePrint] Non-Abelian Analogs of Lattice Rounding, by Evgeni Begelfor and Stephen D. Miller and Ramarathnam Venkatesan

  Lattice rounding in Euclidean space can be viewed as finding the nearest point in the orbit of an action by a discrete group, relative to the norm inherited from the ambient space. Using this point of view, we initiate the study of non-abelian analogs of lattice rounding involving matrix groups. In one direction, we give an algorithm for solving a normed word problem when the inputs are random products over a basis set, and give theoretical justification for its success. In another direction, we prove a general inapproximability result which essentially rules out strong approximation algorithms (i.e., whose approximation factors depend only on dimension) analogous to LLL in the general case.



09:21 [Event][New] ICCC 2015: International Conference on Coding and Cryptography

  Submission: 10 July 2015
Notification: 1 October 2015
From November 2 to November 5
Location: Algiers, Algeria
More Information: http://www.latn.usthb.dz/spip.php?article35




2015-01-10
22:17 [Forum] [2014 Reports] 2014/728 Unpicking PLAID response - Nit-Picking PLAID by Graeme.Freedman

  See the following link for the Nit-Picking PLAID response to this Paper https://dl.dropboxusercontent.com/u/41736374/UnpickingReport%20V1.pdf From: 2014-27-11 22:00:58 (UTC)

22:17 [Forum] [2014 Reports] Re: 2014/728 Unpicking PLAID response - Nit-Picking PLAID by tommaso.gagliardoni

  On behalf of the "Unpicking PLAID" research team, I would like to point out that our response to this report is available from: http://www.cryptoplexity.informatik.tu-darmstadt.de/media/crypt/pdf/plaid-editorreport-response.pdf This response expresses our viewpoint on that report, rectifying some misrepresented facts and countering false allegations. In particular (but not limited to): 1) The author(s) of the report seem to consistently confuse the mere lack of known attacks with a proof of security. 2) They argue about a lack of a formal definition of privacy in our work and digress into musing about an Oxford dictionary definition of privacy. Our paper, however, allows the reader to easily infer what our attacks against the ISO standard achieve: tracing cards across executions, and identifying the supported key set of a card. None of these attacks should be possible according to PLAID\'s own claims of privacy. 3) They try to minimise the impact of our attacks, based on the availability of CPLC data, implying that CPLC data is anyway always available even in privacy-sensitive scenarios - which is incorrect. Furthermore, they completely ignore our fingerprinting attack on key sets, and focus only on the RSA fingerprinting attack. 4) They credit us for claims which we never made, and misrepresent the timeline and references in our paper. Finally, we wish to remark that the personal email correspondence with Professors Fischlin and Paterson, linked to in Annex A of the project editor\'s report, was published without their consent. We consider the situation to be self-explanatory, and encourage readers to draw their own conclusions. Sincerely, The "Unpicking PLAID" team. From: 2015-08-01 09:52:28 (UTC)

00:14 [Job][New] Lecturer, University of Wollongong

 

• School of Computer Science and Software Engineering

• Full Time, Fixed Term (3 year) Appointment

• Level B

• Ref No: 25277

The School is one of leading computing schools in Australia. It conducts research in a number of thematic areas including Intelligent Systems, Software Engineering, Computer and Information Security, Visual Information Processing and Multimedia Content Management.

The School of Computer Science and Software Engineering is one of seven Schools with the Faculty of Engineering and Information Sciences. It delivers a full range of quality courses, both onshore and offshore (Dubai, Singapore, Malaysia), ranging from undergraduate Bachelor’s degrees, through Coursework and Research Masters to PhD.

This position will teach and coordinate subjects in the School at undergraduate and postgraduate level; contribute to the research in information security and cryptography and supervise research students. You will work closely with the Head of School and other staff on the introduction, revision and maintenance of undergraduate and postgraduate subjects.

To apply for this position you will need to address the selection criteria as part of your application which is located within the position description below.

Apply online: http://uow.employment.com.au/jobs/Lecturer/1635





2015-01-08
11:48 [Event][New] ESORICS 2015: 20th European Symposium on Research in Computer Security

  Submission: 4 April 2015
Notification: 15 June 2015
From September 23 to September 25
Location: Vienna, Austria
More Information: http://www.esorics2015.sba-research.org


10:17 [Forum] [IACR Publication Reform] Re: 2014/728 Unpicking PLAID response - Nit-Picking PLAID by tommaso.gagliardoni

  On behalf of the "Unpicking PLAID" research team, I would like to point out that our response to this report is available from: http://www.cryptoplexity.informatik.tu-darmstadt.de/media/crypt/pdf/plaid-editorreport-response.pdf This response expresses our viewpoint on that report, rectifying some misrepresented facts and countering false allegations. In particular (but not limited to): 1) The author(s) of the report seem to consistently confuse the mere lack of known attacks with a proof of security. 2) They argue about a lack of a formal definition of privacy in our work and digress into musing about an Oxford dictionary definition of privacy. Our paper, however, allows the reader to easily infer what our attacks against the ISO standard achieve: tracing cards across executions, and identifying the supported key set of a card. None of these attacks should be possible according to PLAID\'s own claims of privacy. 3) They try to minimise the impact of our attacks, based on the availability of CPLC data, implying that CPLC data is anyway always available even in privacy-sensitive scenarios - which is incorrect. Furthermore, they completely ignore our fingerprinting attack on key sets, and focus only on the RSA fingerprinting attack. 4) They credit us for claims which we never made, and misrepresent the timeline and references in our paper. Finally, we wish to remark that the personal email correspondence with Professors Fischlin and Paterson, linked to in Annex A of the project editor\'s report, was published without their consent. We consider the situation to be self-explanatory, and encourage readers to draw their own conclusions. Sincerely, The "Unpicking PLAID" team. From: 2015-08-01 09:52:28 (UTC)

10:17 [Pub][ePrint] Block Cipher Speed and Energy Efficiency Records on the MSP430: System Design Trade-Offs for 16-bit Embedded Applications, by Benjamin Buhrow and Paul Riemer and Mike Shea and Barry Gilbert and Erik D

  Embedded microcontroller applications often experience multiple limiting constraints: memory, speed, and for a wide range of portable devices, power. Applications requiring encrypted data must simultaneously optimize the block cipher algorithm and implementation choice against these limitations. To this end we investigate block cipher implementations that are optimized for speed and energy efficiency, the primary metrics of devices such as the MSP430 where constrained memory resources nevertheless allow a range of implementation choices. The results set speed and energy efficiency records for the MSP430 device at 132 cycles/byte and 2.18 uJ/block for AES-128 and 103 cycles/byte and 1.44 uJ/block for equivalent block and key sizes using the lightweight block cipher SPECK. We provide a comprehensive analysis of size, speed, and energy consumption for 24 different variations of AES and 20 different variations of SPECK, to aid system designers of microcontroller platforms optimize the memory and energy usage of secure applications.



05:52 [Event][New] ProvSec'15: The Ninth International Conference on Provable Security

  Submission: 17 June 2015
Notification: 24 August 2015
From November 24 to November 26
Location: Kanazawa, Japan
More Information: https://security-lab.jaist.ac.jp/provsec2015/




2015-01-07
10:17 [Pub][ePrint] Rig: A simple, secure and flexible design for Password Hashing, by Donghoon Chang and Arpan Jati and Sweta Mishra and Somitra Kumar Sanadhya

  Password Hashing, a technique commonly implemented by a server to protect passwords of clients, by performing a one-way transformation on the password, turning it into another string called the hashed password. In this paper, we introduce a secure password hashing framework Rig which is based on secure cryptographic hash functions. It provides the flexibility to choose different functions for different phases of the construction. The design of the scheme is very simple to implement in software and is flexible as the memory parameter is independent of time parameter (no actual time and memory trade-o) and is strictly sequential (difficult to parallelize) with comparatively huge memory consumption that provides strong resistance against attackers using multiple processing units. It supports client-independent updates, i.e., the server can increase the security parameters by updating the existing password hashes without knowing the password. Rig can also support the server relief protocol where the client bears the maximum effort to compute the password hash, while there is minimal effort at the server side. We analyze Rig and show that our proposal provides an exponential time complexity against the low-memory attack.