International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2015-01-12
10:17 [Pub][ePrint] Simpler Efficient Group Signatures from Lattices, by Phong Q. Nguyen and Jiang Zhang and Zhenfeng Zhang

  A group signature allows a group member to anonymously sign messages on behalf of the group. In the past few years, new group signatures

based on lattice problems have appeared: the most efficient lattice-based constructions are due to Laguillaumie {\\it et al.} (Asiacrypt \'13)

and Langlois {\\it et al.} (PKC \'14). Both have at least $O(n^2\\log^2 n \\log N)$-bit group public key and $O(n\\log^3 n\\log N)$-bit signature,

where $n$ is the security parameter and $N$ is the maximum number of group members. In this paper, we present a simpler lattice-based group signature, which is more efficient by a $O(\\log N)$ factor in both the group public key and the signature size. We achieve this by using a new non-interactive zero-knowledge (NIZK) proof corresponding to a simple identity-encoding function.

The security of our group signature can be reduced to the hardness of SIS and LWE in the random oracle model.



10:17 [Pub][ePrint] Non-Malleable Condensers for Arbitrary Min-Entropy, and Almost Optimal Protocols for Privacy Amplification, by Xin Li

  Recently, the problem of privacy amplification with an active adversary has received a lot of attention. Given a shared $n$-bit weak random source $X$ with min-entropy $k$ and a security parameter $s$, the main goal is to construct an explicit 2-round privacy amplification protocol that achieves entropy loss $O(s)$. Dodis and Wichs \\cite{DW09} showed that optimal protocols can be achieved by constructing explicit \\emph{non-malleable extractors}. However, the best known explicit non-malleable extractor only achieves $k=0.49n$ \\cite{Li12b} and evidence in \\cite{Li12b} suggests that constructing explicit non-malleable extractors for smaller min-entropy may be hard. In an alternative approach, Li \\cite{Li12} introduced the notion of a non-malleable condenser and showed that explicit non-malleable condensers also give optimal privacy amplification protocols.

In this paper, we give the first construction of non-malleable condensers for arbitrary min-entropy. Using our construction, we obtain a 2-round privacy amplification protocol with optimal entropy loss for security parameter up to $s=\\Omega(\\sqrt{k})$. This is the first protocol that simultaneously achieves optimal round complexity and optimal entropy loss for arbitrary min-entropy $k$. We also generalize this result to obtain a protocol that runs in $O(s/\\sqrt{k})$ rounds with optimal entropy loss, for security parameter up to $s=\\Omega(k)$. This significantly improves the protocol in \\cite{ckor}. Finally, we give a better non-malleable condenser for linear min-entropy, and in this case obtain a 2-round protocol with optimal entropy loss for security parameter up to $s=\\Omega(k)$, which improves the entropy loss and communication complexity of the protocol in \\cite{Li12b}.



10:17 [Pub][ePrint] TMSUI: A Trust Management Scheme of USB Storage Devices for Industrial Control Systems, by Bo Yang and Dengguo Feng and Yu Qin and Yingjun Zhang and Weijin Wang

  The security of sensitive data and the safety of control signal are two core issues in industrial control system (ICS). However, the prevalence of USB storage devices brings a great challenge on protecting ICS in those respects. Unfortunately, there is currently no solution especially for ICS to provide a complete defense against data transmission between untrusted USB storage devices and critical equipment without forbidding normal USB device function. This paper proposes a trust management scheme of USB storage devices for ICS (TMSUI). By fully considering the background of application scenarios, TMSUI is designed based on security chip to achieve authoring a certain USB storage device to only access some exact protected terminals in ICS for a particular period of time. The issues about digital forensics and revocation of authorization are discussed. The prototype system is nally implemented and the evaluation on it indicates that TMSUI eectively meets the security goals with high compatibility and good performance.



10:17 [Pub][ePrint] Multilinear Maps Using Ideal Lattices without Encodings of Zero, by Gu Chunsheng

  Recently, Garg, Gentry and Halevi (GGH) described the first candidate multilinear maps using ideal lattices. However, there exists zeroizing attack in the GGH construction. We first describe an improved construction of multilinear maps from ideal lattices, by multiplying matrices on both sides of the level-1 encoding of non-zero element. The security of our construction depends upon new hardness assumption, which is seemingly closely related to hardness problems of lattices. Then, we describe an asymmetric construction to avoid any nontrivial encoding of zero. Using our constructions over polynomial ring instead of integer ring, we implement one-round multipartite Diffie-Hellman key exchange protocol to decrease the public parameter size.



10:17 [Pub][ePrint] Non-Abelian Analogs of Lattice Rounding, by Evgeni Begelfor and Stephen D. Miller and Ramarathnam Venkatesan

  Lattice rounding in Euclidean space can be viewed as finding the nearest point in the orbit of an action by a discrete group, relative to the norm inherited from the ambient space. Using this point of view, we initiate the study of non-abelian analogs of lattice rounding involving matrix groups. In one direction, we give an algorithm for solving a normed word problem when the inputs are random products over a basis set, and give theoretical justification for its success. In another direction, we prove a general inapproximability result which essentially rules out strong approximation algorithms (i.e., whose approximation factors depend only on dimension) analogous to LLL in the general case.



09:21 [Event][New] ICCC 2015: International Conference on Coding and Cryptography

  Submission: 10 July 2015
Notification: 1 October 2015
From November 2 to November 5
Location: Algiers, Algeria
More Information: http://www.latn.usthb.dz/spip.php?article35




2015-01-10
22:17 [Forum] [2014 Reports] 2014/728 Unpicking PLAID response - Nit-Picking PLAID by Graeme.Freedman

  See the following link for the Nit-Picking PLAID response to this Paper https://dl.dropboxusercontent.com/u/41736374/UnpickingReport%20V1.pdf From: 2014-27-11 22:00:58 (UTC)

22:17 [Forum] [2014 Reports] Re: 2014/728 Unpicking PLAID response - Nit-Picking PLAID by tommaso.gagliardoni

  On behalf of the "Unpicking PLAID" research team, I would like to point out that our response to this report is available from: http://www.cryptoplexity.informatik.tu-darmstadt.de/media/crypt/pdf/plaid-editorreport-response.pdf This response expresses our viewpoint on that report, rectifying some misrepresented facts and countering false allegations. In particular (but not limited to): 1) The author(s) of the report seem to consistently confuse the mere lack of known attacks with a proof of security. 2) They argue about a lack of a formal definition of privacy in our work and digress into musing about an Oxford dictionary definition of privacy. Our paper, however, allows the reader to easily infer what our attacks against the ISO standard achieve: tracing cards across executions, and identifying the supported key set of a card. None of these attacks should be possible according to PLAID\'s own claims of privacy. 3) They try to minimise the impact of our attacks, based on the availability of CPLC data, implying that CPLC data is anyway always available even in privacy-sensitive scenarios - which is incorrect. Furthermore, they completely ignore our fingerprinting attack on key sets, and focus only on the RSA fingerprinting attack. 4) They credit us for claims which we never made, and misrepresent the timeline and references in our paper. Finally, we wish to remark that the personal email correspondence with Professors Fischlin and Paterson, linked to in Annex A of the project editor\'s report, was published without their consent. We consider the situation to be self-explanatory, and encourage readers to draw their own conclusions. Sincerely, The "Unpicking PLAID" team. From: 2015-08-01 09:52:28 (UTC)

00:14 [Job][New] Lecturer, University of Wollongong

 

• School of Computer Science and Software Engineering

• Full Time, Fixed Term (3 year) Appointment

• Level B

• Ref No: 25277

The School is one of leading computing schools in Australia. It conducts research in a number of thematic areas including Intelligent Systems, Software Engineering, Computer and Information Security, Visual Information Processing and Multimedia Content Management.

The School of Computer Science and Software Engineering is one of seven Schools with the Faculty of Engineering and Information Sciences. It delivers a full range of quality courses, both onshore and offshore (Dubai, Singapore, Malaysia), ranging from undergraduate Bachelor’s degrees, through Coursework and Research Masters to PhD.

This position will teach and coordinate subjects in the School at undergraduate and postgraduate level; contribute to the research in information security and cryptography and supervise research students. You will work closely with the Head of School and other staff on the introduction, revision and maintenance of undergraduate and postgraduate subjects.

To apply for this position you will need to address the selection criteria as part of your application which is located within the position description below.

Apply online: http://uow.employment.com.au/jobs/Lecturer/1635





2015-01-08
11:48 [Event][New] ESORICS 2015: 20th European Symposium on Research in Computer Security

  Submission: 4 April 2015
Notification: 15 June 2015
From September 23 to September 25
Location: Vienna, Austria
More Information: http://www.esorics2015.sba-research.org


10:17 [Forum] [IACR Publication Reform] Re: 2014/728 Unpicking PLAID response - Nit-Picking PLAID by tommaso.gagliardoni

  On behalf of the "Unpicking PLAID" research team, I would like to point out that our response to this report is available from: http://www.cryptoplexity.informatik.tu-darmstadt.de/media/crypt/pdf/plaid-editorreport-response.pdf This response expresses our viewpoint on that report, rectifying some misrepresented facts and countering false allegations. In particular (but not limited to): 1) The author(s) of the report seem to consistently confuse the mere lack of known attacks with a proof of security. 2) They argue about a lack of a formal definition of privacy in our work and digress into musing about an Oxford dictionary definition of privacy. Our paper, however, allows the reader to easily infer what our attacks against the ISO standard achieve: tracing cards across executions, and identifying the supported key set of a card. None of these attacks should be possible according to PLAID\'s own claims of privacy. 3) They try to minimise the impact of our attacks, based on the availability of CPLC data, implying that CPLC data is anyway always available even in privacy-sensitive scenarios - which is incorrect. Furthermore, they completely ignore our fingerprinting attack on key sets, and focus only on the RSA fingerprinting attack. 4) They credit us for claims which we never made, and misrepresent the timeline and references in our paper. Finally, we wish to remark that the personal email correspondence with Professors Fischlin and Paterson, linked to in Annex A of the project editor\'s report, was published without their consent. We consider the situation to be self-explanatory, and encourage readers to draw their own conclusions. Sincerely, The "Unpicking PLAID" team. From: 2015-08-01 09:52:28 (UTC)