International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2015-01-19
09:23 [Event][New]

Submission: 25 January 2015
From May 21 to May 21
Location: San Jose, USA

2015-01-18
12:56 [Job][New]

We are looking for a research scientist (post-doc) in cryptography with a special emphasis on topics relevant in the context of security and privacy for cloud environments. Ideally you have experience in fields like multi-party computation, distributed cryptography, rational cryptography or privacy enhancing technologies.

You will be mainly involved in a EU research project on cloud cryptography with tasks related to the design of cryptography for novel distributed information sharing systems.

• Project homepage (avail. Feb. 2015): https://prismacloud.eu

• AIT Safety&Security Department: http://www.ait.ac.at/departments/digital-safety-security

2015-01-17
10:17 [Pub][ePrint]

E-voting protocols aim at achieving a wide range of sophisticated security properties and, consequently, commonly employ advanced cryptographic primitives. This makes their design as well as rigorous analysis quite challenging. As a matter of fact, existing

automated analysis techniques, which are mostly based on automated

theorem provers, are inadequate to deal with commonly used

cryptographic primitives, such as homomorphic encryption and mix-nets, as well as some fundamental security properties, such as

verifiability.

This work presents a novel approach based on refinement type systems

for the automated analysis of e-voting protocols. Specifically, we

design a generically applicable logical theory which, based on pre-

and post-conditions for security-critical code, captures and guides

the type-checker towards the verification of two fundamental

properties of e-voting protocols, namely, vote privacy and

verifiability. We further develop a code-based cryptographic

abstraction of the cryptographic primitives commonly used in

e-voting protocols, showing how to make the underlying algebraic

properties accessible to automated verification through logical

refinements. Finally, we demonstrate the effectiveness of our

approach by developing the first automated analysis of Helios, a

popular web-based e-voting protocol, using an off-the-shelf

type-checker.

10:17 [Pub][ePrint]

A few work has ever been performed in cryptanalysis of block ciphers using cube attacks. This paper presents a new framework for an efficient key recovery attack on block ciphers based on cube technique. In this method, a cube tester is positioned at the middle of the cipher which is extended in two directions over the maximum possible upper and lower rounds, given that some subkey bits are guessed. It is shown that an automated algorithm for this dynamic cube attack on block ciphers can be realized. Furthermore, we show its effectiveness on two lightweight block ciphers KATAN and SIMON. Our results shows that this method can break 117 and 152 out of 254 rounds of KATAN-32 in non-full-codebook and full-codebook attack scenarios, respectively. In the case of SIMON32/64, we succeed to cryptanalyse 16 and 18 out of 32 rounds, by the same scenarios. Both results show that although this method does not outperform all the existing attacks on these two ciphers, it can absolutely compete with the well-established and mature methods of cryptanalysis of block ciphers, such as linear, differential and meet in

the middle attack families.

10:17 [Pub][ePrint]

In this paper, we assess the practicability of HashSieve, a recently proposed sieving algorithm for the Shortest Vector Problem (SVP) on lattices, on multi-core shared memory systems. To this end, we devised a parallel implementation that scales well, and is based on a probable lock-free system to handle concurrency. The probable lock-free system, implemented with spin-locks and compare-and-swap operations, acts, likely, as a lock-free mechanism, since threads block only when strictly required and chances are that they are not required to block, because resource contention is very low. With our implementation, we were able to solve the SVP on an arbitrary lattice in dimension 96, in less than 17.5 hours, using 16 physical cores. The least squares fit of the execution times of our implementation, in seconds, lies between $2^{(0.32n-15)}$ or $2^{(0.33n-16)}$, which indicates that sieving algorithms are indeed way more practical than believed.

10:17 [Pub][ePrint]

Lattice-based encryption schemes still suffer from a low message throughput per ciphertext. This is mainly due to the fact that the underlying schemes do not tap the full potentials of LWE. Many constructions still follow the one-time-pad approach considering LWE instances as random vectors added to a message, most often encoded bit vectors. Recently, at Financial Crypto 2015 El Bansarkhani et al. proposed a novel encryption scheme based on the A-LWE assumption (Augmented LWE), where data is embedded into the error term without changing its target distributions. By this novelty it is possible to encrypt much more data as compared to the traditional one-time-pad approach and it is even possible to combine both concepts. In this paper we revisit this approach and propose amongst others several algebraic techniques in order to significantly improve the message throughput per ciphertext. Furthermore, we give a thorough security analysis as well as an efficient implementation of the CCA1-secure encryption scheme instantiated with the most efficient trapdoor construction. In particular, we attest that it even outperforms the CPA-secure encryption scheme from Lindner and Peikert presented at CT-RSA 2011.

2015-01-16
15:33 [Event][New]

Submission: 24 April 2015
From September 28 to September 30
Location: Florence, Italy

15:32 [Event][New]

Submission: 2 March 2015
From August 24 to August 28
Location: Toulouse, France

15:31 [Event][New]

Submission: 15 March 2015
From June 11 to June 12
Location: Gaithersburg, USA

10:17 [Pub][ePrint]

In the first part of this work, we introduce a new type of pseudo-random function for which aggregate queries\'\' over exponential-sized sets can be efficiently answered. An example of an aggregate query may be the product of all function values

belonging to an exponential-sized interval, or the sum of all function values on points for which a polynomial time predicate holds. We show how to use algebraic properties of underlying

classical pseudo random functions, to construct aggregatable pseudo random functions for a number of classes of aggregation queries under cryptographic hardness assumptions. On the flip side, we show that certain aggregate queries are impossible to support.

In the second part of this work, we show how various extensions of pseudo-random functions considered recently in the cryptographic literature, yield impossibility results for various extensions of machine learning models, continuing a line of investigation originated by Valiant and Kearns in the 1980s and 1990s. The extended pseudo-random functions we address include constrained pseudo random functions, aggregatable pseudo random functions, and pseudo random functions secure under related-key attacks.

2015-01-15
19:17 [Pub][ePrint]

At AFRICACRYPT 2010 and CARDIS 2011, fresh re-keying schemes to counter side-channel and fault attacks were introduced. The idea behind those schemes is to shift the main burden of side-channel protection to a re-keying function $g$ that is easier to protect than the main block cipher. This function produces new session keys based on the secret master key and random nonces for every block of message that is encrypted. In this paper, we present a generic chosen-plaintext key-recovery attack on both fresh re-keying schemes. The attack is based on two observations: Since session key collisions for the same message are easy to detect, it is possible to recover one session key with a simple time-memory trade-off strategy; and if the re-keying function is easy to invert (such as the suggested multiplication constructions), the attacker can use the session key to recover the master key. The attack has a complexity of about $2 \\cdot 2^{n/2}$ (instead of the expected $2^n$) for an $n$-bit key. For the typically employed block cipher AES-128, this would result in a key-recovery attack complexity of only $2^{65}$. If weaker primitives like 80-bit PRESENT are used, even lower attack complexities are possible.