*13:17* [Pub][ePrint]
CamlCrush: A PKCS\\#11 Filtering Proxy, by R. Benadjila and T. Calderon and M. Daubignard
PKCS\\#11 is a very popular cryptographic API: it is the standard used by many Hardware Security Modules, smartcards and software cryptographic tokens. Several attacks have been uncovered againstPKCS\\#11 at different levels: intrinsic logical flaws, cryptographic

vulnerabilities or severe compliance issues. Since affected hardware remains widespread in computer infrastructures, we propose a user-centric and pragmatic approach for secure usage of vulnerable devices.

We introduce \\textit{Caml Crush}, a PKCS\\#11 filtering proxy. Our solution allows to dynamically protect PKCS\\#11 cryptographic tokens from state of the art attacks. This is the first approach that is immediately applicable to commercially available products. We provide a fully functional open source implementation with an extensible filter engine effectively shielding critical resources. This yields additional advantages to using \\textit{Caml Crush} that go beyond classical PKCS\\#11 weakness mitigations.

*13:17* [Pub][ePrint]
Optimally Efficient Multi-Party Fair Exchange and Fair Secure Multi-Party Computation, by Handan Kılınç and Alptekin Küpçü
Multi-party fair exchange (MFE) and fair secure multi-party computation (fair SMPC) are under-studied fields of research, with practical importance. We examine MFE scenarios where every participant has some item, and at the end of the proto- col, either every participant receives every other participant\'s item, or no participant receives anything. This is a particularly hard scenario, even though it is directly ap- plicable to protocols such as fair SMPC or multi-party contract signing. We further generalize our protocol to work for any exchange topology. We analyze the case where a trusted third party (TTP) is optimistically available, although we emphasize that the trust put on the TTP is only regarding the fairness, and our protocols preserve the privacy of the exchanged items even against a malicious TTP.We construct an asymptotically optimal (for the complete topology) multi-party fair exchange protocol that requires a constant number of rounds, in comparison to linear, and O(n^2) messages, in comparison to cubic, where n is the number of par- ticipating parties. We enable the parties to efficiently exchange any item that can be efficiently put into a verifiable escrow (e.g., signatures on a contract). We show how to apply this protocol on top of any SMPC protocol to achieve a fairness guarantee with very little overhead, especially if the SMPC protocol works with arithmetic cir- cuits. Our protocol guarantees fairness in its strongest sense: even if all n − 1 other participants are malicious and colluding, fairness will hold.

*13:17* [Pub][ePrint]
A lightweight-friendly modifcation of GOST block cipher, by Andrey Dmukh and Denis Dygin and Grigory Marshalko
We study the possibility of GOST block cipher modifcation in such way, thatit would resist Isobe and Dinur-Dunkelman-Shamir attacks, and, at the same time,

would be still lightweight-friendly.

*13:17* [Pub][ePrint]
Arithmetic Addition over Boolean Masking - Towards First- and Second-Order Resistance in Hardware, by Tobias Schneider and Amir Moradi and Tim Güneysu
A common countermeasure to thwart side-channel analysis attacks is algorithmic masking. For this, algorithms that mix Boolean and arithmetic operations need to either apply two different masking schemes with secure conversions or use dedicated arithmetic units that can process Boolean masked values. Several proposals have been published that can realize these approaches securely and efficiently in software. But to the best of our knowledge, no hardware design exists that fulfills relevant properties such as efficiency and security at the same time.In this paper, we present two design strategies to realize a secure and efficient arithmetic adder for Boolean-masked values. First, we introduce an architecture based on the ripple-carry adder that targets low-cost applications. The second architecture is based on a pipelined Kogge-Stone adder and targets high-performance applications. In particular, all our implementations adopt the threshold implementation approach to improve their resistance against SCA attacks even in the presence of glitches. We evaluated the security of our designs practically against SCA using a non-specific statistical t-test. Based on our analysis, we show that our constructions not only achieve resistance against first- and (univariate) second-order attacks but also require fewer random bits per operation compared to any existing software-based approach.

*13:17* [Pub][ePrint]
An Alternative Approach to Non-black-box Simulation in Fully Concurrent Setting, by Susumu Kiyoshima
We give a new proof of the existence of public-coin concurrent zero-knowledge arguments for NP in the plain model under standard assumptions (the existence of one-to-one one-way functions and collision-resistant hash functions), which was originally proven by Goyal (STOC\'13).In the proof, we use a new variant of the non-black-box simulation technique of Barak (FOCS\'01). An important property of our simulation technique is that the simulator runs in a straight-line manner in the fully concurrent setting. Compared with the simulation technique of Goyal, which also has such a property, the analysis of our simulation technique is (arguably) simpler.