International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2015-02-10
07:17 [Pub][ePrint] The Sum Can Be Weaker Than Each Part, by Gaëtan Leurent and Lei Wang

  In this paper we study the security of summing the outputs of two

independent hash functions, in an effort to increase the security of the

resulting design, or to hedge against the failure of one of the hash

functions. The exclusive-or (XOR) combiner H1(M)+H2(M) is one of the

two most classical combiners, together with the concatenation combiner

H1(M)||H2(M). While the security of the concatenation of two hash

functions is well understood since Joux\'s seminal work on

multicollisions, the security of the sum of two hash functions has been

much less studied.

The XOR combiner is well known as a good PRF and MAC combiner, and is

used in practice in TLS versions 1.0 and 1.1. In a hash function

setting, Hoch and Shamir have shown that if the compression functions

are modeled as random oracles, or even weak random oracles (i.e. they

can easily be inverted -- in particular H1 and H2 offer no security),

H1+H2 is indifferentiable from a random oracle up to the birthday bound.

In this work, we focus on the preimage resistance of the sum of two

narrow-pipe n-bit hash functions, following the Merkle-Damgård or HAIFA

structure (the internal state size and the output size are both n bits).

We show a rather surprising result: the sum of two such hash functions,

e.g. SHA-512+Whirlpool, can never provide n-bit security for preimage

resistance. More precisely, we present a generic preimage attack with a

complexity of O(2^5n/6). While it is already known that the XOR

combiner is not preserving for preimage resistance (i.e. there might be

some instantiations where the hash functions are secure but the sum is

not), our result is much stronger: for any narrow-pipe functions, the

sum is not preimage resistant.

Besides, we also provide concrete preimage attacks on the XOR combiner

(and the concatenation combiner) when one or both of the compression

functions are weak; this complements Hoch and Shamir\'s proof by showing

its tightness for preimage resistance.

Of independent interests, one of our main technical contributions is a

novel structure to control simultaneously the behavior of independent

hash computations which share the same input message. We hope that

breaking the pairwise relationship between their internal states will

have applications in related settings.



07:17 [Pub][ePrint] Factoring N=p^r q^s for Large r and s, by Jean-Sebastien Coron and Jean-Charles Faugere and Guenael Renault and Rina Zeitoun

  Boneh et al. showed at Crypto 99 that moduli of the form N=p^r q can be factored in polynomial time when r=log p. Their algorithm is based on Coppersmith\'s technique for finding small roots of polynomial equations. In this paper we show that N=p^r q^s can also be factored in polynomial time when r or s is at least (log p)^3; therefore we identify a new class of integers that can be efficiently factored. We also generalize our algorithm to moduli N with k prime factors; we show that a non-trivial factor of N can be extracted in polynomial-time if one of the k exponents is large enough.



07:17 [Pub][ePrint] Non-Interactive Zero-Knowledge Proofs of Non-Membership, by Olivier Blazy and Céline Chevalier and Damien Vergnaud

  Often, in privacy-sensitive cryptographic protocols, a party commits to a secret message m and later needs to prove that $m$ belongs to a language L or that m does not belong to L (but this party does not want to reveal any further information). We present a method to prove in a non-interactive way that a committed value does not belong to a given language L.

Our construction is generic and relies on the corresponding proof of membership to L. We present an efficient realization of our proof system by combining {smooth projective hash functions} and the Groth-Sahai proof system.

In 2009, Kiayias and Zhou introduced {zero-knowledge proofs with witness elimination} which enable to prove that a committed message $m$ belongs to a language L (with a witness w) in such a way that the verifier accepts the interaction only if w does not belong to a set determined by a public relation Q and some private input w\' of the verifier. We show that the protocol they proposed is flawed and that a dishonest prover can actually make a verifier accept a proof for any message m in L even if (w,w\') in Q. Using our non-interactive proof of non-membership of committed values, we are able to fix their protocol and improve its efficiency.

Our approach finds also efficient applications in other settings, e.g. in anonymous credential systems and privacy-preserving authenticated identification and key exchange protocols.



07:17 [Pub][ePrint] Oblivious Network RAM, by Dana Dachman-Soled and Chang Liu and Charalampos Papamanthou and Elaine Shi and Uzi Vishkin

  Oblivious RAM (ORAM) is a cryptographic primitive that allows a trusted CPU to securely

access untrusted memory, such that the access patterns reveal nothing about sensitive data.

ORAM is known to have broad applications in secure processor design and secure multi-party

computation for big data. Unfortunately, due to a well-known logarithmic lower bound by

Goldreich and Ostrovsky (Journal of the ACM, \'96), ORAM is bound to incur a moderate cost

in practice. In particular, with the latest developments in ORAM constructions, we are quickly

approaching this limit, and the room for performance improvement is small.

In this paper, we consider new models of computation in which the cost of obliviousness

can be fundamentally reduced in comparison with the standard ORAM model. We propose

the Oblivious Network RAM model of computation, where a CPU communicates with multiple

memory banks, such that the adversary observes only which bank the CPU is communicating

with, but not the address offset within each memory bank. In other words, obliviousness within

each bank comes for free--either because the architecture prevents a malicious party from ob-

serving the address accessed within a bank, or because another solution is employed to obfuscate

memory accesses within each bank--and hence we only need to obfuscate the communication

patterns between the CPU and the memory banks. We present several new constructions for

obliviously simulating general or parallel programs in the Network RAM model. We describe

applications of the Network RAM model in secure processor design and in distributed storage

applications with a network adversary.



02:22 [Event][New] WiSec 2015: The 8th ACM Conference on Security and Privacy in Wireless and Mobile Netwo

  Submission: 24 February 2015
Notification: 7 April 2015
From June 22 to June 26
Location: New York City, NY, USA
More Information: http://www.sigsac.org/wisec/WiSec2015/


00:40 [Event][New] School on Design and Security of Cryptographic Algorithms and Devices

  From October 18 to October 23
Location: Leuven, Belgium
More Information: https://www.cosic.esat.kuleuven.be/summer_school_sardinia_2015/index.html




2015-02-08
12:02 [Job][New] Postdoctoral Researcher Positions, New York University Abu Dhabi, Center for Interdisciplinary Studies in Security & Privacy (CRISSP)

  New York University Abu Dhabi established the Center for Interdisciplinary Studies in Security and Privacy (CRISSP-AD) in 2011 to meet the growing challenges that are faced in securing networked information technology systems that have become pervasive and address broader political, economic and policy issues that help understand and mitigate cyber risk. The goal of CRISSP-AD is to bring together a cadre of technologists and scientists who model integration of technical, legal, financial, and psychological aspects to develop secure, reliable, and practical solutions to meet the information security and privacy challenges in today’s interconnected world.

Currently CRISSP-AD has over half a dozen faculty and several researchers who are focusing on a variety of cutting edge research projects, and the center is seeking outstanding postdoctoral candidates to join our team to further support its research activities. The areas of expertise aimed at, but not limited to, are: cyber threat intelligence and network analytics; hardware and critical-infrastructure security; and user-centric security. Candidates must hold (or be close to completing) a Ph.D. in Computer Science, Electrical and Computer Engineering or quantitative social sciences. PhD holders with a strong publication record and hands-on skills are encouraged to apply.

New York University has established itself as a Global Network University, a multisite, organically connected network encompassing key global cities and idea capitals. The network has three foundational degree-granting campuses: New York, Abu Dhabi, and Shanghai, complemented by a network of over 15 research and study-away sites across five continents. Faculty and students will circulate within the network in pursuit of common research interests and cross-cultural, interdisciplinary endeavours, both local and global.





2015-02-07
05:58 [Job][New] Post-Doc, Newcastle University, UK

  Applications are invited for one post-doctoral Research Associate post to work on next-generation electronic voting and related topics, supported by the European Research Council Starting Grant. This is a five-year project from 2013 to 2017. The initial appointment will be two years with possible extension towards the end of 2017, subject to satisfactory performance and available funding.

The successful applicant will join a vibrant and growing security research team at Newcastle University and have the flexibility of working on a range of topics such as electronic voting, key exchange, NFC payment, BitCoin and so on. Our research work has been largely driven by tackling real-world security problems. Hence, an ideal candidate is one who has 1) a solid theoretical background; 2) good practical skills; 3) and a keen interest to work on real-world problems with aim for practical impact.

About us: Newcastle University is accredited as one of the eleven Academic Centres of Excellence in Cyber Security Research (ACEs-CSR) in the UK. In the latest 2014 Research Excellence Frame (REF) assessment, under the category of computer science, Newcastle University is ranked the first among the UK universities for its research impact.

How to apply: follow the online application link below. To help speed up the process, please also send your CV and a brief cover letter to feng.hao (at) ncl.ac.uk.



2015-02-04
12:18 [Event][New] ISCISC 2015: 12th International ISC Conference on Information Security and Cryptology

  Submission: 2 May 2015
Notification: 1 August 2015
From September 2 to September 3
Location: Rasht, Iran
More Information: http://iscisc2015.guilan.ac.ir


12:15 [Job][New] Postdoc Positions in Cloud-Computing and Storage Security, IBM Research - Zurich

  Postdoc Positions in Cloud-Computing and Storage Security

The cloud storage and cloud solutions security research teams at IBM Research - Zurich are looking for outstanding researchers to strengthen their activities covering security mechanisms for storage systems and cloud computing. Topics include cryptographic schemes addressing privacy and authenticity, software-defined storage systems, and distributed secure protocols.

The successful candidate will hold a PhD in computer science or a related field, with an excellent record of publications and other accomplishments in the field. A good understanding of cryptographic techniques and a strong background in storage systems, file systems, databases, distributed systems and operating systems is beneficial. Candidates must have a strong desire and proven ability to conduct research independently, invent new ideas, implement them in real systems, and publish the results of their work.

The highly motivated, creative individual will join a multi-disciplinary research team to design and implement advanced mechanisms for protecting cloud computing and storage systems.

IBM is committed to diversity at the workplace. With us, you will find an open, multicultural environment. Excellent, flexible working arrangements enable both women and men to strike the desired balance between their professional development and their personal lives.

Multiple positions are available with starting dates in 2015. For obtaining more information about the topic, please contact: Dr. Christian Cachin and mention \"Cloud security position\" in the subject line.

There is no specific closing date, even though the form here asks for a date.

To apply, please send your CV including contact information for two references by email to: cloudsec (at) zurich.ibm.com

IBM Research - Zurich

http://www.research.ibm.com/labs/zurich/



12:10 [Event][New] ACISP 2015: 20th Australasian Conference on Information Security and Privacy

  Submission: 20 February 2015
Notification: 6 April 2015
From June 30 to July 1
Location: Brisbane, Australia
More Information: http://acisp2015.qut.edu.au