*19:17* [Pub][ePrint]
Multi-Client Non-Interactive Verifiable Computation, by Seung Geol Choi and Jonathan Katz and Ranjit Kumaresan and Carlos Cid
Gennaro et al.\\ (Crypto 2010) introduced the notion of \\emph{non-interactive verifiable computation}, which allows a computationally weak client to outsource the computation of a function $f$ on a series of inputs $x^{(1)}, \\ldots$ to a morepowerful but untrusted server. Following a pre-processing phase (that is carried out only once), the client sends some representation of its current input $x^{(i)}$ to the server; the server returns an answer that allows the client to recover the correct result $f(x^{(i)})$, accompanied by a proof of correctness that ensures the client does not accept an incorrect result. The crucial property is that the work done by the client in preparing its input and verifying the server\'s proof is less than the time required for the client to compute~$f$ on its own.

We extend this notion to the \\emph{multi-client} setting, where $n$ computationally weak clients wish to outsource to an untrusted server the computation of a function $f$ over a series of {\\em joint} inputs $(x_1^{(1)}, \\ldots, x_{\\clients}^{(1)}), \\ldots$ without interacting with each other. We present a construction for this setting by combining the scheme of Gennaro et al.\\ with a primitive called proxy oblivious transfer.

*19:17* [Pub][ePrint]
Memory-saving computation of the pairing final exponentiation on BN curves, by Sylvain DUQUESNE and Loubna GHAMMAM
In this paper, we describe and improve efficient methods for computingthe hard part of the final exponentiation of pairings on Barreto-Naehrig

curves.

Thanks to the variants of pairings which decrease the length of the Miller

loop, the final exponentiation has become a significant component of the

overall calculation. Here we exploit the structure of BN curves to improve

this computation.

We will first present the most famous methods in the literature that en-

sure the computing of the hard part of the final exponentiation. We are

particularly interested in the memory resources necessary for the implementation of these methods. Indeed, this is an important constraint in

restricted environments.

More precisely, we are studying Devegili et al. method, Scott et al. addition chain method and Fuentes et al. method. After recalling these methods and their complexities, we determine the number of required registers

to compute the final result, because this is not always given in the literature. Then, we will present new versions of these methods which require

less memory resources (up to 37%). Moreover, some of these variants are

providing algorithms which are also more efficient than the original ones.

*19:17* [Pub][ePrint]
Zero-knowledge Argument for Polynomial Evaluation with Application to Blacklists, by Stephanie Bayer and Jens Groth
Verification of a polynomial\'s evaluation in a secret committed value plays a role in cryptographic applications such as non-membership or membership proofs. We construct a novel special honest verifier zero-knowledge argument for correct polynomial evaluation. The argument has logarithmic communication cost in the degree of the polynomial, which is a significant improvement over the state of the art with cubic root complexity at best. The argument is relatively efficient to generate and very fast to verify compared to previous work. The argument has a simple public-coin 3-move structure and only relies on the discrete logarithm assumption. The polynomial evaluation argument can be used as a building block to construct zero-knowledge membership and non-membership arguments with communication that is logarithmic in the size of the blacklist. Non-membership proofs can be used to design anonymous blacklisting schemes allowing online services to block misbehaving users without learning the identity of the user. They also allow the blocking of single users of anonymization networks without blocking the whole

network.

*19:17* [Pub][ePrint]
SCA Resistance Analysis of Sponge based MAC-PHOTON, by N. Nalla Anandakumar
PHOTON is a lightweight hash function which was proposedby Guo et al. in CRYPTO 2011 for low-resource ubiquitous computing

devices such as RFID tags, wireless sensor nodes and smart cards. In

this paper, we analyze Side-Channel Attack (SCA) resistance of FPGA

(Field-Programmable Gate Array) implementations of the PHOTON, when

it is used with a secret key to generate a Message Authentication Code (MAC). First, we describe three architectures of the MAC-PHOTON based on the concepts of iterative, folding and unrolling, and we provide their performance results on the Xilinx Virtex-5 FPGAs. Second, we analysed security of the MAC-PHOTON against side-channel attack using a SASEBOGII development board.