International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2015-05-13
12:17 [Pub][ePrint] A comprehensive and lightweight security architecture to secure the IoT throughout the lifecycle of a device based on HIMMO, by Oscar Garcia-Morchon and Ronald Rietman and Sahil Sharma and Ludo Tolhui

  Smart objects are devices with computational and communication capabilities connected to the Internet forming the so called Internet of Things (IoT). The IoT enables many applications, for instance outdoor lighting control, smart energy and water management, or environmental sensing in a smart city environment. Security in such scenarios remains an open challenge due to the resource-constrained nature of devices and networks or the multiple ways in which opponents can attack the system during the lifecycle of a smart object.This paper firstly reviews security and operational goals in an IoT scenario inspired in a smart city environment. Then, we present a comprehensive and lightweight security architecture to secure the IoT throughout the lifecycle of a device. Our solution relies on the lightweight HIMMO scheme as the building stone and shows how HIMMO is not only efficient resource-wise, but that it enables advanced IoT protocols and deployments. Our design and analysis show that our HIMMO-based security architecture can be easily integrated in existing communication protocols such as IEEE 802.15.4 or OMA LWM2M providing a number of advantages that existing solutions cannot provide both performance and operation-wise.



12:17 [Pub][ePrint] Secure Deduplication of Encrypted Data without Additional Independent Servers, by Jian Liu and N. Asokan and Benny Pinkas

  Encrypting data at client-side before uploading it to a cloud storage service is essential for protecting users\' privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication has been an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption {\\em without requiring any additional independent servers}. Interestingly, the scheme is based on using a PAKE (password

authenticated key exchange) protocol. We

%prove the security of our scheme in the malicious model and

demonstrate that {\\em our scheme provides better security guarantees than previous efforts}.

We examine both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and a proof-of-concept implementation.



12:17 [Pub][ePrint] Collateral damage of Facebook Apps: an enhanced privacy scoring model, by Iraklis Symeonids, Filipe Beato, Pagona Tsormpatzoudi, Bart Preneel

  Establishing friendship relationships on Facebook often entails information sharing which is based on the social trust and implicit contract between users and their friends. In this context, Facebook offers applications (Apps) developed by third party application providers (AppPs), which may grant access to users\' personal data via Apps installed by their friends. Such access takes place outside the circle of social trust with the user not being aware whether a friend has installed an App collecting her data. In some cases, one or more AppPs may cluster several Apps and thus gain access to a collection of personal data. As a consequence privacy risks emerge. Previous research has mentioned the need to quantify privacy risks on Online Social Networks (OSNs). Nevertheless, most of the existing works do not focus on the personal data disclosure via Apps. Moreover, the problem of personal data clustering from AppPs has not been studied. In this work we perform a general analysis of the privacy threats stemming from the personal data requested by Apps installed by the user\'s friends from a technical and legal point of view. In order to assist users, we propose a model and a privacy scoring formula to calculate the amount of personal data that may be exposed to AppPs. Moreover, we propose algorithms that based on clustering, computes the visibility of each personal data to the AppPs.



09:17 [Pub][ePrint] Masks will Fall Off -- Higher-Order Optimal Distinguishers, by Nicolas Bruneau and Sylvain Guilley and Annelie Heuser and Olivier Rioul

  Higher-order side-channel attacks are able to break the security of cryptographic implementations even if they are protected with masking countermeasures.

In this paper, we derive the best possible distinguishers

(High-Order Optimal Distinguishers or HOOD)

against masking schemes under the assumption that the attacker can profile.

Our exact derivation admits simple approximate expressions for high and low noise and shows to which extent the optimal distinguishers reduce to known attacks in the case where no profiling is possible.

From these results, we can explain theoretically the empirical outcome of recent works on second-order distinguishers.

In addition, we extend our analysis to any order and to the application to masked tables precomputation.

Our results give some insight on which distinguishers have to be considered in the security analysis of cryptographic devices.



09:17 [Pub][ePrint] An Optimization of Gu Map-1, by Yupu Hu and Huiwen Jia

  As a modified version of GGH map, Gu map-1 was successful in constructing multi-party key exchange (MPKE). In this short paper we present a result about the parameter setting of Gu map-1, therefore we can reduce a key parameter $\\tau$ from original $O(n^{2})$ down to $O(\\lambda n)$ (in theoretically secure case, where $\\lambda$ is the security parameter), and even down to $O(2n)$ (in computationally secure case). Such optimization greatly reduces the size of the map.



00:17 [Pub][ePrint] On Constructions of a Sort of MDS Block Diffusion Matrices for Block Ciphers and Hash Functions, by Ruoxin Zhao and Rui Zhang and Yongqiang Li and Baofeng Wu

  Many modern block ciphers use maximum distance separate

(MDS) matrices as their diffusion layers. In this paper, we propose

a new method to verify a sort of MDS diffusion block matrices whose

blocks are all polynomials in a certain primitive block over the

finite field $\\mathbb F_2$. And then we discover a new kind of

transformations that can retain MDS property of diffusion matrices

and generate a series of new MDS matrices from a given one.

Moreover, we get an equivalence relation from this kind of

transformation. And MDS property is an invariant with respect to

this equivalence relation which can greatly reduce the amount of

computation when we search for MDS matrices. The minimal polynomials

of matrices play an important role in our strategy. To avoid being

too theoretical, we list a series of MDS diffusion matrices obtained

from our method for some specific parameters. Furthermore, we

talk about MDS recursive diffusion layers with our method and extend

the corresponding work of M. Sajadieh et al. published on FSE 2012

and the work of S. Wu published on SAC 2012.



00:17 [Pub][ePrint] Adaptively Secure Computation with Partial Erasures, by Carmit Hazay and Yehuda Lindell and Arpita Patra

  Adaptive security is a strong corruption model that captures ``hacking\'\' attacks where an external attacker breaks into parties\' machines in the midst of a protocol execution. There are two types of adaptively-secure protocols: adaptive with erasures and adaptive without erasures. Achieving adaptivity without erasures is preferable, since secure erasures are not always trivial. However, it seems far harder.

We introduce a new model of adaptive security called adaptive security with partial erasures that allows erasures, but only assumes them in a minimal sense. Specifically, if all parties are corrupted then security holds as long as any single party successfully erases. In addition, security holds if any proper subset of the parties is corrupted without erasures.

We initiate a theoretical study of this new notion and demonstrate that secure computation in this setting is as efficient as static secure computation. In addition, we study the relations between semi-adaptive security~\\cite{GarayWZ09}, adaptive security with partial erasures, and adaptive security without any erasures. We prove that the existence of semi-adaptive OT implies secure computation in all these settings.



00:17 [Pub][ePrint] On the Systematic Constructions of Rotation Symmetric Bent Functions with Any Possible Algebraic Degrees, by Sihong Su and Xiaohu Tang

  In the literature, few constructions of $n$-variable rotation

symmetric bent functions have been presented, which either have

restriction on $n$ or have algebraic degree no more than $4$. In

this paper, for any even integer $n=2m\\ge2$, a first systemic

construction of $n$-variable rotation symmetric bent functions, with

any possible algebraic degrees ranging from $2$ to $m$, is proposed.





2015-05-12
14:00 [News] A survey on the Helios e-voting system

  Dear IACR Member,

We are conducting a study on the verifiability aspects of e-voting and specifically the verifiability features of Helios, the system used in IACR elections. It will only take a couple of seconds to complete the survey.

https://www.surveymonkey.com/s/3C7YCGL

The results and analysis of the survey will be made available to the community. The study is conducted by the U. of Athens Crypto.Sec group http://crypto.di.uoa.gr No personal information of any form is collected in this study.

IACR webmaster




2015-05-11
17:24 [Conf][TCC] TCC 2016 CFP released

  The Thirteen Theory of Cryptography Conference will be held in Tel-Aviv, Israel, sponsored by the International Association for Cryptologic Research (IACR). Papers presenting original research on foundational and theoretical aspects of cryptography are sought.
  • Submission Deadline: 5:00 pm EDT July 13, 2015
  • Notification of Decision: October 2nd, 2015
  • Proceedings Version Due: October 26, 2015 (2PM EDT)
  • Conference: January 10-13, 2016
More details: http://www.cs.tau.ac.il/conferences/tcc2016/call_for_papers.html


17:15 [Job][New] Professor in Cyber Security / Cyber Crime, Newcastle University, UK

  The School of Computing Science at Newcastle University has been awarded the status of Centre of Excellence in Cyber Security Research by GCHQ/EPSRC and is investing significantly in its research in cyber security and cybercrime. A lectureship position is associated with this professorial post and once a Professor has been appointed, we will work with them to appoint a lecturer in the field.

The research in cyber security in Newcastle has recently received significant research grants and has particular strengths in interdisciplinary and crime research. To continue building these research strengths, we are looking for an outstanding computer scientist with an excellent track record of research leadership in an area related to cyber security and cybercrime. This includes, computer security, computer and cyber forensics, cybercrime and human factors of security and privacy.

The School of Computing Science at Newcastle University is one of the strongest computer science Schools in the UK and in the 2014 REF was ranked 1st in the UK for the economic and social impact of its research. With an exciting, £58m development new building in Science Central and two centres for doctoral training, providing one hundred PhD students in the coming five years, including topics relevant to security, this is a great time to join the School.