International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2015-05-14
15:17 [Pub][ePrint] A HYBRID APPROACH FOR THE SECURE TRANSMISSION OF H.264/AVC VIDEO STREAMS, by Sheena Sathyan and Shaji R S Professor

  In order to keep privacy and to maintain security of a data; it was necessary to keep the data in hidden manner or in a crypt format. The proposed work describes the encryption and data hiding techniques for an H.264/ AVC video in a cloud environment. And it clearly specifies how the integrity of the data should be relevant enough in an unsecured and constrained communication medium. The proposed scheme is based on the stream cipher, RC4 encryption; while encrypting a data, it is necessary to transfer the encryption keys in a secure manner for that the public key cryptosystem is proposed for the efficient key transferring. It also explains about the data embedding via compound mapping method in order secure the original video content, and then generating the hash value for the embedded data which may contain the encrypted video content, in order to check the integrity of the data. And at the receiver end, the processes; the verification of the hash value, the decryption and extraction of the video content may be done in an efficient manner. The results may clearly shows the size of the video is strictly preserved even after the encryption and the embedding techniques.



15:17 [Pub][ePrint] Improved Integral Cryptanalysis of Feistel Structures, by Bing Sun and Xin Hai and Lei Cheng and Zhichao Yang and Wenyu Zhang

  Feistel structure is among the most popular choices for designing ciphers. Recently, 3-round/5-round integral distinguishers for Feistel structures with non-bijective/bijective round functions are presented. At EUCRYPT 2015, Todo proposed the Division Property to effectively construct integral distinguishers for both Feistel and SPN structures. In this paper, firstly, it is proved that if a subset X of F_2^n has the division property D_k^n, the number of elements in X is at least 2^k, based on which we can conclude that if a multi-set X has the division property D_n^n, it is in some sense equivalent to either F_2^n or the empty set. Secondly, let d be the algebraic degree of the round function F of a Feistel structure. If d\\le n-1, the corresponding integral distinguishers are improved as follows: there exists a 3-round integral distinguisher with at most 2^n chosen plaintexts and a 4-round integral distinguisher with at most 2^{2n-2} chosen plaintexts. These results can give new insights to both the division property and Feistel structures.



15:17 [Pub][ePrint] Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab, by Kevin Delmolino, Mitchell Arnett, Ahmed Kosba, Andrew Miller, and Elaine Shi

  This paper describes a smart contract programming lab conducted in our undergraduate security class at the University of Maryland. Through our experiences, we have gained various insights on why it is difficult to create a safe smart contract. This lab also led to new insights for cybersecurity education.



15:17 [Pub][ePrint] Cryptanalysis of the multilinear map on the ideal lattices, by Jung Hee Cheon and Changmin Lee

  We improve the zeroizing attack on the multilinear map of Garg, Gentry and Halevi (GGH). Our algorithm can solve the Graded Decisional Diffie-Hellman (GDDH) problem on the GGH scheme when the dimension n of the ideal lattice Z[X]/(X^n+1) is O(kappa lambda^2) as suggested for the kappa-linear GGH scheme.

The zeroizing attack is to recover a basis of an ideal generated by a secret element g in Z[X]/(X^n+1) from the zero testing parameter and several encodings in public.

It can solve the DLIN and subgroup decision problems, but not the GDDH problem on the GGH scheme for the suggested dimension n due to the hardness of the smallest basis problem and the shortest vector problem on the ideal lattice. In this paper, we propose an algorithm to find a short vector in the ideal lattice (g) by applying a lattice reduction to a sublattice obtained from the Hermit Normal Form of (g). This attack utilizes that the determinant of the lattice (g) is not large.

We further show that if (g) has a large residual degree, one can find a short element of (g) in polynomial time of n.

In order to resist the proposed attacks, it is required that n= Omega tilde(kappa^2 lambda^3) and the positive generator of (g) intersection with Z is large enough.



11:44 [Job][New] Research Associate in Information Assurance, University of Luxembourg

  The Applied Security and Information Assurance Research Group – APSIA – has around 20 members and is headed by Professor Peter Y.A. Ryan. APSIA specialises in the mathematical foundations of information assurance: the mathematical modelling and analysis of information flows, the design and analysis of cryptographic primitives and protocols (both classical and quantum), secure verifiable voting systems, and anonymous marking systems and game-theoretic analysis of non-interference and coercion-resistance. The group has expertise in both the symbolic (formal methods) and the computational (“provable security”) styles of analysis and is investigating the links and synergies between them.

Role: to contribute to the research goals of the group, as outlined above. Expertise outside those listed above, but complementary will also be considered.





2015-05-13
22:09 [Event][New] WEWoRC: 6th Western European Workshop on Research in Cryptology

  Submission: 3 June 2015
Notification: 17 June 2015
From October 1 to October 2
Location: Cottbus, Germany
More Information: http://2015.weworc.org


17:40 [Job][New] Post-Doc, Boston University, MIT, Northeastern, and UConn

  The Modular Approach to Cloud Security (MACS) is an NSF Frontier project that is building information systems with meaningful multi-layered security guarantees. It is a multi-institution research project with 13 PIs at four universities: Boston University, MIT, Northeastern, and the University of Connecticut.

The MACS team are looking for excellent postdoctoral fellows in the following areas:

  • Cryptography: theoretical and applied
  • Database security
  • Hardware security
  • High performance computing
  • Network security
  • Security modeling and analysis
  • Virtualization and operating system security

Preference will be given to candidates with expertise and interest in multiple areas. Fellows will work closely with multiple PIs on the MACS team and will be affiliated with all four host universities.

Candidates should send their CV, research statement, and list of references to macs-postdoc (at) cs.bu.edu

12:17 [Pub][ePrint] A comprehensive and lightweight security architecture to secure the IoT throughout the lifecycle of a device based on HIMMO, by Oscar Garcia-Morchon and Ronald Rietman and Sahil Sharma and Ludo Tolhui

  Smart objects are devices with computational and communication capabilities connected to the Internet forming the so called Internet of Things (IoT). The IoT enables many applications, for instance outdoor lighting control, smart energy and water management, or environmental sensing in a smart city environment. Security in such scenarios remains an open challenge due to the resource-constrained nature of devices and networks or the multiple ways in which opponents can attack the system during the lifecycle of a smart object.This paper firstly reviews security and operational goals in an IoT scenario inspired in a smart city environment. Then, we present a comprehensive and lightweight security architecture to secure the IoT throughout the lifecycle of a device. Our solution relies on the lightweight HIMMO scheme as the building stone and shows how HIMMO is not only efficient resource-wise, but that it enables advanced IoT protocols and deployments. Our design and analysis show that our HIMMO-based security architecture can be easily integrated in existing communication protocols such as IEEE 802.15.4 or OMA LWM2M providing a number of advantages that existing solutions cannot provide both performance and operation-wise.



12:17 [Pub][ePrint] Secure Deduplication of Encrypted Data without Additional Independent Servers, by Jian Liu and N. Asokan and Benny Pinkas

  Encrypting data at client-side before uploading it to a cloud storage service is essential for protecting users\' privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication has been an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption {\\em without requiring any additional independent servers}. Interestingly, the scheme is based on using a PAKE (password

authenticated key exchange) protocol. We

%prove the security of our scheme in the malicious model and

demonstrate that {\\em our scheme provides better security guarantees than previous efforts}.

We examine both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and a proof-of-concept implementation.



12:17 [Pub][ePrint] Collateral damage of Facebook Apps: an enhanced privacy scoring model, by Iraklis Symeonids, Filipe Beato, Pagona Tsormpatzoudi, Bart Preneel

  Establishing friendship relationships on Facebook often entails information sharing which is based on the social trust and implicit contract between users and their friends. In this context, Facebook offers applications (Apps) developed by third party application providers (AppPs), which may grant access to users\' personal data via Apps installed by their friends. Such access takes place outside the circle of social trust with the user not being aware whether a friend has installed an App collecting her data. In some cases, one or more AppPs may cluster several Apps and thus gain access to a collection of personal data. As a consequence privacy risks emerge. Previous research has mentioned the need to quantify privacy risks on Online Social Networks (OSNs). Nevertheless, most of the existing works do not focus on the personal data disclosure via Apps. Moreover, the problem of personal data clustering from AppPs has not been studied. In this work we perform a general analysis of the privacy threats stemming from the personal data requested by Apps installed by the user\'s friends from a technical and legal point of view. In order to assist users, we propose a model and a privacy scoring formula to calculate the amount of personal data that may be exposed to AppPs. Moreover, we propose algorithms that based on clustering, computes the visibility of each personal data to the AppPs.



09:17 [Pub][ePrint] Masks will Fall Off -- Higher-Order Optimal Distinguishers, by Nicolas Bruneau and Sylvain Guilley and Annelie Heuser and Olivier Rioul

  Higher-order side-channel attacks are able to break the security of cryptographic implementations even if they are protected with masking countermeasures.

In this paper, we derive the best possible distinguishers

(High-Order Optimal Distinguishers or HOOD)

against masking schemes under the assumption that the attacker can profile.

Our exact derivation admits simple approximate expressions for high and low noise and shows to which extent the optimal distinguishers reduce to known attacks in the case where no profiling is possible.

From these results, we can explain theoretically the empirical outcome of recent works on second-order distinguishers.

In addition, we extend our analysis to any order and to the application to masked tables precomputation.

Our results give some insight on which distinguishers have to be considered in the security analysis of cryptographic devices.