Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:
To receive your credentials via mail again, please click here.
You can also access the full news archive.
We show how to realize this strong notion of secure encryption by making the additional, very realistic assumption that intermediate results of an iterative, public, large-scale computation --- like the computations performed by users of the popular cryptocurrency Bitcoin --- are publicly available. We use these computations as a \"computational reference clock\", which mimics a physical clock in a computational setting, and show how the computations performed by the reference clock can be \"reused\" to build secure time-lock encryption. A nice feature of this approach is that it can be based on a public computation which is performed \"anyway\" and independent of the time-lock encryption scheme.
We provide the first formal definitions of computational reference clocks and time-lock encryption, and give a proof-of-concept construction which combines a computational reference clock with witness encryption (Garg et al., STOC 2013). We also explain how to construct a computational reference clock based on Bitcoins.
rect execution of multi-threaded applications inside of
Shadow, an existing parallel discrete-event network sim-
ulation framework. Our methodology utilizes function
interposition and an application-layer thread library to
emulate the ordinary thread interface to the application.
Using this methodology, we implement a new Shadow
plug-in that directly executes the Bitcoin reference client
software. We describe optimizations that enable scalable
execution of thousands of Bitcoin nodes on a single ma-
chine, and discuss how to model the Bitcoin network for
experimental purposes. Finally, we present novel denial-
of-service attacks against the Bitcoin software, which
exploit low-level implementation artifacts in the Bitcoin
reference client. We demonstrate these attacks using our
methodology, tools, and models.
Then, inspired by the Naor\'s transformation from IBE to signature schemes, we construct from FPFE a natural generalization of a signature scheme endowed with functional properties, that we call functional anonymous signature (FAS) scheme. In a FAS (that we show to be equivalent to quasi-siO and FPFE), Alice can sign a circuit C chosen from some distribution D to get a signature $\\sigma$ and can publish a verification key that allows anybody holding a message m to verify that (1) $\\sigma$ is a valid signature of Alice for some (possibly unknown to him) circuit C and (2) C(m) = 1. Beyond unforgeability the security of FAS guarantees that the signature hide as much information as possible about C except what can be inferred from knowledge of D.
As other application of FPFE, we show that it can be used to construct in a black-box way (without using obfuscation directly) FE for randomized functionalities (RFE). Previous constructions of (public-key) RFE relied on iO [Goyal et al. - TCC 2015]. Combining properties of RFE and FAS, we obtain what we call signed probabilistic programs, in which Bob can verify that a (possibly hidden to him) probabilistic program P was signed by Alice and run P on any input but can not maliciously choose its random coins. Furthermore, our constructions of FPFE and RFE naturally generalize to the multi-inputs setting. Finally, we present a general picture of the relations among all these related primitives. One of the key points that such implications draw is that Attribute-based Encryption with function privacy implies FE, a notable fact that sheds light on the importance and power of function privacy for FE.
hardware security primitives, provide a higher level security with lower power and area overhead in comparison with traditional cryptographic solutions. However, it has been demonstrated that PUFs are vulnerable to model building attacks, especially those using linear additive functions such as Arbiter PUF (APUF) and k-sum PUF as building units. Nevertheless, both APUFs and k-sum PUFs are highly desirable security primitives, especially for authentication, because they are capable of producing a huge number of challenge response pairs (CRPs) and can be easily integrated into silicon. In this paper, we actually rely on the
demonstrated vulnerability of PUFs to model building attacks as well as the relative ease with which this can be achieved to develop a new parameter-based authentication protocol based on obfuscating challenges sent to PUFs and their subsequent recovery. We show, using statistical analysis and model building attacks using published approaches, that constructing a model using machine learning techniques are infeasible when our proposed method is employed. Finally, we also demonstrate that our challenge obfuscation and recovery method can be successfully
used for secure key exchange between two parties.
The list of papers accepted to CRYPTO 2015 is now up:
random access machine (RAM) computation and a toolchain to allow the
efficient execution of general programs written in a subset of C that
allows RAM-model computation over integers. The machine only leaks the
list of possible instructions and the running time. Our work is based
on the oblivious array for secret-sharing-based multiparty computation
by Keller and Scholl (Asiacrypt `14). This means that we only incur a
polylogarithmic overhead over the execution on a normal CPU.
We implemented our construction using the clang compiler from the LLVM
project and the SPDZ protocol by Damgård et al. (Crypto `12). The
latter provides active security against a dishonest majority and works
in the preprocessing model. The online phase clock rate of the
resulting machine is 41 Hz for a memory size of 1024 64-bit integers
and 2.2 Hz for a memory of 2^20 integers. Both timings have been taken
for two parties in a local network.
To further showcase our toolchain, we implemented and benchmarked
private regular expression matching. Matching a string of length 1024
against a regular expression with 69270 transitions as a finite state
machine takes seven hours online time, of which more than six hours
are devoted to loading the reusable program.
A ciphertext in our scheme is a vector with its dimension specified as a security parameter of the encryption key. The dimension of ciphertexts does not change with homomorphic operations and all ciphertext elements are in a finite domain, so our scheme is compact. In addition, our scheme can directly encrypt big integers, rather than only bit messages.
We proved the hardness of recovering encryption keys from any number of ciphertexts with chosen plaintexts and then the semantic security of our scheme. The hardness of recovering keys from ciphertexts is based on the approximate greatest common divisors problem.
We implemented a prototype of our scheme and evaluated its concrete performance extensively from the aspects of encryption, decryption, homomorphic operations,
and bitwise operators over ciphertexts.
The efficiency of our scheme is confirmed by the evaluation result.
research on vector-parallel implementations of modular arithmetic, which are crucial components for modern public-key cryptography ranging from RSA, ElGamal, DSA and ECC, have been conducted.
In this paper, we introduce a novel Double Operand Scanning (DOS) method to speed-up multi-precision squaring with non-redundant representations on SIMD architecture.
The DOS technique partly doubles the operands and computes the squaring operation without Read-After-Write (RAW) dependencies between source and destination variables.
Furthermore, we presented Karatsuba Cascade Operand Scanning (KCOS) multiplication and Karatsuba Double Operand Scanning (KDOS) squaring by adopting additive and subtractive Karatsuba\'s methods, respectively.
The proposed multiplication and squaring methods are compatible with separated Montgomery algorithms and these are highly efficient for RSA crypto system.
Finally, our proposed multiplication/squaring, separated Montgomery multiplication/squaring and RSA encryption outperform the best-known results by 22/41\\%, 25/33\\% and 30\\% on the Cortex-A15 platform.