Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:
To receive your credentials via mail again, please click here.
You can also access the full news archive.
probability distributions. We show that it can often be used as an alternative
to the statistical distance in security proofs for lattice-based
cryptography. Using the R\\\'enyi divergence is particularly suited
for security proofs of primitives in which the attacker is required
to solve a search problem (e.g., forging a signature). We show that
it may also be used in the case of distinguishing problems (e.g.,
semantic security of encryption schemes), when they enjoy a public
sampleability property. The techniques lead to security proofs for
schemes with smaller parameters, and sometimes to simpler security
proofs than the existing ones.
achieving full cipher security, based on applying an online cipher and reordering blocks.
Explicitly, we show that with just two calls to the online cipher, security up to the birthday bound is both attainable and maximal. Moreover, we demonstrate that three calls to the online cipher suffice to obtain beyond birthday bound security, and (for suitably long messages) arbitrarily strong security. As part of our investigation, we extend an observation by Rogaway and Zhang, highlighting the close relationship between online ciphers and tweakable blockciphers with variable-length tweaks.
We develop a new protocol concept that allows the device owner to detect if another party is using the device\'s long-term key. We achieve this by making it necessary for uses of the key to be inserted in an append-only log, which the device owner can interrogate. We propose a multi-device messaging protocol that exploits our concept to allow users to detect unauthorised usage of their device keys. We prove the main properties of our protocol using the Tamarin prover.
The methods we introduce are not intended to replace existing methods used to keep keys safe (such as hardware devices or careful procedures). Rather, our methods provide a useful and effective additional layer of security.
Applications are invited from researchers whose interests are related to, or complement, current strengths of the ISG. We are particularly interested in applicants who will be able to interact with our research groups in cryptography and systems security. However, applications from strong candidates working in other cyber security fields will also be given serious consideration.
Applicants should have a Ph.D. in a relevant subject or equivalent, be a self-motivated researcher, and have a strong publication record. Applicants should be able to demonstrate an enthusiasm for teaching and communicating with diverse audiences, as well as show an awareness of contemporary issues relating to cyber security.
This is a full time and permanent post, available from 1st September, 2015, or as soon as possible thereafter. This post is based in Egham, Surrey, where the College is situated in a beautiful, leafy campus near to Windsor Great Park and within commuting distance from London.
that will be computed by the bitcoin network. We build this protocol by witness encryption and encrypt with the bitcoin proof-of-work constraints. The novelty of our protocol is that the decryption key will be automatically and publicly available in the bitcoin block chain when the time is due.
Witness encryption was originally proposed by Garg, Gentry, Sahai and Waters. It provides a means to encrypt to an instance, $x$, of an NP language and to decrypt by a witness $w$ that $x$ is in the language.
Encoding CNF-SAT in the existing witness encryption schemes generate poly(n*k) group elements in the ciphertext where n is the number of variables and k is the number of clauses of the CNF formula.
We design a new witness encryption for CNF-SAT which achieves ciphertext size of 2n+2k group elements. Our witness encryption is based on an intuitive reduction from SAT to Subset-Sum problem. Our scheme uses the framework of multilinear maps, but it is independent of the implementation details of multilinear maps.
The feasibility of the scheme is supported by implementation results.
Additionally, the techniques introduced in this work might be of independent interest: a new verifiable encryption protocol for the randomized McEliece encryption and a new approach to design formal security reductions from the Syndrome Decoding problem.