International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2015-05-28
21:17 [Pub][ePrint] Efficient Key Extraction from the Primary Side of a Switched-Mode Power Supply, by Sami Saab, Andrew Leiserson, and Michael Tunstall

  In this paper we detail techniques that can be used to analyze and attack an AES implementation on an FPGA from the primary (i.e., external) side of a switched-mode power supply. Our attack only requires measurements of the duty cycle of the power supply, and then increases the signal-to-noise ratio (SNR) though averaging, deconvolution and wavelet based detrending. The result is an exploitable source of leakage that allows a secret key to be determined from low-frequency power measurements. The techniques and procedures provide a general approach to performing differential power analysis (DPA) from a single point of information for any single hypothesized intermediate value, suggesting their potential for improving other types of side-channel analysis as well.



15:20 [Job][New] Three Post-Doc positions, SICS Swedish ICT

  The Security Lab at Swedish Institute of Computer Science (SICS) in Lund and Stockholm is looking for talent post doc researchers in computer and network security. The positions are for 18 months with a monthly salary of 35.000 SEK and the positions can be filled in either Lund or Stockholm. Starting dates are flexible but not later than October 1, 2015. The suitable candidates will work in our EU H2020 financed research projects devoted to 5G security with focus on identity and key management, SDN security as well as in security for Platform as a Service (PaaS) systems (See also the following project page: https://sites.google.com/site/paaswordeu/)

The security Lab at SICS was established in 2009. Since then it has grown from 1 to 12 people. The research is directed toward secure systems design in close co-operation with above leading Swedish companies in the IT and telecommunications businesses as well as Swedish universities such as Royal Institute of Technology in Stockholm and Lund University. The group is active in the areas of embedded systems security, cloud security, access control and communications security. The security lab at SICS consists for the moment of 6 senior researchers (PhD), 3 PhD students and 3 junior researchers with MSc degrees in computer science.

Applicants interested in the positions should provide the following information in pdf format with the application:

- Application letter

- CV

- Transcript of grades

- Publications list

- 3-5 selected full text publications



15:19 [Event][New] MyCRYPT2016: Int'l Conference on Cryptology & Malicious Security hosted in Malaysia

  Submission: 15 April 2016
Notification: 1 August 2016
From December 1 to December 2
Location: Kuala Lumpur, Malaysia
More Information: https://foe.mmu.edu.my/mycrypt2016/


03:03 [Event][New] MyCRYPT2016: International Conference on Cryptology & Malicious Security

  Submission: 15 April 2016
Notification: 1 August 2016
From December 1 to December 2
Location: Kuala Lumpur, Malaysia
More Information: https://foe.mmu.edu.my/mycrypt2016/




2015-05-27
22:31 [Job][Update] Intern Software Developer (Cryptography), CloudFlare Inc.

 

CloudFlare is looking for a cryptography intern!

CloudFlare is expanding its global footprint. In order to keep our network secure we are investing in technologies to improve the security of our key management infrastructure. We are looking for an ambitious intern to help kickstart one of our cryptographic projects.


Requirements:

  • Experience in the theory and implementation of standard cryptographic primitives (AES, RSA, ECC)

  • Extensive development experience in C and/or Go

  • A deep understanding of reverse engineering techniques

  • An unquenchable thirst for understanding and mitigating cryptographic attack vectors

  • Outside-the-box thinking and self-starter attitude


    Bonus requirements:

  • Experience with the cryptol programming language

  • Experience with LLVM or other compiler technology

  • Knowledge of the theory and implementation of white-box cryptography


    Internship length: 4-6 months.

    Sound like somewhere you’d thrive? If so, then we’d love to hear from you. Send us your resume and a short paragraph introducing yourself. Please include a brief description of how you solved a customer problem or enhanced a customer\\\'s understanding of a technical service.

    CloudFlare is a security company. All prospective employees will be subject to an extensive background check.

    CloudFlare is an equal opportunity employer and does not discriminate against any employee or applicant on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any classification protected by federal, state, or local law.

  • 21:17 [Pub][ePrint] The Tower Number Field Sieve, by Razvan Barbulescu and Pierrick Gaudry and Thorsten Kleinjung

      The security of pairing-based crypto-systems relies on the difficulty to compute discrete logarithms in finite fields GF(p^n) where n is a small integer larger than 1. The state-of-art algorithm is the number field sieve (NFS) together with its many variants. When p has a special form (SNFS), as in many pairings constructions, NFS has a faster variant due to Joux and Pierrot. We present a new NFS variant for SNFS computations, which is better for some cryptographically relevant cases, according to a precise comparison of norm sizes. The new algorithm is an adaptation of Schirokauer\'s variant of NFS based on tower extensions, for which we give a middlebrow presentation.



    21:17 [Pub][ePrint] Compositional Verification of Higher-Order Masking: Application to a Verifying Masking Compiler, by Gilles Barthe and Sonia Belaïd and François Dupressoir and Pierre-Alain Fouque and Benjamin Grégo

      The prevailing approach for building masked algorithms that can resist higher-order differential power analysis is to develop gadgets, that is, masked gates used as atomic blocks, that securely implement basic operations from the original algorithm, and then to compose these gadgets, introducing refresh operations at strategic places to guarantee that the complete circuit is protected. These compositional principles are embedded in so-called masking transformations, which are used as heuristics to achieve secure composition. Unfortunately, these transformations are seldom proved secure rigorously, and in fact, sometimes yield algorithms that are not secure against higher-order attacks. In this paper, we define a notion of strong simulatability that naturally supports compositional principles. Although this notion is stronger than the notion of simulatability (or perfect simulation) from previous works, we show that it is satisfied by several gadgets from the literature, including the mask refreshing gadget from Duc, Dziembowski and Faust (Eurocrypt 2014), the secure multiplication gadget from Rivain and Prouff (CHES 2010) and the secure multiplication gadget between dependent inputs from Coron et al. (FSE 2013). Then, we exploit a tight connection between strong simulatability and probabilistic information flow policies to define a (fine-grained, incremental) type system that checks (strong) simulatability of algorithms. We use the type system to validate a novel and automated transformation that outputs masked algorithms at arbitrary orders. Finally, we measure the performance of masked algorithms of AES, Keccak-f, Simon, and Speck generated by our transformation. The results are encouraging: for AES, masking at order 5, 20, and 100 respectively incur slowdowns of 100x, 750x, and x1500 w.r.t. the unmasked implementation given as input to our tool.



    21:17 [Pub][ePrint] Decomposing the ASASA Block Cipher Construction, by Itai Dinur and Orr Dunkelman and Thorsten Kranz and Gregor Leander

      We consider the problem of recovering the internal specification of a general SP-network consisting of three linear layers (A) interleaved with two Sbox layers (S) (denoted by ASASA for short), given only black-box access to the scheme. The decomposition of such general ASASA schemes was first considered at ASIACRYPT 2014 by Biryukov et al. which used the alleged difficulty of this problem to propose several concrete block cipher designs as candidates for white-box cryptography.

    In this paper, we present several attacks on general ASASA schemes that significantly outperform the analysis of Biryukov et al. As a result, we are able to break all the proposed concrete ASASA constructions with practical complexity. For example, we can decompose an ASASA structure that was supposed to provide $64$-bit security in roughly $2^{28}$ steps, and break the scheme that supposedly provides $128$-bit security in about $2^{41}$ time. Whenever possible, our findings are backed up with experimental verifications.



    21:17 [Pub][ePrint] Probabilistic Signature Based Framework for Differential Fault Analysis of Stream Ciphers, by Santanu Sarkar and Prakash Dey and Avishek Adhikari and Subhamoy Maitra

      Differential Fault Attack (DFA) has received serious attention in cryptographic literature and very recently

    such attacks have been mounted against several popular stream ciphers for example Grain v1, MICKEY 2.0

    and Trivium, that are parts of the eStream hardware profile. The basic idea of the fault attacks consider

    injection of faults and the most general set-up should consider faults at random location and random time.

    Then one should identify the exact location and the exact timing of the fault (as well as multi bit faults) with the help of fault signatures.

    In this paper we consider this most general set-up and solve the problem of fault attack under a general framework,

    where probabilistic signatures are exploited. Our ideas subsume all the existing DFAs against the Grain family,

    MICKEY 2.0 and Trivium. In the process we provide improved fault attacks for all the versions of Grain family and also

    for MICKEY 2.0 (the attacks against Trivium are already quite optimal and thus there is not much scope to improve).

    Our generalized method can also take care of the cases where certain parts of the keystream bits are missing

    for authentication purpose. In particular, we show that the unsolved problem of identifying the faults

    in random time for Grain 128a can be solved in this manner. Our techniques can easily be applied to mount fault

    attack on any stream cipher of similar kind.



    21:17 [Pub][ePrint] A flaw in a theorem about Schnorr signatures, by Daniel R. L. Brown

      An alleged theorem of Neven, Smart and Warinschi (NSW) about the

    security of Schnorr signatures seems to have a flaw described in

    this report.

    Schnorr signatures require representation of an element in a

    discrete logarithm group as a hashable bit string. This report

    describes a defective bit string representation of elliptic curve

    points. Schnorr signatures are insecure when used with this

    defective representation. Nevertheless, the defective

    representation meets all the conditions of the NSW theorem.

    Of course, a natural representation of an elliptic curve group

    element would not suffer from this major defect. So, the NSW

    theorem can probably be fixed.



    21:17 [Pub][ePrint] Equivoe-T: Transposition Equivocation Cryptography, by Gideon Samid

      Plaintext is mixed with AI-generated dis-information which binds the cryptanalyst to an irreducible set of mutually exclusive plausible plaintext candidates.

    As impractical as Vernam \"One Time Pad\" cipher has been, it\'s security strategy: equivocation is fundamentally superior to the prevailing strategy: intractability. Intractability erodes, equivocation endures. Alas, Vernam was an overkill. Equivocation works even if only a few plaintext candidates are left as an irreducible set, which is what Equivoe-T offers.

    The AI engine builds decoys off the plaintext such that each decoy has a counter-meaning, or at least an off-meaning per the guarded plaintext, while claiming at least threshold plausibility to \"pump\" entropy into the irreducible field of plaintext candidates.

    Equivoe-T uses a complete transposition algorithm that guarantees the existence of a key that matches any two arbitrarily selected permutations of the n transposed elements. Therefore every decoy qualifies as a plaintext. The transposed elements may be words, letters, a mix, or otherwise. n can be selected to add intractability to the built-in equivocation since the key space grows fast (|Ktransposition| = n!).