International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2015-06-22
03:55 [News] Open Letter to the Hon'ble President of India

 

Open Letter to the Hon'ble President of India

The International Association of Cryptologic Research (IACR) is dismayed by reports of Professor Bimal Roy being dismissed in all but name as Director of the Indian Statistical Institute in Kolkata. Professor Roy has been a driving force in advancing the important field of cryptology in India, elevating its visibility to international level. Cryptology is a prime application of statistical and probabilistic methods.

The IACR confirms that Professor Roy deserves great recognition for his service to India and to the field of cryptology. He devoted his career to strengthening India's standing in this timely, fast advancing field. Removing him from this position one month before the appointment expires is an act that has put India in a shameful and awkward position in front of the international community of cryptology research and of mathematics in general.

The International Association of Cryptologic Research
June 21, 2015





2015-06-21
18:17 [Pub][ePrint] How to Securely Prolong the Computational Bindingness of Pedersen Commitments, by Denise Demirel and Jean Lancrenon

  Pedersen commitments are important cryptographic primitives.

They allow a prover to commit to a certain value without revealing

any information about it and without the prover being able to change its mind later on. Since the first property holds unconditionally this is an essential primitive for many schemes providing long-term confidentiality. However, the second property only holds computationally. Hence, in the long run bindingness is lost, making the primitive improper for long-lived systems. Thus in this paper, we describe a protocol that, in a sense, prolongs the bindingness of a given Pedersen commitment. More precisely, we demonstrate how to prove in perfect zero-knowledge that a new Pedersen commitment - generated with a larger security parameter - and a corresponding old commitment both commit to the same value. We stress that this is a non-trivial procedure. Up until now the only known perfect zero-knowledge proof techniques for proving message equivalence of two commitments work when both commitments use isomorphic message spaces. However, as we will show in this work, to prolong the security of Pedersen commitments we cannot tolerate this restriction. Our prolonging technique works for non-isomorphic message spaces, is efficient, can be repeated an arbitrary number of times, maintains

unconditional confidentiality, and allows to preserve the format of

the Pedersen commitments. This makes the construction presented here

an important contribution to long-lived systems. Finally, we illustrate this by discussing how commitments with prolongable bindingness can be used to allow for archiving solutions that provide not only integrity but also confidentiality in the long-term.



18:17 [Pub][ePrint] SIMON and SPECK: Block Ciphers for the Internet of Things, by Ray Beaulieu and Douglas Shors and Jason Smith and Stefan Treatman-Clark and Bryan Weeks and Louis Wingers

  The U.S. National Security Agency (NSA) developed the SIMON and SPECK families of lightweight block ciphers as an aid for securing applications in very constrained environments where AES may not be suitable. This paper summarizes the algorithms, their design rationale, along with current cryptanalysis and implementation results.



18:17 [Pub][ePrint] SCLPV: Secure Certificateless Public Verification for Cloud Storage in Cyber-physical-social System, by Yuan Zhang and Chunxiang Xu and Shui Yu and Hongwei Li and Xiaojun Zhang

  Cyber-physical-social system (CPSS) allows individuals to share personal information collected from not only cyberspace, but also physical space. This has resulted in generating numerous data at a user\'s local storage. However, it is very expensive for users to store large data sets, and it also causes problems in data management. Therefore, it is of critical importance to outsource the data to cloud servers, which provides users an easy, cost-effective and flexible way to manage data. Whereas, users lose control on their data once outsourcing their data to cloud servers, which poses challenges on integrity of outsourced data. Many mechanisms have been proposed to allow a third-party auditor to verify data integrity using the public keys of users. Most of these mechanisms bear a strong assumption: the auditors are honest and reliable, and thereby are vulnerability in the case that auditors are malicious. Moreover, in most of these approaches, an auditor needs to manage users certificates to choose the correct public keys for verification.

In this paper, we propose a secure certificateless public integrity verification scheme (SCLPV). The SCLPV scheme is the first work that simultaneously supports certificateless public verification and resistance against malicious auditors to verify the integrity of outsourced data in CPSS. A formal and strict security proof proves the correctness and security of our scheme. In addition, an elaborate performance analysis demonstrates that our scheme is efficient and practical. Compared with the best of the existing certificateless public verification scheme (CLPV), the SCLPV provides stronger security guarantees in terms of remedying the security vulnerability of the CLPV and resistance against malicious auditors. At the same time, in comparison with the best of integrity verification scheme achieving resistance against malicious auditors, the communication cost between the auditor and the cloud server in the SCLPV is independent of the size of the processed data, meanwhile, the auditor in the SCLPV does not need to manage certificates.



18:17 [Pub][ePrint] AN ENHANCED BIOMETRIC BASED REMOTE USER AUTHENTICATION SCHEME USING SMART CARD, by Trupil Limbasiya and Nishant Doshi

  In remote authentication scheme, a remote user can communicate with server over open networks even though the physical distance is much far. Before interaction, they require to establish common session key by authenticating each other. Recently in 2014, Kumari et al. proposed the efficient scheme for remote user authentication. However in this paper, we show that the Kumari et al.\'s scheme is vulnerably susceptible to the Insider Attack, Stolen Verifier Attack, Session Key Disclosure Attack, Password Guessing Attack, Modification Attack, User Impersonation Attack, Replay Attack, Shoulder Surfing Attack and Denial of Service Attack. Afterwards, we have proposed an improved remote user authentication scheme to deal with these attacks and other attacks.



18:17 [Pub][ePrint] An analysis of the $C$ class of bent functions, by Bimal Mandal and Pantelimon Stanica and Sugata Gangopadhyay and Enes Pasalic

  Two (so-called $C, D$) classes of permutation-based bent Boolean functions were introduced by Carlet two decades ago, but without specifying some explicit construction methods for their construction (apart from the subclass $D_0$). In this article, we look in more detail at the $C$ class, and derive some existence and nonexistence results concerning the bent functions in the $C$ class for many of the known classes of permutations over $\\mathbb F_{2^n}$. Most importantly, the existence results induce generic methods of constructing bent functions in class $C$ which possibly do not belong to the completed Maiorana-McFarland class. The question whether the specific permutations and related subspaces we identify in this article indeed give bent functions outside the completed Maiorana-McFarland class remains open.



18:17 [Pub][ePrint] Generating S-Box Multivariate Quadratic Equation Systems And Estimating Algebraic Attack Resistance Aided By SageMath, by A.-M. Leventi-Peetz and J.-V. Peetz

  Methods are presented to derive with the aid of the computer mathematics

software system SageMath the Multivariate Quadratic equation systems (MQ) for the input and output bit variables of a cryptographic S-box starting from its algebraic expressions. Motivation to this work were the results of recent articles which we have verified and extended in an original way, to our knowledge, not yet published elsewhere. At the same time we present results contrary to the published ones which cast serious doubts on the suitability of previously presented formulas, supposed to quantify the resistance of S-boxes against algebraic attacks.



18:17 [Pub][ePrint] TriviA: A Fast and Secure Authenticated Encryption Scheme, by Avik Chakraborti, Anupam Chattopadhyay, Muhammad Hassan, Mridul Nandi

  In this paper, we propose a new hardware friendly authen- ticated encryption (AE) scheme TriviA based on (i) a stream cipher for generating keys for the ciphertext and the tag, and (ii) a pairwise in- dependent hash to compute the tag. We have adopted one of the ISO- standardized stream ciphers for lightweight cryptography, namely Triv- ium, to obtain our underlying stream cipher. This new stream cipher has a state that is a little larger than the state of Trivium to accommodate a 128-bit secret key and IV. Our pairwise independent hash is also an adaptation of the EHC or \"Encode-Hash-Combine\" hash, that requires the optimum number of field multiplications and hence requires small hardware footprint. We have implemented the design in synthesizable RTL. Pre-layout synthesis, using 65 nm standard cell technology under typical operating conditions, reveals that TriviA is able to achieve a high throughput of 91.2 Gbps for an area of 24.4 KGE. We prove that our construction has at least 128-bit security for privacy and 124-bit security of authenticity under the assumption that the underlying stream cipher produces a pseudorandom bit stream.



18:17 [Pub][ePrint] How much randomness can be extracted from memoryless Shannon entropy sources?, by Maciej Skorski

  We revisit the classical problem: given a memoryless source having a certain amount of Shannon Entropy, how many random bits can be extracted? This question appears in works studying random number generators built from physical entropy sources.

Some authors use a heuristic estimate obtained from the Asymptotic Equipartition Property, which yields roughly $n$ extractable bits, where $n$ is the total Shannon entropy amount. However the best known precise form gives only $n-O(\\sqrt{\\log(1/\\epsilon) n})$, where $\\epsilon$ is the distance of the extracted bits from uniform. In this paper we show a matching $ n-\\Omega(\\sqrt{\\log(1/\\epsilon) n})$ upper bound. Therefore, the loss of $\\Theta(\\sqrt{\\log(1/\\epsilon) n})$ bits is necessary. As we show, this theoretical bound is of practical relevance. Namely, applying the imprecise AEP heuristic to a mobile phone accelerometer one might overestimate extractable entropy even by $100\\%$, no matter what the extractor is. Thus, the ``AEP extracting heuristic\'\' should not be used without taking the precise error into account.



18:17 [Pub][ePrint] Oblivion: Mitigating Privacy Leaks by Controlling the Discoverability of Online Information, by Milivoj Simeonovski and Fabian Bendun and Muhammad Rizwan Asghar and Michael Backes and Ninja Marnau and

  Search engines are the prevalently used tools to collect information about individuals on the Internet. Search results typically comprise a variety of sources that contain personal information --- either intentionally released by the person herself, or unintentionally leaked or published by third parties without being noticed, often with detrimental effects on the individual\'s privacy. To grant individuals the ability to regain control over their disseminated personal information, the European Court of Justice recently ruled that EU citizens have a right to be forgotten in the sense that indexing systems, such as Google, must offer them technical means to request removal of links from search results that point to sources violating their data protection rights. As of now, these technical means consist of a web form that requires a user to manually identify all relevant links herself upfront and to insert them into the web form, followed by a manual evaluation by employees of the indexing system to assess if the request to remove those links is eligible and lawful.

In this work, we propose a universal framework Oblivion to support

the automation of the right to be forgotten in a scalable,

provable and privacy-preserving manner. First, Oblivion enables a

user to automatically find and tag her disseminated personal

information using natural language processing (NLP) and image recognition techniques and

file a request in a privacy-preserving manner. Second, Oblivion

provides indexing systems with an automated and provable eligibility

mechanism, asserting that the author of a request is indeed affected

by an online resource. The automated eligibility proof ensures censorship-resistance so that only legitimately affected

individuals can request the removal of corresponding links from

search results. We have conducted comprehensive evaluations of Oblivion, showing that the framework is capable of handling 278 removal requests per second on a standard notebook (2.5 GHz dual core), and is hence suitable for large-scale deployment.



18:17 [Pub][ePrint] A Physical Approach for Stochastic Modeling of TERO-based TRNG, by Patrick HADDAD and Viktor FISCHER and Florent BERNARD and Jean NICOLAI

  Security in random number generation for cryptography is closely related to the entropy rate at the generator output. This rate has to be evaluated using an appropriate stochastic model. The stochastic model proposed in this paper is dedicated to the transition effect ring oscillator (TERO) based true random number generator (TRNG) proposed by Varchola and Drutarovsky in 2010. The advantage and originality of this model is that it is derived from a physical model based on a detailed study and on the precise electrical description of the noisy physical phenomena that contribute to the generation of random numbers. We compare the proposed electrical description with data generated in a 28 nm CMOS ASIC implementation. Our experimental results are in very good agreement with those obtained with both the physical model of TERO\'s noisy behavior and with the stochastic model of the TERO TRNG, which we also confirmed using the AIS 31 test suites.