International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

21:17 [Pub][ePrint] A Secure Oblivious Transfer Protocol from Indistinguishing Obfuscation, by Mei Wang, Zheng Yuan,Xiao Feng

  We proposed a new secure oblivious transfer protocol from indistinguishability obfuscation in this paper. Our main technical tool

is the candidate indistinguishability obfuscation introduced in [1] and

a dual-mode cryptosystem proposed in [2]. Following their steps, we

presents a new k-out-of-l oblivious transfer protocol, its realization from

DDH is described in this paper, in which we combined indistinguishability obfuscation with the dual-mode cryptosystem. The security of our

scheme mainly relies on the indistinguishability of the obf-branches ( corresponding to the two modes in dual-mode model). Our paper explores

a new way for the application of indistinguishability obfuscation.

21:17 [Pub][ePrint] Combined Side-Channel and Fault Analysis Attack on Protected Grain Family of Stream Ciphers, by Abhishek Chakraborty and Bodhisatwa Mazumdar and Debdeep Mukhopadhay

  In this paper, we first demonstrate a new Differential Power Analysis (DPA) attack technique against the Grain family of stream ciphers (Grain v1 and Grain-128) by resynchronizing the cipher multiple times with the same value of the secret \\emph{key} and randomly generated different initialization vectors (IVs). Subsequently, we develop a combined side channel and fault analysis attack strategy targeting various fault attack countermeasures for the Grain cipher family.

We considered clock glitch induced faults occurring in practice for a hardware implementation of the cipher to devise our novel attack technique. Our proposed combined attack strategy works well even if the \\emph{useful} ciphertexts are not available to the adversary.

Further, the power trace classifications of a Grain cipher implementation on SASEBO G-II standard side channel evaluation board is shown in order to validate our proposed attack against the cipher.

The captured power traces were analyzed using Least Squares Support Vector Machine (LS-SVM) learning algorithm based multiclass classifiers to classify the power traces into the respective

Hamming distance (HD) classes. To extract power samples with high information about HD classes, Signal-to-noise ratio (SNR) metric

was chosen for feature selection. The experimental results of power trace classifications of test set showed a high success rate of $98\\%$ when the five largest SNR sample instants over a clock cycle were chosen as features. Our proposed attack strategy can also be extended to other stream cipher designs based on Fibonacci

configured shift registers.

21:17 [Pub][ePrint] Complementary Dual Codes for Counter-measures to Side-Channel Attacks, by Claude Carlet and Sylvain Guilley

  We recall why linear codes with complementary duals (LCD codes) play a role in counter-measures to passive and active side-channel analyses on embedded cryptosystems. The rate and the minimum distance of such LCD codes must be as large as possible. We investigate primary constructions of such codes, in particular with cyclic codes, specifically with generalized residue codes, and we study their idempotents. We study those secondary constructions which preserve the LCD property, and we characterize conditions under which codes obtained by puncturing, shortening or extending codes, or obtained by the Plotkin sum, can be LCD.

21:17 [Pub][ePrint] Structure-Preserving Signatures from Standard Assumptions, Revisited, by Eike Kiltz and Jiaxin Pan and Hoeteck Wee

  Structure-preserving signatures (SPS) are pairing-based signatures

where all the messages, signatures and public keys are group elements, with

numerous applications in public-key cryptography. We present new,

simple and improved SPS constructions under standard assumptions via a

conceptually different approach. Our constructions significantly

narrow the gap between existing constructions from standard assumptions

and optimal schemes in the generic group model.

21:17 [Pub][ePrint] Computing Elliptic Curve Discrete Logarithms with Improved Baby-step Giant-step Algorithm, by Steven D. Galbraith and Ping Wang and Fangguo Zhang

  The negation map can be used to speed up the computation of elliptic curve discrete logarithms using either the baby-step-giant-step algorithm (BSGS) or Pollard rho. Montgomery\'s simultaneous modular inversion can also be used to speed up Pollard rho when running many walks in parallel. We generalize these ideas and exploit the fact that for any two elliptic curve points $X$ and $Y$, we can efficiently get $X-Y$ when we compute $X+Y$. We apply these ideas to speed up the baby-step-giant-step algorithm. Compared to the previous methods, the new methods can achieve a significant speedup for computing elliptic curve discrete logarithms.

Another contribution of our paper is to give an analysis of the average-case running time of Bernstein and Lange\'s ``grumpy giants and a baby\'\' algorithm, and also to consider this algorithm in the case of groups with efficient inversion.

Our conclusion is that, in the fully-optimised context, both the interleaved BSGS and grumpy-giants algorithms have superior average-case running time compared with Pollard rho.

21:17 [Pub][ePrint] Constructing Efficient PAKE Protocols from Identity-Based KEM/DEM, by Kyu Young Choi, Jihoon Cho, Jung Yeon Hwang, and Taekyoung Kwon

  In this paper, we propose an efficient identity-based password authenticated key exchange (IBPAKE) protocol using identity-based KEM/DEM. In IBPAKE, a client conducts authentication based on a human-memorable password and a server\'s identity. A distinctive feature of IBPAKE protocols, compared to the well-known EKE-type PAKE protocols, is that an adversary who even acquired a user\'s password cannot impersonate a server to further investigate user\'s sensitive information. We first construct the new IBPAKE protocol using the Boneh-Franklin Identity-based encryption (IBE) scheme, and then generalize the protocol by presenting a generic method to yield an efficient IBPAKE protocol from identity-based KEM/DEM. Our fine-grained approach has concrete advantages in terms of performance. First, unnecessary parameters can be removed easily. This allows a straightforward improvement on computational cost and communication bandwidth. In addition, using the essential feature of identity-based KEM/DEM, we can construct an IBPAKE protocol which runs in a single pass. Our protocol gives better performance, compared to prior known IBPAKE protocols.

21:17 [Pub][ePrint] Netcoin - A Traceable P2P Electronic Cash System, by Hitesh Tewari and Eamon O Nuallain

  This paper introduces a new P2P Electronic Cash system called Netcoin. The purpose of Netcoin is to facilitate inexpensive peer-to-peer monetary transactions on the Web. Its salient features are that it is a traceable system with an efficient mechanism for verifying transactions. Netcoins are reusable and can be easily passed from one user to another. The issuing of virtual currency and verification of transactions are performed by trusted mints, which act as the gateway between the fiat and virtual currency worlds. There is no need to maintain a public ledger, which would inhibit use on a global scale because of rapidly increasing memory and bandwidth requirements. The system is neither inflationary nor deflationary in nature and does not purport a new economic model. As a fiat-backed currency it should not suffer the volatility issues associated with Bitcoin. In this paper the two most prominent electronic payment systems of the last forty years, namely Ecash and Bitcoin, are examined. Netcoin is then introduced in detail and is designed to address the shortcomings of these payment systems.

21:17 [Pub][ePrint] Fully Secure Functional Encryption for Inner Products, from Standard Assumptions, by Benoit Libert and Damien Stehle

  Functional encryption is a modern public-key paradigm where a master private key can be used to derive sub-keys $SK_F$ associated with certain functions $F$ in such a way that the decryption operation reveals $F(M)$, if $M$ is the encrypted message, and nothing else. Recently, Abdalla {\\it et al.} gave simple and efficient realizations of the primitive for the computation of linear functions on encrypted data: given an encryption of a vector $\\vec{y} \\in \\Z_q^\\ell$, a private key $SK_{\\vec{x}}$ for the vector $\\vec{x} \\in \\Z_q^\\ell$ allows computing $\\langle \\vec{x} ,\\vec{y} \\rangle$. Their technique surprisingly allows for instantiations under standard assumptions, like the hardness of the Decision Diffie-Hellman ($\\DDH$) and Learning-with-Errors ($\\LWE$) problems. Their constructions, however, are only proved secure against {\\it selective} adversaries, which have to declare the challenge messages $M_0$ and $M_1$ at the outset of the game. In this paper, we provide constructions that provably achieve security against more realistic {\\it adaptive} attacks (where the messages $M_0$ and $M_1$ may be chosen in the challenge phase, based on the previously collected information) for the same inner product functionality. Our constructions are obtained from hash proof systems endowed with homomorphic properties over the key space. They are as efficient as those of Abdalla {\\it et al.} and rely on the same assumptions. As a result of independent interest, we prove the security of our $\\LWE$-based system via a new result on the hardness of the extended $\\LWE$ problem, where the distinguisher receives hints about the noise distribution.

21:17 [Pub][ePrint] Experimental Study of DIGIPASS GO3 and the Security of Authentication, by Igor Semaev

  Based on the analysis of $6$-digit one-time passwords(OTP) generated by DIGIPASS GO3 we were able to reconstruct the synchronisation system of the token, the OTP generating algorithm and the verification protocol in details essential for an attack. The OTPs are more predictable than expected. A forgery attack is described. We argue the attack success probability is $8^{-5}$. That is much higher than $10^{-6}$ which may be expected if all the digits are independent and uniformly distributed. Under natural assumptions even in a relatively small bank or company with $10^4$ customers the number of compromised accounts during a year may be more than $100$.

21:17 [Pub][ePrint] McBits: fast constant-time code-based cryptography, by Daniel J. Bernstein and Tung Chou and Peter Schwabe

  This paper presents extremely fast algorithms for code-based

public-key cryptography, including full protection against timing attacks. For example, at a 2^128 security level, this paper achieves a reciprocal decryption throughput of just 60493 cycles (plus cipher cost etc.) on a single Ivy Bridge core. These algorithms rely on an additive FFT for fast root computation, a transposed additive FFT for fast syndrome computation, and a sorting network to avoid cache-timing attacks.

21:17 [Pub][ePrint] A Unified Security Analysis of Two-phase Key Exchange Protocols in TPM 2.0, by Shijun Zhao and Qianying Zhang

  The Trusted Platform Module (TPM) version 2.0 provides an authenticated key exchange functionality by a single key exchange primitive, which can be called to implement three key exchange protocols (denoted as two-phase key exchange protocols in TPM 2.0): the Full Unified Model, the MQV, and the SM2 key exchange protocols. However, some vulnerabilities have been found in all of these protocols. Fortunately, it seems that protections provided by the TPM can deal with vulnerabilities of these protocols. This paper investigates whether the TPM key exchange primitive provides a secure key exchange functionality under protections of the TPM. We first perform an informal analysis of the TPM key exchange primitive which helps us to model in a precise way. Then we formally analyze the TPM key exchange primitive in a security model for AKE, based on which all the protocols adopted by TPM 2.0 can be analyzed in a unified way. Our analysis indicates under what conditions the TPM 2.0 can provide a provable secure key exchange functionality. In the end, we give suggestions on how to leverage the TPM key exchange primitive properly, and suggestions on how to improve the security of current TPM key exchange primitive to enable its wide use in practice.