International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2015-07-02
16:39 [News] CRYPTO registration open, Journal of Cryptology delivery changes

 

Registration for CRYPTO 2015 is now open (https://www.iacr.org/conferences/crypto2015/registration.html), which makes it a good time to let you know about a few important updates.

Paper delivery of the Journal of Cryptology is now *opt-in*. If you would like to receive hard-copy JoC editions, you must update your membership info. You can update proactively via the membership info form (https://secure.iacr.org/membership/members/update.html) or when paying your membership dues for 2016 during conference registration. If you have already paid your membership dues for 2016 you can still opt in and pay at a later time.

We have made some changes in how IACR membership records are stored internally. As a result, there is a small chance you will be asked to reset your password when authenticating. You will need access to the email address of record associated with your membership. If you experience problems, please contact the membership secretary at database@iacr.org.



15:17 [Pub][ePrint] Strong Security of the Strongly Multiplicative Ramp Secret Sharing based on Algebraic Curves, by Ryutaroh Matsumoto

  We introduce a coding theoretic criterion for

Yamamoto\'s strong security

of the ramp secret sharing scheme.

After that, by using it, we show the strong security of

the strongly multiplicative

ramp secret sharing proposed by Chen et al. in 2008.



09:17 [Pub][ePrint] DAA-TZ: An Efficient DAA Scheme for Mobile Devices using ARM TrustZone, by Bo Yang and Kang Yang and Yu Qin and Zhenfeng Zhang and Dengguo Feng

  Direct Anonymous Attestation (DAA) has been studied for applying to mobile devices based on ARM TrustZone. However, current solutions bring in extra performance overheads and security risks when adapting existing DAA schemes originally designed for PC platform. In this paper, we propose a complete and efficient DAA scheme (DAA-TZ) specifically designed for mobile devices using TrustZone. By considering the application scenarios, DAA-TZ extends the interactive model of original DAA and provides anonymity for a device and its user against remote service providers. The proposed scheme requires only one-time switch of TrustZone for signing phase and elaborately takes pre-computation into account. Consequently, the frequent on-line signing just needs at most three exponentiations on elliptic curve. Moreover, we present the architecture for trusted mobile devices. The issues about key derivation and sensitive data management relying on a root of trust from SRAM Physical Unclonable Function (PUF) are discussed. We implement a prototype system and execute DAA-TZ using MNT and BN curves with different security levels. The comparison result and performance evaluation indicate that our scheme meets the demanding requirement of mobile users in respects of both security and efficiency.



09:17 [Pub][ePrint] An Efficient Multi-Message Multi-Receiver Signcryption Scheme with Forward Secrecy on Elliptic Curves, by Nizamud Din, Arif Iqbal Umar, Abdul Waheed, Noor Ul Amin

  Secure multicast communication has application in growing number of applications. Forward secrecy is of prime importance and insures message confidentiality even long-term private key compromised. We present an efficient construction of multi message multi receiver signcryption with forward secrecy on elliptic curves. It provides confidentiality, integrity, authenticity, non-repudiation, public verifiability, unforgeability and forward secrecy of multi message multicast. It is efficient in computation cost and communication overhead and suitable for resource constrained IP-based secure multi message multicast systems.



09:17 [Pub][ePrint] Cryptanalysis of a Markov Chain Based User Authentication Scheme, by Ruhul Amin and G.P. Biswas

  Session key agreement protocol using smart card is extremely popular in client-server environment for secure communication. Remote user authentication protocol plays a crucial role in our daily life such as e-banking, bill-pay, online games, e-recharge, wireless sensor network, medical system, ubiquitous devices etc. Recently, Djellali et al. proposed a session key agreement protocol using smart card for ubiquitous devices. The main focus of this paper is to analyze security pitfalls of smart card and password based user authentication scheme. We have carefully reviewed Djellali et al.\'s scheme and found that the same scheme suffers from several security weaknesses such as off-line password guessing attack, privileged insider attack. Moreover, we demonstrated that the Djellali et al.\'s scheme does not provide proper security protection on the secret key of the server and presents inefficient password change phase.



09:17 [Pub][ePrint] Randomizing the Montgomery Powering Ladder, by Duc-Phong Le \\and Chik How Tan \\and Michael Tunstall

  In this paper, we present novel randomized techniques to enhance Montgomery powering ladder. The proposed techniques increase the resistance against side-channel attacks and especially recently published correlation collision attacks in the horizontal setting. The first of these operates by randomly changing state such that the difference between registers varies, unpredictably, between two states. The second algorithm takes a random walk, albeit tightly bounded, along the possible addition chains required to compute an exponentiation. We also generalize the Montgomery powering ladder and present randomized (both left-to-right and right-to-left) $m$-ary exponentiation algorithms.



09:17 [Pub][ePrint] Single-Cycle Implementations of Block Ciphers, by Pieter Maene and Ingrid Verbauwhede

  Security mechanisms to protect our systems and data from malicious adversaries have become essential. Strong encryption algorithms are an important building block of these solutions. However, each application has its own requirements and it is not always possible to find a cipher that meets them all. This work compares unrolled combinatorial hardware implementations of six lightweight block ciphers, along with an AES implementation as a baseline. Up until now, the majority of such ciphers were designed for area-constrained environments where speed is often not crucial, but recently the need for single-cycle, low-latency block ciphers with limited area requirements has arisen to build security architectures for embedded systems. Our comparison shows that some designers are already on this track, but a lot of work still remains to be done.



09:17 [Pub][ePrint] Diversity and Transparency for ECC, by Jean-Pierre Flori and Jérôme Plût and Jean-René Reinhard and Martin Ekerå

  Generating and standardizing elliptic curves to use

them in a cryptographic context is a hard task.

In this note, we don\'t make an explicit proposal

for an elliptic curve, but we deal with the following

issues.

Security: We give a list of criteria that should be

satisfied by a secure elliptic curve. Although a few

of these criteria are incompatible, we detail what we

think are the best choices for optimal security.

Transparency: We sketch a way to generate a

curve in a fully transparent way so that it can be

trusted and not suspected to belong to a (not publicly

known to be) vulnerable class. In particular, since the

computational cost of verifying the output of such a

process may be quite high, we sketch out the format

of a certificate that eases the computations. We think

that this format might deserve being standardized.



09:17 [Pub][ePrint] A Hybrid Gaussian Sampler for Lattices over Rings, by Léo Ducas and Thomas Prest

  Gaussian sampling over lattices is a cornerstone of lattice-based cryptography as it allows to build numerous cryptographic primitives. There are two main algorithms performing this task. The first one is due to Klein (SODA 2000) and Gentry, Peikert and Vaikuntanathan (STOC 2008), and outputs vectors of good quality but runs rather slowly, in quadratic time. The second one is due to Peikert (CRYPTO 2010) and outputs vectors of slightly worse quality, but can be made to run in quasilinear time in the ring setting.

We present a Gaussian Sampler optimized for lattices over the ring of integer of a cyclotomic number field. At a high-level it works as Klein\'s sampler but uses an efficient variant of Peikert\'s sampler as a subroutine. The result is a new sampler that samples vectors with a quality close to Klein\'s sampler and achieves the same quasilinear complexity as Peikert\'s sampler. In practice, we get close to the best of both worlds.



09:17 [Pub][ePrint] Cryptanalysis of a modern rotor machine in a multicast setting, by Shane Kepley and David Russo and Rainer Steinwandt

  At FSE \'93, Anderson presented a modern byte-oriented ro-

tor machine that is suitable for fast software implementation. Building

on a combination of chosen ciphertexts and chosen plaintexts, we show

that in a setting with multiple recipients the recovery of an (equivalent) secret key can be feasible within minutes in a standard computer algebra system.





2015-07-01
18:16 [Job][New] Two permanent academic posts in Secure Systems at Surrey, University of Surrey

  The Department of Computer Science at the University of Surrey invites applications for two permanent posts of Lecturer (Assistant Professor) in Secure Systems.

The Department of Computer Science embodies the ethos of “applying theory into practice” across its research and teaching activities and is currently ranked 8th in the Guardian League table. Its research activities are focused into two research groups: Secure Systems, and Nature Inspired Computing and Engineering (NICE). These appointments are to enhance the activities of the Secure Systems group. Surrey is recognised as an Academic Centre of Excellence for Cyber Security Research by GCHQ. This is an exciting opportunity in a department that is growing its reputation for delivering quality interdisciplinary and applied research based on strong fundamental principles.

The candidates for the Lectureships will conduct research in areas such as security analysis of systems, cyber-physical and embedded systems security, data privacy or mobile security. We are seeking individuals who can contribute to fundamental research and turn it into practice. An ability to produce high quality outputs is also required.

We are looking for individuals who can inspire students through their curiosity for leading-edge aspects of technology. In particular, the teaching duties of the role includes: delivering high quality teaching to all levels of students, supervising undergraduate project students and postgraduate dissertations and contributing to the teaching of security and other practical areas of Computer Science, such as networking and software engineering.

These are full-time and permanent positions. We would expect appointed candidates to start from September 2015 or as soon as possible thereafter.