Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:
To receive your credentials via mail again, please click here.
You can also access the full news archive.
Our result provides a new pathway to iO. For example, by combining our result with the FE scheme of Garg et al. [ePrint 2014/666], we obtain a new construction of iO based on the sub-exponential GGHZ assumption over composite-order multilinear maps.
We also identify a \"simple\" function family for FE that suffices for our general result. We show that the function family F is complete, where every f in F consists of three evaluations of a Weak PRF followed by finite operations. We believe that this may be useful for realizing iO from weaker assumptions in the future.
These new curves were selected for their good performance and security perspectives.
Cryptosystems based on elliptic curves in embedded devices can be vulnerable to Side-Channel Attacks (SCA), such as the Simple Power Analysis (SPA) or the Differential Power Analysis (DPA).
In this paper, we analyze the existence of special points whose use in SCA is known as Same Value Analysis (SVA), for Edwards curves. These special points show up as internal collisions under power analysis. Our results indicate that no Edwards curve is safe from such an attacks.
was released. This algorithm has certain useful features for hardware
and software implementations, i.e., simple ARX operations, non-S-box
architecture, and 32-bit word size. These features are realized in several
platforms for practical usage with high performance and low overheads.
In this paper, we further improve 128-, 192- and 256-bit LEA encryption
for low-end embedded processors. Firstly we present speed optimization
methods. The methods split a 32-bit word operation into four byte-wise
operations and avoid several rotation operations by taking advantages of
efficient byte-wise rotations. Secondly we reduce the code size to ensure
minimum code size.We nd the minimum inner loops and optimize them
in an instruction set level. After then we construct the whole algorithm
in a partly unrolled fashion with reasonable speed. Finally, we achieved
the fastest LEA implementations, which improves performance by 10.9%
than previous best known results. For size optimization, our implemen-
tation only occupies the 280B to conduct LEA encryption. After scaling,
our implementation achieved the smallest ARX implementations so far,
compared with other state-of-art ARX block ciphers such as SPECK and
The key size of this scheme and complexity for enciphering /deciphering become to be small enough to handle.
In this work, we consider two very natural extensions of secret sharing. In the first, which we call distributed secret sharing, there is no trusted dealer at all, and instead the role of the dealer is distributed amongst the parties themselves. Distributed secret sharing can be thought of as combining the features of multiparty non-interactive key exchange and standard secret sharing, and may be useful in settings where the secret is so sensitive that no one individual dealer can be trusted with the secret. Our second notion is called functional secret sharing, which incorporates some of the features of functional encryption into secret sharing by providing more fine-grained access to the secret. Qualified subsets of parties do not learn the secret, but instead learn some function applied to the secret, with each set of parties potentially learning a different function.
Our main result is that both of the extensions above are equivalent to several recent cutting-edge primitives. In particular, general-purpose distributed secret sharing is equivalent to witness PRFs, and general-purpose functional secret sharing is equivalent to indistinguishability obfuscation. Thus, our work shows that it is possible to view some of the recent developments in cryptography through a secret sharing lens, yielding new insights about both these cutting-edge primitives and secret sharing.
In this paper, we apply the list decoding method to solve search version of LWE. Our algorithm runs in probabilistic polynomial time and results in specific security estimates for a large range of parameters. To our knowledge, it is the first time to apply the list decoding method to recover the key of LWE.
Our algorithm improves Laine and Lauter\'s result.
the nonce and the authentication tag. These expansions can be problematic
when messages are relatively short and communication cost is high.
This paper studies a form of AE scheme whose ciphertext is only expanded by
nonce, with the help of stateful receiver which also enables detection of replays.
While there is a scheme having this feature, called AERO, proposed by McGrew and Foley,
there is no formal treatment based on the provable security framework.
We propose a provable security framework for such AE schemes, which we call MiniAE, and
show several secure schemes using standard symmetric crypto primitives.
Most notably, one of our schemes
has a similar structure as OCB mode of operation and uses only one blockcipher call
to process one input block, thus the computation cost is comparable to the
nonce-based encryption-only schemes.