International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

13:32 [PhD][New] Dr. Ratna Dutta: Studies on Pairing-Based and Constant Round Dynamic Group Key Agreement Protocols

  Name: Dr. Ratna Dutta
Topic: Studies on Pairing-Based and Constant Round Dynamic Group Key Agreement Protocols
Category: (no category)

13:32 [PhD][New] Dr. Y. Sreenivasa Rao: Design and Analysis of Attribute-Based Cryptosystems using Bilinear Pairings

  Name: Dr. Y. Sreenivasa Rao
Topic: Design and Analysis of Attribute-Based Cryptosystems using Bilinear Pairings
Category: public-key cryptography

Description: Cryptosystems based on the attribute-based framework have recently acquired much\r\nimportance due to their enhanced functionality and flexibility, and\r\ntheir promising potential as a cryptographic platform for achieving advanced functionalities.\r\nHowever, attribute-based cryptosystems incur high communication and computation overheads which could impede their practical usage.\r\n%The main goal of this thesis is to design efficient and provably secure attribute-based cryptographic schemes with low communication and computation cost, using bilinear pairings.\r\nThis thesis aims at designing efficient and provably secure attribute-based cryptographic schemes allowing for expressive access policies with significantly low communication and computation cost, using bilinear pairings.\r\n\r\n The contributions of the thesis are manifold. We first propose two Key-Policy Attribute-Based Encryption (KP-ABE) schemes with constant-size ciphertext for Linear Secret-Sharing Scheme (LSSS)-realizable (monotone) access structures, supporting small universes of attributes. Among these, one scheme is Chosen Plaintext Attack (CPA) secure and the other is chosen ciphertext attack secure. We then extend these schemes to support not only the positive but also the negative attributes. Next, a CPA secure KP-ABE for large attribute universes is presented that features linear-size ciphertext and constant-size public parameters.\r\nLater, a dual-policy ABE with short ciphertext and constant-size ciphertext broadcast KP-ABE schemes are constructed.\r\n\r\n\r\n In all the aforementioned schemes, one fully trusted authority manages attributes and issues secret decryption keys to legitimate users.\r\nWe suggest a decentralized multi-authority Ciphertext-Policy ABE (dCP-ABE) for general monotone access structures. We incorporate the ciphertext access control policy in terms of minimal authorized sets in access structure, without using any secret-sharing scheme.\r\n\r\n Further, we present a key[...]

13:31 [PhD][New] Saqib A. Kakvi: On the Improvement of Security Proofs: Bridging the Gap between Theory and Practice

  Name: Saqib A. Kakvi
Topic: On the Improvement of Security Proofs: Bridging the Gap between Theory and Practice
Category: foundations


This Thesis makes a humble attempt to bridge the well-known gap between the use of cryptography in practice and the theory, or lack thereof, behind it. With a concentration on digital signature scheme, we endeavour forth to fill in the gaps and, as far as possible, join the two edges of our chasm. To this end, we start from primitives that lie close to, if not at the very edge, of one side and try to push ourselves closer and closer to the other end of the spectrum. \r\n


\r\nFor our first leap, we start from the side of practice. Our starting point is one of the most widely used and implemented signature schemes, RSA-FDH. Despite it\'s wide acceptance, RSA-FDH has a loose security proof and is not as theoretically secure as it is assumed to be in practice. Hence, we have found our first gap to bridge. We present a tight security proof for RSA-FDH which meets the security expectations that have until now, been assumed by practitioners.\r\n


\r\nThe next step sees us starting from the side of theory looking towards practice. Despite our satisfactory results vis à vis RSA-FDH, they are in the Random Oracle Model, which is shaky grounds at best. With this in mind, we look towards building tightly secure signatures in the standard model. Such signatures were known previously, but from a limited number of assumptions. We examined these schemes closer and were able to show a generic framework that was implicitly used to construct all of them. Utilising this framework we are able to construct tightly secure signatures from a multitude of assumptions. Sadly, our signatures fall a few hand spans short and are just gripping the edge of practicality.\r\n


\r\nThe final hop we make does not take us all the way from theory to practice, but some headway is gained. The last step could be seen not only as a bridge between theory and practice, but also between our first two results. Recent results have shown that using obfuscation, one can prove RSA-FD[...]

16:11 [Event][New] IFIP SEC 2016: 31th IFIP TC-11 SEC 2016 International InformationSecurity and Privacy Con

  Submission: 24 December 2015
Notification: 29 February 2016
From May 30 to June 1
Location: Ghent, Belgium
More Information:

15:17 [Pub][ePrint] Achieving Compactness Generically: Indistinguishability Obfuscation from Non-Compact Functional Encryption, by Prabhanjan Ananth and Abhishek Jain and Amit Sahai

  We show how to construct indistinguishability obfuscation (iO) for circuits from any non-compact functional encryption (FE) scheme with sub-exponential security against unbounded collusions. We accomplish this by giving a generic transformation from any such FE scheme into a compact FE scheme. By composing this with the transformation from sub-exponentially secure compact FE to iO (Ananth and Jain [CRYPTO\'15], Bitansky and Vaikuntanathan [FOCS\'15]), we obtain our main result.

Our result provides a new pathway to iO. For example, by combining our result with the FE scheme of Garg et al. [ePrint 2014/666], we obtain a new construction of iO based on the sub-exponential GGHZ assumption over composite-order multilinear maps.

We also identify a \"simple\" function family for FE that suffices for our general result. We show that the function family F is complete, where every f in F consists of three evaluations of a Weak PRF followed by finite operations. We believe that this may be useful for realizing iO from weaker assumptions in the future.

15:17 [Pub][ePrint] Same Value Analysis on Edwards Curves, by Rodrigo Abarzúa and Santi Martínez and Valeria Mendoza

  Recently, several research groups in cryptography have presented new elliptic curve model based on Edwards curves.

These new curves were selected for their good performance and security perspectives.

Cryptosystems based on elliptic curves in embedded devices can be vulnerable to Side-Channel Attacks (SCA), such as the Simple Power Analysis (SPA) or the Differential Power Analysis (DPA).

In this paper, we analyze the existence of special points whose use in SCA is known as Same Value Analysis (SVA), for Edwards curves. These special points show up as internal collisions under power analysis. Our results indicate that no Edwards curve is safe from such an attacks.

15:17 [Pub][ePrint] Compact Implementations of LEA Block Cipher for Low-End Microprocessors, by Hwajeong Seo and Zhe Liu and Jongseok Choi and Taehwan Park and and Howon Kim

  In WISA\'13, a novel lightweight block cipher named LEA

was released. This algorithm has certain useful features for hardware

and software implementations, i.e., simple ARX operations, non-S-box

architecture, and 32-bit word size. These features are realized in several

platforms for practical usage with high performance and low overheads.

In this paper, we further improve 128-, 192- and 256-bit LEA encryption

for low-end embedded processors. Firstly we present speed optimization

methods. The methods split a 32-bit word operation into four byte-wise

operations and avoid several rotation operations by taking advantages of

efficient byte-wise rotations. Secondly we reduce the code size to ensure

minimum code size.We nd the minimum inner loops and optimize them

in an instruction set level. After then we construct the whole algorithm

in a partly unrolled fashion with reasonable speed. Finally, we achieved

the fastest LEA implementations, which improves performance by 10.9%

than previous best known results. For size optimization, our implemen-

tation only occupies the 280B to conduct LEA encryption. After scaling,

our implementation achieved the smallest ARX implementations so far,

compared with other state-of-art ARX block ciphers such as SPECK and


15:17 [Pub][ePrint] Fully Homomorphic Encryption on Octonion Ring, by Masahiro Yagisawa

  In previous work(2015/474 in Cryptology ePrint Archive), I proposed a fully homomorphic encryption without bootstrapping which has the weak point in the enciphering function. In this paper I propose the improved fully homomorphic encryption scheme on non-associative octonion ring over finite field without bootstrapping technique. I improve the previous scheme by (1) adopting the enciphering function such that it is difficult to express simply by using the matrices and (2) constructing the composition of the plaintext p with two sub-plaintexts u and v. The improved scheme is immune from the \"p and -p attack\". The improved scheme is based on multivariate algebraic equations with high degree or too many variables while the almost all multivariate cryptosystems proposed until now are based on the quadratic equations avoiding the explosion of the coefficients. The improved scheme is against the Gröbner basis attack.

The key size of this scheme and complexity for enciphering /deciphering become to be small enough to handle.

15:17 [Pub][ePrint] On the Security of Extended Generalized Feistel Networks, by Manoj Kumar and Saibal K. Pal 1 and Anupama Panigrahi

  In this paper, we analyze the security claims of Extended Generalized Feistel Networks (EGFNs) schemes proposed by Berger et al [1]. We provide impossible differentials for 10 rounds of EGFNs with 16 branches which add up one round to the claim of 9 rounds in the impossible differential trail. Therefore, impossible differential trail covers 10 rounds for the EGFNs scheme, which is the best result on impossible differentials of EGFNs so far. We also provide several 10 round impossible differential trails to attack EGFNs based new cipher proposals. 𝒰-method is also used by authors to assert their claim for maximum number of rounds in impossible differential trails of EGFNs. This analysis indicates that 𝒰-method does not provide optimal results for this scheme.

15:17 [Pub][ePrint] Modern Cryptography Through the Lens of Secret Sharing, by Ilan Komargodski and Mark Zhandry

  Secret sharing is a mechanism by which a trusted dealer holding a secret ``splits\'\' the secret into many ``shares\'\' and distributes the shares to a collections of parties. Associated with the sharing is a monotone access structure, that specifies which parties are ``qualified\'\' and which are not: any qualified subset of parties can (efficiently) reconstruct the secret, but no unqualified subset can learn anything about the secret. In the most general form of secret sharing, the access structure can be any monotone NP language.

In this work, we consider two very natural extensions of secret sharing. In the first, which we call distributed secret sharing, there is no trusted dealer at all, and instead the role of the dealer is distributed amongst the parties themselves. Distributed secret sharing can be thought of as combining the features of multiparty non-interactive key exchange and standard secret sharing, and may be useful in settings where the secret is so sensitive that no one individual dealer can be trusted with the secret. Our second notion is called functional secret sharing, which incorporates some of the features of functional encryption into secret sharing by providing more fine-grained access to the secret. Qualified subsets of parties do not learn the secret, but instead learn some function applied to the secret, with each set of parties potentially learning a different function.

Our main result is that both of the extensions above are equivalent to several recent cutting-edge primitives. In particular, general-purpose distributed secret sharing is equivalent to witness PRFs, and general-purpose functional secret sharing is equivalent to indistinguishability obfuscation. Thus, our work shows that it is possible to view some of the recent developments in cryptography through a secret sharing lens, yielding new insights about both these cutting-edge primitives and secret sharing.

15:17 [Pub][ePrint] Solving LWE via List Decoding, by Mingqiang Wang and Xiaoyun Wang and Kunxian Xia and Jincheng Zhuang

  Learning with errors (LWE) was introduced by Regev in 2005, which enjoys attractive worst-case hardness properties. It has served as the foundation for a variety of cryptographic schemes. There are two main types of attacks against LWE: one for the decision version of LWE, the other for the search version of LWE.

In this paper, we apply the list decoding method to solve search version of LWE. Our algorithm runs in probabilistic polynomial time and results in specific security estimates for a large range of parameters. To our knowledge, it is the first time to apply the list decoding method to recover the key of LWE.

Our algorithm improves Laine and Lauter\'s result.