IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
01 September 2015
Zvika Brakerski, Craig Gentry, Shai Halevi, Tancrède Lepoint, Amit Sahai, Mehdi Tibouchi
ePrint Report
31 August 2015
Nicolas BRUNEAU, Sylvain GUILLEY, Zakaria NAJM, Yannick TEGLIA
ePrint ReportStill, they are known to be attackable at order $d$ in the case the masking involves $d$ shares.
In this work, we mathematically show that an attack of order strictly greater than $d$ can be more successful than an attack at order $d$.
To do so, we leverage the idea presented by Tunstall, Whitnall and Oswald at FSE 2013:
we exhibit attacks which exploit the multiple leakages linked to one mask during the recomputation of tables.
Specifically, regarding first-order table recomputation, improved by a shuffled execution, we show that there is a window of opportunity, in terms of noise variance, where a novel highly multivariate third-order attack is more efficient than a classical bivariate second-order attack.
Moreover, we show on the example of the high-order secure table computation presented by Coron at EUROCRYPT 2014 that the window of opportunity enlarges linearly with the security order $d$.
Hamza Abusalah, Georg Fuchsbauer, Krzysztof Pietrzak
ePrint ReportIn this paper we construct a witness encryption scheme where \\emph{encryption} is a single Naor-Yung encryption (two CPA-encryptions and one NIZK proof showing the ciphertexts encrypt the same message), so encryption can even be done on a smart card. To achieve this, our scheme has a setup phase, which outputs public parameters containing an obfuscated circuit (only required for decryption), two public keys for a standard public-key encryption scheme and a common reference string for the NIZK (used for encryption). This setup phase need only be run once, and the parameters can be used for arbitrary many encryptions. Our scheme can easily be turned into a \\emph{functional} WE scheme, where a message is encrypted w.r.t. a statement and a function $f$, and using a witness $w$ one learns $f(m,w)$.
Our construction and its proof are inspired by those of functional encryption by Garg et al. (FOCS 2013) and to prove (selective) security of our scheme we also assume indistinguishability obfuscation and statistically simulation-sound NIZK. We give a construction of the latter in bilinear groups and combining it with ElGamal encryption, our ciphertexts are of size 1.3 kB at a 128-bit security level.
David Wong
ePrint Report
Qianqian Yang, Lei Hu, Siwei Sun, Ling Song
ePrint Report
Vanga Odelu, Ashok Kumar Das, Adrijit Goswami
ePrint Reportrequire huge storage and computational overheads. Moreover, CP-ABE schemes based on bilinear map loose the high efficiency over the elliptic curve cryptography because of the requirement of the security parameters of larger size. These drawbacks prevent the use of ultra-low energy devices in practice. In this paper, we aim to propose a novel expressive AND-gate access structured CP-ABE scheme with constant-size secret keys (CSSK) with the cost efficient solutions for the encryption and decryption using ECC, called the CP-ABE-CSSK scheme. In the proposed CP-ABE-CSSK, the size of secret key is as small as 320 bits. In addition, ECC is efficient and more
suitable for the lightweight devices as compared to the bilinear pairing based cryptosystem. Thus, the proposed CP-ABE-CSSK scheme provides the low computation and storage overheads with an expressive AND-gate access structure as compared to the related existing schemes in the literature. As a result, our scheme is very suitable for CP-ABE key storage and computation cost in the ultra-low energy devices.
Jaap-Henk Hoepman, Wouter Lueks, Sietse Ringers
ePrint Report
David Derler, Daniel Slamanig
ePrint Report
Jeff Hoffstein, Jill Pipher, John M. Schanck, Joseph H. Silverman, William Whyte
ePrint Report
29 August 2015
Institute for Infocomm Research, Singapore
Job PostingInterested candidates please send CV to Jianying Zhou. Fresh PhD is welcome to apply. Review of applications will begin immediately and will continue until the positions are filled. Only short-listed candidates will be contacted for interview.
28 August 2015
Duc-Phong Le, Nadia El Mrabet, Chik How Tan
ePrint Report
Benjamin Wesolowski, Pascal Junod
ePrint Report
David McCann, Kerstin Eder, Elisabeth Oswald
ePrint Report
Mohammad Etemad, Alptekin Küpçü
ePrint ReportWe propose a new efficient key authentication service (KAS). It uses server-side gossiping as the source of trust, and assumes servers are not all colluding. KAS stores all keys of each user in a separate hash chain, and always shares the last ring of the chain among the servers, ensuring the users that all servers provide the same view about them (i.e., no equivocation takes place). Storing users\' keys separately reduces the server and client computation and communication dramatically, making our KAS a very efficient way of public key authentication. The KAS handles a key registration/change operation in O(1) time using only O(1) proof size; independent of the number of users. While the previous best proposal, CONIKS, requires the client to download 100 KB of proof per day, our proposal needs less than 1 KB of proof per key lifetime, while obtaining the same probabilistic guarantees as CONIKS.
Kazuo Sakiyama, Takanori Machida, Arisa Matsubara, Yunfeng Kuai, Yu-ichi Hayashi, Takaaki Mizuki, Noriyuki Miura, Makoto Nagata
ePrint Report
27 August 2015
Paris, France, September 11
Event CalendarLocation: Paris, France
More Information: https://www.cryptoexperts.com/wise2015/
26 August 2015
Nishanth Chandran, Srinivasan Raghuraman, Dhinakaran Vinayagamurthy
ePrint Report- A constrained PRF for arbitrary circuit predicates based on (n+l_{OR}-1)-linear maps (where n is the input length and l_{OR} denotes the OR-depth of the circuit).
- For circuits with a specific structure, we also show how to construct such PRFs based on (n+l_{AND}-1)-linear maps (where l_{AND} denotes the AND-depth of the circuit).
- We then give a black-box construction of a constrained PRF for NC1 predicates, from any bit-fixing constrained PRF that fixes only one of the input bits to 1; we only require that the bit-fixing PRF have certain key homomorphic properties. This gives us a constrained PRF for NC1 predicates that is based only on n-linear maps, with no dependence on the predicate.
In contrast, the previous constructions of constrained PRFs (Boneh and Waters, Asiacrypt 2013) required (n+l+1)-linear maps for circuit predicates (where l is the total depth of the circuit) and n-linear maps even for bit-fixing predicates.
- We also show how to extend our techniques to obtain a similar improvement in the case of ABE and construct ABE for arbitrary circuits based on (l_{OR}+1)-linear (respectively (l_{AND}+1)-linear) maps.
Shiuan-Tzuo Shen, Amir Rezapour, Wen-Guey Tzeng
ePrint Report
Syed Kamran Haider, Masab Ahmad, Farrukh Hijaz, Astha Patni, Ethan Johnson, Matthew Seita, Omer Khan
ePrint Report
Dario Catalano, Dario Fiore, Luca Nizzardo
ePrint Report(APHFs, for short), which adapts Programmable Hash Functions,
introduced by Hofheinz and Kiltz at Crypto 2008, with two main
differences. First, an APHF works over bilinear groups, and it
is asymmetric in the sense that, while only {\\em secretly} computable,
it admits an isomorphic copy which is publicly computable.
Second, in addition to the usual programmability, APHFs may have an
alternative property that we call {\\em programmable pseudorandomness}.
In a nutshell, this property states that it is possible to embed a
pseudorandom value as part of the function\'s output, akin to a random
oracle.
In spite of the apparent limitation of being only secretly
computable, APHFs turn out to be surprisingly powerful objects. We
show that they can be used to generically implement both regular and
linearly-homomorphic signature schemes in a simple and elegant way.
More importantly, when instantiating these generic constructions with
our concrete realizations of APHFs, we obtain:
(1) the {\\em first} linearly-homomorphic signature (in the standard
model) whose public key is {\\em sub-linear} in both the dataset size
and the dimension of the signed vectors;
(2) short signatures (in the standard model) whose public key is shorter
than those by Hofheinz-Jager-Kiltz from Asiacrypt 2011, and essentially
the same as those by Yamada, Hannoka, Kunihiro, (CT-RSA 2012).