IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
01 October 2015
Kaoutar Elkhiyaoui, Melek \\\"Onen, Refik Molva
Mridul Nandi, Tapas Pandit
Following the CCA conversions of Yamada et al. (PKC 2011, 2012) and Nandi et al. (ePrint Archive: 2015/457), one can have CCA secure PE from CPA-secure PE if the primitive PE has either verifiability or delegation. We show that the fully secure CPA-construction of Attrapadung holds the verifiability if we assume a very simple condition on the underlying pair encoding scheme. The aforesaid approach degrades the performance of the resultant CCA-secure PE scheme. As an alternative, we provide a direct fully secure CCA-construction for PE from the pair encoding schemes. This costs an extra computation of group element in encryption and an extra pairing computation in decryption as compared to CPA-construction of Attrapadung.
The predicate signcryption (PSC) is a super class of the existing class, attribute-based signcryption (ABSC), where the confidentiality, unforgeability and signer privacy are well preserved. By combining the proposed frameworks for PS and PE, we provide a generic construction for PSC from the pair encodings. It achieves the perfect privacy, and the strong unforgeability and CCA security in the adaptive-predicates model. The construction has the support of ``combined-setup\'\', where the distribution of public parameters and keys in the (implicit) signature and encryption schemes are identical. The instantiations of the proposed PSC, provide many new schemes, e.g., the first PSC schemes for regular languages, the first ABSC with either constant-size signatures or constant-size keys, the unbounded ABSC with large universes in adaptive-predicates model etc.
30 September 2015
University of Luxembourg, Luxembourg City, Luxembourg
More information is available at:
http://emea3.mrted.ly/trc1
If you are interested, please apply via this link. Applications will be considered as soon as they are received.
Luca Melis, Hassan Jameel Asghar, Emiliano De Cristofano, Mohamed Ali Kaafar
In this paper, we investigate the use of cryptographic primitives for processing outsourced network functions, so that the provider does not learn any sensitive information. We present a cryptographic treatment of privacy-preserving outsourcing of network functions, introducing security definitions as well as an abstract model of generic network functions, and then propose a few instantiations using partial homomorphic encryption and public-key encryption with keyword search. We show a proof-of-concept implementation of our constructions and show that network functions can be privately processed by an untrusted cloud provider in a few milliseconds.
Shota Goto, Junji Shikata
Mahdi Cheraghchi
Using algebraic geometry codes instead of Reed-Solomon codes, we decrease the share length to a constant (only depending on $\\delta$) while the number of shares $n$ can grow independently. In this case, when $n$ is large enough, the scheme satisfies the \"threshold\" requirement in an approximate sense; i.e., any set of $\\delta n(1+\\rho)$ honest parties, for arbitrarily small $\\rho > 0$, can efficiently reconstruct the secret.
28 September 2015
Dong Pyo Chi, Jeong Woon Choi, Jeong San Kim, Taewan Kim
not to a novice.
Many fundamental problems about lattice are thought to be hard even against quantum computer, compared to factorization problem which can be solved easily with quantum computer, via the celebrated Shor factorization quantum algorithm. The rst part of our presentation is based on slides of Christ Peikert 2013 Bonn lecture (crypt@b-it2013). We, more or less, give somewhat detailed explanation of Professor Peikert\'s lecture slides. We unfortunately could not attend his Bonn class. We are afraid that there are many mistakes in this note; if any, they are due to our misunderstanding of the material. Part II of our lecture note is on ring LWE, based on the paper \\A tool-kit for Ring-LWE Cryptography\" by Lyubashevsky, Peikert and Regev. Part III is about multilinear maps together with cryptanalysis of GGH map due to Hu and Jia. Our presentation follows professor Steinfeld\'s lecture slides on GGHLite, and the paper by Yupu Hu and Huiwen Jia. When you read this lecture note, the corresponding original paper should be accompanied. We thank professor Jung Hee Cheon for introducing the subject and asking Dong Pyo Chi to give a lecture on the subject at the department of mathematics in Seoul National University. We also thank Hyeongkwan Kim for many helps, especially many corrections and improvements of the manuscript during the 2015 Summer session at UNIST. We also thank the students who took the classes at SNU and UNIST. The lecture was given by a novice for novice, so many mistakes are unavoidable. If the reader lets us know any errors, we will very much appreciate it.
Chris Peikert
problems on point lattices in $\\R^{n}$ as the foundation for secure
cryptographic constructions. Attractive features of lattice
cryptography include: apparent resistance to quantum attacks
(in contrast with most number-theoretic cryptography), high asymptotic
efficiency and parallelism, security under worst-case
intractability assumptions, and solutions to long-standing open
problems in cryptography.
This work surveys most of the major developments in lattice
cryptography over the past ten years. The main focus is on the
foundational short integer solution (SIS) and learning
with errors (LWE) problems (and their more efficient ring-based
variants), their provable hardness assuming the worst-case
intractability of standard lattice problems, and their many
cryptographic applications.
Almog Benin, Sivan Toledo, Eran Tromer
First, we define a user-interface primitive, oblivious comparison, that allows users to approve authentic associations and abort compromised ones. This distills and generalizes several existing approve/abort mechanisms, and moreover we experimentally show that OC can be implemented using very little hardware: one LED and one switch.
Second, we provide a new Message Recognition Protocol (MRP) that allows devices associated using oblivious comparison to exchange authenticated messages without the use of public-key cryptography (which exceeds the capabilities of many IoT devices). This protocol improves upon previously proposed MRPs in several respects.
Third, we propose a robust definition of security for MRPs that is based on universal composability, and show that our MRP satisfies this definition.
Brice Minaud, Pierre-Alain Fouque
Ben Smyth
Tung Chou
There have been many papers analyzing elliptic-curve speeds on Intel chips, and they all use Intel\'s serial 64 x 64 -> 128-bit multiplier for field arithmetic. These papers have ignored the 2-way vectorized 32 x 32 -> 64-bit multiplier on Sandy Bridge and Ivy Bridge: it seems obvious that the serial multiplier is faster. However, this paper uses the vectorized multiplier. This is the first speed record set for elliptic-curve cryptography using a vectorized multiplier on Sandy Bridge and Ivy Bridge. Our work suggests that the vectorized multiplier might be a better choice for elliptic-curve computation, or even other types of computation that involve prime-field arithmetic, even in the case where the computation does not exhibit very nice internal parallelism.
Palash Sarkar, Shashank Singh
Changyu Dong, Franziskus Kiefer
Alex Biryukov, Dmitry Khovratovich
far made it an easy prey for GPU-, ASIC-, and botnet-equipped users. The attempts to rely on
memory-intensive computations in order to remedy the disparity between architectures have
resulted in slow or broken schemes.
In this paper we solve this open problem and show how to construct an \\emph{asymmetric} proof-of-work (PoW) based on a computationally hard problem, which requires a lot of memory to generate a proof (called \"memory-hardness\" feature) but is instant to verify. Our primary proposal is a PoW based on the
generalized birthday problem and enhanced Wagner\'s algorithm for it. We introduce the new technique of \\emph{algorithm binding} to prevent cost amortization and demonstrate that possible parallel implementations are constrained by memory bandwidth. Our scheme has tunable and steep time-space tradeoffs, which impose large computational penalties if less memory is used.
Our solution is practical and ready to deploy: a reference implementation of a proof-of-work requiring 700 MB of RAM runs in 30 seconds on a 1.8 GHz CPU,
increases the computations by the factor of 1000 if memory is halved, and presents a proof of just 148 bytes long.
Yi-Ruei Chen, Shiuan-Tzuo Shen, Wen-Guey Tzeng
By using our WEE scheme, we propose five secure outsourcing protocols of Gaussian elimination, Gaussian-Jordan elimination, matrix determinant, linear system solver, and matrix inversion. Each of these protocols preserves data privacy for clients (data owners). Furthermore, the linear system solver and matrix inversion protocols provide a cheating-resistant mechanism to verify correctness of computation results. Our experimental result shows that our protocols gain efficiency significantly for an outsourcer. Our outsourcing protocol solves a linear system of n = 1, 000 equations and m = 1, 000 unknown variables about 472 times faster than a non-outsourced version. The efficiency gain is more substantial when (n, m) gets larger. For example, when n = 10, 000 and m = 10, 000, the protocol can solve it about 56, 274 times faster. Our protocols can also be easily implemented in parallel computation architecture to get more efficiency improvement.
Maryam Rajabzadeh Asaar, Mahmoud Salmasizadeh, Mohammad Reza Aref
in which some parts of messages are not transmitted
with signatures to make them shorter are useful where
bandwidth is one of the crucial concern and especially
in case of signing short messages in applications such
as time stamping, certified email services and identitybased
cryptosystems. In this paper, to have quantum-attackresistant
short signatures, a signature scheme with partially
message recovery from coding theory is proposed. The
security of the proposed scheme is proved under Goppa
Parametrized Bounded Decoding and the Goppa Code
Distinguishing assumptions in the random oracle model.
Relying on the partially message recovery property, the
proposal is shorter than the Dallot signature scheme, the
only provably secure and practical code-based signature
scheme. We should highlight that our scheme can be used
as a building block of code-based signature schemes with
additional properties since it compared to Dallot signature
scheme not only improves its communication overhead but
also it preserves its signature efficiency.
C\\\'e
necessary to recover information on the encryption key. By
analyzing the distribution of the random variables involved in the attack,
cryptographers aim to provide a good estimate of the data
complexity of such an attack. In this paper, we analyze the
hypotheses made in simple, multiple, and multidimensional
linear attacks that use either non-zero or zero correlations, and provide more accurate estimates of the data complexity of
these attacks. This is achieved by taking, for the first time, into consideration the key variance of the statistic for both
the right and wrong keys.
For the family of linear attacks we differentiate between the attacks which are performed in the known-plaintext
and those in the distinct-known-plaintext model. By this differentiation, we improve the
data complexity of some attacks by applying the distinct-known-plaintext model.
From the analysis provided in this paper, it follows that
the number of attacked
rounds in the multidimensional linear context is impacted by the fact that the expected capacity of a multidimensional linear
approximation for a random permutation is not equal to
zero as previously assumed. The impact of the result is relatively important, since it weakens most existing multidimensional linear attacks.
From the link between
differential and linear cryptanalysis we also derive a new estimate of the
data complexity of a truncated differential attack. The theory developed
in this paper is backed up by different experiments.
Seyed salman Sajjadi GhaemMaghami, Mahtab Mirmohseni, Afrooz Haghbin
Aydin Aysu, Ege Gulcan, Daisuke Moriyama, Patrick Schaumont, Moti Yung