IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
26 October 2015
Allison Bishop, Valerio Pastro, Rajmohan Rajaraman, Daniel Wichs
In this scenario, to share an $m$-bit message with a reconstruction failure probability of at most $2^{-k}$, a known lower-bound shows that the share size must be at least $m + k$ bits. On the other hand, all prior constructions have share size that scales linearly with the number of parties $n$, and the prior state-of-the-art scheme due to Cevallos et al. (EUROCRYPT \'12) achieves $m + \\widetilde{O}(k + n)$.
In this work, we construct the first robust secret sharing scheme in the maximal corruption setting with $n=2t+1$, that avoids the linear dependence between share size and the number of parties $n$. In particular, we get a share size of only $m + \\widetilde{O}(k)$ bits. Our scheme is computationally efficient and relies on approximation algorithms for the minimum graph bisection problem.
Dieter Schmidt
and PAGES [9]. The block length was increased vom 128 bit to 512 bit
and additional rounds were introduced to make the cipher more resistent
against attacks. The number of rounds are 64, 96, and 128. The key size
are 1024 bit, 1536 bit, and 2048 bit, respectively. The size of variables, as
with PAGES, is 128 bit. Thus the variables can be stored in registers of the
microprocessors of two leading suppliers. As with Speck, PAGES+ utilizes
instructions with a low latency, such as addition modulo 2 128 , subtraction
modulo 2 128 , XOR, and circular shifts (rotation). All these instructions are
usually carried out within a few cycles. Hence despite the number of rounds
is considerable, PAGES+ has a high software throughput. For a processor
with a frequency of 2.5 GHz, the software throughput with the optimized
version of the reference implementation is 30 megabyte per second with a
key length of 2048 bit and a number of rounds of 128. In hardware or the
implementation on a FPGA a considerable performance is expected, yet
with a limited expense.
PAGES- is a family of block ciphers based on block ciphers Speck [2]
and PAGES [9]. The block length was increased vom 128 bit to 256 bit
and additional rounds were introduced to make the cipher more resistent
against attacks. The number of rounds are 32, 48, 64, 96, and 128. The key
size are 256 bit, 384 bit, 512 bit, 768 bit, and 1024 bit, respectively. The
size of variables, as with Speck, is 64 bit. As with Speck, PAGES- utilizes
instructions with a low latency, such as addition modulo 2 64 , subtraction
modulo 2 64 , XOR, and circular shifts (rotation). All these instructions are
usually carried out within one cycle. Hence despite the number of rounds
is considerable, PAGES- has a high software throughput. For a processor
with a frequency of 2.5 GHz, the software throughput with the optimized
version of the reference implementation is 80 megabyte per second with a
key length of 1024 bit and a number of rounds of 128.
PAGES- is a family of block ciphers based on block ciphers Speck [2]
and PAGES [9]. The block length was increased vom 128 bit to 512 bit and
additional rounds were introduced to make the cipher more resistent against
attacks. The number of rounds are 32, 48, 64, 96, and 128. The key size are
512 bit, 768 bit, 1024 bit, 1536 bit, and 2048 bit respectively. The size of
variables, as with Speck, is 64 bit. For a processor with a frequency of 2.5
GHz, the software throughput with the optimized version of the reference
implementation is 65 megabyte per second with a key length of 2048 bit and
a number of rounds of 128.
Yoshinori Aono, Le Trieu Phong, Lihua Wang
Taechan Kim
Barbulescu, Gaudry, and Kleinjung in Asaicrypt 2015.
Our generalization based on the JLSV algorithm (by Joux, Lercier, Smart, and Vercautern, Crypto 2006) shows that one can solve the discrete logarithm over
the field $\\F_Q := \\F_{p^n}$ in time complexity,
L_Q( 1/3, (64/9)^{1/3} ), for p = L_Q( \\ell_p) with some \\ell_p > 1/3.
This should be compared that the previous NFS algorithms only assures
this bound either when $\\ell_p > 2/3$ (the JLSV algorithm) or
when $p$ is of special form when $1/3 < \\ell_p < 2/3$
(by Joux and Pierrot, Pairing 2013).
Even more, when we apply some variants (such as the multiple number field sieve
or the special number field sieve) to our algorithm, then we show that the above
complexity is further improved.
Hristina Mihajloska, Danilo Gligoroski, Simona Samardjiska
Dave Singel\\\'ee, Stefaan Seys, Lejla Batina, Ingrid Verbauwhede
23 October 2015
Graz University of Technology
- Dependable Wireless Communication and Localization
- Dependable Embedded Computing
- Dependable Composition of Smart Things
- Dependable Networked Control
One of the open PhD positions is dedicated to cryptography and security in the Internet of Things. A main focus in this context is in particular on security against all kinds of side-channel attacks.
For more details on the project and on the application procedure, please follow the link provided below.
Aggelos Kiayias, Giorgos Panagiotakos
in cryptocurrencies that are based on proof of work (POW) such as Bitcoin. At an intuitive level it is widely understood that processing speed is at odds with the security aspects of the underlying POW based consensus mechanism of such protocols, nevertheless the tradeoff between the two properties is still not well understood.
In this work, motivated by recent work \\cite{GKL15}
in the formal analysis of the Bitcoin backbone protocol,
we investigate the tradeoff between provable security and transaction processing speed viewing the latter as a function of the block generation rate.
%
We introduce a new formal property of blockchain protocols,
called {\\em chain growth}, and we show it is fundamental
for arguing the security of a robust transaction ledger.
%
We strengthen the results of \\cite{GKL15} showing for the
first time that reasonable security bounds hold even for the faster (than Bitcoin\'s) block
generation rates that have been adopted by several major ``alt-coins\'\' (including Litecoin, Dogecoin etc.).
%
We then provide a first formal security proof of the GHOST rule for blockchain protocols. The GHOST rule was put forth in \\cite{SZ13} as a mechanism to improve transaction processing speed and a variant of the rule is adopted by Ethereum.
Our security analysis of the ``GHOST backbone\'\' matches our new analysis for Bitcoin in terms of the common prefix property but falls short in terms of chain growth where we provide an attack that substantially
reduces the chain speed compared to Bitcoin. While our results establish the GHOST variant as a provably secure alternative to standard Bitcoin-like transaction ledgers they also highlight potential shortcomings in terms of processing speed compared to Bitcoin.
%
We finally present attacks and simulation results against blockchain protocols (both for Bitcoin and GHOST) that present natural upper barriers for the speed-security tradeoff.
By combining our positive and negative results we map the speed/security domain for blockchain protocols and list open problems for future work.
Aanchal Malhotra, Isaac E. Cohen, Erik Brakke, Sharon Goldberg
Katsuyuki Takashima
Steven D. Galbraith, Pierrick Gaudry
Prabhanjan Ananth, Abhishek Jain, Amit Sahai
In this work, we construct the first iO scheme that achieves only a constant multiplicative overhead (in fact, the constant is 2) in the size of the program. The security of our construction requires the existence of sub-exponentially secure iO for circuits (that has any polynomial multiplicative overhead in the circuit size) and one-way functions.
Hwajeong Seo, Zhe Liu, Yasuyuki Nogami, Jongseok Choi, Taehwan Park, Howon Kim
21 October 2015
University of Michigan Transportation Institute, Ann Arbor, USA
Prague, Czech Republic, January 20
Notification: 15 December 2015
From January 20 to January 20
Location: Prague, Czech Republic
More Information: http://www.cs2.deib.polimi.it/
20 October 2015
Avijit Dutta, Goutam Paul
NI-MAC in the view of structure graph introduced by Bellare et al. in
CRYPTO 2005 and gave a tight bound of order $\\frac{lq^{2}}{2^{n}}$, which is an improvement over the trivial bound of order $\\frac{l^{2}q^{2}}{2^{n}}$, for $q$ queries, each of length at most $\\ell$ blocks. But this is again restricted to the birthday security. In order to prove the security of NI-MAC, Gazi et al. (CRYPTO 2014) introduced a variant of NI-MAC, called NI2-MAC and analyzed the advantage of NI2 MAC. Then he showed that the same proof technique will be applied to the security analysis of NI-MAC. In this paper, we lift the birthday bound of NI2-MAC construction to beyond birthday $O(q^2l^4/2^{2n})$ by a small change in the existing construction with one extra invocation of a independent keyed function. Finally, we argue how to lift the security of NI-MAC to beyond birthday using the security proof for NI2-MAC.
Nishanth Chandran, Vipul Goyal, Aayush Jain, Amit Sahai
While FE is a very powerful primitive, a key downside is the requirement of a central point of trust. FE requires the assumption of a central trusted authority which performs the system setup as well as manages the credentials of every party in the system on an ongoing basis. This is in contrast to public key infrastructure which may have multiple certificate authorities and allows a party to have different (and varying) level of trust in them.
In this work, we address this issue of trust in two ways:
\\begin{itemize}
\\item First, we ask how realistic it is to have a central authority that manages all credentials and is trusted by everyone? For example, one may need to either obtain the permission of an income tax official or the permission of the police department and a court judge in order to be able to obtain specific financial information of a user from encrypted financial data. Towards that end, we introduce a new primitive that we call {\\em Multi-Authority Functional Encryption} (MAFE) as a generalization of both Functional Encryption and Multi-Authority Attribute-Based Encryption (MABE). We show how to obtain MAFE for arbitrary polynomial-time computations based on
subexponentially secure indistinguishability obfuscation and injective one-way functions.
\\item Second, we consider the notion of \\emph{delegatable} functional encryption where any user in the system may independently act as a key generation authority. In delegatable FE, any user may derive a decryption key for a policy which is ``more restrictive\" than its own. Thus, in delegatable functional encryption, keys
can be generated in a hierarchical way, instead of directly by a central authority. In contrast to MAFE, however, in a delegatable FE scheme, the trust still ``flows\'\' outward from the central authority.
\\end{itemize}
Finally, we remark that our techniques are of independent interest: we construct FE in arguably a more natural way where a decryption key for a function $f$ is simply a signature on $f$. Such a direct approach allows us to obtain a construction with interesting properties enabling multiple authorities as well as delegation.
N. Koblitz, A. Menezes
cryptography (PQC). This announcement will be a great stimulus to the development, standardization, and commercialization of new quantum-safe algorithms. However, certain peculiarities in the wording and timing of the statement have puzzled many people and given rise to much speculation concerning the NSA, elliptic curve cryptography (ECC), and quantum-safe cryptography. Our purpose is to attempt to evaluate some of the theories that have been proposed.
Aalto University, Finland
The Cryptography Group of Department of Computer Science at Aalto University is looking for a talented doctoral student in cryptographic engineering. The topics of this doctoral position are related to secure and efficient cryptography in wireless sensor networks and devices for the Internet of Things. The exact topic will be decided together with the doctoral student based on his/her background and research interests.
The duration of the project is three years starting from December 2015 or January 2016, and the contract is made for one year at a time. A candidate should have completed a Master (or equivalent) degree in computer science, electrical engineering, mathematics, or other related field. We expect experience at least in some of the following topics: cryptography, side-channel attacks and countermeasures, digital design, embedded systems, and programming (in particular VHDL and/or C). The candidate must be motivated, capable to take initiative, work independently, and be fluent in both written and spoken English.
Applications should include a motivation letter, a full CV with the grade transcript, and contact information for a couple of references (no reference letters). Applications should be sent by email to Kimmo Järvinen.
The applications will be reviewed immediately and the position will be filled when a suitable candidate is found.
Calgary, Canada, August 15 - August 17
Location: Calgary, Canada
More Information: http://sacconference.org/