IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
29 October 2015
Julia Hesse, Dennis Hofheinz, Andy Rupp
Intuitively, a reconfigurable cryptosystem allows to increase the security of the system at runtime, by changing a single central parameter we call common reference string (CRS). In particular, e.g., a cryptanalytic advance does not necessarily entail a full update of a large public-key infrastructure; only the CRS needs to be updated. In this paper we focus on the reconfigurability of encryption and signature schemes, but we believe that this concept and the
developed techniques can also be applied to other kind of cryptosystems.
Besides a security definition, we offer two reconfigurable encryption schemes, and one reconfigurable signature scheme. Our first reconfigurable encryption scheme uses indistinguishability obfuscation (however only in the CRS) to adaptively derive short-term keys from long-term keys. The security of long-term keys can be based on a one-way function, and the security of both the indistinguishability obfuscation and the actual encryption scheme can be increased on-the-fly, by changing the CRS. We stress that our scheme remains secure even if previous short-term secret keys are leaked.
Our second reconfigurable encryption scheme has a similar structure (and similar security properties), but relies on a pairing-friendly group instead of obfuscation. Its security is based on the recently introduced hierarchy of \\(k\\)-SCasc assumptions. Similar to the \\(k\\)-Linear assumption, it is known that \\(k\\)-SCasc implies \\((k+1)\\)-SCasc, and that this implication is proper in the generic group model. Our system allows to increase \\(k\\) on-the-fly, just by changing the CRS. In that sense, security can be increased without changing any long-term keys.
We also offer a reconfigurable signature scheme based on the same hierarchy of assumptions.
Dennis Hofheinz; Tibor Jager
Our construction can securely be instantiated in symmetric bilinear groups, based on any member of the (n-1)-linear assumption family with n >= 3. This includes, for example, the 2-linear assumption, which is also known as the decision linear (DLIN) assumption.
Thomas Peyrin, Yannick Seurin
CISPA, Saarland University, Germany
The position is part of the German IT-security center CISPA - Center for IT-Security, Privacy, and Accountability.
It addresses a broad range of research problems, from fundamental research questions to the development of new technologies and prototypic systems.
The close connection of the CISPA to the department of Computer Science (CS), the Max-Planck-Institute (MPI) for Informatics, the MPI for Software Systems, the German Research Center for Artificial Intelligence (DFKI), the Excellence Cluster Multimodal Computing and Interaction (MMCI), and the Graduate School for CS is of crucial importance for its success.
Collaboration with partners in the cross-border region SaarLorLux is explicitly supported by the “University of the Greater Region” project (http://www.uni-gr.eu).
Requirements:
- Outstanding scientific skills (publications in the leading international IT-security conferences),
- management skills and
- excellent teaching skills & strong dedication towards teaching (teaching language for Master studies and the graduate school is English).
Participation towards establishing the CISPA and the acquisition of projects is expected.
Aside from requirements by public sector employment law, necessary qualifications for hiring include a tertiary education, pedagogical suitability, the ability for scientific work, generally proven by the doctoral degree and additional scientific achievements.
In accordance with the promotion of women act, Saarland University aims to increase the proportion of women in this type of employment and actively encourages applications from women. For candidates with equal qualifications, preference will be given to p
University of Trier, Germany
The position is available immediately and is fully funded with an internationally competitive salary.
Contracts are initially offered for one year.
The deadline for applications is November 30th, 2015. Late applications will be considered until the position is filled.
See http://infsec.uni-trier.de/jobopenings for the official job announcement.
CISPA, Saarland University, Germany
The position is part of the German IT-security center CISPA - Center for IT-Security, Privacy, and Accountability.
It addresses a broad range of research problems, from fundamental research questions to the development of new technologies and prototypic systems.
The close connection of the CISPA to the department of Computer Science (CS), the Max-Planck-Institute (MPI) for Informatics, the MPI for Software Systems, the German Research Center for Artificial Intelligence (DFKI), the Excellence Cluster Multimodal Computing and Interaction (MMCI), and the Graduate School for CS is of crucial importance for its success.
Collaboration with partners in the cross-border region SaarLorLux is explicitly supported by the “University of the Greater Region” project (http://www.uni-gr.eu).
Requirements:
- Outstanding scientific skills (publications in the leading international IT-security conferences),
- management skills and
- excellent teaching skills & strong dedication towards teaching (teaching language for Master studies and the graduate school is English).
Participation towards establishing the CISPA and especially the acquisition of projects is expected.
Aside from requirements by public sector employment law, necessary qualifications for hiring include a tertiary education, pedagogical suitability, the ability for scientific work, generally proven by the doctoral degree, and additional scientific achievements (e.g., an excellent publication record).
In accordance with the promotion of women act, Saarland University aims to increase the proportion of women in this type of employment and actively encourages applications from women. For candidates with equal qualifications, preference will be given to peo
28 October 2015
David W. Archer, Dan Bogdanov, Benny Pinkas, Pille Pullonen
Masahiro Yagisawa
It is proved that if there exists the PPT algorithm that decrypts the plaintext from the ciphertexts of the proposed scheme, there exists the PPT algorithm that factors the given composite number modulus.
Magnus Gausdal Find, Daniel Smith-Tone, Meltem Sonmez Turan
as the minimum number of AND gates required to implement a given primitive by a circuit over the basis (AND, XOR, NOT). Implementations of ciphers with a small number of AND gates are preferred in protocols for fully homomorphic encryption, multi-party computation and zero-knowledge proofs. In 2002, Fischer and Peralta showed that the number of $n$-variable Boolean functions with multiplicative complexity one equals $2\\binom{2^n}{3}$. In this paper, we study Boolean functions with multiplicative complexity 2. By characterizing the structure of these functions in terms of affine equivalence relations, we provide a closed form formula for the number of Boolean functions with multiplicative complexity 2.
Andreas Hülsing, Joost Rijneveld, Peter Schwabe
We provide benchmarks for our implementation which show that this can be used in practice. To analyze the costs of using the stateless SPHINCS scheme instead of its stateful alternatives, we also implement XMSS^{MT} on this platform and give a comparison.
Subhamoy Maitra
Andrej Bogdanov; Chin Ho Lee
27 October 2015
Britta Hale, Christopher Carr, Danilo Gligoroski
Selcuk Kavut, Subhamoy Maitra
${GF(2^5)}^\\ast \\cdot {GF(2^3)}^\\ast$ as well as the group of Frobenius authomorphisms. Such Boolean functions posses nonlinearity greater than the bent concatenation bound, namely $2^{n-1} - 2^{\\frac{n-1}{2}}$. The next possible option for obtaining such functions is on $7 \\times 3 = 21$ variables. However, obtaining such functions remained elusive for more than three decades even after substantial efforts as evident in the literature. In this paper, we exploit combinatorial arguments together with heuristic search to demonstrate such functions for
the first time.
Jean-Sebastien Coron
Yan Huang, Ruiyu Zhu
In this work, we introduce XOR-Homomorphic Interactive Hash and propose an efficient implementation of this primitive by combining Reed-Solomon encoding and k-out-of-n oblivious transfers. We show how to apply this primitive to solve the performance-critical wire-soldering problem and propose a new LEGO-style cut-and-choose protocol. Comparing to previous LEGO-style protocols, ours only requires a single (as opposed to \"a majority of\") correctly garbled gate in each bucket to guarantee security against malicious adversaries. Plus, through integrating Half-Gates garbling, we double the chance a \"bad\" gate being detected in the check stage (compared to MiniLEGO). Our construction is more bandwidth-efficient than Lindell (CRYPTO, 2013) either when the circuit size N is sufficiently large, or when N is larger than a threshold solely determined by the ratio between the input and circuit sizes. E.g., we use less bandwidth for computing most linear and sub-linear functions.
Deploying a LEGO-style cut-and-choose protocol involves convoluted protocol parameter selection. To this end, we give a thorough analysis of the relations among all protocol parameters and propose efficient algorithms that automate the search for the optimal parameter configuration based on a requirement specification (i.e., the security parameters s,k and application parameter N) with provable accuracy.
Last, we formally prove a tight bound on the benefit of LEGO-style secure computation protocols, in the sense that the circuit duplication factor $\\kappa$ has to be larger than 2 and any $\\kappa > 2$ is indeed achievable. This corrects a common mistake of claiming LEGO cut-and-choose can reduce $\\kappa$ to $O(sk/ \\log N)$ since $2 \\not\\in O(sk/\\log N)$.
Gideon Samid
Marco Chiappetta, Erkay Savas, Cemal Yilmaz
26 October 2015
Vadim N.Tsypyschev
it is necessary to know rank estimations of separated sequences.
In this article we describe divisors of the minimal polynomial of the second p-adic
coordinate sequence of the linear recurrent sequence of maximal period/MP-LRS
over non-trivial Galois ring of odd characteristic in dependence of the initial vector
of this LRS.
Also we describe polynomials divisible by that minimal polynomial in dependence of the initial vector of this LRS.
As a corollary we get non-trivial upper and lower estimations for the rank of the
second coordinate sequence of such MP-LRS which provides us by possibility to use
it in pseudo-random generation.
We say that the Galois ring is non-trivial, if it differs from Galois field and from
quotient ring too.
These results were worked out with participation of V.L.Kurakin as a supervisor.
Author is very grateful to V.L.Kurakin for his participation in this work
Antonio Marcedone, Zikai Wen, Elaine Shi
Given the collective wisdom of our Cornell CS4830 students, we demonstrate an array of creative schemes using from 1 to 4 cards. Our students documented these solutions in a homework assignment, many of which are unanticipated by the instructor and the TAs. We had fun with students\' solutions and therefore would like to share them. Several of the students solutions are simpler than the standard textbook version by Boer et al., and we imagine that they could be useful for pedagogical purposes.