IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
06 September 2016
Seung Geol Choi , Dana Dachman-Soled, Tal Malkin, Hoeteck Wee
ePrint ReportGuido Bertoni, Marco Martinoli
ePrint ReportMelissa Chase, Mary Maller, Sarah Meiklejohn
ePrint ReportZejun Xiang, Wentao Zhang, Dongdai Lin
ePrint ReportIn this paper we propose a new technique that achieves a trade-off between considering each bit independently and considering left and right halves as a whole, which is actually a trade-off between time-memory and the accuracy of the distinguishers. We proceed by splitting the state of {\sc Simon} into small pieces and study the division property propagations of circular shift and bitwise AND operations under the state partition. Moreover, we propose two different state partitions and study the influences of different partitions on the propagation of division property. We find that different partitions greatly impact the division property propagation of circular shift which will finally result in a big difference on the length of integral distinguishers. By using a tailored search algorithm for {\sc Simon}, we find 12-round integral distinguishers for {\sc Simon}48 and {\sc Simon}64 respectively, which improve Todo's results by one round for both variants.
05 September 2016
Abu Dhabi, UAE, 4 December - 7 December 2016
Event CalendarSubmission deadline: 5 August 2016
Notification: 25 September 2016
03 September 2016
Masoumeh Safkhani, Nasour Bagheri
ePrint ReportJung Hee Cheon, Damien Stehle
ePrint ReportH. Gopalakrishna Gadiyar, R. Padma
ePrint Report01 September 2016
Charanjit S. Jutla
ePrint Report31 August 2016
Sumanta Sarkar, Habeeb Syed
ePrint ReportRussell W. F. Lai, Raymond K. H. Tai, Harry W. H. Wong, Sherman S. M. Chow
ePrint ReportNotion-wise, our result shows that M-HS can act as a central notion since all its seemingly different extensions are all equivalent. In particular, this suggests that key-homomorphism and message-homomorphism in signatures are identical in nature. As a sample application, we show that M-KHS implies decentralized attribute-based signatures (D-ABS). Our work also provides the first (leveled) fully KHS and the first (D-)ABS for circuits from standard assumptions.
Surprisingly, there is a huge gap between homomorphism in a single space and in two spaces. Indeed all existing (leveled) fully homomorphic signature schemes support only a single signer. In the multi-space setting, we construct M-HS from any adaptive zero-knowledge succinct non-interactive argument of knowledge (ZK-SNARK) (and other standard assumptions). We also show that two-key HS implies functional signatures. Our study equips the literature with a suite of signature schemes allowing different kinds of flexible evaluations.
Kazuki Yoneyama, Reo Yoshida, Yuto Kawahara, Tetsutaro Kobayashi, Hitoshi Fuji, Tomohide Yamamoto
ePrint ReportTemasek Laboratories, National University of Singapore
Job PostingApplicants are expected to have a PhD degree in Mathematics/Computer Science/Engineering and a strong background in algebra or number theory.
Preferred candidates are expected to be proficient in C/C++ language, a team worker and able to conduct independent research.
Interested candidates will kindly email their CV to Dr Chik How Tan tsltch (at) nus.edu.sg.
Review of applications will start immediately until position is filled.
Closing date for applications: 15 October 2016
30 August 2016
Visa Research
Job PostingInterested candidates should kindly email their CV to research (at) visa (dot) com with the subject line Security Research Position.
Closing date for applications: 30 November 2016
Colin Chaigneau, Henri Gilbert
ePrint ReportIn this paper, we analyse the resilience of the latest algorithm version, AEZ v4.1 (October 2015), against key-recovery attacks. While AEZ modifications introduced in 2015 were partly motivated by thwarting a key-recovery attack of birthday complexity against AEZ v3 published at Asiacrypt 2015 by Fuhr, Leurent and Suder, we show that AEZ v4.1 remains vulnerable to a key-recovery attack of similar complexity and security impact. Our attack leverages the use, in AEZ, of an underlying tweakable block cipher based on a 4-round version of AES.
Although the presented key-recovery attack does not violate the security claims of AEZ since the designers made no claim for beyond-birthday security, it may be interpreted as an indication that AEZ does not meet in all respects the objective of being a highly conservative and misuse-resilient algorithm.
Jürgen Pulkus, Srinivas Vivek
ePrint ReportOn the theoretical side, we prove a logarithmic upper bound on the number of non-linear multiplications required to evaluate any \(d\)-bit S-box, when ignoring the cost of working in unreasonably large fields. This upper bound is lower than the previous lower bounds proved under the assumption of working over the field \(\mathbb{F}_{2^d}\), and we show this bound to be sharp. We also achieve a way to evaluate the AES S-box using only 3 non-linear multiplications over \(\mathbb{F}_{2^{16}}\).
Ian Miers, Payman Mohassel
ePrint ReportShuai Han, Shengli Liu, Lin Lyu
ePrint ReportIn this paper, we introduce a new concept _Authenticated Encryption with Auxiliary-Input_ AIAE and define for it new security notions dealing with related-key attacks, namely _IND-RKA security_ and _weak INT-RKA security. We also construct such an AIAE w.r.t. a set of restricted affine functions from the DDH assumption. With our AIAE,
-- we construct the first efficient KDM[$\mathcal F_{aff}$]-CCA secure PKE w.r.t. affine functions with compact ciphertexts, which consist only of a constant number of group elements;
-- we construct the first efficient KDM[$\mathcal F_{poly}^d$]-CCA secure PKE w.r.t. polynomials of bounded degree $d$ with almost compact ciphertexts, and the number of group elements in a ciphertext is polynomial in $d$, independent of the security parameter.
Our PKEs are both based on the DDH & DCR assumption, free of NIZK and free of pairing.