IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
06 November 2016
Leon Groot Bruinderink, Andreas Hülsing
In this work we analyze the security of the most prominent hash-based OTS, Lamport's scheme, its optimized variant, and WOTS, under different kinds of two-message attacks. Interestingly, it turns out that the schemes are still secure under two message attacks, asymptotically. However, for typical parameters this does not mean anything. Our results show that for Lamport's scheme, security only slowly degrades in the relevant attack scenarios and typical parameters are still somewhat secure, even in case of a two-message attack. As we move on to optimized Lamport and its generalization WOTS, security degrades faster and faster, and typical parameters do not provide a reasonable level security under two-message attacks.
Besides this destructive context, we also analyze two-message attacks in a constructive context that appears for example when OTS are used to prevent double-spending in bitcoin.
Chia-Mu Yu
Koji Nuida
A technical remark is that, the output of the random function in our example depends also on the party's input for our two-party protocol. But the author thinks that the true reason of such a paradoxical phenomenon is at another point. Namely, there is a famous \lq\lq clever'' technique for security proofs of two-party protocols, where a simulator for a party's view emulates a transcript during the protocol first, and then emulates the party's random tape depending consistently on the transcript. This is actually in the opposite order from real, where the transcript does depend on the random tape; and, in fact, we prove that such a problem caused by \lq\lq manipulated'' random tapes is prevented (at least under the two conditions for statistical security mentioned above) \emph{provided the simulator in the original security proof is constructed without this \lq\lq order-reversing'' technique}, even if the output of the random function still depends on the party's local input.
05 November 2016
McLean, USA, 1 May - 5 May 2017
Submission deadline: 15 November 2016
Notification: 31 January 2017
Clemson University, Clemson, SC
Closing date for applications: 15 November 2016
More information: https://www.mathjobs.org/jobs/jobs/9423
University of Surrey
Both posts are part of a strategic drive to strengthen and integrate our core safety and security activities within the Secure Systems group. One of the posts will aim to complement the recent appointment of Professor Liqun Chen.
We aim to attract candidates that will conduct research in areas such as trusted computing, safety verification, security verification, data privacy, cyber-physical and internet of things security, cloud or mobile security, machine learning and data analytics applied to security, human aspects of cyber security, formal methods and applied cryptography. We are seeking individuals that can contribute to fundamental research and turn it into practice. We welcome applications from candidates whose research areas complement the existing research of the group.
Closing date for applications: 2 December 2016
Contact: Helen Treharne,
Head of Department, Computer Science, University of Surrey
h.treharne (at) surrey.ac.uk
More information: http://jobs.surrey.ac.uk/083116
03 November 2016
Simon Cogliani, Rémi Géraud, David Naccache
"(...) not all of the $v_i$'s will be quadratic residues mod $n$. We overcome this technical difficulty with an appropriate perturbation technique (...)"
This perturbation technique is made more explicit in the associated patent application: "Each entity is allowed to modify the standard $v_j$ which are QNRs. A particularly simple way to achieve this is to pick a modulus $n=pq$ where $p=3 \bmod 8$ and $q=7 \bmod 8$, since then exactly one of $v_j,-v_j,2v_j,-2v_j$ is a QR mod $n$ for any $v_j$. The appropriate variant of each $v_j$ can be (...) deduced by the verifier himself during the verification of given signatures."
In this short note we clarify the way in which the verifier can infer by himself the appropriate variant of each $v_j$ during verification.
02 November 2016
Shi-Feng Sun, Joseph K. Liu, Amin Sakzad, Ron Steinfeld, Tsz Hon Yuen
Auckland, New Zealand, 3 July - 5 July 2017
Submission deadline: 26 February 2017
Notification: 7 April 2017
Madrid, Spain, 26 July - 28 July 2017
Submission deadline: 9 March 2017
Notification: 3 May 2017
Dawid Gawel, Maciej Kosarzecki, Poorvi L. Vora, Hua Wu, Filip Zagorski
In particular, we note that Apollo does not possess Helios' major known vulnerability, where a dishonest voting terminal can change the vote after it obtains the voter's credential. With Apollo-lite, votes not authorized by the voter are detected by the public and prevented from being included in the tally.
The full version of Apollo enables a voter to prove that her vote was changed. We also describe a very simple protocol for the voter to interact with any devices she employs to check on the voting system, to enable frequent and easy auditing of encryptions and checking of the bulletin board.
Zhiyuan Guo, Renzhang Liu, Wenling Wu, Dongdai Lin
In this paper, we study the cyclic structure of rotational-XOR diffusion layer, one of the commonly used linear layers over ${(\mathbb{F}_{\rm{2}}^b)^n}$, which consists of only rotation and XOR operations. First, we provide novel properties on this class of matrices, and prove the a lower bound on the number of rotations for $n \ge 4$ and show the tightness of the bound for $n=4$. Next, by precisely characterizing the relation among sub-matrices for each possible form, we can eliminate all the other non-optimal cases. Finally, we present a direct construction of such MDS matrices, which allows to generate $4 \times 4$ perfect instances for arbitrary $b \ge 4$. Every example contains the fewest possible rotations, so under this construction strategy, our proposal costs the minimum gate equivalents (resp. cyclic shift instructions) in the hardware (resp. software) implementation. To the best of our knowledge, it is the first time that rotational-XOR MDS diffusion layers have been constructed without any auxiliary search.
Maciej Skorski
With $n$ samples we approximate the collision entropy of $X$ within an additive factor of $O\left( 2^{2\Delta}\log^{\frac{1}{2}}(1/\epsilon) \right)$ with probability $1-\epsilon$, where $\Delta$ is a known (a priori) upper bound on the difference between Renyi entropies of $X$ of order 2 and 3 respectively.
In particular, we simplify and improve the previous result on estimating collision entropy due to Acharya et al. (SODA'15) up to a factor exponential in the entropy gap.
We also discuss applications of our bound in anomaly analysis, namely (a) detection of attacks against stateless sources in TRNGs, and (b) detection of DDoS attacks at network firewalls.
01 November 2016
Mures, Romania, 26 April - 28 April 2017
Submission deadline: 15 January 2017
Notification: 10 February 2017
Paris, France, 30 April 2017
Submission deadline: 10 December 2016
Notification: 20 January 2017
Addis Ababa, Ethiopia, 22 April - 24 April 2017
Submission deadline: 1 March 2017
Notification: 15 March 2017
Arka Rai Choudhuri, Subhamoy Maitra
31 October 2016
Alessandro Chiesa, Matthew Green, Jingcheng Liu, Peihan Miao, Ian Miers, Pratyush Mishra
Wheeler (1996) and Rivest (1997) proposed probabilistic payments as a technique to achieve micropayments: a merchant receives a macro-value payment with a given probability so that, in expectation, he receives a micro-value payment. Despite much research and trial deployment, micropayment schemes have not seen adoption, partly because a trusted party is required to process payments and resolve disputes.
The widespread adoption of decentralized currencies such as Bitcoin (2009) suggests that decentralized micropayment schemes are easier to deploy. Pass and Shelat (2015) proposed several micropayment schemes for Bitcoin, but their schemes provide no more privacy guarantees than Bitcoin itself, whose transactions are recorded in plaintext in a public ledger.
We formulate and construct *decentralized anonymous micropayment* (DAM) schemes, which enable parties with access to a ledger to conduct offline probabilistic payments with one another, directly and privately. Our techniques extend those of Zerocash (2014) with a new probabilistic payment scheme; we further provide an efficient instantiation based on a new fractional message transfer protocol.
Double spending in our setting cannot be prevented. Our second contribution is an economic analysis that bounds the additional utility gain of any cheating strategy, and applies to virtually any probabilistic payment scheme with offline validation. In our construction, this bound allows us to deter double spending by way of advance deposits that are revoked when cheating is detected.
Stanislaw Jarecki
However, the lower-bound of [8] does not disallow constant-round covert computation given some relaxation in the computation model. Indeed, in this work we propose the rst constant-round protocol for covert Two-Party Computation (2PC) of general functions, secure against malicious adversaries under concurrent composition, assuming the Common Reference String (CRS) model. Our protocol is a covert variant of a well-known paradigm in standard, i.e. non-covert, secure 2PC, using cut-and-choose technique over O(security parameter) copies of Yao's garbled circuit, and its efficiency is only a constant factor away from non-covert secure 2PC protocols that use cut-and-choose over garbled circuits.