IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
28 May 2017
Yusuke Naito
ePrint ReportIn this paper, we present a TBC, XKX, that offers efficient blockcipher-based AE schemes with BBB security, by combining with efficient TBC-based AE schemes such as $\Theta$CB and $\mathbb{OTR}$. XKX is a combination of two TBCs, Minematsu's TBC and Liskov et al.'s TBC. In the XKX-based AE schemes, a nonce and a counter are taken as tweak; a nonce-dependent blockcipher's key is generated by using a pseudo-random function $F$ (from Minematsu); a counter is inputted to an almost xor universal hash function, and the hash value is xor-ed with the input and output blocks of a blockcipher with the nonce-dependent key (from Liskov et al.). For each query to the AE scheme, after the nonce-dependent key is generated, it can be reused, thereby a blockcipher is called once for each data block. We prove that the security bounds of the XKX-based AE schemes become roughly $\ell^2 q/2^n$, where $q$ is the number of queries to the AE scheme, $n$ is the blockcipher size, and $\ell$ is the number of blockcipher calls in one AE evaluation. Regarding the function $F$, we present two blockcipher-based instantiations, the concatenation of blockcipher calls, $F^{(1)}$, and the xor of blockcipher calls, $F^{(2)}$, where $F^{(i)}$ calls a blockcipher $i+1$ times. By the PRF/PRP switch, the security bounds of the XKX-based AE schemes with $F^{(1)}$ become roughly $\ell^2 q/2^n + q^2/2^n$, thus if $\ell \ll 2^{n/2}$ and $q \ll 2^{n/2}$, these achieve BBB security. By the xor construction, the security bounds of the XKX-based AE schemes with $F^{(2)}$ become roughly $\ell^2 q/2^n + q/2^n$, thus if $\ell \ll 2^{n/2}$, these achieve BBB security.
Riham AlTawy, Muhammad ElSheikh, Amr M. Youssef, Guang Gong
ePrint ReportIn this work, we present a blockchain-based physical delivery system called Lelantos that within a realistic threat model, offers customer anonymity, fair exchange and merchant-customer unlinkability. Our system is inspired by the onion routing techniques which are used to achieve anonymous message delivery. Additionally, Lelantos relies on the decentralization and pseudonymity of the blockchain to enable pseudonymity that is hard to compromise, and the distributed consensus mechanisms provided by smart contracts to enforce fair irrefutable transactions between distrustful contractual parties.
Mike Rosulek, Morgan Shirley
ePrint ReportVery roughly speaking, we show that $f$ reduces to $g$ if and only if it does so by the simplest possible protocol: one that makes a single call to ideal $g$ and uses no further communication. Furthermore, such simple protocols can be characterized by a natural combinatorial condition on $f$ and $g$.
Looking more closely, our characterization applies only to a very wide class of $f$, and only for protocols that are deterministic or logarithmic-round. However, we give concrete examples showing that both of these limitations are inherent to the characterization itself. Functions not covered by our characterization exhibit qualitatively different properties. Likewise, randomized, superlogarithmic-round protocols are qualitatively more powerful than deterministic or logarithmic-round ones.
Christof Beierle, Anne Canteaut, Gregor Leander, Yann Rotella
ePrint ReportSuvradip Chakraborty, Chester Rebeiro, Debdeep Mukhopadhyay, C. Pandu Rangan
ePrint Report27 May 2017
Singapore University of Technology and Design (SUTD)
Job PostingI am looking for PhD interns on cyber-physical system security (IoT, autonomous vehicle, power grid, and water treatment etc.), especially on the topics such as 1) Lightweight and low-latency crypto algorithms for CPS devices, 2) Resilient authentication of devices and data in CPS, 3) Advanced SCADA firewall to filter more sophisticated attacking packets in CPS, 4) Big data based threat analytics for detection of both known and unknown threats, 5) Attack mitigation to increase the resilience of CPS. The attachment will be at least 3 months. Allowance will be provided for local expenses.
Interested candidates please send your CV with a research statement to Prof. Jianying Zhou.
Closing date for applications: 30 June 2017
Contact: jianying_zhou (at) sutd.edu.sg
More information: http://jianying.space/
26 May 2017
Daniel Jost, Ueli Maurer
ePrint ReportThis paper revisits the two problems and the above approaches and makes three contributions. First, indifferentiability, which comes with a composition theorem, is generalized to context-restricted indifferentiability (CRI) to capture settings that compose only in a restricted context. Second, we introduce a new composable notion based on CRI, called RO-CRI, to capture the security of hash functions. We then prove that a non-interactive version of RO-CRI is equivalent to the UCE framework, and therefore RO-CRI leads to natural interactive generalizations of existing UCE families. Two generalizations of split UCE-security, called strong-split CRI-security and repeated-split CRI-security, are introduced. Third, new, more fine-grained soundness properties for hash function constructions are proposed which go beyond collision-resistance and indifferentiability guarantees. As a concrete result, a new soundness property of the Merkle-Damgard construction is shown: If the compression function is strong-split CRI-secure, then the overall hash function is split secure. The proof makes use of a new lemma on min-entropy splitting which may be of independent interest.
Nina Bindel, Udyani Herath, Matthew McKague, Douglas Stebila
ePrint ReportIn this paper, we investigate the use of hybrid digital signature schemes. We consider several methods for combining signature schemes, and give conditions on when the resulting hybrid signature scheme is unforgeable. Additionally we address a new notion about the inability of an adversary to separate a hybrid signature into its components. For both unforgeability and non-separability, we give a novel security hierarchy based on how quantum the attack is. We then turn to three real-world standards involving digital signatures and PKI: certificates (X.509), secure channels (TLS), and email (S/MIME). We identify possible approaches to supporting hybrid signatures in these standards while retaining backwards compatibility, which we test in popular cryptographic libraries and implementations, noting specially the inability of some software to handle larger certificates.
Phuong Ha Nguyen, Durga Prasad Sahoo, Rajat Subhra Chakraborty, Debdeep Mukhopadhyay
ePrint ReportUniversity of Wollongong, Australia
Job Posting
This position will be expected to provide development, teaching and research within the Bachelor of Computer Science with Cyber Security major. As well as to teach and coordinate subjects within the School at both undergraduate and postgraduate levels, and contribute to research in the areas of Cyber Security, information security and cryptology.
You will be prompted to respond to the selection criteria as part of the online application process, based on the position description below. You will be able to save your application at any time and submit at a later date if required, you will only be able to do this before the closing date of the position.
For further information about this position, please contact Professor Willy Susilo on + 61 2 4221 5535.
Closing date for applications: 9 July 2017
Contact: Professor Willy Susilo (wsusilo at uow dot edu dot au)
More information: https://uowjobs.taleo.net/careersection/in/jobdetail.ftl?job=170476&tz=GMT%2B10%3A00
University of Wollongong, Australia
Job Posting
This position is expected to provide development, teaching and research within the Bachelor of Computer Science with Digital Systems Security and Master in Computer Science with major in Network and Information Security. As well as teach and coordinate subjects within the School at both undergraduate and postgraduate levels, and contribute to research in the areas of Digital Systems Security. In particular, the position will require the Lecturer/Senior Lecturer to predominantly teach and be located at the Liverpool campus.
You will be prompted to respond to the selection criteria as part of the online application process, based on the position description below. You will be able to save your application at any time and submit at a later date if required, you will only be able to do this before the closing date of the position.
For further information about this position, please contact Professor Willy Susilo on + 61 2 4221 5535.
Closing date for applications: 30 July 2017
Contact: Prof. Willy Susilo
More information: https://uowjobs.taleo.net/careersection/in/jobdetail.ftl?job=170477&tz=GMT%2B10%3A00
25 May 2017
Matthew Tamayo-Rios, Jean-Charles Faugère, Ludovic Perret, Peng Hui How, Robin Zhang
ePrint ReportMasahito Hayashi, Takeshi Koshiba
ePrint ReportXiong Fan, Feng-Hao Liu
ePrint ReportRecently, for PRE related progress, Cannetti and Honhenberger [CCS '07] defined a stronger notion -- CCA-security and construct a bi-directional PRE scheme. Later on, several work considered CCA-secure PRE based on bilinear group assumptions. Very recently, Kirshanova [PKC '14] proposed the first single-hop CCA1-secure PRE scheme based on learning with errors (LWE) assumption. For PRS related progress, Ateniese and Hohenberger [CCS'05] formalized this primitive and provided efficient constructions in the random oracle model. At CCS 2008, Libert and Vergnaud presented the first multi-hop uni-directional proxy re-signature scheme in the standard model, using assumptions in bilinear groups.
In this work, we first point out a subtle but serious mistake in the security proof of the work by Kirshanova. This reopens the direction of lattice-based CCA1-secure constructions, even in the single-hop setting. Then we construct a single-hop PRE scheme that is proven secure in our new tag-based CCA-PRE model. Next, we construct the first multi-hop PRE construction. Lastly, we also construct the first PRS scheme from lattices that is proved secure in our proposed unified security model
Daniel Apon, Xiong Fan, Feng-Hao Liu
ePrint ReportYossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, Nickolai Zeldovich
ePrint ReportAlgorand uses a new Byzantine Agreement (BA) protocol to reach consensus among users on the next set of transactions. To scale the consensus to many users, Algorand uses a novel mechanism based on Verifiable Random Functions that allows users to privately check whether they are selected to participate in the BA to agree on the next set of transactions, and to include a proof of their selection in their network messages. In Algorand's BA protocol, users do not keep any private state except for their private keys, which allows Algorand to replace participants immediately after they send a message. This mitigates targeted attacks on chosen participants after their identity is revealed.
We implement Algorand and evaluate its performance on 1,000 EC2 virtual machines, simulating up to 500,000 users. Experimental results show that Algorand confirms transactions in under a minute, achieves 30$\times$ Bitcoin's throughput, and incurs almost no penalty for scaling to more users.
Johannes Bl\"{o}mer, Gennadij Liske
ePrint Report23 May 2017
Buenos Aires, Argentina, 1 November - 3 November 2017
Event CalendarSubmission deadline: 15 July 2017
Notification: 31 August 2017
Buenos Aires, Argentina, 1 November - 3 November 2017
Event CalendarSubmission deadline: 15 June 2017
Notification: 31 July 2017
Hong Kong, Hong Kong, 30 November - 2 December 2017
Event CalendarSubmission deadline: 25 July 2017
Notification: 12 September 2017