IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
13 September 2015
R\\\'emi G\\\'eraud, Diana-Stefania Maimut, David Naccache, Rodrigo Portella do Canto, Emil Simion
ePrint ReportError correction codes (ECCs) are deployed in digital communication systems to enforce transmission accuracy. BCH codes are a particularly popular ECC family. This paper generalizes Barrett\'s modular reduction to polynomials to speed-up BCH ECCs. A BCH$(15,7,2)$ encoder was implemented in Verilog and synthesized. Results show substantial improvements when compared to traditional polynomial reduction implementations. We present two BCH code implementations (regular and pipelined) using Barrett polynomial reduction. These implementations, are respectively 4.3 and 6.7 faster than an improved BCH LFSR design.
The regular Barrett design consumes around 53$\\%$ less power than the BCH LFSR design, while the faster pipelined version consumes 2.3 times more power than the BCH LFSR design.
Carmit Hazay, Antigoni Polychroniadou, Muthuramakrishnan Venkitasubramaniam
ePrint ReportIn this work we focus our attention on two important complexity measures of token-based secure computation: round complexity and hardness assumptions and present the following results in the two-party setting:
(1) A round optimal generic secure protocol in the plain model assuming one-way functions, where the tokens are created by a single party.
(2) A round optimal generic UC secure protocol assuming one-way functions.
Our constructions only make black-box use of the underlying primitives and are proven in the real/ideal paradigm with security in the presence of static malicious adversaries.
COSIC - KU Leuven
Job PostingIt is not known how to design cryptographic algorithms that remain secure if the attacker has also access to the intermediate results. Therefore, the current research concentrates on implementation techniques that ensure that the intermediate results of the cryptographic algorithm are statistically independent of the secret key.
A new method to construct provably secure against side-channel attacks implementations (called Threshold Implementation) has been proposed by researchers from COSIC. The approach is based on secret sharing and multi-party computation methods. Proof-of-concept implementations have been proposed already for several ciphers including Present and AES.
We can prove security against attacks that are based on correlating a secret variable to the expected values of the power consumption or any other side-channel of a device.
Research
Currently, we are investigating how we can achieve security against more advanced attacks. The research combines mathematical methods and insights with statistical methods and circuit design techniques. We are also interested to learn how our approach will be affected by the use of future technologies, which can further scale down cost and power while allowing more signal processing complexity.
The student will research issues related to one or more of the following work-packages:
1. Extending the mathematical framework of the Threshold Implementation approach,
2. Assessing real-life effects that occur in modern CMOS technologies, when countermeasures are applied,
3. Determining the overhead introduced by our protection measures and to evaluate its cost and effectiveness by doing experiments in an emerging technology.
11 September 2015
IOT Business Unit, ARM Ltd
Job PostingThe ideal candidate will have a strong interest in security and cryptography as well as the emerging field of IoT devices. You will have the opportunity to help us deliver a vital part of future IoT devices, helping to ensure they will stay robust and secure.
The role offers unique challenges working in a new business space where you can help shape the future of IoT and the security of these emerging technologies.
10 September 2015
Tel Aviv, Israel, January 4 - January 7
Event CalendarLocation: Tel Aviv, Israel
More Information: http://crypto.biu.ac.il/6th-biu-winter-school
Northern Arizona University
Job PostingThe School of Informatics, Computing, and Cyber Systems (SICCS) at Northern Arizona University invites applications from exceptional candidates for multiple tenured and tenure-track positions at all levels. These faculty positions will support a multi-year hiring initiative with a focus on the application of computing to key areas of national need. These positions are research-centric with a long-term institutional commitment to ensuring low teaching loads.
Exceptional candidates or coordinated group applications for highly desirable cluster hires in all SICCS areas are encouraged to apply. Specific areas of interest include:
- Cybersecurity, including trustworthy systems, data provenance, attack awareness, next generation defensive measures, mobile and cloud security, and usable security.
- Heterogeneous and reconfigurable systems, including software engineering methodologies, self-* systems and frameworks, machine learning and inference, and distributed and decentralized systems.
- Cyber-physical systems, including large-scale wireless and sensor networks, decentralized architectures, and ubiquitous computing.
- Big Data and data science, including data mining and machine learning, high-performance and cloud computing, natural language processing, and data visualization.
Minimum qualifications include a PhD or equivalent degree in an area of interest by August 22, 2016. See details at nau.edu/Human-Resources/Careers/Faculty-and-Administrator-Openings under Job ID 602174 (direct link: https://goo.gl/r3mxR6)
Chalmers University of Technology, Sweden
Job PostingThe PhD student will join Katerina Mitrokotsa’s group and will be funded by a project funded by the Swedish research council focusing on security and privacy issues in resource constrained devices.
The PhD student is expected to have a MSc degree or equivalent, and strong background in mathematics and/or theoretical computer science, with some background in cryptography.
Successful candidates will help to design and evaluate cryptographically reliable and privacy-preserving authentication protocols.
The position is fully funded for five years.
For any inquiries or to apply for the positions, submit a full research curriculum-vitae (cv), names of two references, and a research statement to Prof. Katerina Mitrokotsa (aikmitr (at) chalmers.se).
The call for expressions of interest will remain open until a suitable candidate is appointed
09 September 2015
KAIST – Daejeon, Korea
Job PostingConditions
- The candidates are expected to perform valuable research in the area of PQC
- Knowledge of PQC is recommended to apply this job.
- It is recommended to have experience in building cryptography primitives based on the hardness of quantum-resistant problems.
- The applicants should be fluent in written and spoken English for communications, but they don’t need to be fluent in Korean.
Please send your inquiries and CV to Kwangjo Kim (kkj (at) kaist.ac.kr)
08 September 2015
Forum Post
Dennis Hofheinz, Christian Matt, Ueli Maurer
ePrint ReportQuite surprisingly, we show that existing security definitions for IBE are not sufficient to realize DCC. In fact, it is impossible to do so in the standard model. We show, however, how to adjust any IBE scheme that satisfies the standard security definition IND-ID-CPA to achieve this goal in the random oracle model.
We also show that the impossibility result can be avoided in the standard model by considering a weaker ideal system that requires all users to be registered in an initial phase before any messages are sent. To achieve this, a weaker security notion, which we introduce and call IND-ID1-CPA, is actually sufficient. This justifies our new security definition and might open the door for more efficient schemes. We further investigate which ideal systems can be realized with schemes satisfying the standard notion and variants of selective security.
As a contribution of independent interest, we show how to model features of an ideal system that are potentially available to dishonest parties but not guaranteed, and which such features arise when using IBE.
Elette Boyle, Moni Naor
ePrint ReportWe revisit the lower bound on the overhead required to obliviously simulate programs, due to Goldreich and Ostrovsky. While the lower bound is fairly general, including the offline case, when the simulator is given the reads and writes ahead of time, it does assume that the simulator behaves in a \"balls and bins\" fashion. That is, the simulator must act by shuffling data items around, and is not allowed to have sophisticated encoding of the data.
We prove that for the offline case, showing a lower bound without the above restriction is related to the size of the circuits for sorting. Our proof is constructive, and uses a bit-slicing approach which manipulates the bit representations of data in the simulation. This implies that without obtaining yet unknown superlinear lower bounds on the size of such circuits, we cannot hope to get lower bounds on offline (unrestricted) ORAMs.
Christine Jost, Ha Lam, Alexander Maximov, Ben Smeets
ePrint ReportIn this article, we study the encryption performance of the Paillier cryptosystem, a partially homomorphic cryptosystem that allows to perform sums on encrypted data without having to decrypt first. With a combination of both new and known methods, we increase the encryption performance by orders of magnitude compared to a na\\\"ive implementation. The new methods reduce the bottleneck of noise calculation by using pre-computed noise to generate new noise in a much faster way than by using standard methods.
Alexander Koch, Stefan Walzer, Kevin Härtel
ePrint Reportfamous \"five-card trick\", which is a secure two-party AND protocol using five cards. However, the output of the protocol is revealed in the process and it is therefore not suitable for general circuits with
hidden intermediate results. To overcome this limitation, protocols in committed format, i.e., with concealed output, have been introduced, among them the six-card AND protocol of (Mizuki and Sone, FAW 2009). In their paper, the authors ask whether six cards are minimal for committed format AND protocols.
We give a comprehensive answer to this problem: there is a four-card AND protocol with a runtime that is finite in expectation (i.e., a Las Vegas protocol), but no protocol with finite runtime. Moreover, we show that five cards are sufficient for finite runtime. In other words, improving on (Mizuki, Kumamoto and Sone, ASIACRYPT 2012) \"The Five-Card Trick can be done with four cards\", our results can be stated as \"The Five-Card Trick can be done in committed format\" and furthermore it \"can be done with four cards in Las Vegas committed format\".
By devising a Las Vegas protocol for any $k$-ary boolean function using $2k$ cards, we address the open question posed by
(Nishida et al., TAMC 2015) on whether $2k+6$ cards are necessary for computing any $k$-ary boolean function. For this we use the shuffle abstraction as introduced in the computational model of card-based protocols in (Mizuki and Shizuya, Int.~J.~Inf.~Secur., 2014). We augment this result by a discussion on implementing such general shuffle operations.
Shai Halevi
ePrint ReportTurning to security, we describe zeroizing attacks on the GGH15 scheme, similar to those described by Cheon et al. (EUROCRYPT 2015) and Coron et al. (CRYPTO 2015) on the CLT13 and GGH13 constructions. As far as we know, however, these attacks to not break the GGH15 multi-partite key-agreement protocol. We also describe a new multi-partite key-agreement protocol using the GGH13 scheme, which also seems to resist known attacks. That protocol suggests a relatively simple hardness assumption for the GGH13 scheme, that we put forward as a target for cryptanalysis.
Michel Abdalla, Fabrice Benhamouda, Alain Passelègue
ePrint Report
Stefano Tessaro
ePrint Reportmodels where one or more underlying components (e.g., a function or
a permutation) are {\\em ideal} (i.e., randomly chosen). This paper
addresses the question of finding {\\em new} constructions achieving
the highest possible security level under minimal assumptions in
such ideal models.
We present a new block-cipher construction, derived from the
Swap-or-Not construction by Hoang et al. (CRYPTO \'12). With $n$-bit
block length, our construction is a secure pseudorandom permutation
(PRP) against attackers making $2^{n - O(\\log n)}$ block-cipher
queries, and $2^{n - O(1)}$ queries to the underlying component
(which has itself domain size roughly $n$). This security level is
nearly optimal. So far, only key-alternating ciphers have been known
to achieve comparable security levels using $O(n)$ independent
random permutations. In contrast, here we only assume that a {\\em
single} {\\em function} or {\\em permutation} is available, while
achieving similar efficiency.
Our second contribution is a generic method to enhance a block
cipher, initially only secure as a PRP, to achieve related-key
security with comparable quantitative security.
Tatsuaki Okamoto, Krzysztof Pietrzak, Brent Waters, Daniel Wichs
ePrint ReportThe prior constructions of SSB hashing and positional accumulators required fully homomorphic encryption (FHE) and iO respectively. In this work, we give new constructions of these tools based on well studied number-theoretic assumptions such as DDH, Phi-Hiding and DCR, as well as a general construction from lossy/injective functions.
Mohammad Hajiabadi, Bruce M. Kapron
ePrint Report
07 September 2015
Singapore, Singapore, September 27 - September 29
Event CalendarLocation: Singapore, Singapore
More Information: http://www1.spms.ntu.edu.sg/~diac2015/
06 September 2015
Felix Heuer, Eike Kiltz, Krzysztof Pietrzak
ePrint ReportIn this paper we give a reduction whose loss is quantified via the dependence graph (where message dependencies correspond to edges) of the underlying message distribution. In particular, for some concrete distributions including Markov distributions, our reduction is polynomial.