International Association
for Cryptologic Research

Signal security aims to prevent the adversary from copying communication signals---so it is with quantum cryptography. Information security focuses on preventing the adversary from knowing plaintext or cheating users---so it is with classical cryptography. Communication reliability means that the intended receiver can recover the right communication signals sent by the sender.

In this note, we stress that in the presence of an adversary quantum cryptography can do nothing except for detecting the presence, because the intrusion of adversary has to disturb communication signals so that the intended receiver can not recover the right signals. But classical cryptography works well in the presence of eavesdropping although it cannot detect it. We also remark that in the past decades the functionality of quantum cryptography to detect eavesdropping has been overstated. The plan to build a large quantum photonic network is infeasible.

A garbling scheme is used to garble a circuit $C$ and an input $x$ in a way that reveals the output $C(x)$ but hides everything else. In many settings, the circuit can be garbled off-line without strict efficiency constraints, but the input must be garbled very efficiently on-line, with much lower complexity than evaluating the circuit. Yao's scheme has essentially optimal on-line complexity, but only achieves selective security, where the adversary must choose the input $x$ prior to seeing the garbled circuit. It has remained an open problem to achieve adaptive security, where the adversary can choose $x$ after seeing the garbled circuit, while preserving on-line efficiency.

In this work, we modify Yao's scheme in a way that allows us to prove adaptive security under one-way functions. As our main instantiation, we get a scheme where the on-line complexity is only proportional to the width $w$ of the circuit, which corresponds to the space complexity of the computation, but is independent of the circuit's depth $d$. Alternately, we can also get an instantiation where the on-line complexity is only proportional to the input/output size and the depth $d$ of the circuit but independent of its width $w$, albeit in this case we incur a $2^{O(d)}$ security loss in our reduction. More broadly, we relate the on-line complexity of adaptively secure garbling schemes in our framework to a certain type of pebble complexity of the circuit.

As our main tool, of independent interest, we develop a new notion of somewhere equivocal encryption, which allows us to efficiently equivocate on a small subset of the message bits.

A longstanding problem in cryptography is the generation of publicly verifiable randomness. In particular, public verifiability allows to generate parameters for a cryptosystem in a way people can legitimately trust. There are many examples of standards using arbitrary constants which are now challenged and criticized for this reason, some of which even being suspected of containing a trap. Several sources of public entropy have already been proposed such as lotteries, stock market prices, the bitcoin blockchain, board games, or even Twitter and live webcams.

In this article, we propose a way of combining lotteries from several different countries that requires an adversary to manipulate several independent draws in order to introduce a trap in the generated cryptosystem. Each and every time a new source of public entropy is suggested, it receives its share of criticism for being "easy to manipulate". We do not expect our solution to be an exception on this aspect, and will gladly receive any suggestion allowing to increase the confidence in the cryptosystem parameters we generate.

Our method allows to build what we call a \pvr, from which we extract a \seed that is used to instantiate and initialize a Blum-Blum-Shub random generator. We then use the binary stream produced by this generator as an input to a filtering function which deterministically outputs secure and uniformly distributed parameters from uniform bitstreams.

We apply our methodology to the ECDH cryptosystem, and propose the \emph{Million Dollar Curve} as an alternative to curves P-256 and Curve25519.

LaMacchia, Lauter and Mityagin presented a strong security model for authenticated key agreement, namely the eCK model. They also constructed a protocol, namely the NAXOS protocol, that enjoys a simple security proof in the eCK model. However, the NAXOS protocol uses a random-oracle-based technique to combine the long-term secret key and the per-session-randomness; so-called NAXOS- trick, in order to achieve the eCK security definition. For NAXOS-trick-based protocols, the leakage of per-session-randomness modelled in the eCK model is somewhat unnatural, because the eCK model leaks per-session-randomness, while the output of the NAXOS-trick computation remains safe. In this work, we present a standard model eCK-secure protocol construction, eliminating the NAXOS-trick. Moreover, our protocol is a generic constructions, which can be instantiated with arbitrary suitable cryptographic primitives. Thus, we present a generic eCK-secure, NAXOS-free, standard model key exchange protocol. To the best of our knowledge this is the first paper on generic transformation of a CCA2-secure public key encryption scheme to an eCK-secure key exchange protocol in the standard model.

There are a variety of ways of applying the Karatsuba idea to multi-digit multiplication. These apply particularly well in the context where digits do not use the full word-length of the computer, so that partial products can be safely accumulated without fear of overflow. Here we re-visit the ``arbitrary degree'' version of Karatsuba and show that the cost of this little-known variant has been over-estimated in the past. We also attempt to definitively answer the question as to the cross-over point where Karatsuba performs better than the classic method.

Direct Anonymous Attestation (DAA) is one of the most complex cryptographic algorithms that has been deployed in practice. In spite of this, and the long body of work on the subject, there is still no fully satisfactory security definition for DAA. This was already acknowledged by Bernard et al. (IJIC'13) who showed that in existing models even fully insecure protocols may be deemed secure. Bernard et al. therefore proposed an extensive set of security games, which however aimed only at a simplified setting, termed pre-DAA. In pre-DAA the host platform that runs the TPM is assumed to be trusted too. Consequently, their notion does not guarantee any security if the TPM is embedded in a potentially corrupt host, which is a significant restriction. In this paper, we give a comprehensive security definition for full DAA in the form of an ideal functionality in the Universal Composability model. Our definition considers the host and TPM to be individual entities that can be in different corruption states. None of the existing DAA schemes immediately satisfies our strong security notion, and we therefore also propose a realization that is based on a DAA scheme supported by the TPM 2.0 standard and rigorously prove it secure in our model.

Recently, Coron presented an attack of GGH15 multilinear maps, which breaks the multipartite Diffie-Hellman key exchange protocol based on GGH15. In this paper, we describe a variation of GGH15, which seems to thwart known attacks.

Job Responsibilities

• To develop cryptographic protocols and schemes.
• To develop secure cloud computing systems.
• To design, analyze and implement security systems and e-commerce systems.

Requirements:

• Master’s degree in Computer Science, Electronic Engineering or other relevant disciplines with 3+ years experience; less experience for PhD holders.
• Experience in cryptographic system design and cryptanalysis.
• Deep knowledge on number theory and security proofs.
• Hands-on experience with C/C++ and Java.
• Preferably having experiences on using cryptographic libraries such as OpenSSL, MIRACL, PBC, etc.
• Experience in developing cloud computing systems an advantage, but not a must.
• Strong interpersonal and communications skills.
• Good command of both written and spoken English.

Closing date for applications: 15 January 2016

Contact: charlenechoo (at) astri.org

More information: http://www.astri.org

In this paper we prove that there are only differential 4-uniform functions which are on distance 1 from an APN function. Also we prove that there are no APN functions of distance 1 from another APN functions up to dimension 5. We determine some properties of the set of values of an arbitrary vectorial Boolean function from F_n^2 to F_n^2 in connection to the set of values of its derivatives. These results are connected to several open question concerning metric properties of APN functions.

A manufacturer of custom hardware (an ASIC) can undermine the intended execution of that hardware; high-assurance execution thus requires controlling the manufacturing chain. However, a trusted platform might be orders of magnitude worse in performance or price than an advanced, untrusted platform. This paper explores an alternative: using verifiable computation (VC), an untrusted ASIC computes proofs of correct execution, which are verified by a trusted processor or ASIC. Notably, in the present setting, the prover and verifier together must impose less overhead than the baseline alternative of running the given computation directly on the trusted platform. We respond to this challenge by designing and implementing physically realizable, area-efficient, high throughput ASICs (for a prover and verifier), in fully synthesizable Verilog. The system, called Zebra, is based on the CMT interactive proof protocol; instantiating Zebra required a blend of new observations about CMT, careful hardware design, and attention to architectural challenges. We measure and evaluate Zebra; for a class of real computations, it indeed poses less overhead than executing directly on the trusted platform.

Quantum cryptography is the art and science of exploiting quantum mechanical effects in order to perform cryptographic tasks. While the most well-known example of this discipline is quantum key distribution (QKD), there exist many other applications such as quantum money, randomness generation, secure two- and multi-party computation and delegated quantum computation. Quantum cryptography also studies the limitations and challenges resulting from quantum adversaries---including the impossibility of quantum bit commitment, the difficulty of quantum rewinding and the definition of quantum security models for classical primitives.

In this review article, aimed primarily at cryptographers unfamiliar with the quantum world, we survey the area of theoretical quantum cryptography, with an emphasis on the constructions and limitations beyond the realm of QKD.

We provide further evidence that implementing software countermeasures against timing attacks is a non-trivial task and requires domain-specific software development processes: we report an implementation bug in the S2N library, recently released by AWS Labs. This bug (now fixed) allowed bypassing the balancing countermeasures against timing attacks deployed in the implementation of the MAC-then-Encode-then-CBC-Encrypt (MEE-CBC) component, creating a timing side-channel similar to that exploited by Lucky 13.

Although such an attack could only be launched when the MEE-CBC component is used in isolation - Albrecht and Paterson recently confirmed in independent work that S2N's second line of defence provides adequate mitigation - its existence shows that conventional software validation processes are not being effective in this domain. To solve this problem, we define a methodology for proving security of implementations in the presence of timing attackers: first, prove black-box security of an algorithmic description of a cryptographic construction; then, establish functional correctness of an implementation with respect to the algorithmic description; and finally, prove that the implementation is leakage secure.

We present a proof-of-concept application of our methodology to MEE-CBC, bringing together three different formal verification tools to produce an assembly implementation of this construction that is verifiably secure against adversaries with access to some timing leakage. Our methodology subsumes previous work connecting provable security and side-channel analysis at the implementation level, and supports the verification of a much larger case study. Our case study itself provides the first provable security validation of complex timing countermeasures deployed, for example, in OpenSSL.

Wireless sensors attracts increasingly attention from both academia and industry owing to emerging applications built upon them such as Internet of Things, smart home, E-Health, and etc. It becomes a concern that the sensed value should be trusted in such applications scenarios. The security of the sensor used to resort to traditional cryptographic techniques, which, however, only provides limited protection by virtue of its vulnerability to physical attacks and may not economically viable. In this paper, we propose a new sensing methodology making remote sensing highly secure. In particular, we facilitate the susceptibility of physical unclonable function (PUF) to ambient environment variations, acting as a PUF sensor, to grantee the veracity of the sensing value even the PUF sensor is located in an untrusted remote location and the communication channel is also insecure without implementing relatively expensive crypto module. The PUF sensor is cost-efficient and most importantly anti-counterfeiting, while offers high level security. We demonstrate the practicability of the PUF sensor based on experimental implementations. In addition, we show that the extended sensing functionality of a PUF is actually improving PUF's resistance against modeling attacks.

A new security protocol of {\it virtual proof of reality} (VP) is recently proposed by Ruhrmair {\it et al.} The VP allows one party, the prover, making a physical statement to the other party, the verifier, over a digital communication channel without using any secret keys except the message sent between these two parties. The physical statement could be a physical feature---eg. temperature---or phenomena---eg. destruction---of the hardware in the prover's system. We present two applications---secure key exchange and secure goods supply chain---building on the VP of temperature, location, and destruction. Moreover, we experimentally demonstrate the first electrical circuit-based VP of destruction through the proposed hardware security primitive---a hybrid memristor and physical unclonable function (memristor-PUF) architecture, which takes advantage of the PUF extracted from static variations of CMOS devices inherent to the fabrication process and dynamic variations attributed to switching variabilities of nano memristors.

In the setting of secure multiparty computation, a set of mutually distrusting parties wish to securely compute a joint function. It is well known that if the communication model is asynchronous, meaning that messages can be arbitrarily delayed by an unbounded (yet finite) amount of time, secure computation is feasible if and only if at least two-thirds of the parties are honest, as was shown by Ben-Or, Canetti, and Goldreich [STOC'93] and by Ben-Or, Kelmer, and Rabin [PODC'94]. The running-time of all currently known protocols depends on the function to evaluate. In this work we present the first asynchronous MPC protocol that runs in constant time.

Our starting point is the asynchronous MPC protocol of Hirt, Nielsen, and Przydatek [Eurocrypt'05, ICALP'08]. We integrate \emph{threshold fully homomorphic encryption} in order to reduce the interactions between the parties, thus completely removing the need for the expensive \emph{king-slaves} approach taken by Hirt et al.. Initially, assuming an honest majority, we construct a constant-time protocol in the asynchronous Byzantine agreement (ABA) hybrid model. Using a concurrent ABA protocol that runs in constant expected time, we obtain a constant expected time asynchronous MPC protocol, secure facing static malicious adversaries, assuming t<n/3.

In this paper the Security Evaluated Standardized Password Authenticated Key Exchange (SESPAKE) protocol is proposed (this protocol is approved in the standardization system of the Russian Federation) and its cryptographic properties are analyzed. The SESPAKE protocol includes a key agreement step and a key authentication step. We define new indistinguishability-based adversary model with a threat of false authentication that is an extension of the original indistinguishability-based model up to the case of protocols with authentication step without key diversification. We prove the protocol security under two types of threats: a classic threat of distinguishing a generated session key from a random string and a threat of false authentication. This protocol is the first password authenticated key exchange protocol (PAKE) protocol without key diversification for a full version of which a security proof has been obtained. The paper also contains a brief review of the known results dedicated to analysis of cryptographic properties of PAKE protocols.

Enumeration of cryptographic keys in order of likelihood based on side-channel leakages has a significant importance in cryptanalysis. Previous algorithms enumerate the keys in optimal order, however their space complexity is $\Omega(n^{d/2})$ when there are d subkeys and n candidate values per subkey. We propose a new key enumeration algorithm that has a space complexity bounded by $O(d^2 w+dn)$, when w is a design parameter, which allows the enumeration of many more keys without exceeding the available space. The trade-off is that the enumeration order is only near-optimal, with a bounded ratio between optimal and near-optimal ranks.

Before presenting our algorithm we provide bounds on the guessing entropy of the full key in terms of the easy-to-compute guessing entropies of the individual subkeys. We use these results to quantify the near-optimality of our algorithm's ranking, and to bound its guessing entropy. We evaluated our algorithm through extensive simulations. We show that our algorithm continues its near-optimal-order enumeration far beyond the rank at which the optimal algorithm fails due to insufficient memory, on realistic SCA scenarios. Our simulations utilize a new model of the true rank distribution, based on long tail Pareto distributions, that is validated by empirical data and may be of independent interest.

We construct a constant-round leakage-resilient zero-knowledge argument system under the existence of collision-resistant hash function family. That is, using collision-resistant hash functions, we construct a constant-round zero-knowledge argument system such that for any cheating verifier that obtains arbitrary amount of leakage of the prover's state, there exists a simulator that can simulate the adversary's view by obtaining at most the same amount of leakage of the witness. Previously, leakage-resilient zero-knowledge protocols were constructed only under a relaxed security definition (Garg-Jain-Sahai, CRYPTO'11) or under the DDH assumption (Pandey, TCC'14).

Our leakage-resilient zero-knowledge argument system satisfies an additional property that it is simultaneously leakage-resilient zero-knowledge, meaning that both zero-knowledgeness and soundness hold in the presence of leakage.

We revisit the notions of cryptographic anonymity and share unpredictability in secret sharing, introducing more systematic and fine grained definitions. We derive tight negative and positive results characterizing access structures with respect to the generalized definitions.

Invalid curve attacks are a well-known class of attacks against implementations of elliptic curve cryptosystems, in which an adversary tricks the cryptographic device into carrying out scalar multiplication not on the expected secure curve, but on some other, weaker elliptic curve of his choosing. In their original form, however, these attacks only affect elliptic curve implementations using addition and doubling formulas that are independent of at least one of the curve parameters. This property is typically satisfied for elliptic curves in Weierstrass form but not for newer models that have gained increasing popularity in recent years, like Edwards and twisted Edwards curves. It has therefore been suggested (e.g. in the original paper on invalid curve attacks) that such alternate models could protect against those attacks.

In this paper, we dispel that belief and present the first attack of this nature against (twisted) Edwards curves, Jacobi quartics, Jacobi intersections and more. Our attack differs from invalid curve attacks proper in that the cryptographic device is tricked into carrying out a computation not on another elliptic curve, but on a group isomorphic to the multiplicative group of the underlying base field. This often makes it easy to recover the secret scalar with a single invalid computation.

We also show how our result can be used constructively, especially on curves over random base fields, as a fault attack countermeasure similar to Shamir's trick.