International Association
for Cryptologic Research

The proceedings for TCC 2016-A are now available via SpringerLink. IACR members can access these proceedings for free using this access page.

The \emph{Coppersmith methods} is a family of lattice-based techniques to find small integer roots of polynomial equations. They have found numerous applications in cryptanalysis and, in recent developments, we have seen applications where the number of unknowns and the number of equations are non-constant. In these cases, the combinatorial analysis required to settle the complexity and the success condition of the method becomes very intricate.

We provide a toolbox based on \emph{analytic combinatorics} for these studies. It uses the structure of the considered polynomials to derive their generating functions and applies complex analysis techniques to get asymptotics. The toolbox is versatile and can be used for many different applications, including multivariate polynomial systems with arbitrarily many unknowns (of possibly different sizes) and simultaneous modular equations over different moduli. To demonstrate the power of this approach, we apply it to recent cryptanalytic results on number-theoretic pseudorandom generators for which we easily derive precise and formal analysis. We also present new theoretical applications to two problems on RSA key generation and randomness generation used in padding functions for encryption.

The proceedings of Crypto 2013 are now available online. The IACR retains copyright for the "camera-ready" versions of papers submitted by authors for IACR proceedings. These versions are made available to the general public in the IACR archive two years after publication. IACR members can access more recent IACR publications via Springer using this page.

The proceedings of CHES 2013 are now available online. The IACR retains copyright for the "camera-ready" versions of papers submitted by authors for IACR proceedings. These versions are made available to the general public in the IACR archive two years after publication. IACR members can access more recent IACR publications via Springer using this page.

It is well known that *inefficient* indistinguishability obfuscators (iO) with running time poly(|C|,lambda) . 2^n, where C is the circuit to be obfuscated, lambda is the security parameter, and n is the input length of C, exists *unconditionally*: simply output the function table of C (i.e., the output of C on all possible inputs). Such inefficient obfuscators, however, are not useful for applications.

We here consider iO with a slightly ``non-trivial'' notion of efficiency: the running-time of the obfuscator may still be ``trivial'' (namely, poly(|C|,lambda) . 2^n), but we now require that the obfuscated code is just slightly smaller than the truth table of C (namely poly(|C|,lambda) . 2^{n(1-epsilon)}, where epsilon >0); we refer to this notion as *iO with exponential efficiency*, or simply *exponentially-efficient iO (XiO)*. We show that, perhaps surprisingly, under the subexponential LWE assumption, subexponentially-secure XiO for polynomial-size circuits implies (polynomial-time computable) iO for all polynomial-size circuits.

The Department of Mathematical Sciences at Florida Atlantic University invites applications for a tenure-track position at the assistant professor level, starting in August 2016. FAU is home to The Center for Cryptology and Information Security, which is dedicated to original, cutting-edge research in cryptology and information security and to education and training of research students and information technology professionals. FAU is recognized as a National Center of Academic Excellence in Information Assurance/Cyber Defense Research (CAE-R) for academic years 2014-2019.

Research areas of particular interest for this position include, but are not limited to, mathematical foundations of public key cryptography, post-quantum cryptography, computational algebra, and algorithmic number theory.

Applicants must possess a Ph.D. in Mathematics or a closely related field. Candidates in all areas of cryptology and information security will be considered.

For additional information, please contact us by email to mathsearch (at) fau.edu. This position is open until filled and may close without prior notice. Priority consideration will be given to applications received by January 31, 2016. To be considered for the position, all applicants must apply and complete the Faculty, Administrative, Managerial & Professional Position Application form available online through the Office of Human Resources at: https://jobs.fau.edu. Please submit a cover letter, vita, copy of your transcript, research statement and a teaching statement through this website.

In addition, please arrange to have three letters of recommendation sent by first class mail to: Chair of the Search Committee, Department of Mathematical Sciences, Florida Atlantic University, 777 Glades Rd., Boca Raton, FL 33431 or by email to mathsearch (at) fau.edu.

A background check will be required for the candidate selected for this position.

Florida Atlantic University is an Equal Opportunity/Affirmative Action Institution. Individuals with disabilities, requiring accommodation, please call 561-297-3057. 711

Closing date for applications: 31 January 2016

Contact: Search Committee Chair, Department of Mathematical Sciences, 777 Glades RD, Boca Raton, FL 33431
Email: mathsearch (at) fau.edu
Phone: (561) 297-3340
Fax: (561) 297-2436

More information: https://jobs.fau.edu

Event date: 18 July to 21 July 2016
Submission deadline: 29 February 2016
Notification: 22 April 2016

We are looking for an excellent, motivated, self-driven PhD student to work in the area of privacy and security in cloud computing. The position is fully funded for three years and the main aim of the PhD project is to design and develop privacy-preserving protocols for cloud environments.

The successful candidate is expected to perform research on the aforementioned areas based on their experience and research interests. They must have strong background in Computer Science and/or Mathematics. They are expected to publish articles in well-known security related conferences and journals. Although all applications will be carefully evaluated, candidates with prior publications as well as research experience in the following areas are specifically encouraged to apply: cloud computing, security and privacy in cloud environments, trusted computing, applied cryptography, privacy in participatory sensing applications, and privacy in eHealth, secure e-Voting schemes and reputation systems.

Candidates should fulfil the following requirements:

• A Master degree in Computer Science or mathematics;
• Knowledge of Cryptographic Protocols;
• Cloud Computing Architecture;
• Good Academic Writing and Presentation Skills;
• Good Social and Organizational Skills;

Publications in security and privacy will be regarded as an additional merit.

The Cybersecurity group at the University of Westminster intends to increase the number of women in those areas where they are underrepresented. Therefore women are explicitly encouraged to apply.

Please note only HOME and EU students can apply for this position.

Starting Date: September 2016
Salary: £16,000/year

Closing date for applications: 15 February 2016

Contact: Informal project enquiries to Dr Antonis Michalas (a.michalas (at) westminster.ac.uk); www.amichalas.com

General enquiries to Dr Stephen Getting (s.getting (at) westminster.ac.uk) or Professor Taj Keshavarz (t.keshavarz (at) westminster.ac.uk)

More information: https://www.westminster.ac.uk/__data/assets/pdf_file/0008/396935/FST-19-Sharing-in-the-Rain-Towards-Security-and-Privacy

A simple cryptographic method, a type of columnar transposition cipher, is described which may be used in series with other methods to provide practical hybrid encryption. The method involves the use of a deterministic Cryptographic Pseudo Random Number Generator (CPRNG) to specify an unbiased random transposition of blocks of plain-text or intermediate text. The decryption process involves applying a reverse transposition at the appropriate stage. The method may be applied at a single stage or several stages. The unit of transposition may be a bit or a byte or larger block. The method, when added in series with existing encryption methods, can deter attacks which exploit known weaknesses. The method could be applied at several scales in order to obscure structures within the plain-text, e.g. at the bit level, to obscure the almost fixed transmission headers; at the computer word-level, to disguise application record structures. Two (incompatible) outline implementations are presented. One for use with a block cipher and one for use with a stream cipher The specification of necessary configuration parameters required to amend or construct a software or hardware implementation is avoided in this preliminary article

Arnold Neumaier

Recent research for efficient algorithms for solving the discrete logarithm (DL) problem on elliptic curves depends on the difficult question of the feasibility of index calculus which would consist of splitting EC points into sums of points lying in a certain subspace. A natural algebraic approach towards this goal is through solving systems of non-linear multivariate equations derived from the so called summation polynomials which method have been proposed by Semaev in 2004.

In this paper we consider a simple variant of this problem with splitting in two in binary curves. We propose an algorithm with running time of the order of 2^{n/3} for this problem. This property clearly violates the generic group assumption for these curves.

Theoretically secure cryptographic algorithms can be vulnerable to attacks due to their implementation flaws, which disclose side-channel information about the secret key. Bernstein's attack is a well known cache-timing attack which uses execution time as the side-channel. The major drawback of this attack is that it needs an identical target machine to perform its learning phase where the attacker models the cache timing-behavior of the target machine. This assumption makes the attack unrealistic in many circumstances. In this work, we present an effective method to eliminate the learning phase. We propose a methodology to model the cache timing-behavior of the target machine by hypothetical modeling. To test the validity of the proposed method, we performed the Bernstein attack and showed that, in majority of the cases, the new attack is actually superior to the original attack which uses a learning phase.

Recently, Farasha et al. proposed an efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. By using BAN-logic and AVISPA tools, they confirm the security properties of the proposed scheme. However, after analyzing, we determine that the scheme could not resist the smart card loss password guessing attack, which is one of the ten basic requirements in a secure identity authentication using smart card, assisted by Liao et al. Therefore, we modify the method to include the desired security functionality, which is significantly important in a user authentication system using smart card.

The Department of Computer Science is seeking to appoint 2 Lecturers or Senior-Lecturers in up to two of the following areas:

• Human-computer interaction and interaction design.
• Programming languages (language design and implementation).
• Software verification and validation.
• Algorithms in the context of large-scale data.

At least one of the two successful candidates will have significant expertise in cyber-security aspects of one of the above areas and will be expected to help shape the development of cyber-security teaching in our degree programmes.

Closing date for applications: 24 January 2016

More information: http://www.bristol.ac.uk/jobs/find/details.html?nPostingID=4087&nPostingTargetID=14995&option=28&sort=DESC&respnr=1&ID=Q

In ESORICS 2015, Wang et al. proposed a privacy-preserving outsourcing design for biometric identification using public cloud platforms, namely CloudBI. CloudBI introduces two designs: CloudBI-I and CloudBI-II. CloudBI-I is more efficient and CloudBI-II has stronger privacy protection. Based on the threat model of CloudBI, CloudBI-II is claimed to be secure even when the cloud service provider can act as a user to submit fingerprint information for identification. However, this security argument is not hold and CloudBI-II can be completely broken when the cloud service provider submit a small number of identification requests. In this technical report, we will review the design of CloudBI-II and introduce the security attack that can efficiently break it.

This work introduces XMSS-T, a new hash-based signature scheme with tight security. Previous hash-based signature schemes are facing a loss of security, linear in performance parameters like the total tree height. Our new scheme can use hash functions with a smaller output length at the same security level, immediately leading to a smaller signature size. XMSS-T is stateful, however, the same techniques also apply directly to the recent stateless hash-based signature scheme SPHINCS (Eurocrypt 2015), and the signature size is improved as a result.

Being a little more specific and technical, the tight security stems from new multi-target notions of hash-function properties which we define and analyze. We give precise complexity for breaking these security properties under both classical and quantum generic attacks, thus establishing a reliable estimate for the quantum security of XMSS-T. Especially, we prove quantum upper and lower bounds for the query complexity tailored for cryptographic applications, whereas standard techniques in quantum query complexity have limitations such as they usually only consider worst-case complexity. Our proof techniques may be useful elsewhere.

We also implement XMSS-T and compare its performance to that of the most recent stateful hash-based signature scheme XMSS (PQCrypto 2011).

Functional encryption (FE) supports constrained decryption keys that allow decrypters to learn specific functions of encrypted messages. In numerous practical applications of FE, confidentiality must be assured not only for the encrypted data but also for the functions for which functional keys are provided. This paper presents a non-generic simple private key FE scheme for the inner product functionality, also known as inner product encryption (IPE). In contrast to the existing similar schemes, our construction achieves the strongest indistinguishability-based notion of function privacy in the private key setting without employing any computationally expensive cryptographic tool or non-standard complexity assumption. Our construction is built in the asymmetric bilinear pairing group setting of prime order. The security of our scheme is based on the well-studied Symmetric External Diffie-Hellman (SXDH) assumption.

Key-insulated encryption is one of the effective solutions to a key exposure problem. Recently, identity-based encryption (IBE) has been used as one of fundamental cryptographic primitives in a wide range of various applications, and it is considered that the identity-based key-insulated security has a huge influence on the resulting applications. At Asiacrypt'05, Hanaoka et al. proposed an identity-based hierarchical key-insulated encryption (hierarchical IKE) scheme. Although their scheme is secure in the random oracle model, it has a ``hierarchical key-updating structure,'' which is attractive functionality that enhances key exposure resistance.

In this paper, we first propose the hierarchical IKE scheme without random oracles. Our hierarchical IKE scheme is secure under the symmetric external Diffie--Hellman (SXDH) assumption, which is known as the simple and static one. Furthermore, when the hierarchy depth is one (i.e. not hierarchical case), our scheme is the first IKE scheme that achieves constant-size parameters including public parameters, secret keys, and ciphertexts.

We formally study ``non-malleable functions'' (NMFs), a general cryptographic primitive which simplifies and relaxes ``non-malleable one-way/hash functions'' (NMOWHFs) introduced by Boldyreva et al. (ASIACRYPT 2009) and refined by Baecher et al. (CT-RSA 2010). NMFs consider deterministic functions, rather than probabilistic one-way/hash functions in the literature of NMOWHFs.

We mainly follow Baecher et al. to formalize a game-based definition. Roughly, a function $f$ is non-malleable if given an image $y^* \leftarrow f(x^*)$ for a randomly chosen $x^*$, it is hard to output a mauled image $y$ with a $\phi$ from some transformation class s.t. $y = f(\phi(x^*))$. A distinctive strengthening of our non-malleable notion is that $\phi(x^*) = x^*$ is always allowed. We also consider non-malleability in adaptive setting, which stipulates non-malleability maintains even when an inversion oracle is available.

We investigate the relations between non-malleability and one-wayness in depth. In the non-adaptive setting, we show that for any achievable transformation class, non-malleability implies one-wayness for poly-to-one functions but not vise versa. In the adaptive setting, we show that for most algebra-induced transformation class, adaptive non-malleability (ANM) is equivalent to adaptive one-wayness (AOW) for injective functions. These two results establish interesting theoretical connections between non-malleability and one-wayness for functions, which extend to trapdoor functions as well, and thus resolve some open problems left by Kiltz et al. (EUROCRYPT 2010). Notably, the implication AOW $\Rightarrow$ ANM not only yields constructions of NMFs from adaptive trapdoor functions, which partially solves an open problem posed by Boldyreva et al (ASIACRYPT 2009), but also provides key conceptual insight into addressing copy attacks in the context of related-key attacks (RKA).

Finally, we show that NMFs lead to a simple black-box construction of continuous non-malleable key derivation functions recently proposed by Qin et al. (PKC 2015), which have proven to be very useful in achieving RKA-security for numerous cryptographic primitives.

Test generation for \emph{Hardware Trojan Horses} (HTH) detection is extremely challenging, as Trojans are designed to be triggered by very rare logic conditions at internal nodes of the circuit. In this paper, we propose a \textit{Genetic Algorithm} (GA) based Automatic Test Pattern Generation (ATPG) technique, enhanced by automated solution to an associated \textit{Boolean Satisfiability} problem. The main insight is that given a specific internal trigger condition, it is not possible to attack an arbitrary node (payload) of the circuit, as the effect of the induced logic malfunction by the HTH might not get propagated to the output. Based on this observation, a fault simulation based framework has been proposed, which enumerates the feasible payload nodes for a specific triggering condition. Subsequently, a compact set of test vectors is selected based on their ability to detect the logic malfunction at the feasible payload nodes, thus increasing their effectiveness. Test vectors generated by the proposed scheme were found to achieve higher detection coverage over large population of HTH in ISCAS benchmark circuits, compared to a previously proposed logic testing based Trojan detection technique.