IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
16 February 2016
University College Cork, Ireland
Applications are invited for a fixed-term post-doctoral researcher position (Security in Cyber Physical Systems) at University College Cork, Ireland. The position is within the the Security Group in the Department of Computer Science in conjunction with the recently established CONNECT Research Centre. The researcher will be part of the IRC/Chist-ERA programme funded project DYPOSIT: Dynamic Policies for Shared Cyber-Physical Infrastructures Under Attack. This project is being undertaken in collaboration with the Lancaster University, UK and Katholieke Universiteit Leuven, Belgium.
DYPOSIT will investigate the problem of large, shared cyber physical systems under attack. The project will consider the challenge of dynamically formulating and adapting security controls, rapidly and on-demand, in the face of unfolding attacks on a shared cyber physical system fabric integrating multiple applications run by a variety of stakeholders. The Post-Doctoral Researcher will primarily contribute to the development and implementation of a distributed security model for cyber physical systems in which trade-offs between threats, controls and other constraints, can be reasoned about in managing security policy deployment.
Applications are invited from those with a PhD qualification and publications in a directly relevant area. Applicants with a background in Computer Security and who are interested in developing research experience in cyber-physcial systems, or applicants with background in the modeling and reasoning about systems/networks and are interested in developing research experience in cyber-physcial systems security, are also invited to apply.
Informal enquiries should be addressed to Dr. Simon Foley, Department of Computer Science, University College Cork, Ireland (http://security.ucc.ie/foley).
Closing data is March 4, 2016. More information, post requirements and application details at:
http://www.ucc.ie/en/hr/vacancies/research/full-details-611543-en.html
Closing date for applications: 4 March 2016
Jeremiah Blocki, Hong-Sheng Zhou
Stanislaw Jarecki, Aggelos Kiayias, Hugo Krawczyk, Jiayu Xu
We show the most efficient Password-Protected Secret Sharing (PPSS) to date (and its implied Threshold-PAKE scheme), which is optimal in round communication as in Jarecki et al [JKK14] but which improves computation and communication complexity over that scheme requiring a single per-server exponentiation for the client and a single exponentiation for the server. As with the schemes from [JKK14] and Camenisch et al [CLLN14], we do not require secure channels or PKI other than in the initialization stage.
We prove the security of our PPSS scheme in the Universally Composable (UC) model. For this we present a UC definition of PPSS that relaxes the UC formalism of [CLLN14] in a way that enables more efficient PPSS schemes (by dispensing with the need to extract the user's password in the simulation) and present a UC-based definition of Oblivious PRF (OPRF) that is more general than the (Verifiable) OPRF definition from [JKK14] and is also crucial for enabling our performance optimization.
Lilya Budaghyan, Claude Carlet, Tor Helleseth, Nian Li
Mihir Bellare, Daniel J. Bernstein, Stefano Tessaro
Igor Semaev
Shota Yamada
As a side result, based on a similar idea, we construct an attribute-based encryption scheme for branching programs that simultaneously satisfies the following properties for the first time: Our scheme achieves compact secret keys, the security is proven under the LWE assumption with polynomial approximation factors, and the scheme can deal with unbounded length branching programs.
Jung Hee Cheon, Jinhyuck Jeong, Changmin Lee
In GGH scheme, which is the first candidate of a (approximate) multilinear map, the algorithm, using any encodings, can be directly applied to obtain the any secret elements. Recently, the GGH scheme was known to be insecure by so called zeroizing attack {HJ15}, when an encoding of zero is published. Hence, this work leads to showing that GGH scheme without an encoding of zero is also insecure.
Shoukat Ali, Murat Cenk
Ignacio Cascudo, Ivan Damgård, Bernardo David, Nico Döttling, Jesper Buus Nielsen
Emmanuel Volte, Val\'erie Nachef, Nicolas Marri\`ere
15 February 2016
Jung Hee Cheon, Pierre-Alain Fouque, Changmin Lee, Brice Minaud, Hansol Ryu
This article presents two polynomial attacks on the CLT15 multilinear map, which share ideas similar to the cryptanalysis of CLT13. Our attacks allow recovery of all secret parameters in time polynomial in the security parameter, and lead to a full break of the CLT15 multilinear map for virtually all applications.
Michael T. Goodrich, Evgenios M. Kornaropoulos, Michael Mitzenmacher, Roberto Tamassia
There are two flavors of history-independence. In a weakly history-independent data structure, every possible sequence of operations consistent with the current set of items is equally likely to have occurred. In a strongly history-independent data structure, items must be stored in a canonical way, i.e., for any set of items, there is only one possible memory representation. Strong history-independence implies weak history-independence but considerably constrains the design choices of the data structures.
In this work, we present and analyze an efficient hash table data structure that simultaneously achieves the following properties: It is based on the classic linear probing collision-handling scheme. It is weakly history-independent. It is secure against collision-timing attacks. That is, we consider adversaries that can measure the time for an update operation, but cannot observe data values, and we show that those adversaries cannot learn information about the items in the table. All operations are significantly faster in practice (in particular, almost 2x faster for high load factors) than those of the commonly used strongly history-independent linear probing method proposed by Blelloch and Golovin (FOCS07), which is not secure against collision-timing attacks.
The first property is desirable for ease of implementation. The second property is desirable for the sake of maximizing privacy in scenarios where the memory of the hash table is exposed, such as post-election audit of DRE voting machines or direct memory access (DMA) attacks. The third property is desirable for maximizing privacy against adversaries who do not have access to memory but nevertheless are capable of accurately measuring the execution times of data structure operations. To our knowledge, our hash table construction is the first data structure that combines history-independence and protection against a form of timing attacks.
Claude Carlet
Shahram Rasoolzadeh, Håvard Raddum
Itai Dinur
In this paper, we develop new algorithms for cryptanalysis of hash combiners and use them to devise the first second preimage attack on the concatenation combiner. The attack finds second preimages faster than $2^n$ for messages longer than $2^{2n/7}$ and has optimal complexity of $2^{3n/4}$. This shows that the concatenation of two Merkle-Damg{\aa}rd hash functions is not as strong a single ideal hash function.
Our methods are also applicable to other well-studied combiners, and we use them to devise a new preimage attack with complexity of $2^{2n/3}$ on the XOR combiner $H_1(M) \oplus H_2(M)$ of two Merkle-Damg{\aa}rd hash functions. This improves upon the attack by Leurent and Wang (presented at Eurocrypt 2015) whose complexity is $2^{5n/6}$ (but unlike our attack is also applicable to HAIFA hash functions).
Our algorithms exploit properties of random mappings generated by fixing the message block input to the compression functions of $H_1$ and $H_2$. Such random mappings have been widely used in cryptanalysis, but we exploit them in new ways to attack hash function combiners.
Loubna Ghammam, Emmanuel Fouotsa
14 February 2016
Chalmers University of Technology, Sweden
The PhD student is expected to have a MSc degree or equivalent, and strong background in mathematics and/or theoretical computer science, with some background in cryptography.
The position is fully funded for five years. The call for expressions of interest will remain open until a suitable candidate is appointed.
For any inquiries or to apply for the position, submit a full research curriculum-vitae (cv), names of two references, and a research statement to Prof. Katerina Mitrokotsa (aikmitr@ chalmers.se) clearly indicating the position sought.
Successful candidates will help to design and evaluate cryptographically reliable and privacy-preserving authentication protocols.
Closing date for applications: 15 March 2016
Contact: Katerina Mitrokotsa
Associate Professor
Chalmers University of Technology
Department of Computer Science and Engineering
Göteborg, Sweden
More information: http://www.chalmers.se/en/about-chalmers/vacancies/Pages/default.aspx?rmpage=job&rmjob=3333
13 February 2016
Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer
By measuring the target's electromagnetic emanations, the attack extracts the secret decryption key within seconds, from a target located in an adjacent room across a wall. The attack utilizes a single carefully chosen ciphertext, and tailored time-frequency signal analysis techniques, to achieve full key extraction.