IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
14 April 2016
Delaram Kahrobaei, Vladimir Shpilrain
Arka Rai Choudhuri, Subhamoy Maitra
Stephen Checkoway, Shaanan Cohney, Christina Garman, Matthew Green, Nadia Heninger, Jacob Maskiewicz, Eric Rescorla, Hovav Shacham, Ralf-Philipp Weinmann
In this work, we report the results of a thorough independent analysis of the ScreenOS randomness subsystem, as well as its interaction with the IKE VPN key establishment protocol. Due to apparent flaws in the code, Juniper's countermeasures against a Dual EC attack are never executed. Moreover, by comparing sequential versions of ScreenOS, we identify a cluster of additional changes that were introduced concurrently with the inclusion of Dual EC in a single 2008 release. Taken as a whole, these changes render the ScreenOS system vulnerable to passive exploitation by an attacker who selects Q. We demonstrate this by installing our own parameters, and showing that it is possible to passively decrypt a single IKE handshake and its associated VPN traffic in isolation without observing any other network traffic.
Alon Rosen, Gil Segev, Ido Shahaf
Central in the study of obfuscation-based PPAD hardness is the SINK-OF-VERIFIABLE-LINE (SVL) problem, an intermediate step in constructing hard-on-average instances of the PPAD-complete problem SOURCE-OR-SINK. Within the framework of black-box reductions we prove the following results:
-- Average-case PPAD hardness (and even average-case SVL hardness) does not imply any form of cryptographic hardness (not even one-way functions).
-- Average-case SVL hardness cannot be based either on standard cryptographic assumptions or on average-case PPAD hardness (and is thus not essential for PPAD hardness).
-- Any attempt for basing the average-case hardness of SOURCE-OR-SINK on standard cryptographic assumptions must result in instances with a nearly-exponential number of solutions.
Taken together, our results imply that while it may still be possible to base average-case PPAD hardness on standard cryptographic assumptions, any black-box attempt must significantly deviate from the obfuscation-based approach: It cannot go through the SVL problem, and it must result in SOURCE-OR-SINK instances with a nearly-exponential number of solutions.
Christoph Dobraunig, Maria Eichlseder, Florian Mendel
Dennis Hofheinz
- A new strategy for tight security reductions that leads to compact public keys and ciphertexts.
- A relaxed definition of non-interactive proof systems for non-linear (``OR-type'') languages. Our definition is strong enough to act as a central tool in our new strategy to obtain tight security, and is achievable both in pairing-friendly and DCR groups.
We apply these concepts in a generic construction of a tightly secure public-key encryption scheme. When instantiated in different concrete settings, we obtain the following:
- A public-key encryption scheme whose chosen-ciphertext security can be tightly reduced to the DLIN assumption in a pairing-friendly group. Ciphertexts, public keys, and system parameters contain 6, 24, and 2 group elements, respectively. This improves heavily upon a recent scheme of Gay et al. (Eurocrypt 2016) in terms of public key size, at the cost of using a symmetric pairing.
- The first public-key encryption scheme that is tightly chosen-ciphertext secure under the DCR assumption. While the scheme is not very practical (ciphertexts carry 29 group elements), it enjoys constant-size parameters, public keys, and ciphertexts.
Mihir Bellare, Georg Fuchsbauer, Alessandra Scafuro
Stephanie Alt, Pierre-Alain Fouque, Gilles Macario-rat, Benjamin Richard, Cristina Onete
In this paper, we provide a formal security analysis of the AKA protocol in its complete three-party setting. We formulate requirements with respect to both Man-in-the-Middle (MiM) adversaries, i.e. key-indistinguishability and impersonation security, and to local untrusted serving networks, denoted servers, namely state-confidentiality and soundness. We prove that the unmodified AKA protocol attains these properties as long as servers cannot be corrupted. Furthermore, adding a unique server identifier suffices to guarantee all the security statements even in in the presence of corrupted servers. We use a modular proof approach: the first step is to prove the security of (modified and unmodified) AKA with generic cryptographic algorithms that can be represented as a unitary pseudorandom function PRF keyed either with the clients secret key or with the operator key. A second step proceeds to show that TUAK and MILENAGE guarantee this type of pseudorandomness, though the guarantee for MILENAGE requires a stronger assumption. Our paper provides (to our knowledge) the first complete, rigorous analysis of the original AKA protocol and these two instantiations. We stress that such an analysis is important for any protocol deployed in real-life scenarios.
Cecile Pierrot, Benjamin Wesolowski
Cyber Security Practise - United Arab Emirates
- Proficient in AES algorithm design.
- Expert in block and stream cipher, key management, hybrid approach, hashing.
- Knowledge in substitution, permutation, confusion & diffusion mechanism.
- Cryptanalysis: Differential, Linear, Side channel attack, Plain & Cipher text etc,.
- Knowledge in crypto events, such as, Caesar competition.
- History of different symmetric key algorithms.
- Mathematics degree is preferred.
- Should be ready to start design algorithm as soon as join.
Closing date for applications: 29 August 2016
Contact: Hilary (at) talentboutique.ae
13 April 2016
Cambridge, USA, 8 June - 10 June 2016
Vienna, Austria, 13 May 2016
Laboratoire Hubert Curien, University of Lyon, Saint-Etienne, France
For a new project which addresses the problem of secure and privacy in MPSoC architectures, we proposes a Post Doc position to work on security evaluation of heterogeneous MPSoC. We are looking for candidates with an outstanding Ph.D in hardware security and a strong publication record in this field. Strong knowledge in side channel attacks and countermeasures, digital system (VHDL, FPGA) design would be appreciated. Knowledge of French is not mandatory.
The Post-Doc position will start in 2016 (flexible starting date), it is funded for 24 month.
To apply please send your detailed CV (with publication list), motivation for applying (1 page) and names of at least two people who can provide reference letters (e-mail).
Closing date for applications: 15 June 2016
Contact:
Dr. Lilian BOSSUET lilian.bossuet(at)univ-st-etienne.fr
Newcastle University
The successful applicant will join a vibrant and growing Secure and Resilient Systems (SRS) research group at the School of computing Science, Newcastle University. So far research works in the group have been largely driven by tackling real-world security problems, with some of the research outcomes adopted by international standards and deployed in large-scale commercial applications.
About us: The School of Computing Science at Newcastle University is recognised as one of the fourteen Academic Centres of Excellence in Cyber Security Research (ACEs-CSR) in the UK. In the latest 2014 Research Excellence Framework (REF) assessment which included all UK universities, Newcastle University CS was ranked the 1st in the UK for its Research Impact.
How to apply: follow the online application link below. To help speed up the process, please also send your CV and a brief cover letter to feng.hao (at) ncl.ac.uk.
Closing date for applications: 10 May 2016
More information: http://www.jobs.ac.uk/job/AUE162/d35883r-research-assistant-associate-e-voting/
12 April 2016
Ronald Cramer, Chaoping Xing, Chen Yuan
In this paper, we focus on Reed-Muller codes with evaluation polynomials of total degree $d\lesssim\Gs\sqrt{q}$ for some $\Gs\in(0,1)$. By introducing a local decoding of Reed-Muller codes via the concept of codex that has been used for arithmetic secret sharing \cite{C11,CCX12}, we are able to locally recover arbitrarily large number $k$ of coordinates simultaneously at the cost of querying $O(k\sqrt{q})$ coordinates, where $q$ is the code alphabet size. It turns out that our local decoding of Reed-Muller codes shows ({\it perhaps surprisingly}) that accessing $k$ locations is in fact cheaper than repeating the procedure for accessing a single location for $k$ times. In contrast, by repetition of local decoding for recovery of a single coordinate, one has to query $\Omega(k\sqrt{q}\log k/\log q)$ coordinates for $k=q^{\Omega(\sqrt{q})}$ (and query $O(kq)$ coordinates for $k=q^{O(\sqrt{q})}$, respectively). Furthermore, our decoding success probability is $1-\Ge$ with $\Ge=O\left(\left(\frac1{\sqrt{q}}\right)^k\right)$. To get the same success probability from repetition of local decoding for recovery of a single coordinate, one has to query $O(k^2\sqrt{q}\log k/\log q)$ coordinates (or $O(k^2q)$ coordinates for $k=q^{O(\sqrt{q})}$, respectively). In addition, our local decoding also works for recovery of one single coordinate as well and it gives a better success probability than the one by repetition of local decoding on curves. The main tool to realize codex is based on algebraic function fields (or more precisely, algebraic geometry codes). Our estimation of success error probability is based on error probability bound for $t$-wise linearly independent variables given in \cite{BR94}.