IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
28 June 2016
Jan Camenisch, Manu Drijvers, Anja Lehmann
ePrint ReportIn this work, we identify flaws in security proofs of a number of qSDH-based DAA schemes and point out that none of the proposed schemes can be proven secure in the recent model by Camenisch et al. (PKC 2016). We therefore present a new, provably secure DAA scheme that is based on the qSDH assumption. The new scheme is as efficient as the most efficient existing DAA scheme, with support for DAA extensions to signature-based revocation and attributes. We rigorously prove the scheme secure in the model of Camenisch et al., which we modify to support the extensions.
As a side-result of independent interest, we prove that the BBS+ signature scheme is secure in the type-3 pairing setting, allowing for our scheme to be used with the most efficient pairing-friendly curves.
Georg Fuchsbauer, Christian Hanser, Chethan Kamath, Daniel Slamanig
ePrint ReportWe propose a variant of their scheme whose blindness can be proven under a non-interactive assumption, namely a variant of the bilinear DDH assumption. We moreover prove its unforgeability assuming only unforgeability of the underlying SPS-EQ but no additional assumptions as needed for the FHS scheme.
David Cash, Feng-Hao Liu, Adam O'Neill, Cong Zhang
ePrint ReportTo analyze the quality of our leakage profile, we show several additional results. In particular, we show that order-\emph{preserving} (OPE) encryption, an important special case of ORE scheme in which ciphertexts are ordered, cannot be secure wrt.our leakage profile. This implies that our ORE scheme is the first one without multilinear maps that is proven secure wrt.a leakage profile unachievable by OPE. We also also show that our generalized scheme meets a ''semantically meaningful'' one-wayness notion that schemes with the leakage of CLWW do not.
Christof Beierle, Jérémy Jean, Stefan Kölbl, Gregor Leander, Amir Moradi, Thomas Peyrin, Yu Sasaki, Pascal Sasdrich, Siang Meng Sim
ePrint ReportSecondly, we present MANTIS, a dedicated variant of SKINNY for low-latency implementations, that constitutes a very efficient solution to the problem of designing a tweakable block cipher for memory encryption. MANTIS basically reuses well understood, previously studied, known components. Yet, by putting those components together in a new fashion, we obtain a competitive cipher to PRINCE in latency and area, while being enhanced with a tweak input.
Joppe Bos, Craig Costello, L\'eo Ducas, Ilya Mironov, Michael Naehrig, Valeria Nikolaenko, Ananth Raghunathan, Douglas Stebila
ePrint ReportDespite conventional wisdom that generic lattices might be too slow and unwieldy, we demonstrate that LWE-based key exchange is quite practical: our constant time implementation requires around 1.3ms computation time for each party; compared to the recent NewHope R-LWE scheme, communication sizes increase by a factor of 4.7$\times$, but remain under 12 KiB in each direction. Our protocol is competitive when used for serving web pages over TLS; when partnered with ECDSA signatures, latencies increase by less than a factor of 1.6$\times$, and (even under heavy load) server throughput only decreases by factors of 1.5$\times$ and 1.2$\times$ when serving typical 1 KiB and 100 KiB pages, respectively. To achieve these practical results, our protocol takes advantage of several innovations. These include techniques to optimize communication bandwidth, dynamic generation of public parameters (which also offers additional security against backdoors), carefully chosen error distributions, and tight security parameters.
Kévin Atighehchi, Alexis Bonnecaze
ePrint Report27 June 2016
Tatiana Bradley, Sky Faber, Gene Tsudik
ePrint ReportEiichiro Fujisaki
ePrint ReportJongkil Kim, Willy Susilo, Fuchun Guo, Man Ho Au
ePrint ReportShweta Agrawal
ePrint Report1. We show that existing LWE based predicate encryption schemes [AFV11, GVW15] are completely insecure against a general functional encryption adversary (i.e. in the strong attribute hiding game). We demonstrate three different attacks, the strongest of which is applicable even to the inner product predicate encryption scheme [AFV11]. Our attacks are practical and allow the attacker to completely recover a from its encryption Enc(a) within a polynomial number of queries. This illustrates that the barrier between predicate and functional encryption is not just a limitation of proof techniques.
2. We provide a new construction that unifies and extends the constructions of Gorbunov et al. [GVW15] and Goldwasser et al. [GTKP+13]. Our construction supports a single decryption query as in [GTKP+13] in addition to an unbounded number of non-decryption queries as in [GVW15]. In particular, our construction yields an alternate candidate for reusable garbled circuits.
3. We upgrade the security of our construction, as well as [AFV11, GVW15], from selective to semi-adaptive, where the adversary may output the challenge after seeing the public parameters in the security game. Our transformation is generic, and applies to several LWE based selectively secure FE schemes.
4. We generalise the above scheme to support q decryption queries, for any polynomial q which is a-priori fixed. The ciphertext size grows as O(q^2), improving upon the q-query version of [GTKP+13, GVW12] in which the ciphertext size grows as O(q^4). Our ciphertext is succinct in that its size does not depend on the size of the circuit.
Masahiro Yagisawa
ePrint Report25 June 2016
New Jersey Institute of Technology (NJIT), metro New York City, USA
Job PostingSuccessful applicants are expected to pursue research towards developing open-source implementations of lattice encryption. Strong software engineering skills and C++11 expertise are required. Demonstrated success writing high quality software is essential. Experience with lattice encryption is required. Experience with industry-standard software engineering methods, including unit testing is very helpful. Experience with hardware design, noise sampling, secure communication systems and related technologies are helpful but not required. The candidates are expected to have excellent verbal and written skills in English
We expect the position to be available immediately for one year and to be renewable, based on mutual interest and availability of funding. Interested applicants should submit their CV and the names of at least three references by applying as soon as possible at:
njit.jobs/applicants/Central?quickFind=54616
njit.jobs/applicants/Central?quickFind=55268
Applications will be reviewed on a rolling basis until the positions are filled.
The Department of Computer Science at NJIT includes 27 tenured/tenure track professors and is rapidly expanding, supported by the university`s `2020 Vision` strategic plan. Sources of research funding include DARPA, IARPA, NSA, NSF, NIH, DHS, DOE, ARL, and ONR to name a few. Located in Northern New Jersey, within the greater New York Metropolitan area, NJIT is part of a vibrant ecosystem of research universities and corporate research centers.
Closing date for applications: 1 September 2016
Contact: Kurt Rohloff
Director, Cybersecurity Research Center
rohloff (at) njit.edu
More information: http://centers.njit.edu/cybersecurity/
24 June 2016
School
The IACR sponsors a small number of Cryptology Schools providing intensive training on clearly identified topics in cryptology. The aim is to develop awareness and increased capacity for research in cryptology. A list of past and upcoming schools can be found at http://iacr.org/schools
Arnaud BANNIER, Nicolas BODIN, Eric FILIOL
ePrint ReportChristof Beierle
ePrint ReportAlthough there are much better bounds known, especially for a high number of rounds, they are based on experimental search like using SAT/SMT solvers. While those results have already shown that \textsc{Simon} can be considered resistant against differential cryptanalysis, our argument gives more insights into the design itself. As far as we know, this work presents the first non-experimental security argument for full-round versions of several \textsc{Simon}-like instances.
Peeter Laud, Alisa Pankova
ePrint ReportProtecting against this goal essentially means achieving security against several non-cooperating adversaries, where all but one adversary are passive and corrupt only a single party. We formalize the adversarial goal by proposing an alternative notion of universal composability. We show how existing, conventionally secure multiparty protocols can be transformed to make them secure against the novel adversarial goal.
Behzad Abdolmaleki, Karim Baghery, Shahram Khazaei, Mohammad Reza Aref
ePrint ReportTobias Schneider, Amir Moradi, Tim Güneysu
ePrint ReportIn this work, we introduce a countermeasure for cryptographic hardware implementations that combines the concept of a provably-secure masking scheme (i.e., threshold implementation) with an error detecting approach against fault injection. As a case study, we apply our generic construction to the lightweight LED cipher. Our LED instance achieves first-order resistance against side-channel attacks combined with a fault detection capability that is superior to that of simple duplication for most error distributions at an increased area demand of 12%.
Erik Boss, Vincent Grosso, Tim Güneysu, Gregor Leander, Amir Moradi, Tobias Schneider
ePrint ReportEli Ben-Sasson , Iddo Ben-Tov , Alessandro Chiesa, Ariel Gabizon, Daniel Genkin, Matan Hamilis, Evgenya Pergament, Michael Riabzev, Mark Silberstein, Eran Tromer, Madars Virza
ePrint ReportThis work introduces SCI, the first implementation of a scalable PCP system (that uses both PCPPs and proof composition). We used SCI to prove correctness of executions of up to $2^{20}$ cycles of a simple processor (Figure 1) and calculated (Figure 2) its break-even point [SVP + 12, SMBW12]. The significance of our findings is two-fold: (i) it marks the transition of core PCP techniques (like proof composition and PCPs of Proximity) from mathematical theory to practical system engineering, and (ii) the thresholds obtained are nearly achievable and hence show that PCP-supported computational integrity is closer to reality than previously assumed.