topics I like

news related to patents

2011-04-12T02:25:00.000-07:00

I've recently read 2 interesting articles related to patents (see below to read them) :

*ZTE sues Ericsson in China
http://online.wsj.com/article/SB10001424052748704662604576256440263520456.html

(by Owen Fletcher)

BEIJING—Chinese telecommunications hardware maker ZTE Corp. on Monday filed a lawsuit in China against a unit of Swedish rival Telefon AB L.M. Ericsson over alleged patent infringement, said Wang Haibo, ZTE's intellectual-property director.

The move escalates a legal battle that began when Ericsson said earlier this month it filed patent-infringement lawsuits against ZTE in the U.K., Italy and Germany, and highlights ZTE's growth overseas in competition with Western rivals. Such lawsuits are common between global rivals in high-tech industries.

ZTE's suit against Ericsson (China) Communications Co. alleges Ericsson products sold in China violated ZTE patents covering core networks, global system for mobile communications, and fourth-generation mobile technology, and asks that the company be ordered to cease the infringement and pay unspecified damages, Mr. Wang told Dow Jones Newswires.

He said the number of ZTE patents in the case is "less than 10" and declined to say in which court ZTE filed the suit.

The "possibility exists" that ZTE could file further lawsuits against Ericsson in China or abroad, Mr. Wang said, declining to say what patents they might involve.

Ericsson spokesman Fredrik Hallstan said the company hasn't received notice of the lawsuit yet and declined to comment further.

Ericsson said earlier it filed its lawsuits against ZTE in Europe as a "last resort" to obtain a licensing agreement with ZTE and payment for its use of Ericsson patents, after years of talks. Ericsson alleged ZTE was using the patented technologies covering areas such as mobile technology WCDMA in its handsets, network infrastructure, or both, in the three European countries.

ZTE responded earlier this month by saying it would launch "patent invalidation procedures" against Ericsson in China. In a submission to China's State Intellectual Property Office, ZTE argued that three Ericsson patents covering second- and third-generation mobile technology should be invalidated since they don't meet criteria such as "creativeness" required for a patent, Mr. Wang said.

Mr. Wang said there is a chance the invalidation request could be processed this year but emphasized the time frame is hard to predict.

* Google bids $900 million for Nortel patent portfolio

http://www.engadget.com/2011/04/04/google-bids-900-million-for-nortel-patent-portfolio-will-use-i/

By Vlad Savov

Google and Nortel have agreed on the princely sum of $900 million to start off a "stalking horse" auction -- wherein outside parties are still free to outdo Google's bid -- for the acquisition of Nortel's rather vast patent portfolio. The sale comes as part of the latter company's bankruptcy selloff and involves some 6,000 patents and patent applications, which encompass both wired and wireless communications, semiconductors, data networking, voice, and the internet -- going so far as to even touch on web search and social networking. The thing is, Google's not really enamored with these tidbits of intellectual property to the tune of nearly a billion dollars. No sir, a rather bitter blog post from the company this morning makes it quite clear that Google's acting in order to bolster its own intellectual property library and to "create a disincentive for others to sue." Both Android and Chrome get obliquely mentioned in Google's announcement as benefiting from the move, which should be completed by June of this year pending other bids and regulatory approvals.

Update: Microsoft has noted that it has "a worldwide, perpetual, royalty-free license to all of Nortel's patents that covers all Microsoft products and services, resulting from the patent cross-license signed with Nortel in 2006." That license will also transfer with the sale of the patent rights. All that means is that Microsoft cannot be sued for infringing on that bundle of rights as it is already licensed to use them. That means Microsoft is extremely unlikely to participate in this auction -- other than, of course, as a means to prevent others from obtaining the same rights.

Japan...

2011-03-15T06:52:00.000-07:00

"L'argent est un bon serviteur et un mauvais maître."

"Money is like muck, not good except it be spread." (Francis Bacon)

https://www.croix-rouge.fr/Je-donne/Don-ponctuel?elk_dc_id=158

Thx

"Pré-diagnostics propriété industrielle"

2011-02-23T01:19:00.000-08:00

Hello,

In France, for some small companies, there is a way to obtain a kind of audit for intellectual property issues. For more information, see the following links :

http://www.inpi.fr/?id=2413

http://www.inpi.fr/fileadmin/mediatheque/pdf/INPI_Pre-diagnostic.pdf

Regards,

Asiacrypt 2010

2010-09-03T05:54:00.000-07:00

Accepted Papers
http://www.spms.ntu.edu.sg/Asiacrypt2010/Common/AcceptedPapers.html

Short Pairing-based Non-interactive Zero-Knowledge Arguments
Jens Groth (University College London)

Short Non-interactive Zero-Knowledge Proofs
Jens Groth (University College London)

A Group Signature Scheme from Lattice Assumptions
Dov Gordon and Jonathan Katz (University of Maryland) and Vinod Vaikuntanathan (Microsoft Research)

Advanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2
Jian Guo, San Ling (Nanyang Technological University), Christian Rechberger
(Katholieke Universiteit Leuven), and Huaxiong Wang (Nanyang Technological University)

A Byte-based Guess and Determine Attack on SOSEMANUK
Xiutao Feng and Jun Liu and Zhaocun Zhou and Chuankun Wu and Dengguo Feng (Institute of Software of China)

Improved Single-Key Attacks on 8-round AES-192 and AES-256
Orr Dunkelman, Nathan Keller, and Adi Shamir (Weizmann Institute of Science)

Improved Generic Attacks on Unbalanced Feistel Schemes with Expanding Functions
Emmanuel Volte and Valerie Nachef (University of Cergy-Pontoise) and Jacques
Patarin (Université de Versailles)

Collision Attacks against the Knudsen-Preneel Compression Functions
Onur Özen and Martijn Stam (EPFL)

Conditional Differential Cryptanalysis of NLFSR-based Cryptosystems
Simon Knellwolf and Willi Meier and Maria Naya-Plasencia (FHNW)

Multiparty Computation for Modulo Reduction without Bit-Decomposition and a Generalization to Bit-Decomposition
Chao Ning and Qiuliang Xu (Shandong University)

Faster Fully Homomorphic Encryption
Damien Stehlé (CNRS, ENS de Lyon) and Ron Steinfeld (Macquarie University)

The Semi-Generic Group Model and Applications to Pairing-based Cryptography
Tibor Jager (Ruhr-University Bochum) and Andy Rupp (University of Trier)

A Closer Look at Anonymity and Robustness in Encryption Schemes
Payman Mohassel (University of Calgary)

New Approach of Super-Sbox Analysis on AES-Based Permutations: Applications to ECHO and Gr{\o}stl
Yu Sasaki (NTT Corporation), Yang Li, Lei Wang, Kazuo Sakiyama, Kazuo Ohta (The University of Electro-Communications)

Leakage Resilient ElGamal Encryption
Eike Kiltz and Krzysztof Pietrzak (CWI)

The World is Not Enough: Another Look on Second-Order DPA
F.-X. Standaert and N. Veyrat Charvillon and E. Oswald and B. Gierlichs and M. Medwed and M. Kasper and S. Mangard (UCL)

Efficient Public-Key Cryptography in the Presence of Key Leakage
Yevgeniy Dodis and Kristiyan Haralambiev and Adriana Lopez-Alt and Daniel Wichs (NYU)

On the Static Diffie-Hellman Problem on Elliptic Curves over Extension Fields
Robert Granger (Dublin City University)

Finding Second Preimages of Digests of Short Messages for Hamsi-256
Thomas Fuhr (ANSSI and TELECOM-ParisTech)

Efficient String-Commitment from Weak Bit-Commitment
Kai-Min Chung (Harvard University), Feng-Hao Liu (Brown Univiersity), Chi-Jen Lu (Academia Sinica), and Bo-Yin Yang (Academia Sinica)

The Degree of Regularity of HFE Systems
Vivien Dubois (DGA-MI) and Nicolas Gama (EPFL)

Constant-Size Commitments to Polynomials and Their Applications
Aniket Kate (MPI-SWS), Gregory M. Zaverucha (Certicom Research), and Ian Goldberg (University of Waterloo)

Linear-Complexity Private Set Intersection Protocols Secure in Malicious Model
Emiliano De Cristofaro (UC Irvine), Jihye Kim (Seoul National University), and Gene Tsudik (UC Irvine)

Rotational Rebound Attacks on Reduced Skein
Dmitry Khovratovich (University of Luxembourg and Microsoft Research), Ivica Nikolic (University of Luxembourg), and Christian Rechberger (K.U. Leuven)

Lattice-based Blind Signatures
Markus Rückert (Technische Universität Darmstadt)

A Forward-Secure Symmetric-Key Derivation Protocol - How to Improve Classical DUKPT
Eric Brier and Thomas Peyrin (Ingenico)

Structured Encryption and Controlled Disclosure
Melissa Chase and Seny Kamara (Microsoft Research)

Limitations on Transformations from Composite-Order to Prime-Order Groups: The Case of Round-Optimal Blind Signatures
Sarah Meiklejohn and Hovav Shacham (UC San Diego)

General Perfectly Secure Message Transmission Using Linear Codes
Qiushi Yang and Yvo Desmedt (University College London)

Random Oracles With(out) Programmability
Marc Fischlin (Darmstadt University of Technology), Anja Lehmann (IBM Research Zurich), Thomas Ristenpart (UCSD), Thomas Shrimpton (Portland State University), Martijn Stam (EPFL), and Stefano Tessaro (ETH Zurich)

Generic Compilers for Authenticated Key Exchange
Tibor Jager and Florian Kohlar and Sven Schäge and Jörg Schwenk (Ruhr-University Bochum)

The Round Complexity of Verifiable Secret Sharing: The Statistical Case
Ranjit Kumaresan (UMD), Arpita Patra (IIT Madras), C. Pandu Rangan (IIT Madras)

Computationally Secure Pattern Matching in the Presence of Malicious Adversaries
Carmit Hazay and Tomas Toft (Aarhus University)

On Invertible Sampling and Adaptive Security
Yuval Ishai (Technion and UCLA), Abishek Kumarasubramanian (UCLA), Claudio Orlandi (Aarhus University) and Amit Sahai (UCLA)

CHES 2010

2010-09-03T05:42:00.000-07:00

Accepted Papers

http://www.iacr.org/workshops/ches/ches2010/accepted.html

A high speed coprocessor for elliptic curve scalar multiplications over Fp
Nicolas Guillermin
DGA Information Superiority and IRMAR Université Rennes 1
Quark: a lightweight hash
Jean-Philippe Aumasson and Luca Henzen and Willi Meier and Maria Naya-Plasencia
Nagravision SA / ETH Zurich / FHNW Windisch
Coordinate Blinding over Large Prime Fields
Michael Tunstall and Marc Joye
University of Bristol / Technicolor
Mixed Bases for Efficient Inversion in F_{((2^2)^2)^2} and Conversion Matrices of SubBytes of AES
Y. Nogami and K. Nekado and T. Toyota and N. Hongo and Y. Morikawa
Okayama University
Efficient Techniques for High-Speed Elliptic Curve Cryptography
Patrick Longa and Catherine Gebotys
University of Waterloo
XBX: eXternal Benchmarking eXtension for the SUPERCOP crypto benchmarking framework
Christian Wenzel-Benner and Jens Graef
ITK Engineering AG / LiNetCo GmbH
The Glitch PUF: A New Delay-PUF Architecture Exploiting Glitch Shapes
Daisuke Suzuki and Koichi Shimizu
Mitsubishi Electric Corporation / Yokohama National University
Public Key Perturbation of Randomized RSA Implementations
Alexandre Berzati and Cécile Canovas-Dumas and Louis Goubin
CEA Leti Minatec / Versailles Saint Quentin University
Fault Sensitivity Analysis
Yang Li and Kazuo Sakiyama and Shigeto Gomisawa and Toshinori Fukunaga and Junko Takahashi and Kazuo Ohta
The university of Electro-Communications / Nippon Telegraph and Telephone Corporation
Analysis and Improvement of the Random Delay Countermeasure of CHES 2009
Jean-Sebastien Coron and Ilya Kizhvatov
University of Luxembourg
Algebraic Side-Channel Analysis in the Presence of Errors
Yossef Oren and Mario Kirschbaum and Thomas Popp and Avishai Wool
Tel-Aviv University / Graz University Of Technology
Sponge-based pseudo-random number generators
Guido Bertoni and Joan Daemen and Michaël Peeters and Gilles Van Assche
STMicroelectronics / NXP Semiconductors
Provably Secure Higher-Order Masking of AES
Matthieu Rivain and Emmanuel Prouff
CryptoExperts and Oberthur Technologies
An Alternative to Error Correction for SRAM-Like PUFs
Maximilian Hofer and Christoph Boehm
Graz University Of Technology
Side-channel Analysis of Six SHA-3 Candidates
Olivier Benoit and Thomas Peyrin
Ingenico
256 bit Standardized Crypto for 650 GE - GOST Revisited
Axel Poschmann and Huaxiong Wang and San Ling
Nanyang Technological University
When Failure Analysis Meets Side-Channel Attacks
Jérôme Di-Battista and Jean-Christophe Courrège and Bruno Rouzeyre and Lionel Torres and Philippe Perdu
Thales / LIRMM / CNES
ARMADILLO: a Multi-Purpose Cryptographic Primitive Dedicated to Hardware
Stéphane Badel, Nilay Dağtekin, Jorge Nakahara Jr, Khaled Ouafi, Nicolas Reffé, Pouyan Sepehrdad, Petr Sušil, Serge Vaudenay
EPFL / Oridao
PRINTcipher: A Block Cipher for IC-Printing
Lars R. Knudsen and Gregor Leander and Axel Poschmann and Matt J.B. Robshaw
DTU Denmark / Nanyang Technological University / Orange Labs
Correlation-Enhanced Power Analysis Collision Attack
Amir Moradi and Oliver Mischke and Thomas Eisenbarth
Ruhr University Bochum / Florida Atlantic University
Developing a Hardware Evaluation Method for SHA-3 Candidates
Luca Henzen and Pietro Gendotti and Patrice Guillet and Enrico Pargaetzi and Martin Zoller and Frank K. Gurkaynak
ETH Zurich
Flash Memory 'Bumping' Attacks
Sergei Skorobogatov
University of Cambridge
Garbled Circuits for Leakage-Resilience: Hardware Implementation and Evaluation of One-Time Programs
Kimmo Järvinen and Vladimir Kolesnikov and Ahmad-Reza Sadeghi and Thomas Schneider
Aalto University / Alcatel-Lucent Bell Laboratories / Ruhr-University Bochum
New Results on Instruction Cache Attacks
Onur Aciicmez and Billy Bob Brumley and Philipp Grabher
Samsung Electronics / Aalto University School of Science and Technology / University of Bristol
Fast Exhaustive Search for Polynomial Systems in F_2
Charles Bouillaguet and Hsieh-Chung Chen and Chen-Mou Cheng and Tony Chou and Ruben Niederhagen and Adi Shamir and Bo-Yin Yang
Ecole Normale Supérieure / Academia Sinica / Nat'l Taiwan University / Technische Universiteit Eindhoven / Weizmann Institute of Science
Performance Analysis of the SHA-3 Candidates on Exotic Multi-Core Architectures
Joppe W. Bos and Deian Stefan
EPFL / The Cooper Union
New High Entropy Element for FPGA Based True Random Number Generators
Michal Varchola and Milos Drutarovsky
Technical University of Kosice
Co-Z Addition Formulae and Binary Ladders on Elliptic Curves
Raveen Ravinesh Goundar and Marc Joye and Atsuko Miyaji
Japan Advanced Institute of Science and Technology / Technicolor
Fair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates using FPGAs
Kris Gaj, Ekawat Homsirikamol, Marcin Rogawski
George Mason University
Self-Referencing: A Scalable Side-Channel Approach for Hardware Trojan Detection
Dongdong Du, Seetharam Narasimhan, Rajat Subhra Chakraborty, Swarup Bhunia
Case Western Reserve University

Crypto 2010

2010-09-03T05:40:00.000-07:00

http://www.iacr.org/conferences/crypto2010/accepted.html

CRYPTO 2010 Accepted Papers

Circular and Leakage Resilient Public-Key Encryption Under Subgroup Indistinguishability (or: Quadratic Residuosity Strikes Back)

Zvika Brakerski and Shafi Goldwasser

The main results of this work are new public-key encryption schemes that, under the quadratic residuosity (QR) assumption (or Paillier's decisional composite residuosity (DCR) assumption), achieve key-dependent message security as well as high resilience to secret key leakage and high resilience to the presence of auxiliary input information.
In particular, under what we call the {\it subgroup indistinguishability assumption}, of which the QR and DCR are special cases, we can construct a scheme that has:
1. Key-dependant message (circular) security. Achieves security even when encrypting affine functions of its own secret-key (in fact, w.r.t. affine "key-cycles" of predefined length). Our scheme also meets the requirements for extending key-dependant message security to broader classes of functions beyond affine functions using the techniques of [BGK, ePrint09] or [BHHI, ePrint09].
2. Leakage resiliency. Remains secure even if any adversarial low-entropy (efficiently computable) function of the secret-key is given to the adversary. A proper selection of parameters allows for a "leakage rate" of (1-o(1)) of the length of the secret-key.
3. Auxiliary-input security. Remains secure even if any sufficiently hard to invert (efficiently computable) function of the secret-key is given to the adversary.
Our scheme is the first to achieve key-dependant security and auxiliary-input security based on the DCR and QR assumptions. All previous schemes to achieve these properties relied either on the DDH or LWE assumptions. Our scheme is also the first to achieve leakage resiliency for leakage rate (1-o(1)) of the secret-key length, under the QR assumption. Leakage resilient schemes under the DCR and the QR assumptions (for the restricted case of composite modulus product of safe primes) were implied by the work of [NS, Crypto09], using hash proof systems. However, known constructions of hash proof systems under the QR assumption only allowed for a leakage rate of o(1) of the secret-key length.

Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks

Yevgeniy Dodis and Krzysztof Pietrzak

A cryptographic primitive is leakage-resilient, if it remains secure even if an adversary can learn a bounded amount of arbitrary information about the computation with every invocation. As a consequence, the physical implementation of a leakage-resilient primitive is secure against every side-channel as long as the amount of information leaked per invocation is bounded. In this paper we prove positive and negative results about the feasibility of constructing leakage-resilient pseudorandom functions and permutations (i.e. block-ciphers). Our results are three fold:
1. We construct (from any standard PRF) a PRF which satisfies a relaxed notion of leakage-resilience where (1) the leakage function is fixed (and not adaptively chosen with each query.) and (2) the computation is split into several steps which leak individually (a "step" will be the invocation of the underlying PRF.)
2. We prove that a Feistel network with a super-logarithmic number of rounds, each instantiated with a leakage-resilient PRF, is a leakage resilient PRP. This reduction also holds for the non-adaptive notion just discussed, we thus get a block-cipher which is leakage-resilient (against non-adaptive leakage).
3. We propose generic side-channel attacks against Feistel networks. The attacks are generic in the sense that they work for any round functions (e.g. uniformly random functions) and only require some simple leakage from the inputs to the round functions. For example we show how to invert an $r$ round Feistel network over $2n$ bits making $4\cdot (n+1)^{r-2}$ forward queries, if with each query we are also given as leakage the Hamming weight of the inputs to the $r$ round functions. This complements the result from the previous item showing that a super-constant number of rounds is necessary.

This talk is a combination of the following two papers:

1. On Protecting Cryptographic Keys Against Side-Channel Attacks

Ali Juma and Yevgeniy Vahlis

Side-channel attacks have often proven to have a devastating effect on the security of cryptographic schemes. In this paper we address the problem of storing cryptographic keys and computing on them in a manner that preserves security even when the adversary is able to obtain information leakage during the computation on the key.
Using the recently achieved fully homomorphic encryption, we show how to encapsulate a key and repeatedly evaluate arbitrary functions on it so that no adversary can gain any useful information from a large class of side-channel attacks. We work in the model of Micali and Reyzin -- assuming that only the active part of memory during computation leaks information. Similarly to previous works, our construction makes use of a single "leak-proof" hardware token that samples from a globally fixed distribution that does not depend on the key. If the amount of computation that will be performed on the key is known in advance then our construction requires no leak-proof tokens at all -- the values produced by the token can be pre-computed and then accessed sequentially. In addition, we describe a simple variant of our scheme that splits the key between two devices, and preserves the secrecy of the key even if the memory contents of one device are leaked completely. This provides a meaningful protection against the powerful cold boot attacks of Halderman \etal (USENIX Security 08) where the complete memory contents of a device can be recovered.
In contrast to previous general compilers that achieve resilience to side-channel attacks, we allow leakage functions to be arbitrary polynomial size circuits with a sufficiently short output, and our construction does not require the amount of computation to grow with the amount of leakage that the adversary is able to obtain.

2. How to Play Mental Solitaire under Continuous Side-Channels: A Completeness Theorem using Secure Hardware

Shafi Goldwasser and Guy Rothblum

we present a general method to compile any cryptographic algorithms into one which resists side channel attacks of the {\it only computation leaks information} variety for an unbounded number of executions. our method uses as a building block a semantically secure bit encryption scheme with the following additional operations: key refreshing, oblivious generation of cipher texts, cipher-text re-generation, and blinded homomorphic evaluation of one single complete gate (e.g. nand). furthermore, the security properties of the encryption scheme should withstand bounded leakage incurred while performing each of the above operations.
we show how to implement such an encryption scheme under the ddh intractability assumption and the existence of a simple secure hardware component. the hardware component is independent of the encryption scheme secret key. the encryption scheme resists leakage attacks which are polynomial time computable function, whose output size is bounded by a constant fraction of the secret key size.

An Efficient and Parallel Gaussian Sampler for Lattices

Chris Peikert

At the heart of many recent lattice-based cryptographic schemes is a polynomial-time algorithm that, given a `high-quality' basis, generates a lattice point according to a Gaussian-like distribution. Unlike most other operations in lattice-based cryptography, however, the known algorithm for this task (due to Gentry, Peikert, and Vaikuntanathan; STOC 2008) is rather inefficient, and is inherently sequential. We present a new Gaussian sampling algorithm for lattices that is \emph{efficient} and \emph{highly parallelizable}. We also show that in most cryptographic applications, the algorithm's efficiency comes at almost no cost in asymptotic security. At a high level, our algorithm resembles the ``perturbation'' heuristic proposed as part of NTRUSign (Hoffstein \etal, CT-RSA 2003), though the details are quite different. To our knowledge, this is the first algorithm and rigorous analysis demonstrating the security of a perturbation-like technique.

Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness

Craig Gentry

Gentry proposed a fully homomorphic public key encryption scheme that uses ideal lattices. He based the security of his scheme on the hardness of two problems: an average-case decision problem over ideal lattices, and the sparse (or "low-weight") subset sum problem (SSSP).
We provide a key generation algorithm for Gentry's scheme that generates ideal lattices according to a "nice" average-case distribution. Then, we prove a worst-case / average-case connection that bases Gentry's scheme (in part) on the quantum hardness of the shortest independent vector problem (SIVP) over ideal lattices in the worst-case. (We cannot remove the need to assume that the SSSP is hard.) Our worst-case / average-case connection is the first where the average-case lattice is an ideal lattice, which seems to be necessary to support the security of Gentry's scheme.

Additively Homomorphic Encryption with d-Operand Multiplications

Carlos Aguilar, Philippe Gaborit and Javier Herranz

The search for encryption schemes that allow to evaluate functions (or circuits) over encrypted data has attracted a lot of attention since the seminal work on this subject by Rivest, Adelman and Dertouzos in 1978.
In this work we define a theoretical object, chained encryption schemes, which allow a compact evaluation of polynomials of degree $d$ over encrypted data (without function privacy). Chained encryption schemes are generically constructed by concatenating cryptosystems with the appropriate homomorphic properties, which are common in lattice-based encryption. As a particular instantiation we propose a chained encryption scheme whose IND-CPA security is based on a worst-case/average-case reduction to uSVP.

i-Hop Homomorphic Encryption and Rerandomizable Yao Circuits

Craig Gentry, Shai Halevi and Vinod Vaikuntanathan

Homomorphic encryption (HE) schemes enable computing functions on encrypted data, by means of a public $\Eval$ procedure that can be applied to ciphertexts. But the evaluated ciphertexts so generated may differ from freshly encrypted ones. This brings up the question of whether one can keep computing on evaluated ciphertexts. An \emph{$i$-hop} homomorphic encryption is a scheme where $\Eval$ can be called on its own output upto $i$~times, while still being able to decrypt the result. A \emph{multi-hop} homomorphic encryption is a scheme which is $i$-hop for all~$i$. In this work we study $i$-hop and multi-hop schemes in conjunction with the properties of function-privacy (i.e., $\Eval$'s output hides the function) and compactness (i.e., the output of $\Eval$ is short). We provide formal definitions and describe several constructions.

First, we observe that ``bootstrapping'' techniques can be used to convert any (1-hop) homomorphic encryption scheme into an $i$-hop scheme for any~$i$, and the result inherits the function-privacy and/or compactness of the underlying scheme. However, if the underlying scheme is not compact (such as schemes derived from Yao circuits) then the complexity of the resulting $i$-hop scheme can be as high as $n^{O(i)}$.

We then describe a specific DDH-based multi-hop homomorphic encryption scheme that does not suffer from this exponential blowup. Although not compact, this scheme has complexity linear in the size of the composed function, independently of the number of hops. The main technical ingredient in this solution is a \emph{re-randomizable} variant of the Yao circuits. Namely, given a garbled circuit, anyone can re-garble it in such a way that even the party that generated the original garbled circuit cannot recognize it. This construction may be of independent interest.

Interactive Locking, Zero-Knowledge PCPs, and Unconditional Cryptography

Vipul Goyal and Yuval Ishai and Mohammad Mahmoody and Amit Sahai

Motivated by the question of basing cryptographic protocols on stateless tamper-proof hardware tokens, we revisit the question of unconditional two-prover zero-knowledge proofs for NP. We show that such protocols exist in the interactive PCP model of Kalai and Raz (ICALP '08), where one of the provers is replaced by a PCP oracle. This strengthens the feasibility result of Ben-Or, Goldwasser, Kilian, and Wigderson (STOC '88) which requires two stateful provers. In contrast to previous zero-knowledge PCPs of Kilian, Petrank, and Tardos (STOC '97), in our protocol both the prover and the PCP oracle are efficient given an NP witness. Our main technical tool is a new primitive that we call interactive locking, an efficient realization of an unconditionally secure commitment scheme in the interactive PCP model. We implement interactive locking by adapting previous constructions of interactive hashing protocols to our setting, and also provide a direct construction which uses a minimal amount of interaction and improves over our interactive hashing based constructions. Finally, we apply the above results towards showing the feasibility of basing unconditional cryptography on stateless tamper-proof hardware tokens, and obtain the following results: *) We show that if tokens can be used to encapsulate other tokens, then there exist unconditional and statistically secure (in fact, UC secure) protocols for general secure computation. *) Even if token encapsulation is not possible, there are unconditional and statistically secure commitment protocols and zero-knowledge proofs for NP. *) Finally, if token encapsulation is not possible, then no protocol can realize statistically secure oblivious transfer.

Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption

Tatsuaki Okamoto and Katsuyuki Takashima

This paper presents a fully secure functional encryption (FE) scheme for a wide class of relations, that are specified by non-monotone access structures combined with inner-product relations. The security is proven under a simple and well-examined assumption, the decisional linear (DLIN) assumption, in the standard model. The proposed FE scheme covers, as special cases, (1) the key-policy (KP) and ciphertext-policy (CP) attribute-based encryption (ABE) schemes with non-monotone access structures, and (2) the FE schemes with zero and non-zero inner-product relations.

Structure-Preserving Signatures and Commitments to Group Elements

Masayuki Abe, Georg Fuchsbauer, Jens Groth, Kristiyan Haralambiev and Miyako Ohkubo

Efficient Indifferentiable Hashing into Ordinary Elliptic Curves

Eric Brier, Jean-Sebastien Coron, Thomas Icart, David Madore, Hugues Randriam and Mehdi Tibouchi

We provide the first construction of a hash function into ordinary elliptic curves that is indifferentiable from a random oracle, based on Icart's deterministic encoding from Crypto 2009. While almost as efficient as Icart's encoding, this hash function can be plugged into any cryptosystem that requires hashing into elliptic curves, while not compromising proofs of security in the random oracle model.
We also describe a more general (but less efficient) construction that works for a large class of encodings into elliptic curves, for example the Shallue-Woestijne-Ulas (SWU) algorithm. Finally we describe the first deterministic encoding algorithm into elliptic curves in characteristic $3$.

Credential Authenticated Identification and Key Exchange

Jan Camenisch, Nathalie Casati, Thomas Gross and Victor Shoup

Secure two-party authentication and key exchange are fundamental problems. Traditionally, the parties authenticate each other by means of their identities, using a public-key infrastructure (PKI). However, this is not always feasible or desirable: an appropriate PKI may not be available, or the parties may want to remain anonymous, and not reveal their identities.
To address these needs, we introduce the notions of credential-authenticated identification (CAID) and key exchange (CAKE), where the compatibility of the parties' \emph{credentials} is the criteria for authentication, rather than the parties' \emph{identities} relative to some PKI. We formalize CAID and CAKE in the universal composability (UC) framework, with natural ideal functionalities, and we give practical, modularly designed protocol realizations. We prove all our protocols UC-secure in the adaptive corruption model with erasures, assuming a common reference string (CRS). The proofs are based on standard cryptographic assumptions and do not rely on random oracles.
CAKE includes password-authenticated key exchange (PAKE) as a special case, and we present two new PAKE protocols. The first one is interesting in that it is uses completly different techniques than known practical PAKE protocols, and also achieves UC-security in the adaptive corruption model with erasures; the second one is the first practical PAKE protocol that provides a meaningful form of resilience against server compromise without relying on random oracles.

Concurrent Password-Authenticated Key Exchange in the Plain Model

Vipul Goyal, Abhishek Jain and Rafail Ostrovsky

The problem of password-authenticated key exchange (PAKE) has been extensively studied. However to date, no construction is known for a PAKE protocol that is secure in the plain model in the setting of concurrent self-composition, where polynomially many protocol sessions with the same password may be executed on the network in an arbitrarily interleaved manner, and where the adversary may corrupt any number of parties. In this paper, we resolve this open problem. In particular, we give the first construction of a PAKE protocol that is secure (with respect to the definition of Goldreich and Lindell) in the concurrent setting in the plain model. We stress that we allow any unbounded polynomially-many concurrent sessions.

Instantiability of RSA-OEAP under Chosen-Plaintext Attack

Eike Kiltz, Adam O'Neill and Adam Smith

We give the first non-trivial positive standard model instantiation result about the influential RSA-OAEP encryption scheme of Bellare and Rogaway (Eurocrypt~'94), and indeed about \emph{any} encryption or signature scheme appearing in the PKCS \#1 v2.1 standard.
Specifically, we show that $f$-OAEP is semantically secure if the trapdoor function $f$ is \emph{lossy} in the sense of Peikert and Waters (STOC~'08) and the initial hash function is \emph{$t$-wise independent} for appropriate $t$ (in particular, neither hash function is modeled as a random oracle). Furthermore, under the $\Phi$-Hiding Assumption of Cachin et al. (Eurocrypt~'99), we show that RSA is lossy (by a factor $1/e$, where $e$ is the public RSA exponent). Taken together, these results refute "uninstantiability" of RSA-OAEP in the sense of Canetti et al.~(STOC~'98); \emph{i.e.}, there exists (a family of) efficiently computable functions that can securely replace its random oracles under reasonable assumptions. In particular, they increase our confidence that chosen-plaintext attacks are unlikely to be found against RSA-OAEP. In contrast, OAEP's predecessor in PKCS \#1 v1.5 was shown to be vulnerable to chosen-plaintext attacks by Coron et al.~(Eurocrypt~'00). Our first result is actually much more general: for \emph{any} "padding-based" encryption scheme whose trapdoor permutation is lossy, we show that in order to prove semantic security it suffices to argue that the padding function "fools" small-output distinguishers on a class of high-entropy input distributions. We then show that the first round of the OAEP padding satisfies this "fooling" condition.

Efficient Chosen-Ciphertext Security via Extractable Hash Proofs

Hoeteck Wee

We introduce the notion of an extractable hash proof system. Essentially, this is a special kind of non-interactive zero-knowledge proof of knowledge system where the secret keys may be generated in one of two modes to allow for either simulation or extraction.
-- We show how to derive efficient CCA-secure encryption schemes via extractable hash proofs in a simple and modular fashion. Our construction clarifies and generalizes the recent factoring-based cryptosystem of Hofheinz and Kiltz (Eurocrypt 09), and is reminiscent of an approach proposed by Rackoff and Simon (Crypto 91). We show how to instantiate extractable hash proof system for hard search problems, notably factoring and computational Diffie-Hellman. Using our framework, we obtain the first CCA-secure encryption scheme based on CDH where the public key is a constant number of group elements and a more modular and conceptually simpler variant of the Hofheinz-Kiltz cryptosystem (though less efficient).
-- We introduce adaptive weakly trapdoor functions, a relaxation of the adaptive trapdoor functions considered by Kiltz, Mohassel and O'Neil (Eurocrypt '10), but nonetheless imply CCA-secure encryption schemes. We show how to construct such functions using extractable hash proofs, which in turn yields realizations from hardness of factoring and CDH. This is the first general assumption that implies CCA-secure encryption while simultaneously admitting instantations from hardness of factoring, CDH and lattice-based assumptions.

Factorization of a 768-bit RSA modulus

IT. Kleinjung and K. Aoki and J. Franke and A.K. Lenstra and E. Thomé and J.W. Bos and P. Gaudry and A. Kruppa and P.L. Montgomery and D.A. Osvik and H. te Riele and A. Timofeev and P. Zimmermann

This paper reports on the factorization of the 768-bit number RSA-768 by the number field sieve factoring method and discusses some implications for RSA.

Correcting Errors in RSA Private Keys

Wilko Henecka, Alexander May and Alexander Meurer

Let $pk=(N,e)$ be an RSA public key with corresponding secret key $sk=(p,q,d,d_p,d_q, q_p^{-1})$. Assume that we obtain partial error-free information of $sk$, e.g., assume that we obtain half of the most significant bits of $p$. Then there are well-known algorithms to recover the full secret key. As opposed to these algorithms that allow for {\em correcting erasures} of the key $sk$, we present for the first time a heuristic probabilistic algorithm that is capable of {\em correcting errors} in $sk$ provided that $e$ is small. That is, on input of a full but error-prone secret key $\tilde{sk}$ we reconstruct the original $sk$ by correcting the faults.
More precisely, consider an error rate of $\delta \in [0,\frac 1 2)$, where we flip each bit in $sk$ with probability $\delta$ resulting in an erroneous key $\tilde{sk}$. Our Las-Vegas type algorithm allows to recover $sk$ from $\tilde {sk}$ in expected time polynomial in $\log N$ with success probability close to 1, provided that $\delta <>

Improved Differential Attacks for ECHO and Grostl

Thomas Peyrin

We present improved cryptanalysis of two second-round SHA-3 candidates: the AES-based hash functions ECHO and Grostl. We explain methods for building better differential trails for ECHO by increasing the granularity of the truncated differential paths previously considered. In the case of Grostl, we describe a new technique, the internal differential attack, which shows that when using parallel computations designers should also consider the differential security between the parallel branches. Then, we exploit the recently introduced start-from-the-middle or Super-Sbox attacks, that proved to be very efficient when attacking AES-like permutations, to achieve a very efficient utilization of the available freedom degrees. Finally, we obtain the best known attacks so far for both ECHO and Grostl. In particular, we are able to mount a distinguishing attack for the full Grostl-256 compression function.

A Practical-Time Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony

Orr Dunkelman and Nathan Keller and Adi Shamir

The privacy of most GSM phone conversations is currently protected by the 20+ years old A5/1 and A5/2 stream ciphers, which were repeatedly shown to be cryptographically weak. They will soon be replaced by the new A5/3 (and the soon to be announced A5/4) algorithm based on the block cipher KASUMI, which is a modified version of MISTY. In this paper we describe a new type of attack called a sandwich attack, and use it to construct a simple distinguisher for 7 of the 8 rounds of KASUMI with an amazingly high probability of 2^{-14}. By using this distinguisher and analyzing the single remaining round, we can derive the complete 128 bit key of the full KASUMI by using only 4~related keys, 2^{26} data, 2^{30} bytes of memory, and 2^{32} time. These complexities are so small that we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity. Interestingly, neither our technique nor any other published attack can break MISTY in less than the 2^{128} complexity of exhaustive search, which indicates that the changes made by ETSI's SAGE group in moving from MISTY to KASUMI resulted in a much weaker cipher.

Universally Composable Incoercibility

Dominique Unruh and Jörn Müller-Quade

We present the UC/c framework, a general definition for secure and incoercible multi-party protocols. Our framework allows to model arbitrary reactive protocol tasks (by specifying an ideal functionality) and comes with a universal composition theorem. We show that given natural setup assumptions, we can construct incoercible two-party protocols realising arbitrary functionalities (with respect to static adversaries).

Concurrent Non-Malleable Zero Knowledge Proofs

Huijia Lin, Rafael Pass, Wei-lung Dustin Tseng, and Muthuramakrishnan Venkitasubramaniam

Concurrent non-malleable zero-knowledge (NMZK) considers the concurrent execution of zero-knowledge protocols in a setting where the attacker can simultaneously corrupt multiple provers and verifiers. Barak, Prabhakaran and Sahai (FOCS'06) recently provided the first construction of a concurrent NMZK protocol without any set-up assumptions. Their protocol, however, is only computationally sound (a.k.a., a concurrent NMZK \emph{argument}). In this work we present the first construction of a concurrent NMZK \emph{proof} without any set-up assumptions. Our protocol requires $O(n)$ rounds assuming one-way functions, or $\tilde{O}(\log n)$ rounds assuming collision-resistant hash functions.

Equivalence of Uniform Key Agreement and Composition Insecurity

Chongwon Cho and Chen-Kuei Lee and Rafail Ostrovsky

It is well known that proving the security of a key agreement protocol (even in a special case where the protocol transcript looks random to an outside observer) is at least as difficult as proving $P \not = NP$. Another (seemingly unrelated) statement in cryptography is the existence of two or more non-adaptively secure pseudo-random functions that do not become adaptively secure under sequential or parallel composition. In 2006, Pietrzak showed that {\em at least one} of these two seemingly unrelated statements is true. In other words, the existence of key agreement or the existence of the adaptively insecure composition of non-adaptively secure functions is true. Pietrzak's result was significant since it showed a surprising connection between the worlds of public-key (i.e., "cryptomania") and private-key cryptography (i.e., "minicrypt"). In this paper we show that this duality is far stronger: we show that {\em at least one} of these two statements must also be false. In other words, we show their {\em equivalence}.
More specifically, Pietrzak's paper shows that if sequential composition of two non-adaptively secure pseudo-random functions is not adaptively secure, then there exists a key agreement protocol. However, Pietrzak's construction implies a slightly stronger fact: If sequential composition does not imply adaptive security (in the above sense), then a {\em uniform-transcript} key agreement protocol exists, where by uniform-transcript we mean a key agreement protocol where the transcript of the protocol execution is indistinguishable from uniform to eavesdroppers. In this paper, we complete the picture, and show the reverse direction as well as a strong equivalence between these two notions. More specifically, as our main result, we show that if there exists {\em any} uniform-transcript key agreement protocol, then composition does not imply adaptive security. Our result holds for both parallel and sequential composition in the contexts of general-composition and self-composition. Our implication holds based on virtually all known key agreement protocols, and can also be based on general complexity assumptions of the existence of dense trapdoor permutations.

Non-Interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers

Rosario Gennaro, Craig Gentry and Bryan Parno

We introduce and formalize the notion of Verifiable Computation, which enables a computationally weak client to "outsource" the computation of a function F on various dynamically-chosen inputs x_1,...,x_k to one or more workers. The workers return the result of the function evaluation, e.g., y_i=F(x_i), as well as a proof that the computation of F was carried out correctly on the given value x_i. The primary constraint is that the verification of the proof should require substantially less computational effort than computing F(x_i) from scratch.
We present a protocol that allows the worker to return a computationally-sound, non-interactive proof that can be verified in O(m) time, where m is the bit-length of the output of F. The protocol requires a one-time pre-processing stage by the client which takes O(|C|) time, where C is the smallest known Boolean circuit computing F. Unlike previous work in this area, our scheme also provides (at no additional cost) input and output privacy for the client, meaning that the workers do not learn any information about the x_i or y_i values.

Improved Delegation of Computation using Fully Homomorphic Encryption

Kai-Min Chung, Yael Kalai and Salil Vadhan

Following Gennaro, Gentry, and Parno (Cryptology ePrint Archive 2009/547), we use fully homomorphic encryption to design improved schemes for delegating computation. In such schemes, a {\em delegator} outsources the computation of a function $F$ on many, dynamically chosen inputs $x_i$ to a {\em worker} in such a way that it is infeasible for the worker to make the delegator accept a result other than $F(x_i)$. The "online phase" of the Gennaro et al. scheme is very efficient: the parties exchange two messages, the delegator runs in time $\poly(\log T)$, and the worker runs in time $\poly(T)$, where $T$ is the time complexity of $F$. However, the "offline phase" (which depends on the function $F$ but not the inputs to be delegated) is inefficient: the delegator runs in time $\poly(T)$ and generates a public key of length $\poly(T)$ that needs to be accessed by the worker during the online phase.
Our first construction eliminates the large public key from the Gennaro et al. scheme. The delegator still invests $\poly(T)$ time in the offline phase, but does not need to communicate or publish anything. Our second construction reduces the work of the delegator in the offline phase to $\poly(\log T)$ at the price of a 4-message (offline) interaction with a $\poly(T)$-time worker (which need not be the same as the workers used in the online phase). Finally, we describe a "pipelined" implementation of the second construction that avoids the need to re-run the offline construction after errors are detected (assuming errors are not too frequent).

Oblivious RAM Revisited

Benny Pinkas and Tzachy Reinman

We reinvestigate the oblivious RAM concept introduced by Goldreich and Ostrovsky, which enables a client, that can store locally only a constant amount of data, to store remotely $n$ data items, and access them while hiding the identities of items which are accessed. Oblivious RAM is often cited as a powerful tool, which can be used, for example, for search on encrypted data or for preventing cache attacks. However, it is also commonly considered to be impractical due to its overhead, which is asymptotically efficient but is quite high: each data request is replaced by $O(\log^4 n)$ requests, or by $O(\log^3 n)$ requests where the constant in the "$O$" notation is a few thousands. In addition, $O(n \log n)$ external memory is required in order to store the $n$ data items. We redesign the oblivious RAM protocol using modern tools, namely Cuckoo hashing and a new oblivious sorting algorithm. The resulting protocol uses only $O(n)$ external memory, and replaces each data request by only $O(\log^2 n)$ requests (with a small constant). This analysis is validated by experiments that we ran.

On Strong Simulation and Composable Point Obfuscation

Nir Bitansky and Ran Canetti

The Virtual Black Box (VBB) property for program obfuscators provides a strong guarantee: Anything computable by an efficient adversary given the obfuscated program can also be computed by an efficient simulator that has only oracle access to the program. However, we know how to achieve this notion only for very restricted classes of programs.
This work proposes a simple relaxation of VBB: Allow the simulator unbounded computation time, while still allowing only polynomially many queries to the oracle. We then demonstrate the viability of this relaxed notion, which we call Virtual Grey Box (VGB), in the context of fully composable obfuscators of point programs: It is known that, w.r.t. VBB, if such obfuscators exist then there exist multi-bit point obfuscators (aka "digital lockers") and subsequently also very strong variants of encryption that remain secure under key leakage and key-dependent-messages. However, no composable VBB-obfuscators for point programs have been shown. We show fully composable {\em VGB}-obfuscators for point programs under a strong variant of the Decision Diffie Hellman assumption, and show they still suffice for the above applications

Protocols for Multiparty Coin Toss With Dishonest Majority

Amos Beimel, Eran Omri and Ilan Orlov

Generating random bits is a fundamental problem in cryptography. Coin-tossing protocols, which generate a random bit with uniform distribution, are used as a building box in many cryptographic protocols. Cleve [STOC 1986] has shown that if at least half of the parties can be malicious, then, in any $r$-round coin-tossing protocol, the malicious parties can cause a bias of $\Omega(1/r)$ in the bit that the honest parties output. However, for more than two decades the best known protocols had bias $t/\sqrt{r}$, where $t$ is the number of corrupted parties. Recently, in a surprising result, Moran, Naor, and Segev [TCC 2009] have shown that there is an $r$-round two-party coin-tossing protocol with the optimal bias of $O(1/r)$. We extend Moran et al.~results to the multiparty model when less than 2/3 of the parties are malicious. The bias of our protocol is proportional to $1/r$ and depends on the gap between the number of malicious parties and the number of honest parties in the protocol. Specifically, for a constant number of parties or when the number of malicious parties is somewhat larger than half, we present an $r$-round $m$-party coin-tossing protocol with optimal bias of $O(1/r)$.

Multiparty Computation for Dishonest Majority: from Passive to Active Security at Low Cost

Ivan Damgard and Claudio Orlandi (Aarhus University)

Multiparty computation protocols have been known for more than twenty years now, but due to their lack of efficiency their use is still limited in real-world applications: the goal of this paper is the design of efficient two and multi party computation aimed to fill the gap between theory and practice. We propose a new protocol to securely evaluate reactive arithmetic circuits, that offers security against an active adversary in the universally composable security framework. Instead of the "do-and-compile" approach (where the parties use zero-knowledge proofs to show that they are following the protocol) our key ingredient is an efficient version of the "cut-and-choose" technique, that allow us to achieve active security for just a (small) constant amount of work more than for passive security.

Secure Multiparty Computation with Minimal Interaction

Yuval Ishai, Eyal Kushilevitz and Anat Paskin-Cherniavsky

We revisit the question of secure multiparty computation (MPC) with two rounds of interaction. It was previously shown by Gennaro et al.\ (Crypto 2002) that three or more communication rounds are necessary for general MPC protocols with guaranteed output delivery, assuming that there may be $t\ge 2$ corrupted parties. This negative result holds regardless of the total number of parties, even if {\em broadcast} messages are allowed in each round, and even if only {\em fairness} is required. We complement this negative result by presenting matching positive results.
Our first main result is that if only {\em one} party may be corrupted, then $n\ge 5$ parties can securely compute any function of their inputs using only {\em two} rounds of interaction over secure point-to-point channels (without broadcast or any additional setup). The protocol makes a black-box use of a pseudorandom generator, or alternatively can offer unconditional security for functionalities in $\NCone$.
We also prove a similar result in a client-server setting, where there are $m\ge 2$ clients who hold inputs and should receive outputs, and $n$ additional servers with no inputs and outputs. For this setting we obtain a general MPC protocol which requires a single message from each client to each server, followed by a single message from each server to each client. The protocol is secure against a single corrupted client and against coalitions of $t

A Zero-One Law for Cryptographic Complexity with Respect to Computational UC Security

Hemanta K. Maji and Manoj Prabhakaran and Mike Rosulek

We use security in the Universal Composition framework as a means to study the "cryptographic complexity" of 2-party secure computation tasks (functionalities). We say that a functionality F {\em reduces to} another functionality G if there is a UC-secure protocol for F using ideal access to G This reduction is a natural and fine-grained way to compare the relative complexities of cryptographic tasks. There are two natural "extremes" of complexity under the reduction: the {\em trivial} functionalities, which can be reduced to any other functionality; and the {\em complete} functionalities, to which any other functionality can be reduced.

In this work we show that under a natural computational assumption (the existence of a protocol for oblivious transfer secure against semi-honest adversaries), there is a {\bf zero-one law} for the cryptographic complexity of 2-party deterministic functionalities. Namely, {\em every such functionality is either trivial or complete.} No other qualitative distinctions exist among functionalities, under this computational assumption.

While nearly all previous work classifying multi-party computation functionalities has been restricted to the case of secure function evaluation, our results are the first to consider completeness of arbitrary {\em reactive} functionalities, which receive input and give output repeatedly throughout several rounds of interaction. One important technical contribution in this work is to initiate the comprehensive study of the cryptographic properties of reactive functionalities. We model these functionalities as finite automata and develop an automata-theoretic methodology for classifying and studying their cryptographic properties. Consequently, we completely characterize the reactive behaviors that lead to cryptographic non-triviality. Another contribution of independent interest is to optimize the hardness assumption used by Canetti et al. (STOC 2002) in showing that the common random string functionality is complete (a result independently obtained by Damg{\aa}rd et al. (TCC 2010)).

On Generalized Feistel Networks

Viet Tung Hoang and Phillip Rogaway

We prove beyond-birthday-bound security for the well-known types of generalized Feistel networks, including: (1) unbalanced Feistel networks, where the $n$-bit to $m$-bit round functions may have $n\ne m$; (2) alternating Feistel networks, where the round functions alternate between contracting and expanding; (3) type-1, type-2, and type-3 Feistel networks, where $n$-bit to $n$-bit round functions are used to encipher $kn$-bit strings for some $k\ge2$; and (4) numeric variants of any of the above, where one enciphers numbers in some given range rather than strings of some given size. Using a unified analytic framework we show that, in any of these settings, for any $\varepsilon>0$, with enough rounds, the subject scheme can tolerate CCA attacks of up to $q\sim N^{1-\varepsilon}$ adversarial queries, where $N$ is the size of the round functions' domain (the size of the larger domain for alternating Feistel). This is asymptotically optimal. Prior analyses for generalized Feistel networks established security to only $q\sim N^{0.5}$ adversarial queries.

Cryptographic Extraction and Key Derivation: The HKDF Scheme

Hugo Krawczyk

In spite of the central role of key derivation functions (KDF) in applied cryptography, there has been little formal work addressing the design and analysis of general multi-purpose KDFs. In practice, most KDFs (including those widely standardized) follow ad-hoc approaches that treat cryptographic hash functions as perfectly random functions. In this paper we close some gaps between theory and practice by contributing to the study and engineering of KDFs in several ways. We provide detailed rationale for the design of KDFs based on the extract-then-expand approach; we present the first general and rigorous definition of KDFs and their security that we base on the notion of computational extractors; we specify a concrete fully practical KDF based on the HMAC construction; and we provide an analysis of this construction based on the extraction and pseudorandom properties of HMAC. The resultant KDF design can support a large variety of KDF applications under suitable assumptions on the underlying hash function; particular attention and effort is devoted to minimizing these assumptions as much as possible for each usage scenario.

Beyond the theoretical interest in modeling KDFs, this work is intended to address two important and timely needs of cryptographic applications: (i) providing a single hash-based KDF design that can be standardized for use in multiple and diverse applications, and (ii) providing a conservative, yet efficient, design that exercises much care in the way it utilizes a cryptographic hash function.

(The HMAC-based scheme presented here, named HKDF, is being standardized by the IETF.)

Time space tradeoffs for attacks against One-way functions and PRGs

Anindya De and Luca Trevisan and Madhur Tulsiani

We study time space tradeoffs in the complexity of attacks against one-way functions and pseudorandom generators.

Fiat and Naor (SICOMP 99) show that for every function $f: [N]\to [N]$ there is an algorithm that inverts $f$ everywhere using (ignoring lower order factors) time, space and advice at most $N^{3/4}$.

We show that an algorithm using time, space and advice at most \[ \max \{ \epsilon^{\frac 54} N^{\frac 34} \ , \ \sqrt{\epsilon N} \} \] exists that inverts $f$ on at least an $\epsilon$ fraction of inputs. A lower bound of $\tilde \Omega(\sqrt { \epsilon N })$ also holds, making our result tight in the "low end" of $\epsilon \leq \sqrt[3]{\frac{1}{N}}$.

(Both the results of Fiat and Naor and ours are formulated as more general trade-offs between the time and the space and advice length of the algorithm. The results quoted above correspond to the interesting special case in which time equals space and advice length.)

We also show that for every length-increasing generator $G:[N] \to [2N]$ there is a algorithm that achieves distinguishing probability $\epsilon$ between the output of $G$ and the uniform distribution and that can be implemented in polynomial (in $\log N$) time and with advice and space $O(\epsilon^2 \cdot N\log N)$. We prove a lower bound of $S\cdot T\geq \Omega(\epsilon^2 N)$ where $T$ is the time used by the algorithm and $S$ is the amount of advice. This lower bound applies even when the distinguisher has oracle access to $G$.

We prove stronger lower bounds in the {\em common random string} model, for families of one-way permutations and of pseudorandom generators.

Pseudorandom Functions and Permutations Provably Secure Against Related-Key Attacks

Mihir Bellare and David Cash

This paper fills an important foundational gap with the first proofs, under standard assumptions and in the standard model, of the existence of PRFs and PRPs resisting rich and relevant forms of related-key attack (RKA). An RKA allows the adversary to query the function not only under the target key but under other keys derived from it in adversary-specified ways. Based on the Naor-Reingold PRF we obtain an RKA-PRF whose keyspace is a group and that is proven, under DDH, to resist attacks in which the key may be operated on by arbibrary adversary-specified group elements. Previous work was able only to provide schemes in idealized models (ideal cipher, random oracle), under new, non-standard assumptions, or for limited classes of attacks. The reason was technical difficulties that we resolve via a new approach and framework that, in addition to the above, yields other RKA-PRFs including a DLIN-based one derived from the Lewko-Waters PRF. Over the last 15 years cryptanalysts and blockcipher designers have routinely and consistenly targetted RKA-security; it is visibly important for abuse-resistant cryptography; and it helps protect against fault-injection sidechannel attacks. Yet ours are the first significant proofs of existence of secure constructs. We warn that our constructs are proofs-of-concept in the foundational style and not practical.

Secure Two-Party Quantum Evaluation of Unitaries Against Specious Adversariess

Frédéric Dupuis and Jesper Buus Nielsen and Louis Salvail

We show that any two-party quantum computation, specified by a unitary which simultaneously acts on the registers of both parties, can be securely implemented against a quantum version of classical semi-honest adversaries that we call specious.

We first show that no statistically private protocol exists for swapping qubits against specious adversaries. The swap functionality is modeled by a unitary transform that is not sufficient for universal quantum computation. It means that universality is not required in order to obtain impossibility proofs in our model. However, the swap transform can easily be implemented privately provided a classical bit commitment scheme.

We provide a simple protocol for the evaluation of any unitary transform represented by a circuit made out of gates in some standard universal set of quantum gates. All gates except one can be implemented securely provided one call to swap made available as an ideal functionality. For each appearance of the remaining gate in the circuit, one call to a classical NL-box is required for privacy. The NL-box can easily be constructed from oblivious transfer. It follows that oblivious transfer is universal for private evaluations of unitaries as well as for classical circuits.

Unlike the ideal swap, NL-boxes are classical primitives and cannot be represented by unitary transforms. It follows that, to some extent, this remaining gate is the hard one, like the AND gate for classical two-party computation.

On the Efficiency of Classical and Quantum Oblivous Transfer Reductions

Severin Winkler and Juerg Wullschleger

Due to its universality oblivious transfer (OT) is a primitive of great importance in secure multi-party computation. OT is impossible to implement from scratch in an unconditionally secure way, but there are many reductions of OT to other variants of OT, as well as other primitives such as noisy channels. It is important to know how efficient such unconditionally secure reductions can be in principle, i.e., how many instances of a given primitive are at least needed to implement OT. For perfect (error-free) implementations good lower bounds are known, e.g. the bounds by Beaver (STOC '96) or by Dodis and Micali (EUROCRYPT '99). But since in practice one is usually willing to tolerate a small probability of error and since these statistical reductions can be much more efficient, the known bounds have only limited application. In the first part of this work we provide lower bounds on the efficiency of 1-out-of-n OT and Rabin-OT reductions to distributed randomness in the statistical case. From these results we derive bounds on reductions to different variants of OT that generalize known bounds to the statistical case. Our bounds hold in particular for transformations between a finite number of primitives and for any error. In the second part we look at the efficiency of quantum reductions. Recently, Salvail, Schaffner and Sotakova (ASIACRYPT '09) showed that most classical lower bounds for perfectly secure reductions of OT to distributed randomness still hold in a quantum setting. We present a statistically secure protocol that violates these bounds by an arbitrarily large factor. We then present a weaker lower bound for the statistical setting. We use this bound to show that even quantum protocols cannot extend OT. Finally, we present two lower bounds for reductions of OT to commitments and a protocol based on string commitments that is optimal with respect to both of these bounds.

Sampling in a Quantum Population, and Applications

Niek Bouman and Serge Fehr

We propose a framework for analyzing classical sampling strategies for estimating the Hamming weight of a large string from a few sample positions, when applied to a multi-qubit quantum system instead. The framework shows how to interpret the result of such a strategy and how to define its accuracy when applied to a quantum system. Furthermore, we show how the accuracy of any strategy relates to its accuracy in its classical usage, which is well understood for the important examples. We show the usefulness of our framework by using it to obtain new and simple security proofs for the following quantum-cryptographic schemes: BB84 quantum-key-distribution, and quantum oblivious-transfer from bit-commitment.

Eurocrypt 2010

2010-02-26T00:44:00.000-08:00

Accepted papers

Secure obfuscation for encrypted signatures,
- Satoshi Hada.
Encryption schemes secure against chosen-ciphertext selective opening attacks,
- Serge Fehr,
- Dennis Hofheinz,
- Eike Kiltz,
- Hoeteck Wee.
Universally composable quantum multi-party computation,
- Dominique Unruh.
On the impossibility of three-move blind signature schemes,
- Marc Fischlin,
- Dominique Schröder.
Multi-property-preserving domain extension using polynomial-based modes of operation,
- Jooyoung Lee,
- John Steinberger.
A new generic algorithm for hard knapsacks,
- Nick Howgrave-Graham,
- Antoine Joux.
Constant-round non-malleable commitments from sub-exponential one-way functions,
- Rafael Pass,
- Hoeteck Wee.
Adaptive trapdoor functions and chosen-ciphertext security,
- Eike Kiltz,
- Payman Mohassel,
- Adam O'Neill.
Plaintext-dependent decryption: A formal security treatment of SSH-CTR,
- Kenneth G. Paterson,
- Gaven J. Watson.
Adaptively secure broadcast,
- Martin Hirt,
- Vassilis Zikas.
Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds,
- Alex Biryukov,
- Orr Dunkelman,
- Nathan Keller,
- Dmitry Khovratovich,
- Adi Shamir.
Stam's collision resistance conjecture,
- John Steinberger.
Constructing verifiable random functions with large input spaces,
- Susan Hohenberger,
- Brent Waters.
Automatic search for related-key differentials in byte-oriented block ciphers: Application to AES, Camellia, Khazad and others,
- Alex Biryukov,
- Ivica Nikolić.
Partial fairness in secure two-party computation,
- Dov Gordon,
- Jonathan Katz.
Cryptographic agility and its relation to circular encryption,
- Tolga Acar,
- Mira Belenkiy,
- Mihir Bellare,
- David Cash.
Secure message transmission with small public discussion,
- Juan Garay,
- Clint Givens,
- Rafail Ostrovsky.
Public-key encryption in the bounded-retrieval model,
- Joel Alwen,
- Yevgeniy Dodis,
- Moni Naor,
- Gil Segev,
- Shabsi Walfish,
- Daniel Wichs.
Converting pairing-based cryptosystems from composite-order groups to prime-order groups,
- David Mandell Freeman.
Efficient device-independent quantum key distribution,
- Esther Haenggi,
- Renato Renner,
- Stefan Wolf.
Bounded key-dependent message security,
- Boaz Barak,
- Iftach Haitner,
- Dennis Hofheinz,
- Yuval Ishai.
Computational soundness, co-induction, and encryption cycles,
- Daniele Micciancio.
Fully homomorphic encryption over the integers,
- Marten van Dijk,
- Craig Gentry,
- Shai Halevi,
- Vinod Vaikuntanathan.
Lattice enumeration using extreme pruning,
- Nicolas Gama,
- Phong Q. Nguyen,
- Oded Regev.
Perfectly secure multiparty computation and the computational overhead of cryptography,
- Ivan Damgård,
- Yuval Ishai,
- Mikkel Krøigaard.
A simple BGN-type cryptosystem from LWE,
- Craig Gentry,
- Shai Halevi,
- Vinod Vaikuntanathan.
Universal one-way hash functions via inaccessible entropy,
- Iftach Haitner,
- Thomas Holenstein,
- Omer Reingold,
- Salil Vadhan,
- Hoeteck Wee.
Efficient lattice (H)IBE in the standard model,
- Shweta Agrawal,
- Dan Boneh,
- Xavier Boyen.
Protecting circuits from leakage: The computationally-bounded and noisy cases,
- Sebastian Faust,
- Tal Rabin,
- Leonid Reyzin,
- Eran Tromer,
- Vinod Vaikuntanathan.
On ideal lattices and learning with errors over rings,
- Vadim Lyubashevsky,
- Chris Peikert,
- Oded Regev.
Algebraic cryptanalysis of McEliece variants with compact keys,
- Jean-Charles Faugère,
- Ayoub Otmani,
- Ludovic Perret,
- Jean-Pierre Tillich.
Bonsai trees, or how to delegate a lattice basis,
- David Cash,
- Dennis Hofheinz,
- Eike Kiltz,
- Chris Peikert.
Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption,
- Allison Lewko,
- Tatsuaki Okamoto,
- Amit Sahai,
- Katsuyuki Takashima,
- Brent Waters.

http://crypto.rd.francetelecom.com/events/eurocrypt2010/papers

STOC 2010

2010-02-26T00:25:00.000-08:00

Accepted papers

Budget Constrained Auctions with Heterogeneous Items
Sayan Bhattacharya (Duke), Gagan Goel (Georgia Tech), Sreenivas Gollapudi (Microsoft Research) and Kamesh Munagala (Duke)

On thje Structure of Cubic and Quartic Polynomials
Elad Haramaty and Amir Shpilka (Technion)

BQP and the Polynomial Hierarchy
Scott Aaronson (MIT)

Sorting under Partial Information (without the Ellipsoid Algorithm)
Jean Cardinal (ULB), Samuel Fiorini (ULB), Gwenaël Joret (ULB), Raphaël Jungers (MIT) and J. Ian Munro (University of Waterloo)

Approximation Schemes for Steiner Forest on Planar Graphs and Graphs of Bounded Treewidth
MohammadHossein Bateni (Princeton University), MohammadTaghi Hajiaghayi (AT&T Labs -- Research) and Dániel Marx (Tel Aviv University)

Extensions and Limits to Vertex Sparsification
Tom Leighton (MIT and Akamai Technologies, Inc) and Ankur Moitra (MIT)

Efficiently Learning Mixtures of Two Gaussians
Adam Tauman Kalai (Microsoft), Ankur Moitra (MIT), and Gregory Valiant (UC Berkeley)

Oblivious RAMs without Cryptographic Assumptions
Miklos Ajtai (IBM Almaden Research Center)

The HOM problem is decidable
Guillem Godoy, Omer Giménez, Lander Ramos and Carme Àlvarez (Universitat Polit`ecnica de Catalunya)

Deterministic identity testing of depth-4 multilinear circuits with bounded top fan-in
Zohar S. Karnin and Partha Mukhopadhyay and Amir Shpilka and Ilya Volkovich (Technion)

Improved Algorithms for Computing Fisher's Market Clearing Prices
James B. Orlin (MIT)

Optimal Bounds for Sign-Representing the Intersection of Two Halfspaces by Polynomials
Alexander A. Sherstov (Microsoft Research)

QIP = PSPACE
Rahul Jain (National University of Singapore), Zhengfeng Ji (Perimeter Institute), Sarvagya Upadhyay (University of Waterloo) and John Watrous (University of Waterloo)

Augmenting undirected node-connectivity by one
Laszlo A. Vegh (MTA-ELTE Egervary Research Group and Department of Operations Research, Eotvos University)

Solving Polynomial Equations in Smoothed Polynomial Time and a Near Solution to Smale's 17th Problem
Peter Buergisser (University of Paderborn) and Felipe Cucker (City University of Hong Kong)

Matroid Matching: the Power of Local Search
Jon Lee (IBM TJ Watson Research Center), Maxim Sviridenko (IBM TJ Watson Research Center) and Jan Vondrak (IBM Almaden Research Center)

Tensor-Rank and Lower Bounds for Arithmetic Formulas
Ran Raz (Weizmann Institute)

Towards Polynomial Lower Bounds for Dynamic Problems
Mihai Patrascu (AT&T Labs)

Improving Exhaustive Search Implies Superpolynomial Lower Bounds
Ryan Williams (IBM Almaden Research Center)

An Optimal Ancestry Scheme and Small Universal Posets
Pierre Fraigniaud and Amos Korman (CNRS and Univ. Paris Diderot)

Tractable hypergraph properties for constraint satisfaction and conjunctive queries
Dániel Marx (Tel Aviv University)

On the searchability of small-world networks with arbitrary underlying structure
Pierre Fraigniaud (CNRS and Univ. Paris Diderot) and George Giakkoupis (Univ. Paris Diderot)

Satisfiability Allows No Nontrivial Sparsification Unless The Polynomial-Time Hierarchy Collapses
Holger Dell (Humboldt University of Berlin) and Dieter van Melkebeek (University of Wisconsin-Madison)

A shorter proof of the Graph Minor Algorithm - The Unique Linkage Theorem -
Ken-ichi Kawarabayashi (National Institute of Informatics, Tokyo) and Paul Wollan (University of Rome, La Sapienza)

Pseudorandom Generators for Polynomial Threshold Functions
Raghu Meka and David Zuckerman (University of Texas at Austin)

How to Compress Interactive Communication
Boaz Barak (Princeton University), Mark Braverman (Microsoft Research New England), Xi Chen (University of Southern California) and Anup Rao (University of Washington)

Zero-One Frequency Laws
Vladimir Braverman and Rafail Ostrovsky (UCLA)

The maximum multiflow problems with bounded fractionality
Hiroshi Hirai (Reseach Institute for Mathematical Sciences, Kyoto University)

Measuring Independence of Datasets
Vladimir Braverman and Rafail Ostrovsky (UCLA)

On the Geometry of Differential Privacy
Moritz Hardt (Princeton University) and Kunal Talwar (Microsoft Research)

An Invariance Principle For Polytopes
Prahladh Harsha (Tata Institute of Fundamental Research), Adam Klivans (UT-Austin) and Raghu Meka (UT-Austin)

Perfect Matchings in O(n log n) Time in Regular Bipartite Graphs
Ashish Goel (Stanford University and Twitter), Michael Kapralov (Stanford University) and Sanjeev Khanna (University of Pennsylvania)

A Quantum Lovasz Local Lemma
Andris Ambainis (University of Latvia), Julia Kempe (Tel Aviv University) and Or Sattath (Hebrew University and Tel Aviv University)

Bayesian Algorithmic Mechanism Design
Jason D. Hartline (Northwestern University) and Brendan Lucier (University of Toronto)

A Strong Direct Product Theorem for Disjointness
Hartmut Klauck (Centre for Quantum Technologies, Singapore)

Recognizing well-parenthesized expressions in the streaming model
Frederic Magniez (LRI, Univ. Paris-Sud, CNRS), Claire Mathieu (Brown University) and Ashwin Nayak (U. Waterloo and Perimeter Institute)

Conditional Hardness of Precedence Constrained Scheduling on Identical Machines
Ola Svensson (KTH - Royal Institute of Technology, Stockholm)

An Improved LP-based Approximation for Steiner Tree
Jaroslaw Byrka (EPFL, Lausanne), Fabrizio Grandoni (Universita di Roma Tor Vergata), Thomas Rothvoss (EPFL, Lausanne) and Laura Sanita (EPFL, Lausanne)

On the Complexity of #CSP
Martin Dyer and David Richerby (University of Leeds)

Approximate Sparse Recovery: Optimizing Time and Measurements
Anna Gilbert (University of Michigan) Yi Li (University of Michigan), Ely Porat (Bar Ilan University) and Martin Strauss (University of Michigan)

On the Hardness of the Noncommutative Determinant
Vikraman Arvind and Srikanth Srinivasan (Institute of Mathematical Sciences, Chennai)

A Deterministic Single Exponential Time Algorithm for Most Lattice Problems based on Voronoi Cell Computations
Daniele Micciancio and Panagiotis Voulgaris (UCSD)

Combinatorial approach to the interpolation method and scaling limits in sparse random graphs
Mohsen Bayati (Stanford), David Gamarnik (MIT) and Prasad Tetali (Georgia Institute of Technology)

Weighted Geometric Set Cover via Quasi-Uniform Sampling
Kasturi Varadarajan (University of Iowa)

Complexity Theory for Operators in Analysis
Akitoshi Kawamura and Stephen Cook (University of Toronto)

Odd Cycle Packing
Ken-ichi Kawarabayashi (National Institute of Informatics, Japan) and Bruce Reed (McGill University and Projet MASCOTTE)

The Median Mechanism: Interactive and Efficient Privacy with Multiple Queries
Aaron Roth (CMU) and Tim Roughgarden (Stanford)

On the Round Complexity of Covert Computation
Vipul Goyal (MSR India) and Abhishek Jain (UCLA)

Public-Key Cryptography from Different Assumptions
Benny Applebaum (Weizmann Institute of Science), Boaz Barak (Princeton University) and Avi Wigderson (Institute for Advanced Study)

On the List-Decodability of Random Linear Codes
Venkatesan Guruswami (Carnegie Mellon University), Johan Håstad (KTH - Royal Institute of Technology) and Swastik Kopparty (Massachusetts Institute of Technology)

Hardness Amplification in Proof Complexity
Paul Beame (University of Washington), Trinh Huynh (University of Washington) and Toniann Pitassi (University of Toronto)

Non-commutative circuits and the sum-of-squares problem
Pavel Hrubes (Princeton University), Avi Wigderson (Institute for Advanced Study) and Amir Yehudayoff (Institute for Advanced Study)

Faster approximation schemes for fractional multicommodity flow problems via dynamic graph algorithms
Aleksander Madry (MIT)

Efficiency Improvements in Constructing Pseudorandom Generators from One-Way Functions
Iftach Haitner (Microsoft Research New England), Omer Reingold (Microsoft Research Silicon Valley and Weizmann Institute of Science) and Salil Vadhan (Harvard University)

Load balancing and orientability thresholds for random hypergraphs
Pu Gao and Nicholas Wormald (University of Waterloo)

Bounding the average sensitivity and noise sensitivity of polynomial threshold functions
Ilias Diakonikolas (Columbia University), Prahladh Harsha (Tata Institute of Fundamental Research), Adam R. Klivans (University of Texas), Raghu Meka (University of Texas), Prasad Raghavendra (Microsoft Research New England), Rocco A. Servedio (Columbia University) and Li-Yang Tan (Columbia University)

Graph Expansion and the Unique Games Conjecture
Prasad Raghavendra (Microsoft Research New England) and David Steurer (Princeton University)

Approximations for the Isoperimetric and Spectral Profile of Graphs and Related Parameters
Prasad Raghavendra (Microsoft Research New England), David Steurer (Princeton University) and Prasad Tetali (Georgia Tech)

Detecting High Log-Densities -- an $O(n^{1/4})$ Approximation for Densest $k$-Subgraph
Aditya Bhaskara (Princeton University), Moses Charikar (Princeton University), Eden Chlamtac (Weizmann Institute of Science), Uriel Feige (Weizmann Institute of Science) and Aravindan Vijayaraghavan (Princeton University)

Near-optimal extractors against quantum storage
Anindya De and Thomas Vidick (UC Berkeley)

On the Complexity of Circuit Satisfiability
Ramamohan Paturi (University of California, San Diego) and Pavel Pudl\'ak (Mathematical Institute of the Czech Academy of Sciences)

Connectivity Oracles for Failure Prone Graphs
Seth Pettie and Ran Duan (University of Michigan)

Multi-parameter mechanism design and sequential posted pricing
Shuchi Chawla (University of Wisconsin-Madison), Jason Hartline (Northwestern University), David Malec (University of Wisconsin-Madison) and Balasubramanian Sivan (University of Wisconsin-Madison)

Subgraph Sparsification and Nearly Optimal Ultrasparsifiers
Alexandra Kolla (Institute for Advanced Study), Yury Makarychev (Toyota Technological Institute at Chicago), Amin Saberi (Stanford University) and Shang-Hua Teng (University of Southern California)

Bilipschitz snowflakes, metrics of negative type, and PSD flows
James R. Lee and Mohammad Moharrami (University of Washington)

The Limits of Buffering: A Tight Lower Bound for Dynamic Membership in the External Memory Model
Elad Verbin (ITCS, Tsinghua University) and Qin Zhang (Hong Kong University of Science and Technology)

Optimal Homologous Cycles, Total Unimodularity, and Linear Programming
Tamal K. Dey (Ohio State University), Anil N. Hirani (University of Illinois at Urbana-Champaign) and Bala Krishnamoorthy (Washington State University)

Distributed Computation in Dynamic Networks
Fabian Kuhn (University of Lugano), Nancy Lynch (MIT) and Rotem Oshman (MIT)

A Full Characterization of Quantum Advice
Scott Aaronson and Andrew Drucker (MIT)

Maintaining a Large Matching or a Small Vertex Cover
Krzysztof Onak (MIT) and Ronitt Rubinfeld (MIT and Tel Aviv University)

Almost Tight Bounds for Rumour Spreading with Conductance
Flavio Chierichetti, Silvio Lattanzi and Alessandro Panconesi (Sapienza University)

Changing Base without Losing Space
Yevgeniy Dodis (New York University) and Mihai Pastrascu (AT&T Labs) and Mikkel Thorup (AT&T Labs)

The Price of Privately Releasing Contingency Tables and the Spectra of Random Matrices with Correlated Rows
Shiva Kasiviswanathan (Los Alamos National Laboratory), Mark Rudelson (University of Missouri), Adam Smith (Pennsylvania State University) and Jonathan Ullman (Harvard University)

Saving Space by Algebraization
Daniel Lokshtanov and Jesper Nederlof (University of Bergen)

Privacy Amplification with Asymptotically Optimal Entropy Loss
Nishanth Chandran (UCLA), Bhavana Kanukurthi (Boston University), Rafail Ostrovsky (UCLA) and Leonid Reyzin (Boston University)

A Sparse Johnson-Lindenstrauss Transform
Anirban Dasgupta and Ravi Kumar and Tamas Sarlos (Yahoo! Research)

Local List-Decoding and Testing of Random Linear Codes from High-Error
Swastik Kopparty and Shubhangi Saraf (MIT)

Differential Privacy Under Continual Observation
Cynthia Dwork (Microsoft Research), Moni Naor (Weizmann Institute), Toniann Pitassi (University of Toronto) and Guy Rothblum (Princeton University)

http://research.microsoft.com/en-us/um/newengland/events/stoc2010/accepted.htm

COSADE 2010

2010-02-11T13:36:00.000-08:00

Accepted Papers

About Probability Density Function Estimation for Side Channel Analysis
Florent Flament, Houssem Maghrebi, Moulay Aziz Elabid, Jean-Luc Danger, Sylvain Guilley and Laurent Sauvage, Telecom ParisTech, France
Biasing power traces to improve correlation in power analysis attacks
Yongdae Kim, Akeshi Sugawara, Naofumi Homma and Takafumi Aoki, Graduate School of Information Sciences, Tohoku University, Japan Akashi Satoh, National Institute of Advanced Industrial Science and Technology, Japan
Correlation power analysis in frequency domain
Oliver Schimmel, Technical University Darmstadt, Germany
Paul Duplys, Eberhard Boehl and Jan Hayek, Robert Bosch GmbH, Germany
Wolfgang Rosenstiel, University of Tübingen, Germany
DPA Characteristic Evaluation of SASEBO for Board Level Simulation
Toshihiro Katashita, Akashi Satoh, Katsuya Kikuchi, Hiroshi Nakagawa, Masahiro Aoyagi, National Institute of Advanced Industrial Science and Technology, Japan
Improved Point of Interest Search for Template Attacks
Martin Baer, Fraunhofer SIT, Germany
Hermann Drexler and Jürgen Pulkus. Giesecke & Devrient, Germany
Performance and Security Aspects of Client-Side SSL/TLS Processing on Mobile Devices
Johann Groszschaedl. University of Luxembourg, Luxembourg
Randomizing the Montgomery Multiplication to Repel Template Attacks on Multiplicative Masking
Christoph Herbst and Marcel Medwed, IAIK ,TU Graz, Austria
Right-to-Left or Left-to-Right Exponentiation?
Colin Walter, Royal Holloway, United Kingdom
Side Channel Leakage Profiling in Software
Daniel Shumow and Peter Montgomery, Microsoft Research, USA
Side-Channel Analysis based on Rainbow Tables
Sylvain Guilley, Olivier Meynard, Laurent Sauvage and Jean-Luc Danger. Telecom ParisTech, France
Side channels attacks in code-based cryptography
Pierre-Louis Cayrel, Center for Advanced Security Research Darmstadt (CASED), Germany
Falko Strenzke., FlexSecure GmbH
Side-Channel based Watermarks for IP Protection
Georg T. Becker, Markus Kasper and Christof Paar, Ruhr-Universität Bochum, Germany
The Variance Power Attack
Philippe Hoogvorst, CNRS, France
Towards a Third Order Side Channel Analysis Resistant Table Recomputation Method
Guillaume Fumaroli, Sylvain Lachartre and Ange Martinelli, Thales, France
Louis Goubin, Université Versailles Saint-Quentin, France

http://cosade2010.cased.de/accepted_papers.html

CT-RSA 2010

2010-02-11T12:51:00.000-08:00

Accepted Papers

Title: Breaking RSA-based PIN Encryption with thirty ciphertext validity queries
Authors: Nigel P. Smart
Affiliations: University of Bristol

Title: Efficient CRT-RSA Decryption for Small Encryption Exponents
Authors: Subhamoy Maitra and Santanu Sarkar
Affiliations: Indian Statistical Institute

Title: Linear Cryptanalysis of Reduced-Round PRESENT
Authors: Joo Yeon Cho
Affiliations: Helsinki University of Technology, Finland

Title: Resettable Public-Key Encryption: How to Encrypt on a Virtual Machine
Authors: Scott Yilek
Affiliations: UC San Diego

Title: Usable Optimistic Fair Exchange
Authors: Alptekin Kupcu and Anna Lysyanskaya
Affiliations: Brown University

Title: On Extended Sanitizable Signature Schemes
Authors: Sebastien Canard and Amandine Jambert
Affiliations: Orange Labs and Orange Labs

Title: Dependent Linear Approximations - The Algorithm of Biryukov and Others Revisited
Authors: Miia Hermelin and Kaisa Nyberg
Affiliations: Helsinki University of Technology (TKK)

Title: Making the Diffie-Hellman Protocol Identity-Based
Authors: Dario Fiore and Rosario Gennaro
Affiliations: University of Catania, IBM Research - USA

Title: Hash Function Combiners in TLS and SSL
Authors: Marc Fischlin, Anja Lehmann, Daniel Wagner
Affiliations: Darmstadt University of Technology, Germany

Title: Unrolling Cryptographic Circuits: A Simple Countermeasure Against Side-Channel Attacks
Authors: Shivam Bhasin, Sylvain Guilley, Laurent Sauvage, Jean-Luc Danger
Affiliations: Institut TELECOM / TELECOM ParisTech, CNRS LTCI (UMR 5141), Departement COMELEC, 46 rue Barrault, 75634 PARIS Cedex 13, FRANCE.

Title: Practical Key Recovery Attack against Secret-IV Edon-R
Authors: Gaetan Leurent
Affiliations: Ecole Normale Superieure, Paris

Title: Plaintex-Awareness of Hybrid Encryption
Authors: Shaoquan Jiang and Huaxiong Wang
Affiliations: University of Electronic Science and Technology of China & Nanyang Technological University

Title: High-speed parallel software implementation of the nT pairing
Authors: Diego F. Aranha, Julio Lopez, Darrel Hankerson
Affiliations: University of Campinas, Auburn University

Title: Refinement of Miller's Algorithm over Edwards Curves
Authors: XU Lei, LIN Dongdai
Affiliations: tate Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences

Title: The Sum of CBC MACs Is a Secure PRF
Authors: Kan Yasuda
Affiliations: NTT Corporation

Title: Fault Attacks against EMV Signatures
Authors: Jean-Sebastien Coron and David Naccache and Mehdi Tibouchi
Affiliations: University of Luxembourg, ENS

Title: Improving Efficiency of An 'On the Fly' Identification Scheme by Perfecting Zero-Knowledgeness
Authors: Bagus Santoso, Kazuo Ohta, Kazuo Sakiyama, Goichiro Hanaoka
Affiliations: Research Center for Information Security (RCIS) National Institute of Advanced Industrial Science and Technology (AIST), The University of Electro-Communications

Title: Probabilistic Public Key Encryption with Equality Test
Authors: Guomin Yang and Chik How Tan and Qiong Huang and Duncan S. Wong
Affiliations: National University of Singapore and City University of Hong Kong

Title: Efficient CCA-Secure Public Key Encryption from Identity-based Techniques
Authors: Junzuo Lai, Robert H. Deng, Shengli Liu, Weidong Kou
Affiliations: Shanghai Jiao Tong University, Singapore Management University, Shanghai Jiao Tong University, Xi Dian University

Title: Speed records for NTRU
Authors: Jens Hermans, Frederik Vercauteren, Bart Preneel
Affiliations: K.U. Leuven, ESAT/SCD-COSIC and IBBT, Belgium

Title: Revisiting Higher-Order DPA Attacks: Multivariate Mutual Information Analysis
Authors: Benedikt Gierlichs and Lejla Batina and Bart Preneel and Ingrid Verbauwhede
Affiliations: K.U. Leuven, ESAT/SCD-COSIC and IBBT, Belgium; and Radboud University Nijmegen, Netherlands

Title: On Fast Verification of Hash Chains
Authors: Dae Hyun Yum, Jin Seok Kim, Pil Joong Lee, Sung Je Hong
Affiliations: POSTECH

Title: Anonymity from Asymmetry : New Constructions for Anonymous HIBE
Authors: Dan Boneh, Leo Ducas
Affiliations: Stanford University, Ecole Normale Superieure

Title: Differential Cache-Collision Timing Attacks on AES with Applications to Embedded CPUs
Authors: Andrey Bogdanov and Thomas Eisenbarth and Christof Paar and Malte Wienecke
Affiliations: Horst Gortz Institute for IT Security, Ruhr University Bochum, Germany; COSIC - Katholieke Universiteit Leuven, Belgium

Title: Rebound Attacks on the Gr{\o}stl Hash Function
Authors: Florian Mendel and Christian Rechberger and Martin Schlaffer and Soren S. Thomsen
Affiliations: Graz University of Technology and Technical University of Denmark

WiSec'10

2010-02-11T12:44:00.000-08:00

LIST OF SUBMISSIONS ACCEPTED AS FULL PAPERS:

pBMDS: A Behavior-based Malware Detection System for Cellphone Devices, Liang Xie, Xinwen Zhang, Jean-Pierre Seifert and Sencun Zhu.
Preventing Multi-query Attack in Location-based Services, Nilothpal Talukder and Sheikh Iqbal Ahamed.
Attacks on Physical-layer Identification, Boris Danev, Heinrich Luecken, Srdjan Capkun and Karim El Defrawy.
Effectiveness of Distance-decreasing Attacks Against Impulse Radio Ranging, Manuel Flury, Marcin Poturalski, Panagiotis (Panos) Papadimitratos, Jean-Pierre Hubaux and Jean-Yves Le Boudec.
Low-Cost Untraceable Authentication Protocols for RFID, Yong Ki Lee, Lejla Batina, Dave Singeléand Ingrid Verbauwhede.
Mobile User Location-specific Encryption (MULE): Using Your Office as Your Password, Ahren Studer and Adrian Perrig.
A Secure and Scalable Identification for Hash-based RFID Systems Using Updatable Pre-computation, Yasunobu Nohara and Sozo Inoue.
honeyM: A Framework for Implementing Virtual Honeyclients for Mobile Devices, TJ OConnor and Ben Sangster.
Timing-based Localization of In-Band Wormhole Tunnels in MANETs, Jinsub Kim, Dan Sterne, Rommie Hardy, Roshan K. Thomas and Lang Tong.

LIST OF SUBMISSIONS ACCEPTED AS SHORT PAPERS:

RFID Survivability Quantification and Attack Modeling, Yanjun Zuo.
Subverting MIMO Wireless Systems by Jamming the Channel Estimation Procedure, Robert Miller and Wade Trappe.
Efficient Compromising Resilient Authentication Schemes for Large Scale Wireless Sensor Networks, Hao Chen.
On the Tradeoff between Trust and Privacy in Wireless Ad Hoc Networks, Maxim Raya, Reza Shokri and Jean-Pierre Hubaux.
Automating the Injection of Believable Decoys to Detect Snooping, Brian Bowen, Vasileios P. Kemerlis, Pratap Prabhu, Angelos Keromytis and Sal Stolfo.
Zeroing-In on Network Metric Minima for Sink Location Determination, Zhenhua Liu and Wenyuan Xu.
Privacy-Preserving Computation of Benchmarks on Item-Level Data Using RFID, Florian Kerschbaum, Nina Oertel and Leonardo Weiss Ferreira Chaves.
On the Efficiency of Secure Beaconing in VANETs, Frank Kargl and Elmar Schoch.
Secret Keys from Entangled Sensor Motes: Implementation and Analysis, Matthias Wilhelm, Ivan Martinovic and Jens Schmitt.
Efficient Code Diversification for Network Reprogramming in Sensor Networks, Qijun Gu.
Secure Walking GPS: A Secure Localization and Key Distribution Scheme for Wireless Sensor Networks, Qi Mi, John Stankovic and Radu Stoleru.
On the Reliability of Wireless Fingerprinting using Clock Skews, Chrisil Arackaparambil, Sergey Bratus, Anna Shubina and David Kotz.

LIST OF ACCEPTED POSTERS/DEMOS:

Testbed Design For Facilitating Simultaneous WiMAX Experiments, Gautam Bhanage.
Regulating Pervasive Computing Applications in Ad hoc networks using Law Governed Interaction, Rishabh Dudheria, Naftaly Minsky and Wade Trappe.
Detecting Wormholes in Wireless Sensor Networks, Thanassis Giannetsos, Tassos Dimitriou and Neeli Prasad.
Enhancing unlinkability on IPv6 receiver address with distributed relay service, Takashi Minohara and Ryota Sato.
Secret Handshakes or Oh, It's You Again!, Kristin Buckley, Michael Engling and Susanne Wetzel.
Stealthy Compromise of Wireless Sensor Nodes with Power Analysis Attacks, Giacomo de Meulenaer and Françs-Xavier Standaert.
The Indiana Jones Attack: An Initial Evaluation of RSS Authentication, Bernhard Firner, Wade Trappe, Rich Howard and Yanyong Zhang.
An Effcient Security Framework for Mobile WiMAX, Mete Rodoper, Arati Baliga, Wade Trappe and Edward Jung.
appoint - A Distributed Privacy-Preserving iPhone Application, Daniel A., Mayer, Dominik Teubert, Susanne Wetzel, Ulrike Meyer and Georg Neugebauer.
Strongly Secure Pairing of Wireless Devices within Physical Proximity, Suhas Mathur, Wade Trappe and Alexander Varshavsky.
Mobile Ad-hoc Routing Security, Jared Cordasco, Werner Backes and Susanne Wetzel.
Rapid prototyping of a "Denial of Service Radio" using OCRP Kit, Prasanthi Maddala, Khanh Le, Peter Wolniansky and Ivan Seskar.
Discovering Wormhole Attacks in Delay Tolerant Networks via Forbidden Topology Structure Identification, Yanzhi Ren, Mooi Choo Chuah, Jie Yang and Yingying Chen.
Coping with Frequency-based Attacks to Secure Distributed Data Storage in Wireless Networks, Hongbo Liu, Hui Wang and Yingying Chen.

PQCrypto 2010

2010-02-11T12:40:00.000-08:00

Accepted Papers

Proposal of a Signature Scheme based on STS Trapdoor

Shigeo Tsujii, Masahito Gotaishi, Kohtaro Tadaki, Ryo Fujita

Cryptanalysis of Two Quartic Encryption Schemes

Weiwei Cao, Jintai Ding,Lei Hu,Xuyun Nie

Strongly Unforgeable Signatures and Hierarchical Identity-based Signatures from Lattices Without Random Oracles

Markus Rückert

Designing a rank metric based McEliece cryptosystem

Pierre Loidreau

Cryptanalysis of the Niederreiter Public Key Scheme Based on GRS Subcodes

Christian Wieschebrink

Properties of the Discrete Differential with Cryptographic Application

Daniel Smith-Tone

Selecting Parameters for the Rainbow Signature Scheme

Albrecht Petzoldt, Stanislav Bulygin, and Johannes Buchmann

A Timing Attack against the secret Permutation in the McEliece PKC

Falko Strenzke

Growth of the ideal generated by a quadratic Boolean function

Jintai Ding, Timothy Hodges, Victoria Kruglov

Practical Power Analysis Attacks on Software Implementations of McEliece

Stefan Heyse and Amir Moradi and Christof Paar

Cryptanalysis of Improved MFE Public Key Cryptosystem

Xuyun Nie, Jintai Ding, Weiwei Cao, Xiling Tang4

Information-set decoding for linear codes over Fq

Christiane Peters

Mutant Zhuang-Zi Algorithm

Jintai Ding, Dieter Schmidt

Secure Variants of the Square Encryption Scheme

Crystal Clough, Jintai Ding

Low-Reiter: Niederreiter Encryption Scheme for Embedded Microcontrollers

Stefan Heyse

Grover vs. McEliece

Daniel J. Bernstein

Key exchange and encryption schemes based on non-commutative skew polynomials

Boucher,Gaborit,Geiselmann,Ruatta,Ulmer

TCC 2010

2010-02-02T01:18:00.000-08:00

Accepted Papers

A Domain Extender for the Ideal Cipher
Jean-Sebastien Coron and Yevgeniy Dodis and Avradip Mandal and Yannick Seurin
A Hardcore Lemma for Computational Indistinguishability: Security Amplification for Arbitrarily Weak PRGs with Optimal Stretch
Ueli Maurer and Stefano Tessaro
A Twist on the Naor-Yung Paradigm and Its Application to Efficient CCA-Secure Encryption from Hard Search Problems
Ronald Cramer and Dennis Hofheinz and Eike Kiltz
Almost Optimal Bounds for Direct Product Threshold Theorem
Charanjit S Jutla
An Efficient Parallel Repetition Theorem
Johan Hastad and Rafael Pass and Douglas Wikstrom and Krzysztof Pietrzak
Bounds on the Sample Complexity for Private Learning and Private Data Release
Amos Beimel and Shiva Kasiviswanathan and Kobbi Nissim
Composition of Zero-Knowledge Proofs with Efficient Provers
Eleanor Birrell and Salil Vadhan
Concise Mercurial Vector Commitments and Independent Zero-Knowledge Sets with Short Proofs
Benoit Libert and Moti Yung
Delayed-Key Message Authentication for Streams
Marc Fischlin and Anja Lehmann
Efficiency Limitations for $\Sigma$-Protocols for Group Homomorphisms
Endre Bangerter and Jan Camenisch and Stephan Krenn
Efficiency Preserving Transformations for Concurrent Non-Malleable Zero-Knowledge
Rafail Ostrovsky and Omkant Pandey and Ivan Visconti
Efficient Rational Secret Sharing in Standard Communication Networks
Georg Fuchsbauer and Jonathan Katz and David Naccache
Efficient, Robust and Constant-Round Distributed RSA Key Generation
Ivan Damgård and Gert Læssøe Mikkelsen
Eye for an Eye: Efficient Concurrent Zero-Knowledge in the Timing Model
Rafael Pass and Wei-Lung Dustin Tseng and Muthuramakrishnan Venkitasubramaniam
Founding Cryptography on Tamper-Proof Hardware Tokens
Vipul Goyal and Yuval Ishai and Amit Sahai and Ramarathnam Venkatesan and Akshay Wadia
From Passive to Covert Security at Low Cost
Ivan Damgård and Martin Geisler and Jesper Buus Nielsen
Fully Secure HIBE with Short Ciphertext
Allison B. Lewko and Brent Waters
Ideal Hierarchical Secret Sharing Schemes
Oriol Farràs and Carles Padró
Leakage-Resilient Signatures
Sebastian Faust and Eike Kiltz and Krzysztof Pietrzak and Guy Rothblum
Obfuscation of Hyperplanes
Ran Canetti and Guy Rothblum and Mayank Varia
On Building Fairness Bit by Bit
S. Dov Gordon and Yuval Ishai and Tal Moran and Rafail Ostrovsky and Amit Sahai
On Related-Secret Pseudorandomness
David Goldenberg and Moses Liskov
On Symmetric Encryption and Point Obfuscation
Ran Canetti and Yael Tauman Kalai and Mayank Varia and Daniel Wichs
On the Necessary and Sufficient Assumptions for UC Computation
Ivan Damgård and Jesper Buus Nielsen and Claudio Orlandi
Private Coins versus Public Coins in Zero-Knowledge Proof Systems
Rafael Pass and Muthuramakrishnan Venkitasubramaniam
Public-Key Cryptographic Primitives Provably as Secure as Subset Sum
Vadim Lyubashevsky and Adriana Palacio and Gil Segev
Public-key Encryption Schemes with Auxiliary Inputs
Yevgeniy Dodis and Shafi Goldwasser and Yael Kalai and Chris Peikert and Vinod Vaikuntanathan
Rationality in the Full-Information Model
Ronen Gradwohl
Robust Encryption
Michel Abdalla and Mihir Bellare and Gregory Neven
Threshold Decryption and Zero-Knowledge Proofs for Lattice-Based Cryptosystems
Rikke Bendlin and Ivan Damgård
Tight Parallel Repetition Theorems for Public-coin Arguments
Kai-Min Chung and Feng-Hao Liu
Truly Efficient String Oblivious Transfer and SFE in Malicious and Covert Adversaries Models Using Resettable Tamper-Proof Tokens
Vladimir Kolesnikov
Two Is A Crowd? A Black-Box Separation Of One-Wayness and Security Under Correlated Inputs
Yevgeniy Vahlis

FSE 2010

2010-02-02T01:15:00.000-08:00

FSE 2010 List of Accepted Papers

103. Cryptanalysis of ESSENCE
Maria Naya-Plasencia, Andrea Röck, Jean-Philippe Aumasson, Yann Laigle-Chapuy, Gaëtan Leurent, Willi Meier, Thomas Peyrin

104. Constructing Rate-1 MACs from Unpredictable Block Ciphers: PGV Model Revisited Liting Zhang, Wenling Wu, Peng Wang, Lei Zhang, Shuang Wu, Bo Liang

106. How to Thwart Birthday Attacks against MACs via Small Randomness
Kazuhiko Minematsu

110. Super-Sbox Cryptanalysis: Improved Attacks for AES-like Permutations
Henri Gilbert, Thomas Peyrin

113. Differential and Invertibility Properties of BLAKE (Short Presentation)
Jean-Philippe Aumasson, Jian Guo, Simon Knellwolf, Krystian Matusiewicz, Willi Meier

119. Rebound Attack on Reduced-Round Versions of the JH
Vincent Rijmen, Deniz Toz, Kerem Varici

122. Domain Extension for Enhanced Target Collision-Resistant Hash Functions
Ilya Mironov

123. Higher Order Differential Attack on Step-Reduced Variants of Luffa v1
Dai Watanabe, Yasuo Hatano, Tsuyoshi Yamada, Toshinobu Kaneko

124. A Unified Method for Improving PRF Bounds for a Class of Blockcipher based MACs
Mridul Nandi

129. Enhanced Security Notions for Dedicated-Key Hash Functions: Definitions and Relationships
Mohammad Reza Reyhanitabar, Willy Susilo, Yi Mu

133. Pseudo-cryptanalysis of the Original Blue Midnight Wish (Short Presentation)
Søren Steffen Thomsen

138. Rotational Cryptanalysis of ARX
Dmitry Khovratovich, Ivica Nikolic

139. Improving the Generalized Feistel
Tomoyasu Suzaki, Kazuhiko Minematsu

146. Security Analysis of the Mode of JH Hash Function
Rishiraj Bhattacharyya, Avradip Mandal, Mridul Nandi

151. Fast Software AES Encryption
Dag Arne Osvik, Joppe W. Bos, Deian Stefan, David Canright

152. Lightweight Privacy Preserving Authentication for RFID Based on a Stream Cipher
Olivier Billet, Jonathan Etrog, Henri Gilbert

153. Finding Preimages of Tiger Up to 23 Steps
Lei Wang, Yu Sasaki

155. Nonlinear Equivalence of Stream Ciphers
Sondre Rønjom, Carlos Cid

156. Attacking the Knudsen-Preneel Compression Functions
Onur Özen, Thomas Shrimpton, Martijn Stam

163. Another Look at Complementation Properties
Charles Bouillaguet, Orr Dunkelman, Gaëtan Leurent, Pierre-Alain Fouque

166. Cryptanalysis of the DECT Standard Cipher
Karsten Nohl, Erik Tews, Ralf-Philipp Weinmann

C&ESAR 2009

2009-11-24T00:25:00.000-08:00

Hello,
The conference starts today; you can get the program here : http://www.cesar-conference.fr/
or just below.
Regards,

Etat de l'art de la sécurité des réseaux radioélectriques 802.11

Laurent Butti

Étude de l'interception et du positionnement de trafic Wi-Fi dans un environnement hétérogène

Matteo Cypriani, François Spies et al

Attaques Wifi WPA

Cédric Blancher

Sécurité UMTS

Henri Gilbert

Les dangers du WiFi - démonstration

Christophe Rault

Vérification de protocoles dans les réseaux ad hoc

Ana Cavalli

Survivability of mobile ad hoc networks in military applications

Thierry Plesse

A secure approach for tactical MANETs

Christophe Bidan

Quand la technologie se mêle de droit et vice versa

Daniel Lemétayer

Sécurité dans les systèmes RFID

Gldas Avoine

Protocoles de sécurité pour RFID

François Vacherand

Introduction NFC , paysage, attaques, applications

Christian Damour, Guillaume Achten et al

NFC, Java Card, and Certification

Eric Vétillard, Guillaume Dufay

Sensor networks security

Konrad Wrona

A Distributed Intrusion Detection System for Wireless Sensor Networks

Philippe Leleu, Lionel Besso

Analyse de la menace sur les applications sans fil à courte et moyenne portée

Eric Bornette, Didier Eymery

Anonymat et géolocalisation

Sébastien Gambs

Compromising electromagnetic emanations of wireless communications

Martin Vuagnoux

RFID : protection des données à caractère personnel dans l'internet des objets

Marie Barel

INSCRYPT 2009

2009-11-06T07:29:00.000-08:00

Ping Li, Bing Sun and Chao Li. Integral Cryptanalysis of ARIA

Xianmeng Meng. Weak Keys in RSA With Primes Sharing Least Significant Bits

Wei Zhao and Dingfeng Ye. Pairing-based Nominative Signatures with Selective and Universal Convertibility

Kang Le and Xiang Ji. CAPTCHA Phishing: A Practical Attack on Human Interaction Proofing

Zhiqiang Liu, Dawu Gu, Jing Zhang and Wei Li. Differential-Multiple Linear Cryptanalysis

Ruming Yin, Jian Yuan, Qiuhua Yang, Xiuming Shan and Xiqin Wang. Gemstone: A new stream cipher using coupled map lattice

Mathieu Renauld and Francoix-Xavier Standaert. Algebraic Side-Channel Attacks

Lei Zhang, Wenling Wu and Liting Zhang. Proposition of Two New Cipher Structures

Liqun Chen. A DAA Scheme Requiring Less TPM Resources

Sean Policarpio and Yan Zhang. A Formal Language for Specifying Complex XML Authorisations with Temporal Constraints

Deian Stefan. Hardware Framework for the Rabbit Stream Cipher

Yanjiang Yang, Jian Weng, Jianying Zhou and Ying Qiu. Optionally Identifiable Private Handshakes

Arpita Patra, Ashish Choudhary and Chandrasekaran Pandurangan. Communication Efficient Statistical Asynchronous Multiparty Computation with Optimal Resilience

Elie Bursztein and John Mitchell. Using Strategy Objectives for Network Security Analysis

Nicky Mouha, Gautham Sekar, Jean-Philippe Aumasson, Thomas Peyrin, Søren S. Thomsen, Meltem Sonmez Turan and Bart Preneel. Cryptanalysis of the ESSENCE Family of Hash Functions

Muhammad Reza Z'aba, Leonie Simpson, Ed Dawson and Kenneth Wong. Linearity within the SMS4 Block Cipher

Saba Jalal and Brian King. An Attack and Repair of Secure Web Transaction Protocol

Sharmila Deva Selvi S, Sree Vivek S and Chandrasekaran Pandu Rangan. Cryptanalysis of Certificateless Signcryption Schemes and an Efficient Construction Without Pairing

Takeo Mizuno and Hiroshi Doi. Hybrid Proxy Re-Encryption scheme for Attribute-Based Encryption

Shivank Agrawal, Swarun Kumar, Amjed Shareef and Pandu Rangan C. Sanitizable signatures with strong transparency in the standard model

Sharmila Deva Selvi S, Sree Vivek S, Shilpi Nayak and Chandrasekaran Pandurangan. Breaking and Building of Threshold Signcryption Schemes

Johann Groszschaedl and Stefan Tillich. Full-Custom VLSI Design of a Unified Multiplier for ECC on Smart Cards and RFID Tags

Short Paper

Lijun Dong and Xiaojun Kang. A Dynamic Role-Based Access Control Model on Environment Security

JIQIANG LU. Differential Attack on Five Rounds of the SC2000 Block Cipher

Sourav Das and Dipanwita RoyChowdhury. Prevention of Attacks on Grain Using Cellular Automata

Rui Zhang and Hideki Imai. Constructing Better KEMs with Partial Message Recovery

Zhigang Gao and Dengguo Feng. An improved password authenticated key agreement protocol for wireless mobile network

Xiaofeng Nie, Jiwu Jing and Yuewu Wang. A Novel Contagion-Like Patch Dissemination Mechanism against Peer-to-Peer File-Sharing Worms

Fengjiao Wang and Yuqing Zhang. Provably Secure Password-authenticated Group Key Exchange with Different Passwords under Standard Assumption

Xuexian Hu and Wenfen Liu. Efficient Password-Based Authenticated Key Exchange Protocol in the UC Framework

Feng Cheng, Sebastian Roschke, Robert Schuppenies and Christoph Meinel. Remodeling the Vulnerability Information

Jean-Charles Faugere and Perret ludovic. Algebraic Cryptanalysis of Curry and Flurry using Correlated Messages

Helger Lipmaa and Bingsheng Zhang. Efficient Generalized Selective Private Function Evaluation with Applications in Biometric Authentication

Pedro Peris Lopez, Julio C. Hernandez-Castro, Juan M. E. Tapiador, Tieyan Li and Jan C. A. van der Lubbe. Weaknesses in Two Recent Lightweight RFID Authentication Protocols

4th International Conference on Information Theoretic Security (ICITS 2009)

2009-11-06T07:16:00.000-08:00

Leakage-Resilience and The Bounded Retrieval Model

Yevgeny Dodis (New York University)

Lower Bound on the Key Length of Information-Theoretic Forward-Secure Storage Schemes

Stefan Dziembowski (University of Rome "La Sapienza")

Security of Key Distribution and Complementarity in Quantum Mechanics

Masato Koashi (Osaka University, Japan)

Free-Start Distinguishing: Combining Two Types of Indistinguishability Amplification

Peter Gazi and Ueli Maurer (ETH Zurich, Switzerland and Comenius University Bratislava, Slovakia)

Code-Based Public-Key Cryptosystems And Their Applications

Kazukuni Kobara (AIST, Japan)

On the Security of Pseudorandomized Information-Theoretically Secure Schemes

Koji Nuida and Goichiro Hanaoka (AIST, Japan)

Efficient Statistical Asynchronous Verifiable Secret Sharing with Optimal Resilience

Arpita Patra, Ashish Choudhary and C. Pandu Rangan (IIT, Madras, India)

On the Optimization of Bipartite Secret Sharing Schemes

Oriol Farras, Jessica Ruth Metcalf-Burton, Carles Padro, and Leonor Vazquez
(Universitat Politècnica de Catalunya, Barcelona, Spain and University of Michigan, U.S.A.)

Linear Threshold Multisecret Sharing Schemes

Oriol Farras, Ignacio Gracia, Sebastia Martin, and Carles Padro
(Universitat Politècnica de Catalunya, Barcelona, Spain)

Multiterminal Secrecy Generation and Tree Packing

Prakash Narayan (University of Maryland)

Information Theoretic Security Based on Bounded Observability

Jun Muramatsu, Kazuyuki Yoshimura, and Peter Davis (NTT, Japan)

Random Graphs in Security and Privacy

Adi Shamir (The Weizmann Institute of Science)

Group Testing and Batch Verification

Greg Zaverucha and Doug Stinson (University of Waterloo, Canada)

What Can Cryptography Do for Coding Theory? Using Computational Complexity to Model Uncertain Channels

Adam Smith (Pennsylvania State University)

Cryptanalysis of Secure Message Transmission Protocols with Feedback

Qiushi Yang and Yvo Desmedt (University College London, UK)

The Optimum Leakage Principle for Analyzing Multi-threaded Programs

Han Chen and Pasquale Malacaria (Queen Mary University of London, UK)

A General Conversion Method of Fingerprint Codes to (More) Robust Fingerprint Codes against Bit Erasure

Koji Nuida (AIST, Japan)

An Improvement of Pseudorandomization against Unbounded Attack Algorithms - The Case of Fingerprint Codes

Koji Nuida and Goichiro Hanaoka (AIST, Japan)

Statistical-mechanical Approach for Multiple Watermarks Using Spectrum Spreading

Kazuhiro Senda and Masaki Kawamura (Yamaguchi University, Japan)

4th Benelux Workshop on Information and System Security

2009-11-06T07:04:00.000-08:00

Yves Edel and Andreas Klein. Computational aspects of fast correlation attacks

Anthony Van Herrewege, Miroslav Knezevic, Lejla Batina, Ingrid Verbauwhede and Bart Preneel. Compact Implementations of Pairings

Boris Skoric. Quantum readout of Physical Unclonable Functions

Related and Open Key Attacks on AES and other Block Ciphers
In this talk we will describe recent research results on related-key attacks and open key attacks on AES. We will discuss properties of AES key schedule that allow to construct good related-key differentials. We will then explain how to use these differentials in various attacks. This methodology can be applied to the study of key schedules of other block ciphers. Our best attack on full AES-256 takes $2^{99}$ steps while our round-reduced attacks on up to 13 rounds out of 14 are marginally practical. We will discuss open key attacks on block ciphers and their relevance to the security of hashing modes of block ciphers.

Jorge Guajardo and Bart Mennink. Towards Side-Channel Resistant Block Cipher Usage or Can We Encrypt Without Side-Channel Countermeasures?

Jiqiang Lu, Jing Pan and Jerry den Hartog. Regarding the Security of AES against First and Second-Order Differential Power Analysis

Feng Hao, Peter Ryan and Piotr Zielinski. Anonymous Voting by 2-Round Public Discussion

Ben Smyth, Mark Ryan, Steve Kremer and Mounira Kourjieh. Election verifiability in electronic voting protocols

Ben Adida, Olivier de Marneffe, Olivier Pereira and Jean-Jacques Quisquater. Electing a University President using Open-Audit Voting: Analysis of real-world use of Helios

Cryptology and Elliptic Curves : a 25-year love (?) story
End of 1984 : a new factoring method emerges from H.W. Lenstra's brain, "... derived from the Pollard p-1-method by replacing the multiplicative group by a random elliptic curve". The algorithm is published in 1985, followed some months later by the idea from Miller and Koblitz to fit Diffie-Hellman and El-Gamal schemes to this new paradigm : ECC is born. In this talk, we try to tell the 25-year love (?) story of cryptology and elliptic curves, by positioning it in the more global context of modern cryptology.

Jorge Guajardo, Bart Mennink and Berry Schoenmakers. Modulo Reduction for Paillier Encryptions and Application to Secure Statistical Analysis

Gildas Avoine, Christian Floerkemeier and Benjamin Martin. RFID Distance Bounding Multistate Enhancement (Short Version)

Yasser Phoulady. Sharing A Labeled Tree

Damiano Bolzoni, Sandro Etalle and Pieter Hartel. Panacea: Automating Attack Classification for Anomaly-based Network Intrusion Detection Systems

Wojciech Mostowski and Jip Hogenboom. Full Memory Attack on a Java Card

ICICS 2009

2009-11-06T06:56:00.000-08:00

How to Steal a Botnet and What Can Happen When You Do

Richard A. Kemmerer

University of California, Santa Barbara, USA

Security Evaluation of a DPA-resistant S-box Based on the Fourier

Transform

Yang Li, Kazuo Sakiyama, Shinichi Kawamura, Yuichi Komano, and Kazuo Ohta

The university of Electro-Communications, Tokyo, Japan; Toshiba Corporation, Japan

Security Analysis of the GF-NLFSR Structure and Four-Cell Block Cipher

Wenling Wu, Lei Zhang, Liting Zhang, and Wentao Zhang

The State Key Lab of Information Security, Graduate University of Chinese Academy of Sciences, Beijing, China

The RAKAPOSHI Stream Cipher

Carlos Cid, Shinsaku Kiyomoto, and Jun Kurihara

Royal Holloway, University of London, London, UK

Design of Reliable and Secure Multipliers by Multilinear Arithmetic Codes

Zhen Wang, Mark Karpovsky, Berk Sunar, and Ajay Joshi

Reliable Computing Laboratory, Boston University CRIS Laboratory, Worcester Polytechnic Institute, USA

Hardware/Software Co-Design of Public-Key Cryptography for SSL Protocol Execution in Embedded Systems

Manuel Koschuch, Johann Groszschaedl, and Dan Page, Matthias Hudler and Michael Kruger

FH Campus Wien University of Applied Sciences, University of Luxembourg, University of Bristol, and FH Campus Wien University of Applied Sciences

Online/Offline Ring Signature Scheme

Joseph K. Liu, Man Ho Au, Willy Susilo, and Jianying Zhou

I2R, Singapore; University of Wollongong, Australia

Policy-controlled Signatures

Pairat Thorncharoensri, Willy Susilo, and Yi Mu

University of Wollongong, Australia

Public Key Encryption without Random Oracle Made Truly Practical

Puwen Wei, Xiaoyun Wang, and Yuliang Zheng

Shandong University, China; Tsinghua University, China; University of North Carolina, USA

A Public-Key Traitor Tracing Scheme with an Optimal Transmission Rate

Yi-Ruei Chen and Wen-Guey Tzeng

National Chiao Tung University, Taiwan

Computationally Secure Hierarchical Self-Healing Key Distribution for

Heterogeneous Wireless Sensor Networks

Yanjiang Yang, Jianying Zhou, Robert H. Deng, and Feng Bao

Institute for Infocomm Research, Singapore

Enabling Secure Secret Updating for Unidirectional Key Distribution

in RFID-Enabled Supply Chains

Shaoying Cai, Tieyan Li, Changshe Ma, Yingjiu Li, and Robert H.Deng

Singapore management University, Singapor; Institute for Infocomm Research, Singapore

Biometric-Based Non-Transferable Anonymous Credentials

Marina Blanton and William M. P. Hudelson

University of Notre Dame, Penn State University, USA

http://www.icics2009.org/

SEMINAIRE DE CRYPTOGRAPHIE DE RENNES

2009-10-02T07:30:00.000-07:00

SEMINAIRE DE CRYPTOGRAPHIE DE RENNES

Le séminaire a lieu les vendredi à 14 h 00, Salle 016, IRMAR (rez de chaussée, bâtiment 22),
Université de Rennes 1, Campus de Beaulieu.

Séance du 16 octobre 2009
Peter Schwabe Eindhoven University of Technology
Titre : AES-GCM plus rapide et résistant contredes attaques temporelles
Résume : Cet exposé a pour but de présenter une nouvelle implantation
d'AES et d'AES-GCM. C'est la première qui résiste aux attaques
temporelles et qui est en même temps efficace pour chiffrer des
paquets courts.

J'expliquerai pourquoi les méthodes classiques pour implanter AES sont
vulnérables aux attaques dites de "cache-timing". Ensuite, je
décrirai la technique de "bit-slicing" et détaillerai notre
implantation d'AES.

Dans une seconde partie, je donnerai un bref aperçu du mode
d'opération GCM et présenterai nos deux approches d'implantation : une
optimistée en vitesse et l'autre résistante aux attaques temporelles.

Séance du 23 octobre 2009
Andrea Roeck INRIA Rocquencourt
Titre : (Yet Another) Analysis of the Linux Random Number Generator
Résume : The Linux random number generator is part of the kernel since
1994. It collects entropy from user input, interrupts and disk
movements and claims to output high quality random numbers. There are
two different versions: /dev/random which blocks if the internal
entropy count goes to zero and /dev/urandom which is faster since it
produces as many bits as the user wants to. The only official
definition of this RNG exists in the code itself which is subject to
possible changes in new releases of the kernel. We want to give a
detailed description of the current version. There exists previous
attempts of describing this generator, especially the works of Barak
and Halevi in 2005 and Gutterman et al. in 2006. However, the
generator changed in the meantime and we want to describe it in more
mathematical details.

Séance du 23 octobre 2009
Maria Naya INRIA Rocquencourt
Titre : Titre à préciser.
Résume :

Séance du 30 octobre 2009
Julien Bringer SAGEM
Titre : Extended Private Information Retrieval Protocols: definitions,applications & new extensions
Résume : Cet exposé est basé sur des travaux communs avec Hervé Chabanne, David Pointcheval, Qiang Tang menés dans le cadre du projet ANR RNRT BACH (Biometric Authentication with Cryptographic Handling).

Extended Private Information Retrieval (EPIR) is a generalization of
the notion of Private Information Retrieval (PIR). The principle is to
enable a user to privately evaluate a fixed and public function with
two inputs, a chosen block from a database and an additional string.
In this talk, we will present this notion and describe 2 constructions
with applications to biometric authentication. We will then explain an
extension of this notion in order to add more flexibility during the
system life. As an example, we will introduce a general protocol
enabling polynomial evaluations. As to practical concern, we will also
discuss how amortizing database computations when dealing with several
requests.

sciencewatch

2009-09-11T01:58:00.000-07:00

Hello,
I discovered an excellent website, which can help you to track trends in Science :

http://sciencewatch.com

I really like the section "Hot papers";
For example, have a look here :

http://sciencewatch.com/dr/nhp/2009/09sepnhp/

Regards,

Workshop on Secure Execution of Untrusted Code

2009-09-10T00:59:00.000-07:00

A Formal Model for Virtual Machine Introspection
Jonas Pfoh, Christian Schneider, and Claudia Eckert

Emulating Emulation-Resistant Malware
Min Gyung Kang, Heng Yin, Steve Hanna, Stephen McCamant, and Dawn Song

TimeCapsule: Secure Recording of Accesses to a Protected Datastore
Srinivas Krishnan and Fabian Monrose

Browser protection against Cross-Site Request Forgery
Wim Maes, Thomas Heyman, Lieven Desmet, and Wouter Joosen

Hardware-enforced Fine-grained Isolation of Untrusted Code
Eugen Leontie, Gedare Bloom, Bhagirath Narahari, Rahul Simha, and Joseph Zambreno

Defending embedded systems against Control flow attacks
Aurélien Francillon, Claude Castellucciam and Daniele Perito

The Cake is a Lie: Privilege Rings as a Policy Resource
Sergey Bratus, Peter C. Johnson, Michael E. Locasto, Ashwin Ramaswamy, and Sean W. Smith

Application Containers without Virtual Machines
Shengzhi Zhang, Xi Xiong, Xiaoqi Jia, and Peng Liu

Availability-sensitive Intrusion Recovery
Micah Sherr and Matt Blaze

WISTP'2009

2009-09-10T00:52:00.000-07:00

Session: MOBILITY

On the Unobservability of a Trust Relation in Mobile Ad Hoc Networks
Olivier Heen, Gilles Guette and Thomas Genet
INRIA, Université Rennes 1
A Mechanism to Avoid Collusion Attacks Based on Code Passing in Mobile Agent Systems
Marc Jaimez, Oscar Esparza and Jose L. Muñoz
Universitat Politecnica de Catalunya
Privacy – Aware Location Database Service for Granular Queries
Shinsaku Kiyomoto, Keith M. Martin, and Kazuhide Fukushima
KDDI Laboratories and Royal Holloway University of London

Session: ATTACKS AND SECURE IMPLEMENTATIONS

Algebraic Attacks on RFID Protocols
Ton van Deursen and Sasa Radomirovic
University of Luxembourg
Anti-Counterfeiting using Memory Spots
Helen Balinsky, Edward McDonnell, Liqun Chen and Keith Harrison
Hewlett Packard Laboratories
On Second – Order Fault Analysis Resistance for CRT – RSA Implementations
Emmanuelle Dottax, Christophe Giraud, Matthieu Rivain and Yannick Sierra
Oberthur Technologies and University of Luxembourg

Session: PERFORMANCE AND SECURITY

Measurement Analysis when Benchmarking Java Card Platforms
Samia Bouzefrane, Julien Cordry and Pierre Paradinas
CNAM/Cedric
Performance issues of Selective Disclosure and Blinded Issuing Protocols on Java Card
Hendrik Tews and Bart Jacobs
Radboud Universiteit Nijmegen, The Netherlands
Energy – Efficient Implementation of ECDH Key Exchange for Wireless Sensor Networks
Christian Lederer, Roland Mader, Manuel Koschuch, Johann Groszschaedl,
Stefan Tillich, and Alexander Szekely
University of Klagenfurt, Graz University of Technology, FH Campus
Wien, and University of Bristol

Session: CRYPTOGRAPHY

Key Management Schemes for Peer – to – Peer Multimedia Streaming Overlay Networks
Juan Álvaro Muñoz Naranjo, Juan Antonio López Ramos and Leocadio González Casado
Universidad de Almería
Ultra-lightweight Key Predistribution in Wireless Sensor Networks for Monitoring Linear Infrastructure
Keith M. Martin and Maura B. Paterson
Royal Holloway and University of London
PKIX Certificate Status in MANET
J. Muñoz, O. Esparza, C. Gañán and X. Arnau
Universitat Politecnica de Catalunya

Workshop on Formal and Computational Cryptography FCC 2009

2009-08-27T01:30:00.000-07:00

Computational and Symbolic Anonymity in an Unbounded Network
Hubert Comon-Lundh, Masami Hagiya, Yusuke Kawamoto, and Hideki Sakurada

Formal Indistinguishability extended to the Random Oracle Model
Cristian Ene, Yassine Lakhnech, and Van Chan Ngo

Computationally Sound Analysis of Probabilistic Security Protocols with Digitial Signatures
Mihhail Aizatulin, Henning Schnoor, and Thomas Wilke

CoSP: A general framework for computational soundness proofs
Michael Backes, Dennis Hofheinz, and Dominique Unruh

The Execution Correspondence Theorem for Polynomially Accurate Simulations
Roberto Segala and Andrea Turrini

From CryptoVerif Specifications to Computationally Secure Implementations of Protocols (Work in Progress)
David Cadé

Computationally Sound Proofs of Security for a Key Management API
Graham Steel

Refining Computationally Sound Mechanized Proofs for Kerberos
Bruno Blanchet, Aaron D. Jaggard, Jesse Rao, Andre Scedrov, and Joe-Kai Tsay

Computational Indistinguishability Logic
Gilles Barthe, Marion Daubignard, Bruce Kapron, and Yassine Lakhnech

Automated Proofs for Encryption Modes
Martin Gagné, Pascal Lafourcade, Yassine Lakhnech, and Reihaneh Safavi-Naini

On the Computational Soundness of Cryptographic Verification by Typing
Cédric Fournet

Computational Soundness of RCF Implementations
Michael Backes, Matteo Maffei, and Dominique Unruh

5th LCN Workshop on Security in Communications Networks

2009-08-27T00:36:00.000-07:00

Mobility, Routing, and Computation in Ad-Hoc and Disruption-Tolerant Networks
Stephen D. Wolthusen
(Royal Holloway, University of London, UK and Gjøvik University College, Norway)

Measuring Similarity of Malware Behavior
Martin Apel (University of Dortmund, Germany); Christian Bockermann (University of Dortmund, Germany); Michael Meier (University of Dortmund, Germany)
Malicious software (malware) represents a major threat for computer systems of almost all types. In the past few years the number of prevalent malware samples has increased dramatically due to the fact that malware authors started to deploy morphing (aka obfuscation) techniques in order to hinder detection of such polymorphic malware by anti-malware products. Using these techniques numerous variants of a malware can be generated. All these variants have a different syntactic representation while providing almost the same functionality and showing similar behavior. In order to effectively detect polymorphic malware it is advantageous (if not required) to know which malware samples are variants of a particular malware. Respective approaches for determining this relation between malware samples automatically are currently investigated by a number of researchers. A prerequisite for assessing this relation based on particular features of malware samples is an appropriate similarity or distance measure. In particular a number of approaches for clustering malware samples have been recently published. Thereby different similarity measures are used but without thoroughly discussing the choice. So it is an unanswered question which similarity measures are appropriate for determining respective relations between malware samples. To answer this question we study different distance measures in detail and discuss desirable properties of a distance measure for this particular purpose. We focus on behavioral features of malware and compare and experimentally evaluate different distance measures for malware behavior. Based on our results we identify a most appropriate distance measure for grouping malware samples based on similar behavior.

npf—A Simple, Traffic-Adaptive Packet Classifier Using On-line Reorganization of Rule Trees
Shariful Shaikot (Washington State University, USA); Min Kim (Washington State University, USA)
Packet classification is one of the crucial components of application such as firewalls, intrusion detection, and differentiated services. For example, an intrusion detection system (IDS) classifies packets either as benign or malicious and alerts the network administrator. Since existing IDS’s spend the majority of CPU time in packet classification, an IDS fails to detect malicious packets under high load. Many ideas have been proposed to make the packet inspection faster so that an IDS spends less time in packet classification. However, because of the increasing number of security threats and vulnerabilities, the number of rules often exceeds thousands, requiring more than hundreds of megabytes of memory. As a result, an IDS spends longer time to classify packets since each packet incurs many memory accesses, and thus the throughput of an IDS is limited by memory bandwidth. The problem can be mitigated by exploiting locality in traffic patterns. In this paper, we propose npf, a fast and traffic-adaptive packet classifier which intelligently reorganizes the internal structure based on the traffic pattern. Unlike existing approaches requireing a separate, off-line reorganization phase, npf performs reorganization on-line with little overhead, resulting in higher throughput without compromising accuracy. Experimental results on our test bed show that npf outperforms a traditional packet classifier by spending an order of magnitude less time per packet in order to classify the packet.

An Anti-Spam Scheme Using Capability-Based Access Control
Yasushi Shinjo (University of Tsukuba, Japan)
This paper proposes an anti-spam scheme that uses capability-based access control. In this scheme, rights to bypass spam filters are represented as capabilities, and an email message containing a valid capability bypasses the spam filer and goes straight to the receiver's inbox. As a result, the false positive problem inherent in existing spam filters is eliminated. This scheme allows a user to delegate rights to another person and is compatible with existing email systems and applications. It was implemented in Mozilla Thunderbird, along with a tool, Capability Basket, that provides an API for email clients and a GUI for users.

Design Considerations for a Honeypot for SQL Injection Attacks
Thomas Chen (Swansea University, United Kingdom); John Buford (Avaya Labs Research, USA)
SQL injection attacks continue to be a major problem for web applications. We investigate design considerations for an application layer honeypot to attract and learn about SQL injection attacks. The honeypot responds with indications of vulnerability leading attackers ultimately to disinformation that could be useful to track them. The honeypot restricts attackers from escalating the attack to the operating system or launching attacks on other systems. The honeypot could emulate the appearance of common defenses against SQL injection in order to seem more genuine. Finally, we describe considerations to implement an experimental honeypot with honeyd.

On Limited-Range Strategic/Random Jamming Attacks in Wireless Ad hoc Networks
Korporn Panyim (University of Pittsburgh, USA); Thaier Hayajneh (University of Pittsburgh, USA); Prashant Krishnamurthy (University of Pittsburgh, USA); David Tipper (University of Pittsburgh, USA)
Jamming attacks are considered one of the most devastating as they are difficult to prevent and sometimes hard to detect. In this paper we consider the impact of the placement and range of limited-range jammers on ad hoc networks. Limited range jammers are more difficult to detect as they use transmission powers similar to that of regular nodes (or perhaps even smaller transmit powers).The attacker can locate his jammer(s) randomly in the network. Alternatively, jammers can be placed at strategic locations. For instance, intuitively, this can be nodes with high traffic inputs/outputs (discovered by sensing the traffic flow in the network). Using OPNET, we perform extensive simulations to show how significant such strategically placed attacks can be compared to random placement of limited-range jammers on both TCP and UDP traffic.

A Frame Handler Module for a Side-Channel in Mobile Ad Hoc Networks
Marvin Odor (University of Ontario Institute of Technology, Canada); Babak Nasri (Beyond measures Inc., Canada); Mazda Salmanian (Defence R&D Canada, Canada); Peter Mason (Defence Research & Development Canada, Canada); Miguel Vargas Martin (University of Ontario Institute of Technology, Canada); Ramiro Liscano (University of Ontario Institute of Technology, Canada)
In this paper, we establish a hidden 802.11 wireless channel, with the masking of the channel achieved by inserting intentional errors in the Frame Check Sequence (FCS). We design a frame handler module to provide a proof-of-concept model of the side-channel using MATLAB and Simulink with Communication Toolbox. We justify using MATLAB over the other simulation tools because of its existing functions: physical layer IEEE 802.11 wireless local area networking (WLAN) standard, existing modular channel fading models, the MAC layer cyclic redundancy checksum (CRC) generator, the CRC Syndrome detector, and the capability of modifying fields in a frame. These existing functions allow for the creation of a frame handler which generates frames, according to our design, to be inserted as erroneous frames and recovers frames from normal 802.11 traffic. Herein we provide the design and details of the implementation of the channel. Our design offers the ability to introduce error detection and correction capabilities, and protection against passive monitoring defences. This simulation framework is a step towards the development of more sophisticated environments including multi-node simulations that maintain robust and reliable side-channel communication.

Energy-Efficient Multi-key Security Scheme for Wireless Sensor Networks
Sandeep Chowdary Kolli (Missouri University of Science and Technology, USA); Maciej Zawodniok (Missouri S&T, USA)
This paper proposes a multi-key encryption scheme and engine architecture (MKE) that increases security and optimizes energy efficiency of sensor networks, while minimizing modifications to existing implementations. The scheme improves security of AES against correlation power analysis (CPA) attack by employing MKE engine, breaking the correlation between power consumption and the used key. Other schemes utilize complex hardware designs, for example by using the inhomogeneous s-boxes that reduce energy efficiency of the engine. In contrast, the proposed hardware engine uses a randomly sequence of few keys to encode subsequent blocks of a messages. Additionally, the scheme improves security of AES against brute-force attacks for a given key size by utilizing multiple keys to encrypt subsequent blocks of a message. In contrast, a typical security upgrade would require a larger key size and encryption engine, which would increase cost and energy consumption of the devices. Both analytical and simulation results are presented in this paper.

Group Key Agreement for Wireless Mesh Networks
Andreas Noack (Ruhr-Universität Bochum, Germany); Joerg Schwenk (Ruhr-University Germany, Germany)
Wireless mesh networks consist of stationary nodes that communicate over wireless connections. Since WLAN security standards are only applicable in the standard scenario where the access points are connected by a cable-bound backbone, nearly all mesh networks broacast messages in the clear. To secure these networks, and to reduce the amount of reencryption of messages, we propose to use group key agreement (GKA) protocols to agree on a common key for all nodes. In a mesh network, a message sent by one node can only be received directly by nodes within the broadcast reach of the first node. Thus we have neither direct point-to-point connections between nodes, nor do we have a perfect broadcast channel. We therefore compare the suitability of different GKA protocols proposed in the literature for mesh networks.

WEWoRC 2009

2009-08-25T14:51:00.000-07:00

Accepted talks at WEWoRC 2009



*Authenticating with Attributes* by Dalia Khader (University of Bath, UK)
*From MQ to MQQ Cryptography:Weaknesses and New Solutions* by Rohit Ahlawat, Kanika Gupta, Saibal K. Pal (University of Delhi, India)
*Bivium as a Mixed-0-1 Programming Problem* by Julia Borghoff, Lars R. Knudsen, Mathias Stolpe (DTU Mathematics, Technical University of Denmark, Denmark)
*Cryptanalysis of C2* by Julia Borghoff, Lars R. Knudsen, Gregor Leander, Krystian Matusiewicz (DTU Mathematics, Technical University of Denmark,Denmark) abstract.pdf
*Application of the cube attack to stream and block ciphers* by Piotr Mroczkowski and Janusz Szmidt (Military Communication Institute and Military University of Technology, Warsaw, Poland)
*Fault injection's sensitivity of the McEliece PKC* by Pierre-Louis Cayrel and Pierre Dusart (Universite de Paris 8, and Universite de Limoges, France)
*Round-Reduced Near-Collisions of BLAKE-32* by Jian Guo and Krystian Matusiewicz (Nanyang Technological University and Technical University of Denmark)
*Cryptanalysis of the MCSSHA Hash Functions* by Jean-Philippe Aumasson and Maria Naya-Plasencia (FHNW Windisch, Switzerland, and INRIA project-team SECRET, France
*An Improvement of Privacy-Preserving Scheme Based on Random Substitutions* by Ju-Sung Kang (Department of Mathematics, Kookmin University, Korea)
*Fast implementation of MASH hash function family* by Marek Gradzki (Military University of Technology, Institute of Mathematics and Cryptology, Warsaw, Poland)
*Probabilistic Analysis of LLL Reduced Bases* by Michael Schneider, Johannes Buchmann and Richard Lindner (Technische Universität Darmstadt, Department of Computer Science, Germany)
*Exploring Subliminal Channels in Pairing-Based Signatures* by Laila El Aimani and Yona Raekow (B-IT, Universität Bonn, Germany)
*Collisions and Preimages for Sarmal* by Florian Mendel and Martin Schläffer (IAIK, Graz University of Technology, Austria)
*On Free-Start Collisions and Collisions for TIB3* by Florian Mendel and Martin Schläffer (IAIK, Graz University of Technology, Austria)
*Structural Attacks on Two SHA-3 Candidates: Blender-n and DCH-n* by Mario Lamberger and Florian Mendel (IAIK, Graz University of Technology, Austria)
*A Simple Derivation for the Frobenius Pseudoprime Test* by Daniel Loebenberger (B-IT, Universität Bonn, Germany)
*Efficient root finding of polynomials over fields of characteristic 2* by Vincent Herbert (INRIA Paris - Rocquencourt, France)
*Improved Distinguishing Attacks on HC-256* by Gautham Sekar and Bart Preneel (Katholieke Universiteit Leuven, Dept. ESAT/COSIC, Belgium, and IBBT, Belgium
*Key Recovery Attack on full GOST Block Cipher with Zero Time and Memory* by Ewan Fleischmann, Michael Gorski, Jan-Hendrik Huehne, and Stefan Lucks (Bauhaus-University Weimar, Germany)
*Attacking Reduced Rounds of the ARIA Block Cipher* by Ewan Fleischmann, Michael Gorski, and Stefan Lucks (Bauhaus-University Weimar, Germany)
*Security of Generalized Tandem-DM* by Ewan Fleischmann, Michael Gorski, and Stefan Lucks (Bauhaus-University Weimar, Germany)
*Density of Ideal Lattices* by Johannes Buchmann and Richard Lindner (Technische Universität Darmstadt, Germany)
*Cryptanalysis of Reduced Word Variants of Salsa* by Sylvain Pelissier (EPFL, Switzerland)
*Efficient Arithmetic on Binary Genus-2 Curves* by Peter Birkner and Tanja Lange (Technische Universiteit Eindhoven, Netherlands)
*Cryptanalysis of a Lightweight RFID Authentication Protocol - LRMAP* by Imran Erguler, Mete Akgun, and Emin Anarim (National Research Institute of Electronics and Cryptology, TUBITAK-UEKAE, and Electrical-Electronics Engineering Department, Bogazici University,Turkey)
*Short Signature Scheme From Bilinear Pairings* by by Sedat Akleylek, Baris Bulent Kirlar, Omer Sever, and Zaliha Yuce (Institute of Applied Mathematics, Middle East Technical University, Turkey)
*Hierarchical Ring Signatures* by Lukasz Krzywiecki, Miroslaw Kutylowski, Anna Lauks-Dutka (Institute of Mathematics and Computer Science, Wroclaw University of Technology, Poland)
*Efficient Chosen-Ciphertext Security from Selective-ID Secure Identity-Based Key Encapsulation* by Jonas Schrieb (University of Paderborn, Germany)
*Analysis of Reduced MD6* by Thomas Hodanek (Graz University of Technology, Austria)
*Algebraic-Differential Cryptanalysis of DES* by Jean-Charles Faugere, Ludovic Perret, and Pierre--Jean Spaenlehauer (UPMC, Univ Paris 06, LIP6 INRIA, Centre Paris-Rocquencourt, SALSA Project CNRS, France)
*Multi-Linear cryptanalysis in Power Analysis : MLPA* by Thomas Roche and Cedric Taverniere (Laboratoire Informatique de Grenoble, and CS, Communication and Systems, France)

ASIACRYPT 2009

2009-08-25T14:48:00.001-07:00

110. Improved Cryptanalysis of Skein

Jean-Philippe Aumasson, Cagdas Calik, Willi Meier, Onur Özen, Raphael C.-W. Phan and Kerem Varici

116. Secure Two-Party Computation is Practical

Benny Pinkas, Thomas Schneider, Nigel P. Smart and Stephen C. Williams

128. Security Notions and Generic Constructions for Client Puzzles

Liqun Chen, Paul Morrissey, Nigel P. Smart and Bogdan Warinschi

130. On the Analysis of Cryptographic Assumptions in the Generic Ring Model

Tibor Jager and Jörg Schwenk

134 .Fiat-Shamir With Aborts: Applications to Lattice and Factoring-Based Signatures

Vadim Lyubashevsky

145. Rebound Distinguishers: Results on the Full Whirlpool Compression Function

Mario Lamberger, Florian Mendel, Christian Rechberger, Vincent Rijmen and Martin Schläffer

152. PSS is Secure against Random Fault Attacks

Jean-Sebastien Coron and Avradip Mandal

157. Zero Knowledge in the Random Oracle Model, Revisited

Hoeteck Wee

168. Linearization Framework for Collision Attacks: Application to CubeHash and MD6

Eric Brier, Shahram Khazaei, Willi Meier and Thomas Peyrin

173. Improved generic algorithms for 3-collisions

Antoine Joux and Stefan Lucks

189. Non-Malleable Statistically Hiding Commitment from Any One-Way Function

Zongyang Zhang, Zhenfu Cao, Ning Ding and Rong Ma

202+302. Preimages for Step-Reduced SHA-2

Kazumaro Aoki, Jian Guo, Krystian Matusiewicz, Yu Sasaki and Lei Wang

207. Cache-Timing Template Attacks

Billy Brumley and Risto Hakala

221. Related-key Cryptanalysis of the Full AES-192 and AES-256

Alex Biryukov and Dmitry Khovratovich

225. A Modular Design for Hash Functions: Towards Making the Mix-Compress-Mix Approach Practical

Anja Lehmann and Stefano Tessaro

228. Security Bounds for the Design of Code-based Cryptosystems

Matthieu Finiasz and Nicolas Sendrier

231. On Black-Box Constructions of Predicate Encryption from Trapdoor Permutations

Jonathan Katz and Arkady Yerukhimovich

235. Memory Leakage-Resilient Encryption based on Physically Unclonable Functions

Frederik Armknecht, Roel Maes, Ahmad-Reza Sadeghi, Berk Sunar and Pim Tuyls

246. Quantum-Secure Coin-Flipping and Applications

Ivan Damgård and Carolin Lunemann

250. Signature Schemes with Bounded Leakage Resilience

Jonathan Katz and Vinod Vaikuntanathan

255. Simple Adaptive Oblivious Transfer Without Random Oracle

Kaoru Kurosawa and Ryo Nojima

256. Improved Non-Committing Encryption with Applications to Adaptively Secure Protocols

Seung Geol Choi, Dana Dachman-Soled, Tal Malkin and Hoeteck Wee

262. Secure Multi-party Computation Minimizing Online Rounds

Seung Geol Choi, Ariel Elbaz, Tal Malkin and Moti Yung

268. Group Encryption: Non-Interactive Realization in the Standard Model

Julien Cathalo, Benoit Libert and Moti Yung

272. Foundations of Non-Malleable Hash and One-Way Functions

Alexandra Boldyreva, David Cash, Marc Fischlin and Bogdan Warinschi

274. Proofs of Storage from Homomorphic Identification Protocols

Giuseppe Ateniese, Seny Kamara and Jonathan Katz

276. Hierarchical Predicate Encryption for Inner-Products

Tatsuaki Okamoto and Katsuyuki Takashima

289. A Framework for Universally Composable Non-Committing Blind Signatures

Masayuki Abe and Miyako Ohkubo

296. How to Confirm Cryptosystems Security: The Original Merkle-Damgård is Still Alive!

Yusuke Naito, Kazuki Yoneyama, Lei Wang and Kazuo Ohta

303. Efficient Public Key Encryption Based on Ideal Lattices

Damien Stehlé, Ron Steinfeld, Keisuke Tanaka and Keita Xagawa

322. Cryptanalysis of the Square Cryptosystems

Olivier Billet and Gilles Macario-Rat

325. Cascade Encryption Revisited

Peter Gaži and Ueli Maurer

326. Factoring $pq^2$ with Quadratic Forms: Nice Cryptanalyses

Guilhem Castagnos, Antoine Joux, Fabien Laguillaumie and Phong Q. Nguyen

331. The Key-Dependent Attack on Block Ciphers

Xiaorui Sun and Xuejia Lai

332. On the Power of Two-Party Quantum Cryptography

Louis Salvail, Christian Schaffner and Miroslava Sotakova

343. The Intel AES Instructions Set and the SHA-3 Candidates

Ryad Benadjila, Olivier Billet, Shay Gueron and Matt Robshaw

358. MD5 is Weaker than Weak: Attacks on Concatenated Combiners

Florian Mendel, Christian Rechberger and Martin Schläffer

368. Rebound Attack on the Full LANE Compression Function

Krystian Matusiewicz, María Naya-Plasencia, Ivica Nikolić, Yu Sasaki and Martin Schläffer

370. Hedged Public-Key Encryption: How to Protect Against Bad Randomness

Mihir Bellare, Zvika Brakerski, Moni Naor, Thomas Ristenpart, Gil Segev, Hovav Shacham and Scott Yilek

385. Password-Based Authenticated Key Exchange Based on Lattices

Jonathan Katz and Vinod Vaikuntanathan

404. Attacking Power Generators Using Unravelled Linearization: When Do We Output Too Much?

Mathias Herrmann and Alexander May

SHARCS'09

2009-07-22T03:36:00.000-07:00

List of accepted papers for SHARCS'09

Jean-Philippe Aumasson, Itai Dinur, Luca Henzen, Willi Meier, and Adi Shamir
"Efficient FPGA Implementations of High-Dimensional Cube Testers on the Stream Cipher Grain-128"
Daniel J. Bernstein
"Cost analysis of hash collisions: will quantum computers make SHARCS obsolete?"
Daniel J. Bernstein, Hsueh-Chung Chen, Ming-Shing Chen, Chen-Mou Cheng, Chun-Hung Hsiao, Tanja Lange, Zong-Cing Lin, and Bo-Yin Yang
"ECM Today"
Daniel J. Bernstein, Tanja Lange, Ruben Niederhagen, Christiane Peters, and Peter Schwabe
"FSBday: Implementing Wagner's Generalized Birthday Attack against the SHA-3 candidate FSB"
Joppe W. Bos, Marcelo E. Kaihara, and Peter L. Montgomery
"Pollard Rho on the PlayStation 3"

Tim Güneysu, Gerd Pfeiffer, Christof Paar, and Manfred Schimmler
"3 Years of Evolution: Cryptanalysis with COPACOBANA"
Martin Novotný and Timo Kasper
"Cryptanalysis of KeeLoq with COPACOBANA"
Igor Semaev
"Sparse Boolean equations and circuit lattices"
3 more papers have been accepted conditionally.

http://www.sharcs.org/

FDTC 09

2009-07-21T02:28:00.000-07:00

INVITED PAPERS

“Blinded fault resistant exponentiation revisited”

Arnaud Boscher, Helena Handshuh (speaker), Elena Trichina

2. “KeeLoq and Side-Channel Analysis – Evolution of an Attack”

Christof Paar (speaker)

REGULAR PAPERS

1. “WDDL is protected against fault attacks”

N. Selmane, S. Bhasin, S. Guilley, T. Graba and J.L. Danger

2. “Protecting RSA against fault attacks: the embedding method”

M. Joye

3. “Fault analysis of the stream cipher Snow 3G”

B. Debraize and I. Marquez Corbella

4. “Securing the elliptic curve Montgomery ladder against fault attacks”

N. Ebeid and R. Lambert

5. “Practical fault attack on a cryptographic LSI with ISO/IEC 18033-3 block ciphers”

T. Fukunaga and J. Takahashi

6. “A fault attack on ECDSA”

J.M. Schmidt and M. Medwed

7. “Fault attack on Schnorr based identification and signature schemes”

P.A. Fouque, D. Masgana and F. Valette

8. “Optical fault attacks on AES: a threat in violet”

J.M. Schmidt; M. Hutter and T. Plos

9. “Differential fault analysis on SHACAL-1”

R. Li, C. Li and C. Gong

10. “Low voltage fault attacks on the RSA cryptosystem”

A. Barenghi, G. Bertoni, E. Parrinello and G. Pelosi

11. “Securing AES implementation against fault attacks”

L. Genelle, C. Giraud and E. Prouff

12. “Using optical emission analysis for estimating contribution to power analysis”

S. Skorobogatov

http://conferenze.dei.polimi.it/FDTC09/

SAC 2009 Accepted Submissions

2009-07-20T02:12:00.000-07:00

A More Compact AES
David Canright and Dag Arne Osvik

We explored ways to reduce the number of bit operations required to implement AES. One way involved optimizing the composite field approach for entire rounds of AES. Another way was integrating the Galois multiplications of MixColumns with the linear transformations of the S box. Combined with careful optimizations, these reduced the number of bit operations to encrypt one block by 9.0%, compared to earlier work that used the composite field only in the S-box. For decryption, the improvement was 13.5%. This work may be useful both as a starting point for a bit-sliced software implementation, where reducing operations increases speed, and also for hardware with limited resources.

A new approach for FCSRs
François Arnault and Thierry Berger and Cédric Lauradoux and Marine Minier and Benjamin Pousse

The Feedback with Carry Shift Registers (FCSRs) have been proposed as an alternative to Linear Feedback Shift Registers (LFSRs) for the design of stream ciphers. FCSRs have good statistical properties and they provide a built-in non-linearity. However, two attacks have shown that the current representations of FCSRs can introduce weaknesses in the cipher. We propose a new “ring'” representation of FCSRs based upon matrix definition which generalizes the Galois and Fibonacci representations. Our approach preserves the statistical properties and circumvents the weaknesses of the Fibonacci and Galois representations. Moreover, the ring representation leads to automata with a quicker diffusion characteristic and better implementation results. As an application, we describe a new version of F-FCSR stream ciphers.

An Efficient Residue Group Multiplication for The $\eta_T$ Pairing Over ${\mathbb F}_{3^m}$
Yuta Sasaki and Satsuki Nishina and Masaaki Shirase and Tsuyoshi Takagi
When we implement the $\eta_T$ pairing, which is one of the fastest pairings, e need multiplications in a base field ${\mathbb F}_{3^m}$ and in a group $G$. We have regarded elements in $G$ as those in ${\mathbb F}_{3^{6m}}$ to implement the $\eta_T$ pairing in the past. Gorla et al. proposed a multiplication algorithm in ${\mathbb F}_{3^{6m}}$ that takes 5 multiplications in ${\mathbb F}_{3^{2m}}$, namely 15 multiplications in ${\mathbb F}_{3^{m}}$. This algorithm then reaches the theoretical lower bound of the number of multiplications. On the other hand, we may also regard elements in $G$ as those in the residue group ${\mathbb F}_{3^{6m}}^{\,*}\,/\,{\mathbb F}_{3^{m}}^{\,*}$ in which $\beta a$ is equivalent to $a$ for $a \in {\mathbb F}_{3^{6m}}^{\,*}$ and $\beta \in {\mathbb F}_{3^{m}}^{\,*}$. This paper propose an algorithm for computing a multiplication in the residue group. Its cost is asymptotically 12 multiplications in ${\mathbb F}_{3^{m}}$ as $m \rightarrow \infty$, which reaches beyond the lower bound the algorithm of Gorla et al. reaches.

An Improved Recovery Algorithm for Decayed AES Key Schedule Images
Alex Tsow
A practical algorithm that recovers AES key schedules from decayed memory images is presented. Halderman et al. [9] established this recovery capability, dubbed the cold-boot attack, as a serious vulnerability for several widespread software-based encryption packages. Our algorithm recovers AES-128 key schedules tens of millions of times faster than the original proof-of-concept release. In practice, it enables reliable recovery of key schedules at 70% decay, well over twice the decay capacity of previous methods. The algorithm is generalized to AES 256 and is empirically shown to recover 256-bit key schedules that have suffered 65% decay. When solutions are unique, the algorithm effciently validates this property and outputs the solution for memory images decayed up to 60%.

BTM: A Single-Key, Inverse-Cipher-Free Mode for Deterministic Authenticated Encryption
Tetsu Iwata and Kan Yasuda
We present a new blockcipher mode of operation named BTM, which stands for Bivariate Tag Mixing. BTM falls into the category of Deterministic Authenticated Encryption, which we call DAE for short. BTM makes all-around improvements over the previous two DAE constructions, SIV (Eurocrypt 2006) and HBS (FSE 2009). Specifically, our BTM requires just one blockcipher key, whereas SIV requires two. Our BTM does not require the decryption algorithm of the underlying blockcipher, whereas HBS does. The BTM mode utilizes bivariate polynomial hashing for authentication, which enables us to handle vectorial inputs of dynamic dimensions. BTM then generates an initial value for its counter mode of encryption by mixing the resulting tag with one of the two variables (hash keys), which avoids the need for an implementation of the inverse cipher.

Compact McEliece Keys from Goppa Codes
Rafael Misoczki and Paulo S. L. M. Barreto
The classical McEliece cryptosystem is built upon the class of Goppa codes, which remains secure to this date in contrast to many other families of codes but leads to very large public keys. Previous proposals to obtain short McEliece keys have primarily centered around replacing that class by other families of codes, most of which were shown to contain weaknesses, and at the cost of reducing in half the capability of error correction. In this paper we describe a simple way to reduce significantly the key size in McEliece and related cryptosystems using a subclass of Goppa codes, keeping the capability of correcting the full designed number of errors while also improving the efficiency of cryptographic operations to subquadratic time.

Cryptanalysis of Dynamic SHA(2)
Jean-Philippe Aumasson and Orr Dunkelman and Sebastiaan Indesteege and Bart Preneel
In this paper, we analyze the hash functions Dynamic SHA and Dynamic SHA2, which have been selected as first round candidates in the NIST Hash Competition. These hash functions rely heavily on data-dependent rotations, similar to certain block ciphers, e.g., RC5. Our analysis suggests that in the case of hash functions, where the attacker has more control over the rotations, this approach is less favorable. We present practical, or close to practical, collision attacks on both Dynamic SHA and Dynamic SHA2. Moreover, we present a preimage attack on Dynamic SHA that is faster than exhaustive search.

Cryptanalysis of hash functions with structures
Dmitry Khovratovich
Affiliations: University of Luxembourg
Hash function cryptanalysis has acquired many methods, tools and tricks from other areas, mostly block ciphers. In this paper another trick from block cipher cryptanalysis, the structures, is used for speeding up the collision search. We investigate the memory and the time complexities of this approach under different assumptions on round functions. The power of the new attack is illustrated with the cryptanalysis of the hash functions Grindahl and the analysis of the SHA-3 candidate Fugue (both functions as 256 and 512 bit versions). The collision attack on Grindahl-512 is the first collision attack on this function.

Cryptanalyses of Narrow-Pipe Mode of Operation in AURORA-512 Hash Function
Yu Sasaki
We present cryptanalyses of the AURORA-512 hash function, which is a SHA-3 candidate. We first describe a collision attack on AURORA-512. We then show a second-preimage attack on AURORA-512/-384 and explain that the randomized hashing can also be attacked. We finally show a full key-recovery attack on HMAC-AURORA-512 and universal forgery on HMAC AURORA-384. Our attack exploits weaknesses in a narrow-pipe mode of operation of AURORA-512 named ``Double-Mix Merkle-Damg\aa{}rd (DMMD)," which produces 512-bit output by updating two 256-bit chaining variables in parallel. We do not look inside of the compression function. Hence, our attack can work even if the compression function is regarded as a random oracle. The time complexity of our collision attack is approximately $2^{236}$ AURORA-512 operations, and $2^{236}\times 512$ bits of memory is required. Our second preimage attack works on any given message. The time complexity is approximately $2^{290}$ AURORA-512 operations, and $2^{288}\times 512$ bits of memory is required. Our key recovery attack on HMAC-AURORA-512, which uses 512-bit secret keys, requires $2^{257}$ queries, $2^{259}$ off-line AURORA-512 operations, and a negligible amount of memory. The universal forgery on HMAC-AURORA-384 is also possible by combining the second-preimage and key-recovery attacks.

Cryptanalysis of the full MMB Block Cipher
Meiqin Wang and Jorge Nakahara Jr and Yue Sun
The block cipher MMB was designed by Daemen, Govaerts and Vandewalle, in 1993, as an alternative to the IDEA block cipher. We exploit and describe unusual properties of the modular multiplication in $\Z_{2^{32}-1}$, but the {\bf main contributions} of this paper are detailed differential, square and linear cryptanalysis of MMB. Concerning differential cryptanalysis, we can break the full 6-round MMB with $2^{118}$ chosen plaintexts, $2^{95.91}$ full 6-round MMB encryptions and $2^{64}$ counters, effectively bypassing the ciphers countermeasures against DC. For the square attack, we can recover the 128-bit user key for 4-round variant of MMB with $2^{34}$ chosen plaintexts, $2^{126.32}$ 4-round encryptions and $2^{64}$ memory requirements. Concerning linear cryptanalysis, we present a key-recovery attack on 3-round variant of MMB requiring $2^{114.56}$ known-plaintexts and $2^{126}$ encryptions. Moreover, we detail a ciphertext-only attack on 2-round MMB using $2^{93.6}$ ciphertexts and $2^{93.6}$ parity computations. These attacks do not depend on weak-key or weak-subkey assumptions, and are thus, independent of the (redesigned) key schedule algorithm.

Cryptanalysis of the LANE Hash Function
Shuang Wu and Dengguo Feng and Wenling Wu
The LANE hash function is designed by Sebastiaan Indesteege and Bart Preneel. It is now a first round candidate of NIST's SHA-3 competition. The LANE hash function contains four concrete designs with different digest length of 224, 256, 384 and 512.

The LANE hash function uses two permutations P and Q, which consist of different number of AES-like rounds. LANE-224/256 uses 6-round P and 3-round Q. LANE-384/512 uses 8-round P and 4-round Q. We will use LANE-n-(a,b) to denote a variant of LANE with a-round P, b-round Q and a digest length n.

We have found a semi-free start collision attack on reduced-round LANE-256-(3,3) with complexity of 2^62 compression function evaluations and 2^69 memory. This technique can be applied to LANE-512-(3,4) to get a semi-free start collision attack with the same complexity of 2^62 and 2^69 memory. We also propose a collision attack on LANE-512-(3,4) with complexity of 2^94 and 2^133 memory.

Differential Fault Analysis of Rabbit
Aleksander Kircanski and Amr Youssef
Rabbit is a high speed scalable stream cipher with 128-bit key and a 64-bit initialization vector. It has passed all three stages of the ECRYPT stream cipher project and is a member of eSTREAM software portfolio. In this paper, we present a practical fault analysis attack on Rabbit. The fault model in which we analyze the cipher is the one in which the attacker is assumed to be able to fault a random bit of the internal state of the cipher but cannot control the exact location of injected faults. Our attack requires around $128-256$ faults, precomputed table of size $2^{41.6}$ bytes and recovers the complete internal state of Rabbit in about $2^{38}$ steps.

Format-Preserving Encryption
Mihir Bellare and Thomas Ristenpart
In the encryption of credit-card data as well as other applications, we may want to encipher in such a way that a certain property of the plaintext is preserved in the ciphertext. This paper initiates a treatment of this type of format-preserving encryption. We introduce a primitive that we call a general cipher that allows us to capture encryption preserving arbitrary formats. We specify an as-strong-as-possible notion of security for it that says that none but the desired property is leaked. We then provide an efficient construction of a general cipher that we call FPF.

Herding, Second Preimage and Trojan Message Attacks Beyond Merkle-Damgaard
Elena Andreeva and Charles Bouillaguet and Orr Dunkelman and John Kelsey
In this paper we present new techniques to analyze the structure of hash functions other than the Merkle-Damgaard construction. We extend the herding attack to concatenated hashes, zipper
hashes, and hash functions which iterate the message blocks several times. We follow with introducing the herding attack on tree hashes, showing how this attack can be applied in a completely different way. Furthermore, we show some new second preimage attacks (herding-based on the hash-twice, time-memory-data tradeoff based on tree hashes). Finally, we present a new type of attack - the trojan message attack, which allows for producing second preimages of unknown messages (from a small space) when they are appended with a fixed suffix.

Highly Regular m-ary Powering Ladders
Marc Joye
This paper describes new exponentiation algorithms with applications to cryptography. The proposed algorithms can be seen as m-ary generalizations of the so-called Montgomery ladder. Both left-to-right and right-to-left versions are presented. Similarly to Montgomery ladder, the proposed algorithms always repeat the same instructions in the same order and so offer a natural protection against certain implementation attacks. Moreover, as they are available in any radix m and in any scan direction, the proposed algorithms offer improved performance and greater flexibility.

Improved Cryptanalysis of the Reduced Grøstl Compression Function, ECHO Permutation and AES
Florian Mendel and Thomas Peyrin and Christian Rechberger and Martin Schläffer
In this paper, we propose two new ways to mount attacks on the SHA-3 candidates Grøstl, and ECHO, and apply these attacks also to the AES. Our results improve upon the original rebound attack. Using two new techniques, we are able to extend of the number of rounds in which available degrees of freedom can be used. As a result, we present the first attack on 7 rounds for the Grøstl-256 compression function, as well as an improved known-key distinguisher for 7 rounds of the AES and the internal permutation used in ECHO.

Improved Integral Attacks on MISTY1
Xiaorui Sun and Xuejia Lai
We present several integral attacks on MISTY1 using the $FO$ Relation. The $FO$ Relation is a more precise form of the Sakurai-Zheng Property such that the functions in the $FO$ Relation depend on 16-bit inputs instead of 32-bit inputs used in previous attacks, and that the functions do not change for different keys while previous works used different functions.

We use the $FO$ Relation to improve the 5-round integral attack. The data complexity of our attack, $2^{34}$ chosen plaintexts, is the same as previous attack, but the running time is reduced from $2^{48}$ encryptions to $2^{29.58}$ encryptions. %This improvement can greatly reduce the running time of the attack. The attack is then extended by one more round with data complexity of $2^{34}$ chosen plaintexts and time complexity of $2^{107.26}$ encryptions. By exploring the key schedule weakness of the cipher, we also present a chosen ciphertext attack on 6-round MISTY1 with all the $FL$ layers with data complexity of $2^{32}$ chosen ciphertexts and time complexity of $2^{126.09}$ encryptions. Compared with other attacks on 6-round MISTY1 with all the $FL$ layers, our attack has the least data complexity.

Information Theoretically Secure Multi Party Set Intersection Re-Visited
Arpita Patra and Ashish Choudhary and C. Pandu Rangan
We re-visit the problem of secure multiparty set intersection in information theoretic settings. In \cite{LiSetMPCACNS07}, Li et.al have proposed a protocol for multiparty set intersection problem with $n$ parties, that provides information theoretic security, when $t < \frac{n}{3}$ parties are corrupted by an active adversary having {\it unbounded computing power}. In \cite{LiSetMPCACNS07}, the authors claimed that their protocol takes six rounds of communication and communicates ${\cal O}(n^4m^2)$ field elements, where each party has a set containing $m$ field elements. However, we show that the round and communication complexity of the protocol in \cite{LiSetMPCACNS07} is much more than what is claimed in \cite{LiSetMPCACNS07}. We then propose a {\it novel} information theoretically secure protocol for multiparty set intersection with $n > 3t$, which significantly improves the "actual" round and communication complexity (as shown in this paper) of the protocol given in \cite{LiSetMPCACNS07}. To design our protocol, we use several tools which are of independent interest.

More On Key Wrapping
Rosario Gennaro and Shai Halevi
We address the practice of key-wrapping, where one symmetric cryptographic key is used to encrypt another. This practice is used extensively in key-management architectures, often to create an "adapter layer" between incompatible legacy systems. Although in principle any secure encryption scheme can be used for key wrapping, practical constraints (which are commonplace when dealing with legacy systems) may severely limit the possible implementations, sometimes to the point of ruling out any "secure general-purpose encryption." It is therefore desirable to identify the security requirements that are "really needed" for the key-wrapping application, and have a large variety of implementations that satisfy these requirements.

This approach was developed in a work by Rogaway and Shrimpton at EUROCRYPT 2006. They focused on allowing deterministic encryption, and defined a notion of \emph{deterministic authenticated encryption} (DAE), which roughly formalizes "the strongest security that one can get without randomness." Although DAE is weaker than full blown authenticated encryption, it seems to suffice for the case of key wrapping (since keys are random and therefore the encryption itself can be deterministic). Rogaway and Shrimpton also described a mode of operation for block ciphers (called SIV) that realizes this notion.

We continue in the direction initiated by Rogaway and Shirmpton. We first observe that the notion of DAE still rules out many practical and ``seemingly secure'' implementations. We thus look for even weaker notions of security that may still suffice. Specifically we consider notions that mirror the usual security requirements for symmetric encryption, except that the inputs to be encrypted are random rather than adversarially chosen. These notions are all strictly weaker than DAE, yet we argue that they suffice for most applications of key wrapping.

As for implementations, we consider the key-wrapping notion that mirrors authenticated encryption, and investigate a template of Hash-then-Encrypt (HtE), which seems practically appealing: In this method the key is first "hashed" into a short nonce, and then the nonce and key are encrypted using some standard encryption mode. We consider a wide array of "hash functions", ranging from a simple XOR to collision-resistant hashing, and examine what "hash function" can be used with what encryption mode.

More on the Security of Linear RFID Authentication Protocols
Matthias Krause and Dirk Stegemann
The limited computational resources available in RFID tags implied an intensive search for light weight authentication protocols in the last years. The most promising suggestions were those of the $\textsf{HB}$-familiy ($\textsf{HB}^+$, $\textsf{HB}^{\#}$, Trusted$\textsf{HB}$, ...) initially introduced by Juels and Weis, which are provably secure (via reduction to the Learning Parity with Noise (LPN) problem) against passive and some kinds of active attacks. Their main drawbacks are large amounts of communicated bits and the fact that all known $\textsf{HB}$-type protocols have been proven to be insecure with respect to certain types of active attacks. As a possible alternative, authentication protocols based on choosing random elements from $L$ secret linear $n$-dimensional subspaces of $GF(2)^{n+k}$ (so called CKK-protocols) were introduced by Cicho\'{n}, Klonowski, and Kuty\l owski. These protocols are special cases of (linear) $(n,k,L)$-protocols which we investigate in this paper. We present several active and passive attacks against $(n,k,L)$-protocols, thereby giving some evidence that the security of $(n,k,L)$-protocols can be reduced to the hardness of the {\it learning unions of linear subspaces} (LULS) problem. We then present a learning algorithm for LULS based on solving overdefined systems of degree $L$ in $Ln$ variables. Under the hardness assumption that LULS-problems cannot be solved significantly faster, linear $(n,k,L)$-protocols (with properly chosen $n,k,L$) could be interesting for practical applications.

New Cryptanalysis of Irregularly Decimated Stream Ciphers
Bin Zhang
In this paper we investigate the security of irregularly decimated stream ciphers. We present an improved correlation analysis of various irregular decimation mechanisms, which allows us to get much larger correlation probabilities than previously known methods. Then new correlation attacks are launched against the shrinking generator with Krawczyk's parameters, LILI-$\amalg$, DECIM$^{\textit{v2}}$ and DECIM-{$128$} to access the security margin of these ciphers. We show that the shrinking generator with Krawczyk's parameters is practically insecure; the initial internal state of LILI-$\amalg$ can be recovered reliably in $2^{72.5}$ operations, if $2^{24.1}$-bit keystream and $2^{74.1}$-bit memory are available. This disproves the designers' conjecture that the complexity of any divide-and-conquer attack on LILI-$\amalg$ is in excess of $2^{128}$ operations and requires a large amount of keystream. We also examine the main design idea behind DECIM, i.e., to filter and then decimate the output using the ABSG algorithm, by showing a class of correlations in the ABSG mechanism and mounting attacks faster than exhaustive search on a $160$-bit (out of $192$-bit) reduced version of DECIM$^{\textit{v2}}$ and on a $256$-bit (out of $288$-bit) reduced version of DECIM-{$128$}. Our result on DECIM is the first nontrivial cryptanalytic result besides the time/memory/data tradeoffs. While our result confirms the underlying design idea, it shows an interesting fact that the security of DECIM rely more on the length of the involved LFSR than on the ABSG algorithm.

New Results on Impossible Differential Cryptanalysis of Reduced Round Camellia-128
Hamid Mala and Mohsen Shakiba and Mohammad Dakhil-alian
Camellia, a 128-bit block cipher which has been accepted by ISO/IEC as an international standard, is increasingly being used in many cryptographic applications. In this paper, using the redundancy in the key schedule and accelerating the filtration of wrong pairs, we present a new impossible differential attack to reduced-round Camellia. By this attack 12-round Camellia-128 without FL/FL-1 functions and whitening is breakable with a total complexity of about 2^116.6 encryptions and 2^116.3 chosen plaintexts. In terms of the numbers of the attacked rounds, our attack is better than any previously known attack on Camellia-128.

On Repeated Squarings in Binary Fields
Kimmo U. Järvinen
In this paper, we discuss the problem of computing repeated squarings (exponentiations to a power of 2) in finite fields with polynomial basis. Repeated squarings have importance, especially, in elliptic curve cryptography where they are used in computing inversions in the field and scalar multiplications on Koblitz curves. We explore the problem specifically from the perspective of efficient implementation using field-programmable gate arrays (FPGAs) where the look-up table structure helps to reduce both area and delay overheads. We propose several repeated squarer architectures and demonstrate their practicability for FPGA-based implementations. Finally, we show that the proposed repeated squarers can offer significant speedups and even improve resistivity against side-channel attacks.

Optimization strategies for hardware-based cofactorization
Daniel Loebenberger and Jens Putzka
We use the specific structure of the inputs to the cofactorization step in the general number field sieve (GNFS) in order to optimize the runtime for the cofactorization step on a hardware cluster. An optimal distribution of bitlength-specific ECM modules is proposed and compared to existing ones. With our optimizations we obtain a speedup between 17% and 33% of the cofactorization step of the GNFS when compared to the runtime of an unoptimized cluster.

Practical Collisions for SHAMATA
Sebastiaan Indesteege and Florian Mendel and Bart Preneel and Martin Schlaeffer
In this paper we present a practical collision attack on the SHA-3 submission SHAMATA. SHAMATA is a stream cipher-like hash function design with components of the AES, and it is one of the fastest submitted hash functions. In our attack we show weaknesses in the message injection and state update of SHAMATA. It is possible to find certain message differences that do not get changed by the message expansion and non-linear part of the state update function. This allows us to find a differential path with a complexity of about $2^{96}$ for SHAMATA-256 and about $2^{110}$ for SHAMATA-512, using a linear low-weight codeword search. Using an efficient guess-and-determine technique we can significantly improve the complexity of this differential path for SHAMATA-256. With a complexity of about $2^{40}$ we are even able to construct practical collisions for the full hash function SHAMATA-256.

Practical pseudo-collisions for hash functions ARIRANG-224/384
Jian Guo and Krystian Matusiewicz and Lars R. Knudsen and San Ling and Huaxiong Wang
In this paper we analyse the security of the SHA-3 candidate ARIRANG. We show that bitwise complementation of whole registers turns out to be very useful for constructing high-probability differential characteristics in the function. We use this approach to find near-collisions with Hamming weight 32 for the full compression function as well as collisions for the compression function of ARIRANG reduced to 26 rounds, both with complexity close to $2^0$ and memory requirements of only a few words. We use near collisions for the compression function to construct pseudo-collisions for the complete hash functions ARIRANG-224 and ARIRANG-384 with complexity $2^{23}$ and close to $2^0$, respectively. We implemented the attacks and provide examples of appropriate pairs of $H,M$ values. We also provide possible configurations which may give collisions for step-reduced and full ARIRANG.

Real Traceable Signatures
Sherman S.M. Chow
Traceable signature scheme extends a group signature scheme with an enhanced anonymity management mechanism. The group manager can compute a tracing trapdoor which enables anyone to test if a signature is signed by a given misbehaving user, where the only way to do so for group signatures requires revealing the signer of all signatures. Nevertheless, it is not tracing in a strict sense. For all existing schemes, $T$ tracing agents need to recollect all $N'$ signatures ever produced and perform $RN'$ ``checks'' for $R$ revoked users. This involves a high volume of transfer and computations. Increasing $T$ maximizes the degree of parallelism for tracing but also the probability of ``missing'' some signatures.

We propose a new and efficient way of tracing -- the tracing trapdoor allows the reconstruction of tags such that each of them can uniquely identify a signature of a misbehaving user. Identifying $N$ signatures out of the total of $N'$ signatures ($N <<>

Weak Keys of the Block Cipher PRESENT for Linear Cryptanalysis
Kenji Ohkuma
The block cipher PRESENT designed as an ultra-light weight cipher has the 31-round SPN structure with S-box layers with 16-parallel 4-bit S-boxes and diffusion layers with a bit permutation. The designers evaluated the maximum linear characteristic deviation is not more than $2^{-43}$ for 28 rounds and concluded that the linear cryptanalysis is not vulnerable to PRESENT. But we have found that 32% of PRESENT keys are weak for linear cryptanalysis, and the linear deviation can be much larger than the linear characteristic value by multi-path effect. And we evaluated that a 28-round path with a linear deviation $2^{-39.3}$ for the weak keys. Furthermore, we found that the linear cryptanalysis is applicable up to 24-round reduced version of PRESENT for the weak keys.

http://sac.ucalgary.ca/agenda/accepted_papers

ProvSec 2009

2009-07-20T02:08:00.000-07:00

Accepted Papers

1. Title: How to Prove Security of A Signature with A Tighter Security Reduction
Authors: GUO Fuchun and Mu Yi

2. Title: An eCK-secure Authenticated Key Exchange Protocol Without Random Oracles
Authors: Moriyama Daisuke and Okamoto Ttatsuaki

3. Title: Oracle Separation in the Non-Uniform Model
Authors: Buldas Ahto, Niitsoo Margus and Laur Sven

4. Title: Anonymous Conditional Proxy Re-encryption Without Random Oracle
Authors: Fang Liming, Wang Jiandong and Susilo Willy

5. Title: Identity-Based Verifiably Encrypted Signatures Without Random Oracles
Authors: Zhang Lei , Qin Bo and Wu Qianhong

6. Title: Zero-Knowledge Protocols for NTRU: Application to Identification and Plaintext Proof
Authors: Xagawa Keita and Tanaka Keisuke

7. Title: GUC-Secure Set-Intersection Computation
Authors: Yuan TIAN

8. Title: Chosen-Ciphertext Secure RSA-type Cryptosystems
Authors: Joye Marc and Chevallier-Mames Benoît

9. Title: Twin Signature Schemes, Revisited
Authors: Schäge Sven

10. Title: On the Insecurity of the Fiat-Shamir Signatures with Iterated Hash Functions
Authors: Fujisaki Eiichiro, Nishimaki Ryo and Tanaka Keisuke

11. Title: Spatial Encryption under Simpler Assumption
Authors: Zhou Muxin and Cao Zhenfu

12. Title: Self-Enforcing Private Inference Control
Authors: Yang Yanjiang, Bao Feng, Zhou Jianying, Weng Jian and Li Yingjiu

13. Title: Comparing SessionStateReveal and EphemeralKeyReveal for Diffie-Hellman protocols
Authors: Ustaoglu Berkant

14. Title: Anonymous Signatures Revisited
Authors: Saraswat Vishal and Yun Aaram

15. Title: Is the Notion of Divisible On-line/Off-line Signatures Stronger than On-line/Off-line Signatures? (An affirmative answer to an open problem in CT-RSA 2009)
Authors: Au Man Ho, Mu Yi and Susilo Willy

16. Title: Breaking and Fixing of an Identity Based Multi-Signcryption Scheme
Authors: S Sharmila , Rangan C Pandu and Vivek Sree

17. Title: Password Authenticated Key Exchange Based on RSA in the Three-Party Settings
Authors: Dongna E, Chuangui Ma and Qingfeng Cheng

18. Title: Efficient Non-Interactive Universally Composable String-Commitment Schemes
Authors: Nishimaki Ryo, Tanaka Keisuke and Fujisaki Eiichiro

19. Title: Server-Controlled Identity-Based Authenticated Key Exchange
Authors: Guo Hua, Mu Yi, Zhang Xiyong and Li Zhoujun

http://ist.sysu.edu.cn/ProvSec2009/

Workshop on RFID Security 2009

2009-07-07T08:38:00.000-07:00

http://www.cosic.esat.kuleuven.be/rfidsec09/index.html

The Ff-Family of Protocols for RFID-Privacy and Authentication
Erik-Oliver Blass

Coupon Recalculation for the Schnorr and GPS Identification Scheme: A Performance Evaluation
Christoph Nagl

When Compromised Readers Meet RFID
Tania Martin

Modeling Privacy for Off-line RFID Systems
Flavio D. Garcia

Un-Trusted-HB: Security Vulnerabilities of Trusted-HB
Adi Shamir

The Dark Side of Security by Obscurity and Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime
Nicolas T. Courtois

Weaknesses in Two Recent Lightweight RFID Authentication Protocols
Pedro Peris-Lopez

New Methods for Cost-Effective Side-Channel Attacks on Cryptographic RFIDs
David Oswald

Practical Experiences with NFC Security on mobile Phones
Gauthier Van Damme

Pathchecker: an RFID Application for Tracing Products in Suply-Chains
Khaled Ouafi

Hyperelliptic curve processor for RFID tags
Junfeng Fan

We Can Remember It for You Wholesale: Implications of Data Remanence on the Use of RAM for True Random Number Generation on RFID Tags
Jonathan Voris

Efficient RFID Security and Privacy with Anonymizers
Christian Wachsmann

Using HB Family of Protocols for Privacy-Preserving Authentication of RFID Tags in a Population
Jonathan Voris

A Flyweight RFID Authentication Protocol
Jorge Munilla

Semi-Destructive Privacy in RFID Systems
Paolo D'Arco

ALGOSENSORS 2009

2009-07-07T08:29:00.000-07:00

5^th International Workshop on Algorithmic Aspects of Wireless Sensor Networks

http://www.algosensors.org/algosensors09/index.php

Bernadette Charron-Bost, Jennifer Welch and Josef Widder. Link Reversal: How to play better to work less
Marek Klonowski, Miroslaw Kutylowski and Jan Zatopianski. Energy Efficient Alert in Single-Hop Networks of Extremely Weak Devices
David Kirkpatrick and Sergey Bereg. Approximating barrier resilience in wireless sensor networks
Milan Bradonjic, Eddie Kohler and Rafail Ostrovsky. Near-Optimal Radio Use For Wireless Network Synchronization
Olaf Bonorden, Bastian Degener, Barbara Kempkes and Peter Pietrzyk. Complexity and approximation of a geometric local robot assignment problem
Chen Avin, Zvi Lotker, Francesco Pasquale and Yvonne Anne Pignolet. A Note on Uniform Power Connectivity in the SINR Model
Sorelle Friedler and David Mount. Compressing Kinetic Data From Sensor Networks
Zeev Nutov and Michael Segal. Improved Approximation Algorithms for Maximum Lifetime Problems in Wireless Networks
Jacek Cichon, Jaroslaw Grzaslewicz and Miroslaw Kutylowski. Securing Random Key Predistribution Against Node Captures
Onur Tekdas, Yokesh Kumar, Volkan Isler and Ravi Janardan. Building a Communication Bridge with Mobile Hubs
Saira Viqar and Jennifer Welch. Deterministic Collision Free Communication Despite Continuous Motion
Pierre Leone, Marina Papatriantafilou and Elad M. Schiller. Relocation Analysis of Stabilizing MAC Algorithms for Large-Scale Mobile Ad Hoc Networks
Michael Keane, Evangelos Kranakis, Danny Krizanc and Lata Narayanan. Routing on Delay Tolerant Sensor Networks
Florian Huc, Aubin Jarry, Pierre Leone, Jose Rolim, Luminita Moraru and Sotiris Nikoletseas. Early Obstacle Detection and Avoidance for All to All Traffic Pattern in Wireless Sensor Networks
Paolo D'Arco, Alessandra Scafuro and Ivan Visconti. Revisiting DoS Attacks and Privacy in RFID-Enabled Networks
Carme Alvarez, Amalia Duch, Joaquim Gabarro and Maria Serna. Sensor Field: A computational model
Peter Glaus. Locating a Black Hole without the Knowledge of Incoming Link
Xiaoyang Guan. Better Face Routing Protocols
Avery Miller. Gossiping in Jail
Stefan Dziembowski, Alessandro Mei and Alessandro Panconesi. On Active Attacks on Sensor Network Key Distribution Schemes
Yoann Dieudonne and Franck Petit. Self-stabilizing Deterministic Gathering

2nd IEEE International Workshop on Hardware-Oriented Security and Trust HOST-2009

2009-07-06T01:02:00.000-07:00

http://www.engr.uconn.edu/HOST/

Local Heating Attacks on Flash Memory Devices
Sergei Skorobogatov,

Fault Analysis of Grain-128
Guilhem Castagnos, Alexandre Berzati, Cécile Canovas, Blandine
Debraize, Louis Goubin, Aline Gouget, Pascal Paillier and Stephanie
Salgado,

Security Evaluation of Different AES Implementations Against Practical
Setup Time Violation Attacks in FPGAs
Shivam Bhasin, Nidhal Selmane, Sylvain Guilley and Jean-Luc Danger,

ReconfigurablePhysicalUnclonableFunctions--EnablingTechnologyfor
Tamper-Resistant Storage
Klaus Kursawe, Ahmad-Reza Sadeghi, Dries Schellekens, Boris Skoric and
Pim Tuyls,

Circuit Level Techniques for Reliable Physically Uncloneable Functions
Vignesh Vivekraja and Leyla Nazhandali. ,

Temperature-Aware Cooperative Ring Oscillator PUF
Chi-En Yin and Gang Qu.

Robust Stable Radiometric Fingerprinting for Frequency Reconfigurable
Devices
Andrea Candore, Ovunc Kocabas and Farinaz Koushanfar,

Experiences in Hardware Trojan Design and Implementation
Yier Jin, Nathan Kupp and Yiorgos Makris,

Performance of Delay-Based Trojan Detection Techniques under
Parameter Variations
Devendra Rai and John Lach,

New Design Strategy for Improving Hardware Trojan Detection and
Reducing Trojan Activation Time
Hassan Salmani, Mohammad Tehranipoor and Jim Plusquellic,

Analysis and Design of Active IC Metering Schemes
Roel Maes, Dries Schellekens, Pim Tuyls and Ingrid Verbauwhede,

Secure IP-Block Distribution for Hardware Devices
Jorge Guajardo, Tim Gueneysu, Sandeep S. Kumar and Christof Paar,

Extended Abstract: Early Feedback on Side-Channel Risks with
Accelerated Toggle-Counting
Zhimin Chen and Patrick Schaumont. ,

Security Through Obscurity:
An Approach for Protecting Register Transfer Level Hardware IP
Rajat Subhra Chakrabortyand Swarup Bhunia,

OS Support for Detecting Trojan Circuit Attacks
Gedare Bloom, Bhagirath Narahari and Rahul Simha,

VITAMIN: Voltage Inversion Technique
to Ascertain Malicious Insertions in ICs
Mainak Banga and Michael S. Hsiao,

Dynamic Evaluation of Hardware Trust
David McIntyre, Francis Wolff, Chris Papachristou and Swarup Bhunia,

14th European Symposium on Research in Computer Security (ESORICS 2009)

2009-07-06T00:51:00.000-07:00

Esorics 2009: List of accepted papers

Dynamic Enforcement of Abstract Separation of Duty Constraints
David A. Basin (Information Security, Department of Computer Science, ETH Zurich),
Samuel J. Burri (Security Group, Zurich Research Laboratory, IBM Research), Günter
Karjoth (Security Group, Zurich Research Laboratory, IBM Research)

Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud
Computing
Qian Wang (Illinois Institute of Technology), Cong Wang (Illinois Institute of Technology),
Jin Li (Illinois Institute of Technology), Kui Ren (Illinois Institute of Technology), Wenjing
Lou (Worcester Polytechnic Institute)

Requirements and protocols for inference-proof interactions in information
systems
Joachim Biskup (Technische Universitaet Dortmund), Christian Gogolin (Technische
Universitaet Dortmund), Jens Seiler (Technische Universitaet Dortmund), Torben Weibert
(Technische Universitaet Dortmund)

Automatically Generating Models for Botnet Detection
Peter Wurzinger (Technical University Vienna), Leyla Bilge (Institute Eurecom), Thorsten
Holz (University of Mannheim), Jan Göbel (University of Mannheim), Christopher Kruegel
(University of California, Santa Barbara), Engin Kirda (Institute Eurecom)

A Privacy Preservation Model for Facebook-Style Social Network Systems
Philip W. L. Fong (University of Calgary), Mohd Anwar (University of Calgary), Zhen Zhao
(University of Regina)

Tracking Information Flow in Dynamic Tree Structures
Alejandro Russo (Chalmers), Andrei Sabelfeld (Chalmers), Andrey Chudnov (Stevens)

Exploiting a Content Delivery Network for an Attack Against Its Customers
Sipat Triukose (Case Western Reserve University), Zakaria Al-Qudah (Case Western
Reserve University), Michael Rabinovich (Case Western Reserve University)

ID-based Secure Distance Bounding and Localization
Nils Ole Tippenhauer (ETH Zurich), Srdjan Capkun (ETH Zurich)

Synthesising Secure APIs
Veronique Cortier (LORIA, Projet Cassis, CNRS & INRIA), Graham Steel (LSV, INRIA &
CNRS & ENS-Cachan)

ReFormat: Automatic Reverse Engineering of Encrypted Messages
Zhi Wang (North Carolina State University), Xuxian Jiang (North Carolina State
University), Weidong Cui (Microsoft Research), Xinyuan Wang (George Mason
University), Mike Grace (North Carolina State University)

Towards a theory of accountability and audit
Radha Jagadeesan (School of CDM, DePaul University, Chicago.), Alan Jeffrey (Bell Labs,
Alcatel-Lucent), Corin Pitcher (School of CDM, DePaul University, Chicago), James Riely
(School of CDM, DePaul University, Chicago)

Cumulative Attestation Kernels for Embedded Systems
Michael LeMay (University of Illinois at Urbana-Champaign), Carl A. Gunter (University of
Illinois at Urbana-Champaign)
Hide and Seek in Time - Robust Covert Timing Channels
Yali Liu (University of California, Davis), Frederik Armknecht (Ruhr-University), Dipak
Ghosal (University of California, Davis), Stefan Katzenbeisser (Technische Universität
Darmstadt), Ahmad-Reza Sadeghi (Ruhr-University), Steffen Schulz (Ruhr-University)

Formal Indistinguishability extended to the Random Oracle Model
Cristian Ene (Université Grenoble 1, CNRS, Verimag), Yassine Lakhnech (Université
Grenoble 1, CNRS, Verimag), Van Chan Ngo (ETH Zürich)

Secure ownership and ownership transfer in RFID systems
Ton van Deursen (University of Luxembourg), Sjouke Mauw (University of Luxembourg),
Sasa Radomirovic (University of Luxembourg), Pim Vullers (Eindhoven University of
Technology and University of Luxembourg)

Secure Pseudonymous Channels
Sebastian Moedersheim (IBM Zurich Research Laboratory), Luca Vigano (University of
Verona)

Learning More About the Underground Economy: A Case-Study of Keyloggers
and Dropzones
Thorsten Holz (University of Mannheim), Markus Engelberth (University of Mannheim),
Felix Freiling (University of Mannheim)

Reliable Evidence: Auditability by Typing
Nataliya Guts (MSR-INRIA Joint Centre), Cédric Fournet (Microsoft Research), Francesco
Zappa Nardelli (INRIA)

Usable Access Control in Collaborative Environments: Authorization based on
People-Tagging
Qihua Wang (Purdue University), Hongxia Jin (IBM Almaden Research Center), Ninghui Li
(Purdue University)

Data Structures with Unpredictable Timing
Darrell Bethea (University of North Carolina at Chapel Hill), Mike Reiter (University of
North Carolina at Chapel Hill)

New Privacy Results on Synchronized RFID Authentication Protocols Against
Tag Tracing
Ching Yu Ng (University of Wollongong), Willy Susilo (University of Wollongong), Yi Mu
(University of Wollongong), Rei Safavi-Naini (University of Calgary)

Set Covering Problems in Role-Based Access Control
Liang Chen (Royal Holloway, University of London), Jason Crampton (Royal Holloway,
University of London)

The wisdom of Crowds: attacks and optimal constructions
George Danezis (Microsoft Research), Claudia Diaz, Emilia Kasper, and Carmela Troncoso
(K.U. Leuven/IBBT, ESAT/SCD-COSIC)

Lightweight Opportunistic Tunneling (LOT)
Amir Herzberg, Yossi Gilad (Bar Ilan University)

Authentic Time-Stamps for Archival Storage
Alina Oprea (RSA Laboratories), Kevin Bowers (RSA Laboratories)

WORM-SEAL: Trustworthy Data Retention and Verification for Regulatory
Compliance
Tiancheng Li (Purdue University), Xiaonan Ma (IBM Almaden Research Center), Ninghui Li
(Purdue University)

Type-based Analysis of PIN Processing APIs
Matteo Centenaro (University of Venice, Italy), Riccardo Focardi (University of Venice,
Italy), Flaminia Luccio (University of Venice, Italy), Graham Steel (LSV, ENS Cachan \&
CNRS \& INRIA, France)

Computationally Sound Analysis of a Probabilistic Contract Signing Protocol
Mihhail Aizatulin (University of Kiel), Henning Schnoor (University of Kiel), Thomas Wilke
(University of Kiel)

Secure Evaluation of Private Linear Branching Programs with Medical
Applications
Mauro Barni (University of Siena), Pierluigi Failla (University of Siena), Vladimir
Kolesnikov (Bell Laboratories), Riccardo Lazzeretti (University of Siena), Ahmad-Reza
Sadeghi (Ruhr-University Bochum), Thomas Schneider (Ruhr-University Bochum)

Declassification with Explicit Reference Points
Alexander Lux (TU Darmstadt), Heiko Mantel (TU Darmstadt)

Keep a Few: Outsourcing Data while Maintaining Confidentiality
Valentina Ciriani (DTI - Universita' degli Studi di Milano), Sabrina De Capitani di
Vimercati (DTI - Universita' degli Studi di Milano), Sara Foresti (DTI - Universita' degli
Studi di Milano), Sushil Jajodia (CSIS - George Mason University), Stefano Paraboschi
(DIIMM - University of Bergamo), Pierangela Samarati (DTI - Universita' degli Studi di
Milano)

User-Centric Handling of Identity Agent Compromise
Daisuke Mashima, Mustaque Ahamad, Swagath Kannan

Ciphertext-Policy Attribute-Set Based Encryption
Rakesh Bobba (University of Illinois), Himanshu Khurana (University of Illinois), Manoj
Prabhakaran (University of Illinois)

Model-Checking DoS Amplification for VoIP Session Initiation
Ravinder Shankesi (University of Illinois), Musab AlTurki (University of Illinois), Ralf
Sasse (University of Illinois), Carl Gunter (University of Illinois), Jose Meseguer
(University of Illinois)

Protocol Normalization using Attribute Grammars
Drew Davidson (University of Wisconsin-Madison), Randy Smith (University of Wisconsin-
Madison), Nic Doyle (CISCO Systems), Somesh Jha (University of Wisconsin-Madison)

The Coremelt Attack
Ahren Studer (Carnegie Mellon University), Adrian Perrig (Carnegie Mellon University)

Isolating JavaScript with Filters, Rewriting, and Wrappers
Sergio Maffeis (Imperial College, London), John C. Mitchell (Stanford University), Ankur
Taly (Stanford University)

PCAL: Language Support for Proof-Carrying Authorization Systems
Avik Chaudhuri (University of Maryland, College Park), Deepak Garg (Carnegie Mellon
University)

Super-efficient Aggregating History-independent Persistent Authenticated
Dictionaries
Scott A. Crosby (Rice University), Dan S. Wallach (Rice University)

Client-Side Detection of XSS Worms by Monitoring Payload Propagation
Fangqi Sun (UC Davis), Liang Xu (UC Davis), Zhendong Su (UC Davis)

Corruption-Localizing Hashing
Shaoquan Jiang, Reihaneh Safavi-Naini

An Effective Method for Combating Malicious Scripts Clickbots
Yanlin Peng (Iowa State University), Linfeng Zhang (Iowa State University), J. Morris
Chang (Iowa State University), Yong Guan (Iowa State University)

http://conferences.telecom-bretagne.eu/esorics2009/EN/home.php

Accepted Papers GeoCrypt2009

2009-06-29T01:22:00.000-07:00

You can even download the slides of some presentations here :

http://iml.univ-mrs.fr/ati/GeoCrypt2009/slides_of_talks.htm

Number of points of Jacobian and Pryme varieties
Yves Aubry (Université du Sud Toulon-Var)

Asymptotically exact sequences of function fields and applications
Stéphane Ballet (IML, Marseille)

About Hironaka's invariants
Vincent Cossart (Université de Versailles-Saint Quentin)

Genus 2 curves with many rational points
Noam D. Elkies (Harvard University, Cambridge)

Cryptography and arithmetic geometry: a 25-year love (?) story
Marc Girault (Expert, Caen)

Abelian varieties without algebraic geometry
Everett Howe (CCR, San Diego)

On post-quantum PKCs: on our public key cryptosystem based on subfield subcodes of AG-codes
Heeralal Janwa (UPR Rio Piedras Campus, Porto Rico)

Unified, strongly unified and complete formulae for point addition on elliptic curves
Marc Joye (Thomson R&D, Security Labs)

Inequalities for the number of points of curves over finite fields deduced from explicit formulas
Gilles Lachaud (IML, Marseille)

Gluings of abelian varieties and applications
Kristin Lauter (Microsoft Research, Redmond)

A CM construction of genus 2 curves with p-rank 1
Gary McGuire (University College Dublin)

Explicit computations of Serre's obstruction for genus 3 curves
Christophe Ritzenthaler (IML, Marseille)

Polynomials on F2m with good resistance to cryptanalysis
François Rodier (IML, Marseille)

Divisors of dimension zero
Robert Rolland (Expert, ACRYPTA, Marseille)

Twists of elliptic curves and Hilbert's tenth problem
Karl Rubin (University of California, Irvine)

Curves over F2 with many points
René Schoof (Università di Roma 2)

Point counting on reductions of CM abelian varieties
Alice Silverberg (University of California, Irvine)

Efficient CM-constructions
Peter Stevenhagen (Universiteit Leiden)

Moduli of nondegenerate curves
John Voight (University of Vermont, Burlington)

RAID 2009

2009-06-29T01:18:00.000-07:00

Accepted papers

RAID (Recent Advances in Intrusion Detection) 2009

http://www.rennes.supelec.fr/RAID2009/index.html

Guanhua Yan, Stephan Eidenbenz and Emanuele Galli. SMS-Watchdog: Profiling Social Behaviors of SMS Users for Anomaly Detection

Peng Li, Debin Gao and Mike Reiter. Automatically Adapting a Trained Anomaly Detector to Software Patches

Grégoire Jacob, Hervé Debar and Eric Filiol. Malware Behavioral Detection by Attribute-Automata using Abstraction from Platform and Language

Saira Zahid, Muhammad Shahzad, Syed Ali Khayam and Muddassar Farooq. Keystroke-based User Identification on Smart Phones

Damiano Bolzoni, Sandro Etalle and Pieter Hartel. Panacea: Automating Attack Classification for Anomaly-based Network Intrusion Detection Systems

Jérome François, Humberto Abdelnur, Radu State and Olivier Festor. Automated Behavioral Fingerprinting

Martin Rehak, Eugen Staab, Volker Fusenig, Michal Pechoucek, Martin Grill, Jan Stiborek and Karel Bartos. Runtime Monitoring and Dynamic Reconfiguration for Intrusion Detection Systems

Juan Caballero, Zhenkai Liang, Pongsin Poosankam and Dawn Song. Towards Generating High Coverage Vulnerability-based Signatures with Protocol-level Constraint-guided Exploration

Lei Liu, Guanhua Yan, Xinwen Zhang and Songqing Chen. VirusMeter: Preventing Your Cellphone from Spies

Giorgos Vasiliadis, Michalis Polychronakis, Spiros Antonatos, Evangelos Markatos and Sotiris Ioannidis. Regular Expression Matching on Graphics Hardware for Intrusion Detection

Scott Schneider, Kent Griffin, Tzi-cker Chiueh and Xin Hu. Automatic Generation of String Signatures for Malware Detection

Chaoting Xuan, John Copeland and Raheem Beyah. Toward Revealing Kernel Malware Behavior in Virtual Execution Environments

Federico Maggi, William Robertson, Christopher Kruegel and Giovanni Vigna. Protecting a Moving Target: Addressing Web Application Concept Drift

Jaideep Chandrashekar, Frederic Giroire, Nina Taft, Eve Schooler and Dina Papagiannaki. Exploiting Temporal Persistence to Detect Covert Botnet Channels

Daniel Luchaup, Randy Smith, Cristian Estan and Somesh Jha. Multi-Byte Regular Expression Matching with Speculation

M. Zubair Shafiq, S. Momina Tabish and Muddassar Farooq. Realtime Mining of Structural Information to Detect Zero-Day Malicious Portable Executables

Gabriela Cretu-Ciocarlie, Angelos Stavrou, Michael Locasto and Salvatore Stolfo. Adaptive Anomaly Detection via Self-Calibration and Dynamic Updating

Cryptography Research Announces Integration of SASEBO-G into DPA WorkstationTM

2009-06-24T00:10:00.000-07:00

an interesting news

http://www.earthtimes.org

SAN FRANCISCO - (Business Wire) Cryptography Research, Inc. (CRI) today announced integration of the SASEBO-G board with its DPA Workstation^TM to enable testing of FPGA images against side channel attacks such as Simple Power Analysis (SPA) and Differential Power Analysis (DPA).

DPA Workstation software release v 6.16 includes the capability to test FPGAs using the SASEBO-G board developed by the National Institute of Advanced Industrial Science and Technology (AIST). The release also adds improved visualization tools for interpretation and manipulation of power analysis waveforms.

The SASEBO-G board offers a platform optimized for performing power analysis on Xilinx FPGA images. CRI’s advanced data collection and analysis software integrates direct I/O and data collection capability with the SASEBO-G platform. Akashi Satoh, head of the SASEBO project at AIST, said, “We are delighted to work with Cryptography Research to bring the capability to evaluate sophisticated hardware cryptographic modules against side channel attacks.”

The DPA Workstation is recognized as the leading side channel analysis platform, enabling the testing of a wide variety of devices with support for all major cryptographic algorithms including DES, Triple-DES, AES, RSA, Elliptic Curve, SHA and proprietary algorithms. “The integration of the advanced SASEBO-G platform with the advanced DPA Workstation^TM confirms CRI’s commitment to delivering state of the art evaluation tools to protect fielded devices against power analysis and other side channel attacks,” said Benjamin Jun, CRI’s vice president of technology.

About SASEBO

The SASEBO (Side channel Attack Standard Evaluation Boards) were developed by the Research Center for Information Security (RCIS) of the National Institute of Advanced Industrial Science and Technology (AIST) and Tohoku University as a research project sponsored by METI (Ministry of Economy, Trade and Industry, Japan) to provide a standard evaluation reference for cryptographic modules. The SASEBO website can be found at: http://www.rcis.aist.go.jp/special/SASEBO/index-en.html.

About the DPA Workstation^TM

The Cryptography Research DPA Workstation^TM is the most powerful and flexible side channel analysis testing platform available, and is used by leading companies and governments throughout the world. The DPA Workstation^TM includes the hardware, software and training needed to perform sophisticated power analysis testing and evaluation, and includes full source code allowing extensive customization for use with a variety of environments and device types.

About Cryptography Research, Inc.

Cryptography Research, Inc. provides technology to solve complex security problems. In addition to security evaluation and applied engineering work, the company is actively involved in long-term research and technology licensing in areas including content protection, tamper resistance, network security and financial services. Security systems designed by Cryptography Research engineers protect more than $100 billion of commerce annually for wireless, telecommunications, financial, entertainment, digital television and Internet industries. For additional information, please visit www.cryptography.com.

Andrew Lloyd & Associates
Carol Leslie, +44 1273 675100 (Europe)
carol@ala.com
or
Schwartz Communications
Dan Borgasano, +1-415-512-0770 (United States)
CRI@schwartz-pr.com

ISC 09

2009-06-23T05:31:00.000-07:00

List of Accepted Papers

Full papers

10	-	Detection of Database Intrusion using a Two-Stage Fuzzy System
		Suvasini Panigrahi and Shamik Sural
17	-	F3ildCrypt: End-to-End Protection of Sensitive Information in Web Services
		Matthew Burnside and Angelos Keromytis
21	-	On the security of Identity Based Ring Signcryption Schemes
		Sharmila Deva Selvi S., Sree Vivek S., and Pandu Rangan C.
22	-	Privacy-aware Attribute-based Encryption with User Accountability
		Jin Li, Kui Ren, Bo Zhu, and Zhiguo Wan
24	-	An efficient distance bounding RFID authentication protocol: balancing false-acceptance rate and memory requirement
		Gildas Avoine and Aslan Tchamkerten
28	-	Combining Consistency and Confidentiality Requirements in First-Order Databases
		Joachim Biskup and Lena Wiese
29	-	Analysis and Optimization of Cryptographically Generated Addresses
		Joppe Bos, Onur Ozen, and Jean-Pierre Hubaux
33	-	Hardware-Assisted Application-Level Access Control
		Yu-Yuan Chen and Ruby B. Lee
43	-	Fair E-cash: Be Compact, Spend Faster
		Sébastien Canard, Cécile Delerablée, Aline Gouget, Emeline Hufschmitt, Fabien Laguillaumie, Hervé Sibert, Jacques Traore, and Damien Vergnaud
53	-	Structural Attacks on Two SHA-3 Candidates: Blender-n and DCH-n
		Mario Lamberger and Florian Mendel
54	-	Security Analysis of the PACE Key-Agreement Protocol
		Jens Bender, Marc Fischlin, and Dennis Kuegler
64	-	A Storage Efficient Redactable Signature in the Standard Model
		Ryo Nojima, Jin Tamura, Youki Kadobayashi, and Hiroaki Kikuchi
68	-	Towards Unifying Vulnerability Information for Attack Graph Construction
		Sebastian Roschke, Feng Cheng, Robert Schuppenies, and Christoph Meinel
70	-	A New Approach to $\chi^2$ Cryptanalysis of Block Ciphers
		Jorge Nakahara Jr, Gautham Sekar, Daniel Santana de Freitas, Chang Chiann, Ramon Hugo de Souza, and Bart Preneel
73	-	Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext Security
		Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, and Feng Bao
74	-	Nonce Generators and the Nonce Reset Problem
		Erik Zenner
76	-	A New Construction of Boolean Functions with Maximum Algebraic Immunity
		Deshuai Dong, Shaojing Fu, Longjiang Qu, and Chao Li
80	-	Automated Spyware Collection and Analysis
		Andreas Stamminger, Christopher Kruegel, Giovanni Vigna, and Engin Kirda
81	-	Peer-to-peer architecture for collaborative intrusion detection and malware analysis on a large scale
		Michele Colajanni, Mirco Marchetti, and Michele Messori
83	-	MAC Precomputation with Applications to Secure Memory
		Juan A. Garay, Vladimir Kolesnikov, and Rae McLellan
85	-	Robust Authentication Using Physically Unclonable Functions
		Keith Frikken, Marina Blanton, and Mikhail Atallah
90	-	On Free-Start Collisions and Collisions for TIB3
		Florian Mendel and Martin Schläffer
92	-	Meet-in-the-Middle Attacks Using Output Truncation in 3-Pass HAVAL
		Yu Sasaki
94	-	A2M: Access-Assured Mobile Desktop Computing
		Angelos Stavrou, Angelos Keromytis, and Jason Nieh
95	-	Adding Trust to P2P Distribution of Paid Content
		Angelos Stavrou, Alex Sherman, Jason Nieh, and Angelos Keromytis
96	-	Towards Trustworthy Delegation in Role-Based Access Control Models
		Manachai Toahchoodee, Xing Xie, and Indrakshi Ray
98	-	HMAC without the ``Second'' Key
		Kan Yasuda
101	-	Risks of the CardSpace Protocol
		Sebastian Gajek, Michael Steiner, Joerg Schwenk, and Chen Xuan
105	-	Practical Algebraic Attacks on the Hitag2 Stream Cipher
		Nicolas T. courtois, Sean O'Neil, and Jean-Jacques Quisquater

Short papers

44	-	SISR - a New Model for Epidemic Spreading of Electronic Threats
		Boris Rozenberg, Ehud Gudes, and Yuval Elovici
51	-	Cancelable Iris Biometrics using Block Re-mapping and Image Warping
		Elias Pschernig and Andreas Uhl
57	-	Secure Interoperation in Multidomain Environments Based on UCON Model
		Jianfeng Lu, Ruixuan Li, Vijay Varadharajan, Zhengding Lu, and Xiaopu Ma
58	-	Specification and Enforcement of Static Separation-of-Duty Policiesin Usage Control
		Jianfeng Lu, Ruixuan Li, Zhengding Lu, Jinwei Hu, and Xiaopu Ma
63	-	Nonideal Iris Recognition based on Variational Level Set Method, Genetic Algorithms and Adaptive Asymmetrical SVMs
		Kaushik Roy and Prabir Bhattacharya
77	-	Generic Construction of Stateful Identity Based Encryption
		Peng Yang, Rui Zhang, Kanta Matsuura, and Hideki Imai
88	-	A calculus to detect guessing attacks
		Bogdan Groza and Marius Minea
100	-	Traitor Tracing without a priori bound on the Coalition Size
		Serdar Pehlivanoglu and Hongxia Jin
102	-	Towards Security Notions for White-Box Cryptography
		Amitabh Saxena, Brecht Wyseur, and Bart Preneel

SecureComm 2009

2009-06-23T05:25:00.000-07:00

Full papers

1. Rogue Access Point Detection Using Innate Characteristics of the 802.11 MAC
Aravind Venkataraman, Raheem A Beyah

2. Ensemble: Community-based Anomaly Detection for Popular Applications
Feng Qian, Zhiyun Qian, Zhuoqing Mao, Atul Prakash

3. Multichannel Protocols for User-Friendly and Scalable Initialization of Sensor Networks
Toni Perkovic, Ivo Stancic, Luka Malisa, Mario Cagalj

4. Automated analysis of a contract signing protocol using colored petri nets
M. Magdalena Payeras-Capella

5. An eavesdropping game with SINR as an object function
Wade Trappe, Andrey Garnaev

6. Towards Self-Organized Location Privacy in Mobile Networks
Julien Freudiger, Raya Maxim, Jean-Pierre Hubaux

7. A Novel Architecture for Secure and Scalable Multicast over IP Network
Yawen Wei, Zhen Yu, Yong Guan

8. Baiting Inside Attackers Using Decoy Documents
Brian Bowen, Shlomo Herkshop, Angelos D Keromytis, Sal Stolfo

9. On the Security of Bottleneck Bandwidth Estimation Techniques
Ghassan O. Karame, David Gubler, Sdrjan Capkun

10. Aggregated Authentication (AMAC) using Universal Hash Functions
Marine Minier, Wassim Znaidi, Cedric Lauradoux

11. FIJI: Fighting Implicit Jamming In 802.11 WLANs
Ioannis Broustis, Konstantinos Pelechrinis, Dimitris Syrivelis, Srikanth Krishnamurthy, Leandros Tassiulas

12. MULAN: Multi-Level Adaptive Network Filter
Shimrit Tzur-David, Danny Dolev, Tal Anker

13. User-centric identity using ePassports
Martijn Oostdijk, Maarten Wegdam, Dirk-Jan van Dijk

14. An Active Global Attack Model for Sensor Source Location Privacy:
Analysis and Countermeasures
Yi Yang, Sencun Zhu, Guohong Cao, Thomas La Porta

15. Sec-TMP: a Secure Topology Maintenance Protocol for Event Delivery Enforcement in WSN
Andrea Gabrielli, Mauro Conti, Roberto DiPietro, Luigi V. Mancini

16. Defending Against Key Abuse Attacks in KP-ABE Enabled Broadcast Systems
Shucheng Yu, Kui Ren, Wenjing Lou, Jin Li

17. Dealing with Liars: Misbehavior Identification via Renyi-Ulam Games
William Jr. Kozma, Loukas Lazos

18. Active Attacks Against Radiometric Identification
Matthew J Edman, Bulent Yener

19. Mitigating DoS attacks on the paging channel by efficient encoding in page messages
Liang Cai, Gabriel Maganis, Hui Zang, Hao Chen

20. Using Failure Information Analysis to Detect Enterprise Zombies
Zhaosheng Zhu, Vinod Yegneswaran, Yan Chen

Short papers

1. The Frog-Boiling Attack: Limitations of Anomaly Detection for Secure Network Coordinate Systems
Eric Chan-Tin, Nick Hopper, Yongdae Kim, Daniel Feldman

2. Deny-by-Default Distributed Security Policy Enforcement in Mobile Ad Hoc Networks
Mansoor Alicherry, Angelos Stavrou, Angelos D Keromytis

3. Hierarchical Self-Healing Key Distribution for Heterogeneous Wireless Sensor Networks
Yanjiang Yang, Jianying Zhou, Robert Deng, Bao Feng

4. Use of ID-based Cryptography for the Efficient Verification of the Integrity and Authenticity of Web Resources
Thanassis Tiropanis, Tassos Dimitriou

5. Reliable Resource Searching in P2P Networks
Nikos Triandopoulos, Michael Goodrich, Roberto Tamassia, Jonathan Sun

6. Breaking and Developing of Group Inside Signatures
Sree S Vivek, Sharmila Deva Selvi S, Gopi nath Sikha, C Pandu Rangan

7. Automated Classification of Network Traffic Anomalies
Philippe F Owezarski

http://www.securecomm.org/paperlist.shtml

CHES 09

2009-06-12T03:14:00.000-07:00

two Efficient Methods for Random Delay Generation in Embedded Software
Jean-Sébastien Coron and Ilya Kizhvatov, University of Luxembourg, Luxembourg

Hardware Accelerator for the Tate Pairing in Characteristic Three Based on Karatsuba-Ofman Multipliers
Jean-Luc Beuchat, University of Tsukuba, Japan
Jérémie Detrey, INRIA, France
Nicolas Estibals, INRIA, France
Eiji Okamoto, University of Tsukuba, Japan
Francisco Rodríguez-Henríquez, CINVESTAV-IPN, Mexico

Mutual Information Analysis: How, When and Why?
Nicolas Veyrat-Charvillon and François-Xavier Standaert, UCL, Belgium

Designing an ASIP for Cryptographic Pairings over Barreto-Naehrig Curves
David Kammler, RWTH Aachen University, Germany
Diandian Zhang, RWTH Aachen University, Germany
Peter Schwabe, Eindhoven University of Technology, Netherlands
Hanno Scharwaechter, RWTH Aachen University, Germany
Markus Langenberg, RWTH Aachen University, Germany
Dominik Auras, RWTH Aachen University, Germany
Gerd Ascheid, RWTH Aachen University, Germany
Rudolf Mathar, RWTH Aachen University, Germany

Known-Plaintext-Only Attack on RSA-CRT with Montgomery Multiplication
Martin Hlavac, Charles University in Prague, Czech Republic

Practical Electromagnetic Template Attack on HMAC
Pierre-Alain Fouque, École normale supérieure, France
Gaëtan Leurent, École normale supérieure, France
Denis Real, CELAR, France
Frédéric Valette, CELAR, France

Faster F_p-arithmetic for Cryptographic Pairings on Barreto-Naehrig Curves
Junfeng Fan and Frederik Vercauteren and Ingrid Verbauwhede, Katholieke Universiteit Leuven, Belgium

On Tamper-Resistance from a Theoretical Viewpoint
Paulo Mateus, SQIG/IT and IST/TULisbon, Portugal Serge Vaudenay, EPFL, Switzerland

Low-Overhead Implementation of a Soft-Decision Helper Data Algorithm for SRAM PUFs
Roel Maes, Pim Tuyls and Ingrid Verbauwhede, Katholieke Universiteit Leuven, Belgium, and IBBT

A Design Methodology for a DPA-Resistant Cryptographic LSI with RSL Techniques
Minoru Saeki, Mitsubishi Electric Corporation, Japan
Daisuke Suzuki, Mitsubishi Electric Corporation, Japan
Koichi Shimizu, Mitsubishi Electric Corporation, Japan
Akashi Satoh, AIST, Japan

Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA
Mathieu Renauld, François-Xavier Standaert and Nicolas Veyrat- Charvillon, UCL, Belgium

Accelerating AES with Vecter Permute Instructions
Mike Hamburg, Stanford University, USA

Elliptic Curve Point Scalar Multiplication Combining Yao's Algorithm and Double Bases
Nicolas Méloni and M. Anwar Hasan, University of Waterloo, Canada

Faster and Timing-Attack Resistant AES-GCM
Emilia Käsper, Katholieke Universiteit Leuven, Belgium
Peter Schwabe, Eindhoven University of Technology, Netherlands

A New Side-Channel Attack on RSA Prime Generation
Thomas Finke, Max Gebhardt, and Werner Schindler, BSI, Germany

The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators
A. Theodore Markettos and Simon W. Moore, University of Cambridge, UK

Combining Higher Order Masking and Shuffling to Protect Block Ciphers Software Implementations
Matthieu Rivain, Oberthur Technologies, France, and University of Luxembourg, Luxembourg
Emmanuel Prouff, Oberthur Technologies, France
Julien Doget, Oberthur Technologies, France, UCL, Belgium, and University of Paris 8, France

KATAN & KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers
Christophe De Canniere, Katholieke Universiteit Leuven, Belgium
Orr Dunkelman, Ecole normale supérieure, France
Miroslav Knezevic, Katholieke Universiteit Leuven, Belgium

MicroEliece: McEliece for Embedded Devices
Thomas Eisenbarth, Tim Gueneysu, Stefan Heyse and Christof Paar, Ruhr University Bochum, Germany

First-Order Side-Channel Attacks on the Permutation Tables Countermeasure
Emmanuel Prouff, Oberthur Technologies, France
Robert McEvoy, University College Cork, Ireland

Differential Fault Analysis on DES Middle Rounds
Matthieu Rivain, Oberthur Technologies, France and University of Luxembourg, Luxembourg

Runtime Programmable and Parallel ECC Coprocessor Architecture: Tradeoffs between Area, Speed and Security
Xu Guo, Virginia Tech, USA
Junfeng Fan, Katholieke Universiteit Leuven, Belgium
Patrick Schaumont, Virginia Tech, USA
Ingrid Verbauwhede, Katholieke Universiteit Leuven, Belgium

CDs Have Fingerprints Too
Ghaith Hammouri, Worcester Polytechnic Institute, USA
Aykutlu Dana, Bilkent University, Turkey
Berk Sunar, Worcester Polytechnic Institute, USA

A Design Flow and Evaluation Framework for DPA-resistant Instruction Set Extensions
Francesco Regazzoni, UCL, Belgium and ALaRI, Switzerland
Alessandro Cevrero, EPFL, Switzerland
François-Xavier Standaert, UCL, Belgium
Stephane Badel, EPFL, Switzerland
Theo Kluter, EPFL, Switzerland
Philip Brisk, EPFL, Switzerland
Yusuf Leblebici, EPFL, Switzerland
Paolo Ienne, EPFL, Switzerland

SSE Implementation of Multivariate PKCs on Modern x86 CPUs
Anna Inn-Tung Chen, National Taiwan University, Taiwan
Ming-Shing Chen, Academia Sinica, Taiwan
Tien-Ren Chen, Academia Sinica, Taiwan
Chen-Mou Cheng, National Taiwan University, Taiwan
Jintai Ding, University of Cincinnati, USA
Eric Li-Hsiang Kuo, Academia Sinica, Taiwan
Frost Yu-Shuang Li, National Taiwan University, Taiwan
Bo-Yin Yang, Academia Sinica, Taiwan

Trojan Side-Channels: Lightweight Hardware Trojans through Side-Channel Engineering
Lang Lin, University of Massachusetts, USA
Markus Kasper, Ruhr University Bochum, Germany
Tim Güneysu, Ruhr University Bochum, Germany
Christof Paar, Ruhr University Bochum, Germany and University of Massachusetts, USA
Wayne Burleson, University of Massachusetts, USA

SECRYPT 09

2009-06-12T02:30:00.000-07:00

SECURITY PATTERNS, TOWARDS A FURTHER LEVEL
Beatriz Gallego-Nicasio, Antonio Muñoz,
Antonio Maña and Daniel Serrano

FAST RE-ESTABILISHMENT OF IKEV2 SECURITY
ASSOCIATIONS FOR RECOVERY OF IPSEC GATEWAYS
IN MOBILE NETWORK
Peng Yang, Yuanchen Ma and Satoshi Yoshizawa

ON THE NEED TO DIVIDE THE SIGNATURE
CREATION ENVIRONMENT
Jorge L. Hernandez-Ardieta, Ana I. Gonzalez-Tablas,
Benjamin Ramos and Arturo Ribagorda

A SECURITY DESIGN PATTERN TAXONOMY
BASED ON ATTACK PATTERNS - Findings of a Systematic Literature Review
Andreas Wiesauer and Johannes Sametinger

ITERATED TRANSFORMATIONS AND
QUANTITATIVE METRICS FOR SOFTWARE PROTECTION
Mariusz M. Jakubowski, Chit W. (Nick) Saw and Ramarathnam Venkatesan

PHISHPIN: AN INTEGRATED, IDENTITY-BASED
ANTI-PHISHING APPROACH
Hicham Tout

AN ALTERNATIVE APPROACH FOR FORMULA
MODELLING IN SECURITY METRICS
Felipe Marques Pires, Leonardo de Sousa Mendes
and Rodrigo Sanches Miani

ON THE SECURITY OF TWO RING SIGNCRYPTION SCHEMES
S. Sree Vivek, Sharmila Deva Selvi S and Pandu Rangan C.

MONITORING NODE SELECTION ALGORITHM
FOR INTRUSION DETECTION IN CONGESTED SENSOR NETWORK
Jaeun Choi, Myungjong Lee, Gisung Kim and Sehun Kim

MULTIPARTY COMPARISON - An Improved Multiparty Protocol
for Comparison of Secret-shared Values
Tord Ingolf Reistad

THE DARK SIDE OF SECURITY BY OBSCURITY -
and Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime
Nicolas T. Courtois

CLOUD COMPUTING - Fundamental Architecture & Future Applications
Keynote Speaker: Frank Leymann

ONE-TOUCH FINANCIAL TRANSACTION AUTHENTICATION
Daniel V. Bailey, John Brainard, Sebastian Rohde and Christof Paar

SERVICE AND TIMEFRAME DEPENDENT UNLINKABLE
ONE-TIME PSEUDONYMS
Kristof Verslype and Bart De Decker

UNIVERSAL AUTHENTICATION FRAMEWORK - Requirements
and Phase Design
Tomas Pelka, Jan Hajny and Petra Lambertova

EVALUATION OF QUALITY AND SECURITY OF
A VOIP NETWORK BASED ON ASTERISK AND OpenVPN
Rodrigo S. Miani, Dherik Barison and Leonardo de Souza Mendes

FREE SECURITY SUITE 2 - Easy, Intuitive and Complete
Free Security Suite with Web Browser Integration
Javier Corral-García, Carlos-Jorge del Arco González,
José Luis González-Sánchez and José Luis Redondo García

RESYNCHRONIZATION ATTACK ON STREAM CIPHERS FILTERED BY MAIORANA-MCFARLAND FUNCTIONS
Guanhan Chew, Aileen Zhang and Khoongming Khoo

ADDING EXPERT KNOWLEDGE TO TAN-BASED
INTRUSION DETECTION SYSTEMS
S. Benferhat, A. Boudjelida and H. Drias

PREVENTING WORMHOLE ATTACK IN WIRELESS
AD HOC NETWORKS USING COST-BASED SCHEMES
Marianne Amir Azer, Sherif Mohammed El-Kassas
and Mady Saiid El-Soudani

AN OFFLINE PEER-TO-PEER BROADCASTING SCHEME
WITH ANONYMITY
Shinsaku Kiyomoto, Kazuhide Fukushima and Keith M. Martin

NETWORK STACK OPTIMIZATION FOR IMPROVED
IPSEC PERFORMANCE ON LINUX
Michael G. Iatrou, Artemios G. Voyiatzis and Dimitrios N. Serpanos

IMPLEMENTING TRUE RANDOM NUMBER GENERATORS
IN FPGAS BY CHIP FILLING
Octavian Cret, Radu Tudoran, Alin Suciu and Tamas Györfi

QUANTUM SECURE DIRECT COMMUNICATION
USING ENTANGLEMENT AND SUPER DENSE CODING
Ola M. Hegazy, Ayman M. Bahaa Eldin and Yasser H. Dakroury

AN EFFICIENT GROUP KEY AGREEMENT PROTOCOL
FOR HETEROGENEOUS ENVIRONMENT
Mounita Saha and Dipanwita Roy Chowdhury

CERTIFIED PSEUDONYMS COLLIGATED WITH MASTER SECRET KEY
Vijayakrishnan Pasupathinathan, Josef Pieprzyk and Huaxiong Wang

THE CHAMELEON CIPHER-192 (CC-192) - A Polymorphic Cipher
Magdy Saeb

A NEW ANALYSIS OF RC4 - A Data Mining Approach (J48)
Ali Movaghar and Mohsen HajSalehi Sichani

ADAPTIVE ANTENNAS IN WIRELESS COMMUNICATION NETWORKS
Keynote Speaker: Blagovest Shishkov

PRACTICAL TRACEABLE ANONYMOUS IDENTIFICATION
Daniel Slamanig, Peter Schartner and Christian Stingl

INFORMATION-THEORETICALLY SECURE
STRONG VERIFIABLE SECRET SHARING
Changlu Lin, Lein Harn and Dingfeng Ye

SAFE REVERSE AUCTIONS PROTOCOL - Adding Treatment
Against Collusive Shill Bidding and Sniping Attacks
Guerra Ruy and Ribeiro Leonardo

PROTECTING INFORMATION PRIVACY IN THE ELECTRONIC SOCIETY
Keynote Speaker: Pierangela Samarati

SIMULATION OF AN IDENTITY BASED CRYPTOGRAPHY
SCHEME FOR AD HOC NETWORKS
Pura Mihai-Lica and al

BEHAVIOR BASED CLUSTERING FOR DISCRIMINATION BETWEEN
FLASH CROWDS AND DDoS ATTACKS
Young Jun Heo and al

EFFICIENT TRAITOR TRACING FOR CONTENT PROTECTION
Hongxia Jin

ATTACK GRAPH GENERATION WITH INFUSED FUZZY CLUSTERING
Sudip Mistra and al

A SECOND PREIMAGE ATTACK ON THE MERKLE-DAMGARD
SCHEME WITH A PERMUTATION FOR HASH FUNCTIONS
Shiwei Chen and al

ON THE SECURITY OF ADDING CONFIRMERS INTO DESIGNATED
CONFIRMER SIGNATURES
Wataru Senga and al

ISEE : AN INFORMATION SECURITY ENGINEERING ENVIRONMENT
Jingde Cheng and al

TOOL SUPPORT FOR ACHIEVING QUALITATIVE SECURITY ASSESSMENTS
OF CRITICAL INFRASTRUCTURES - The ESSAF Framework for
Structured Qualitative Analysis
Nguyen Hanh Quyen, Köster Friedrich, Klaas Michael,
Brenner Walter, Obermeier Sebastian and Brändle Markus

COLLABORATIVE SECURITY ASSESSMENTS IN EMBEDDED SYSTEMS
DEVELOPMENT - The ESSAF Framework for Structured Qualitative Analysis
Friedrich Köster, Michael Klaas, Hanh Quyen Nguyen,
Walter Brenner, Markus Braendle and Sebastian Obermeier

AN APPROACH FOR DESIGNING OF ENTERPRISE IT LANDSCAPES
TO PERFORM QUANTITAVE INFORMATION SECURITY RISK ASSESSMENT
Anton Romanov and Eiji Okamoto

IDENTIFYING SECURITY ELEMENTS FOR COOPERATIVE
INFORMATION SYSTEMS
Nathalie Dagorn

AN ANOMALY-BASED WEB APPLICATION FIREWALL
Alejandro Perez-Villegas and Gonzalo Alvarez

VISUAL PROGRAMMING LANGUAGE FOR SECURITY REQUIREMENTS
IN BUSINESS PROCESSES AS MODEL-DRIVEN SOFTWARE DEVELOPMENT
Mirad Zadic and Andrea Nowak

FINGER VEIN VERIFICATION TECHNOLOGY FOR MOBILE APPARATUS
Hideo Sato

EFFICIENT ALGORITHMS AND ABSTRACT DATA TYPES
FOR LOCAL INCONSISTENCY ISOLATION IN FIREWALL ACLS
S. Pozo, A. J. Varela-Vaca, R. M. Gasca and R. Ceballos

NMIX : AN IDEAL CANDIDATE FOR KEY MIXING
Dipanwita Roy Chowdhury and al

RFID AUTHENTICATION PROTOCOLS BASED
ON ELLIPTIC CURVES - A Top-Down Evaluation Survey
Michael Hutter

THROTTLING DDoS ATTACKS
Saraiah Gujjunoori, Taqi Ali Syed, Madhu Babu J.,
Avinash D., Radhesh Mohandas and Alwyn R. Pais

ASSESSMENT OF MOBILE SECURITY PLATFORMS
Germán Retamosa and Jorge E. López de Vergara

A CHAOS BASED ENCRYPTION METHOD USING
DYNAMICAL SYSTEMS WITH STRANGE ATTRACTORS
Arash Sheikholeslam

MANAGING SECURITY OF GRID ARCHITECTURE
WITH A GRID SECURITY OPERATION CENTER
Julien Bourgeois and Raheel Hassan

INTERACTIVE SECRET SHARE MANAGEMENT
Constantin Catalin Dragan

A TRAFFIC COHERENCE ANALYSIS MODEL FOR DDOS ATTACK DETECTION
Hamza Rahmani, Nabil Sahli and Farouk Kamoun

AD-HOC ON DEMAND AUTHENTICATION CHAIN PROTOCOL
- An Authentication Protocol for Ad-hoc Networks
A. M. Hamad and W. I. Khedr

RESISTING IMPERSONATION ATTACKS IN CHAINING-BASED
PUBLIC-KEY MANAGEMENT ON MANETS - The Virtual
Public-Key Management
Renan Fischer e Silva, Eduardo da Silva and Luiz Carlos Pessoa Albini

A NEW IMAGE ENCRYPTION ALGORITHM USING CELLULAR AUTOMATA
D. RoyChowdhury and Mayank Varshney

E-BUSINESS DESIGN - A Shift to Adaptability
Keynote Speaker: David Marca

Pairing 2009

2009-06-12T02:22:00.000-07:00

Preliminary Program for Pairing 2009

Boneh-Boyen signatures and the Strong Diffie-Hellman problem
David Jao and Kayo Yoshida

Security of Verifiably Encrypted Signatures and a
Construction Without Random Oracles
Markus Rückert and Dominique Schröder

Multisignatures as Secure as the Diffie-Hellman Problem
in the Plain Public-Key Model
Duc-Phong Le, Alexis Bonnecaze, and Alban Gabillon

On the Security of Pairing-Friendly Abelian Varieties
over Non-Prime Fields
Naomi Benger, Manuel Charlemagne, and David Mandell Freeman

Generating Pairing-Friendly Curves with the CM Equation of Degree 1
Hyang-Sook Lee and Cheol-Min Park

On the Final Exponentiation for Calculating Pairings
on Ordinary Elliptic Curves
Michael Scott, Naomi Benger, Manuel Charlemagne, Luis J. Dominguez Perez,
and Ezekiel J. Kachisa

Faster Pairings on Special Weierstrass Curves
Craig Costello, Huseyin Hisil, Colin Boyd,
Juan Gonzalez Nieto, and Kenneth Koon-Ho Wong

Fast Hashing to G2 on Pairing Friendly Curves
Michael Scott, Naomi Benger, Manuel Charlemagne,
Luis J. Dominguez Perez, and Ezekiel J. Kachisa

Compact E-Cash and Simulatable VRFs Revisited
Mira Belenkiy, Melissa Chase, Markulf Kohlweiss, and Anna Lysyanskaya

Proofs on Encrypted Values in Bilinear Groups and
an Application to Anonymity of Signatures
Georg Fuchsbauer and David Pointcheval

Identity Based Group Signatures from HIBE
Nigel P. Smart and Bogdan Warinschi

Forward-Secure Group Signatures from Pairings
Toru Nakanishi, Yuta Hira, and Nobuo Funabiki

Efficient Traceable Signatures in the Standard Model
Benoît Libert and Moti Yung

Strongly Secure Certificateless Key Agreement
Georg Lippold, Colin Boyd, and Juan Gonzalez Nieto

Universally Composable Adaptive Priced Oblivious Transfer
Alfredo Rial, Markulf Kohlweiss, and Bart Preneel

Conjunctive Broadcast and Attribute-Based Encryption
Nuttapong Attrapadung and Hideki Imai

Accepted papers CRYPTO 09

2009-05-25T02:23:00.000-07:00

Linear Algebra with Sub-linear Zero-Knowledge Arguments
Jens Groth

Position Based Cryptography
Nishanth Chandran, Vipul Goyal, Ryan Moriarty, Rafail Ostrovsky

Short chosen-prefix collisions for MD5
and the creation of a rogue CA certificate
Marc Stevens, Alex Sotirov, Jake Appelbaum, Arjen Lenstra,
David Molnar, Dag Arne Osvik, Benne de Weger

On Bounded Distance Decoding, Unique Shortest Vectors,
and the Minimum Distance Problem
Vadim Lyubashevsky, Daniele Micciancio

Practical Cryptanalysis of ISO 9796-2 and
Europay-Mastercard-Visa Signatures
Jean-Sebastien Coron, David Naccache, Mehdi Tibouchi,
Ralf-Philipp Weinmann

How to Hash onto Elliptic Curves
Thomas Icart

On the Amortized Complexity of
Zero-knowledge Protocols
Ronald Cramer, Ivan Damgard

Utility Dependence in Correct and
Fair Rational Secret Sharing 
Gilad Asharov, Yehuda Lindell

Privacy-Enhancing Auctions
Using Rational Cryptography
Peter Bro Miltersen, Jesper Buus Nielsen, Nikos Triandopoulos

Merkle Puzzles are Optimal
- an O(n^2)-query attack on key exchange
from a random oracle
Boaz Barak, Mohammad Mahmoody-Ghidary

Asymptotically Good Ideal Linear Secret
Sharing with Strong Multiplication over
*Any* Fixed Finite Field
Ignacio Cascudo, Hao Chen, Ronald Cramer, Chaoping Xing

Collusion-Free Multiparty Computation
in the Mediated Model
Joel Alwen, Jonathan Katz, Yehuda Lindell, Giuseppe Persiano,
Abhi Shelat, Ivan Visconti

Somewhat Non-Committing Encryption
and Efficient Adaptively Secure
Oblivious Transfer
Juan Garay, Daniel Wichs, Hong-Sheng Zhou

Reconstructing RSA Private Keys
from Random Key Bits
Nadia Heninger, Hovav Shacham

Public-Key Cryptosystems
Resilient to Key Leakage
Moni Naor, Gil Segev

Meet-in-the-Middle Preimage Attacks
Against Reduced SHA-0 and SHA-1
Kazumaro Aoki, Yu Sasaki

Distinguisher and Related-Key Attack
on the Full AES-256
Alex Biryukov, Dmitry Khovratovich, Ivica Nikolic

Solving Hidden Number Problem with
One Bit Oracle and Advice
Adi Akavia

Probabilistically Checkable Arguments
Yael Tauman Kalai, Ran Raz

Computational Indistinguishability
Amplification: Tight Product
Theorems for System Composition
Ueli Maurer, Stefano Tessaro

Improving the Security of Quantum Protocols
Ivan Damgaard, Serge Fehr, Carolin Lunemann, Louis Salvail,
Christian Schaffner

Fast Circular-Secure Encryption
Based on Hard Learning Problems
Benny Applebaum, David Cash, Chris Peikert, Amit Sahai

Cryptanalysis of C2
Julia Borghoff, Lars Knudsen, Gregor Leander, Krystian Matusiewicz

Short and Stateless Signatures
from the RSA Assumption
Susan Hohenberger, Brent Waters

The Group of Signed Quadratic Residues
and Applications
Dennis Hofheinz, Eike Kiltz

Message Authentication Codes
from Unpredictable Block Ciphers
Yevgeniy Dodis, John Steinberger

Batch binary Edwards
Daniel J. Bernstein

The Round Complexity of
Verifiable Secret Sharing Revisted
Arpita Patra, Ashish Choudhary, Tal Rabin, Pandu Rangan

On the Composition of Public-Coin Zero Knowledge Protocols
Rafael Pass, Wei-Lung Dustin Tseng, Douglas Wikstr\"om

Dual System Encryption: Realizing Fully Secure IBE and HIBE
under Simple Assumptions
Brent Waters

How Risky is the Random-Oracle Model?
Gaetan Leurent, Phong Q. Nguyen

How to Encipher Messages on a Small Domain: Deterministic
Encryption and the Thorp Shuffle
Ben Morris, Phillip Rogaway, Till Stegers

New Birthday Attacks on Some MACs Based on Block Ciphers
Zheng Yuan, Wei Wang, Keting Jia, Guangwu Xu, Xiaoyun Wang

Computational Differential Privacy
Ilya Mironov, Omkant Pandey, Omer Reingold, Salil Vadhan

Smooth Projective Hashing for Conditionally
Extractable Commitments
Michel Abdalla, Celine Chevalier, David Pointcheval

Private Mutual Authentication and Conditional
Oblivious Transfer
Stanislaw Jarecki, Xiaomin Liu

Randomizable Proofs and Delegatable Anonymous Credentials
Mira Belenkiy, Jan Camenisch, Melissa Chase, Markulf Kohlweiss,
Anna Lysyanskaya, Hovav Shacham

Leakage-Resilient Public-Key Cryptography
in the Bounded-Retrieval Model
Joel Alwen, Yevgeniy Dodis, Daniel Wichs