Cryptology ePrint Archive
http://eprint.iacr.org/
Recently modified papers in the IACR Cryptology ePrint Archive
http://eprint.iacr.org/2016/129
<![CDATA[ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs]]>by
http://eprint.iacr.org/2016/128
<![CDATA[Removing the Strong RSA Assumption from Arguments over the Integers]]>by
http://eprint.iacr.org/2016/127
<![CDATA[A subfield lattice attack on overstretched NTRU assumptions: Cryptanalysis of some FHE and Graded Encoding Schemes]]>by
http://eprint.iacr.org/2016/126
<![CDATA[Server Notaries: A Complementary Approach to the Web PKI Trust Model]]>by
http://eprint.iacr.org/2016/125
<![CDATA[Fully-Secure Lattice-Based IBE as Compact as PKE]]>by
http://eprint.iacr.org/2016/124
<![CDATA[Collecting relations for the Number Field Sieve in $GF(p^6)$]]>by
http://eprint.iacr.org/2016/123
<![CDATA[Robust Password-Protected Secret Sharing]]>by
http://eprint.iacr.org/2016/122
<![CDATA[Simpira: A Family of Efficient Permutations Using the AES Round Function]]>by
http://eprint.iacr.org/2016/121
<![CDATA[Tightly-Secure Pseudorandom Functions via Work Factor Partitioning]]>by
http://eprint.iacr.org/2016/120
<![CDATA[Oblivious Transfer from Any Non-Trivial Elastic Noisy Channels via Secret Key Agreement]]>by
http://eprint.iacr.org/2016/119
<![CDATA[Lightweight Multiplication in GF(2^n) with Applications to MDS Matrices]]>by
http://eprint.iacr.org/2016/118
<![CDATA[Circuit-ABE from LWE: Unbounded Attributes and Semi-Adaptive Security]]>by
http://eprint.iacr.org/2016/117
<![CDATA[Circular Security Counterexamples for Arbitrary Length Cycles from LWE]]>by
http://eprint.iacr.org/2016/116
<![CDATA[Interactive Oracle Proofs]]>by
http://eprint.iacr.org/2016/115
<![CDATA[Efficiently Computing Data-Independent Memory-Hard Functions]]>by 0$. In particular when $\tau=1$ this shows that the goal of constructing an iMHF with AT-complexity $\Theta(\sigma^2 * \tau)$ is unachievable.
Along the way we prove a lemma upper-bounding the depth-robustness of any DAG which may prove to be of independent interest.
]]>
http://eprint.iacr.org/2016/114
<![CDATA[The Magic of ELFs]]>by
http://eprint.iacr.org/2016/113
<![CDATA[On the Composition of Two-Prover Commitments, and Applications to Multi-Round Relativistic Commitments]]>by
http://eprint.iacr.org/2016/112
<![CDATA[On the (In)security of SNARKs in the Presence of Oracles]]>by
http://eprint.iacr.org/2016/111
<![CDATA[Scalable and Secure Logistic Regression via Homomorphic Encryption]]>by
http://eprint.iacr.org/2016/110
<![CDATA[Three's Compromised Too: Circular Insecurity for Any Cycle Length from (Ring-)LWE]]>by 2$ the only known
counterexamples are based on strong general-purpose obfuscation
assumptions.
In this work we construct $k$-circular security counterexamples for
any $k \geq 2$ based on (ring-)LWE. Specifically:
\begin{itemize}
\item for any constant $k=O(1)$, we construct a counterexample based on
$n$-dimensional (plain) LWE for $\poly(n)$ approximation factors;
\item for any $k=\poly(\lambda)$, we construct one based on degree-$n$
ring-LWE for at most subexponential $\exp(n^{\varepsilon})$ factors.
\end{itemize}
Moreover, both schemes are $k'$-circular insecure for
$2 \leq k' \leq k$.
Notably, our ring-LWE construction does not immediately translate to
an LWE-based one, because matrix multiplication is not commutative. To
overcome this, we introduce a new ``tensored'' variant of LWE which
provides the desired commutativity, and which we prove is actually
equivalent to plain LWE.
]]>
http://eprint.iacr.org/2016/109
<![CDATA[Fast Multiparty Multiplications from shared bits]]>by
http://eprint.iacr.org/2016/108
<![CDATA[Computing Private Set Operations with Linear Complexities]]>by
http://eprint.iacr.org/2016/107
<![CDATA[Fully Anonymous Transferable Ecash]]>by
http://eprint.iacr.org/2016/106
<![CDATA[Access Control Encryption: Enforcing Information Flow with Cryptography]]>by
http://eprint.iacr.org/2016/105
<![CDATA[Fully homomorphic encryption must be fat or ugly?]]>by
http://eprint.iacr.org/2016/104
<![CDATA[Open Sesame: The Password Hashing Competition and Argon2]]>by
http://eprint.iacr.org/2016/103
<![CDATA[Speed Optimizations in Bitcoin Key Recovery Attacks]]>by
http://eprint.iacr.org/2016/102
<![CDATA[Breaking the Sub-Exponential Barrier in Obfustopia]]>by
http://eprint.iacr.org/2016/101
<![CDATA[Signature Schemes with Efficient Protocols and Dynamic Group Signatures from Lattice Assumptions]]>by
http://eprint.iacr.org/2016/100
<![CDATA[On the Complexity of Scrypt and Proofs of Space in the Parallel Random Oracle Model]]>by
http://eprint.iacr.org/2016/099
<![CDATA[Attribute-Based Fully Homomorphic Encryption with a Bounded Number of Inputs]]>by
http://eprint.iacr.org/2016/098
<![CDATA[Haraka - Efficient Short-Input Hashing for Post-Quantum Applications]]>by
http://eprint.iacr.org/2016/097
<![CDATA[A Maiorana-McFarland Construction of a GBF on Galois ring]]>by
http://eprint.iacr.org/2016/096
<![CDATA[Provable Security Evaluation of Structures against Impossible Differential and Zero Correlation Linear Cryptanalysis]]>by
http://eprint.iacr.org/2016/095
<![CDATA[Obfuscation without Multilinear Maps]]>by
http://eprint.iacr.org/2016/094
<![CDATA[Tightly Secure CCA-Secure Encryption without Pairings]]>by
http://eprint.iacr.org/2016/093
<![CDATA[Valiant's Universal Circuit is Practical]]>by
http://eprint.iacr.org/2016/092
<![CDATA[Cryptanalysis of the Full Spritz Stream Cipher]]>by
http://eprint.iacr.org/2016/091
<![CDATA[On the Security of the Algebraic Eraser Tag Authentication Protocol]]>by
http://eprint.iacr.org/2016/090
<![CDATA[Spectral characterization of iterating lossy mappings]]>by
http://eprint.iacr.org/2016/089
<![CDATA[On the Hardness of LWE with Binary Error: Revisiting the Hybrid Lattice-Reduction and Meet-in-the-Middle Attack]]>by
http://eprint.iacr.org/2016/088
<![CDATA[On Linear Hulls and Trails in Simon]]>by
http://eprint.iacr.org/2016/087
<![CDATA[Safely Exporting Keys from Secure Channels: On the security of EAP-TLS and TLS Key Exporters]]>by
http://eprint.iacr.org/2016/086
<![CDATA[Intel SGX Explained]]>by
http://eprint.iacr.org/2016/085
<![CDATA[Cryptanalysis of ring-LWE based key exchange with key share reuse]]>by
http://eprint.iacr.org/2016/084
<![CDATA[Truncated Differential Analysis of Round-Reduced RoadRunneR Block Cipher]]>by
http://eprint.iacr.org/2016/083
<![CDATA[NSEC5 from Elliptic Curves: Provably Preventing DNSSEC Zone Enumeration with Shorter Responses]]>by
http://eprint.iacr.org/2016/082
<![CDATA[Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability]]>by
http://eprint.iacr.org/2016/081
<![CDATA[A Cryptographic Analysis of the TLS 1.3 draft-10 Full and Pre-shared Key Handshake Protocol]]>by
http://eprint.iacr.org/2016/080
<![CDATA[Cryptanalysis of PRINCE with Minimal Data]]>by
http://eprint.iacr.org/2016/079
<![CDATA[Protect both Integrity and Confidentiality in Outsourcing Collaborative Filtering Computations]]>by
http://eprint.iacr.org/2016/078
<![CDATA[Non-Interactive Verifiable Secret Sharing For Monotone Circuits]]>by
http://eprint.iacr.org/2016/077
<![CDATA[Multidimensional Meet in the Middle Cryptanalysis of KATAN]]>by
http://eprint.iacr.org/2016/076
<![CDATA[New Efficient and Flexible Algorithms for Secure Outsourcing of Bilinear Pairings]]>by
http://eprint.iacr.org/2016/075
<![CDATA[Weaknesses in Hadamard Based Symmetric Key Encryption Schemes]]>by
http://eprint.iacr.org/2016/074
<![CDATA[On the Power of Secure Two-Party Computation]]>by
http://eprint.iacr.org/2016/073
<![CDATA[MU-ORAM: Dealing with Stealthy Privacy Attacks in Multi-User Data Outsourcing Services]]>by
http://eprint.iacr.org/2016/072
<![CDATA[Downgrade Resilience in Key-Exchange Protocols]]>by
http://eprint.iacr.org/2016/071
<![CDATA[Reverse-Engineering the S-Box of Streebog, Kuznyechik and STRIBOBr1]]>by
http://eprint.iacr.org/2016/070
<![CDATA[Domain-Specific Pseudonymous Signatures Revisited]]>by
http://eprint.iacr.org/2016/069
<![CDATA[Verification Methods for the Computationally Complete Symbolic Attacker Based on Indistinguishability]]>by
http://eprint.iacr.org/2016/068
<![CDATA[Octonion Algebra and Noise-Free Fully Homomorphic Encryption (FHE) Schemes]]>by
http://eprint.iacr.org/2016/067
<![CDATA[OPFE: Outsourcing Computation for Private Function Evaluation]]>by
http://eprint.iacr.org/2016/066
<![CDATA[Linear Hull Attack on Round-Reduced Simeck with Dynamic Key-guessing Techniques]]>by
http://eprint.iacr.org/2016/065
<![CDATA[A note on Tensor Simple Matrix Encryption Scheme]]>by
http://eprint.iacr.org/2016/064
<![CDATA[Unconditionally Secure Revocable Storage: Tight Bounds, Optimal Construction, and Robustness]]>by
http://eprint.iacr.org/2016/063
<![CDATA[Analysing and Exploiting the Mantin Biases in RC4]]>by
http://eprint.iacr.org/2016/062
<![CDATA[Verifiable Dynamic Symmetric Searchable Encryption: Optimality and Forward Security]]>by
http://eprint.iacr.org/2016/061
<![CDATA[Accountable Privacy for Decentralized Anonymous Payments]]>by
http://eprint.iacr.org/2016/060
<![CDATA[Topology-based Plug-and-Play Key-Setup]]>by
http://eprint.iacr.org/2016/059
<![CDATA[Secure positioning and quantum non-local correlations]]>by
http://eprint.iacr.org/2016/049
<![CDATA[Implementing a Toolkit for Ring-LWE Based Cryptography in Arbitrary Cyclotomic Number Fields]]>by
http://eprint.iacr.org/2016/043
<![CDATA[Strong Continuous Non-malleable Encoding Schemes with Tamper-Detection]]>by
http://eprint.iacr.org/2016/042
<![CDATA[Neeva: A Lightweight Hash Function]]>by
http://eprint.iacr.org/2016/030
<![CDATA[An Efficient Lattice-Based Signature Scheme with Provably Secure Instantiation]]>by
http://eprint.iacr.org/2016/020
<![CDATA[Truncated Differential Based Known-Key Attacks on Round-Reduced Simon]]>by
http://eprint.iacr.org/2016/013
<![CDATA[Threshold-optimal DSA/ECDSA signatures and an application to Bitcoin wallet security]]>by
http://eprint.iacr.org/2016/011
<![CDATA[Better Security for Functional Encryption for Inner Product Evaluations]]>by
http://eprint.iacr.org/2015/1249
<![CDATA[Trap Me If You Can -- Million Dollar Curve]]>by
http://eprint.iacr.org/2015/1229
<![CDATA[Cryptanalysis of a public key cryptosystem based on Diophantine equations via weighted LLL reduction]]>by
http://eprint.iacr.org/2015/1221
<![CDATA[Unclonable encryption revisited ($4 \times 2 = 8$)]]>by
http://eprint.iacr.org/2015/1180
<![CDATA[Secure Comparator: a ZKP-Based Authentication System]]>by
http://eprint.iacr.org/2015/1157
<![CDATA[From Identification to Signatures, Tightly: A Framework and Generic Transforms]]>by
http://eprint.iacr.org/2015/1151
<![CDATA[Fully Leakage-Resilient Codes]]>by
http://eprint.iacr.org/2015/1147
<![CDATA[Collusion Resistant Aggregation from Convertible Tags]]>by
http://eprint.iacr.org/2015/1125
<![CDATA[Practical Order-Revealing Encryption with Limited Leakage]]>by
http://eprint.iacr.org/2015/1123
<![CDATA[Practical, Predictable Lattice Basis Reduction]]>by
http://eprint.iacr.org/2015/1111
<![CDATA[Comparison of TERO-cell implementations and characterisation on SRAM FPGAs]]>by
http://eprint.iacr.org/2015/1100
<![CDATA[Area-Efficient Hardware Implementation of the Optimal Ate Pairing over BN curves.]]>by
http://eprint.iacr.org/2015/1096
<![CDATA[Watermarking Cryptographic Capabilities]]>by
http://eprint.iacr.org/2015/1073
<![CDATA[Practical Witness Encryption for Algebraic Languages And How to Reply an Unknown Whistleblower]]>by
http://eprint.iacr.org/2015/1042
<![CDATA[ARMed SPHINCS -- Computing a 41KB signature in 16KB of RAM]]>by
http://eprint.iacr.org/2015/1037
<![CDATA[Cryptanalysis of GGH15 Multilinear Maps]]>by
http://eprint.iacr.org/2015/1016
<![CDATA[One-Key Compression Function Based MAC with BBB Security]]>by
http://eprint.iacr.org/2015/990
<![CDATA[Encryption Switching Protocols]]>by
http://eprint.iacr.org/2015/958
<![CDATA[Building Single-Key Beyond Birthday Bound Message Authentication Code]]>by
http://eprint.iacr.org/2015/949
<![CDATA[Private Processing of Outsourced Network Functions: Feasibility and Constructions]]>by
http://eprint.iacr.org/2015/914
<![CDATA[A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates]]>by
http://eprint.iacr.org/2015/769
<![CDATA[On the Hardness of Learning with Rounding over Small Modulus]]>by
http://eprint.iacr.org/2015/740
<![CDATA[Predictable Arguments of Knowledge]]>by
http://eprint.iacr.org/2015/726
<![CDATA[Compositions of linear functions and applications to hashing]]>by
http://eprint.iacr.org/2015/725
<![CDATA[The self-blindable U-Prove scheme from FC'14 is forgeable]]>by
http://eprint.iacr.org/2015/709
<![CDATA[Detecting Mobile Application Spoofing Attacks by Leveraging User Visual Similarity Perception]]>by
http://eprint.iacr.org/2015/706
<![CDATA[A Brief Comparison of Simon and Simeck]]>by
http://eprint.iacr.org/2015/695
<![CDATA[Cliptography: Clipping the Power of Kleptographic Attacks]]>by
http://eprint.iacr.org/2015/653
<![CDATA[Homomorphic Signature Schemes - A survey]]>by
http://eprint.iacr.org/2015/605
<![CDATA[Computing Elliptic Curve Discrete Logarithms with Improved Baby-step Giant-step Algorithm]]>by
http://eprint.iacr.org/2015/482
<![CDATA[Extractable Witness Encryption and Timed-Release Encryption from Bitcoin]]>by
http://eprint.iacr.org/2015/477
<![CDATA[Authentication Key Recovery on Galois Counter Mode (GCM)]]>by
http://eprint.iacr.org/2015/475
<![CDATA[Randomizing scalar multiplication using exact covering systems of congruences]]>by
http://eprint.iacr.org/2015/395
<![CDATA[Efficient Unlinkable Sanitizable Signatures from Signatures with Re-Randomizable Keys]]>by
http://eprint.iacr.org/2015/388
<![CDATA[Succinct Garbled RAM]]>by
http://eprint.iacr.org/2015/378
<![CDATA[PAC Learning of Arbiter PUFs]]>by
http://eprint.iacr.org/2015/361
<![CDATA[Computationally binding quantum commitments]]>by
http://eprint.iacr.org/2015/301
<![CDATA[Cryptanalysis of GGH Map]]>by 2$. GGH map has two classes of applications, which are applications with public tools for encoding and with hidden tools for encoding. In this paper, we show that applications of GGH map with public tools for encoding are not secure, and that one application of GGH map with hidden tools for encoding is not secure. On the basis of weak-DL attack presented by the authors themselves, we present several efficient attacks on GGH map, aiming at multipartite key exchange (MKE) and the instance of witness encryption (WE) based on the hardness of 3-exact cover (3XC) problem. First, we use special modular operations, which we call modified encoding/zero-testing to drastically reduce the noise. Such reduction is enough to break MKE. Moreover, such reduction negates $K$-GMDDH assumption, which is a basic security assumption. The procedure involves mostly simple algebraic manipulations, and rarely needs to use any lattice-reduction tools. The key point is our special tools for modular operations. Second, under the condition of public tools for encoding, we break the instance of WE based on the hardness of 3XC problem. To do so, we not only use modified encoding/zero-testing, but also introduce and solve ``combined 3XC problem'', which is a problem that is not difficult to solve. In contrast with the assumption that multilinear map cannot be divided back, this attack includes a division operation, that is, solving an equivalent secret from a linear equation modular some principal ideal. The quotient (the equivalent secret) is not small, so that modified encoding/zero-testing is needed to reduce size. This attack is under an assumption that some two vectors are co-prime, which seems to be plausible. Third, for hidden tools for encoding, we break the instance of WE based on the hardness of 3XC problem. To do so, we construct level-2 encodings of 0, which are used as alternative tools for encoding. Then, we break the scheme by applying modified encoding/zero-testing and combined 3XC, where the modified encoding/zero-testing is an extended version. This attack is under two assumptions, which seem to be plausible. Finally, we present cryptanalysis of two simple revisions of GGH map, aiming at MKE. We show that MKE on these two revisions can be broken under the assumption that $2^{K}$ is polynomially large. To do so, we further extend our modified encoding/zero-testing.
]]>
http://eprint.iacr.org/2015/293
<![CDATA[Adaptively Secure Unrestricted Attribute-Based Encryption with Subset Difference Revocation in Bilinear Groups of Prime Order]]>by
http://eprint.iacr.org/2015/176
<![CDATA[Key Recovery for LWE in Polynomial Time]]>by
http://eprint.iacr.org/2015/161
<![CDATA[Exploring the Resilience of Some Lightweight Ciphers Against Profiled Single Trace Attacks]]>by
http://eprint.iacr.org/2015/158
<![CDATA[Multi-Input Functional Encryption in the Private-Key Setting: Stronger Security from Weaker Assumptions]]>by
http://eprint.iacr.org/2015/134
<![CDATA[From Related-Key Distinguishers to Related-Key-Recovery on Even-Mansour Constructions]]>by
http://eprint.iacr.org/2014/883
<![CDATA[Faulty Clock Detection for Crypto Circuits Against Differential Fault Analysis Attack]]>by
http://eprint.iacr.org/2014/765
<![CDATA[The Bitcoin Backbone Protocol: Analysis and Applications]]>by
http://eprint.iacr.org/2014/596
<![CDATA[Secure and Oblivious Maximum Bipartite Matching Size Algorithm with Applications to Secure Fingerprint Identification]]>by
http://eprint.iacr.org/2014/426
<![CDATA[Towards Optimally Efficient Secret-Key Authentication from PRG]]>by
http://eprint.iacr.org/2014/365
<![CDATA[Multi-target DPA attacks: Pushing DPA beyond the limits of a desktop computer]]>by
http://eprint.iacr.org/2014/257
<![CDATA[Handycipher: a Low-tech, Randomized, Symmetric-key Cryptosystem]]>by
http://eprint.iacr.org/2013/840
<![CDATA[(Efficient) Universally Composable Oblivious Transfer Using a Minimal Number of Stateless Tokens]]>by
http://eprint.iacr.org/2013/353
<![CDATA[Profiling DPA: Efficacy and efficiency trade-offs]]>by
http://eprint.iacr.org/2012/415
<![CDATA[Revisiting Key Schedule's Diffusion In Relation With Round Function's Diffusion]]>by