Cryptology ePrint Archive
http://eprint.iacr.org/
Recently modified papers in the IACR Cryptology ePrint Archive
http://eprint.iacr.org/2015/775
<![CDATA[Efficient MDS Diffusion Layers Through Decomposition of Matrices]]>by
http://eprint.iacr.org/2015/774
<![CDATA[Revisiting Prime Power RSA]]>by =2.
This variant is known as Prime Power RSA. The work of Sarkar improves the result of May (PKC 2004) when r<=5.
In this paper, we improve the existing results for r=3,4. We also study partial key exposure attack on Prime Power RSA.
Our result improves the work of May (PKC 2004) for certain parameters.
]]>
http://eprint.iacr.org/2015/773
<![CDATA[Distinguishing a truncated random permutation from a random function]]>by n/7, their method gives a weaker bound.
In this manuscript, we show how a modification of the method used by Hall et al. can solve the porblem completely. It extends the result to essentially every m, showing that
Omega ( 2^((m+n)/2) ) queries are needed to get a non-negligible distinguishing advantage.
We recently became aware that a better bound for the distinguishing advantage, for every m
http://eprint.iacr.org/2015/772
<![CDATA[Non-Malleable Encryption: Simpler, Shorter, Stronger]]>by
http://eprint.iacr.org/2015/771
<![CDATA[A SAT-based public key encryption scheme]]>by
http://eprint.iacr.org/2015/770
<![CDATA[A Transform for NIZK Almost as Efficient and General as the Fiat-Shamir Transform Without Programmable Random Oracles]]>by
http://eprint.iacr.org/2015/769
<![CDATA[On the Hardness of Learning with Rounding over Small Modulus]]>by
http://eprint.iacr.org/2015/768
<![CDATA[Interdiction in Practice - Hardware Trojan Against a High-Security USB Flash Drive]]>by
http://eprint.iacr.org/2015/767
<![CDATA[Dual EC: A Standardized Back Door]]>by
http://eprint.iacr.org/2015/766
<![CDATA[Relate-Key Almost Universal Hash Functions: Definitions, Constructions and Applications]]>by
http://eprint.iacr.org/2015/765
<![CDATA[Sanitizable Signcryption: Sanitization over Encrypted Data (Full Version)]]>by
http://eprint.iacr.org/2015/764
<![CDATA[A Note on Generating Coset Representatives of $PGL_2(\F_q)$ in $PGL_2(\F_{q^2})$]]>by
http://eprint.iacr.org/2015/763
<![CDATA[Highly Efficient GF(2^8) Inversion Circuit Based on Redundant GF Arithmetic and Its Application to AES Design]]>by
http://eprint.iacr.org/2015/762
<![CDATA[A Meet-in-the-Middle Attack on Reduced-Round Kalyna-b/2b]]>by
http://eprint.iacr.org/2015/761
<![CDATA[Implementation of the SCREAM Tweakable Block Cipher in MSP430 Assembly Language]]>by
http://eprint.iacr.org/2015/760
<![CDATA[Investigating SRAM PUFs in large CPUs and GPUs]]>by
http://eprint.iacr.org/2015/759
<![CDATA[Cryptanalysis of Gu's ideal multilinear map]]>by
http://eprint.iacr.org/2015/758
<![CDATA[Ring-LWE Cryptography for the Number Theorist]]>by
http://eprint.iacr.org/2015/757
<![CDATA[Stream Cipher Operation Modes with Improved Security against Generic Collision Attacks]]>by
http://eprint.iacr.org/2015/756
<![CDATA[Cryptanalysis of an Improved One-Way Hash Chain Self-Healing Group Key Distribution Scheme]]>by
http://eprint.iacr.org/2015/755
<![CDATA[TESLA: Tightly-Secure Efficient Signatures from Standard Lattices]]>by
http://eprint.iacr.org/2015/754
<![CDATA[Related-Key Attack on Full-Round PICARO]]>by
http://eprint.iacr.org/2015/753
<![CDATA[Differential Computation Analysis: Hiding your White-Box Designs is Not Enough]]>by
http://eprint.iacr.org/2015/752
<![CDATA[On Constructing One-Way Permutations from Indistinguishability Obfuscation]]>by
http://eprint.iacr.org/2015/751
<![CDATA[Fast Garbling of Circuits Under Standard Assumptions]]>by
http://eprint.iacr.org/2015/750
<![CDATA[Anonymous Traitor Tracing: How to Embed Arbitrary Information in a Key]]>by
http://eprint.iacr.org/2015/749
<![CDATA[Affine Equivalence and its Application to Tightening Threshold Implementations]]>by
http://eprint.iacr.org/2015/748
<![CDATA[A More Cautious Approach to Security Against Mass Surveillance]]>by
http://eprint.iacr.org/2015/747
<![CDATA[Self-bilinear Map from One Way Encoding System and Indistinguishability Obfuscation]]>by
http://eprint.iacr.org/2015/746
<![CDATA[A 2^{70} Attack on the Full MISTY1]]>by
http://eprint.iacr.org/2015/745
<![CDATA[Faster ECC over F_{2^571} (feat. PMULL)]]>by
http://eprint.iacr.org/2015/744
<![CDATA[BitCryptor: Bit-Serialized Compact Crypto Engine on Reconfigurable Hardware]]>by
http://eprint.iacr.org/2015/743
<![CDATA[Short Group Signatures via Structure-Preserving Signatures: Standard Model Security from Simple Assumptions]]>by
http://eprint.iacr.org/2015/742
<![CDATA[A Matrix Decomposition Method for Optimal Normal Basis Multiplication]]>by
http://eprint.iacr.org/2015/741
<![CDATA[On Generic Constructions of Circularly-Secure, Leakage-Resilient Public-Key Encryption Schemes]]>by
http://eprint.iacr.org/2015/740
<![CDATA[Predictable Arguments of Knowledge]]>by
http://eprint.iacr.org/2015/739
<![CDATA[Fine-grained sharing of encrypted sensor data over cloud storage with key aggregation]]>by
http://eprint.iacr.org/2015/738
<![CDATA[Authenticated Encryption without Tag Expansion (or, How to Accelerate AERO)]]>by
http://eprint.iacr.org/2015/737
<![CDATA[New multilinear maps from ideal lattices]]>by
http://eprint.iacr.org/2015/736
<![CDATA[Solving LWE via List Decoding]]>by
http://eprint.iacr.org/2015/735
<![CDATA[Modern Cryptography Through the Lens of Secret Sharing]]>by
http://eprint.iacr.org/2015/734
<![CDATA[On the Security of Extended Generalized Feistel Networks]]>by
http://eprint.iacr.org/2015/733
<![CDATA[Fully Homomorphic Encryption on Octonion Ring]]>by
http://eprint.iacr.org/2015/732
<![CDATA[Compact Implementations of LEA Block Cipher for Low-End Microprocessors]]>by
http://eprint.iacr.org/2015/731
<![CDATA[Same Value Analysis on Edwards Curves]]>by
http://eprint.iacr.org/2015/730
<![CDATA[Achieving Compactness Generically: Indistinguishability Obfuscation from Non-Compact Functional Encryption]]>by
http://eprint.iacr.org/2015/729
<![CDATA[Towards Provably-Secure Remote Memory Attestation]]>by
http://eprint.iacr.org/2015/728
<![CDATA[Provable Virus Detection: Using the Uncertainty Principle to Protect Against Malware]]>by
http://eprint.iacr.org/2015/727
<![CDATA[DPA, Bitslicing and Masking at 1 GHz]]>by
http://eprint.iacr.org/2015/726
<![CDATA[Compositions of linear functions and applications to hashing]]>by
http://eprint.iacr.org/2015/725
<![CDATA[The self-blindable U-Prove scheme by Hanzlik and Kluczniak is forgeable]]>by
http://eprint.iacr.org/2015/724
<![CDATA[A masked ring-LWE implementation]]>by
http://eprint.iacr.org/2015/723
<![CDATA[Cryptanalysis of Feistel Networks with Secret Round Functions]]>by
http://eprint.iacr.org/2015/722
<![CDATA[Oblivious Substring Search with Updates]]>by
http://eprint.iacr.org/2015/721
<![CDATA[KDM-Security via Homomorphic Smooth Projective Hashing]]>by
http://eprint.iacr.org/2015/720
<![CDATA[Output-Compressing Randomized Encodings and Applications]]>by
http://eprint.iacr.org/2015/719
<![CDATA[Consolidating masking schemes]]>by
http://eprint.iacr.org/2015/718
<![CDATA[Efficient Asynchronous Accumulators for Distributed PKI]]>by
http://eprint.iacr.org/2015/717
<![CDATA[Towards Secure Cryptographic Software Implementation Against Side-Channel Power Analysis Attacks]]>by
http://eprint.iacr.org/2015/716
<![CDATA[Linear Cryptanalysis of Reduced-Round SIMECK Variants]]>by
http://eprint.iacr.org/2015/715
<![CDATA[New Circular Security Counterexamples from Decision Linear and Learning with Errors]]>by = 2 how to build counterexamples from a bilinear group under the decision k-linear assumption. Recall that the decision k-linear assumption becomes progressively weaker as k becomes larger. This means that we can instantiate counterexamples
from symmetric bilinear groups and shows that asymmetric groups do not have any inherently special property needed for this problem.
We then show how to create 2-circular counterexamples from the Learning with Errors problem. This extends the reach of these systems beyond bilinear groups and obfuscation.
]]>
http://eprint.iacr.org/2015/714
<![CDATA[New classes of public key cryptosystem K(XVI)SE(1)PKC constructed based on Reed-Solomon code over extension field of m=8 and K(XVI)SE(2)PKC, based on binary cyclic code.]]>by
http://eprint.iacr.org/2015/713
<![CDATA[Light-hHB: A New Version of hHB with Improved Session Key Exchange]]>by
http://eprint.iacr.org/2015/712
<![CDATA[On Limitations of the Fiat-Shamir Transformation]]>by
http://eprint.iacr.org/2015/711
<![CDATA[Construction of Lightweight S-Boxes using Feistel and MISTY structures (Full Version)]]>by
http://eprint.iacr.org/2015/710
<![CDATA[Privacy-Preserving Content-Based Image Retrieval in the Cloud (Extended Version)]]>by
http://eprint.iacr.org/2015/709
<![CDATA[Detecting Mobile Application Spoofing Attacks by Leveraging User Visual Similarity Perception]]>by
http://eprint.iacr.org/2015/708
<![CDATA[Choosing Parameters for NTRUEncrypt]]>by
http://eprint.iacr.org/2015/707
<![CDATA[Reconciling User Privacy and Implicit Authentication for Mobile Devices]]>by
http://eprint.iacr.org/2015/706
<![CDATA[A Brief Comparison of Simon and Simeck]]>by
http://eprint.iacr.org/2015/705
<![CDATA[Linear Overhead Robust MPC with Honest Majority Using Preprocessing]]>by
http://eprint.iacr.org/2015/704
<![CDATA[Indistinguishability Obfuscation: from Approximate to Exact]]>by
http://eprint.iacr.org/2015/703
<![CDATA[Point-Function Obfuscation: A Framework and Generic Constructions]]>by
http://eprint.iacr.org/2015/702
<![CDATA[Demystifying incentives in the consensus computer]]>by
http://eprint.iacr.org/2015/701
<![CDATA[Differential Privacy in distribution and instance-based noise mechanisms]]>by
http://eprint.iacr.org/2015/700
<![CDATA[Four Neighbourhood Cellular Automata as Better Cryptographic Primitives]]>by
http://eprint.iacr.org/2015/699
<![CDATA[FURISC: FHE Encrypted URISC Design]]>by
http://eprint.iacr.org/2015/698
<![CDATA[Chosen IV Cryptanalysis on Reduced Round ChaCha and Salsa]]>by
http://eprint.iacr.org/2015/697
<![CDATA[On the Security of a Self-healing Group Key Distribution Scheme]]>by
http://eprint.iacr.org/2015/692
<![CDATA[Fast and Secure Linear Regression and Biometric Authentication with Security Update]]>by
http://eprint.iacr.org/2015/688
<![CDATA[Binary Field Multiplication on ARMv8]]>by
http://eprint.iacr.org/2015/679
<![CDATA[Another Look at Normal Approximations in Cryptanalysis]]>by
http://eprint.iacr.org/2015/675
<![CDATA[Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts]]>by
http://eprint.iacr.org/2015/627
<![CDATA[On Necessary Padding with IO]]>by
http://eprint.iacr.org/2015/562
<![CDATA[PUDA - Privacy and Unforgeability for Data Aggregation]]>by
http://eprint.iacr.org/2015/487
<![CDATA[Contention in Cryptoland: Obfuscation, Leakage and UCE]]>by
http://eprint.iacr.org/2015/463
<![CDATA[Multilinear Maps Using Random Matrix]]>by
http://eprint.iacr.org/2015/432
<![CDATA[Non-Repudiable Proofs of Storage in Cloud]]>by
http://eprint.iacr.org/2015/431
<![CDATA[Conversions among Several Classes of Predicate Encryption and Applications to ABE with Various Compactness Tradeoffs]]>by
http://eprint.iacr.org/2015/400
<![CDATA[Expiration and Revocation of Keys for Attribute-based Signatures (Full Version)]]>by
http://eprint.iacr.org/2015/392
<![CDATA[Forgery Attacks on round-reduced ICEPOLE-128]]>by
http://eprint.iacr.org/2015/355
<![CDATA[Semantic Security and Indistinguishability in the Quantum World]]>by
http://eprint.iacr.org/2015/341
<![CDATA[Limits on the Power of Indistinguishability Obfuscation and Functional Encryption]]>by
http://eprint.iacr.org/2015/307
<![CDATA[Black-Box Garbled RAM]]>by
http://eprint.iacr.org/2015/301
<![CDATA[Cryptanalysis of GGH Map]]>by 2$. GGH map has two classes of applications, which are respectively applications with public tools of encoding and with hidden tools of encoding. In this paper we show that applications of GGH map with public tools of encoding are not secure, and that one application of GGH map with hidden tools of encoding is not secure. On the basis of weak-DL attack presented by authors themselves, we present several efficient attacks on GGH map, aiming at multipartite key exchange (MKE) and the instance of witness encryption (WE) based on the hardness of 3-exact cover problem. First, we use special modular operations, which we call modified encoding/decoding, to filter the decoded noise much smaller. Such filtering is enough to break MKE. Moreover, such filtering negates $K$-GMDDH assumption, which is the security basis of an ABE scheme. The procedure almost breaks away from those lattice attacks and looks like an ordinary algebra. The key point is our special tools for modular operations. Second, under the condition of public tools of encoding, we break the instance of WE based on the hardness of 3-exact cover problem. To do so, we not only use modified encoding/decoding, but also introduce and solve ``combined 3-exact cover problem'', which is a problem never hard to be solved. This attack is under an assumption, which seems at least nonnegligible. Third, for hidden tools of encoding, we break the instance of WE based on the hardness of 3-exact cover problem. To do so, we construct level-2 encodings of 0, used as alternative tools of encoding. Then we break the scheme by applying modified encoding/decoding and combined 3-exact cover. This attack is under several stronger assumptions, which seem nonnegligible. Finally, we present cryptanalysis of two simple revisions of GGH map, aiming at MKE. We show that MKE on these two revisions can be broken under the assumption that $2^{K}$ is polynomially large. To do so, we further generalize our modified encoding/decoding.
]]>
http://eprint.iacr.org/2015/209
<![CDATA[Triathlon of Lightweight Block Ciphers for the Internet of Things]]>by
http://eprint.iacr.org/2015/178
<![CDATA[On Time and Order in Multiparty Computation]]>by
http://eprint.iacr.org/2015/167
<![CDATA[Post-Zeroizing Obfuscation: The case of Evasive Circuits]]>by
http://eprint.iacr.org/2015/163
<![CDATA[Indistinguishability Obfuscation from Functional Encryption]]>by
http://eprint.iacr.org/2015/006
<![CDATA[Two-Server Password-Authenticated Secret Sharing UC-Secure Against Transient Corruptions]]>by
http://eprint.iacr.org/2015/005
<![CDATA[Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM]]>by
http://eprint.iacr.org/2014/1004
<![CDATA[CONIKS: Bringing Key Transparency to End Users]]>by
http://eprint.iacr.org/2014/977
<![CDATA[A Survey on Lightweight Entity Authentication with Strong PUFs]]>by
http://eprint.iacr.org/2014/946
<![CDATA[On a new fast public key cryptosystem]]>by q )$ .\\* In this paper we also evaluate the hardness of this problem by reducing it to SAT .
]]>
http://eprint.iacr.org/2014/926
<![CDATA[Road-to-Vehicle Communications with Time-Dependent Anonymity: A Light Weight Construction and its Experimental Results]]>by
http://eprint.iacr.org/2014/914
<![CDATA[Cryptography with One-Way Communication]]>by
http://eprint.iacr.org/2014/881
<![CDATA[Overview of the Candidates for the Password Hashing Competition - And Their Resistance Against Garbage-Collector Attacks]]>by
http://eprint.iacr.org/2014/869
<![CDATA[Exclusive Exponent Blinding May Not Suffice to Prevent Timing Attacks on RSA]]>by
http://eprint.iacr.org/2014/866
<![CDATA[Self-Destruct Non-Malleability]]>by 1$, there is a black-box construction of a $K$-bit NM-SDA PKE scheme from a single-bit NM-SDA PKE scheme. Moreover, this can be done using only $O(\lambda)$ calls to the underlying single-bit NM-SDA scheme, where $\lambda$ is the security parameter. To achieve our goal, we define and construct a novel type of continuous non-malleable code (NMC), called secret-state NMC, as we show that standard continuous NMCs are not enough for the natural ``expand-then-encrypt-bit-by-bit'' approach to work.
Black-Box Construction from IND-CPA: Prior work showed that NM-CPA secure PKE can be constructed from any IND-CPA secure PKE in a black-box way. Here we show that the same construction actually achieves our strictly stronger notion of NM-SDA security. (This requires a non-trivial extension of the original security proof to handle multiple parallel decryption queries.) Hence, the notions of IND-CPA, NM-CPA, IND-SDA and NM-SDA security are all equivalent, lying (plausibly, strictly?) below IND-CCA security. We also show how to improve the rate of the resulting NM-SDA scheme from quadratic to linear.
]]>
http://eprint.iacr.org/2014/809
<![CDATA[Server-Aided Two-Party Computation with Minimal Connectivity in the Simultaneous Corruption Model]]>by
http://eprint.iacr.org/2014/744
<![CDATA[Sieving for shortest vectors in lattices using angular locality-sensitive hashing]]>by
http://eprint.iacr.org/2014/740
<![CDATA[Non-existence of [n; 5] type Generalized Bent function.]]>by
http://eprint.iacr.org/2014/674
<![CDATA[Efficient RAM and control flow in verifiable outsourced computation]]>by
http://eprint.iacr.org/2014/576
<![CDATA[Vernam Two]]>by
http://eprint.iacr.org/2014/562
<![CDATA[hHB: a Harder HB+ Protocol]]>by
http://eprint.iacr.org/2014/507
<![CDATA[How to Generate and use Universal Samplers]]>by
http://eprint.iacr.org/2014/333
<![CDATA[An optimal representation for the trace zero subgroup]]>by
http://eprint.iacr.org/2014/324
<![CDATA[From Single-Bit to Multi-Bit Public-Key Encryption via Non-Malleable Codes]]>by
http://eprint.iacr.org/2014/203
<![CDATA[Privacy-Preserving Implicit Authentication]]>by
http://eprint.iacr.org/2014/087
<![CDATA[AnoA: A Framework For Analyzing Anonymous Communication Protocols]]>by
http://eprint.iacr.org/2013/593
<![CDATA[One-Sided Adaptively Secure Two-Party Computation]]>by
http://eprint.iacr.org/2012/460
<![CDATA[Information-Theoretic Timed-Release Security: Key-Agreement, Encryption, and Authentication Codes]]>by
http://eprint.iacr.org/2012/278
<![CDATA[Improved Indifferentiability Security Bound for the JH Mode]]>by
http://eprint.iacr.org/2010/397
<![CDATA[Pseudorandom Functions and Permutations Provably Secure Against Related-Key Attacks]]>by
http://eprint.iacr.org/2009/411
<![CDATA[Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima]]>by