lecture notes in computer science 8269978-3-642-42033...lecture notes in computer science 8269...
Post on 13-Jul-2020
5 Views
Preview:
TRANSCRIPT
Lecture Notes in Computer Science 8269Commenced Publication in 1973Founding and Former Series Editors:Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen
Editorial Board
David HutchisonLancaster University, UK
Takeo KanadeCarnegie Mellon University, Pittsburgh, PA, USA
Josef KittlerUniversity of Surrey, Guildford, UK
Jon M. KleinbergCornell University, Ithaca, NY, USA
Alfred KobsaUniversity of California, Irvine, CA, USA
Friedemann MatternETH Zurich, Switzerland
John C. MitchellStanford University, CA, USA
Moni NaorWeizmann Institute of Science, Rehovot, Israel
Oscar NierstraszUniversity of Bern, Switzerland
C. Pandu RanganIndian Institute of Technology, Madras, India
Bernhard SteffenTU Dortmund University, Germany
Madhu SudanMicrosoft Research, Cambridge, MA, USA
Demetri TerzopoulosUniversity of California, Los Angeles, CA, USA
Doug TygarUniversity of California, Berkeley, CA, USA
Gerhard WeikumMax Planck Institute for Informatics, Saarbruecken, Germany
Kazue Sako Palash Sarkar (Eds.)
Advances in Cryptology –ASIACRYPT 2013
19th International Conference on the Theoryand Application of Cryptology and Information SecurityBengaluru, India, December 1-5, 2013Proceedings, Part I
13
Volume Editors
Kazue SakoNEC CorporationKawasaki, JapanE-mail: k-sako@ab.jp.nec.com
Palash SarkarIndian Statistical InstituteKolkata, IndiaE-mail: palash@isical.ac.in
ISSN 0302-9743 e-ISSN 1611-3349ISBN 978-3-642-42032-0 e-ISBN 978-3-642-42033-7DOI 10.1007/978-3-642-42033-7Springer Heidelberg New York Dordrecht London
CR Subject Classification (1998): E.3, D.4.6, F.2, K.6.5, G.2, I.1, J.1
LNCS Sublibrary: SL 4 – Security and Cryptology
© International Association for Cryptologic Research 2013
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part ofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,broadcasting, reproduction on microfilms or in any other physical way, and transmission or informationstorage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodologynow known or hereafter developed. Exempted from this legal reservation are brief excerpts in connectionwith reviews or scholarly analysis or material supplied specifically for the purpose of being entered andexecuted on a computer system, for exclusive use by the purchaser of the work. Duplication of this publicationor parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’s location,in its current version, and permission for use must always be obtained from Springer. Permissions for usemay be obtained through RightsLink at the Copyright Clearance Center. Violations are liable to prosecutionunder the respective Copyright Law.The use of general descriptive names, registered names, trademarks, service marks, etc. in this publicationdoes not imply, even in the absence of a specific statement, that such names are exempt from the relevantprotective laws and regulations and therefore free for general use.While the advice and information in this book are believed to be true and accurate at the date of publication,neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors oromissions that may be made. The publisher makes no warranty, express or implied, with respect to thematerial contained herein.
Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, India
Printed on acid-free paper
Springer is part of Springer Science+Business Media (www.springer.com)
Preface
It is our great pleasure to present the proceedings of Asiacrypt 2013 in twovolumes of Lecture Notes in Computer Science published by Springer. This wasthe 19th edition of the International Conference on Theory and Application ofCryptology and Information Security held annually in Asia by the InternationalAssociation for Cryptologic Research (IACR). The conference was organized byIACR in cooperation with the Cryptology Research Society of India and washeld in the city of Bengaluru in India during December 1–5, 2013.
About one year prior to the conference, an international Program Committee(PC) of 46 scientists assumed the responsibility of determining the scientificcontent of the conference. The conference evoked an enthusiastic response fromresearchers and scientists. A total of 269 papers were submitted for possiblepresentations approximately six months before the conference. Authors of thesubmitted papers are spread all over the world. PC members were allowed tosubmit papers, but each PC member could submit at most two co-authoredpapers or at most one single-authored paper. The PC co-chairs did not submitany paper. All the submissions were screened by the PC and 54 papers werefinally selected for presentations at the conference. These proceedings containthe revised versions of the papers that were selected. The revisions were notchecked and the responsibility of the papers rests with the authors and not thePC members.
Selection of papers for presentation was made through a double-blind re-view process. Each paper was assigned three reviewers and submissions by PCmembers were assigned six reviewers. Apart from the PC members, 291 externalreviewers were involved. The total number of reviews for all the papers was morethan 900. In addition to the reviews, the selection process involved an extensivediscussion phase. This phase allowed PC members to express opinion on all thesubmissions. The final selection of 54 papers was the result of this extensive andrigorous selection procedure. One of the final papers resulted from the mergingof two submissions.
The best paper award was conferred upon the paper“Shorter Quasi-AdaptiveNIZK Proofs for Linear Subspaces”authored by Charanjit Jutla and Arnab Roy.The decision was based on a vote among the PC members. In addition to thebest paper, the authors of two other papers, namely, “Families of Fast EllipticCurves from Q-Curves”authored by Benjamin Smith and“Key Recovery Attackson 3-Round Even-Mansour, 8-Step LED-128, and Full AES2” authored by ItaiDinur, Orr Dunkelman, Nathan Keller and Adi Shamir, were recommended bythe Editor-in-Chief of the Journal of Cryptology to submit expanded versions tothe journal.
A highlight of the conference was the invited talks. An extensive multi-rounddiscussion was carried out by the PC to decide on the invited speakers. This
VI Preface
resulted in very interesting talks on two different aspects of the subject. LarsRamkilde Knudsen spoke on “Block Ciphers — Past and Present” a topic ofclassical and continuing importance, while George Danezis spoke on“EngineeringPrivacy-Friendly Computations,” which is an important and a more moderntheme.
Apart from the regular presentations and the invited talks, a rump sessionwas organized on one of the evenings. This consisted of very short presentationson upcoming research results, announcements of future events, and other topicsof interest to the audience.
We would like to thank the authors of all papers for submitting their researchworks to the conference. Such interest over the years has ensured that the Asi-acrypt conference series remains a cherished venue of publication by scientists.Thanks are due to the PC members for their enthusiastic and continued partic-ipation for over a year in different aspects of selecting the technical program.External reviewers contributed by providing timely reviews and thanks are dueto them. A list of external reviewers is provided in these proceedings. We havetried to ensure that the list is complete. Any omission is inadvertent and if thereis an omission, we apologize to the person concerned.
Special thanks are due to Satyanarayana V. Lokam, the general chair ofthe conference. His message to the PC was to select the best possible scientificprogram without any other considerations. Further, he ensured that the PC co-chairs were insulated from the organizational work. This work was done by theOrganizing Committee and they deserve thanks from all the participants forthe wonderful experience. We thank Daniel J. Bernstein and Tanja Lange forexpertly organizing and conducting the rump session.
The reviews and discussions were entirely carried out online using a softwaredeveloped by Shai Halevi. At several times, we had to ask Shai for his help withsome feature or the other of the software. Every time, we received immediateand helpful responses. We thank him for his support and also for developing thesoftware. We also thank Josh Benaloh, who was our IACR liaison, for guidanceon several issues. Springer published the volumes and made these available beforethe conference. We thank Alfred Hofmann and Anna Kramer and their team fortheir professional and efficient handling of the production process.
Last, but, not the least, we thank Microsoft Research; Google; Indian Statis-tical Institute, Kolkata; and National Mathematics Initiative, Indian Institute ofScience, Bengaluru; for being generous sponsors of the conference.
December 2013 Kazue SakoPalash Sarkar
Asiacrypt 2013
The 19th Annual International Conferenceon Theory and Application of Cryptology
and Information Security
Sponsored by the International Association for CryptologicResearch (IACR)
December 1–5, 2013, Bengaluru, India
General Chair
Satyanarayana V. Lokam Microsoft Research, India
Program Co-chairs
Kazue Sako NEC Corporation, JapanPalash Sarkar Indian Statistical Institute, India
Program Committee
Michel Abdalla Ecole Normale Superieure, FranceColin Boyd Queensland University of Technology, AustraliaAnne Canteaut Inria Paris-Rocquencourt, FranceSanjit Chatterjee Indian Institute of Science, IndiaJung Hee Cheon Seoul National University, KoreaSherman S.M. Chow Chinese University of Hong Kong, SAR ChinaOrr Dunkelmann University of Haifa, IsraelPierrick Gaudry CNRS Nancy, FranceRosario Gennaro City College of New York, USAGuang Gong University of Waterloo, CanadaVipul Goyal Microsoft Research, IndiaEike Kiltz University of Bochum, GermanyTetsu Iwata Nagoya University, JapanTanja Lange Technische Universiteit Eindhoven,
The NetherlandsDong Hoon Lee Korea University, KoreaAllison Lewko Columbia University, USABenoit Libert Technicolor, FranceDongdai Lin Chinese Academy of Sciences, ChinaAnna Lysyanskaya Brown University, USASubhamoy Maitra Indian Statistical Institute, India
VIII Asiacrypt 2013
Willi Meier University of Applied Sciences, SwitzerlandPhong Nguyen Inria, France and Tsinghua University, ChinaKaisa Nyberg Aalto University, FinlandSatoshi Obana Hosei University, JapanKenny Paterson Royal Holloway, University of London, UKKrzysztof Pietrzak Institute of Science and Technology, Austria
David Pointcheval Ecole Normale Superieure, FranceManoj Prabhakaran University of Illinois at Urbana-Champaign,
USAVincent Rijmen KU Leuven, BelgiumRei Safavi-Naini University of Calgary, CanadaYu Sasaki NTT, JapanNicolas Sendrier Inria Paris-Rocquencourt, FrancePeter Schwabe Radboud University Nijmegen,
The NetherlandsThomas Shrimpton Portland State University, USANigel Smart University of Bristol, UKFrancois-Xavier Standaert Universite Catholique de Louvain, Belgium
Damien Stehle Ecole Normale Superieure de Lyon, FranceWilly Susilo University of Wollongong, AustraliaTsuyoshi Takagi Kyushu University, JapanVinod Vaikuntanathan University of Toronto, CanadaFrederik Vercauteren KU Leuven, BelgiumXiaoyun Wang Tsinghua University, ChinaHoeteck Wee George Washington University, USA
and Ecole Normale Superieure, FranceHongjun Wu Nanyang Technological University, Singapore
External Reviewers
Carlos Aguilar-MelchorMasayuki AbeGergely AcsShashank AgrawalAhmad AhmadiHadi AhmadiMohsen AlimomeniJoel AlwenPrabhanjan AnanthGilad AsharovTomer AshurGiuseppe AtenieseMan Ho AuJean-Philippe AumassonPablo Azar
Foteini BaldimtsiSubhadeep BanikPaulo BarretoRishiraj BatacharryaLejla BatinaAnja BeckerMihir BellareFabrice BenhamoudaDebajyoti BeraDaniel J. BernsteinRishiraj BhattacharyyaGaetan BissonOlivier BlazyCeline BlondeauAndrey Bogdanov
Asiacrypt 2013 IX
Alexandra BoldyrevaJoppe W. BosCharles BouillaguetChristina BouraElette BoyleFabian van den BroekBilly Bob BrumleyChristina BrzuskaAngelo De CaroDario CatalanoAndre ChaillouxMelissa ChaseAnupam ChattopadhyayChi ChenJie ChenJing ChenYu ChenCeline ChevalierAshish ChoudharyHeeWon ChungKai-Min ChungDeepak Kumar DalaiM. Prem Laxman DasGareth DaviesYi DengMaria DubovitskayaFrancois DurvauxBarıs EgeNicolas EstibalsXinxin FanPooya FarshimSebastian FaustNelly FazioSerge FehrDario FioreMarc FischlinGeorg FuchsbauerEichiro FujisakiJun FurukawaPhilippe GaboritTommaso GagliardoniMartin GagneSteven GalbraithDavid GalindoNicolas Gama
Sanjam GargLubos GasparPeter GaziRan GellesEssam GhadafiChoudary GorantlaSergey GorbunovDov S. GordonLouis GoubinMatthew GreenVincent GrossoJens GrothTim GuneysuFuchun GuoJian GuoDivya GuptaSourav Sen GuptaBenoıt GerardDong-Guk HanJinguang HanCarmit HazayNadia HeningerJens HermansFlorian HessShoichi HiroseViet Tung HoangJaap-Henk HoepmannDennis HofheinzHyunsook HongJin HongQiong HuangTao HuangYan HuangFei HuoMichael HutterJung Yeon HwangTakanori IsobeMitsugu IwamotoAbhishek JainStanislaw JareckiMahavir JhawarShoaquan JiangAri JuelsMarc KaplanKoray Karabina
X Asiacrypt 2013
Aniket KateJonathan KatzLiam KeliherStephanie KerckhofHyoseung KimKitak KimMinkyu KimSungwook KimTaechan KimYuichi KomanoTakeshi KoshibaAnna KrasnovaFabien LaguillaumieRussell W.F. LaiAdeline LangloisJooyoung LeeKwangsu LeeMoon Sung LeeYounho LeeTancrede LepointGaetan LeurentAnthony LeverrierHuijia Rachel LinFeng-Hao LiuZhenhua LiuZongbin LiuAdriana Lopez-AltAtul LuykxVadim LyubashevskyArpita MaitraHemanta MajiCuauhtemoc Mancillas-LopezKalikinkar MandalTakahiro MatsudaAlexander MaySarah MeiklejohnFlorian MendelAlfred MenezesKazuhiko MinematsuMarine MinierRafael MisoczkiAmir MoradiTal MoranKirill MorozovPratyay Mukherjee
Yusuke NaitoMarıa Naya-PlasenciaGregory NevenKhoa NguyenAntonio NicolosiIvica NikolicRyo NishimakiRyo NojimaAdam O’NeillCristina OneteElisabeth OswaldIlya OzerovOmkant PandeyTapas PanditJong Hwan ParkSeunghwan ParkMichal ParusinskiValerio PastroArpita PatraGoutam PaulRoel PeetersChristopher PeikertMilinda PereraLudovic PerretThomas PetersChristophe PetitDuong Hieu PhanBertram PoetteringJoop van de PolGordon ProctorEmmanuel ProuffElizabeth QuagliaSomindu C RamannaMariana RaykovaChristian RechbergerFrancesco RegazzoniOscar ReparazReza ReyhanitabarThomas RistenpartDamien RobertThomas RocheMike RosulekSujoy Sinha RoySushmita RujCarla Rafols
Asiacrypt 2013 XI
Santanu SarkarMichael SchneiderDominique SchroderJacob SchuldtJae Hong SeoMinjae SeoYannick SeurinHakan SeyaliogluSetareh SharifianAbhi ShelatDale SibbornDimitris E. SimosDave SingeleeWilliam E. Skeith IIIBoris SkoricAdam SmithBen SmithHadi SoleimanyKatherine StangeDouglas StebilaJohn SteinbergerRon SteinfeldMario StreflerDonald SunKoutarou SuzukiYin TanYing-Kai TangSidharth TelangIsamu TeranishiR. Seth TerashimaStefano TessaroSusan ThomsonEmmanuel ThomeGilles Van AsscheKonstantinos VamvourellisAlex VardyK. VenkataDamien VergnaudNicolas Veyrat-CharvillonGilles VillardIvan Visconti
Huaxiong WangLei WangMeiqin WangPeng WangPengwei WangWenhao WangGaven WatsonCarolyn WhitnallDaniel WichsMichael J. WienerShuang WuTeng WuKeita XagawaHaixia XuRui XueBohan YangGuomin YangKan YasudaTakanori YasudaKazuki YoneyamaHongbo YuTsz Hon YuenDae Hyun YumAaram YunHui ZhangLiang Feng ZhangLiting ZhangMingwu ZhangRui ZhangTao ZhangWentao ZhangZongyang ZhangColin Jia ZhengXifan ZhengHong-Sheng ZhouYongbin ZhouBo ZhuYouwen ZhuVassilis ZikasPaul Zimmermann
XII Asiacrypt 2013
Organizing Committee
Raghav Bhaskar Microsoft Research India, BengaluruVipul Goyal Microsoft Research India, BengaluruNeeraj Kayal Microsoft Research India, BengaluruSatyanarayana V. Lokam Microsoft Research India, BengaluruC. Pandurangan Indian Institute of Technology, ChennaiGovindan Rangarajan Indian Institute of Science, Bengaluru
Sponsors
Microsoft ResearchGoogleIndian Statistical Institute, KolkataNational Mathematics Initiative, Indian Institute of Science, Bengaluru
Invited Talks
Block Ciphers – Past and Present
Lars Ramkilde Knudsen
DTU Compute, Denmark
lrkn@dtu.dk
Abstract. In the 1980s researchers were trying to understand the de-sign of the DES, and breaking it seemed impossible. Other block cipherswere proposed, and cryptanalysis of block ciphers got interesting. Thearea took off in the 1990s where it exploded with the appearance of dif-ferential and linear cryptanalysis and the many variants thereof whichappeared in the time after. In the 2000s AES became a standard andit was constructed specifically to resist the general attacks and the areaof (traditional) block cipher cryptanalysis seemed saturated.... Much ofthe progress in cryptanalysis of the AES since then has come from side-channel attacks and related-key attacks.
Still today, for most block cipher applications the AES is a goodand popular choice. However, the AES is perhaps not particularly wellsuited for extremely constrained environments such as RFID tags. There-fore, one trend in block cipher design has been to come up with ultra-lightweight block ciphers with good security and hardware efficiency. Iwas involved in the design of the ciphers Present (from CHES 2007),PrintCipher (presented at CHES 2010) and PRINCE (from Asiacrypt2012). Another trend in block cipher design has been try to increase theefficiency by making certain components part of the secret key, e.g., tobe able to reduce the number of rounds of a cipher.
In this talk, I will review these results.
Engineering Privacy-Friendly Computations
George Danezis 1,2
1 University College London2 Microsoft Research, Cambridge
Abstract. In the past few years tremendous cryptographic progress hasbeen made in relation to primitives for privacy friendly-computations.These include celebrated results around fully homomorphic encryption,faster somehow homomorphic encryption, and ways to leverage them tosupport more efficient secret-sharing based secure multi-party compu-tations. Similar break-through in verifiable computation, and succinctarguments of knowledge, make it practical to verify complex computa-tions, as part of privacy-preserving client side program execution. Besidescomputations themselves, notions like differential privacy attempt to cap-ture the essence of what it means for computations to leak little personalinformation, and have been mapped to existing data query languages.
So, is the problem of computation on private data solved, or just aboutto be solved? In this talk, I argue that the models of generic computationsupported by cryptographic primitives are complete, but rather removedfrom what a typical engineer or data analyst expects. Furthermore, theuse of these cryptographic technologies impose constrains that requirefundamental changes in the engineering of computing systems. Whilethose challenges are not obviously cryptographic in nature, they are nev-ertheless hard to overcome, have serious performance implications, anderrors open avenues for attack.
Throughout the talk I use examples from our own work relating toprivacy-friendly computations within smart grid and smart metering de-ployments for private billing, privacy-friendly aggregation, statistics andfraud detection. These experiences have guided the design of ZQL, acryptographic language and compiler for zero-knowledge proofs, as wellas more recent tools that compile using secret-sharing based primitives.
Table of Contents – Part I
Zero-Knowledge
Shorter Quasi-Adaptive NIZK Proofs for Linear Subspaces . . . . . . . . . . . . 1Charanjit S. Jutla and Arnab Roy
Constant-Round Concurrent Zero Knowledge in the Bounded PlayerModel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Vipul Goyal, Abhishek Jain, Rafail Ostrovsky, Silas Richelson, andIvan Visconti
Succinct Non-Interactive Zero Knowledge Arguments from SpanPrograms and Linear Error-Correcting Codes . . . . . . . . . . . . . . . . . . . . . . . . 41
Helger Lipmaa
Algebraic Cryptography
Families of Fast Elliptic Curves from Q-curves . . . . . . . . . . . . . . . . . . . . . . . 61Benjamin Smith
Four-Dimensional GLV via the Weil Restriction . . . . . . . . . . . . . . . . . . . . . . 79Aurore Guillevic and Sorina Ionica
Discrete Gaussian Leftover Hash Lemma over Infinite Domains . . . . . . . . 97Shweta Agrawal, Craig Gentry, Shai Halevi, and Amit Sahai
New Insight into the Isomorphism of Polynomial Problem IP1S and ItsUse in Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Gilles Macario-Rat, Jerome Plut, and Henri Gilbert
Theoretical Cryptography-I
Constructing Confidential Channels from Authenticated Channels—Public-Key Encryption Revisited . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Sandro Coretti, Ueli Maurer, and Bjorn Tackmann
Reset Indifferentiability and Its Consequences . . . . . . . . . . . . . . . . . . . . . . . 154Paul Baecher, Christina Brzuska, and Arno Mittelbach
Computational Fuzzy Extractors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Benjamin Fuller, Xianrui Meng, and Leonid Reyzin
Efficient One-Way Secret-Key Agreement and Private Channel Codingvia Polarization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Joseph M. Renes, Renato Renner, and David Sutter
XVIII Table of Contents – Part I
Protocols
SPHF-Friendly Non-interactive Commitments . . . . . . . . . . . . . . . . . . . . . . . 214Michel Abdalla, Fabrice Benhamouda, Olivier Blazy,Celine Chevalier, and David Pointcheval
Self-Updatable Encryption: Time Constrained Access Control withHidden Attributes and Better Efficiency . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Kwangsu Lee, Seung Geol Choi, Dong Hoon Lee,Jong Hwan Park, and Moti Yung
Function-Private Subspace-Membership Encryption and ItsApplications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Dan Boneh, Ananth Raghunathan, and Gil Segev
Random Projections, Graph Sparsification, and Differential Privacy . . . . 276Jalaj Upadhyay
Theoretical Cryptography-II
Notions of Black-Box Reductions, Revisited . . . . . . . . . . . . . . . . . . . . . . . . . 296Paul Baecher, Christina Brzuska, and Marc Fischlin
Adaptive and Concurrent Secure Computation from New Adaptive,Non-malleable Commitments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Dana Dachman-Soled, Tal Malkin, Mariana Raykova, andMuthuramakrishnan Venkitasubramaniam
Symmetric Key Cryptanalysis
Key Recovery Attacks on 3-round Even-Mansour, 8-step LED-128, andFull AES2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Itai Dinur, Orr Dunkelman, Nathan Keller, and Adi Shamir
Key Difference Invariant Bias in Block Ciphers . . . . . . . . . . . . . . . . . . . . . . 357Andrey Bogdanov, Christina Boura, Vincent Rijmen, Meiqin Wang,Long Wen, and Jingyuan Zhao
Leaked-State-Forgery Attack against the Authenticated EncryptionAlgorithm ALE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
Shengbao Wu, Hongjun Wu, Tao Huang, Mingsheng Wang, andWenling Wu
Symmetric Key Cryptology: Schemes and Analysis
A Modular Framework for Building Variable-Input-Length TweakableCiphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Thomas Shrimpton and R. Seth Terashima
Table of Contents – Part I XIX
Parallelizable and Authenticated Online Ciphers . . . . . . . . . . . . . . . . . . . . . 424Elena Andreeva, Andrey Bogdanov, Atul Luykx, Bart Mennink,Elmar Tischhauser, and Kan Yasuda
How to Construct an Ideal Cipher from a Small Set of PublicPermutations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
Rodolphe Lampe and Yannick Seurin
Generic Key Recovery Attack on Feistel Scheme . . . . . . . . . . . . . . . . . . . . . 464Takanori Isobe and Kyoji Shibutani
Side-Channel Cryptanalysis
Does My Device Leak Information? An a priori Statistical PowerAnalysis of Leakage Detection Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
Luke Mather, Elisabeth Oswald, Joe Bandenburg, and Marcin Wojcik
Behind the Scene of Side Channel Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . 506Victor Lomne, Emmanuel Prouff, and Thomas Roche
SCARE of Secret Ciphers with SPN Structures . . . . . . . . . . . . . . . . . . . . . . 526Matthieu Rivain and Thomas Roche
Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Table of Contents – Part II
Message Authentication Codes
New Generic Attacks against Hash-Based MACs . . . . . . . . . . . . . . . . . . . . . 1Gaetan Leurent, Thomas Peyrin, and Lei Wang
Cryptanalysis of HMAC/NMAC-Whirlpool . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Jian Guo, Yu Sasaki, Lei Wang, and Shuang Wu
Signatures
Lattice-Based Group Signatures with Logarithmic Signature Size . . . . . . . 41Fabien Laguillaumie, Adeline Langlois, Benoıt Libert, andDamien Stehle
The Fiat–Shamir Transformation in a Quantum World . . . . . . . . . . . . . . . 62Ozgur Dagdelen, Marc Fischlin, and Tommaso Gagliardoni
On the Security of One-Witness Blind Signature Schemes . . . . . . . . . . . . . 82Foteini Baldimtsi and Anna Lysyanskaya
Cryptography Based Upon Physical Assumptions
Unconditionally Secure and Universally Composable Commitmentsfrom Physical Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Ivan Damgard and Alessandra Scafuro
Functional Encryption from (Small) Hardware Tokens . . . . . . . . . . . . . . . . 120Kai-Min Chung, Jonathan Katz, and Hong-Sheng Zhou
Bounded Tamper Resilience: How to go beyond the Algebraic Barrier . . . 140Ivan Damgard, Sebastian Faust, Pratyay Mukherjee, andDaniele Venturi
Tamper Resilient Circuits: The Adversary at the Gates . . . . . . . . . . . . . . . 161Aggelos Kiayias and Yiannis Tselekounis
Multi-Party Computation
Efficient General-Adversary Multi-Party Computation . . . . . . . . . . . . . . . . 181Martin Hirt and Daniel Tschudi
XXII Table of Contents – Part II
Fair and Efficient Secure Multiparty Computation with ReputationSystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Gilad Asharov, Yehuda Lindell, and Hila Zarosim
Between a Rock and a Hard Place: Interpolating between MPC andFHE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Ashish Choudhury, Jake Loftus, Emmanuela Orsini,Arpita Patra, and Nigel P. Smart
Cryptographic Primitives
Building Lossy Trapdoor Functions from Lossy Encryption . . . . . . . . . . . . 241Brett Hemenway and Rafail Ostrovsky
Pseudorandom Generators from Regular One-Way Functions:New Constructions with Improved Parameters . . . . . . . . . . . . . . . . . . . . . . . 261
Yu Yu, Xiangxue Li, and Jian Weng
Constrained Pseudorandom Functions and Their Applications . . . . . . . . . 280Dan Boneh and Brent Waters
Fully Homomorphic Message Authenticators . . . . . . . . . . . . . . . . . . . . . . . . . 301Rosario Gennaro and Daniel Wichs
Analysis, Cryptanalysis and Passwords
Non-uniform Cracks in the Concrete: The Power of FreePrecomputation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Daniel J. Bernstein and Tanja Lange
Factoring RSA Keys from Certified Smart Cards: Coppersmith in theWild . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
Daniel J. Bernstein, Yun-An Chang, Chen-Mou Cheng,Li-Ping Chou, Nadia Heninger, Tanja Lange, andNicko van Someren
Naturally Rehearsing Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361Jeremiah Blocki, Manuel Blum, and Anupam Datta
Leakage-Resilient Cryptography
Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryptionfrom Hash Proof System and One-Time Lossy Filter . . . . . . . . . . . . . . . . . . 381
Baodong Qin and Shengli Liu
On Continual Leakage of Discrete Log Representations . . . . . . . . . . . . . . . 401Shweta Agrawal, Yevgeniy Dodis, Vinod Vaikuntanathan, andDaniel Wichs
Table of Contents – Part II XXIII
Two-Party Computation
Hiding the Input-Size in Secure Two-Party Computation . . . . . . . . . . . . . . 421Yehuda Lindell, Kobbi Nissim, and Claudio Orlandi
Secure Two-Party Computation with Reusable Bit-Commitments, viaa Cut-and-Choose with Forge-and-Lose Technique . . . . . . . . . . . . . . . . . . . . 441
Luıs T.A.N. Brandao
Hash Functions
A Heuristic for Finding Compatible Differential Paths with Applicationto HAS-160 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
Aleksandar Kircanski, Riham AlTawy, and Amr M. Youssef
Improved Cryptanalysis of Reduced RIPEMD-160 . . . . . . . . . . . . . . . . . . . . 484Florian Mendel, Thomas Peyrin, Martin Schlaffer, Lei Wang, andShuang Wu
Limited-Birthday Distinguishers for Hash Functions: Collisions beyondthe Birthday Bound Can Be Meaningful . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
Mitsugu Iwamoto, Thomas Peyrin, and Yu Sasaki
On Diamond Structures and Trojan Message Attacks . . . . . . . . . . . . . . . . . 524Tuomas Kortelainen and Juha Kortelainen
Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
top related