NSEC5 from Elliptic Curves: Provably Preventing DNSSEC Zone Enumeration with...
While DNSSEC securely provides authenticity and integrity to the domain name system (DNS), it also creates a new security vulnerability called zone enumeration that allows an adversary that asks a...
View ArticleTruncated Differential Analysis of Round-Reduced RoadRunneR Block Cipher, by...
RoadRunneR is a small and fast bitslice lightweight block cipher for low cost 8-bit processors proposed by Adnan Baysal and Sa ̈hap S ̧ahin in the LightSec 2015 conference. While most software...
View ArticleCryptanalysis of ring-LWE based key exchange with key share reuse, by Scott...
This paper shows how several ring-LWE based key exchange protocols can be broken, under the assumption that the same key share is used for multiple exchanges. This indicates that, if these key exchange...
View ArticleIntel SGX Explained, by Victor Costan and Srinivas Devadas
Intel's Software Guard Extensions (SGX) is a set of extensions to the Intel architecture that aims to provide integrity and privacy guarantees to security-sensitive computation performed on a computer...
View ArticleHandycipher: a Low-tech, Randomized, Symmetric-key Cryptosystem, by Bruce...
Handycipher is a low-tech, randomized, symmetric-key, stream cipher, simple enough to permit pen-and-paper encrypting and decrypting of messages, while providing a significantly high level of security....
View ArticleA Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates, by...
The Internet Engineering Task Force (IETF) is currently developing the next version of the Transport Layer Security (TLS) protocol, version 1.3. The transparency of this standardization process allows...
View ArticleCompositions of linear functions and applications to hashing, by Vladimir...
Cayley hash functions are based on a simple idea of using a pair of (semi)group elements, $A$ and $B$, to hash the 0 and 1 bit, respectively, and then to hash an arbitrary bit string in the natural...
View ArticleCollusion Resistant Aggregation from Convertible Tags, by Iraklis Leontiadis...
The progress in communication and hardware technology increases the computational capabilities of personal devices. Data is produced massively from ubiquitous devices that cannot be stored locally....
View ArticleSafely Exporting Keys from Secure Channels: On the security of EAP-TLS and...
We investigate how to safely export additional cryptographic keys from secure channel protocols, modelled with the authenticated and confidential channel establishment (ACCE) security notion. For...
View ArticleOn Linear Hulls and Trails in Simon, by Tomer Ashur and Vincent Rijmen
The block cipher Simon has a very simple round function. This simplicity allows us to compute the correlation matrix of the round function. Despite its simplicity, Simon exhibits some very interesting...
View ArticleOn the Hardness of LWE with Binary Error: Revisiting the Hybrid...
The security of many cryptographic schemes has been based on special instances of the Learning with Errors (LWE) problem, e.g., Ring-LWE, LWE with binary secret, or LWE with ternary error. However,...
View ArticleSpectral characterization of iterating lossy mappings, by Joan Daemen
In this paper we study what happens to sets when we iteratively apply lossy (round) mappings to them. We describe the information loss as imbalances of parities of intermediate distributions and show...
View ArticleOn the Security of the Algebraic Eraser Tag Authentication Protocol, by Simon...
The Algebraic Eraser has been gaining prominence as SecureRF, the company commercializing the algorithm, increases its marketing reach. The scheme is claimed to be well-suited to IoT applications but a...
View ArticleCryptanalysis of the Full Spritz Stream Cipher, by Subhadeep Banik and...
Spritz is a stream cipher proposed by Rivest and Schuldt at the rump session of CRYPTO 2014. It is intended to be a replacement of the popular RC4 stream cipher. In this paper we propose distinguishing...
View ArticleValiant's Universal Circuit is Practical, by Ágnes Kiss and Thomas Schneider
Universal circuits (UCs) can be programmed to evaluate any circuit of a given size $k$. They provide elegant solutions in various application scenarios, e.g. for private function evaluation (PFE) and...
View ArticleTightly Secure CCA-Secure Encryption without Pairings, by Romain Gay and...
We present the first CCA-secure public-key encryption scheme based on DDH where the security loss is independent of the number of challenge ciphertexts and the number of decryption queries. Our...
View ArticleKey Recovery for LWE in Polynomial Time, by Kim Laine and Kristin Lauter
We discuss a higher dimensional generalization of the Hidden Number Problem and generalize the Boneh-Venkatesan method for solving it in polynomial time. We then use this to analyze a key recovery...
View ArticleComputationally binding quantum commitments, by Dominique Unruh
We present a new definition of computationally binding commitment schemes in the quantum setting, which we call "collapse-binding". The definition applies to string commitments, composes in parallel,...
View ArticleAuthentication Key Recovery on Galois Counter Mode (GCM), by John Mattsson,...
GCM is used in a vast amount of security protocols and is quickly becoming the de facto mode of operation for block ciphers due to its exceptional performance. In this paper we analyze the NIST stan-...
View ArticleARMed SPHINCS -- Computing a 41KB signature in 16KB of RAM, by Andreas...
This paper shows that it is feasible to implement the stateless hash-based signature scheme SPHINCS-256 on an embedded microprocessor with memory even smaller than a signature and limited computing...
View Article