Selected Areas in Cryptography - SAC 2013 20th International Conference, Burnaby, BC, Canada, August 14-16, 2013, Revised Selected Papers

This book constitutes the proceedings of the 20th International Conference on Selected Areas in Cryptography, SAC 2013, held in Burnaby, Canada, in August 2013. The 26 papers presented in this volume were carefully reviewed and selected from 98 submissions. They are organized in topical sections nam...

Full description

Saved in:

Bibliographic Details
Main Authors	SAC, Lange, Tanja, Lauter, Kristin, Lisonĕk, Petr
Format	eBook Book
Language	English
Published	Netherlands Springer Nature 2014 Springer Springer Berlin / Heidelberg
Edition	1
Series	Lecture Notes in Computer Science
Subjects	Computer programming, programs, data Computer security Computer security-Congresses Data encryption (Computer science)-Congresses
Online Access	Get full text
ISBN	3662434148 9783662434147 9783662434130 366243413X

Cover

Table of Contents:

5 Multidimensional Zero-Correlation Cryptanalysis of CLEFIA
5.1 The Security of the Initialization -- 5.2 The Security of the Encryption Process -- 5.3 The Security of Message Authentication -- 5.4 Other Attacks -- 6 The Performance of AEGIS -- 7 Design Rationale -- 8 Conclusion -- A Test Vectors -- A.1 Test Vectors of AEGIS-128 -- A.2 Test Vectors of AEGIS-256 -- References -- Post-quantum (Hash-Based and System Solving) -- Fast Exhaustive Search for Quadratic Systems in F2 on FPGAs -- 1 Introduction -- 2 Implementation -- 2.1 Parallelization Using Accelerators -- 2.2 Full Evaluation or Gray Code? -- 2.3 Implementation of the Gray-Code Approach -- 3 Collisions, or Overabundance of Solution Candidates -- 3.1 Expected Collisions -- 3.2 Choosing Parameters -- 3.3 Handling of Collisions -- 4 Performance Results and Concluding Remarks -- References -- Faster Hash-Based Signatures with Bounded Leakage -- 1 Motivation -- 2 Hash-Based Signatures -- 2.1 The Merkle Signature Scheme -- 2.2 Winternitz One-Time Signatures -- 2.3 Private Key Generation -- 2.4 Authentication Path Computation -- 2.5 Security of MSS -- 2.6 Bounded Leakage for MSS -- 3 Optimized Authentication Path Computation -- 3.1 Authentication Path Computation -- 3.2 Balanced Authentication Path Computation -- 4 Implementation and Results -- 4.1 A Bounded Leakage Merkle Signature Engine -- 4.2 Implementation Platforms -- 4.3 Performance Results -- 4.4 Leakage Results -- 5 Conclusion -- A Appendix -- References -- White Box Crypto -- White-Box Security Notions for Symmetric Encryption Schemes -- 1 Introduction -- 2 Preliminaries -- 3 White-Box Compilers -- 3.1 Attack Models -- 3.2 The Prime Goal: Unbreakability -- 3.3 Security Notions Really Needed in Applications -- 4 One-Wayness -- 5 Incompressibility of White-Box Programs -- 6 A Provably One-Way and Incompressible White-Box Compiler -- 6.1 RSA Groups -- 6.2 The White-Box Compiler
Intro -- Preface -- SAC 2013Conference on Selected Areas in Cryptography -- Abstract of Invited Talk -- Contents -- Invited Talk -- The Realm of the Pairings -- 1 Introduction -- 2 Preliminary Concepts -- 2.1 Protocols and Assumptions -- 3 Curves and Algorithms -- 3.1 Supersingular Curves -- 3.2 Generic Constructions -- 3.3 Sparse Families of Curves -- 3.4 Complete Families of Curves -- 3.5 Holistic Families -- 3.6 Efficient Algorithms -- 4 Implementation Aspects -- 4.1 Pairing Algorithm -- 4.2 Field Arithmetic -- 4.3 Curve Arithmetic -- 4.4 Operation Count -- 4.5 Results and Discussion -- 5 Conclusion -- References -- Lattices Part I -- A Three-Level Sieve Algorithm for the Shortest Vector Problem -- 1 Introduction -- 2 Notations and Preliminaries -- 2.1 Lattices -- 2.2 The Basic Framework of Some Heuristic Sieve Algorithms -- 3 A Three-Level Sieve Algorithm -- 3.1 Description of the Three-Level Sieve Algorithm -- 3.2 Complexity of the Algorithm -- 4 Experimental Results -- 4.1 Comparison with the Other Heuristic Sieve Algorithms -- 4.2 On Heuristic Assumption 1 -- 5 Conclusion -- References -- Improvement and Efficient Implementation of a Lattice-Based Signature Scheme -- 1 Introduction -- 1.1 Our Contribution -- 1.2 Related Work -- 1.3 Organization -- 2 Preliminaries -- 2.1 Notation -- 3 Trapdoor Signatures -- 3.1 Description of the Matrix Version -- 3.2 The Ring Setting -- 4 Improvements and Implementation Details -- 4.1 Computation of the Covariance matrix -- 4.2 Estimating the Parameter s -- 4.3 Generation of Perturbation Vectors -- 4.4 Square Root Computation -- 4.5 Sampling -- 4.6 Random Oracle Instantiation -- 5 Experimental Results -- A Appendix -- A.1 Parameter Choices for the Matrix and Ring Variant -- A.2 Cholesky Decomposition -- A.3 Proof of Lemma 2 -- A.4 Sizes -- References
Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware -- 1 Introduction and Motivation -- 2 The Ring-LWEEncryptCryptosystem -- 2.1 Background on LWE -- 2.2 Ring-LWEEncrypt -- 2.3 Improving Efficiency -- 3 Implementation of Ring-LWEEncrypt -- 3.1 Gaussian Sampling -- 3.2 Ring-LWE Processor Architecture -- 4 Results and Performance -- 4.1 Gaussian Sampling -- 4.2 Performance of Ring-LWEEncrypt -- 4.3 Constant Time Operation -- 5 Conclusions and Future Work -- References -- Invited Talk -- Practical Approaches to Varying Network Size in Combinatorial Key Predistribution Schemes -- 1 Introduction -- 1.1 Overview of the Construction and Analysis of Combinatorial Key Predistribution Schemes -- 1.2 Outline of the Paper -- 2 Two Approaches to Varying the Network Size in KPSs based on Transversal Designs -- 2.1 Resolvable Transversal Designs of Strength 2 -- 2.2 Transversal Designs of Higher Strength -- 2.3 Finer Control Over the Number of Blocks -- 3 Analysis and Comparisons of the New Constructions with Previous Schemes -- 3.1 Asymptotic Comparisons -- 3.2 Comparisons for Explicit Parameter Choices -- 4 An Efficient New Approach to Calculating Connectivity and Resilience for Arbitrary Set Systems -- 4.1 Formulas for Connectivity -- 4.2 Formulas for Resilience -- 4.3 Computing Connectivity and Resilience -- 4.4 Examples -- 5 Conclusion -- References -- Discrete Logarithms -- A Group Action on Zp and the Generalized DLP with Auxiliary Inputs -- 1 Introduction -- 2 Multiplicative Subgroups of Zn -- 2.1 Representation of a Multiplicative Subgroup of Zn -- 3 A Group Action on Zp -- 4 Polynomial Construction -- 5 Main Theorem -- 6 Conclusion -- References -- Solving a 6120-bit DLP on a Desktop Computer -- 1 Introduction -- 2 The Algorithm -- 2.1 Setup -- 2.2 Factor Base and Automorphisms -- 2.3 Relation Generation
2.4 Individual Logarithms -- 3 Other Essentials -- 3.1 Factorisation of the Group Order -- 3.2 Pohlig-Hellman and Pollard's Rho Method -- 3.3 Linear Algebra -- 3.4 Target Element -- 4 Discrete Logarithms in F26120 -- 4.1 Setup -- 4.2 Relation Generation -- 4.3 Linear Algebra -- 4.4 Individual Logarithm -- 4.5 Total Running Time -- 5 Complexity Considerations -- References -- Stream Ciphers and Authenticated Encryption -- How to Recover Any Byte of Plaintext on RC4 -- 1 Introduction -- 2 Preliminary -- 2.1 Long-term Bias -- 2.2 Previous Works -- 3 Plaintext Recovery Attack Using Known Partial Plaintext Bytes -- 3.1 Attack Functions -- 3.2 Attack Procedure -- 3.3 Experimental Results -- 4 Guess-and-Determine Plaintext Recovery Attack (GD Attack) -- 4.1 FM00 Bias for GD Attack -- 4.2 Plaintext Recovery Method for Recovering Any Plaintext Byte -- 4.3 Experimental Results -- 5 Conclusion -- References -- The LOCAL Attack: Cryptanalysis of the Authenticated Encryption Scheme ALE -- 1 Introduction -- 2 Authenticated Encryption Schemes and ALE -- 3 Forgery Attack -- 4 Turning the Forgery into a State Recovery Attack -- 5 Strengthening ALE -- 6 Conclusion -- References -- AEGIS: A Fast Authenticated Encryption Algorithm -- 1 Introduction -- 2 Operations, Variables and Functions -- 2.1 Operations -- 2.2 Variables and Constants -- 2.3 Functions -- 3 AEGIS-128 -- 3.1 The State Update Function of AEGIS-128 -- 3.2 The Initialization of AEGIS-128 -- 3.3 Processing the Authenticated Data -- 3.4 The Encryption of AEGIS-128 -- 3.5 The Finalization of AEGIS-128 -- 3.6 The Decryption and Verification of AEGIS-128 -- 4 AEGIS-256 -- 4.1 The State Update Function of AEGIS-256 -- 4.2 The Initialization of AEGIS-256 -- 4.3 Processing the Authenticated Data -- 4.4 The Encryption of AEGIS-256 -- 4.5 The Finalization of AEGIS-256 -- 5 The Security of AEGIS
6.3 Proving Incompressibility Under Chosen Plaintext Attacks -- 7 Traceability of White-Box Programs -- 7.1 Programs with Hidden Perturbations -- 7.2 A Generic Tracing Scheme -- References -- Two Attacks on a White-Box AES Implementation -- 1 Introduction -- 2 Preliminaries -- 2.1 AES -- 2.2 Chow et al.'s White-Box AES Implementation and the BGE Attack -- 3 Reducing the Work Factor of the BGE Attack -- 3.1 Conclusion -- 4 A New Attack Exploiting Internal Collisions -- 4.1 Recovering the Si Functions -- 4.2 Recovering the Secret Key -- 4.3 Attack Complexity -- 5 Karroumi's White-Box AES Implementation -- 5.1 Insecurity -- 6 Conclusion -- References -- Block Ciphers -- Extended Generalized Feistel Networks Using Matrix Representation -- 1 Matrix Representation of Feistel Networks -- 1.1 Definitions and Notations -- 1.2 Diffusion Delay -- 1.3 Matrix Representation of Feistel Networks -- 1.4 Matrix Equivalences -- 1.5 Exhaustive Search of Feistel Networks -- 2 New Feistel Network Proposals -- 2.1 Extended Generalized Feistel Networks -- 2.2 An Efficient Example -- 3 Security Analysis of Our Proposed Feistel Scheme -- 3.1 Pseudorandomness -- 3.2 Evaluation of Security Against Classical Attacks -- 4 Conclusion -- References -- Zero-Correlation Linear Cryptanalysis with FFT and Improved Attacks on ISO Standards Camellia and CLEFIA -- 1 Introduction -- 2 Preliminaries -- 2.1 Basics of Zero-Correlation Linear Cryptanalysis -- 2.2 Zero-Correlation Linear Cryptanalysis with Multiple Linear Approximations -- 2.3 Multidimensional Zero-Correlation Linear Cryptanalysis -- 3 Fast Fourier Transform for Zero Correlation -- 4 Zero-Correlation Cryptanalysis of Camellia with FFT -- 4.1 Zero-Correlation Linear Approximations for 7-Round Camellia -- 4.2 Key Recovery for 11-Round Camellia-128 -- 4.3 Key Recovery for 12-Round Camellia-192