Browse Proceedings

Passive RFID tags have limited rewritable memory for data storage and limited computation power, which pose difficulties to implement security protection on RFID tags. It has been shown that strong security and privacy protections for RFID require ...

In this paper, we present a provably secure redactable signature scheme allowing to independently redact structure and content. We identify the problems when structure is not separated from content, resulting in an attack on the scheme proposed at VLDB '...

We propose a new variant of HK09 (proposed by Hofheinz and Kiltz in Eurocrypt 2009) which improves the decapsulation efficiency at the price of a slightly increased key size. Compared with the original HK09 scheme the decapsulation efficiency is ...

The deniable encryption is a type of encryption which can hide the true message while revealing a fake one. Even if the sender or the receiver is coerced to show the plaintext and the used random numbers in encryption, a deniable encryption scheme ...

We provide a symbolic model for protocols using public-key encryption and hash function, and prove that this model is computationally sound: if there is an attack in the computational world, then there is an attack in the symbolic (abstract) model. Our ...

Camellia is one of the most worldwide used block ciphers, which has been selected as a standard by ISO/IEC. In this paper, we propose several new 7-round impossible differentials of Camellia with 2 FL/FL⁻¹ layers, which turn out to be the first 7-round ...

LBlock is a lightweight block cipher with 32 rounds, which can be implemented efficiently not only in hardware environment but also in software platforms. In this paper, by exploiting the structure of LBlock and the redundancy in its key schedule, we ...

This paper presents 11- and 13-round key-recovery attacks on block cipher 3D with the truncated differential cryptanalysis, while the previous best key-recovery attack broke only 10 rounds with the impossible differential attack. 3D is an AES-based ...

The unconditionally secure Distributed Oblivious Transfer (DOT) protocol introduced by Naor and Pinkas allows a receiver to contact k servers and obtain one out of two secrets held by a sender. In its generalized version presented by Blundo, D'Arco, De ...

In this paper, we propose an efficient code-based 1-out-of-N oblivious transfer, OT₁^N, based on McEliece assumptions without invoking the OT₁² several times as in the paradigm proposed in [20,6]. We also show that the protocol is computationally secure ...

We propose a practical and fine-grained browser extension access control framework, which regulates the misbehavior of JSEs with malicious intent at run time by means of restricting the access to resources, in order to prevent the malicious JSEs from ...

With the growth of the Internet, its wide-ranging services are increasingly being threatened by adverse and malicious attacks. CAPTCHAs have emerged as a standard security countermeasure against Internet attacks such as distributed denial of service ...

We exhibit a system for improving the quality of user-derived keying material on touch-screen devices. We allow a device to recover previously generated, highly entropic data suitable for use as (part of) a strong secret key from a user's act of ...

This paper presents a comprehensive formal security framework for key derivation functions (KDF). The major security goal for a KDF is to produce cryptographic keys from a private seed value where the derived cryptographic keys are indistinguishable ...

A visual cryptography scheme (VCS) is a secret sharing method, for which the secret can be decoded by human eyes without needing any cryptography knowledge nor any computation. To the best of our knowledge, there are two different definitions of basis ...

The security of pairing-based cryptosystems depends on the difficulty of the discrete logarithm problem (DLP) over certain types of finite fields. One of the most efficient algorithms for computing a pairing is the η_T pairing over supersingular curves ...

In INFOCOM 2009, Yu, Wei, Ramkumar and Guan have proposed the novel mechanism (called Yu's scheme), in which a forwarder can filter polluted messages before spreading the pollution in the XOR network coding systems. In order to perform such filtering, ...

Recent attacks on the German identity card show that a compromised client computer allows for PIN compromise and man-in-the-middle attacks on eID cards. We present a selection of new solutions to that problem which do not require changes in the card ...

The square root is an important mathematical primitive whose secure, efficient, distributed computation has so far not been possible. We present a solution to this problem based on Goldschmidt's algorithm. The starting point is computed by linear ...

ROP attack introduced briefly in this paper is a serious threat to compute systems. Kernel ROP attack is great challenge to existing defenses because attackers have system privilege, little prerequisite to mount attacks, and the disability of existing ...

Fault attacks against cryptographic schemes as used in tamper- resistant devices have led to a vibrant research activity in the past. This area was recently augmented by the discovery of attacks even on the public key parts of asymmetric cryptographic ...

In this paper, we investigate the security of the KATAN family of block ciphers against differential fault attacks. KATAN consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64, respectively. All three ...

Piccolo is a lightweight block cipher, with a fixed 64-bit block size and variable key length 80- or 128-bit, which was proposed at CHES 2011. The iterative structure of Piccolo is a variant of Generalized Feistel Network. The transformation utilizing ...

The notion of fully homomorphic encryption is very important since it enables many important applications, such as the cloud computing scenario. In EUROCRYPT 2010, van Dijk, Gentry, Halevi and Vaikuntanathan proposed an interesting fully homomorphic ...

In 1998, Boneh, Durfee and Frankel described several attacks against RSA enabling an attacker given a fraction of the bits of the private exponent d to recover all of d. These attacks were later improved and extended in various ways. They however always ...

ICEBERG is proposed by Standaert et al. in FSE 2004 for reconfigurable hardware implementations. ICEBERG is a fast involutional SPN block cipher and all its components are involutional and allow very efficient combinations of encryption/decryption. ...

Due to low Signal to Noise Ratio (SNR) in general experimental environments, previous attack methods such as correlation power analysis (CPA) do not always screen out the correct key value. Sometimes the success rate of the attack is so slight that we ...