Progress in Cryptology - INDOCRYPT 2011
12th International Conference on Cryptology in India, Chennai, India, December 11-14, 2011, Proceedings
Published on 7. December 2011
XIII, 401 pages
978-3-642-25578-6 (ISBN)
Description
This book constitutes the refereed proceedings of the 12th International Conference on Cryptology in India, INDOCRYPT 2011, held in Chennai, India, in December 2011. The 22 revised full papers presented together with the abstracts of 3 invited talks and 3 tutorials were carefully reviewed and selected from 127 submissions. The papers are organized in topical sections on side-channel attacks, secret-key cryptography, hash functions, pairings, and protocols.
More details
Other editions
Additional editions
Daniel J. Bernstein | Sanjit Chatterjee
Progress in Cryptology - INDOCRYPT 2011
12th International Conference on Cryptology in India, Chennai, India, December 11-14, 2011, Proceedings
Book
11/2011
Springer
€53.49
Shipment within 7-9 days
Content
- Intro
- Title
- Preface
- Organization
- Table of Contents
- Tutorial 1
- Tor and the Censorship Arms Race: Lessons Learned
- Tutorial 2
- Elliptic Curves for Applications
- Side-Channel Attacks
- PKDPA: An Enhanced Probabilistic Differential Power Attack Methodology
- Introduction
- Probable Key Differential Power Analysis
- Initialization of the Attack
- Iterative DoM Test
- Probable Key Extraction
- Key Frequency Analysis
- Probable Key Progression
- Analytical Framework for Optimal Window-Size
- The Probable Key Matrix
- Experimental Results
- Case-Study 1: AES
- Case-Study 2: Masked AES
- A Comparative Study
- Conclusion
- References
- Formal Analysis of the Entropy / Security Trade-off in First-Order Masking Countermeasures against Side-Channel Attacks
- Introduction
- Description of the Rotating Tables Countermeasure
- Rationale
- Modelization
- Information Theoretic Evaluation of the Countermeasure
- Security against CPA and 2O-CPA
- Resistance against First-Order Correlation Attacks
- Resistance against Second-Order Correlation Attacks
- Expression of opt(1,2) as a Function of an Indicator f
- Functions f: F24 F2 That Cancel opt(1,2)
- Functions f: F25 F2 That Cancel opt(1,2)
- Exploring More Solutions Using SAT-Solvers
- Mapping of the Problem into a SAT-Solver
- Existence of Low Hamming Weight Solutions for n=8
- Exploration of Solutions for n=8 and a Fixed Card[J ]
- Conclusions and Perspectives
- References
- Square Always Exponentiation
- Introduction
- Background on Exponentiation on Embedded Devices
- Square-and-Multiply Algorithms
- Side-Channel Analysis on Exponentiation
- Distinguishing Squarings from Multiplications
- Square Always Countermeasure
- Principle
- Atomic Algorithms
- Performance Analysis
- Security Considerations
- Parallelization
- Parallelized Algorithms
- Cost of Parallelized Algorithms
- Practical Results
- Conclusion
- References
- An Enhanced Differential Cache Attack on CLEFIA for Large Cache Lines
- Introduction
- Preliminaries
- The CLEFIA Structure
- Cache Attacks on CLEFIA
- Enhancing the Differential Cache Attack
- Why the Attack in rebeiro:11 Fails for Large Cache Lines?
- The Proposed Differential Cache Attack
- Attacking a Feistel Structure from Cache Traces
- The New Differential Cache Attack against CLEFIA
- Determining RK0 and RK1
- Determining RK2WK0 and RK3WK1
- Determining RK4 and RK5
- Distinguishing between a Cache Hit and Miss
- Effect of Cache Line Size on the Number of Encryptions
- Countermeasures Suited for Large Cache Lines
- Conclusion
- References
- Partial Key Exposure: Generalized Frameworkt o Attack RSA
- Introduction
- Our Contribution
- General Attacks Based on Partial Knowledge of d
- Attacks Using the Partial Knowledge of k
- Attack on ISO/IEC 9796-2
- Conclusion
- References
- Invited Talk 1
- The Yin and Yang Sides of Embedded Security
- Secret-Key Cryptography, Part 1
- Mars Attacks! Revisited:
- Introduction
- Related Work
- Our Contribution
- Notation
- Outline
- Description of MARS
- The Cryptographic Core
- Differential Attack on 12 Core Rounds of MARS
- The Distinguisher
- Subkey Recovery
- Attacking the MARS Key Scheduler
- Analysis of the Attack
- Conclusion
- References
- Linear Cryptanalysis of PRINTcipher - Trails and Samples Everywhere
- Introduction
- A Description of PRINTcipher
- The Key
- The Standard Permutation
- The Key-Dependent Permutation
- Other Notation
- Existing Work on PRINTcipher
- Linear Cryptanalysis
- On the Importance of Finding Many Samples
- Some Initial Observations
- The S-Box
- The Permutation b and the S-box
- A Key Bit Distinguisher
- General Attack Idea
- A Detailed Example
- More Linear Trails on One Round of PRINTcipher
- Guessing Keybits for Partial Encryption and Decryption
- Experimental Results
- Analyzing the Attack Complexity
- Reaching the Limit: 28 Rounds
- On More Rounds of PRINTcipher: Complementary Trails
- More Attacks on 27/28 Rounds
- On False Positives
- Using Complementary Trails to Distinguish on 24-Round Trails
- Samples Are Independent (Enough)
- Partial Encryption and Decryption for 29 Rounds
- Conclusion
- References
- Practical Attack on 8 Rounds of the Lightweight Block Cipher KLEIN
- Introduction
- Brief Description of KLEIN
- A Collection of Differential Characteristics
- Observations
- The Collection of Characteristics
- Comparison with the Lower Bounds
- Attacking KLEIN
- Finding and Exploiting Neutral Bits
- Distinguisher for 7 Rounds
- Distinguisher for 8 Rounds
- Key-Recovery for 7 Rounds
- Key-Recovery for 8 Rounds
- Experimental Verification
- Conclusion
- References
- On Related-Key Attacks and KASUMI: The Case of A5/3
- Introduction
- MISTY and KASUMI
- Related-key Attacks and KASUMI
- Related-key Attacks and A5/3
- Existing Related-key Attacks
- Revised Related-key Attacks
- Implications and Observations
- Conclusion
- References
- Invited Talk 2
- Cryptology: Where Is the New Frontier?
- Secret-Key Cryptography, Part 2
- Analysis of the Parallel Distinguished Point Tradeoff
- Introduction
- Preliminaries
- Parallel DP
- Complexity of the pD Tradeoff
- Experiment Results
- Comparison of Tradeoff Algorithms
- pD versus DP
- pD versus Rainbow
- Conclusion
- References
- On the Evolution of GGHN Cipher
- Introduction
- Organization of the Paper
- Short Cycles in GGHN(n, m)
- Evolution of a Randomized Variant of GGHN Cipher
- Towards Estimating the Actual GGHN PRGA
- Conclusion
- References
- HiPAcc-LTE: An Integrated High Performance Accelerator for 3GPP LTE Stream Ciphers
- Introduction
- Preliminaries
- Brief Overview of SNOW 3G and ZUC
- SNOW 3G and ZUC: Similarities and Dissimilarities in Design
- Integration of SNOW 3G and ZUC
- Integrating the Main LFSR
- Integrating the FSM
- Integrating the LFSR Update Function
- Final Design of the Pipeline
- ASIC Implementation of the Integrated Hardware
- Critical Path
- Performance Results
- Comparison with Existing Designs
- Fault Detection and Protection in HiPAcc-LTE
- Conclusion
- References
- Addressing Flaws in RFID Authentication Protocols
- Introduction
- Related Works
- Privacy Works
- O-FRAP and O-RAP Protocols
- Song-Mitchell's Protocols
- Privacy Model
- Ouafi-Phan Model
- The O-FRAP+ Protocol
- Review O-FRAP+
- Our Attacks on O-FRAP+
- The SMP Protocol
- Review SMP
- Our Attacks on SMP
- The HRAP Protocol
- Review HRAP
- Our Attacks on HRAP
- The Improved HRAP Protocol
- HRAP's Defects
- Procedure of the Improved HRAP
- Security and Privacy Analysis
- Conclusion
- References
- Hash Functions
- Practical Analysis of Reduced-Round Keccak
- Introduction
- Keccak Description and Notations
- Differential Distinguisher
- Searching Differential Paths
- Conditional Differentials and Free Bits
- Best Differential Paths
- Distinguisher on 4 Rounds of the Hash Function
- Implementation of the Distinguisher
- Near-Collisions for 3 Rounds on the 256-bit Hash Function
- Hash Function Collisions on 2 Rounds
- Practical (Second) Preimages on 2 Rounds of the 256-bit Hash Function
- Main Scheme
- Finding Partial Solutions
- Matching 48 Slices with 16 Slices
- Implementation Remarks
- Dealing with the Padding
- Conclusion
- References
- Boomerang Distinguisher for the SIMD-512 Compression Function
- Introduction
- Related Work
- Higher-Order Differentials and Hash Function
- Description of SIMD
- SIMD Step Function
- Application on SIMD-512
- Searching for Characteristics
- Independency of the Characteristics
- Complexity of the Attack
- Extending the Attack to the Compression Function
- Distinguisher for the Compression Function
- Complexity of the Attack
- Conclusions and Discussion
- References
- Lightweight Implementations of SHA-3 Candidates on FPGAs
- Introduction and Motivation
- Methodology
- Assumptions and Goals
- Tools and Result Generation
- Interface and Protocol
- Area Minimization Techniques
- Performance Metrics
- Implementations
- BLAKE
- Grøstl
- JH
- Keccak
- Skein
- Results and Conclusions
- Implementation Results
- Comparison with Other Reported Results
- Conclusions
- References
- Pairings
- Publicly Verifiable Secret Sharing for Cloud-Based Key Management
- Introduction
- Preliminaries
- Definitions
- Access Trees
- Cryptographic Assumptions
- An Efficient Scheme without Random Oracles
- System Implementation
- Security Proof for Our Construction
- References
- On Constructing Families of Pairing-Friendly Elliptic Curves with Variable Discriminant
- Introduction
- Constructing Complete Families with Variable Discriminant
- Constructing Sparse Families
- Conclusion
- References
- Attractive Subfamilies of BLS Curves for Implementing High-Security Pairings
- Introduction
- Background
- Particularly Friendly Subfamilies
- Using the Four Classes x0 7,16,31,64 8mu(mod6mu72)
- The Other Congruency Classes
- Choosing Simple Lines: Twisting vs. Untwisting
- The Final Exponentiation
- Example Curves
- References
- Invited Talk 3
- Stone Knives and Bear Skins: Why Does the Internet Run on Pre-historic Cryptography?
- Protocols
- The Limits of Common Coins: Further Results
- Introduction
- Outline
- Preliminaries
- Our Results
- Proofs
- Proof of [thm:main]Theorem 1
- Proof of [thm:generalized]Theorem 3
- Conclusions and Open Problems
- References
- Secure Message Transmission in Asynchronous Directed Graphs
- Introduction
- Related Work
- A Motivating Example
- Organization and Our Contribution
- Model and Definitions
- Characterizing Asynchronous Networks for Las Vegas (0, )-SMT
- Sufficiency
- Necessity
- Las Vegas (0, )-SMT and PSMT
- All Pairs PSMT
- Characterizing Asynchronous Networks for Monte Carlo (0, )-SMT
- References
- Towards a Provably Secure DoS-Resilient Key Exchange Protocol with Perfect Forward Secrecy
- Introduction
- Just Fast Keying Protocol and Its DOS Vulnerabilities
- Smith et al.'s Analysis of JFK in Meadows Framework
- A New DoS Vulnerability in JFK
- Cost Calculations
- Basic Security of the JFK Protocol
- Resisting Other Type of DoS Attacks in JFK
- BPV-JFK
- BPV Generator
- The BPV-JFK Protocol and Its Security Analysis
- Efficiency Comparison and Parameter Sizes
- On the Security of JFK
- Cost Calculations for BPV-JFK
- Analysing the BPV-JFK Protocol in the Stebila et al. Model
- Conclusion and Future Work
- References
- Tutorial 3
- Software Optimizations for Cryptographic Primitives on General Purpose x86 64 Platforms
- The Tutorial-Introduction
- References
- Author Index
