Fooling primality tests on smartcards

We analyse whether the smartcards of the JavaCard platform correctly validate primality of domain parameters. The work is inspired by the paper Prime and prejudice: primality testing under adversarial conditions, where the authors analysed many open-source libraries and constructed pseudoprimes fooling the primality testing functions. However, in the case of smartcards, often there is no way to invoke the primality test directly, so we trigger it by replacing (EC)DSA and (EC)DH prime domain parameters by adversarial composites. Such a replacement results in vulnerability to Pohlig-Hellman style attacks, leading to private key recovery. Out of nine smartcards (produced by five major manufacturers) we tested, all but one have no primality test in parameter validation. As the JavaCard platform provides no public primality testing API, the problem cannot be fixed by an extra parameter check, %an additional check before the parameters are passed to existing (EC)DSA and (EC)DH functions, making it difficult to mitigate in already deployed smartcards

Single-shot security for one-time memories in the isolated qubits model

One-time memories (OTM's) are simple, tamper-resistant cryptographic devices, which can be used to implement sophisticated functionalities such as one-time programs. Can one construct OTM's whose security follows from some physical principle? This is not possible in a fully-classical world, or in a fully-quantum world, but there is evidence that OTM's can be built using "isolated qubits" -- qubits that cannot be entangled, but can be accessed using adaptive sequences of single-qubit measurements. Here we present new constructions for OTM's using isolated qubits, which improve on previous work in several respects: they achieve a stronger "single-shot" security guarantee, which is stated in terms of the (smoothed) min-entropy; they are proven secure against adversaries who can perform arbitrary local operations and classical communication (LOCC); and they are efficiently implementable. These results use Wiesner's idea of conjugate coding, combined with error-correcting codes that approach the capacity of the q-ary symmetric channel, and a high-order entropic uncertainty relation, which was originally developed for cryptography in the bounded quantum storage model.Comment: v2: to appear in CRYPTO 2014. 21 pages, 3 figure

DNA origami-based single-molecule forcespectroscopy elucidates RNA Polymerase IIIpre-initiation complex stability

The TATA-binding protein (TBP) and a transcription factor (TF) IIB-like factor are important constituents of all eukaryotic initiation complexes. The reason for the emergence and strict requirement of the additional initiation factor Bdp1 in the RNA polymerase (RNAP) III system, however, remained elusive. A poorly studied aspect in this context is the effect of DNA strain arising from DNA compaction and transcriptional activity on initiation complex formation. We made use of a DNA origami-based force clamp to follow the assembly of human initiation complexes in the RNAP II and RNAP III systems at the single-molecule level under piconewton forces. We demonstrate that TBP-DNA complexes are force-sensitive and TFIIB is sufficient to stabilise TBP on a strained promoter. In contrast, Bdp1 is the pivotal component that ensures stable anchoring of initiation factors, and thus the polymerase itself, in the RNAP III system. Thereby, we offer an explanation for the crucial role of Bdp1 for the high transcriptional output of RNAP III

Compressed Pairings

Pairing-based cryptosystems rely on bilinear non-degenerate maps called pairings, such as the Tate and Weil pairings defined over certain elliptic curve groups. In this paper we show how to compress pairing values, how to couple this technique with that of point compression, and how to benefit from the compressed representation to speed up exponentiations involving pairing values, as required in many pairing based protocols

Efficient fuzzy matching and intersection on private datasets

At Eurocrypt’04, Freedman, Nissim and Pinkas introduced a fuzzy private matching problem. The problem is defined as follows. Given two parties, each of them having a set of vectors where each vector has T integer components, the fuzzy private matching is to securely test if each vector of one set matches any vector of another set for at least t components where t < T. In the conclusion of their paper, they asked whether it was possible to design a fuzzy private matching protocol without incurring a communication complexity with the factor (T t ) . We answer their question in the affirmative by presenting a protocol based on homomorphic encryption, combined with the novel notion of a share-hiding error-correcting secret sharing scheme, which we show how to implement with efficient decoding using interleaved Reed-Solomon codes. This scheme may be of independent interest. Our protocol is provably secure against passive adversaries, and has better efficiency than previous protocols for certain parameter values

LILI Keystream Generator

A family of keystream generators, called the LILI keystream generators, is proposed for use in stream cipher applications and the security of these generators is investigated with respect to currently known attacks. The design is simple and scalable, based on two binary linear feedback shift registers combined in a simple way, using both irregular clocking and nonlinear functions. The design provides the basic security requirements such as a long period and high linear complexity, and is resistant to known cryptanalytic attacks