Practical Preimages for Maraca

We show a practical preimage attack on the cryptographic hash function Maraca, which was submitted as a candidate to the NIST SHA-3 competition. Our attack has been verified experimentially

On Proactive Verifiable Secret Sharing Schemes

The paper has been presented at the International Conference Pioneers of Bulgarian Mathematics, Dedicated to Nikola Obreshkoff and Lubomir Tschakaloff , Sofia, July, 2006. The material in this paper was presented in part at the 11th Workshop on Selected Areas in Cryptography (SAC) 2004This paper investigates the security of Proactive Secret Sharing Schemes. We first consider the approach of using commitment to 0 in the renewal phase in order to refresh the player's shares and we present two types of attacks in the information theoretic case. Then we prove the conditions for the security of such a proactive scheme. Proactivity can be added also using re-sharing instead of commitment to 0. We investigate this alternative approach too and describe two protocols. We also show that both techniques are not secure against a mobile adversary. To summarize we generalize the existing threshold protocols to protocols for general access structure. Besides this, we propose attacks against the existing proactive verifiable secret sharing schemes, and give modifications of the schemes that resist these attacks

On Distributed Oblivious Transfer

The paper has been presented at the International Conference Pioneers of Bulgarian Mathematics, Dedicated to Nikola Obreshkoff and Lubomir Tschakaloff , Sofia, July, 2006. The material in this paper was presented in part at INDOCRYPT 2002This paper is about unconditionally secure distributed protocols for oblivious transfer, as proposed by Naor and Pinkas and generalized by Blundo et al. In this setting a Sender has ζ secrets and a Receiver is interested in one of them. The Sender distributes the information about the secrets to n servers, and a Receiver must contact a threshold of the servers in order to compute the secret. We present a non-existence result and a lower bound for the existence of one-round, threshold, distributed oblivious transfer protocols, generalizing the results of Blundo et al. A threshold based construction implementing 1-out-of-ζ distributed oblivious transfer achieving this lower bound is described. A condition for existence of distributed oblivious transfer schemes based on general access structures is proven. We also present a general access structure protocol implementing 1-out-of-ζ distributed oblivious transfer

Extended Analysis of DES S-boxes

For more than three decades, the Data Encryption Standard (DES) was one the most widely used cryptographic algorithms. It is still the dominating block cipher for banking applications. The DES was designed by IBM, verified by NSA and published by the National Bureau of Standards as a US Federal Information Processing Standard (FIPS) in 1977. The algorithm itself was fully public but the complete design criteria were only revealed by Coppersmith in 1994. He states that the IBM team was aware of differential cryptanalysis; the DES S-boxes are chosen to satisfy eight design criteria in order to resist this powerful attack. In their 1982 book, Meyer and Matyas state that the DES S-boxes were chosen so that they can be implemented with a minimum number of logic\ud circuits. They mention that for an early design, in which not all of the design criteria are satisfied, the number of minterms varies between 40 and 48. However, for the final design the number of minterms is either 52 or 53, which is the smallest possible number that satisfies all the design criteria. Our research attempts to validate the IBM claims by generating a large number of candidate DES S-boxes satisfying specific criteria and by evaluating their number of minterms

09031 Abstracts Collection -- Symmetric Cryptography

From 11.01.09 to 16.01.09, the Seminar 09031 in ``Symmetric Cryptography \u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

New Techniques for Electronic Voting

This paper presents a novel unifying framework for electronic voting in the universal composability model that includes a property which is new to universal composability but well-known to voting systems: universal verifiability. Additionally, we propose three new techniques for secure electronic voting and prove their security and universal verifiability in the universal composability framework. 1. A tally-hiding voting system, in which the tally that is released consists of only the winner without the vote count. Our proposal builds on a novel solution to the millionaire problem which is of independent interest. 2. A self-tallying vote, in which the tally can be calculated by any observer as soon as the last vote has been cast --- but before this happens, no information about the tally is leaked. 3. Authentication of voting credentials, which is a new approach for electronic voting systems based on anonymous credentials. In this approach, the vote authenticates the credential so that it cannot afterwards be used for any other purpose but to cast that vote. We propose a practical voting system that instantiates this high-level concept

Efficient Pipelining for Modular Multiplication Architectures in Prime Fields

This paper presents a pipelined architecture of a modular Montgomery multiplier, which is suitable to be used in public key coprocessors. Starting from a baseline implementation of the Montgomery algorithm, a more compact pipelined version is derived. The design makes use of 16bit integer multiplication blocks that are available on recently manufactured FPGAs. The critical path is optimized by omitting the exact computation of intermediate results in the Montgomery algorithm using a 6-2 carry-save notation. This results in a high-speed architecture, which outperforms previously designed Montgomery multipliers. Because a very popular application of Montgomery multiplication is public key cryptography, we compare our implementation to the state-of-the-art in Montgomery multipliers on the basis of performance results for 1024-bit RSA