Josh Benaloh (Ed.) 6 6 Topics in Cryptology – 3 8 S C CT-RSA 2014 N L The Cryptographer's Track at the RSA Conference 2014 San Francisco, CA, USA, February 25-28, 2014 Proceedings 123 Lecture Notes in Computer Science 8366 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen TUDortmundUniversity,Germany MadhuSudan MicrosoftResearch,Cambridge,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum MaxPlanckInstituteforInformatics,Saarbruecken,Germany Josh Benaloh (Ed.) Topics in Cryptology – CT-RSA 2014 TheCryptographer’sTrackattheRSAConference2014 San Francisco, CA, USA, February 25-28, 2014 Proceedings 1 3 VolumeEditor JoshBenaloh MicrosoftResearch Redmond,WA,USA E-mail:[email protected] ISSN0302-9743 e-ISSN1611-3349 ISBN978-3-319-04851-2 e-ISBN978-3-319-04852-9 DOI10.1007/978-3-319-04852-9 SpringerChamHeidelbergNewYorkDordrechtLondon LibraryofCongressControlNumber:2014930761 LNCSSublibrary:SL4–SecurityandCryptology ©SpringerInternationalPublishingSwitzerland2014 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnection withreviewsorscholarlyanalysisormaterialsuppliedspecificallyforthepurposeofbeingenteredand executedonacomputersystem,forexclusiveusebythepurchaserofthework.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheCopyrightLawofthePublisher’slocation, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Permissionsforuse maybeobtainedthroughRightsLinkattheCopyrightClearanceCenter.Violationsareliabletoprosecution undertherespectiveCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Whiletheadviceandinformationinthisbookarebelievedtobetrueandaccurateatthedateofpublication, neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityforanyerrorsor omissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,withrespecttothe materialcontainedherein. Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface The RSA conference has been a major international event for information security experts since its inception in 1991. It is an annual event that attracts hundreds of vendors and thousands of participants from industry, government, andacademia.Since2001,theRSAconferencehasincludedtheCryptographers’ Track (CT-RSA), which provides a forum for current research in cryptography. CT-RSA has become a major publication venue for cryptographers. This volume represents the proceedings of the 2014 RSA Conference Cryp- tographers’ Track which was held in San Francisco, California, February 25–28, 2014. A total of 66 submissions were received out of which 25 papers were se- lected. As Chair of the ProgramCommittee, I heartily thank all of the authors whocontributedtheir innovativeideas andall ofthe ProgramCommittee mem- bersandtheirdesignatedassistantswhocarefullyreviewedthesubmissions.The evaluation process was thorough with each submission receiving at least three independent reviews (four if the submitted paper included a ProgramCommit- tee member as an author) and extensive discussion to complete the selection process. Antione Joux of the University of Versailles delivered an invited address on Discrete Logarithms: Recent Progress (and Open Problems) and Bart Preneel moderated a panel discussion on pseudo-random number generators featuring Dan Boneh, Paul Kocher, Adi Shamir, and Dan Shumow. December 2013 Josh Benaloh Organization TheRSACryptographers’Trackisanindependentlymanagedcomponentofthe annual RSA Conference. Steering Committee Josh Benaloh Microsoft Research, USA Ed Dawson QueenslandUniversityofTechnology,Australia Orr Dunkelman University of Haifa, Israel Ari Juels Roving Chief Scientist, USA Ron Rivest Massachusetts Institute of Technology, USA Moti Yung Google, USA Program Chair Josh Benaloh Microsoft Research, USA Program Committee Josh Benaloh (Chair) Microsoft Research, USA Tom Berson Anagram Laboratories, USA Alex Biryukov University of Luxembourg, Luxembourg John Black University of Colorado, USA Xavier Boyen QueenslandUniversityofTechnology,Australia Christian Cachin IBM Research, Switzerland Orr Dunkelman University of Haifa, Israel Steven D. Galbraith University of Auckland, New Zealand Jens Groth University College London, UK Helena Handschuh Cryptography Research, Inc., USA Marc Joye Technicolor, France John Kelsey National Institute of Standards and Technology, USA Kwangjo Kim Korea Advanced Institute of Science and Technology, South Korea Lars Knudsen Technical University of Denmark, Denmark Alptekin Ku¨pc¸u¨ Koc¸ University, Turkey Susan Langford Hewlett-Packard, USA Anna Lysyanskaya Brown University, USA VIII Organization Mitsuru Matsui Mitsubishi Electric, Japan Sarah Meiklejohn University of California, San Diego, USA Daniele Micciancio University of California, San Diego, USA Tal Moran Interdisciplinary Center Herzliya, Israel Bart Preneel KU Leuven, Belgium Christian Rechberger Technical University of Denmark, Denmark Matt Robshaw Impinj, USA Rei Safavi-Naini University of Calgary, Canada Nigel Smart University of Bristol, UK Vanessa Teague University of Melbourne, Australia Eran Tromer Tel Aviv University, Israel Serge Vaudenay E´cole Polytechnique F´ed´eralede Lausanne, Switzerland Hoeteck Wee George Washington University, USA Yiqun Lisa Yin Independent Security Consultant, USA External Reviewers Hadi Ahmadi Sebastian Faust Pandu Rangan Toru Akishita Benedikt Gierlichs Reza Reyhanitabar Martin Albrecht Aurore Guillevic Arnab Roy Mohsen Alimomeni Mhavir Jhawar Minoru Saeki Giuseppe Ateniese Seny Kamara Sumanta Sarkar Shi Bai Mohamed Karroumi Sven Sch¨age Sonia Bogos Dmitry Khovratovich Siamak Shahandashti Pyrros Chaidos Handan Kln¸c Kouichi Shimizu Jie Chen Mark Marson Tom Shrimpton Sherman Chow Bart Mennink Daniel Smith Craig Costello Gregory Neven Mario Strefler Claus Diem Claudio Orlandi Takeshi Sugawara Patrick Derbez Ilan Orlov Daisuke Suzuki Alexandre Duc Ray Perlner Liangfeng Zhang Leo Ducas Leo Perrin Mohammad Etemad Emmanuel Prouff Table of Contents Non-integral Asymmetric Functions Efficient and Secure Algorithms for GLV-Based Scalar Multiplication and Their Implementation on GLV-GLS Curves......... 1 Armando Faz-Hern´andez, Patrick Longa, and Ana H. S´anchez An ImprovedCompressionTechnique for Signatures Based on Learning with Errors ..................................................... 28 Shi Bai and Steven D. Galbraith Public-Key Encryption A Generic View on Trace-and-RevokeBroadcast Encryption Schemes... 48 Dennis Hofheinz and Christoph Striecks BroadcastSteganography ......................................... 64 Nelly Fazio, Antonio R. Nicolosi, and Irippuge Milinda Perera Practical Dual-Receiver Encryption: Soundness, Complete Non-malleability, and Applications ................................. 85 Sherman S.M. Chow, Matthew Franklin, and Haibin Zhang Hardware Implementations Attacking PUF-Based Pattern Matching Key Generators via Helper Data Manipulation............................................... 106 Jeroen Delvaux and Ingrid Verbauwhede On Increasing the Throughput of Stream Ciphers .................... 132 Frederik Armknecht and Vasily Mikhalev On Double Exponentiation for Securing RSA against Fault Analysis.... 152 Duc-Phong Le, Matthieu Rivain, and Chik How Tan Side-Channel Attacks On the Practical Security of a Leakage Resilient Masking Scheme ...... 169 Emmanuel Prouff, Matthieu Rivain, and Thomas Roche The Myth of Generic DPA... and the Magic of Learning............... 183 Carolyn Whitnall, Elisabeth Oswald, and Fran¸cois-Xavier Standaert X Table of Contents Hardware Implementation and Side-Channel Analysis of Lapin ........ 206 Lubos Gaspar, Ga¨etan Leurent, and Fran¸cois-Xavier Standaert Symmetric Encryption and Cryptanalysis Automatic Search for Differential Trails in ARX Ciphers.............. 227 Alex Biryukov and Vesselin Velichkov CBEAM: Efficient Authenticated Encryption from Feebly One-Way φ Functions ....................................................... 251 Markku-Juhani O. Saarinen Beyond Modes: Building a Secure Record Protocol from a Cryptographic Sponge Permutation ................................ 270 Markku-Juhani O. Saarinen Digital Signatures Group Signatures with Message-Dependent Opening in the Standard Model .......................................................... 286 Benoˆıt Libert and Marc Joye Practical Distributed Signatures in the Standard Model............... 307 Yujue Wang, Duncan S. Wong, Qianhong Wu, Sherman S.M. Chow, Bo Qin, and Jianwei Liu Decentralized Traceable Attribute-Based Signatures .................. 327 Ali El Kaafarani, Essam Ghadafi, and Dalia Khader Protocols Rethinking Verifiably Encrypted Signatures: A Gap in Functionality and Potential Solutions............................... 349 Theresa Calderon, Sarah Meiklejohn, Hovav Shacham, and Brent Waters P2OFE: Privacy-Preserving Optimistic Fair Exchange of Digital Signatures ...................................................... 367 Qiong Huang, Duncan S. Wong, and Willy Susilo 2-Pass Key Exchange Protocols from CPA-Secure KEM............... 385 Kaoru Kurosawa and Jun Furukawa Hash Function Cryptanalysis Analysis of BLAKE2 .............................................. 402 Jian Guo, Pierre Karpman, Ivica Nikoli´c, Lei Wang, and Shuang Wu Table of Contents XI An Automated Evaluation Tool for Improved Rebound Attack: New Distinguishers and Proposals of ShiftBytes Parameters for Grφstl.......................................................... 424 Yu Sasaki, Yuuki Tokushige, Lei Wang, Mitsugu Iwamoto, and Kazuo Ohta Practical Collision Attack on 40-Step RIPEMD-128 .................. 444 Gaoli Wang Applications of Cryptographic Primitives KDM Security in the Hybrid Framework............................ 461 Gareth T. Davies and Martijn Stam Key Wrapping with a Fixed Permutation ........................... 481 Dmitry Khovratovich Author Index.................................................. 501