Lecture Notes in Computer Science 6223 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen
Editorial Board David Hutchison Lancaster University, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Alfred Kobsa University of California, Irvine, CA, USA Friedemann Mattern ETH Zurich, Switzerland John C. Mitchell Stanford University, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel Oscar Nierstrasz University of Bern, Switzerland C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Germany Madhu Sudan Microsoft Research, Cambridge, MA, USA Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max-Planck Institute of Computer Science, Saarbruecken, Germany Tal Rabin (Ed.)
Advances in Cryptology – CRYPTO 2010
30th Annual Cryptology Conference Santa Barbara, CA, USA, August 15-19, 2010 Proceedings
13 Volume Editor
Tal Rabin IBM T.J.Watson Research Center Hawthorne, NY, USA E-mail: [email protected]
Library of Congress Control Number: 2010931385
CR Subject Classification (1998): E.3, G.2.1, F.2.1-2, D.4.6, K.6.5, C.2, J.1
LNCS Sublibrary: SL 4 – Security and Cryptology
ISSN 0302-9743 ISBN-10 3-642-14622-8 Springer Berlin Heidelberg New York ISBN-13 978-3-642-14622-0 Springer Berlin Heidelberg New York
This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. springer.com © International Association for Cryptologic Research 2010 Printed in Germany Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, India Printed on acid-free paper 06/3180 Preface
CRYPTO 2010, the 30th Annual International Cryptology Conference, was spon- sored by the International Association for Cryptologic Research (IACR) in co- operation with the IEEE Computer Society Technical Committee on Security and Privacy and the Computer Science Department of the University of Cal- ifornia at Santa Barbara. The conference was held in Santa Barbara, Califor- nia, during August 15-19, 2010, in conjunction with CHES 2010 (Workshop on Cryptographic Hardware and Embedded Systems). Zulfikar Ramzan served as the General Chair. The conference received 203 submissions. The quality of the submissions was very high, and the selection process was a challenging one. The Program Com- mittee, aided by a 159 external reviewers, reviewed the submissions and after an intensive review period the committee accepted 41 of these submissions. Three submissions were merged into a single paper and two papers were merged into a single talk, yielding a total of 39 papers in the proceedings and 38 presenta- tions at the conference. The revised versions of the 39 papers appearing in the proceedings were not subject to editorial review and the authors bear full re- sponsibility for their contents. The best-paper award was awarded to the paper “Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness” by Craig Gentry. The conference featured two invited presentations. This year we celebrated 25 years from the publication of the ground-breaking work of Shafi Goldwasser, Silvio Micali and Charles Rackoff “The Knowledge Complexity of Interactive Proof-Systems.” We had the privilege of having “GMR” give the first invited talk of the conference. The second invited talk was in a joint session with CHES. The topic was “Is Theoretical Cryptography Any Good in Practice?” and the talk was jointly given by Ivan Damg˚ard and Markus Kuhn. The program also included a Rump Session, chaired by Daniel J. Bernstein and Tanja Lange, featuring short informal talks on new and in-progress results. I am in debt to the many people who contributed to the success of the conference, and I apologize to those I have forgotten. First and foremost I thank the authors who submitted their papers; a conference is only as good as the submissions that it receives. The Program Committee members made a great effort contributing their time, knowledge, expertise and taste and for that I am grateful. I also thank the large number of external reviewers who assisted in the process. (The Program Committee and sub-reviewers are listed in the following pages.) The submission and review process used the software that Shai Halevi designed and I received a lot of help from him in running it. And always, I want to thank my friends at IBM Research, Rosario Gennaro, Craig Gentry, Shai Halevi, Charanjit Jutla, Hugo Krawczyk and Vinod Vaikun- tanathan – being part of this group makes everything so much more worthwhile.
June 2010 Tal Rabin CRYPTO 2010
The 30th International Cryptology Conference
August 15–19, 2010, Santa Barbara, California, USA Sponsored by the International Association for Cryptologic Research (IACR) in cooperation with IEEE Computer Society Technical Committee on Security and Privacy, Computer Science Department, University of California, Santa Barbara
General Chair
Zulfikar Ramzan Symantec
Program Chair
Tal Rabin IBM Research
Program Committee
Michel Abdalla ENS, France Adi Akavia Weizmann Institute, Israel Amos Beimel Ben-Gurion University, Israel Xavier Boyen Universit´edeLi`ege, Belgium Christian Cachin IBM Research, Zurich, Switzerland Serge Fehr CWI, The Netherlands Johan H˚astad Royal Institute of Technology, Sweden Carmit Hazay Weizmann Institute and IDC Herzelia, Israel Susan Hohenberger Johns Hopkins, USA Thomas Holenstein ETH, Switzerland Yael Tauman Kalai Microsoft Research - New England, USA John Kelsey NIST, USA Eike Kiltz CWI, The Netherlands Eyal Kushilevitz Technion, Israel Tanja Lange Technische Universiteit Eindhoven, The Netherlands Yehuda Lindell Bar-Ilan University, Israel Ilya Mironov Microsoft Research, USA Tal Moran Harvard, USA VIII Organization
Jesper Buus Nielsen University of Aarhus, Denmark Eiji Okamoto University of Tsukuba, Japan Pascal Paillier Gemalto, France Rafael Pass Cornell University, USA Giuseppe Persiano University of Salerno, Italy Thomas Peyrin Ingenico, France Leonid Reyzin Boston University, USA Matt Robshaw Orange Labs, France Palash Sarkar Indian Statistical Institute, India abhi shelat University of Virginia, USA Vinod Vaikuntanathan IBM Research, USA Brent Waters University of Texas, Austin, USA Hoeteck Wee Queens College, CUNY, USA Andrew Yao Tsinghua University, China
Advisory Members
Shai Halevi (CRYPTO 2009 Program Chair) - IBM Research Phil Rogaway (CRYPTO 2011 Program Chair) - University of California, Davis
External Reviewers
Divesh Aggarwal Anne Canteaut Maria Dubovitskaya Shweta Agrawal Claude Carlet Leo Ducas Jae Hyun Ahn David Cash Dejan Dukaric Joel Alwen Nishanth Chandran Orr Dunkeman Benny Applebaum Donghoon Chang Sebastian Faust Gilad Asharov Melissa Chase Matthias Fitzi Aslan Askarov Sanjit Chatterjee Manuel Forster Jean-Philippe Aumasson Lily Chen Pierre-Alain Fouque Roberto M. Avanzi Victor Chen David Freeman Steve Babbage Nathan Chenette Georg Fuchsbauer Daniel J. Bernstein Cline Chevalier Thomas Fuhr Luk Bettale Christophe Clavier Benjamin Fuller Rishiraj Bhattacharyya Jean-S´ebastien Coron Steven Galbraith Sanjay Bhattacherjee Scott Coull Clemente Galdi Niek Bouman Giovanni Di Crescenzo Sharon Goldberg Elette Boyle Dana Dachman-Soled Prasant Gopal Zvika Brakerski M. Prem Laxman Das Dov Gordon Eric Brier Blandine Debraize Louis Goubin Dan Brown C´ecile Delerable Aline Gouget Jan Camenisch Yevgeniy Dodis Vipul Goyal Sbastien Canard Chandan Dubey Matthew Green Ran Canetti Renaud Dubois Iftach Haitner Organization IX
Mike Hamburg Gregory Neven Gil Segev Nadia Heninger Phong Nguyen Yannick Seurin Javier Herranz Mats N¨aslund Igor Shparlinski Martin Hirt Adam O’Neill Francesco Sica Dennis Hofheinz Eran Omri Martijn Stam Esther H¨anggi Claudio Orlandi John Steinberger Vincenzo Iovino Ilan Orlov Henning Stichtenoth Yuval Ishai Duong Hieu Phan Kunal Talwar Abhishek Jain Omkant Pandey Christophe Tartary Otto Johnston Periklis B¨ojrn Terelius Antoine Joux Papakonstantinou Stefano Tessaro Charanjit Jutla Bryan Parno Emmanuel Thom´e Seny Kamara Anat Paskin Mehdi Tibouchi Bhavana Kanukurthi Souradyuti Paul Tomas Toft Alexandre Karlov Chris Peikert Luca Trevisan Dmitry Khovratovich Ray Perlner Wei-lung (Dustin) Tseng Hugo Krawczyk Ludovic Perret Meltem Turan Gunnar Kreitz Christiane Peters Dominique Unruh Robin K¨unzler Krzysztof Pietrzak Muthuramakrishnan Allison Lewko David Pointcheval Venkitasubramaniam Huijia Rachel Lin Stefan Popoveniuc Damien Vergnaud Carolin Lunemann Emmanuel Prouff Ivan Visconti Vadim Lyubashevsky Elizabeth Quaglia Bogdan Warinschi Subhamoy Maitra Somindu C. Ramanna Stephanie Wehner Willi Meier Dominik Raub Daniel Wichs Alfred Menezes Christian Rechberger Douglas Wikstr¨om Daniele Micciancio Andrew Regenscheid Severin Winkler Steve Miller Matthieu Rivain Christopher Wolf Hart Montgomery Yannis Rouselakis Bo-Yin Yang Jorge Nakahara Andrea R¨ock Shona Yu Mridul Nandi Subhabrata Samajder Hila Zarosim Table of Contents
Leakage
Circular and Leakage Resilient Public-Key Encryption under Subgroup Indistinguishability (or: Quadratic Residuosity Strikes Back) ...... 1 Zvika Brakerski and Shafi Goldwasser
Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks ...... 21 Yevgeniy Dodis and Krzysztof Pietrzak
Protecting Cryptographic Keys against Continual Leakage ...... 41 Ali Juma and Yevgeniy Vahlis
Securing Computation against Continuous Leakage ...... 59 Shafi Goldwasser and Guy N. Rothblum
Lattice
An Efficient and Parallel Gaussian Sampler for Lattices ...... 80 Chris Peikert
Lattice Basis Delegation in Fixed Dimension and Shorter-Ciphertext Hierarchical IBE ...... 98 Shweta Agrawal, Dan Boneh, and Xavier Boyen
Homomorphic Encryption
Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness...... 116 Craig Gentry
Additively Homomorphic Encryption with d-Operand Multiplications ... 138 Carlos Aguilar Melchor, Philippe Gaborit, and Javier Herranz i-Hop Homomorphic Encryption and Rerandomizable Yao Circuits ..... 155 Craig Gentry, Shai Halevi, and Vinod Vaikuntanathan
Theory and Applications
Interactive Locking, Zero-Knowledge PCPs, and Unconditional Cryptography ...... 173 Vipul Goyal, Yuval Ishai, Mohammad Mahmoody, and Amit Sahai XII Table of Contents
Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption ...... 191 Tatsuaki Okamoto and Katsuyuki Takashima
Structure-Preserving Signatures and Commitments to Group Elements...... 209 Masayuki Abe, Georg Fuchsbauer, Jens Groth, Kristiyan Haralambiev, and Miyako Ohkubo
Efficient Indifferentiable Hashing into Ordinary Elliptic Curves ...... 237 Eric Brier, Jean-S´ebastien Coron, Thomas Icart, David Madore, Hugues Randriam, and Mehdi Tibouchi
Key Exchange, OAEP/RSA, CCA
Credential Authenticated Identification and Key Exchange ...... 255 Jan Camenisch, Nathalie Casati, Thomas Gross, and Victor Shoup
Password-Authenticated Session-Key Generation on the Internet in the Plain Model ...... 277 Vipul Goyal, Abhishek Jain, and Rafail Ostrovsky
Instantiability of RSA-OAEP under Chosen-Plaintext Attack ...... 295 Eike Kiltz, Adam O’Neill, and Adam Smith
Efficient Chosen-Ciphertext Security via Extractable Hash Proofs ...... 314 Hoeteck Wee
Attacks
Factorization of a 768-Bit RSA Modulus ...... 333 Thorsten Kleinjung, Kazumaro Aoki, Jens Franke, ArjenK.Lenstra,EmmanuelThom´e, Joppe W. Bos, Pierrick Gaudry, Alexander Kruppa, Peter L. Montgomery, DagArneOsvik,HermanteRiele,AndreyTimofeev,and Paul Zimmermann
Correcting Errors in RSA Private Keys ...... 351 Wilko Henecka, Alexander May, and Alexander Meurer
Improved Differential Attacks for ECHO and Grøstl ...... 370 Thomas Peyrin
A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony ...... 393 Orr Dunkelman, Nathan Keller, and Adi Shamir Table of Contents XIII
Composition
Universally Composable Incoercibility ...... 411 Dominque Unruh and J¨orn M¨uller-Quade
Concurrent Non-Malleable Zero Knowledge Proofs ...... 429 Huijia Lin, Rafael Pass, Wei-Lung Dustin Tseng, and Muthuramakrishnan Venkitasubramaniam
Equivalence of Uniform Key Agreement and Composition Insecurity .... 447 Chongwon Cho, Chen-Kuei Lee, and Rafail Ostrovsky
Computation Delegation and Obfuscation
Non-Interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers ...... 465 Rosario Gennaro, Craig Gentry, and Bryan Parno
Improved Delegation of Computation Using Fully Homomorphic Encryption ...... 483 Kai-Min Chung, Yael Kalai, and Salil Vadhan
Oblivious RAM Revisited ...... 502 Benny Pinkas and Tzachy Reinman
On Strong Simulation and Composable Point Obfuscation ...... 520 Nir Bitansky and Ran Canetti
Multiparty Computation
Protocols for Multiparty Coin Toss with Dishonest Majority ...... 538 Amos Beimel, Eran Omri, and Ilan Orlov
Multiparty Computation for Dishonest Majority: From Passive to Active Security at Low Cost ...... 558 Ivan Damg˚ard and Claudio Orlandi
Secure Multiparty Computation with Minimal Interaction ...... 577 Yuval Ishai, Eyal Kushilevitz, and Anat Paskin-Cherniavsky
A Zero-One Law for Cryptographic Complexity with Respect to Computational UC Security ...... 595 Hemanta K. Maji, Manoj Prabhakaran, and Mike Rosulek
Pseudorandomness
On Generalized Feistel Networks ...... 613 Viet Tung Hoang and Phillip Rogaway XIV Table of Contents
Cryptographic Extraction and Key Derivation: The HKDF Scheme ..... 631 Hugo Krawczyk
Time Space Tradeoffs for Attacks against One-Way Functions and PRGs ...... 649 Anindya De, Luca Trevisan, and Madhur Tulsiani
Pseudorandom Functions and Permutations Provably Secure against Related-Key Attacks ...... 666 Mihir Bellare and David Cash
Quantum
Secure Two-Party Quantum Evaluation of Unitaries against Specious Adversaries ...... 685 Fr´ed´eric Dupuis, Jesper Buus Nielsen, and Louis Salvail
On the Efficiency of Classical and Quantum Oblivious Transfer Reductions ...... 707 Severin Winkler and J¨urg Wullschleger
Sampling in a Quantum Population, and Applications ...... 724 Niek J. Bouman and Serge Fehr
Author Index ...... 743