Lecture Notes in Computer Science 3897 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Switzerland John C. Mitchell Stanford University, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel Oscar Nierstrasz University of Bern, Switzerland C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen University of Dortmund, Germany Madhu Sudan Massachusetts Institute of Technology, MA, USA Demetri Terzopoulos New York University, NY, USA Doug Tygar University of California, Berkeley, CA, USA Moshe Y. Vardi Rice University, Houston, TX, USA Gerhard Weikum Max-Planck Institute of Computer Science, Saarbruecken, Germany
Bart Preneel Stafford Tavares (Eds.) Selected Areas in Cryptography 12th International Workshop, SAC 2005 Kingston, ON, Canada, August 11-12, 2005 Revised Selected Papers 13
Volume Editors Bart Preneel Katholieke Universiteit Leuven Department of Electrical Engineering-ESAT Kasteelpark Arenberg 10, 3001 Leuven-Heverlee, Belgium E-mail: Bart.Preneel@esat.kuleuven.be Stafford Tavares Queen s University Kingston Department of Electrical and Computer Engineering Kingston, Ontario, K7L 3N6, Canada E-mail: stafford.tavares@queensu.ca Library of Congress Control Number: 2006922554 CR Subject Classification (1998): E.3, D.4.6, K.6.5, F.2.1-2, C.2, H.4.3 LNCS Sublibrary: SL 4 Security and Cryptology ISSN 0302-9743 ISBN-10 3-540-33108-5 Springer Berlin Heidelberg New York ISBN-13 978-3-540-33108-7 Springer Berlin Heidelberg New York This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. Springer is a part of Springer Science+Business Media springer.com Springer-Verlag Berlin Heidelberg 2006 Printed in Germany Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, India Printed on acid-free paper SPIN: 11693383 06/3142 543210
Preface SAC 2005 was the 12th in a series of annual workshops on Selected Areas in Cryptography. This was the 5th time the workshop was hosted by Queen s University in Kingston (the previous workshops were held here in 1994, 1996, 1998 and 1999). Other SAC workshops have been organized at Carleton University in Ottawa (1995, 1997 and 2003), the Fields Institute in Toronto (2001), Memorial University of Newfoundland in St. John s (2002) and the University of Waterloo (2000 and 2004). The workshop provided a relaxed atmosphere in which researchers in cryptography could present and discuss new work on selected areas of current interest. The themes for SAC 2005 were: design and analysis of symmetric key cryptosystems; primitives for symmetric key cryptography, including block and stream ciphers, hash functions, and MAC algorithms; efficient implementations of symmetric and public key algorithms; cryptographic algorithms and protocols for ubiquitous computing (sensor networks, RFID). A total of 96 papers were submitted. Three papers were not considered because they were identified as being multiple submissions. After an extensive double-blind reviewing process, the program committee accepted 25 papers for presentation at the workshop. We were very fortunate to have two invited speakers at SAC 2005, who both delivered thought-provoking and entertaining talks: Alfred Menezes: Another Look at Provable Security; Mike Wiener: The Full Cost of Cryptanalytic Attacks. First and foremost we would like to thank the members of the program committee for the many days spent on reviewing and discussing the papers thereby producing more than 600 Kbytes of comments and for helping us with the difficult decisions. We would also like to thank the numerous external reviewers for their assistance. We are also indebted to Queen s University, Stantive Solutions Inc. and Sun Microsystems for their financial support of the workshop. We also wish to thank Sheila Hutchison for her administrative support, Tom Harper for developing and maintaining the SAC 2005 website and Thomas Herlea and Robert Maier for managing the Web-based review site. Special thanks to Jasper Scholten for his technical assistance during the editing of the preproceedings and this volume. Finally we would like to thank all the participants, submitters, authors and presenters who all together made SAC 2005 a great success. December 2005 Bart Preneel, Stafford Tavares
12th Annual Workshop on Selected Areas in Cryptography August 11-12, 2005, Kingston, Ontario, Canada Program and General Co-chairs Bart Preneel... Katholieke Universiteit Leuven, Belgium Stafford Tavares... Queen s University, Canada Program Committee Roberto Avanzi... Ruhr-University Bochum, Germany John Black... University of Colorado at Boulder, USA Henri Gilbert... France Telecom R&D, France Guang Gong... University of Waterloo, Canada Louis Granboulan... Ecole Normale Supérieure, France Helena Handschuh... Gemplus, France Howard Heys... Memorial University, Canada Antoine Joux...................... DGA and University of Versailles, France Ari Juels... RSA Laboratories, USA Kaoru Kurosawa... Ibaraki University, Japan Ilya Mironov... Microsoft Research, USA Sean Murphy... Royal Holloway, University of London, UK Vincent Rijmen... Graz University of Technology, Austria Doug Stinson... University of Waterloo, Canada Michael Wiener... Cryptographic Clarity, Canada Amr Youssef... Concordia University, Canada Local Arrangements Committee Sheila Hutchison... Queen s University, Canada Tom Harper... Queen s University, Canada Sponsoring Institutions Queen s University Sun Microsystems Stantive Solutions Inc.
VIII Organization External Referees Masayuki Abe Takeshi Koshiba Jan Pelzl Steve Babbage Ted Krovetz Norbert Pramstaller Lejla Batina Tanja Lange Christian Rechberger Côme Berbain Joseph Lano Matt Robshaw Olivier Billet Dong Hoon Lee Rei Safavi-Naini Alex Biryukov Jooyoung Lee Palash Sarkar An Braeken Kerstin Lemke Erkay Savas Carlos Cid Yi Lu Martin Schläffer Mathieu Ciet Subhamoy Maitra Junji Shikata Christophe Clavier Stefan Mangard Thomas Shrimpton Christophe De Cannière Keith Martin Francesco Sica Jacques Fournier Alexander May Jessica Staddon Steven Galbraith Preda Mihăilescu Gelareh Taban Kenneth Giuliani Atsuko Miyaji Tsuyoshi Takagi Aline Gouget Bodo Möller Duong Quang Viet Kishan Gupta David Molnar Frederik Vercauteren Swee-Huay Heng Yassir Nawaz Dai Watanabe Katrin Hoeper Khanh Nguyen Christopher Wolf Tetsu Iwata Miyako Ohkubo Johannes Wolkerstorfer Tetsuya Izu Yasuhiro Ohtaki Lu Xiao Shaoquan Jiang Akira Ohtsuka Nam Yul Yu Liam Keliher Francis Olivier Kazukuni Kobara Elisabeth Oswald
Table of Contents Stream Ciphers I Conditional Estimators: An Effective Attack on A5/1 Elad Barkan, Eli Biham... 1 Cryptanalysis of the F-FCSR Stream Cipher Family Éliane Jaulmes, Frédéric Muller... 20 Fault Attacks on Combiners with Memory Frederik Armknecht, Willi Meier... 36 Block Ciphers New Observation on Camellia Duo Lei, Li Chao, Keqin Feng... 51 Proving the Security of AES Substitution-Permutation Network Thomas Baignères, Serge Vaudenay... 65 Modes of Operation An Attack on CFB Mode Encryption as Used by OpenPGP Serge Mister, Robert Zuccherato... 82 Parallelizable Authentication Trees W. Eric Hall, Charanjit S. Jutla... 95 Improved Time-Memory Trade-Offs with Multiple Data Alex Biryukov, Sourav Mukhopadhyay, Palash Sarkar... 110 Public Key Cryptography A Space Efficient Backdoor in RSA and Its Applications Adam Young, Moti Yung... 128 An Efficient Public Key Cryptosystem with a Privacy Enhanced Double Decryption Mechanism Taek-Young Youn, Young-Ho Park, Chang Han Kim, Jongin Lim... 144
X Table of Contents Stream Ciphers II On the (Im)Possibility of Practical and Secure Nonlinear Filters and Combiners An Braeken, Joseph Lano... 159 Rekeying Issues in the MUGI Stream Cipher Matt Henricksen, Ed Dawson... 175 Key Establishment Protocols and Access Control Tree-Based Key Distribution Patterns Jooyoung Lee, Douglas R. Stinson... 189 Provably Secure Tripartite Password Protected Key Exchange Protocol Based on Elliptic Curves Sanggon Lee, Yvonne Hitchcock, Youngho Park, Sangjae Moon... 205 An Access Control Scheme for Partially Ordered Set Hierarchy with Provable Security Jiang Wu, Ruizhong Wei... 221 Hash Functions Breaking a New Hash Function Design Strategy Called SMASH Norbert Pramstaller, Christian Rechberger, Vincent Rijmen... 233 Analysis of a SHA-256 Variant Hirotaka Yoshida, Alex Biryukov... 245 Impact of Rotations in SHA-1 and Related Hash Functions Norbert Pramstaller, Christian Rechberger, Vincent Rijmen... 261 Protocols for RFID Tags A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags David Molnar, Andrea Soppera, David Wagner... 276 Reducing Time Complexity in RFID Systems Gildas Avoine, Etienne Dysli, Philippe Oechslin... 291
Table of Contents XI Efficient Implementations Accelerated Verification of ECDSA Signatures Adrian Antipa, Daniel Brown, Robert Gallant, Rob Lambert, René Struik, Scott Vanstone... 307 Pairing-Friendly Elliptic Curves of Prime Order Paulo S.L.M. Barreto, Michael Naehrig... 319 Minimality of the Hamming Weight of the τ-naf for Koblitz Curves and Improved Combination with Point Halving Roberto Maria Avanzi, Clemens Heuberger, Helmut Prodinger... 332 SPA Resistant Left-to-Right Integer Recodings Nicolas Thériault... 345 Efficient FPGA-Based Karatsuba Multipliers for Polynomials over F 2 Joachim von zur Gathen, Jamshid Shokrollahi... 359 Author Index... 371