Table of Contents

Hash Attacks

Rotational Rebound Attacks on Reduced Skein Dmitry Khovratovich Ivica Nikolic Christian Rechberger 1

Finding Second Preimages of Short Messages for Hamsi-256 Thomas Fuhr 20

Non-full-active Super-Sbox Analysis: Applications to ECHO and Grøstl Yu Sasaki Yang Li Lei Wang Kazuo Sakiyama Kazuo Ohta 38

Advanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2 Jian Guo San Ling Christian Rechberger Huaxiong Wang 56

Collision Attacks against the Knudsen-Preneel Compression Functions Onur Özen Martijn Stam 76

Symmetric-Key Cryptosystems

Improved Generic Attacks on Unbalanced Feistel Schemes with Expanding Functions Emmanuel Volte Valérie Nachef Jacques Patarin 94

The World Is Not Enough: Another Look on Second-Order DPA François-Xavier Standaert Nicolas Veyrat-Charvillon Elisabeth Oswald Benedikt Gierlichs Marcel Medwed Markus Kasper Stefan Mangard 112

Block and Stream Ciphers

Conditional Differential Cryptanalysis of NLFSR-Based Cryptosystems Simon Knellwolf Willi Meier María Naya-Plasencia 130

A Byte-Based Guess and Determine Attack on SOSEMANUK Xiutao Feng Jun Liu Zhaocun Zhou Chuankun Wu Dengguo Feng 146

Improved Single-Key Attacks on 8-Round AES-192 and AES-256 Orr Dunkelman Nathan Keller Adi Shamir 158

Protocols

Constant-Size Commitments to Polynomials and Their Applications Aniket Kate Gregory M. Zaverucha Ian Goldberg 177

Computationally Secure Pattern Matching in the Presence of Malicious Adversaries Carmit Hazay Tomas Toft 195

Linear-Complexity Private Set Intersection Protocols Secure in Malicious Model Emiliano De Cristofaro Jihye Kim Gene Tsudik 213

Key Exchange

Generic Compilers for Authenticated Key Exchange Tibor Jager Florian Kohlar Sven Schäge Jörg Schwenk 232

A Forward-Secure Symmetric-Key Derivation Protocol: How to Improve Classical DUKPT Eric Brier Thomas Peyrin 250

Foundation

Efficient String-Commitment from Weak Bit-Commitment Kai-Min Chung Feng-Hao Liu Chi-Jen Lu Bo-Yin Yang 268

On the Static Diffie-Hellman Problem on Elliptic Curves over Extension Fields Robert Granger 283

Random Oracles with(out) Programmability Marc Fischlin Anja Lehmann Thomas Ristenpart Thomas Shrimpton Martijn Stam Stefano Tessaro 303

Zero-Knowledge

Short Pairing-Based Non-interactive Zero-Knowledge Arguments Jens Groth 321

Short Non-interactive Zero-Knowledge Proofs Jens Groth 341

Optimistic Concurrent Zero-Knowledge Alon Rosen abhi shelat 359

Lattice-Based Cryptography

Faster Fully Homomorphic Encryption Damien Stehlé Ron Steinfeld 377

A Group Signature Scheme from Lattice Assumptions S. Dov Gordon Jonathan Katz Vinod Vaikuntanathan 395

Lattice-Based Blind Signatures Markus Rückert 413

Secure Communication and Computation

The Round Complexity of Verifiable Secret Sharing: The Statistical Case Ranjit Kumaresan Arpita Patra C. Pandu Rangan 431

General Perfectly Secure Message Transmission Using Linear Codes Qiushi Yang Yvo Desmedt 448

On Invertible Sampling and Adaptive Security Yuval Ishai Abishek Kumarasubramanian Claudio Orlandi Amit Sahai 466

Multiparty Computation for Modulo Reduction without Bit-Decomposition and a Generalization to Bit-Decomposition Chao Ning Qiuliang Xu 483

Models, Notions, and Assumptions

A Closer Look at Anonymity and Robustness in Encryption Schemes Payman Mohassel 501

Limitations on Transformations from Composite-Order to Prime-Order Groups: The Case of Round-Optimal Blind Signatures Sarah Meiklejohn Hovav Shacham David Mandell Freeman 519

The Semi-Generic Group Model and Applications to Pairing-Based Cryptography Tibor Jager Andy Rupp 539

Public-Key Encryption

The Degree of Regularity of HFE Systems Vivien Dubois Nicolas Gama 557

Structured Encryption and Controlled Disclosure Melissa Chase Seny Kamara 577

Leakage Resilient ElGamal Encryption Eike Kiltz Krzysztof Pietrzak 595

Efficient Public-Key Cryptography in the Presence of Key Leakage Yevgeniy Dodis Kristiyan Haralambiev Adriana López-Alt Daniel Wichs 613

Author Index 633