# Underhanded Crypto Contest

For everyone playing around with Crypto there are certainly moments where the developed and implemented algorithm does just the opposite of what is expected; which leads to the code thrown off in some dark corner of the hard-disk. If this is same case with you, now is the good time to get all those codes that out because there is a new crypto competition!

Underhanded Crypto Contest

The Underhanded Crypto Contest is a competition to write or modify crypto code that appears to be secure, but actually does something evil. For example:

* A MAC algorithm that can be broken if you know some fixed secret key.

* Something that leaks the key through a reliable side channel, padding, IV, etc.

* A user interface that makes it easy to accidentally spread your secrets all over the Internet.

Submission deadline is Dec 2, 2014, in accordance to the rules

Winners will be announced on Dec 30, 2014.

# Removing RSA keys by acoustic cryptanalysis

Image from: xkcd

The famous cryptographer Adi Shamir and his colleagues published a scientific paper titled “RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

Many computers emit high frequency sound during operation, because of the vibrations in some electronic components (capacitors) caused due to microscopic variations in the voltage of the CPU during different workload on it. In theory, these sound vibrations can be analyzed in order to obtain information about the running application software, including cryptographic calculations. In 2004 year, Shamir and his colleagues have shown that different RSA keys cause different sound patterns, but back then it could not be understood how to extract individual bits keys. The main problem was that the sound equipment was unable to record sound with a high sampling frequency: 20 Khz only for conventional microphones and a few hundred kilohertz for ultrasonic microphones. This is many orders of magnitude low than several GHz, which is operated in modern computers.

Now they have demonstrated it with a software that extracts the full 4096-bit keys with GnuPG computers of various models after an hour of listening, if the computer all the time performs decryption. Conducted successful demonstration of such an attack using a smartphone, which lay 30 cm from the computer.

When using the directional microphone can attack from a distance of up to 4 metres.

If miniature hidden microphones are used, the maximum distance is about 1 meter. All equipment on the photos, in addition to microphones, can be hidden under a desk or in another discrete location.

At large scale, it seriously pose a threat and perhaps having organizational severs in fully shielded rooms would prevent it.

Photos from the paper.

# The TrueCrypt Audit

Given the recent news about NSA’s ability to foil encryption soft wares, cryptographer Matthew Green and Kenneth White has started an initiative to examine the Truecrypt disk encryption tool.

Why does it matter?

Since NSA has been snooping in our data without us knowing, decryption of SSL connections and tampering with established standards to make them vulnerable, there needs to be an audit to verify that encryption softwares are truly as secure as they should be. For this very purpose there needs to be an extensive audit of softwares like Truecrypt which is used by many people, including me to a certain extent, for storing sensitive information.

How would the ‘audit’ work?

• First step would be to resolve license status on the current (v. 7.1a) TrueCrypt source code (license v. 3.0 ) copyright & distribution, in order to create a verified, independent version control history repository (signed source and binary)
• Perform and document repeatable, deterministic builds of TC 7.1a from source code for current major operating systems: Windows 7, Mac Mac OS X (Lion 10.7 and Mountain Lion 10.8), Ubuntu 12.04 LTS and 13.04, RedHat 6.4, CentOS 6.4, Debian 7.1, Fedora 19
• Conduct a public cryptanalysis and security audit of version 7.1a

I wholly support this cause and hope everyone would help ensure we have trustworthy encryption available.

Contribute

To contribute you can check the FundFill site, or IndieGoGo site. [Note: Both sites accept Credit cards; Fundfill accepts Bitcoins and IndieGoGo accepts Paypal and eChecks]

Contributions are not limited to monetary only but if you’re an information security professional/expert/hobbyist then you can help identify bugs in the software.

Official Site

Support the effort to audit TrueCrypt

# DeepEnd Research – Library of Malware Traffic Patterns + Blog lists

Quoted from here

Traffic analysis has been the primary method of malware identification and thousands of IDS signatures developed are the daily proof. Signatures definitely help but ability to visually recognize malware traffic patterns and see the trends when they change has been always an important skill for anyone tasked with network defense. The number of malware analysis blogs and papers is overwhelming and it is difficult to keep track of malware features if you don’t have access to a well designed and constantly updated malware database. This started as “personal notes” spreadsheet with GET and POST requests for different malware families with information from open sources. We decided others might find it useful too.

This is truly an exceptional and valuable community tool for researchers. On the same for those interested in these stuffs i.e. for whitehat researchers, here are some useful sites :

malware.lu

DeepEndResearch

Operational cryptology and virology lab

Modern malware investigations and reviews

XyliBox

Tracking Cybercrime

Malware don’t need Coffee

ARF Project

Malware Reconstructor

All the bloggers take the researching quite seriously, are frequently updated and provide and in-dept analysis. More blogs are listed in above blog.

# Cryptography Competitions

1. The Password Hashing Competition (PHC) is an effort organized to identify new password hashing schemes in order to improve on the state-of-the-art (PBKDF2, scrypt, etc.), and to encourage the use of strong password protection. Applications include for example authentication to web services, PIN authentication on mobile devices, or key derivation for full disk encryption.

Motivations behind the PHC include:
The poor state of passwords protection in web services: passwords are too often either stored in clear (these are the services that send you your password by email after hitting “I forgot my password”), or just hashed with a cryptographic hash function (like MD5 or SHA-1), which exposes users’ passwords to efficient brute force cracking methods.
The low variety of methods available: the only standardized construction is PBKDF2 (PKCS#5, NIST SP 800-132), and there are mainly just two alternatives: bcrypt and scrypt.
A number of new ideas discussed within the security and cryptography communities, but which have not yet led to a concrete proposal.

2. CryptoChallenge :  The ultimate code-breaking test. It will take all your savvy and experience to crack the cipher. The code will be available soon; and first prize is an Apple iPad 16Gb. So pre-register now. Good luck!

# Second International Workshop on Lightweight Cryptography for Security & Privacy

via Mailing list

LIGHTSEC 2013

Important Dates

Submission deadline: January  25th, 2013 at 23:59 UTC

Workshop presentations: May 6-7, 2013

Background, aim and scope

The main goal of this workshop is to promote and initiate novel research on the security & privacy issues for applications that can be termed as lightweight security, due to the associated constraints on metrics such as available power, energy, computing ability, area, execution time, and memory requirements. As such applications are becoming ubiquitous, definitely providing an immense value to the society, they are also affecting a greater portion of the public & leading to a plethora of economical & security and privacy related concerns. The goal of this workshop is to create a platform where these concerns can be addressed and proposed solutions are discussed and evaluated. The solutions should be economically applicable in constrained environments such as wireless embedded systems. Due to the nature of the problem, good scalability properties are also expected requirements of the proposed systems. Providing implementation results & demonstrating the applicability of the proposed solutions are among the
essentials. Metrics to evaluate different aspects of lightweight security solutions and combined metrics for overall evaluations thereof for a given application scenario are useful for implementers and engineers. Compactness and efficiency are the properties which are commonly sought.

TOPICS

Topics of interest include, but are not limited to:

– Design, analysis and implementation of lightweight cryptographic
protocols & applications
– Cryptographic hardware development for constrained domains
– Design, analysis and implementation of security & privacy solutions
for wireless embedded systems
– Design, analysis and implementation of lightweight  privacy-preserving
protocols & systems
– Design and analysis of fast and compact cryptographic algorithms
– Wireless network security for low-resource devices
– Low-power crypto architectures
– Scalable protocols and architectures for security and privacy
– Formal methods for analysis of lightweight cryptographic protocols
– Security and privacy issues in RFID and NFC
– Embedded systems security
– PUF based crypto protocols
– Security of ubiquitous and pervasive computing
– Side channel analysis and countermeasures on lightweight devices
– Efficient and scalable cryptographic protocols for the Next Generation
Secure Cloud

Instructions for Authors

The submission must be anonymous with no author names, affiliations or obvious references. Only original unpublished work should be included in the manuscript. The length of the manuscripts must be at most 12 pages excluding references and appendices. The text should be in a single-column format, at least 11-point fonts, and have reasonable margins. The length of the final version will be at most 20 pages including references and appendices, and compliant with Springer’s LNCS template. Each paper conforming to these specifications will be reviewed by at least three reviewers.

Submission website: http://www.easychair.org/conferences/?conf=lightsec13.

Stipends

A limited number of stipends are available to students having an accepted paper that they will present. Requests for stipends should be addressed to the general chair.

Invited Speakers

Jacques Stern, ENS, France

(Other invited speakers will be announced later)

Program Committee

Onur Aciicmez, Samsung, USA
Jean-Philippe Aumasson, NAGRA, Switzerland
Paulo Barreto, University of Sao Paulo, Brazil
Lejla Batina, Radboud University Nijmegen, The Netherlands
Guido Bertoni, STMicroelectronics, Italy
Mike Burmester, Florida State University, USA
Roberto Di Pietro, Universita di Roma Tre, Italy
Orr Dunkelman, University of Haifa, Israel
Kris Gaj, George Mason University, USA
Helena Handschuh, Intrinsic-ID, USA
Julio Hernandez-Castro, Portsmouth University, UK
Marc Joye, Technicolor, France
Pascal Junod, HEIG-VD, Switzerland
Mehmet Sabir Kiraz, TUBITAK BILGEM UEKAE, Turkey
Cetin Kaya Koc, UCSB, USA
Xuejia Lai, Shanghai Jiao Tong University, Japan
Albert Levi, Sabanci University, Turkey
Thomas Pedersen, TUBITAK BILGEM UEKAE, Turkey
Josef Pieprzyk, Macquarie University, Australia
David Pointcheval, CNRS/ENS/INRIA, France
Axel Poschmann, Nanyang Technological University, Singapore
Bart Preneel, Katholieke Universiteit Leuven, Belgium
Arash Reyhani-Masoleh, University of Western Ontario, Canada
Vincent Rijmen, Katholieke Universiteit Leuven, Belgium
Matt Robshaw, Orange Labs, France
Francisco Rodriguez-Henriquez, CINVESTAV-IPN, Mexico
Erkay Savas, Sabanci University, Turkey
Mike Scott, CertiVox labs, Ireland
Ali Aydin Selcuk, Bilkent University, Turkey
Francois-Xavier Standaert, Universite catholique de Louvain, Belgium
Serge Vaudenay, EPFL, Switzerland

Organizational Committee

– Program co-Chairs:   Gildas Avoine  Université catholique de Louvain, Belgium and  Orhun Kara   TUBITAK BILGEM UEKAE, Turkey

– General Chair:  Huseyin Demirci  TUBITAK BILGEM UEKAE, Turkey

# A new record for the discrete logarithm problem

Recently, a new record for the discrete logarithmic problem was posted in Number Theory mailing list; by recently I mean on 24th Dec. Anyways they were able to compute discrete logarithm in $GF(p^{47})$ with $p=33 553 771$ using Kummer Theory. For those who are interested here is the original posting in the list by Antoine Joux

We are pleased to announce a new record for the discrete logarithm
problem. We were able to compute discrete logarithms in
GF(p^47), with p=33,553,771. This was done using a new variation of
the Function Field Sieve for the medium prime case [JoLe06], full details
are given in [Jo12].

As far as we know, the previous discrete logarithm record
in a finite field is GF(3^582), a \$923\$-bit field [HaShiShiTa12].

We define GF(p^47) using the following Kummer extension
GF(p^47) = GF(p)[t]/(t^47-2)

and we choose as basis for the discrete logarithms, the value:
g = t-3.

We set to ourselves the challenge of computing the logarithm of:
Z=sum(i=0,46,floor(Pi*p^(i+1))%p*t^i) [in Pari-gp syntax]
= 9223132*t^46 + 21572761*t^45 + 13331805*t^44 + 24394461*t^43 +
967257*t^42 + 11418608*t^41 + 22510961*t^40 + 8252042*t^39 +
25554852*t^38 + 26222640*t^37 + 33310861*t^36 + 30299378*t^35 +
12151253*t^34 + 20654171*t^33 + 32174594*t^32 + 944406*t^31 +
779314*t^30 + 31050064*t^29 + 12712559*t^28 + 14346746*t^27 +
22602277*t^26 + 21089035*t^25 + 13665993*t^24 + 9188704*t^23 +
28235615*t^22 + 17237048*t^21 + 10095045*t^20 + 14876208*t^19 +
31889225*t^18 + 2609908*t^17 + 28623908*t^16 + 29096565*t^15 +
13257302*t^14 + 1382226*t^13 + 23604453*t^12 + 12670350*t^11 +
2891114*t^10 + 2125744*t^9 + 2828409*t^8 + 19052742*t^7 +
16935621*t^6 + 14078784*t^5 + 5105395*t^4 + 13487859*t^3 +
31044117*t^2 + 15898925*t + 4750967

The cardinality of the group is:
p^47-1= 47 * 2069 * 12409 * (p-1) * 132103049403319 *C,
where C is a composite cofactor of unknown factorization.
As usual, this computation was done in three steps:
– the generation of multiplication relations,
– the linear algebra,
– the final computation of individual logarithms.

Generation of relations :
——————–

Let u=t^6. Then u^8=2t. We see that a polynomial:
ut + a u + b t +c, can be expressed either as a polynomial in t
or a polynomial in u giving a polynomial equality:

t^7 + a t^6 + b t +c = u^9/2 + a u + b u^8/2 +c

When both sides split into linear factors, we obtain a multiplication
relation in GF(p^47) (with a smoothness basis containing all linear
polynomial in t and u). Note that the Frobenius map sends linear
polynomial to linear polynomials, thus reducing the size of the
smoothness basis by a factor 47.

To generate the needed relations, with use a new technique called
pinpointing. The total running time is 3 hours on
a single core of a Intel core i7 at 2.7 GHz.

The structured Gaussian elimination has been merged with the
generation of relations and the resulting linear systems involves
829,405 unknowns
Linear algebra:
—————

The linear algebra used a block Wiedemann approach.

We first performed 32 independent matrix-vector product sequences.
Using 32 machines of 16 cores each, this took 37 hours.

Using Thomé’s approach to block Wiedemann [Thome02], we found a low
degree linear relation between the outputs of the first step in 9h30m on a
64-core machine.

Finally, we recovered a kernel element through another run of 32
matrix-vector product sequences, which took 25 hours on 32×16 cores.

We thus obteined logarithms for linear polynomials.

For instance,

Log(t-1) =
95827955417372788961211119750729924268406734418129865124327290943031748139633075856081325136909045486230487619158973618846263919909919150212528157434853712325214875504194789523385391155086793943715663752308942079859114910805192726927916119880113567931724180868901724860373253630442936157531712330314891742481658155699597613
(mod C)

log(t-2) =
70905284732380959516896012578102147920229391687071272347471391289380170629739287997848344272408632657718653331501828887867364669182344802079044434461762058103438602580032253383337456432724367688154096671950400184075089994517877672779201601421554905236313618024147453867620526117100039277887621947094730742958277464818390465
(mod C)

log(t+1) =
22191972958014792087327587759372999165298380738905775861595551751866959362993296125893211952064352555004446612143691021766646405907481542823844552325603659164668672726530544973918734915538721151817523682923173974904494997472327204905307992934306560207700268824803542475788420305869403355275251219067807853032669466128535944

log(u-1) =
10001005486471873053960223144281754249953393197014591659906662835754390574748823006781373757701566144563328082608672337798845376273684215346619102506040911370085228108583424360298236711416252784630124891603397593416751070128068071222671809409993310027600177764254738174863646977658739191171546816174310362854136358144609763

log(u-2) =
61527690212720714271643822401094097115568720581734405966071391248119069776122647831131972276710437710284864058161818513299199927610900547501499496582171428217613040720230663796340038830052388536847031906010338335587455060078065171347461120964945190720689474052263809706188924679921054683415735227928798768439809316649275349
Individual Logarithms:
———————-

Following the approach from [JoLe06], this phase took under 4 hours on the
Intel laptop. We found that the challenge satisfies:

Z = g ^ 356633127146494066263281134740949440571780807878239530830992112523140494277589347504555481509115749560473147631864963745877949210252568865798642649039047033462050627522813317937084662147227994756376452164608898303687287333791524330937899227952311300252882838173738965961045446180140573240231646914447899262099152488534480737568049333712088197470913054182
Antoine Joux (CryptoExperts and UVSQ, France),
References:
===========

[JoLe06] The Function Field Sieve in the Medium Prime Case. Antoine Joux and
Reynald Lercier. EUROCRYPT’2006

[Thome02] Subquadratic Computation of Vector Generating Polynomials
and Improvement of the Block Wiedemann Algorithm.
Emmanuel Thomé. J. Symb. Comput. 2002 33(5), pp. 757–775

[HaShiShiTa12] Breaking Pairing-Based Cryptosystems Using eta_T Pairing
over GF(3^97). Takuya Hayashi and Takeshi Shimoyama and
Naoyuki Shinohara and Tsuyoshi Takagi. ASIACRYPT’2012.

[Jo12] Faster index calculus for the medium prime case.
Application to a 1175-bit finite field. Antoine Joux. Eprint
Archive. http://eprint.iacr.org/

# Quantum Systems in Python

Recently read an extremely interesting post here by Markus Baden introduced to me the wonderful tool called Quantum Optics Toolbox in Python aka qutip. Developed by Robert Johansson and Paul Nation. It is truly the most marvelous tool, granted I just started to use it. The best thing is that one of the developer Robert Johansson has recently posted lecture notes for qutip. These notes contains ready to execute code which user can directly start playing with. Here are the notes in html format :

while the PDF of these are available on the github.

I am only disappointed that the latest version 2x and above wont be supporting windows officially.  Times like this make me happy that I am comfortable with Linux, though I still wish Mac prizes would drop down…