Lecture Notes in Computer Science 6477 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen TUDortmundUniversity,Germany MadhuSudan MicrosoftResearch,Cambridge,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum MaxPlanckInstituteforInformatics,Saarbruecken,Germany Masayuki Abe (Ed.) Advances in Cryptology - ASIACRYPT 2010 16th International Conference on the Theory andApplication of Cryptology and Information Security Singapore, December 5-9, 2010 Proceedings 1 3 VolumeEditor MasayukiAbe 3-9-11Midori-cho,Musashino-shi,Tokyo180-8585,Japan E-mail:[email protected] LibraryofCongressControlNumber:2010939472 CRSubjectClassification(1998):E.3,D.4.6,F.2,K.6.5,G.2,I.1,J.1 LNCSSublibrary:SL4–SecurityandCryptology ISSN 0302-9743 ISBN-10 3-642-17372-1SpringerBerlinHeidelbergNewYork ISBN-13 978-3-642-17372-1SpringerBerlinHeidelbergNewYork Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. springer.com ©InternationalAssociationforCryptologicResearch2010 PrintedinGermany Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper 06/3180 Preface ASIACRYPT 2010washeldintheSwissˆotelMerchantCourtinSingapore,dur- ing December 5–9, 2010. The conference was sponsored by the International Association for Cryptologic Research (IACR) in cooperation with the Coding andCryptographyResearchGroupof NanyangTechnologicalUniversity.It was also supported by the Singapore Tourism Board, and co-sponsored by the Na- tionalResearchFoundationof Singapore,Lee Foundation, IBM SingaporeLtd., O’Connor’sSingaporeLtd.,PuffersoftLtd.,PrivylinkLtd.,Hewlett-PackardSin- gaporeLtd.,JardineOneSolutionLtd.,andSingaporeMathematicalSociety.San Ling chaired the conference and I served as the ProgramChair. There were 216 valid submissions. The Program Committee aided by 221 external reviewers spent 83 days on reviews and discussions. They spared no effort to increase the quality of their reviews. Every paper received at least three independent reviews, and papers from the committee members received five reviews. In total, there were more than 730 reviews followed by intensive discussion. This long and tough process, wrapped up with an intensive face-to- facemeetingbythecommitteemembersconvenedatUCSantaBarbara,yielded 35 accepted papers. I regret not being able to select more of such high-quality papers due to space limitations. The proceedings include the revisedversions of the accepted papers. The authors are fully responsible for their contents. Thebestpaperawardwasgivento“RotationalReboundAttacksonReduced Skein”byDmitry Khovratovich,IvicaNikoli´c,andChristianRechberger.There wereafurthertwobestpapers,“ImprovedSingle-KeyAttackson8-RoundAES- 192andAES-256”byOrrDunkelman,NathanKeller,andAdiShamir,and“Ef- ficient Public-Key Cryptography in the Presence of Key Leakage” by Yevgeniy Dodis,KristiyanHaralambiev,AdrianaLo´pez-Alt,andDanielWichs,thatwere solicitedforfullversionsubmissiontotheJournalof Cryptology.Theconference programincludedtwoinvitedtalks:“Cryptography,fromTheoryto Practice:A Personal Perspective” by Hugo Krawczyk, and “Cryptographic Hash Functions and the SHA-3 Competition” by Bart Preneel. There are many people I would like to acknowledge but only a few can be listed here. First I would like to thank all the authors of the submitted papers. I am deeply grateful to all the members of the Program Committee for their expertise and enthusiasmthat broughtsuccess to a difficult project. I also want to express appreciation to the external reviewers listed in the following pages. Special thanks to Shai Halevi for providing and setting up the splendid review software, and Huaxiong Wang and his staff at Nanyang Technological Univer- sity, who helped me to manage the review process in many ways. Finally, I am indebted to Kaoru Kurosawa, Mitsuru Matsui, Nigel Smart, and Tatsuaki Okamoto, who gave me invaluable advice as Chairs of past IACR conferences. September 2010 Masayuki Abe ASIACRYPT 2010 The 16th Annual International Conference on the Theory and Application of Cryptology and Information Security December 5–9, 2010, Singapore Sponsored by the International Association for Cryptologic Research (IACR) in cooperation with the Coding and Cryptography Research Group of Nanyang Technological University General Chair San Ling Nanyang TechnologicalUniversity, Singapore Program Chair Masayuki Abe NTT Information Sharing Platform Laboratories, Japan Program Committee Claude Carlet University of Paris 8, France Jean-S´ebastienCoron University of Luxembourg, Luxembourg Yevgeniy Dodis New York University, USA Marc Fischlin Darmstadt University of Technology, Germany Henri Gilbert Orange Labs, France Dennis Hofheinz Karlsruhe Institute of Technology, Germany Thomas Johansson Lund University, Sweden Antoine Joux DGA and Universit´e de Versailles, UVSQ PRISM, France Jonathan Katz University of Maryland, USA Lars R. Knudsen Technical University of Denmark, Denmark Kaoru Kurosawa Ibaraki University, Japan Xuejia Lai Shanghai Jiao Tong University, China Dong Hoon Lee Korea University, Korea Anna Lysyanskaya Brown University, USA Vadim Lyubashevsky Tel Aviv University, Israel Mitsuru Matsui Mitsubishi Electric, Japan VIII Organization Payman Mohassel University of Calgary, Canada Phong Q. Nguyen INRIA and ENS, France Jesper Buus Nielsen Aarhus University, Denmark Kaisa Nyberg Helsinki University of Technology, Finland Elisabeth Oswald University of Bristol, UK Renato Renner ETH Zu¨rich, Switzerland Vincent Rijmen K. U. Leuven, Belgium and TU Graz, Austria Thomas Shrimpton Portland State University, USA Nigel P. Smart University of Bristol, UK Franc¸ois-Xavier Standaert UCL, Belgium Ron Steinfeld Macquarie University, Australia Willy Susilo University of Wollongong, Australia Vinod Vaikuntanathan Microsoft Research, USA Serge Vaudenay EPFL, Switzerland Hoeteck Wee Queens College, CUNY, USA Hongjun Wu I2R and NTU, Singapore Kan Yasuda NTT Corporation, Japan Hong-Sheng Zhou University of Connecticut, USA External Reviewers Michel Abdalla David Cash Dejan Dukaric Johan Aberg Pierre-Louis Cayrel Frederic Dupuis Shweta Agarwal Rafik Chaabouni Nico D¨ottling Martin Agren Nishanth Chandran Xiwen Fang Hadi Ahmadi Jung Hee Cheon Sebastian Faust Amy Alford Joo Yeon Cho Serge Fehr Joel Alwen Kwantae Cho Matthieu Finiasz Elena Andreeva Kyu Young Choi Dario Fiore Frederik Armknecht Sherman Chow Matthias Fitzi Nuttapong Attrapadung Cheng-Kang Chu Manuel Forster Man Ho Au Ji Young Chun David Mandell Freeman Paul Baecher Iwen Coisel Eiichiro Fujisaki Joonsang Baek Cas Cremers Jun Furukawa Kfir Barhum Yang Cui Martin Gagne Aur´elie Bauer Dana Dachman-Soled Sebastian Gajek Almut Beige O¨zgu¨r Dagdelen Steven Galbraith Andrey Bogdanov Oscar Dahlsten David Galindo Sasha Boldyreva Christophe DeCanniere Viktor Galliard Julia Borghoff Alexander W. Dent Sanjam Garg Charles Bouillaguet Cunsheng Ding Praveen Gauravaram Billy Brumley Ning Ding Valerie Umana Gauthier Christina Brzuska Christophe Doche Craig Gentry S´ebastien Canard Ming Duan Mark Gondree David Canright Leo Ducas Zheng Gong Organization IX Dov Gordon Adriana Lopez-Alt Amit Sahai Aline Gouget Yiyuan Luo Yasuyuki Sakai Jens Groth Avradip Mandal Yu Sasaki Sylvain Guilley Mark Manulis Martin Schla¨ffer Fuchun Guo Xianping Mao Dominique Schro¨der Jian Guo Atefeh Mashatan Gil Segev Risto Hakala Willi Meier Gautham Sekar Goichiro Hanaoka Florian Mendel Pouyan Sepehrdad Kristiyan Haralambiev Giacomo de Meulenaer Yannick Seurin Carmit Hazay Tomislav Nad Hovav Shacham Mathias Herrmann Jorge Nakahara Jr Siamak Fayyaz Fumitaka Hoshino Kris Narayan Shahandashti Jialin Huang Gregory Neven Emily Shen Qiong Huang Takashi Nishide Barhum Kfir Shlomo Xinyi Huang Ryo Nishimaki Adam Smith Jung Yeon Hwang Geon Tae Noh Boyeon Song Sebastiaan Indesteege Ryo Nojima Paul Stankovski Tetsu Iwata PeterSebastianNordholt Damien Stehl´e Ragesh Jaiswal Adam O’Neil John Steinberger Marc Joye Wakaha Ogata Xiaorui Sun Kimmo J¨arvinen Maria Cristina Onete Daisuke Suzuki Eike Kiltz Claudio Orlandi Petr Suˇsil Kitak Kim Khaled Ouafi Bjoern Tackmann Thorsten Kleinjung Jong Hwan Park Qiang Tang Kazukuni Kobara Rafael Pass Aris Tentes Tetsutaro Kobayashi Kenneth G. Paterson Stefano Tessaro Franc¸ois Koeune Arpita Patra Søren S. Thomsen Vladimir Kolesnikov Serdar Pehlivanoglu Mehdi Tibouchi Woo Kwon Koo Chris Peikert Elmar Tischhauser Takeshi Koshiba Olivier Pereira Tomas Toft Daniel Kraschewski Ludovic Perret Marco Tomamichel Hugo Krawczyk Christophe Petit Deniz Toz Noboru Kunihiro Duong Hieu Phan Wei-Lung Dustin Tseng Minoru Kuribayashi Le Trieu Phong Toyohiro Tsurumaru Mario Lamberger Krzysztof Pietrzak Antonino Tumeo Gregor Leander Gilles Piret Berkant Ustaoglu Ji-Seon Lee Emmanuel Prouff Yevgeniy Vahlis Kwangsu Lee Elizabeth Quaglia Kerem Varıcı Ga¨etan Leurent Nik Raub Frederik Vercauteren Allison Lewko Francesco Regazzoni Panagiotis Voulgaris Chao Li Renato Renner Martin Vuagnoux Benoˆıt Libert Hyun Sook Rhee Huaxiong Wang Tingting Lin Matthieu Rivain Yongtao Wang Georg Lippold Andrea Ro¨ck Bogdan Warinschi Joseph K. Liu Minoru Saeki Jian Weng X Organization Steve Williams Scott Yilek Zhifang Zhang Severin Winkler Kazuki Yoneyama Jinmin Zhong Stefan Wolf Yu Yu Bo Zhu Qianhong Wu Tsz Hon Yuen Go Yamamoto Erik Zenner Table of Contents Hash Attacks Rotational Rebound Attacks on Reduced Skein ...................... 1 Dmitry Khovratovich, Ivica Nikoli´c, and Christian Rechberger Finding Second Preimages of Short Messages for Hamsi-256 ........... 20 Thomas Fuhr Non-full-active Super-Sbox Analysis: Applications to ECHO and Grøstl .......................................................... 38 Yu Sasaki, Yang Li, Lei Wang, Kazuo Sakiyama, and Kazuo Ohta Advanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2 .................... 56 Jian Guo, San Ling, Christian Rechberger, and Huaxiong Wang Collision Attacks against the Knudsen-Preneel Compression Functions ....................................................... 76 Onur O¨zen and Martijn Stam Symmetric-Key Cryptosystems Improved Generic Attacks on Unbalanced Feistel Schemes with Expanding Functions ............................................. 94 Emmanuel Volte, Val´erie Nachef, and Jacques Patarin The World Is Not Enough: Another Look on Second-Order DPA ....... 112 Franc¸ois-Xavier Standaert, Nicolas Veyrat-Charvillon, Elisabeth Oswald, Benedikt Gierlichs, Marcel Medwed, Markus Kasper, and Stefan Mangard Block and Stream Ciphers Conditional Differential Cryptanalysis of NLFSR-Based Cryptosystems................................................... 130 Simon Knellwolf, Willi Meier, and Mar´ıa Naya-Plasencia A Byte-Based Guess and Determine Attack on SOSEMANUK......... 146 Xiutao Feng, Jun Liu, Zhaocun Zhou, Chuankun Wu, and Dengguo Feng Improved Single-Key Attacks on 8-Round AES-192 and AES-256 ...... 158 Orr Dunkelman, Nathan Keller, and Adi Shamir