Kazue Sako Palash Sarkar (Eds.) 9 6 2 Advances in Cryptology – 8 S C ASIACRYPT 2013 N L 19th International Conference on the Theory and Application of Cryptology and Information Security Bengaluru, India, December 2013, Proceedings, Part I 123 Lecture Notes in Computer Science 8269 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen TUDortmundUniversity,Germany MadhuSudan MicrosoftResearch,Cambridge,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum MaxPlanckInstituteforInformatics,Saarbruecken,Germany Kazue Sako Palash Sarkar (Eds.) Advances in Cryptology – ASIACRYPT 2013 19th International Conference on the Theory andApplication of Cryptology and Information Security Bengaluru, India, December 1-5, 2013 Proceedings, Part I 1 3 VolumeEditors KazueSako NECCorporation Kawasaki,Japan E-mail:[email protected] PalashSarkar IndianStatisticalInstitute Kolkata,India E-mail:[email protected] ISSN0302-9743 e-ISSN1611-3349 ISBN978-3-642-42032-0 e-ISBN978-3-642-42033-7 DOI10.1007/978-3-642-42033-7 SpringerHeidelbergNewYorkDordrechtLondon CRSubjectClassification(1998):E.3,D.4.6,F.2,K.6.5,G.2,I.1,J.1 LNCSSublibrary:SL4–SecurityandCryptology ©InternationalAssociationforCryptologicResearch2013 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnection withreviewsorscholarlyanalysisormaterialsuppliedspecificallyforthepurposeofbeingenteredand executedonacomputersystem,forexclusiveusebythepurchaserofthework.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheCopyrightLawofthePublisher’slocation, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Permissionsforuse maybeobtainedthroughRightsLinkattheCopyrightClearanceCenter.Violationsareliabletoprosecution undertherespectiveCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Whiletheadviceandinformationinthisbookarebelievedtobetrueandaccurateatthedateofpublication, neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityforanyerrorsor omissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,withrespecttothe materialcontainedherein. Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface It is our great pleasure to present the proceedings of Asiacrypt 2013 in two volumes of Lecture Notes in Computer Science published by Springer. This was the 19th edition of the International Conference on Theory and Application of Cryptologyand InformationSecurity heldannually inAsia by the International Associationfor Cryptologic Research(IACR). The conference was organizedby IACR in cooperation with the Cryptology Research Society of India and was held in the city of Bengaluru in India during December 1–5, 2013. Aboutoneyearpriortotheconference,aninternationalProgramCommittee (PC) of 46 scientists assumed the responsibility of determining the scientific content of the conference. The conference evoked an enthusiastic response from researchers and scientists. A total of 269 papers were submitted for possible presentations approximately six months before the conference. Authors of the submitted papers are spread all over the world. PC members were allowed to submit papers, but each PC member could submit at most two co-authored papers or at most one single-authored paper. The PC co-chairs did not submit any paper. All the submissions were screened by the PC and 54 papers were finally selected for presentations at the conference. These proceedings contain the revised versions of the papers that were selected. The revisions were not checked and the responsibility of the papers rests with the authors and not the PC members. Selection of papers for presentation was made through a double-blind re- view process. Each paper was assigned three reviewers and submissions by PC memberswereassignedsixreviewers.ApartfromthePCmembers,291external reviewerswereinvolved.Thetotalnumberofreviewsforallthepaperswasmore than 900. In addition to the reviews, the selection process involvedan extensive discussion phase. This phase allowed PC members to express opinion on all the submissions.The finalselectionof54paperswasthe resultofthisextensiveand rigorous selection procedure. One of the final papers resulted from the merging of two submissions. Thebestpaperawardwasconferreduponthepaper“ShorterQuasi-Adaptive NIZKProofsforLinearSubspaces”authoredbyCharanjitJutlaandArnabRoy. The decision was based on a vote among the PC members. In addition to the best paper, the authors of two other papers, namely,“Families of Fast Elliptic CurvesfromQ-Curves”authoredbyBenjaminSmithand“KeyRecoveryAttacks on 3-Round Even-Mansour, 8-Step LED-128, and Full AES2”authored by Itai Dinur, Orr Dunkelman, Nathan Keller and Adi Shamir, were recommended by the Editor-in-Chiefofthe Journal of Cryptology to submitexpandedversionsto the journal. Ahighlightoftheconferencewastheinvitedtalks.Anextensivemulti-round discussion was carried out by the PC to decide on the invited speakers. This VI Preface resulted in very interesting talks on two different aspects of the subject. Lars Ramkilde Knudsen spoke on “Block Ciphers — Past and Present” a topic of classicalandcontinuingimportance,whileGeorgeDanezisspokeon“Engineering Privacy-Friendly Computations,” which is an important and a more modern theme. Apart from the regular presentations and the invited talks, a rump session wasorganizedonone of the evenings.This consistedof veryshortpresentations on upcoming researchresults, announcements of future events, and other topics of interest to the audience. Wewouldliketothanktheauthorsofallpapersforsubmittingtheirresearch works to the conference. Such interest over the years has ensured that the Asi- acrypt conference series remains a cherished venue of publication by scientists. Thanks are due to the PC members for their enthusiastic and continued partic- ipation for over a year in different aspects of selecting the technical program. External reviewers contributed by providing timely reviews and thanks are due to them. A list of external reviewers is provided in these proceedings. We have triedtoensurethatthelistiscomplete.Anyomissionisinadvertentandifthere is an omission, we apologize to the person concerned. Special thanks are due to Satyanarayana V. Lokam, the general chair of the conference. His message to the PC was to select the best possible scientific programwithout any other considerations.Further, he ensured that the PC co- chairs were insulated from the organizational work. This work was done by the Organizing Committee and they deserve thanks from all the participants for the wonderful experience. We thank Daniel J. Bernstein and Tanja Lange for expertly organizing and conducting the rump session. The reviewsanddiscussionswereentirelycarriedout onlineusing a software developedby Shai Halevi.At severaltimes, we hadto ask Shai for his help with some feature or the other of the software. Every time, we received immediate andhelpful responses.We thankhim forhis supportandalsofordevelopingthe software. We also thank Josh Benaloh, who was our IACR liaison, for guidance onseveralissues.Springerpublishedthevolumesandmadetheseavailablebefore the conference.We thankAlfredHofmannandAnna Kramerandtheirteamfor their professional and efficient handling of the production process. Last,but, notthe least, we thankMicrosoftResearch;Google;IndianStatis- ticalInstitute,Kolkata;andNationalMathematicsInitiative,IndianInstituteof Science, Bengaluru; for being generous sponsors of the conference. December 2013 Kazue Sako Palash Sarkar Asiacrypt 2013 The 19th Annual International Conference on Theory and Application of Cryptology and Information Security Sponsored by the International Association for Cryptologic Research (IACR) December 1–5, 2013, Bengaluru, India General Chair SatyanarayanaV. Lokam Microsoft Research, India Program Co-chairs Kazue Sako NEC Corporation, Japan Palash Sarkar Indian Statistical Institute, India Program Committee Michel Abdalla E´cole Normale Sup´erieure, France Colin Boyd QueenslandUniversityofTechnology,Australia Anne Canteaut Inria Paris-Rocquencourt,France Sanjit Chatterjee Indian Institute of Science, India Jung Hee Cheon Seoul National University, Korea Sherman S.M. Chow Chinese University of Hong Kong, SAR China Orr Dunkelmann University of Haifa, Israel Pierrick Gaudry CNRS Nancy, France Rosario Gennaro City College of New York, USA Guang Gong University of Waterloo, Canada Vipul Goyal Microsoft Research, India Eike Kiltz University of Bochum, Germany Tetsu Iwata Nagoya University, Japan Tanja Lange Technische Universiteit Eindhoven, The Netherlands Dong Hoon Lee Korea University, Korea Allison Lewko Columbia University, USA Benoit Libert Technicolor, France Dongdai Lin Chinese Academy of Sciences, China Anna Lysyanskaya Brown University, USA Subhamoy Maitra Indian Statistical Institute, India VIII Asiacrypt 2013 Willi Meier University of Applied Sciences, Switzerland Phong Nguyen Inria, France and Tsinghua University, China Kaisa Nyberg Aalto University, Finland Satoshi Obana Hosei University, Japan Kenny Paterson Royal Holloway, University of London, UK Krzysztof Pietrzak Institute of Science and Technology, Austria David Pointcheval E´cole Normale Sup´erieure, France Manoj Prabhakaran University of Illinois at Urbana-Champaign, USA Vincent Rijmen KU Leuven, Belgium Rei Safavi-Naini University of Calgary, Canada Yu Sasaki NTT, Japan Nicolas Sendrier Inria Paris-Rocquencourt,France Peter Schwabe Radboud University Nijmegen, The Netherlands Thomas Shrimpton Portland State University, USA Nigel Smart University of Bristol, UK Francois-XavierStandaert Universit´e Catholique de Louvain, Belgium Damien Stehl´e E´cole Normale Sup´erieure de Lyon, France Willy Susilo University of Wollongong, Australia Tsuyoshi Takagi Kyushu University, Japan Vinod Vaikuntanathan University of Toronto, Canada Frederik Vercauteren KU Leuven, Belgium Xiaoyun Wang Tsinghua University, China Hoeteck Wee George Washington University, USA and E´cole Normale Sup´erieure, France Hongjun Wu Nanyang Technological University, Singapore External Reviewers Carlos Aguilar-Melchor Foteini Baldimtsi Masayuki Abe Subhadeep Banik Gergely Acs Paulo Barreto Shashank Agrawal Rishiraj Batacharrya Ahmad Ahmadi Lejla Batina Hadi Ahmadi Anja Becker Mohsen Alimomeni Mihir Bellare Joel Alwen Fabrice Benhamouda Prabhanjan Ananth Debajyoti Bera Gilad Asharov Daniel J. Bernstein Tomer Ashur Rishiraj Bhattacharyya Giuseppe Ateniese Gaetan Bisson Man Ho Au Olivier Blazy Jean-Philippe Aumasson C´eline Blondeau Pablo Azar Andrey Bogdanov Asiacrypt 2013 IX Alexandra Boldyreva Sanjam Garg Joppe W. Bos Lubos Gaspar Charles Bouillaguet Peter Gazi Christina Boura Ran Gelles Elette Boyle Essam Ghadafi Fabian van den Broek Choudary Gorantla Billy Bob Brumley Sergey Gorbunov Christina Brzuska Dov S. Gordon Angelo De Caro Louis Goubin Dario Catalano Matthew Green Andr´e Chailloux Vincent Grosso Melissa Chase Jens Groth Anupam Chattopadhyay Tim Gu¨neysu Chi Chen Fuchun Guo Jie Chen Jian Guo Jing Chen Divya Gupta Yu Chen Sourav Sen Gupta C´eline Chevalier Benoˆıt G´erard Ashish Choudhary Dong-Guk Han HeeWon Chung Jinguang Han Kai-Min Chung Carmit Hazay Deepak Kumar Dalai Nadia Heninger M. Prem Laxman Das Jens Hermans Gareth Davies Florian Hess Yi Deng Shoichi Hirose Maria Dubovitskaya Viet Tung Hoang Fran¸cois Durvaux Jaap-Henk Hoepmann Barı¸s Ege Dennis Hofheinz Nicolas Estibals Hyunsook Hong Xinxin Fan Jin Hong Pooya Farshim Qiong Huang Sebastian Faust Tao Huang Nelly Fazio Yan Huang Serge Fehr Fei Huo Dario Fiore Michael Hutter Marc Fischlin Jung Yeon Hwang Georg Fuchsbauer Takanori Isobe Eichiro Fujisaki Mitsugu Iwamoto Jun Furukawa Abhishek Jain Philippe Gaborit Stanislaw Jarecki Tommaso Gagliardoni Mahavir Jhawar Martin Gagne Shoaquan Jiang Steven Galbraith Ari Juels David Galindo Marc Kaplan Nicolas Gama Koray Karabina X Asiacrypt 2013 Aniket Kate Yusuke Naito Jonathan Katz Mar´ıa Naya-Plasencia Liam Keliher Gregory Neven St´ephanie Kerckhof Khoa Nguyen Hyoseung Kim Antonio Nicolosi Kitak Kim Ivica Nikoli´c Minkyu Kim Ryo Nishimaki Sungwook Kim Ryo Nojima Taechan Kim Adam O’Neill Yuichi Komano Cristina Onete Takeshi Koshiba Elisabeth Oswald Anna Krasnova Ilya Ozerov Fabien Laguillaumie Omkant Pandey Russell W.F. Lai Tapas Pandit Adeline Langlois Jong Hwan Park Jooyoung Lee Seunghwan Park Kwangsu Lee Michal Parusinski Moon Sung Lee Valerio Pastro Younho Lee Arpita Patra Tancr`ede Lepoint Goutam Paul Ga¨etan Leurent Roel Peeters Anthony Leverrier Christopher Peikert Huijia Rachel Lin Milinda Perera Feng-Hao Liu Ludovic Perret Zhenhua Liu Thomas Peters Zongbin Liu Christophe Petit Adriana L´opez-Alt Duong Hieu Phan Atul Luykx Bertram Poettering Vadim Lyubashevsky Joop van de Pol Arpita Maitra Gordon Proctor Hemanta Maji Emmanuel Prouff Cuauhtemoc Mancillas-L´opez Elizabeth Quaglia Kalikinkar Mandal Somindu C Ramanna Takahiro Matsuda Mariana Raykova Alexander May Christian Rechberger Sarah Meiklejohn Francesco Regazzoni Florian Mendel Oscar Reparaz Alfred Menezes Reza Reyhanitabar Kazuhiko Minematsu Thomas Ristenpart Marine Minier Damien Robert Rafael Misoczki Thomas Roche Amir Moradi Mike Rosulek Tal Moran Sujoy Sinha Roy Kirill Morozov Sushmita Ruj PratyayMukherjee Carla R`afols