Jean-Sébastien Coron Jesper Buus Nielsen (Eds.) 2 1 2 0 Advances in Cryptology – 1 S C EUROCRYPT 2017 N L 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques Paris, France, April 30 – May 4, 2017, Proceedings, Part III 123 Lecture Notes in Computer Science 10212 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zurich, Switzerland John C. Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany More information about this series at http://www.springer.com/series/7410 é Jean-S bastien Coron Jesper Buus Nielsen (Eds.) (cid:129) – Advances in Cryptology EUROCRYPT 2017 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques – Paris, France, April 30 May 4, 2017 Proceedings, Part III 123 Editors Jean-Sébastien Coron Jesper BuusNielsen University of Luxembourg Aarhus University Luxembourg Aarhus Luxembourg Denmark ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notesin Computer Science ISBN 978-3-319-56616-0 ISBN978-3-319-56617-7 (eBook) DOI 10.1007/978-3-319-56617-7 LibraryofCongressControlNumber:2017936355 LNCSSublibrary:SL4–SecurityandCryptology ©InternationalAssociationforCryptologicResearch2017 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictionalclaimsin publishedmapsandinstitutionalaffiliations. Printedonacid-freepaper ThisSpringerimprintispublishedbySpringerNature TheregisteredcompanyisSpringerInternationalPublishingAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Preface Eurocrypt 2017, the 36th annual International Conference on the Theory and Appli- cationsofCryptographicTechniques,washeldinParis,France,fromApril30toMay 4, 2017. The conference was sponsored by the International Association for Crypto- logic Research (IACR). Michel Abdalla (ENS, France) was responsible for the local organization. He was supported by a local organizing team consisting of David Pointcheval(ENS,France),EmmanuelProuff(Morpho,France),FabriceBenhamouda (ENS, France), Pierre-Alain Dupoint (ENS, France), and Tancrède Lepoint (SRI International). We are indebted to them for their support and smooth collaboration. The conference program followed the now established parallel track system where the works of the authors were presented in two concurrently running tracks. Only the invited talks spanned over both tracks. We received a total of 264 submissions. Each submission was anonymized for the reviewing process and was assigned to at least three of the 56 Program Committee members.Submissionsco-authoredbycommitteememberswereassignedtoatleastfour members.Committeememberswereallowedtosubmitatmostonepaper,ortwoifboth wereco-authored.Thereviewingprocessincludedafirst-roundnotificationfollowedbya rebuttal for papers that made it to the second round. After extensive deliberations the ProgramCommitteeaccepted67papers.Therevisedversionsofthesepapersareincluded inthesethree-volumeproceedings,organizedtopicallywithintheirrespectivetrack. The committee decided togive the Best Paper Award to the paper “Scrypt Is Max- imallyMemory-Hard”byJoëlAlwen,BinyiChen,KrzysztofPietrzak,LeonidReyzin, andStefanoTessaro.Thetworunners-uptotheaward,“Computationofa768-bitPrime Field Discrete Logarithm,” by Thorsten Kleinjung, Claus Diem, Arjen K. Lenstra, Christine Priplata, and Colin Stahlke, and “Short Stickelberger Class Relations and ApplicationtoIdeal-SVP,”byRonaldCramer,LéoDucas,andBenjaminWesolowski, received honorable mentions. All three papers received invitations for the Journal of Cryptology. The program also included invited talks by Gilles Barthe, titled “Automated Proof for Cryptography,” and by Nigel Smart, titled “Living Between the Ideal and Real Worlds.” We would like to thank all the authors who submitted papers. We know that the Program Committee’sdecisions, especiallyrejectionsofverygoodpapers thatdidnot find a slot in the sparse number of accepted papers, can be very disappointing. We sincerely hope that your works eventually get the attention they deserve. WearealsoindebtedtotheProgramCommitteemembersandallexternalreviewers fortheirvoluntarywork,especiallysincethenewlyestablishedandunifiedpagelimits and the increasing number of submissions induce quite a workload. It has been an honor to work with everyone. The committee’s work was tremendously simplified by Shai Halevi’s submission software and his support, including running the service on IACR servers. VI Preface Finally,wethankeveryoneelse—speakers,sessionchairs,andrumpsessionchairs —fortheircontributiontotheprogramofEurocrypt2017.Wewouldalsoliketothank Thales, NXP, Huawei, Microsoft Research, Rambus, ANSSI, IBM, Orange, Safran, Oberthur Technologies, CryptoExperts, and CEA Tech for their generous support. May 2017 Jean-Sébastien Coron Jesper Buus Nielsen Eurocrypt 2017 The 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques Sponsored by the International Association for Cryptologic Research 30 April – 4 May 2017 Paris, France General Chair Michel Abdalla ENS, France Program Co-chairs Jean-Sébastien Coron University of Luxembourg Jesper Buus Nielsen Aarhus University, Denmark Program Committee Gilad Asharov Cornell Tech, USA Nuttapong Attrapadung AIST, Japan Fabrice Benhamouda ENS, France and IBM, USA Nir Bitansky MIT, USA Andrey Bogdanov Technical University of Denmark Alexandra Boldyreva Georgia Institute of Technology, USA Chris Brzuska Technische Universität Hamburg, Germany Melissa Chase Microsoft, USA Itai Dinur Ben-Gurion University, Israel Léo Ducas CWI, Amsterdam, The Netherlands Stefan Dziembowski University of Warsaw, Poland Nicolas Gama Inpher, Switzerland and University of Versailles, France Pierrick Gaudry CNRS, France Peter Gaži IST Austria, Austria Niv Gilboa Ben-Gurion University, Israel Robert Granger EPFL, Switzerland Nathan Keller Bar Ilan University, Israel Aggelos Kiayias University of Edinburgh, UK Eike Kiltz Ruhr-Universität Bochum, Germany VIII Eurocrypt 2017 Vladimir Kolesnikov Bell Labs, USA Ranjit Kumaresan MIT, USA Eyal Kushilevitz Technion, Israel Gregor Leander Ruhr-University Bochum, Germany Tancrède Lepoint SRI International, USA Benoît Libert ENS de Lyon, France San Ling Nanyang Technological University, Singapore Anna Lysyanskaya Brown University, USA Tal Malkin Columbia University, USA Willi Meier FHNW, Switzerland Florian Mendel Graz University of Technology, Austria Bart Mennink K.U. Leuven, Belgium Ilya Mironov Google, USA María Naya-Plasencia Inria, France Ivica Nikolić Nanyang Technological University, Singapore Miyako Ohkubo NICT, Japan Rafail Ostrovsky UCLA, USA Omkant Pandey Stony Brook University, USA Omer Paneth Boston University, USA Chris Peikert University of Michigan, USA Thomas Peters UCL, Belgium Krzysztof Pietrzak IST Austria, Austria Emmanuel Prouff Morpho, France Leonid Reyzin Boston University, USA Louis Salvail University of Montreal, Canada Yu Sasaki NTT Secure Platform Laboratories, Japan Abhi Shelat University of Virginia, USA Elaine Shi Cornell University, USA Martijn Stam University of Bristol, UK Damien Stehlé ENS de Lyon, France John P. Steinberger Tsinghua University, China Ingrid Verbauwhede K.U. Leuven, Belgium Brent Waters University of Texas, USA Daniel Wichs Northeastern University, USA Mark Zhandry Princeton University, USA Additional Reviewers Michel Abdalla Martin Albrecht Daniel Apon Masayuki Abe Ghada Almashaqbeh Benny Applebaum Aysajan Abidin Jacob Alperin-Sheriff Christian Badertscher Hamza Abusalah Joël Alwen Saikrishna Divesh Aggarwal Abdelrahaman Aly Badrinarayanan Shashank Agrawal Elena Andreeva Shi Bai Navid Alamati Yoshinori Aono Josep Balasch Eurocrypt2017 IX Foteini Baldimtsi Ivan Damgård Shoichi Hirose Marshall Ball Jean Paul Degabriele Viet Tung Hoang Valentina Banciu Akshay Degwekar Justin Holmgren Subhadeep Banik David Derler Fumitaka Hoshino Razvan Barbulescu Apoorvaa Deshpande Pavel Hubácěk Guy Barwell Julien Devigne Ilia Iliashenko Carsten Baum Christoph Dobraunig Laurent Imbert Anja Becker Frédéric Dupuis Takanori Isobe Christof Beierle Nico Döttling Tetsu Iwata Amos Beimel Maria Eichlseder Malika Izabachene Sonia Belaïd Keita Emura Kimmo Jarvinen Shalev Ben-David Xiong Fan Eliane Jaulmes Iddo Bentov Pooya Farshim Dimitar Jetchev Jean-François Biasse Sebastian Faust Daniel Jost Begul Bilgin Omar Fawzi Marc Joye Olivier Blazy Dario Fiore Herve Kalachi Xavier Bonnetain Ben Fisch Seny Kamara Joppe Bos Benjamin A. Fisch Chethan Kamath Christina Boura Nils Fleischhacker Angshuman Karmakar Florian Bourse Georg Fuchsbauer Pierre Karpman Luis Brandao Eiichiro Fujisaki Nikolaos Karvelas Dan Brownstein Steven Galbraith Marcel Keller Chris Campbell Chaya Ganesh Elena Kirshanova Ran Canetti Juan Garay Fuyuki Kitagawa Anne Canteaut Sumegha Garg Susumu Kiyoshima Angelo De Caro Romain Gay Thorsten Kleinjung Ignacio Cascudo Ran Gelles Lars Knudsen David Cash Mariya Georgieva Konrad Kohbrok Wouter Castryck Benedikt Gierlichs Markulf Kohlweiss Hubert Chan Oliver W. Gnilke Ilan Komargodski Nishanth Chandran Faruk Göloğlu Venkata Koppula Jie Chen Sergey Gorbunov Thomas Korak Yilei Chen Dov Gordon Lucas Kowalczyk Nathan Chenette Rishab Goyal Thorsten Kranz Mahdi Cheraghchi Hannes Gross Fabien Laguillaumie Alessandro Chiesa Vincent Grosso Kim Laine Ilaria Chillotti Jens Groth Virginie Lallemand Sherman S.M. Chow Daniel Gruss Adeline Langlois Kai-Min Chung Jian Guo Hyung Tae Lee Michele Ciampi Siyao Guo Jooyoung Lee Ran Cohen Qian Guo Kwangsu Lee Craig Costello Benoît Gérard Troy Lee Alain Couvreur Felix Günther Kevin Lewi Claude Crépeau Britta Hale Huijia (Rachel) Lin Edouard Cuvelier Carmit Hazay Jiao Lin Guillaume Dabosville Felix Heuer Wei-Kai Lin