Lecture Notes in Computer Science 5921 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen TUDortmundUniversity,Germany MadhuSudan MicrosoftResearch,Cambridge,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum Max-PlanckInstituteofComputerScience,Saarbruecken,Germany Matthew G. Parker (Ed.) Cryptography and Coding 12th IMA International Conference Cryptography and Coding 2009, Cirencester, UK December 15-17, 2009, Proceedings 1 3 VolumeEditor MatthewG.Parker UniversityofBergen TheSelmerCentre DepartmentofInformatics P.O.Box7800 N-5020,Bergen,Norway E-mail:[email protected] LibraryofCongressControlNumber:2009939840 CRSubjectClassification(1998):E.3,D.4.6,K.6.5,G.1.3,I.1,G.2 LNCSSublibrary:SL4–SecurityandCryptology ISSN 0302-9743 ISBN-10 3-642-10867-9SpringerBerlinHeidelbergNewYork ISBN-13 978-3-642-10867-9SpringerBerlinHeidelbergNewYork Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. springer.com ©Springer-VerlagBerlinHeidelberg2009 PrintedinGermany Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SPIN:12807253 06/3180 543210 Preface The12thintheseriesofIMAConferencesonCryptographyandCodingwasheld at the RoyalAgriculturalCollege,Cirencester,December 15–17,2009.The pro- gram comprised 3 invited talks and 26 contributed talks. The contributed talks werechosenbyathoroughreviewingprocessfrom53submissions.Oftheinvited andcontributedtalks,28arerepresentedaspapersinthisvolume.Thesepapers are grouped loosely under the headings: Coding Theory, Symmetric Cryptog- raphy, Security Protocols, Asymmetric Cryptography, Boolean Functions, and Side Channels and Implementations. Numerous people helped to make this conference a success. To begin with I would like to thank all members of the Technical Program Committee who put a great deal of effort into the reviewing process so as to ensure a high- quality program.Moreover,I wish to thank a number of people, external to the committee, who also contributed reviews on the submitted papers. Thanks, of course,mustalsogotoallauthorswhosubmittedpaperstotheconference,both those rejected and accepted. The review process was also greatly facilitated by the use of the Web-submission-and-review software, written by Shai Halevi of IBM Research, and I would like to thank him for making this package available to the community. The invited talks were given by Frank Kschischang, Ronald Cramer, and Alexander Pott, and two of these invited talks appear as papers in this volume. A particularthanks goes to these invitedspeakers,eachofwhom is well-known, notonlyforbeingaworld-leaderintheirfield,butalsofortheirparticularability to communicate their expertise in an enjoyable and stimulating manner. I would like to thank Amy Marsh and all those at the IMA. In particular I would like to thank Amy for her cheerful efficiency in dealing with the many administrativeaspectsofthe conferenceandgently remindingme ofthings that needed to be done. It was a pleasure to work with her. We are grateful for the sponsorship provided by Vodafone for the conference, and I would also like to thank all at Springer for their hard work in publishing these proceedings. December 2009 Matthew G. Parker Cryptography and Coding 12th IMA International Conference Proceedings Royal Agricultural College, Cirencester, UK December 15–17,2009 Program Committee Steve Babbage Vodafone Group Services Ltd. Mohammed Benaissa University of Sheffield, UK Pascale Charpin INRIA Rocquencourt, Paris, France Liqun Chen Hewlett-Packard, USA Carlos Cid Royal Holloway, University of London, UK Tuvi Etzion Technion, Israel Bahram Honary Lancaster University, UK Jon-Lark Kim University of Louisville, USA Gohar Kyureghyan University of Magdeburg, Germany Gary McGuire University College Dublin, Ireland Alfred Menezes University of Waterloo, Canada David Naccache Ecole Normale Superieure, France Matthew G. Parker UniversityofBergen,Norway(ProgramChair) Matt Robshaw Orange Labs, Paris, France Ana Salagean LoughboroughUniversity, UK Hans Georg Schaathun University of Surrey, UK Michael Scott Dublin City University, Ireland Amin Shokrollahi EPFL, Lausanne, Switzerland Nigel Smart University of Bristol, UK Patrick Sol´e Telecom ParisTech, Paris,France Frederik Vercauteren K. U. Leuven, Belgium Guilin Wang University of Birmingham, UK KyeongcheolYang Pohang University of Science and Technology, South Korea Gilles Zemor University of Bordeaux, France Steering Committee Bahram Honary Lancaster University, UK Chris Mitchell Royal Holloway, University of London, UK Kenny Paterson Royal Holloway, University of London, UK Fred Piper Royal Holloway, University of London, UK Nigel Smart University of Bristol, UK Steven Galbraith Auckland University, New Zealand VIII Organization External Reviewers Anne Canteaut Atefeh Mashatan Gregory Neven Martin Albrecht Pierrick Gaudry Elisabeth Oswald Karim Belabas Faruk Goeloglu Christophe Petit Nick Bone Yun Kyung Han Thomas Peyrin Sebastien Canard Florian Hess Eric Schost Anne Canteaut Christine Kelley Yannick Seurin Srdjan Capkun Kyung-Joong Kim Deian Stefan Guilhem Castagnos Markulf Kohlweiss Michael Vielhaber Wouter Castryck Francoise Levy-dit-Vehel Pascal Vontobel Herv Chabanne Fagen Li Bogdan Warinschi Jin-Ho Chung Carlos Aguilar Melchor Vitaly Skatchek Yi Deng Table of Contents Coding Theory Subspace Codes.................................................. 1 Azadeh Khaleghi, Danilo Silva, and Frank R. Kschischang On Linear Programming Decoding on a Quantized Additive White Gaussian Noise Channel .......................................... 22 Eirik Rosnes Codes as Modules over Skew PolynomialRings ...................... 38 Delphine Boucher and Felix Ulmer On Higher Weights and Code Existence............................. 56 Hans Georg Schaathun Mass Formula for Even Codes over ZZ ............................. 65 8 Koichi Betsumiya, Rowena Alma L. Betty, and Akihiro Munemasa On the Classification of Self-dual ZZ -Codes......................... 78 k Masaaki Harada and Akihiro Munemasa On Linear Codes from Maximal Curves............................. 91 Stefania Fanali Symmetric Cryptography On Linear Cryptanalysis with Many Linear Approximations........... 112 Benoˆıt G´erard and Jean-Pierre Tillich Bivium as a Mixed-Integer Linear ProgrammingProblem ............. 133 Julia Borghoff, Lars R. Knudsen, and Mathias Stolpe Security of Cyclic Double Block Length Hash Functions............... 153 Ewan Fleischmann, Michael Gorski, and Stefan Lucks Another Glance at Double-Length Hashing.......................... 176 Onur O¨zen and Martijn Stam Geometric Ideas for Cryptographic Equation Solving in Even Characteristic ................................................... 202 Sean Murphy and Maura B. Paterson X Table of Contents Security Protocols Provably Secure Code-Based Threshold Ring Signatures .............. 222 L´eonard Dallot and Damien Vergnaud A New Protocolfor the Nearby Friend Problem...................... 236 Sanjit Chatterjee, Koray Karabina, and Alfred Menezes Distributing the Key Distribution Centre in Sakai–Kasahara Based Systems ........................................................ 252 Martin Geisler and Nigel P. Smart Key Predistribution Schemes and One-Time Broadcast Encryption Schemes from Algebraic Geometry Codes ........................... 263 Hao Chen, San Ling, Carles Padro´, Huaxiong Wang, and Chaoping Xing Attribute-Based Encryption Supporting Direct/Indirect Revocation Modes.......................................................... 278 Nuttapong Attrapadung and Hideki Imai Certificate-Free Attribute Authentication ........................... 301 Dalia Khader, Liqun Chen, and James H. Davenport Asymmetric Cryptography Comparing with RSA............................................. 326 Julien Cathalo, David Naccache, and Jean-Jacques Quisquater Double-Exponentiation in Factor-4 Groups and Its Applications ....... 336 Koray Karabina Oracle-Assisted Static Diffie-Hellman Is Easier Than Discrete Logarithms...................................................... 351 Antoine Joux, Reynald Lercier, David Naccache, and Emmanuel Thom´e An Improvementto the Gaudry-SchostAlgorithmfor Multidimensional Discrete Logarithm Problems...................................... 368 Steven Galbraith and Raminder S. Ruprai Boolean Functions On Designs and Multiplier Groups Constructed from Almost Perfect Nonlinear Functions.............................................. 383 Yves Edel and Alexander Pott A New Family of Hyper-Bent Boolean Functions in Polynomial Form... 402 Sihem Mesnager Table of Contents XI The Rayleigh Quotient of Bent Functions ........................... 418 Lars Eirik Danielsen, Matthew G. Parker, and Patrick Sol´e Side Channels and Implementations Cache Timing Analysis of LFSR-Based Stream Ciphers ............... 433 Gregor Leander, Erik Zenner, and Philip Hawkes Optimal Recovery of Secret Keys from Weak Side Channel Traces...... 446 Werner Schindler and Colin D. Walter Practical Zero-KnowledgeProofs for Circuit Evaluation............... 469 Essam Ghadafi, Nigel P. Smart, and Bogdan Warinschi Author Index.................................................. 495