Lecture Notes in Computer Science 4964 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen UniversityofDortmund,Germany MadhuSudan MassachusettsInstituteofTechnology,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum Max-PlanckInstituteofComputerScience,Saarbruecken,Germany Tal Malkin (Ed.) Topics in Cryptology – CT-RSA 2008 The Cryptographers’Track at the RSA Conference 2008 San Francisco, CA, USA,April 8-11, 2008 Proceedings 1 3 VolumeEditor TalMalkin ColumbiaUniversity DepartmentofComputerScience 514CSC,1214AmsterdamAvenueMC0401 NewYork,NY10027-7003,USA E-mail:[email protected] LibraryofCongressControlNumber:2008924621 CRSubjectClassification(1998):E.3,G.2.1,D.4.6,K.6.5,K.4.4,F.2.1-2,C.2,J.1 LNCSSublibrary:SL4–SecurityandCryptology ISSN 0302-9743 ISBN-10 3-540-79262-7SpringerBerlinHeidelbergNewYork ISBN-13 978-3-540-79262-8SpringerBerlinHeidelbergNewYork Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. SpringerisapartofSpringerScience+BusinessMedia springer.com ©Springer-VerlagBerlinHeidelberg2008 PrintedinGermany Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SPIN:12257843 06/3180 543210 Preface The RSA Conference is the largest regularly-staged computer security event, with over 350 vendors and many thousands of attendees. The Cryptographers’ Track (CT-RSA) is a researchconference within the RSA Conference. CT-RSA beganin2001,andhasbecomeoneofthemajorestablishedvenuesforpresenting cryptographicresearchpaperstoawide varietyofaudiences.CT-RSA2008was held in San Francisco, California from April 8 to April 11. TheproceedingsofCT-RSA2008contain26papersselectedfrom95submis- sions pertaining to all aspects of cryptography. Each submission was reviewed byatleastthreereviewers,whichwasmadepossiblebythehardworkof27Pro- gram Committee members and many external reviewers listed on the following pages.Thepaperswereselectedfollowingadetailedonlinediscussionamongthe Program Committee members. The program included an invited talk by Shafi Goldwasser. The current proceedings include a short abstract of her talk. I would like to express my deep gratitude to the Program Committee mem- bers, who volunteered their expertise and hard work over several months, as well as to the external reviewers. Special thanks to Shai Halevi for providing and maintaining the Web review system used for paper submission, reviewing, and final-version preparation. Finally, I would like to thank Burt Kaliski and Ari Juels of RSA Laboratories, as well as the RSA conference team, especially Bree LaBollita, for their assistance throughout the process. February 2008 Tal Malkin CT-RSA 2008 The Cryptographers’Track of the RSA Conference Moscone Center, San Francisco, CA, USA April 8–11, 2008 Program Chair Tal Malkin, Columbia University, USA Program Committee Masayuki Abe NTT Corporation, Japan Feng Bao Institute for Infocomm Research, Singapore Dario Catalano Universita` di Catania, Italy Orr Dunkelman Katholieke Universiteit Leuven, Belgium Nelly Fazio IBM Almaden Research Center, USA Marc Fischlin Darmstadt University of Technology, Germany Michael Freedman Princeton University, USA Stuart Haber HP Labs, USA Danny Harnik IBM Haifa Research Lab, Israel Susan Hohenberger Johns Hopkins University, USA Aggelos Kiayias University of Connecticut, USA Eike Kiltz CWI, The Netherlands Ilya Mironov Microsoft Research, USA Kobbi Nissim Ben Gurion University, Israel Satoshi Obana NEC, Japan Elisabeth Oswald University of Bristol, UK Kunsoo Park Seoul National University, Korea Rafael Pass Cornell University, USA Josef Pieprzyk Macquarie University, Australia Tal Rabin IBM T.J. Watson Research Center, USA Matt Robshaw France T´el´ecom,France Rei Safavi-Naini University of Calgary, Canada Alice Silverberg UC Irvine, USA Adam Smith Pennsylvania State University, USA Franc¸ois-Xavier Standaert UCL, Belgium Eran Tromer MIT, USA Yiqun Lisa Yin Independent Consultant, USA VIII Organization External Reviewers Joel Alwen Seny Kamara Raj Rajagopalan Nuttapong Attrapadung Franc¸ois Koeune Nalini Ratha Lejla Batina Hugo Krawczyk Vincent Rijmen Amos Beimel Mario Lamberger Thomas Ristenpart Come Berbain Tanja Lange Tom Roeder D.J. Bernstein Kerstin Lemke-Rust Guy Rothblum Guido Bertoni Tieyan Li Tomas Sander Olivier Billet Benoit Libert Bagus Santoso Carl Bosley Huijia (Rachel) Lin Dominique Schr¨oder Chris Charnes Jennifer Lindsay Jean-Pierre Seifert Jiun-Ming Chen Stefan Mangard Nicolas Sendrier Lily Chen Krystian Matusiewicz Hovav Shacham Joo Yeon Cho Alexander May Siamak Shahandashti Baudoin Collard Pradeep Kumar Mishra Zhijie Shi Scott Contini David Molnar Igor Shparlinski Glenn Durfee Tal Moran Michal Sramka Jean-Charles Faug`ere Shiho Moriai Ron Steinfeld Martin Feldhofer Phong Q. Nguyen Tamir Tassa Dario Fiore Antonio Nicolosi Stefan Tillich Craig Gentry Svetla Nikova Dustin Tseng Benedikt Gierlichs Miyako Ohkubo Vinod Vaikuntanathan Rob Granger Yossi Oren Muthu Matthew Green Dag Arne Osvik Venkitasubramaniam Johann Großscha¨dl Serdar Pehlivanoglu Shabsi Walfish Iryna Gurevych Chris Peikert Zhenghong Wang Shai Halevi Pedro Peris-Lopez William Whyte Jason Hinek Ray Perlner Jin Yuan Dennis Hofheinz Duong Hieu Phan Hong Sheng Zhou Shaoquan Jiang Krzysztof Pietrzak Hong-Sheng Zhou Antoine Joux Benny Pinkas Marc Joye Gilles Piret Marcelo Kaihara Mario Di Raimondo Table of Contents Hash Function Cryptanalysis Security of MD5 Challenge and Response: Extension of APOP PasswordRecovery Attack ........................................ 1 Yu Sasaki, Lei Wang, Kazuo Ohta, and Noboru Kunihiro Cryptanalysis of a Hash Function Based on Quasi-cyclic Codes ........ 19 Pierre-Alain Fouque and Ga¨etan Leurent Linear-XOR and Additive Checksums Don’t Protect Damg˚ard-Merkle Hashes from Generic Attacks ...................................... 36 Praveen Gauravaram and John Kelsey Cryptographic Building Blocks Efficient Fully-Simulatable Oblivious Transfer ....................... 52 Andrew Y. Lindell Separation Results on the“One-More”Computational Problems ....... 71 Emmanuel Bresson, Jean Monnerat, and Damien Vergnaud Fairness in Secure Computation An Efficient Protocolfor Fair Secure Two-PartyComputation ......... 88 Mehmet S. Kiraz and Berry Schoenmakers EfficientOptimistic Fair ExchangeSecure in the Multi-user Setting and Chosen-Key Model without Random Oracles ........................ 106 Qiong Huang, Guomin Yang, Duncan S. Wong, and Willy Susilo Legally-EnforceableFairness in Secure Two-Party Computation........ 121 Andrew Y. Lindell Message Authentication Codes Security of NMAC and HMAC Based on Non-malleability.............. 138 Marc Fischlin Aggregate Message Authentication Codes ........................... 155 Jonathan Katz and Andrew Y. Lindell