LNCS 8616 Juan A Garay Rosario Gennaro (Eds.) Advances in Cryptology – CRYPTO 2014 34th Annual Cryptology Conference Santa Barbara, CA, USA, August 17–21, 2014 Proceedings, Part I 123 Lecture Notes in Computer Science Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M Kleinberg Cornell University, Ithaca, NY, USA Alfred Kobsa University of California, Irvine, CA, USA Friedemann Mattern ETH Zurich, Switzerland John C Mitchell Stanford University, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel Oscar Nierstrasz University of Bern, Switzerland C Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbruecken, Germany 8616 Juan A Garay Rosario Gennaro (Eds.) Advances in Cryptology – CRYPTO 2014 34th Annual Cryptology Conference Santa Barbara, CA, USA, August 17-21, 2014 Proceedings, Part I 13 Volume Editors Juan A Garay Yahoo Labs 701 First Avenue Sunnyvale, CA 94089, USA E-mail: garay@yahoo-inc.com Rosario Gennaro The City College of New York 160 Convent Avenue New York, NY 10031, USA E-mail: rosario@cs.ccny.cuny.edu ISSN 0302-9743 e-ISSN 1611-3349 e-ISBN 978-3-662-44371-2 ISBN 978-3-662-44370-5 DOI 10.1007/978-3-662-44371-2 Springer Heidelberg New York Dordrecht London Library of Congress Control Number: 2014944726 LNCS Sublibrary: SL – Security and Cryptology © International Association for Cryptologic Research 2014 This work is subject to copyright All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed Exempted from this legal reservation are brief excerpts in connection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’s location, in ist current version, and permission for use must always be obtained from Springer Permissions for use may be obtained through RightsLink at the Copyright Clearance Center Violations are liable to prosecution under the respective Copyright Law The use of general descriptive names, registered names, trademarks, service marks, etc in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made The publisher makes no warranty, express or implied, with respect to the material contained herein Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, India Printed on acid-free paper Springer is part of Springer Science+Business Media (www.springer.com) Preface CRYPTO 2014, the 34rd Annual International Cryptology Conference, was held August 17–21, 2014, on the campus of the University of California, Santa Barbara The event was sponsored by the International Association for Cryptologic Research (IACR) in cooperation with the UCSB Computer Science Department The program represents the recent significant advances and trends in all areas of cryptology Out of 227 submissions, 60 were included in the program; these two-volume proceedings contains the revised versions of all the papers Two of the papers shared a single presentation slot in the program The program also included two invited talks On Monday, Mihir Bellare from UCSD delivered the IACR Distinguished Lecture, entitled “Caught in Between Theory and Practice.” On Wednesday, Yael Tauman Kalai from Microsoft Research New England spoke about “How to Delegate Computations: The Power of No-Signalling Proofs.” As usual, the rump session took place on Tuesday evening, and was chaired by Dan Bernstein and Tanja Lange This year’s program continued the trend started last year of trying to accommodate as many high-quality submissions as possible, yielding a high number of accepted papers As a result, sessions were also held on Tuesday and Thursday afternoons, and presentations were kept short (20 minutes per paper, including questions and answers) The option of having parallel sessions, which would allow for longer presentations and an early adjournment on Thursday, was also discussed and decided against, since we assessed that our research field is still sufficiently homogeneous and the community would benefit from the option of attending all the talks However, we believe that future Program Committees should continue to explore possible options to implement some form of parallel sessions The submissions were reviewed by a Program Committee (PC) consisting of 38 leading researchers in the field, in addition to the two co-chairs Each PC member was allowed to submit one paper, plus an additional one if co-authored with a junior researcher (a student or a postdoc) PC-authored submissions were held to higher standards during the review process Papers were reviewed in a double-blind fashion Initially, each paper was assigned to three reviewers (four for PC-authored papers); during the discussion phase, when necessary, extra reviews were solicited The process also included a rebuttal phase after preliminary reviews were finalized, where authors received them and were given the option to comment on the reviews within a window of several days The authors’ comments were then taken into account in the discussions within the PC and the final reviews Despite being labor-intensive, we feel the rebuttal phase was a worthwhile process as it resulted in the significantly better understanding of many submissions As part of the discussion phase, the PC held a 1.5-day in-person meeting on May 15 and 16 in Copenhagen, Denmark, right after Eurocrypt VI Preface We would like to sincerely thank the authors of all submissions—those whose papers made it into the program and those whose papers did not Our deep appreciation also goes out to the PC members, who invested an extraordinaty amount of time in reviewing papers, interacting with the authors via the rebuttal mechanism, and participating in so many discussions on papers, their contribution, and the state of the art in their areas of expertise We also sympathize with the occasional frustration from seeing decisions go against personal recommendations and preferences, in spite of all the hard work We are also indebted to the many external reviewers who significantly contributed to the comprehensive evaluation of the submissions A list of PC members and external reviewers appears after this note Despite all our efforts, the list of external reviewers may contain errors or omissions; we apologize for that in advance We would like to thank Sasha Boldyreva, the general chair, for working closely with us throughout the whole process and providing the much needed support at every step, including artfully creating and maintaining the website and taking care of all aspects of the conference’s logistics—especially the in-person PC meeting arrangements As always, special thanks are due to Shai Halevi for his tireless support regarding the websubrev software, which we used for the whole conference planning and operation, including paper submission and evaluation and interaction among PC members and with the authors Alfred Hofmann and his colleagues at Springer provided a meticulous service for the timely production of these proceedings Finally, we would like to thank Google, Microsoft Research, and the National Science Foundation for their generous support August 2014 Juan A Garay Rosario Gennaro CRYPTO 2014 The 34rd International Cryptology Conference Sponsored by the International Association for Cryptologic Research General Chair Alexandra Boldyreva Georgia Institute of Technology, USA Program Co-Chairs Juan A Garay Rosario Gennaro Yahoo Labs, USA The City College of New York – CUNY, USA Program Committee Yevgeniy Dodis Orr Dunkelman Serge Fehr Pierre-Alain Fouque Craig Gentry Vipul Goyal Nadia Heninger Thomas Holenstein Yuval Ishai Dimitar Jetchev Aggelos Kiayias Kaoru Kurosawa Alexander May Ilya Mironov Payman Mohassel Jăorn Mă uller-Quade Mara Naya-Plasencia Claudio Orlandi Rafael Pass Christopher Peikert Krzysztof Pietrzak Leonid Reyzin Ron Rivest New York University, USA University of Haifa, Israel CWI, The Netherlands Universit´e Rennes I, France IBM Research, USA MSR India University of Pennsylvania, USA ETH, Switzerland Technion, Israel EPFL, Switzerland University of Athens, Greece Ibaraki University, Japan Ruhr-Universităat Bochum, Germany MSR, USA University of Calgary, Canada Karlruhe Institute of Technology, Germany Inria Paris-Rocquencourt, France Aarhus University, Denmark Cornell University, USA Georgia Institute of Technology, USA Institute of Science and Technology, Austria Boston University, USA MIT, USA VIII CRYPTO 2014 Amit Sahai Gil Segev Elaine Shi Tom Shrimpton Alice Silverberg Marc Stevens Katsuyuki Takashima Stefano Tessaro Vinod Vaikuntanathan Gilles Van Assche Muthu Venkitasubramanian Ivan Visconti Bogdan Warinschi Brent Waters Vassilis Zikas UCLA, USA Hebrew University, USA University of Maryland, USA Portland State University, USA UC Irvine, USA CWI, The Netherlands Mitsubishi Electric, Japan UC Santa Barbara, USA MIT, USA STMicroelectronics, Belgium University of Rochester, USA University of Salerno, Italy University of Bristol, UK UT Austin, USA ETH, Switzerland External Reviewers Michel Abdalla Masayuki Abe Arash Afshar Divesh Aggarwal Martin Albrecht Joel Alwen Scott Ames Prabhanjan Ananth Daniel Apon George Argyros Gilad Asharov Nuttapong Attrapadung Christian Badertscher Abhishek Banerjee Carsten Baum Amos Beimel Mihir Bellare David Bernhard Dan Bernstein Guido Bertoni Raghav Bhaskar Joppe Bos Elette Boyle Brandon Broadnax Christina Brzuska Ran Canetti Anne Canteaut Ignacio Cascudo David Cash Dario Catalano Andr Chailloux Nishanth Chandran Jie Chen Cheng Chen C´eline Chevalier Kai-Min Chung Aloni Cohen Henry Cohn Sandro Coretti Jean-Sebastien Coron Craig Costello Dana Dachman-Soled Joan Daemen Ivan Damg˚ ard Bernardo David Gregory Demay Yi Deng Itai Dinur Nico Doettling Rafael Dowsley Chandan Dubey Alexandre Duc Leo Ducas Alina Dudeanu Markus Duermuth Fr´ed´eric Dupuis Aner Ben Efraim Xiong Fan Antonio Faonio Sebastian Faust Dario Fiore Marc Fischlin Georg Fuchsbauer Benjamin Fuller Jun Furukawa Steven Galbraith Nicolas Gama Chaya Ganesh Peter Gaˇzi Ran Gelles Essam Ghadafi Sasha Golovnev Sergey Gorbunov Dov Gordon Robert Granger Jens Groth Divya Gupta Tim Gneysu CRYPTO 2014 Shai Halevi Sean Hallgren Moritz Hardt Brett Hemenway Yan Huang Jan Hazla William Skeith III Vincenzo Iovino Takashi Ito Ioana Ivan Tibor Jager Abhishek Jain David Jao Stanislaw Jarecki Mahavir Jhawar Antoine Joux Marc Joye Yael Kalai Seny Kamara Jean-Gabriel Kammerer Pierre Karpman Jonathan Katz Yutaka Kawai Nathan Keller Dakshita Khurana Eike Kiltz Thorsten Kleinjung Vlad Kolesnikov Venkata Koppula Daniel Kraschewski Hugo Krawczyk Sara Krehbiel Abishek Kumarasubramaniam Ranjit Kumaresan Robin Kă unzler Tanja Lange Gregor Leander Nikos Leonardos Anthony Leverrier Kevin Lewi Allison Bishop Lewko Benoit Libert Huijia (Rachel) Lin Yehuda Lindell Feng-Hao Liu Adriana Lopez-Alt Steve Lu Stefan Lucks Atul Luykx Vadim Lyubashevsky Mohammad Mahmoody Hemanta Maji Alex Malozemoff Mohammad Mammody Christian Matt Daniele Micciancio Andrea Miele Eric Miles Andrew Miller Brice Minaud Toru Nakanishi Jesper Buus Nielsen Valeria Nikolaenko Tobias Nilges Ryo Nishimaki Adam O’Neill Wakaha Ogata Cristina Onete Pascal Paillier Omkant Pandey Omer Paneth Dimitris Papadopoulos Charalampos Papamanthou Sunoo Park Anat Paskin-Cherniavsky Valerio Pastro Kenny Paterson Michal Peeters Ludovic Perret Christophe Petit Le Trieu Phong Stefano Pironio Manoj Prabhakaran Ananth Raghunathan Kim Ramchen Vanishree Rao Pavel Raykov IX Mariana Raykova Christian Rechberger Oded Regev Thomas Ristenpart Ben Riva Mike Rosulek Aaron Roth Yannis Rouselakis saeed Sadeghian Yusuke Sakai Katerina Samari Alessandra Scafuro Christian Schaffner Thomas Schneider Lior Seeman Nicolas Sendrier Karn Seth Yannick Seurin Barak Shani Nigel Smart Ben Smith Florian Speelman Fran¸cois-Xavier Standaert Damien Stehl´e John Steinberger Noah Stephens-Davidowitz Mario Streer Takeshi Sugawara Koutarou Suzuki Bjăorn Tackmann Qiang Tang Sidharth Telang Aris Tentes Isamu Teranishi R Seth Terashima Abhradeep Guha Thakurta Justin Thaler Emmanuel Thom Mehdi Tibouchi Jean-Pierre Tillich Joana Treger Roberto Trifiletti X CRYPTO 2014 Eran Tromer Yiannis Tselekounis Hoang Viet Tung Dominique Unruh Berkant Ustaoglu Prashant Vasudevan Thomas Vidick Dhinakaran Vinayagamurthy Akshay Wadia Gaven Watson Hoeteck Wee Daniel Wichs Shota Yamada Kazuki Yoneyama Thomas Zacharias Hila Zarosim Mark Zhandry Bingsheng Zhang Hong-Sheng Zhou Jens Zumbră agel ... Gerhard Weikum Max Planck Institute for Informatics, Saarbruecken, Germany 8616 Juan A Garay Rosario Gennaro (Eds.) Advances in Cryptology – CRYPTO 2014 34th Annual Cryptology Conference Santa... and elimination of timing side channels, both in cryptographic and non-cryptographic settings, with representative examples including [6,15] Further remarks We posed our initial question in the... support at every step, including artfully creating and maintaining the website and taking care of all aspects of the conference’s logistics—especially the in- person PC meeting arrangements As always,