Topics in Cryptology ¿ CT-RSA 2008

The RSA Conference is the largest regularly-staged computer security event, with over 350 vendors and many thousands of attendees. The Cryptographers' Track (CT-RSA) is a research conference within the RSA Conference. CT-RSA began in 2001, and has become one of the major established venues for presenting cryptographic research papers to a wide variety of audiences. CT-RSA 2008 was held in San Francisco, California from April 8 to April 11. The proceedings of CT-RSA 2008 contain 26 papers selected from 95 subm- sions pertaining to all aspects of cryptography. Each submission was reviewed by at least three reviewers, which was made possible by the hard work of 27 P- gram Committee members and many external reviewers listed on the following pages. The papers were selected following a detailed online discussion among the Program Committee members. The program included an invited talk by Sha? Goldwasser. The current proceedings include a short abstract of her talk. I would like to express my deep gratitude to the Program Committee m- bers, who volunteered their expertise and hard work over several months, as well as to the external reviewers. Special thanks to Shai Halevi for providing and maintaining the Web review system used for paper submission, reviewing, and ?nal-version preparation. Finally, I would like to thank Burt Kaliski and Ari Juels of RSA Laboratories, as well as the RSA conference team, especially Bree LaBollita, for their assistance throughout the process.

Coverage in this proceedings volume includes hash function cryptanalysis, fairness in secure computation, message authentication codes, improved AES implementations, public key encryption with special properties, and cryptographic protocols.

Hash Function Cryptanalysis.- Security of MD5 Challenge and Response: Extension of APOP Password Recovery Attack.- Cryptanalysis of a Hash Function Based on Quasi-cyclic Codes.- Linear-XOR and Additive Checksums Don't Protect Damgård-Merkle Hashes from Generic Attacks.- Cryptographic Building Blocks.- Efficient Fully-Simulatable Oblivious Transfer.- Separation Results on the "One-More" Computational Problems.- Fairness in Secure Computation.- An Efficient Protocol for Fair Secure Two-Party Computation.- Efficient Optimistic Fair Exchange Secure in the Multi-user Setting and Chosen-Key Model without Random Oracles.- Legally-Enforceable Fairness in Secure Two-Party Computation.- Message Authentication Codes.- Security of NMAC and HMAC Based on Non-malleability.- Aggregate Message Authentication Codes.- Improved AES Implementations.- Boosting AES Performance on a Tiny Processor Core.- A Fast and Cache-Timing Resistant Implementation of the AES.- Public Key Encryption with Special Properties.- Identity-Based Threshold Key-Insulated Encryption without Random Oracles.- CCA2 Secure IBE: Standard Model Efficiency through Authenticated Symmetric Encryption.- Public-Key Encryption with Non-interactive Opening.- Side Channel Cryptanalysis.- A Vulnerability in RSA Implementations Due to Instruction Cache Analysis and Its Demonstration on OpenSSL.- Fault Analysis Study of IDEA.- Susceptibility of UHF RFID Tags to Electromagnetic Analysis.- Cryptography for Limited Devices.- Online/Offline Signature Schemes for Devices with Limited Computing Capabilities.- RFID Security: Tradeoffs between Security and Efficiency.- Invited Talk.- Program Obfuscation and One-Time Programs.- Key Exchange.- Efficient Two-Party Password-Based Key Exchange Protocols in the UC Framework.- BeyondSecret Handshakes: Affiliation-Hiding Authenticated Key Exchange.- Cryptanalysis.- Improving the Efficiency of Impossible Differential Cryptanalysis of Reduced Camellia and MISTY1.- Small Secret Key Attack on a Variant of RSA (Due to Takagi).- Cryptographic Protocols.- Super-Efficient Verification of Dynamic Outsourced Databases.- A Latency-Free Election Scheme.