Bart Preneel's research while affiliated with KU Leuven and other places

Publications (738)

Article
Given the high transaction confirmation latencies in public blockchains, cryp-tocurrencies such as Bitcoin, Ethereum, etc. are not yet suitable to support real-time services such as transactions on retail markets. There are several solutions to address this latency problem, with layer-2 solutions being the most promising ones. Existing layer-2 solu...
Article
The by now broadly accepted reliance of society on online services, led to a push for decentralization to mitigate the societal and technical risks caused by single points of failure (PoF). One such PoF are cryptographic keys. Thus there is renewed interest in threshold cryptography to distribute the generation and use of such keys. Structure-prese...
Chapter
GIFT-64 is a 64-bit block cipher with a 128-bit key that is more lightweight than PRESENT. This paper provides a detailed analysis of GIFT-64 against differential and linear attacks. Our work complements automatic search methods for the best differential and linear characteristics with a careful manual analysis. This hybrid approach leads to new in...
Chapter
Full-text available
We propose a new privacy-enhancing beacon scheme in Vehicle-to-Everything (V2X) communication systems and evaluate its effectiveness based on a simulation. With this scheme, vehicles dynamically adjusts their periodic transmission of Cooperative Awareness Message (CAM) and Basic Safety Message (BSM) messages based on the observation of surroundings...
Conference Paper
Logic access control enforces who can read and write data; the enforcement is typically performed by a fully trusted entity. At TCC 2016, Damgård et al. proposed Access Control Encryption (ACE) schemes where a predicate function decides whether or not users can read (decrypt) and write (encrypt) data, while the message secrecy and the users’ anonym...
Chapter
A growing number of lightweight block ciphers are proposed for environments such as the Internet of Things. An important contribution to the reduced implementation cost is a block length n of 64 or 96 bits rather than 128 bits. As a consequence, encryption modes and message authentication code (MAC) algorithms require security beyond the \(2^{n/2}\...
Article
A multi-forkcipher (MFC) is a generalization of the forkcipher (FC) primitive introduced by Andreeva et al. at ASIACRYPT’19. An MFC is a tweakable cipher that computes s output blocks for a single input block, with s arbitrary but fixed. We define the MFC security in the ind-prtmfp notion as indistinguishability from s tweaked permutations. General...
Article
We consider a generalized construction of stream ciphers with forward security. The design framework is modular: it is built from a so-called layer function that updates the key and (optionally) the nonce and generates a new pseudorandom output stream. We analyze the generalized construction for four different instantiations: two possible layer fun...
Article
Full-text available
Digital proximity tracing (DPT) for Sars-CoV-2 pandemic mitigation is a complex intervention with the primary goal to notify app users about possible risk exposures to infected persons. DPT not only relies on the technical functioning of the proximity tracing application and its backend server, but also on seamless integration of health system proc...
Article
Full-text available
We propose , a scalable, secure, and privacy-enhancing system for users to share and access vehicles. securely outsources operations of vehicle access token generation to a set of untrusted servers. It builds on an earlier proposal, namely DBLP:conf/esorics/SymeonidisAMMDP17, and extends the system design for improved efficiency and scalability. To...
Chapter
All academic methods to secure software implementations of block ciphers against adversaries with full control of the device have been broken. Despite the huge progress in the cryptanalysis of these white-box implementations, no recent progress has been made on the design side. Most of the white-box designs follow the CEJO framework, where each rou...
Conference Paper
Full-text available
Blockchain technology has attracted attention in the energy domain as a new decentralized infrastructure, with startups and researchers presenting new solutions to bring the benefits of decentralization to energy-related use cases. However , blockchains, or more specifically, public permissionless blockchains do not scale well. Scalability of block...
Preprint
Full-text available
We propose HERMES, a scalable, secure, and privacy-enhancing system for users to share and access vehicles. HERMES securely outsources operations of vehicle access token generation to a set of untrusted servers. It builds on an earlier proposal, namely SePCAR [1], and extends the system design for improved efficiency and scalability. To cater to sy...
Preprint
Full-text available
Digital proximity tracing (DPT) for Sars-CoV-2 pandemic mitigation is a complex intervention with the primary goal to notify app users about possible risk exposures to infected persons. Policymakers and DPT operators need to know whether their system works as expected in terms of speed or yield (performance) and whether DPT is making an effective c...
Preprint
Relay attacks pose an important threat in wireless ranging and authentication systems. Distance bounding protocols have been proposed as an effective countermeasure against these attacks and allow a verifier} and a prover to establish an upper bound on the distance between them. However, secure distance bounding protocols are hard to realize in pra...
Article
This work provides a critical review of the paper by Zaid et al. titled “Methodology for Efficient CNN Architectures in Profiling attacks”, which was published in TCHES Volume 2020, Issue 1. This work studies the design of CNN networks to perform side-channel analysis of multiple implementations of the AES for embedded devices. Based on the authors...
Preprint
Full-text available
This document describes and analyzes a system for secure and privacy-preserving proximity tracing at large scale. This system, referred to as DP3T, provides a technological foundation to help slow the spread of SARS-CoV-2 by simplifying and accelerating the process of notifying people who might have been exposed to the virus so that they can take a...
Article
Car manufacturers deploy vehicle immobiliser systems in order to prevent car theft. However, in many cases the underlying cryptographic primitives used to authenticate a transponder are proprietary in nature and thus not open to public scrutiny. In this paper we publish the proprietary Texas Instruments DST80 cipher used in immobilisers of several...
Chapter
We introduce a new technique for compressing the public keys of the UOV signature scheme that makes use of block-anti-circulant matrices. These matrices admit a compact representation as for every block, the remaining elements can be inferred from the first row. This space saving translates to the public key, which as a result of this technique can...
Article
Problems and their solutions of the Fifth International Students’ Olympiad in cryptography NSUCRYPTO’2018 are presented. We consider problems related to attacks on ciphers and hash functions, Boolean functions, quantum circuits, Enigma, etc. We discuss several open problems on orthogonal arrays, Sylvester matrices, and disjunct matrices. The proble...
Conference Paper
Full-text available
The security of immobiliser and Remote Keyless Entry systems has been extensively studied over many years. Passive Keyless Entry and Start systems, which are currently deployed in luxury vehicles, have not received much attention besides relay attacks. In this work we fully reverse engineer a Passive Keyless Entry and Start system and perform a tho...
Preprint
Problems and their solutions of the Fifth International Students' Olympiad in cryptography NSUCRYPTO'2018 are presented. We consider problems related to attacks on ciphers and hash functions, Boolean functions, quantum circuits, Enigma, etc. We discuss several open problems on orthogonal arrays, Sylvester matrices and disjunct matrices. The problem...
Conference Paper
Full-text available
With the increasing capabilities of wearable sensors and implantable medical devices, new opportunities arise to diagnose, control and treat several chronic conditions. Unfortunately, these advancements also open new attack vectors, making security an essential requirement for the further adoption of these devices. Researchers have already develope...
Article
The security of immobiliser and Remote Keyless Entry systems has been extensively studied over many years. Passive Keyless Entry and Start systems, which are currently deployed in luxury vehicles, have not received much attention besides relay attacks. In this work we fully reverse engineer a Passive Keyless Entry and Start system and perform a tho...
Article
Full-text available
Mathematical problems and their solutions from the fourth International Students’ Olympiad in cryptography (NSUCRYPTO-2017) are presented. We consider problems related to attacks on ciphers and hash functions, cryptographic Boolean functions, linear branch numbers, addition chains, and error correction codes, among others. We discuss several open p...
Chapter
We formalize the notion of a constrained linear trapdoor as an abstract strategy for the generation of signature schemes, concrete instantiations of which can be found in MQ-based, code-based, and lattice-based cryptography. Moreover, we revisit and expand on a transformation by Szepieniec et al. [39] to shrink the public key at the cost of a large...
Preprint
Full-text available
Mathematical problems and their solutions of the Fourth International Students' Olympiad in cryptography NSUCRYPTO'2017 are presented. We consider problems related to attacks on ciphers and hash functions, cryptographic Boolean functions, the linear branch number, addition chains, error correction codes, etc. We discuss several open problems on alg...
Article
Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the applications nor by Facebook and they have not given consent. This paper presents a detailed multi-faceted study on the collateral information collection...
Conference Paper
Full-text available
Implantable medical devices (IMDs) typically rely on proprietary protocols to wirelessly communicate with external device programmers. In this paper, we fully reverse engineer the proprietary protocol between a device programmer and a widely used commercial neurostimulator from one of the leading IMD manufacturers. For the reverse engineering, we f...
Book
This book constitutes the refereed proceedings of the 16th International Conference on on Applied Cryptography and Network Security, ACNS 2018, held in Leuven, Belgium, in July 2018. The 36 revised full papers presented were carefully reviewed and selected from 173 submissions. The papers were organized in topical sections named: Cryptographic Prot...
Chapter
Full-text available
This paper presents the design and implementation of a low-power privacy-preserving device tracking system based on Internet of Things (IOT) technology. The system consists of low-power nodes and a set of dedicated beacons. Each tracking node broadcasts pseudonyms and encrypted versions of observed beacon identifiers over a Low-Power Wide-Area Netw...
Conference Paper
Most Multivariate Quadratic (MQ) signature schemes have a very large public key, which makes them unsuitable for many applications, despite attractive features such as speed and small signature sizes. In this paper we introduce a modification of the Unbalanced Oil and Vinegar (UOV) signature scheme that has public keys which are an order of magnitu...
Conference Paper
Full-text available
Bitcoin has not only attracted many users but also been considered as a technical breakthrough by academia. However, the expanding potential of Bitcoin is largely untapped due to its limited throughput. The Bitcoin community is now facing its biggest crisis in history as the community splits on how to increase the throughput. Among various proposal...
Preprint
Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the applications nor by Facebook, and they have not given consent. This paper presents a detailed multi-faceted study of the collateral information collectio...
Conference Paper
This paper presents the design and implementation of a low-power privacy-preserving device tracking system based on Internet of Things (IoT) technology. The system consists of low-power nodes and a set of dedicated beacons. Each tracking node broadcasts pseudonyms and encrypted versions of observed beacon identifiers over a Low-Power Wide-Area Netw...
Article
Widespread use of biometric architectures implies the need to secure highly sensitive data to respect the privacy rights of the users. In this paper, we discuss the following question: To what extent can biometric designs be characterized as Privacy Enhancing Technologies? The terms of privacy and security for biometric schemes are defined, while c...
Article
We present a length doubler, LDT, that turns an n-bit tweakable block cipher into an efficient and secure cipher that can encrypt any bit string of length [n..2n − 1]. The LDT mode is simple, uses only two cryptographic primitive calls (while prior work needs at least four), and is a strong length-preserving pseudorandom permutation if the underlyi...
Conference Paper
We present an efficient secure and privacy-enhancing protocol for car access provision, named SePCAR. The protocol is fully decentralised and allows users to share their cars conveniently without sacrifising their security and privacy. It provides generation, update, revocation , and distribution mechanisms for access tokens to shared cars, as well...
Article
Full-text available
In pay-TV, a service provider offers TV programs and channels to users. To ensure that only authorized users gain access, conditional access systems (CAS) have been proposed. In existing CAS, users disclose to the service provider the TV programs and channels they purchase. We propose a pay-per-view and a pay-per-channel CAS that protect users’ pri...
Conference Paper
We present an efficient secure and privacy-enhancing protocol for car access provision, named SePCAR. The protocol is fully decentralised and allows users to share their cars conveniently without sacrifising their security and privacy. It provides generation, update, revocation, and distribution mechanisms for access tokens to shared cars, as well...
Article
The Sancus security architecture for networked embedded devices was proposed in 2013 at the USENIX Security conference. It supports remote (even third-party) software installation on devices while maintaining strong security guarantees. More specifically, Sancus can remotely attest to a software provider that a specific software module is running u...
Conference Paper
Full-text available
Physical-layer fingerprinting investigates how features extracted from radio signals can be used to uniquely identify devices. This paper proposes and analyses a novel methodology to fingerprint LoRa devices, which is inspired by recent advances in supervised machine learning and zero-shot image classification. Contrary to previous works, our metho...
Conference Paper
It is well known that multivariate quadratic (MQ) digital signature schemes have small signatures but huge public keys. However, in some settings, such as public key infrastructure (PKI), both variables are important. This paper explains how to transform any MQ signature scheme into one with a much smaller public key at the cost of a larger signatu...
Conference Paper
An increasing number of applications implemented on a SoC (System-on-chip) require security features. This work addresses the issue of protecting the integrity of code and read-only data that is stored in memory. To this end, we propose a new architecture called SCM, which works as a standalone IP core in a SoC. To the best of our knowledge, there...
Conference Paper
Full-text available
The Bitcoin mining protocol has been intensively studied and widely adopted by many other cryptocurrencies. However, it has been shown that this protocol is not incentive compatible, because the selfish mining strategy enables a miner to gain unfair rewards. Existing defenses either demand fundamental changes to block validity rules or have little...
Conference Paper
Full-text available
Implantable Medical Devices (IMDs) typically use proprietary protocols with no or limited security to wirelessly communicate with a device programmer. These protocols enable doctors to carry out critical functions, such as changing the IMD's therapy or collecting telemetry data, without having to perform surgery on the patient. In this paper, we fu...
Conference Paper
Full-text available
Distance Bounding (DB) is a security technique through which it is possible to determine an upper-bound on the physical distance between two parties (denoted as verifier and prover). These protocols typically combine physical properties of the communication channel with cryptographic challenge-response schemes. A key challenge to design secure DB p...
Conference Paper
Full-text available
Biometric designs have attracted attention in practical technological schemes with high requirements in terms of accuracy, security and privacy. Nevertheless, multimodalities have been approached with skepticism, as fusion deployments are affected by performance metrics. In this paper, we introduce a basic fusion model blueprint for a privacy-prese...
Conference Paper
Full-text available
User authentication based on biometrics is getting an increasing attention. However, privacy concerns for biometric data have impeded the adoption of cloud-based services for biometric authentica-tion. This paper proposes an efficient distributed two-factor authenti-cation protocol that is privacy-preserving even in the presence of col-luding inter...
Conference Paper
Full-text available
Due to ongoing changes in the power grid towards decentralised and highly volatile energy production, smart electricity meters are required to provide fine-grained measurement and timely remote access to consumption and production data. This enables flexible tariffing and dynamic load optimisation. As the power grid forms part of the critical infra...
Conference Paper
Full-text available
This paper proposes a novel physical keyless car sharing system where users can use and share their cars without the need of physical keys. It also provides a comprehensive security and privacy analysis of such a system. It first presents a high-level model for a keyless car sharing system, describing its main entities and specifying the necessary...
Conference Paper
Full-text available
Remote healthcare systems help doctors diagnose, monitor and treat chronic diseases by collecting data from Implantable Medical Devices (IMDs) through base stations that are often located in the patients’ house. In the future, these systems may also support bidirectional communication, allowing remote reprogramming of IMDs. As sensitive medical dat...
Conference Paper
Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user’s friends can collect and potentially misuse her personal data inflicting collateral damage on the user while leaving her without proper means of control. In this paper, we present a m...
Conference Paper
Many MAC (Message Authentication Code) algorithms have security bounds which degrade linearly with the message length. Often there are attacks that confirm the linear dependence on the message length, yet PMAC has remained without attacks. Our results show that PMAC’s message length dependence in security bounds is non-trivial. We start by studying...
Conference Paper
Lightweight cryptography strives to protect communication in constrained environments without sacrificing security. However, security often conflicts with efficiency, shown by the fact that many new lightweight block cipher designs have block sizes as low as 64 or 32 bits. Such low block sizes lead to impractical limits on how much data a mode of o...