International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

09:17 [Pub][ePrint] (Pseudo) Preimage Attack on Round-Reduced Gr{\\o}stl Hash Function and Others (Extended Version), by Shuang Wu and Dengguo Feng and Wenling Wu and Jian Guo and Le Dong and Jian Zou

  The Gr{\\o}stl hash function is one of the 5 final round candidates of the {\\shathree} competition hosted by NIST. In this paper, we study the preimage resistance of the Gr{\\o}stl hash function. We propose pseudo preimage attacks on Gr{\\o}stl hash function for both 256-bit and 512-bit versions, i.e. we need to choose the initial value in order to invert the hash function. Pseudo preimage attack on 5(out of 10)-round Gr{\\o}stl-256 has a complexity of $(2^{244.85},2^{230.13})$ (in time and memory) and pseudo preimage attack on 8(out of 14)-round Gr{\\o}stl-512 has a complexity of $(2^{507.32},2^{507.00})$. To the best of our knowledge, our attacks are the first (pseudo) preimage attacks on round-reduced Gr{\\o}stl hash function, including its compression function and output transformation. These results are obtained by a variant of meet-in-the-middle preimage attack framework by Aoki and Sasaki. We also improve the time complexities of the preimage attacks against 5-round Whirlpool and 7-round AES hashes by Sasaki in FSE~2011.

09:17 [Pub][ePrint] Cryptanalysis of Hummingbird-2, by Kai Zhang, Lin Ding and Jie Guan

  Hummingbird is a lightweight encryption and message authentication primitive published in RISC\'09 and WLC\'10. In FSE\'11, Markku-Juhani O.Saarinen presented a differential divide-and-conquer method which has complexity upper bounded by 264 operations and requires processing of few megabytes of chosen messages under two related nonces (IVs). The improved version, Hummingbird-2, was presented in RFIDSec 2011. Based on the idea of differential collision, this paper discovers some weaknesses of the round function WD16 combining with key loading algorithm and we propose a related-key chosen-IV attack which can recover the full secret key. Under 24 pairs of related keys, the 128 bit initial key can be recovered, with the computational complexity of O(232.6) and data complexity of O(232.6). The result shows that the Hummingbird-2 cipher can\'t resist related key attack.

18:01 [PhD][New] Tolga Acar: High-Speed Algorithms & Architectures For Number-Theoretic Cryptosystems

  Name: Tolga Acar
Topic: High-Speed Algorithms & Architectures For Number-Theoretic Cryptosystems
Category: implementation

Description: Computer and network security systems rely on the privacy and authenticity of information, which requires implementation of cryptographic functions. Software implementations of these functions are often desired because of their flexibility and cost effectiveness. In this study, we concentrate on developing high-speed and area-efficient modular multiplication and exponentiation algorithms for number-theoretic cryptosystems.\r\nThe RSA algorithm, the Diffie-Hellman key exchange scheme and Digital Signature\r\nStandard require the computation of modular exponentiation, which is broken into a series\r\nof modular multiplications. One of the most interesting advances in modular exponentiation has been the introduction of Montgomery multiplication. We are interested in two aspects of modular multiplication algorithms: development of fast and convenient methods on a given hardware platform, and hardware requirements to achieve high-performance\r\nalgorithms.\r\nArithmetic operations in the Galois field GF(2^k) have several applications in coding\r\ntheory, computer algebra, and cryptography. We are especially interested in cryptographic applications where k is large, such as elliptic curve cryptosystems.[...]

16:52 [Event][Update] FSE 2013: Fast Software Encryption

  From March 11 to March 13
Location: Singapore, Singapore
More Information:

08:17 [Event][New] FSE 2013: Fast Software Encryption

  From March 11 to March 13
Location: Singapore, Singapore
More Information:

21:12 [Event][New] STM 2012: 8th International Workshop on Security and Trust Management

  Submission: 25 May 2012
Notification: 15 July 2012
From September 13 to September 14
Location: Pisa, Italy
More Information:

18:42 [News] Fellows 2012

  The IACR fellows of 2012 have been selected: The IACR fellow programme was started in 2002. Within this programme, we recognize outstanding IACR members for technical and professional contributions that:
  • Advance the science, technology, and practice of cryptology and related fields
  • Promote the free exchange of ideas and information about cryptology and related fields
  • Develop and maintain the professional skill and integrity of individuals in the cryptologic community
  • Advance the standing of the cryptologic community in the wider scientific and technical world and promote fruitful relationships between the IACR and other scientific and technical organizations

23:01 [News] IACR Minutes

  Minutes for the Eurocrypt 2011 and Crypto 2011 meetings of the IACR Board of Directors, as well as minutes and slides of the corresponding membership meetings, are now available online.

08:05 [News] Double Crypto? - on Publication Bandwidth


The number of publication at IACR conferences hardly changed over the last 15 years. At the same time, the number of submissions increased by nearly 60% while the quality of submissions stayed the same - at least according to members of the programme committees. To worsen things, the IACR community has grown and there are many more researchers active in our domain than used to be 15 years ago.
Detailed statistics on submissions and acceptance rates:

To better serve our community, the Board of Directors expressed its with that Conference Programme Chairs (for Eurocrypt, Crypto, and Asiacrypt) to accept substancially more papers then used to be the case and to work with their General Chair for the logistics to make this possible (using extra slots, shorter talks, and parallel sessions).

07:53 [Conf][FSE] Report on FSE 2012


The 19th annual Fast Software Encryption workshop (FSE 2012) was held at the Washington Marriott Hotel in Washington DC, USA, on March 19-21, 2012. The general chair was Bruce Schneier and the program chair was Anne Canteaut.

The conference attracted 143 delegates from 30 countries, including 27 students.

The technical program featured 24 papers selected from 90 submissions, along with two invited lectures, one on "Provable" security against differential and linear cryptanalysis" by Kaisa Nyberg (Aalto University and Nokia), and one on "The history of linear cryptanalysis" by Mitsuru Matsui (Mitsubishi Electric Corporation).

As last year, FSE 2012 did not have printed pre-proceedings, but instead made the papers available online, before and during the conference. Revised versions of the accepted papers are going to appear in the proceedings of the conference published by Springer. The presentation slides for the technical sessions and the rump session can be found on the conference website at:

00:17 [Pub][ePrint] Information-flow control for programming on encrypted data, by J.C. Mitchell, R. Sharma, D. Stefan and J. Zimmerman

  Using homomorphic encryption and secure multiparty computation, cloud

servers may perform regularly structured computation on encrypted

data, without access to decryption keys. However, prior approaches

for programming on encrypted data involve restrictive models such as

boolean circuits, or standard languages that do not guarantee secure

execution of all expressible programs. We present an expressive

core language for secure cloud computing, with primitive types,

conditionals, standard functional features, mutable state, and a

secrecy preserving form of general recursion. This language, which

uses an augmented information-flow type system to prevent

control-flow leakage, allows programs to be developed and tested

using conventional means, then exported to a variety of secure

cloud execution platforms, dramatically reducing the amount of

specialized knowledge needed to write secure code. We present a

Haskell-based implementation and prove that cloud implementations

based on secret sharing, homomorphic encryption, or other

alternatives satisfying our general definition meet precise security