International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

18:17 [Pub][ePrint] On the (In)Security of IDEA in Various Hashing Modes, by Lei Wei and Thomas Peyrin and Przemyslaw Sokolowski and San Ling and Josef Pieprzyk and Huaxiong Wang

  In this article, we study the security of the IDEA block cipher when it is used in various simple-length or double-length hashing modes. Even though this cipher is still considered as secure, we show that one should avoid its use as internal primitive for block cipher based hashing. In particular, we are able to generate instantaneously free-start collisions for most modes, and even semi-free-start collisions, pseudo-preimages or hash collisions in practical complexity. This work shows a practical example of the gap that exists between secret-key and known or chosen-key security for block ciphers. Moreover, we also settle the 20-year-old standing open question concerning the security of the Abreast-DM and Tandem-DM double-length compression functions, originally invented to be instantiated with IDEA. Our attacks have been verified experimentally and work even for strengthened versions of IDEA with any number of rounds.

13:06 [Event][New] APSIT: Call for Chapters proposals: Architectures and Protocols for Secure Informat

  Submission: 15 June 2012
Notification: 15 July 2012
From May 14 to July 15
Location: Murcia, Spain
More Information:

12:17 [Pub][ePrint] One-way Functions from Chebyshev Polynomials, by Kai-Yuen Cheong

  In the past twenty years, the study of the conjunction of chaos and cryptography has attracted much interest but also met with many problems. Today the security of chaos-based encryptions is usually not considered comparable to those based on number theoretic functions. In this paper, instead of making an encryption system, we focus on the more fundamental notion of one-way function, which is a well-defined function that is easy to evaluate but hard to invert. We see that it is more natural to compare chaotic systems with one-way functions, and such a study could possibly give new insights for chaos-based cryptosystems. We propose a function based on Chebyshev polynomials, and we argue it is likely a one-way function.

00:17 [Pub][JoC] Quark: A Lightweight Hash


Abstract  The need for lightweight (that is, compact, low-power, low-energy) cryptographic hash functions has been repeatedly expressed by professionals, notably to implement cryptographic protocols in RFID technology. At the time of writing, however, no algorithm exists that provides satisfactory security and performance. The ongoing SHA-3 Competition will not help, as it concerns general-purpose designs and focuses on software performance. This paper thus proposes a novel design philosophy for lightweight hash functions, based on the sponge construction in order to minimize memory requirements. Inspired by the stream cipher Grain and by the block cipher KATAN (amongst the lightest secure ciphers), we present the hash function family Quark, composed of three instances: u-Quark, d-Quark, and s-Quark. As a sponge construction, Quark can be used for message authentication, stream encryption, or authenticated encryption. Our hardware evaluation shows that Quark compares well to previous tentative lightweight hash functions. For example, our lightest instance u-Quark conjecturally provides at least 64-bit security against all attacks (collisions, multicollisions, distinguishers, etc.), fits in 1379 gate-equivalents, and consumes on average 2.44 μW at 100 kHz in 0.18 μm ASIC. For 112-bit security, we propose s-Quark, which can be implemented with 2296 gate-equivalents with a power consumption of 4.35 μW.

  • Content Type Journal Article
  • Pages 1-27
  • DOI 10.1007/s00145-012-9125-6
  • Authors

    • Jean-Philippe Aumasson, NAGRA, route de Genève 22, 1033 Cheseaux, Switzerland
    • Luca Henzen, UBS AG, Zürich, Switzerland
    • Willi Meier, FHNW, Windisch, Switzerland
    • María Naya-Plasencia, University of Versailles, Versailles, France

    • Journal Journal of Cryptology
    • Online ISSN 1432-1378
    • Print ISSN 0933-2790

From: Thu, 10 May 2012 06:10:35 GMT

13:37 [Job][New] Hardware Design Expert, A Private Company in Abu Dhabi, United Arab Emirates

  A position is available in a private company located in Abu Dhabi, United Arab Emirates for someone who has 8+ years of experience in hardware design.

+ Required:
- Experience in VHDL
- Experience in Xilinx FPGAs
- Experience in Embedded Systems Design

- Experience in FPGA from multiple vendors
- Experience in multiple data communication interfaces design
- Familar with microprocessors design

The period of employement is between 1 to 2 years and the salary will be based on the experience of the candidate.

For those interested please send a cover letter + CV/Resume to k.almarri3 (at)

13:35 [Job][New] Cryptography Expert, A Private Company in Abu Dhabi, United Arab Emirates


A position is available in a private company located in Abu Dhabi, United Arab Emirates for someone who has 8+ years of experience developing cryptographic primitives. The period of employement is between 1 to 2 years and the salary will be based on the experience of the applicant.

For those interested please send a cover letter + CV/Resume to kalmarri3 (at)

03:17 [Pub][ePrint] Implementing AES via an Actively/Covertly Secure Dishonest-Majority MPC Protocol, by I. Damgard and M. Keller and E. Larraia and C. Miles and N.P. Smart

  We describe an implementation of the protocol of Damgard, Pastro, Smart and Zakarias (SPDZ/Speedz) for multi-party computation in the presence of a dishonest majority of active adversaries. We present a number of modifications to the protocol; the first reduces the security to covert security, but produces significant performance enhancements; the second enables us to perform bit-wise operations in characteristic two fields. As a bench mark application we present the evaluation of the AES cipher, a now standard bench marking example for multi-party computation. We need examine two different implementation techniques, which are distinct from prior MPC work in this area due to the use of MACs within the SPDZ protocol. We then examine two implementation choices for the finite fields; one based on finite fields of size $2^8$ and one based on embedding the AES field into a larger finite field of size $2^{40}$.

06:48 [Event][New] ECC 2012: The 16th workshop on Elliptic Curve Cryptography 2012

  From October 28 to November 1
Location: Quertaro, Mxico
More Information:

06:46 [PhD][New] Gilles Brassard: Relativized cryptography

  Name: Gilles Brassard
Topic: Relativized cryptography
Category: foundations

Description: I am sorry but this thesis was typed on a typewriter. There has never been a computerized version. If I absolutely need to do so, I shall find a printed copy and retype the abstract.[...]

06:46 [PhD][New] John E. Hopcroft

  Name: John E. Hopcroft

16:03 [PhD][New] Nicolas Guillermin: Implémentation matérielle de coprocesseurs haute performance pour la cryptographie asymétrique

  Name: Nicolas Guillermin
Topic: Implémentation matérielle de coprocesseurs haute performance pour la cryptographie asymétrique
Category: implementation

Description: In this PhD thesis I propose coprocessors architectures for high performance computations\r\nof asymmetric primitives like RSA, Elliptic Curves and Pairing. Coprocessors have\r\nbeen implemented in FPGA, and propose the lowest latency ever showed in public litterature on such targets. The novelty of these architectures is the usage of the Residue\r\nNumber System (RNS), an alternate way to represent big numbers. The work presented\r\nhere confirms with experimentation the theoretical advantages of this system previously emphasized by [14, 13, 43]. Together with this theoretical advantage RNS computation can be efficiently parallelized, and getting highly regular and parallelized architectures to reach high frequency while computing modular operations in few cycles is possible, whatever is the size of the numbers. For example, a scalar multiplication on a generic 160 elleptic curve can be executed in 0.57 ms on an Altera Stratix, and in 4 ms on a 512 bits curve, compared with classical representations which hardly do the same in twice this time with comparable technologies (except for particular curves). For Pairing the results are even more interesting, since a 4 times division of the latency had been reached by the time [35] was published, and the first time a Pairing over large characteristic fields was executed in less than 1 ms on a FPGA. Eventually, I demonstrate the ability RNS to provide original solutions to protect computations against side channel and perturbation threats. I propose 2 countermeasures to thwart faults and power analysis which can be used on every primitives\r\nrelying on big number modular arithmetic. These countermeasures are designed to be efficiently adapted on the RNS coprocessors.[...]