International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

18:07 [Event][New] CryptoBG*2012: CryptoBG*2012: [MC3D] Meet Challenges in Cryptography and Cyber Defense

  Submission: 1 June 2012
From July 28 to August 5
Location: Oriahovitza, Bulgaria
More Information:

06:17 [Pub][ePrint] Garbling Schemes, by Mihir Bellare and Viet Tung Hoang and Phillip Rogaway

  Garbled circuits, a classical idea rooted in the work of Andrew Yao,

have long been understood as a cryptographic technique, not a

cryptographic goal. Here we cull out a primitive corresponding to

this technique. We call it a garbling scheme. We provide a

provable-security treatment for garbling schemes, endowing them with a

versatile syntax and multiple security definitions. The most basic of

these, privacy, suffices for two-party secure function evaluation

(SFE) and private function evaluation (PFE). Starting from a PRF, we

provide an efficient garbling scheme achieving privacy and we analyze

its concrete security. We next consider obliviousness and

authenticity, properties needed for private and verifiable outsourcing

of computation. We extend our scheme to achieve these ends. We

provide highly efficient blockcipher-based instantiations of both

schemes. Our treatment of garbling schemes presages more efficient

garbling, more rigorous analyses, and more modularly designed

higher-level protocols.

06:17 [Pub][ePrint] Compilation Techniques for Efficient Encrypted Computation, by Christopher Fletcher and Marten van Dijk and Srinivas Devadas

  Fully homomorphic encryption (FHE) techniques are capable of

performing encrypted computation on Boolean circuits, i.e., the

user specifies encrypted inputs to the program, and the server computes on the encrypted inputs. Applying these techniques to general programs with recursive procedures and data-dependent loops

has not been a focus of attention. In this paper, we take a first

step toward building a compiler that, given programs with complex

control flow, generates efficient code suitable for the application of

FHE schemes.

We first describe how programs written in a small Turing-complete instruction set can be executed with encrypted data and

point out inefficiencies in this methodology. We then provide examples of transforming (a) the greatest common divisor (GCD)

problem using Euclid\'s algorithm and (b) the 3-Satisfiability

(3SAT) problem using a recursive backtracking algorithm into a

path-levelized form to which FHE can be applied. We describe

how path levelization reduces control flow ambiguity and improves

encrypted computation efficiency. Using these techniques and data-dependent loops as a starting point, we then build support for hierarchical programs made up of phases, where each phase corresponds to a fixed point computation that can be used to further improve the efficiency of encrypted computation.

In our setting, the adversary learns an estimate of the number of

steps required to complete the computation, which we show is the

least amount of leakage possible.

19:30 [PhD][Update] Nicolás González-Deleito: Trust relationships in exchange protocols

  Name: Nicolás González-Deleito
Topic: Trust relationships in exchange protocols
Category:cryptographic protocols

18:17 [Pub][ePrint] On the (In)Security of IDEA in Various Hashing Modes, by Lei Wei and Thomas Peyrin and Przemyslaw Sokolowski and San Ling and Josef Pieprzyk and Huaxiong Wang

  In this article, we study the security of the IDEA block cipher when it is used in various simple-length or double-length hashing modes. Even though this cipher is still considered as secure, we show that one should avoid its use as internal primitive for block cipher based hashing. In particular, we are able to generate instantaneously free-start collisions for most modes, and even semi-free-start collisions, pseudo-preimages or hash collisions in practical complexity. This work shows a practical example of the gap that exists between secret-key and known or chosen-key security for block ciphers. Moreover, we also settle the 20-year-old standing open question concerning the security of the Abreast-DM and Tandem-DM double-length compression functions, originally invented to be instantiated with IDEA. Our attacks have been verified experimentally and work even for strengthened versions of IDEA with any number of rounds.

13:06 [Event][New] APSIT: Call for Chapters proposals: Architectures and Protocols for Secure Informat

  Submission: 15 June 2012
Notification: 15 July 2012
From May 14 to July 15
Location: Murcia, Spain
More Information:

12:17 [Pub][ePrint] One-way Functions from Chebyshev Polynomials, by Kai-Yuen Cheong

  In the past twenty years, the study of the conjunction of chaos and cryptography has attracted much interest but also met with many problems. Today the security of chaos-based encryptions is usually not considered comparable to those based on number theoretic functions. In this paper, instead of making an encryption system, we focus on the more fundamental notion of one-way function, which is a well-defined function that is easy to evaluate but hard to invert. We see that it is more natural to compare chaotic systems with one-way functions, and such a study could possibly give new insights for chaos-based cryptosystems. We propose a function based on Chebyshev polynomials, and we argue it is likely a one-way function.

00:17 [Pub][JoC] Quark: A Lightweight Hash


Abstract  The need for lightweight (that is, compact, low-power, low-energy) cryptographic hash functions has been repeatedly expressed by professionals, notably to implement cryptographic protocols in RFID technology. At the time of writing, however, no algorithm exists that provides satisfactory security and performance. The ongoing SHA-3 Competition will not help, as it concerns general-purpose designs and focuses on software performance. This paper thus proposes a novel design philosophy for lightweight hash functions, based on the sponge construction in order to minimize memory requirements. Inspired by the stream cipher Grain and by the block cipher KATAN (amongst the lightest secure ciphers), we present the hash function family Quark, composed of three instances: u-Quark, d-Quark, and s-Quark. As a sponge construction, Quark can be used for message authentication, stream encryption, or authenticated encryption. Our hardware evaluation shows that Quark compares well to previous tentative lightweight hash functions. For example, our lightest instance u-Quark conjecturally provides at least 64-bit security against all attacks (collisions, multicollisions, distinguishers, etc.), fits in 1379 gate-equivalents, and consumes on average 2.44 μW at 100 kHz in 0.18 μm ASIC. For 112-bit security, we propose s-Quark, which can be implemented with 2296 gate-equivalents with a power consumption of 4.35 μW.

  • Content Type Journal Article
  • Pages 1-27
  • DOI 10.1007/s00145-012-9125-6
  • Authors

    • Jean-Philippe Aumasson, NAGRA, route de Genève 22, 1033 Cheseaux, Switzerland
    • Luca Henzen, UBS AG, Zürich, Switzerland
    • Willi Meier, FHNW, Windisch, Switzerland
    • María Naya-Plasencia, University of Versailles, Versailles, France

    • Journal Journal of Cryptology
    • Online ISSN 1432-1378
    • Print ISSN 0933-2790

From: Thu, 10 May 2012 06:10:35 GMT

13:37 [Job][New] Hardware Design Expert, A Private Company in Abu Dhabi, United Arab Emirates

  A position is available in a private company located in Abu Dhabi, United Arab Emirates for someone who has 8+ years of experience in hardware design.

+ Required:
- Experience in VHDL
- Experience in Xilinx FPGAs
- Experience in Embedded Systems Design

- Experience in FPGA from multiple vendors
- Experience in multiple data communication interfaces design
- Familar with microprocessors design

The period of employement is between 1 to 2 years and the salary will be based on the experience of the candidate.

For those interested please send a cover letter + CV/Resume to k.almarri3 (at)

13:35 [Job][New] Cryptography Expert, A Private Company in Abu Dhabi, United Arab Emirates


A position is available in a private company located in Abu Dhabi, United Arab Emirates for someone who has 8+ years of experience developing cryptographic primitives. The period of employement is between 1 to 2 years and the salary will be based on the experience of the applicant.

For those interested please send a cover letter + CV/Resume to kalmarri3 (at)

03:17 [Pub][ePrint] Implementing AES via an Actively/Covertly Secure Dishonest-Majority MPC Protocol, by I. Damgard and M. Keller and E. Larraia and C. Miles and N.P. Smart

  We describe an implementation of the protocol of Damgard, Pastro, Smart and Zakarias (SPDZ/Speedz) for multi-party computation in the presence of a dishonest majority of active adversaries. We present a number of modifications to the protocol; the first reduces the security to covert security, but produces significant performance enhancements; the second enables us to perform bit-wise operations in characteristic two fields. As a bench mark application we present the evaluation of the AES cipher, a now standard bench marking example for multi-party computation. We need examine two different implementation techniques, which are distinct from prior MPC work in this area due to the use of MACs within the SPDZ protocol. We then examine two implementation choices for the finite fields; one based on finite fields of size $2^8$ and one based on embedding the AES field into a larger finite field of size $2^{40}$.