International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

21:17 [Pub][ePrint] On a CCA2-secure variant of McEliece in the standard model, by Edoardo Persichetti

  We consider public-key encryption schemes based on error-correcting

codes that are IND-CCA2 secure in the standard model. We analyze a system due

to Dowsley, Muller-Quade and Nascimento. We then show how to instantiate the

Rosen-Segev framework with the McEliece scheme.

12:59 [Job][New] Postdoctoral Research Assistant in Cryptography, Dept Computer Science, University of Bristol

  Based in the Cryptography group which has grown considerably in the last year, you will be an additional researcher in one of the following areas:

•Analysis of “real world” protocols

•Formal Methods applied to security protocols

•Fully Homomorphic Encryption

•Lattice Based Cryptography

•Provable Security, i.e. Protocol and Mechanism design

The post is funded by an ERC Advanced Grant awarded to Prof. Nigel Smart.

The expected starting date will be as soon as possible depending on the your circumstances.

Please apply using the Online System linked to from the link below. We cannot accept applications via email.

09:22 [Event][Update] STM 2012: 8th International Workshop on Security and Trust Management

  Submission: 16 June 2012
Notification: 15 July 2012
From September 13 to September 14
Location: Pisa, Italy
More Information:

18:10 [PhD][New] Côme Berbain: Analyse et conception d\'algorithmes de chiffrement à flot

  Name: Côme Berbain
Topic: Analyse et conception d\'algorithmes de chiffrement à flot
Category: secret-key cryptography


The primary goal of cryptography is to protect the confidentiality of data and communications. Stream ciphers is one of the two most popular families of symmetric encryption algorithms that allow to guaranty\r\nconfidentiality and to achieve high performances.


In the first part of this thesis, we present different cryptanalysis techniques against stream ciphers: correlation\r\nattack against the stream cipher GRAIN, guess and determine attack against the BSG mechanism, algebraic attack against special\r\nkinds of non-linear feedback shift registers, and chosen IV attack against a reduced version of the stream cipher SALSA.


In a second part, we focus on proofs of security for stream ciphers: we introduce the new algorithm QUAD and give some \r\nprovable security arguments in order to link its security to the conjectured intractability of Multivariate Quadratic problem. We also try to extend the security requirements of stream ciphers to the case where initialisation values (IV) are used: we present a construction which allows us\r\nto build a secure IV dependent stream cipher from a number generator and apply it to QUAD, which becomes the first IV dependent\r\nstream cipher with provable security arguments. We also present the algorithms DECIM and SOSEMANUK, to which we made\r\ndesign contributions.


Finally in a third part, we present efficient software and hardware implementations of the QUAD algorithm.


18:09 [Job][New] M.Sc. and Ph.D. positions with scholarship, Koç University, Turkey


Want to store your data online securely? Want a fair Internet? What about outsourcing your job while still being assured of the result?

If you want to secure the cloud through the use of provable cryptographic techniques, then you should definitely apply to the Cryptography, Security & Privacy Research Group at Koç University, ?stanbul, Turkey. We have multiple openings for both M.Sc. and Ph.D. level applications. All accepted applicants will receive competitive scholarships.

Koç University has a beautiful campus in the middle of a forest, with a nice view of the Black Sea and the Bosporus, and is very close to the Istanbul city center. The application deadline is 15th of April for early applications and 15th of June for late applications.

For more information about our group, visit

For applying online, visit

Late applications will be considered in exceptional cases.

18:07 [Event][New] CryptoBG*2012: CryptoBG*2012: [MC3D] Meet Challenges in Cryptography and Cyber Defense

  Submission: 1 June 2012
From July 28 to August 5
Location: Oriahovitza, Bulgaria
More Information:

06:17 [Pub][ePrint] Garbling Schemes, by Mihir Bellare and Viet Tung Hoang and Phillip Rogaway

  Garbled circuits, a classical idea rooted in the work of Andrew Yao,

have long been understood as a cryptographic technique, not a

cryptographic goal. Here we cull out a primitive corresponding to

this technique. We call it a garbling scheme. We provide a

provable-security treatment for garbling schemes, endowing them with a

versatile syntax and multiple security definitions. The most basic of

these, privacy, suffices for two-party secure function evaluation

(SFE) and private function evaluation (PFE). Starting from a PRF, we

provide an efficient garbling scheme achieving privacy and we analyze

its concrete security. We next consider obliviousness and

authenticity, properties needed for private and verifiable outsourcing

of computation. We extend our scheme to achieve these ends. We

provide highly efficient blockcipher-based instantiations of both

schemes. Our treatment of garbling schemes presages more efficient

garbling, more rigorous analyses, and more modularly designed

higher-level protocols.

06:17 [Pub][ePrint] Compilation Techniques for Efficient Encrypted Computation, by Christopher Fletcher and Marten van Dijk and Srinivas Devadas

  Fully homomorphic encryption (FHE) techniques are capable of

performing encrypted computation on Boolean circuits, i.e., the

user specifies encrypted inputs to the program, and the server computes on the encrypted inputs. Applying these techniques to general programs with recursive procedures and data-dependent loops

has not been a focus of attention. In this paper, we take a first

step toward building a compiler that, given programs with complex

control flow, generates efficient code suitable for the application of

FHE schemes.

We first describe how programs written in a small Turing-complete instruction set can be executed with encrypted data and

point out inefficiencies in this methodology. We then provide examples of transforming (a) the greatest common divisor (GCD)

problem using Euclid\'s algorithm and (b) the 3-Satisfiability

(3SAT) problem using a recursive backtracking algorithm into a

path-levelized form to which FHE can be applied. We describe

how path levelization reduces control flow ambiguity and improves

encrypted computation efficiency. Using these techniques and data-dependent loops as a starting point, we then build support for hierarchical programs made up of phases, where each phase corresponds to a fixed point computation that can be used to further improve the efficiency of encrypted computation.

In our setting, the adversary learns an estimate of the number of

steps required to complete the computation, which we show is the

least amount of leakage possible.

19:30 [PhD][Update] Nicolás González-Deleito: Trust relationships in exchange protocols

  Name: Nicolás González-Deleito
Topic: Trust relationships in exchange protocols
Category:cryptographic protocols

18:17 [Pub][ePrint] On the (In)Security of IDEA in Various Hashing Modes, by Lei Wei and Thomas Peyrin and Przemyslaw Sokolowski and San Ling and Josef Pieprzyk and Huaxiong Wang

  In this article, we study the security of the IDEA block cipher when it is used in various simple-length or double-length hashing modes. Even though this cipher is still considered as secure, we show that one should avoid its use as internal primitive for block cipher based hashing. In particular, we are able to generate instantaneously free-start collisions for most modes, and even semi-free-start collisions, pseudo-preimages or hash collisions in practical complexity. This work shows a practical example of the gap that exists between secret-key and known or chosen-key security for block ciphers. Moreover, we also settle the 20-year-old standing open question concerning the security of the Abreast-DM and Tandem-DM double-length compression functions, originally invented to be instantiated with IDEA. Our attacks have been verified experimentally and work even for strengthened versions of IDEA with any number of rounds.

13:06 [Event][New] APSIT: Call for Chapters proposals: Architectures and Protocols for Secure Informat

  Submission: 15 June 2012
Notification: 15 July 2012
From May 14 to July 15
Location: Murcia, Spain
More Information: