International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

06:17 [Pub][ePrint] Security Analysis of RAPP An RFID Authentication Protocol based on Permutation, by Wang Shao-hui, Han Zhijie, Liu Sujuan, Chen Dan-wei

  One of the key problems in Radio Frequency Identification(RFID) is security and privacy. Many RFID authentication protocols have been proposed to preserve security and privacy of the system. Nevertheless, most of these protocols are analyzed and it is shown that they can not provide security against some RFID attacks. RAPP is a new ultralightweight authentication protocol with permutation. In RAPP, only three operations are involved: bitwise XOR, left rotation and permutation. In this paper, we give an active attack on RAPP. We first collect some authentication messages through impersonating valid tag and readers; Then we forge valid reader to communicate with the tag about times. Using the property of the left rotation and permutation operation, we can deduce the relationship of bits of random number or secret keys at different positions, thus obtain all the secret shared by the reader and the tag.

06:17 [Pub][ePrint] The Multivariate Probabilistic Encryption Scheme MQQ-ENC, by Danilo Gligoroski and Simona Samardjiska

  We propose a new multivariate probabilistic encryption scheme with decryption errors MQQ-ENC that belongs to the family of MQQ-based public key schemes. Similarly to MQQ-SIG, the trapdoor is constructed using quasigroup string transformations with multivariate quadratic quasigroups, and a minus modifier with relatively small and fixed number of removed equations. To make the decryption possible and also efficient, we use a universal hash function to eliminate possibly wrong plaintext candidates. We show that, in this way, the probability of erroneous decryption becomes negligible.

MQQ-ENC is defined over the fields $\\mathbb{F}_{2^k}$ for any $k \\geq 1$, and can easily be extended to any $\\mathbb{F}_{p^k}$, for prime $p$. One important difference from MQQ-SIG is that in MQQ-ENC we use left MQQs (LMQQs) instead of bilinear MQQs. Our choice can be justified by our extensive experimental analysis that showed the superiority of the LMQQs over the bilinear MQQs for the design of MQQ-ENC.

We apply the standard cryptanalytic techniques on MQQ-ENC, and from the results, we pose a plausible conjecture that the instances of the MQQ-ENC trapdoor are hard instances with respect to the MQ problem. Under this assumption, we adapt the Kobara-Imai conversion of the McEliece scheme for MQQ-ENC and prove that it provides $\\mathsf{IND-CCA}$ security despite the negligible probability of decryption errors.

We also recommend concrete parameters for MQQ-ENC for encryption of blocks of 128 bits for a security level of $\\mathcal{O}(2^{128})$.

06:17 [Pub][ePrint] An Analysis of ZVP-Attack on ECC Cryptosystems, by Claude Crépeau and Raza Ali Kazmi

  Elliptic curve cryptography (ECC) is an efficient public cryptosystem with

a short key size. For this reason it is suitable for implementing on memory-constraint

devices such as smart cards, mobile devices, etc. However, these devices leak information

about their private key through side channels (power consumption, electromagnetic

radiation, timing etc) during cryptographic processing. In this paper we have examined

countermeasures against a specific class of side channel attacks (power analysis) called

Zero-Value Point Attack (ZVP), using elliptic curve isomorphism and isogeny. We found

that these methods are an efficient way of securing cryptographic devices using ECC

against ZVP attack. Our main contribution is to extend the work of Akishita and Takagi

[3,2] to binary fields. We also provide a more detail analysis of the ZVP attack over

prime fields.

06:17 [Pub][ePrint] A Way Reduce Signed Bitwise Differences that Transformed Into Same Modular Differences, by Xu ZiJie and Xu Ke

  We study signed bitwise differences and modular differences. We find a way to reduce signed bitwise differences that can be transformed into same modular differences. In this way, it needs arithmetic difference. We establish one-one relationship between modular differences and arithmetic difference. And establish one-one relationship between signed bitwise differences and arithmetic difference. Then it will reduce signed bitwise differences that can be transformed into same arithmetic difference. In this paper, we design a construction with ways we find. Given modular differences, some signed bitwise difference is uniquely determined.

06:17 [Pub][ePrint] Homomorphic A-codes for Network Coding, by Zhaohui Tang

  Authentication codes (A-codes) are a well studied technique to provide unconditionally secure

authentication. An A-code is defined by a map that associates a pair formed by a message and a key

to a tag. A-codes linear in the keys have been studied for application to distributed authentication

schemes. In this paper, we address the dual question, namely the study of A-codes that are linear in the

messages. This is usually an undesired property, except in the context of network coding. Regarding

these A-codes, we derive some lower bounds on security parameters when key space is known. We

also show a lower bound on key size when security parameter values are given (with some special

properties) and construct some codes meeting the bound.

14:41 [Event][New] ICMLA 2012: Special Session on Machine Learning in Information and System Security

  Submission: 6 August 2012
Notification: 7 September 2012
From December 12 to December 15
Location: Boca Raton, Florida, USA
More Information:

14:41 [Event][New] PQCrypto 2013: Post-Quantum Crypto 2013

  From June 4 to June 7
Location: Limoges, France

09:37 [Job][New] Security and Cryptography Researcher, Safemarket Ltd, Thessaloniki, Greece

  Safemarket Ltd., a software development and secure computer services company, seeks one Security or Cryptography specialist for participating on the research project entitled \"Secure Automated E-learning tests and Logic Puzzles\".


  • Ph.D. in Computer Science with specialization in at least one of the following (or related) areas: Networks/Servers, Computer and Network Security, Applied Cryptography, Computer Systems.

  • Excellent knowledge on web/application server customization

  • Strong understanding (server administration) of Linux OS, preferably CentOS or Ubuntu

  • Experience in Database Security and Cryptography Policies

Desired Qualifications

  • Certifications: CISSP, CCSP, RHCE, CCNA, MCSA, Linux + Pro, CEH (Certified Ethical Hacker)

  • MySQL, PHP, Java

  • Cryptography, SSL

  • Clustered environments

  • Web / SQL Load Balancing

  • Fluency in English

  • Game/Application Servers (Glassfish)

  • Apache/Nginx/Tomcat.

  • Proved experience in network/server management and administration

This a 3-year contract research position (full 36 months) with a salary of about 2100 Euros (gross). The project is Co-financed by the European Union and Greece - Operational Program \'Human Resources Development\' - NSFR 2007-2013 - European Social Fund.

Successful applicant will lead the security group with the role of organising/administrating the whole infrastructure required for supporting secure and fair electronic contests.

Contact: Send a cover letter and a detailed CV to: jobs (at)

19:24 [PhD][New] Roel Peeters: Security Architecture for Things That Think

  Name: Roel Peeters
Topic: Security Architecture for Things That Think
Category: cryptographic protocols

Description: The observation that people already carry lots of personal devices (e.g., a smart phone, an electronic identity card, an access badge, an electronic car key, a laptop, ... ), serves as starting point for this thesis. Furthermore, with the arrival of smart objects, the number of things that think one carries is expected to grow. Sensors will be built into clothing and attached to the body to monitor\r\nour health. It is clear that these devices need to be protected. However, due to the vast amount of devices involved, the traditional approach of protecting\r\neach device on its own, results in a usability nightmare.\r\n
\r\nWe investigate how to tap into the potential that arises from cooperation between these devices. This is done by deploying threshold cryptography on\r\npersonal devices. Threshold cryptography has the benefit of increased overall security, since an adversary can compromise a number (up to the threshold\r\nnumber) of devices without gaining any advantage towards breaking the overall security. Furthermore, the end-user does not need to carry all his personal\r\ndevices, any subset of size at least the threshold number is sufficient to make use of the threshold security system.\r\n
\r\nWe propose technical solutions to tackle some of the practical issues related to this approach, paving the road for real world implementations. First, we\r\nshow how one can include devices that do not have the necessary (secure) storage capabilities needed to store shares (e.g., car keys) in our threshold\r\nscheme. Second, we investigate how the end-user can add or remove devices from his set of personal devices used in this threshold scheme. Finally, in\r\norder to get user acceptance, the (location) privacy of consumers should not be disregarded. Towards this goal we examine how to achieve private and\r\nsecure device authentication over an open channel. This is done specifically for RFID tags, which are the least powerful devices that can be included in our\[...]

05:16 [PhD][New] U. Rajeswar Rao

  Name: U. Rajeswar Rao

05:16 [PhD][New] Rayanki Balakrishna: Multihop Performace Issuess in Wire less Mobile Ad Hoc networks

  Name: Rayanki Balakrishna
Topic: Multihop Performace Issuess in Wire less Mobile Ad Hoc networks
Category: implementation