International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

11:49 [Job][New] Teaching Position (Tenure), Salary A13/A14, Ruhr University Bochum, Germany

  At the RUB a teaching position (tenured) is open. The German job name is \"Akademischer Rat\", with a teaching load of 13 hours per week. This is a postdoc position, a Ph.D. degree is required.

This teching position is located at the chair for Network and Data Security ( Applicants should have a strong publication record in the areas of cryptographic protocols, web security, or webservice security.

Due to the large teaching load, excellent knowledge of German language is reqired.

05:48 [PhD][New] Tal Malkin

  Name: Tal Malkin

05:47 [PhD][New] Ilya Kizhvatov: Physical Security of Cryptographic Algorithm Implementations

  Name: Ilya Kizhvatov
Topic: Physical Security of Cryptographic Algorithm Implementations
Category: implementation


This thesis deals with physical attacks on implementations of cryptographic algorithms and countermeasures against these attacks. Physical attacks exploit properties of an implementation such as leakage through physically observable parameters (side-channel analysis) or susceptibility to errors (fault analysis) to recover secret cryptographic keys. In the absence of adequate countermeasures such attacks are often much more efficient than classical cryptanalytic attacks. Particularly vulnerable to physical attacks are embedded devices that implement cryptography in a variety of security-demanding applications.


In the area of side-channel analysis, this thesis addresses attacks that exploit observations of power consumption or electromagnetic leakage of the device and target symmetric cryptographic algorithms (at the notable example of the Advanced Encryption Standard (AES)). First, this work proposes a new combination of two well-known techniques of such attacks: differential side-channel analysis and side-channel collision attacks. The combination is more efficient than each of the attacks individually. As a further improvement, new dimension reduction techniques for side-channel acquisitions are introduced for side-channel collision detection and compared using an information-theoretic metric. Second, this work studies attacks exploiting leakage induced by microprocessor cache mechanism. We present an algorithm for cache-collision attacks that can recover the secret key in the presence of uncertainties in cache event detection from side-channel acquisitions, which may happen in a noisy measurement environment. Third, practical side-channel attacks are discovered against the AES engine of the AVR XMEGA, a recent versatile microcontroller for a variety of embedded applications.


In the area of fault analysis, this thesis extends existing attacks against the RSA digital signature algorithm implemented with the Chinese remainder theorem to a setti[...]

05:47 [PhD][New] Seung Geol Choi: On Adaptive Security and Round Efficiency in Secure Multi-party Computation

  Name: Seung Geol Choi
Topic: On Adaptive Security and Round Efficiency in Secure Multi-party Computation
Category: cryptographic protocols

12:52 [Conf][Crypto] Early Registration Deadline for CRYPTO is TODAY!

  Link to online registration --

21:17 [Pub][ePrint] Enhancing Location Privacy for Electric Vehicles (at the right time), by Joseph Liu and Man Ho Au and Willy Susilo and Jianying Zhou

  An electric vehicle is a promising and futuristic automobile propelled by electric motor(s), using electrical energy stored in batteries or another energy storage device. Due to the need of battery recharging, the cars will be required to visit recharging infrastructure very frequently. This may disclose the users\' private information, such as their location, which may expose users\' privacy. In this paper, we provide mechanisms to enhance location privacy of electric vehicles at the right time, by proposing an anonymous payment system

with privacy protection support. Our technique further allows traceability in the case where the cars are stolen.

21:17 [Pub][ePrint] High-Throughput Hardware Architecture for the SWIFFT / SWIFFTX Hash Functions, by Tamás Györfi and Octavian Creţ and Guillaume Hanrot and Nicolas Brisebarre

  Introduced in 1996 and greatly developed over the last few years,

Lattice-based cryptography offers a whole set of primitives with nice

features, including provable security and asymptotic efficiency.

Going from ``asymptotic\'\' to ``real-world\'\' efficiency seems important

as the set of available primitives increases in size and

functionality. In this present paper, we explore the improvements that

can be obtained through the use of an FPGA architecture for

implementing an ideal-lattice based cryptographic primitive. We chose

to target two of the simplest, yet powerful and useful, lattice-based

primitives, namely the SWIFFT and SWIFFTX primitives. Apart from being

simple, those are also of central use for future primitives as

Lyubashevsky\'s lattice-based signatures.

We present a high-throughput FPGA architecture for the SWIFFT and

SWIFFTX primitives. One of the main features of this implementation is

an efficient implementation of a variant of the Fast Fourier Transform

of order 64 on $\\Z_{257}$. On a Virtex-5 LX110T FPGA, we are able to

hash 0.6GB/s, which shows a ca. 16$\\times$ speedup compared to SIMD

implementations of the literature. We feel that this demonstrates

the revelance of FPGA as a target architecture for the implementation

of ideal-lattice based primitives.

21:17 [Pub][ePrint] Construction of New Classes of Knapsack Type Public Key Cryptosystem Using Uniform Secret Sequence, K(II)$\\Sigma\\Pi$PKC, Constructed Based on Maximum Length Code, by Masao KASAHARA

  In this paper, we present a new class of knapsack type PKC referred to as K(II)$\\Sigma\\Pi$PKC.

In K(II)$\\Sigma\\Pi$PKC, Bob randomly constructs a very small subset of Alice\'s set of public key whose order is very large,

under the condition that the coding rate $\\rho$ satisfies $0.01 < \\rho < 0.5$.

In K(II)$\\Sigma\\Pi$PKC, no secret sequence such as super-increasing sequence or shifted-odd sequence but the sequence whose component is constructed by a product of the same number of many prime numbers of the same size, is used.

We show that K(II)$\\Sigma\\Pi$PKC is secure against the attacks such as LLL algorithm, Shamir\'s attack etc. , because a subset of Alice\'s public keys

is chosen entirely in a probabilistic manner at the sending end.

We also show that K(II)$\\Sigma\\Pi$PKC can be used as a member of the class of common key cryptosystems because the list

of the subset randomly chosen by Bob can be used as a common key between Bob and Alice,

provided that the conditions given in this paper are strictly observed,

without notifying Alice of his secret key through a particular secret channel.

21:17 [Pub][ePrint] Breaking pairing-based cryptosystems using $\\eta_T$ pairing over $GF(3^{97})$, by Takuya Hayashi and Takeshi Shimoyama and Naoyuki Shinohara and Tsuyoshi Takagi

  There are many useful cryptographic schemes, such as ID-based encryption,

short signature, keyword searchable encryption, attribute-based encryption,

functional encryption, that use a bilinear pairing.

It is important to estimate the security of such pairing-based cryptosystems in cryptography.

The most essential number-theoretic problem in pairing-based cryptosystems is

the discrete logarithm problem (DLP)

because pairing-based cryptosystems are no longer secure once the underlining DLP is broken.

One efficient bilinear pairing is the $\\eta_T$ pairing defined over a supersingular

elliptic curve $E$ on the finite field $GF(3^n)$ for a positive integer $n$.

The embedding degree of the $\\eta_T$ pairing is $6$;

thus, we can reduce the DLP over $E$ on $GF(3^n)$ to that over the finite field $GF(3^{6n})$.

In this paper, for breaking the $\\eta_T$ pairing over $GF(3^n)$, we discuss

solving the DLP over $GF(3^{6n})$ by using the function field sieve (FFS),

which is the asymptotically fastest algorithm for solving a DLP

over finite fields of small characteristics.

We chose the extension degree $n=97$ because it has been intensively used in benchmarking

tests for the implementation of the $\\eta_T$ pairing,

and the order (923-bit) of $GF(3^{6\\cdot 97})$ is substantially larger than

the previous world record (676-bit) of solving the DLP by using the FFS.

We implemented the FFS for the medium prime case (JL06-FFS),

and propose several improvements of the FFS,

for example, the lattice sieve for JL06-FFS and the filtering adjusted to the Galois action.

Finally, we succeeded in solving the DLP over $GF(3^{6\\cdot 97})$.

The entire computational time of our improved FFS requires about 148.2 days using 252 CPU cores.

Our computational results contribute to the secure use of pairing-based cryptosystems with the $\\eta_T$ pairing.

21:17 [Pub][ePrint] Edwards model of elliptic curves defined over any fields, by Oumar DIAO and Emmanuel FOUOTSA

  In this paper, we present a generalization of Edwards model for elliptic curve which is defined over any field and in particular for field of characteristic 2. This model generalize the well known Edwards model of \\cite{Edw07} over characteristic zero field, moreover it define an ordinary elliptic curve over binary fields.

For this, we use the theory of theta functions and an intermediate model embed in $\\mathbb{P}^3$ that we call a level $4$-theta model. We then present an arithmetic of this level $4$-theta model and of our Edwards model using Riemann relations of theta functions. The group laws are complete, i.e. none exceptional case for adding a pair of points; their are also unified, i.e. formulas using for addition and for doubling are the same. Over binary fields we have very efficient arithmetics on ordinary elliptic curve, but over odd field our explicit addition laws are not competitives. Nevertheless, we give efficient differential addition laws on level $4$-theta model and on Edwards model defined over any fields.

21:17 [Pub][ePrint] Algebraic Differential Fault Attacks on LED using a Single Fault Injection, by Xinjie Zhao and Shize Guo and Fan Zhang and Tao Wang and Zhijie Shi and Keke Ji

  This paper proposes a new fault attack technique on the LED block

cipher using a single fault injection by combining algebraic

side-channel attack (ASCA) and differential fault attack (DFA). We

name it as algebraic differential fault attack (ADFA). Firstly, a

boolean equation set is constructed for LED using algebraic

techniques. Then, the fault differences of the S-Box inputs in the

last round of LED are deduced by DFA and represented using algebraic

equations by the multiple deductions-based ASCA (MDASCA) technique

proposed in COSADE 2012. Finally, the key is recovered by solving

the equation set with the CryptoMiniSat solver. We show that, as to

ADFA on LED under the single nibble-based fault model, the 64-bit

key can be recovered within one minute on a common PC with a success

rate of 79\\%, which is more efficient than previous work. We modify

the CryptoMiniSat solver to count and output multiple solutions for

the key, and conduct ADFA to calculate the reduced key search space

for DFA. The key search space of LED is reduced to $2^6 \\sim

2^{17}$, which is different from previous work. We also successfully

extend ADFA on LED to other fault models using a single fault

injection, such as byte based fault model and nibble based diagonal

fault model, where traditional DFAs are difficult to work. The

results show that ADFA is an efficient and generic fault analysis

technique which significantly improves DFA.