International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2012-12-23
16:47 [Event][New] IWSEC2013: The 8th International Workshop on Security

  Submission: 13 May 2013
Notification: 12 July 2013
From November 18 to November 20
Location: Okinawa, Japan
More Information: http://www.iwsec.org/2013/


16:46 [Job][New] Post?Doc, Electronic Health Information Laboratory, CHEO Research Institute, Canada, North America

  The Electronic Health Information Laboratory (EHIL) at the Children\\\'s Hospital of Eastern Ontario (CHEO) Research Institute is looking for a Post?Doctoral Fellow responsible for research and development of secure multi?party computation and privacy preserving protocols for applications in the area of health information and medical research.

Candidates should have a Ph.D. in Computer Science, Computer Engineering, Mathematics, Engineering, or a related field, and a strong research track record with journal or conference publications in secure computation and/or privacy preserving statistics and data?mining.





2012-12-19
19:17 [Pub][ePrint] Further results on the distinctness of binary sequences derived from primitive sequences modulo square-free odd integers, by Qun-Xiong Zheng and Wen-Feng Qi

  This paper studies the distinctness of primitive sequences over Z/(M) modulo 2, where M is an odd integer that is composite and square-free, and Z/(M) is the integer residue ring modulo M. A new sufficient condition is given for ensuring that primitive sequences generated by a primitive polynomial f(x) over Z/(M) are pairwise distinct modulo 2. Such result improves a recent result obtained in our previous paper [27] and consequently the set of primitive sequences over Z/(M) that can be proven to be distinct modulo 2 is greatly enlarged.



19:17 [Pub][ePrint] Non Observability in the Random Oracle Model, by Prabhanjan Ananth and Raghav Bhaskar

  The Random Oracle Model, introduced by Bellare and Rogaway, provides a method to heuristically argue about the security of cryptographic primitives and protocols. The basis of this heuristic is that secure hash functions are close enough to random functions in their behavior, and so, a primitive that is secure using a random function should continue to remain secure even when the random function is replaced by a real hash function. In the security proof, this setting is realized by modeling the hash function as a random oracle. However, this approach in particular also enables any reduction, reducing a hard problem to the existence of an adversary, to \\emph{observe} the queries the adversary makes to its random oracle and to \\emph{program} the responses that the oracle provides to these queries. While, the issue of programmability of query responses has received a lot of attention in the literature, to the best of our knowledge, observability of the adversary\'s queries has not been identified as an artificial artefact of the Random Oracle Model. In this work, we study the security of several popular schemes when the security reduction cannot ``observe\'\' the adversary\'s queries to the random oracle, but can (possibly) continue to ``program\'\' the query responses. We first show that RSA-PFDH and Schnorr\'s signatures continue to remain secure when the security reduction is non observing (NO reductions), which is not surprising as their proofs in the random oracle model rely on programmability. We also provide two example schemes, namely, Fischlin\'s NIZK-PoK \\cite{Fischlin05} and non interactive extractable commitment scheme, extractor algorithms of which seem to rely on observability in the random oracle model. While we prove that Fischlin\'s online extractors cannot exist when they are non observing, our extractable commitment scheme continues to be secure even when the extractors are non observing. We also introduce Non Observing Non Programming reductions which we believe are closest to standard model reductions.



19:17 [Pub][ePrint] Unprovable Security of Two-Message Zero Knowledge, by Kai-Min Chung and Edward Lui and Mohammad Mahmoody and Rafael Pass

  Goldreich and Oren (JoC\'94) show that only trivial languages have 2-message zero-knowledge arguments. In this note we consider weaker, \\emph{super-polynomial-time} simulation (SPS), notions of zero-knowledge. We present barriers to using black-box reductions for demonstrating soundness of 2-message protocols with efficient prover strategies satisfying SPS zero-knowledge. More precisely, we show that assuming the existence of $\\poly(T(n))$-hard one-way functions, the following holds:

\\begin{itemize}

\\item For sub-exponential (or smaller) $T(\\cdot)$, \\emph{polynomial-time} black-box reductions cannot be used to prove soundness of 2-message $T(\\cdot)$-simulatable arguments based on any polynomial-time intractability assumption. This matches known 2-message quasi-polynomial-time simulatable arguments using a quasi-polynomial-time reduction (Pass\'03), and 2-message exponential-time simulatable proofs using a polynomial-time reduction (Dwork-Naor\'00, Pass\'03).

\\item $\\poly(T(\\cdot))$-time black-box reductions cannot be used to prove soundness of 2-message \\emph{strong} $T(\\cdot)$-simulatable (efficient prover) arguments based on any $\\poly(T(\\cdot))$-time intractability assumption; strong $T(\\cdot)$-simulatability means that the output of the simulator is indistinguishable also for $\\poly(T(\\cdot))$-size circuits. This matches known 3-message strong quasi-polynomial-time simulatable proofs (Blum\'86, Canetti et al\'00).

\\end{itemize}



17:36 [Job][New] Post-doc (three posts), Centre for Cybercrime and Computer Security, Newcastle University, UK, EU

  You will join a vibrant and growing team of security researchers at the Centre for Cybercrime and Computer Security (CCCS) at Newcastle University. The aim of the project is to address one of the grand challenges in the real world: how to develop an e-voting system that is secure, dependable and usable for future elections.

This is a five-year project, supported by the European Research Council (ERC) Starting Grant. The initial appointments will be three years. Further extension by another two years will be possible subject to the performance and available funding. The expected starting date is 1 March, 2013 (flexible)

To apply for the posts, you need to have a PhD in Computer Science, engineering or related discipline, with a solid background in security and an excellent track record. Expertise in one of the following areas is especially desirable: cryptography, dependability and usable security.



12:54 [Job][Update] PostDoc in Cryptography, University of Bristol, UK, EU

  The Cryptography group within the Department of Computer Science has grown considerably in the last year and additional researchers are required in the following areas:

  • Analysis of “real world” protocols

  • Formal Methods applied to security protocols

  • Fully Homomorphic Encryption

  • Lattice Based Cryptography

  • Provable Security, i.e. Protocol and Mechanism design

  • Multi-Party Computation

You will hold a PhD, or expect to be awarded soon, and have experience in one of the sub-areas of cryptography mentioned above.

You will have a good level of analytical skills and the ability to communicate complex information clearly, both orally and through the written word together with the ability to use personal initiative, and creativity, to solve problems encountered in the research context.

Ideally, you will also have a strong publication record in top relevant venues, such as the IACR conferences and journal, ACM-CCS, IEEE S&P, ESORICS, etc

Appointment may be made at the Research Assistant (grade I) or Research Associate (grade J) level depending on skills and experience and will be for 2 to 3 years in the first instance.

Please Note: This is a “rolling advert” with a nominal close date only. Applications are welcome at any time and the timing of the selection process will be dependent on the applications received.



12:53 [Job][New] PostDoc in Cryptography, University of Bristol

  The Cryptography group within the Department of Computer Science has grown considerably in the last year and additional researchers are required in the following areas:

  • Analysis of “real world” protocols

  • Formal Methods applied to security protocols

  • Fully Homomorphic Encryption

  • Lattice Based Cryptography

  • Provable Security, i.e. Protocol and Mechanism design

  • Multi-Party Computation

You will hold a PhD, or expect to be awarded soon, and have experience in one of the sub-areas of cryptography mentioned above.

You will have a good level of analytical skills and the ability to communicate complex information clearly, both orally and through the written word together with the ability to use personal initiative, and creativity, to solve problems encountered in the research context.

Ideally, you will also have a strong publication record in top relevant venues, such as the IACR conferences and journal, ACM-CCS, IEEE S&P, ESORICS, etc

Appointment may be made at the Research Assistant (grade I) or Research Associate (grade J) level depending on skills and experience and will be for 2 to 3 years in the first instance.

Please Note: This is a “rolling advert” with a nominal close date only. Applications are welcome at any time and the timing of the selection process will be dependent on the applications received.





2012-12-18
14:23 [Event][New] Vote-ID '13: Fourth international conference on E-voting and Identity

  Submission: 11 March 2013
Notification: 26 April 2013
From July 17 to July 19
Location: Guildford, UK
More Information: http://www.voteid13.org


13:17 [Pub][ePrint] Recovering RSA Secret Keys from Noisy Key Bits with Erasures and Errors, by Noboru Kunihiro and Naoyuki Shinohara and Tetsuya Izu

  We discuss how to recover RSA secret keys from noisy key bits with erasures

and errors.

There are two known algorithms recovering original secret keys from noisy

keys.

At Crypto 2009, Heninger and Shacham proposed a method for the case

where an erroneous version of secret keys contains only erasures.

Subsequently, Henecka et al. proposed a method

for an erroneous version containing only errors at Crypto2010.

For physical attacks such as side-channel and cold boot attacks,

we need to study key recovery from a noisy secret key containing both erasures

and errors.

In this paper, we propose a method to recover a secret key from such an

erroneous version

and analyze the condition for error and erasure rates so that

our algorithm succeeds in finding the correct secret key in polynomial time.

We also evaluate a theoretical bound to recover the secret key

and discuss to what extent our algorithm achieves this bound.



13:17 [Pub][ePrint] Cryptanalysis of RAPP, an RFID Authentication Protocol, by Nasour Bagheri, Masoumeh Safkhani, Pedro Peris-Lopez, Juan E. Tapiador

  Tian et al. proposed a novel ultralightweight

RFID mutual authentication protocol [4] that has recently

been analyzed in [1], [2], [5]. In this letter, we first propose

a desynchronization attack that succeeds with probability

almost 1, which improves upon the 0.25 given by the attack

in [1]. We also show that the bad properties of the proposed

permutation function can be exploited to disclose several

bits of the tag\'s secret (rather than just one bit as in [2]),

which increases the power of a traceability attack. Finally,

we show how to extend the above attack to run a full

disclosure attack, which requires to eavesdrop less protocol

runs than the attack described in [5] (i.e., 192