International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

22:17 [Pub][ePrint] The IITM Model: a Simple and Expressive Model for Universal Composability, by Ralf Kuesters and Max Tuengerthal

  The universal composability paradigm allows for the modular design and analysis of cryptographic protocols. It has been widely and successfully used in cryptography. However, devising a coherent yet simple and expressive model for universal composability is, as the history of such models shows, highly non-trivial. For example, several partly severe problems have been pointed out in the literature for the UC model.

In this work, we propose a coherent model for universal composability, called the IITM model (``Inexhaustible Interactive Turing Machine\'\'). A main feature of the model is that it is stated without a priori fixing irrelevant details, such as a specific way of addressing of machines by session and party identifiers, a specific modeling of corruption, or a specific protocol hierarchy. In addition, we employ a very general notion of runtime. All reasonable protocols and ideal functionalities should be expressible based on this notion in a direct and natural way, and without tweaks, such as (artificial) padding of messages or (artificially) adding extra messages.

Not least because of these features, the model is simple and expressive. Also the general results that we prove, such as composition theorems, hold independently of how such details are fixed for concrete applications.

Being inspired by other models for universal composability, in particular the UC model and because of the flexibility and expressivity of the IITM model, conceptually, results formulated in these models directly carry over to the IITM model.

22:17 [Pub][ePrint] RSA private key reconstruction from random bits using SAT solvers, by Constantinos Patsakis

  SAT solvers are being used more and more in Cryptanalysis, with mixed results regarding their efficiency, depending on the structure of the algorithm they are applied. However, when it comes to integer factorization, or more specially the RSA problem, SAT solvers prove to be at least inefficient. The running times are too long to be compared with any well known integer factorization algorithm, even when it comes to small RSA moduli numbers.

The recent work on cold boot attacks has sparkled again the interest on partial key exposure attacks and in RSA key reconstruction. In our work, contrary to the lattice-based approach that most of these

works use, we use SAT solvers. For the special case where the public exponent $e$ is equal to three, we provide a more efficient modeling of RSA as an instance of a satisfiability problem, and manage to reconstruct the private key, given a part of the key, even for public keys of 1024 bits in few seconds.

22:17 [Pub][ePrint] Anonymity Guarantees of the UMTS/LTE Authentication and Connection Protocol, by Ming-Feng Lee and Nigel P. Smart and Bogdan Warinschi and Gaven Watson

  The UMTS/LTE protocol for mobile phone networks has been designed to offer a limited form of anonymity for mobile phone uses. In this paper we quantify precisely what this limited form of anonymity actually provides via a formal security model. The model considers an execution where the home and roaming network providers are considered as one entity. We consider two forms of anonymity, one where the mobile stations under attacked are statically selected before the execution, and a second one where the adversary selects these stations adaptively. We prove that the UMTS/LTE protocol meets both of these security definitions. Our analysis requires new assumptions on the underlying keyed functions for UMTS, which whilst probably true have not previously been brought to the fore.

22:17 [Pub][ePrint] More on linear hulls of PRESENT-like ciphers and a cryptanalysis of full-round EPCBC-96, by Stanislav Bulygin

  In this paper we investigate the linear hull effect in the light-weight block cipher EPCBC. We give an efficient method of computing linear hulls with high capacity. We then apply found hulls to derive attacks on the full 32 rounds of EPCBC--96 and 20 rounds of EPCBC-48. Using the developed methods we revise the work of J.Y. Cho from 2010 and obtain an attack based on multidimensional linear approximations on 26 rounds of PRESENT--128. The results show that designers of block ciphers should take seriously the threat coming from the linear hull attacks and not just limit themselves to proving bounds based solely on linear characteristics.

22:17 [Pub][ePrint] A Differential Fault Attack on MICKEY 2.0, by Subhadeep Banik and Subhamoy Maitra

  In this paper we present a differential fault attack on the stream cipher MICKEY 2.0 which is in eStream\'s hardware portfolio. While fault attacks have already been reported against the other two eStream hardware candidates Trivium and Grain, no such analysis is known for MICKEY. Using the standard assumptions for fault attacks, we show that by injecting around $2^{16.7}$ faults and performing $2^{32.5}$ computations on an average, it is possible to recover the entire internal state of MICKEY at the beginning of the key-stream generation


22:17 [Pub][ePrint] On the security of an identity-based authenticated group key agreement protocol for imbalanced mobile networks, by Haiyan Sun

  Recently, Islam and Biswas proposed a pairing-free identity-based authenticated group key agreement protocol for imbalanced mobile networks. However, in this letter, we point out that this protocol cannot resist passive attack, and cannot provide forward secrecy for joining operation and backward secrecy for leaving operation.

09:19 [Event][New] Summer School: Design and Security of Cryptographic Functions, Algorithms and Devices

  From July 30 to July 5
Location: Albena, Bulgaria
More Information:

09:18 [Event][New] Summer School on Design and Security of Cryptographic Functions, Algorithms and

  From July 30 to July 5
Location: Albena, Bulgaria
More Information:

05:54 [Job][New] Associate or Assistant Professor in Cryptology , Technical University of Denmark

  DTU Compute at the Technical University of Denmark calls for applications for a position as associate or assistant professor.

The department is looking for a dynamic faculty member to participate in research and teaching in cryptology.

The position is available from 1 May 2013.

For further information and to apply please follow the guidelines from the job page.

05:53 [Job][New] Ph.D. student, University of Paderborn, Faculty for Electrical Engineering, Computer Science and Mathematics

  The following tasks shall be conveyed to the employee:

1. research in public-key cryptography

2. contribution to the lecturing of the faculty.

Conditions of employment:

The applicant is required to have very good knowledge of the following topics:

1. complexity theory

2. cryptography

3. number theory.

The Master in Computer Science or a similar field is the condition of employment. It is expected of any candidate that a doctorate´s degree is or will be pursued.

The University of Paderborn has been awarded with the rating TOTAL E-QUALITY with view to an administrative and human resource policy that is ideally directed toward non-discrimination and equal opportunity as well as the certificate “audit family fair-minded university” (of a non-profit organisation) with view to the successful implementation of improvements to the compatability of studying, job and family-life.

We specifically welcome candidatures of women and will, according to the State Equal Oppourtunities Act (“Landesgleichstellungsgesetz NRW”) prefer these among candidatures of the same aptitude, qualification and certificates of competence if not personal reasons in favour of a competitor decide. A part time employment is possible, in principle. Candidatures of seriously handicapped persons and the same according to the Code of Social Law (“Sozialgesetzbuch Neuntes Buch - SGB IX”) are welcome just the same.

The staff council of the academic personnel and artists of the University of Paderborn (WPR) will be involved in the interviewing if a candidate wishes so.

05:53 [Job][New] Ph.D. Student, University of Bordeaux /CWI /Leiden University

  One PhD Position in Secure Computation and Coding Theory

Within the framework of the EU ALGANT (Algebra and Number Theory) Erasmus Mundus doctorate program, there is an opening for a PhD position in the area of Secure Computation and Coding Theory.

The PhD project is jointly advised by Ronald Cramer (CWI & Math Inst, Leiden U), Serge Fehr (CWI) and Gilles Zémor (U Bordeaux, Math Dept) and it should lead to a joint Bordeaux/Leiden PhD degree. Outstanding candidates are encouraged to apply.

Application deadline: February 10, 2013.