International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-02-06
16:17 [Pub][ePrint] CRT-based Fully Homomorphic Encryption over the Integers, by Jinsu Kim and Moon Sung Lee and Aaram Yun and Jung Hee Cheon

  In 1978, Rivest, Adleman and Dertouzos introduced the basic concept of privacy homomorphism that allows computation on encrypted data without decryption.

It was elegant work that precedes the recent development of fully homomorphic encryption schemes although there were found some security flaws, e.g., ring homomorphic schemes are broken by the known-plaintext attacks.

In this paper, we revisit one of their proposals, in particular the third scheme which is based on the Chinese Remainder Theorem and is ring homomorphic.

The previous result is that only a single pair of known plaintext/ciphertext can break this scheme.

However, by exploiting the standard technique to insert an error to a message before encryption, we can cope with this problem.

We present a secure modification of their proposal by showing that the proposed scheme is

fully homomorphic and secure against the chosen plaintext attacks under the decisional approximate GCD assumption {{and the sparse subset sum assumption}} when the message space is restricted to $\\Z_2^k$.

Interestingly, the proposed scheme can be regarded as a generalization of the DGHV scheme with larger plaintext.

Our scheme has $\\tilde{O}(\\lambda^5)$ overhead while the DGHV has ${\\tilde{O}}(\\lambda^8)$ for the security parameter $\\lambda$.

When restricted to the homomorphic encryption scheme with depth-$O(\\log \\lambda)$, the overhead is reduced to $\\tilde{O}(\\lambda)$.

Our scheme can be used

in applications requiring a large message space $\\Z_Q$ for $\\log Q=O(\\lambda^4)$ or SIMD style operations on $\\Z_Q^k$ for $\\log Q=O(\\lambda), k=O(\\lambda^3)$, with $\\tilde{O}(\\lambda^5)$ ciphertext size as in the DGHV.





2013-02-05
09:46 [Job][New] PhD Position in Matching and social relationship management for decentralized healthcare services , University of Twente, The Netherlands

  Project: In a community, members provide each other with various types of help, usually nonprofessional and nonmaterial, for a particular shared, usually burdensome, characteristic. The help may take the form of providing and evaluating relevant information, relating personal experiences, listening to and accepting advice, providing sympathetic understanding and establishing social networks. Today, an emerging trend is that patients (non-professionals) with similar conditions form communities so that they can reach out to each other for advice and sharing experiences. Healthcare professionals are also involved in the process to improve the services, and to do research on the basis of the data generated by a community.

Goal: design new privacy and security techniques to support self-help communities. The project is a collaboration with several academic and industrial partners.

What we ask and what we offer: You have Master degree or you are about to graduate in computer science or mathematics, and you have a solid background in applied cryptography and/or information security. You like working in a team. You will be appointed for a period of four years, at the end of which you must have completed a PhD thesis. During this period you have the opportunity to broaden your knowledge by joining international exchange programs, to participate in national and international conferences and workshops, and to visit other research institutes and universities worldwide.

The monthly salary of a PhD student ranges from EURO 1956, - gross in the first year to EURO 2502, - gross in the fourth year.

09:46 [Job][New] Post-Doc in security for virtualized software systems, Swedish Institute of Computer Science (SICS)

  The Security Lab at Swedish Institute of Computer Science (SICS) in Stockholm is looking for a talent post doc researcher candidate in the area of system security and especially trusted computing technologies in virtualized software systems. We are looking for a talent researcher with interest in applied research and good knowledge in Trusted Computing Technologies.

Swedish Institute of Computer Science is a non-profit Swedish applied research institute.

The security Lab at SICS was established in 2009. Since then it has grown from 1 to 8 people. The research is directed toward secure systems design in close co-operation with above leading Swedish companies in the IT and telecommunications businesses as well as Swedish universities such as Royal Institute of Technology in Stockholm. The group has developed an own hypervisor providing secure execution in ARM based embedded systems that currently undergo formal verification. Furthermore, the group is performing lots of research on usage of Trusted Computing technologies to secure future cloud infrastructures. The secure systems group at SICS consists for the moment of 4 senior researchers (PhD), 2 PhD students and addition 2 junior researchers with MSc degrees in computer science.

09:07 [Event][New] MITC 2013: School + Workshop on Mathematics of Information-Theoretic Cryptography

  From May 13 to May 26
Location: Leiden , The Netherlands
More Information: http://www.lorentzcenter.nl/lc/web/2013/581/info.php3?wsid=581&venue=Snellius


09:07 [Event][New] PRISMS 2013: International Conference on Privacy and Security in Mobile Systems

  Submission: 4 March 2013
Notification: 8 April 2013
From June 24 to June 27
Location: Atlantic City, USA
More Information: http://www.gws2013.org/prisms/


09:05 [Event][New] AisaJCIS2013: The 8th Asia Joint Conference on Information Security

  Submission: 10 April 2013
Notification: 22 May 2013
From July 25 to July 26
Location: Seoul, Korea
More Information: http://www.asiajcis.org




2013-02-01
12:59 [Job][New] Post-Doc, Orange Labs, Caen, France

  The research department of the Orange telecommunication company is searching for a suitable candidate for a post-doctoral research position to be involved in our Applied Crypto Group, especially related to cryptographic algorithms for the security of the cloud. Suitable candidates are requested to apply immediately. Candidate selection will continue until the position is filled.

12:59 [Job][New] PhD Position in System Security and Secure Electronic Identity, Technische Universität Darmstadt, Germany

  We are looking for an outstanding PhD candidate to join our Systems Security Group at Intel Collaborative Research Institute for Secure Computing (ICRI-SC) at TU-Darmstadt to work on a European project FutureID to shape the Future of Electronic Identity. Electronic ID cards (eID’s) are now issued by many European countries and promise a drastic increase in the security and trust of identities on the Internet. Yet, everyday use of eID’s remains low ad lags far behind original expectations. The FutureID project attempts to change this by addressing some of the major hindrances to uptake.

The FutureID project builds a comprehensive, flexible privacy-aware and ubiquitously usable identity management infrastructure for Europe, which integrates existing eID technology and trust infrastructures, emerging federated identity management services and modern credential technologies to provide a user-centric system for the trustworthy and accountable management of identity claims.

Our research covers security aspects on different system abstraction layers and tackles the design and development of security architectures, trustworthy infrastructure, cryptographic protocols and security of mobile platforms (particularly smartphones).

The candidates should hold a Master Degree in Computer Science or Electrical Engineering and bring well-founded knowledge and experience in one or more of the following areas:

- Operating system security, in particular for mobile systems (e.g. Android)

- Trusted computing beyond TCG

- Software and embedded systems security

- Cryptographic protocols

You application should include your current curriculum vitae, MSc certificates and grades, a letter of motivation stating your interest in the position and your research interests and at least two letters of recommendation. Please direct your application to our team assistant Mrs. Heike Bartenschlager: office (at) icri-sc.tu- darmstad

12:59 [Job][New] Post-Doc in security in virtualized software systems, The Security Lab at Swedish Institute of Computer Science (SICS), Sweden

  The Security Lab at Swedish Institute of Computer Science (SICS) in Stockholm is looking for a talent post doc researcher candidate in the area of security for virtualized software systems. The position is for one year and should be done through the ERCIM Alain Bensoussan Fellowship Programme with deadline February 28. We are looking for a talent researcher with interest in applied research and good knowledge in Trusted Computing Technologies.

The security Lab at SICS was established in 2009. Since then it has grown from 1 to 8 people. The research is directed toward secure systems design in close co-operation with above leading Swedish companies in the IT and telecommunications businesses as well as Swedish universities such as Royal Institute of Technology in Stockholm. The group has developed an own hypervisor providing secure execution in ARM based embedded systems that currently undergo formal verification. Furthermore, the group is performing lots of research on usage of Trusted Computing technologies to secure future cloud infrastructures. The secure systems group at SICS consists for the moment of 4 senior researchers (PhD), 2 PhD students and addition 2 junior researchers with MSc degrees in computer science.



04:17 [Pub][ePrint] Power Balanced Circuits for Leakage-Power-Attacks Resilient Design, by Basel Halak, Julian Murphy, Alex Yakovlev

  The continuous rise of static power consumption in

modern CMOS technologies has led to the creation of a novel

class of security attacks on cryptographic systems. The latter

exploits the correlation between leakage current and the input

patterns to infer the secret key; it is called leakage power analysis

(LPA). The use power-balanced (m-of-n) logic is a promising

solution that provides an answer to this problem, such circuits

are designed to consume constant amount of power regardless of

data being processed. This work evaluates the security of

cryptographic circuits designed with this technology against the

newly developed LPA. Two forms of LPA are investigated, one is

based on differential power analysis (LDPA) and the other based

on Hamming weight analysis (LHPA). Simulations performed at

90nm CMOS technology reveal that (m-of-n) circuits are totally

resilient to LHPA and have a higher security level against LDPA

than standard logic circuits.



04:17 [Pub][ePrint] Lessons Learned From Previous SSL/TLS Attacks - A Brief Chronology Of Attacks And Weaknesses, by Christopher Meyer and Jörg Schwenk

  Since its introduction in 1994 the Secure Socket Layer (SSL) protocol (later renamed to Transport Layer Security (TLS)) evolved to the de facto standard for securing the transport layer. SSL/TLS can be used for ensuring data confidentiality, integrity and authenticity during transport. A main feature of the protocol is its flexibility. Modes of operation and security aims can easily be configured through different cipher suites. During its evolutionary development process several flaws were found. However, the flexible architecture of SSL/TLS allowed efficient fixes in order to counter the issues. This paper presents an overview on theoretical and practical attacks of the last 15 years, in chronological order and four categories: Attacks on the TLS Handshake protocol, on the TLS Record and Application Data Protocols, on the PKI

infrastructure of TLS, and on various other attacks. We try to give a short \"Lessons Learned\" at the end of each paragraph.