International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-03-25
15:25 [Job][New] PhD Position on Privacy Enhancing Technologies and Anonymous Communications (NR27372), University of Cambridge, UK

  Applications are invited for one PhD position in the Security Group at the Computer Laboratory to work with Dr Steven Murdoch. Funding for this position is provided by the Engineering and Physical Sciences Research Council (EPSRC) in collaboration with the Royal Society.

The successful candidate will undertake research on methods to analyse the security of anonymous communication systems and privacy enhancing technologies. This broad research topic falls within an EPSRC priority area and provides considerable scope for the PhD candidate to find his or her own research direction.

Candidates should possess, or who will shortly obtain, at least an upper 2nd class honours degree in computer science, software engineering or a related discipline, and ideally, a Masters degree in a computer-science related field. Strong mathematical and programming skills, along with a keen interest in privacy and anonymous communications, are essential. A good understanding of networking and operating systems is highly desirable.

Funding (covering approved fees and living expenses for one person) is available for 3 years, and the successful candidate must be able to start on 30 September 2013. Candidates should be UK or EU citizens, or have appropriate permissions to work in the UK.

Applications should be made via the University of Cambridge Graduate Admissions Office http://www.admin.cam.ac.uk/students/gradadmissions/prospec/ no later than 31st May 2013, but please contact Dr Murdoch as soon as possible if interested.

* Limit of tenure: 3 years

Quote Reference: NR27372

15:24 [Job][New] Research Assistant in Mobile Forensics, University of Bristol, UK, EU

  Based in the Systems Centre and the Cryptography Group within the Department of Computer Science, you will work on a European Union funded project exploring the design and implementation of new approaches for the detection of and response to Internet abuse. You will join a team of researchers working on the same project, with whom you will be expected to work in very close collaboration. As such, evidence of prior teamwork and excellent communication skills are essential.

You will be required to conduct research in computer and network forensics, to design and develop tools for the extraction and forensic analysis of digital evidence from Android Smartphones and to assist with the integration of those tools with a visualization toolkit, which is also being developed as part of the same project. The work will focus primarily on network activity and social networking applications. Other areas will also be investigated during the course of the project, including but not limited to data extraction and forensic investigation of WiFi routers, Femtocells, wireless sensor devices.

You will be expected to disseminate project results by writing academic papers and by making presentations. You will also participate in writing project deliverables and reports. The role will require interaction with law enforcement agencies and legal practitioners, so having the ability to develop a good understanding of legal issues surrounding the abuse of the Internet will be an asset.

Excellent understanding of information security and computer networking is essential. Prior experience with collaborative software development is desirable, with focus on the languages listed in the ‘Further Particulars’ document. You will possess or be near completion of a PhD in information and communication security, computer networks, computer forensics or related discipline.

This post is funded for 12 months. It is expected that interviews will

15:24 [Job][New] Senior Lecturer / Associate Professor, University of Cape Town, South Africa

  The Department of Mathematics and Applied Mathematics is a large and dynamic establishment with over thirty faculty members. We seek to make two new appointments in Pure Mathematics as soon as possible. Applications are sought for two posts at the level of Senior Lecturer / Associate Professor.

Candidates must be in possession of a PhD in the Mathematical Sciences and are expected to have a strong research track record, which must show evidence of independence and leadership.

Applications in all areas of Pure Mathematics will be considered. However we are particularly seeking active researchers whose research field complements and strengthens the existing research in our department in algebra, analysis, discrete mathematics related to computer science (including cryptography), and geometry. The department intends filling one of the posts with an algebraist.

Candidates should indicate for which level of position they are applying. Level of appointment will be commensurate with experience and standing of applicants; at Associate Professor level a record of Post Graduate supervision would normally be expected.

The successful applicants will be expected to teach not only in their areas of research, but also service courses offered to other Faculties such as Engineering and Commerce, to contribute to the administration of the department and its courses, to supervise students and to attract research funding.

The annual remuneration packages, including benefits, are as follows:

• Associate Professor: R 663 359

• Senior Lecturer: R 562 173

To apply, please e-mail the completed UCT Application form (HR201) and all other relevant documentation as indicated on the form, with the subject line “SL/AP - MAM” followed by the reference number to Ms Melanie Falken at melanie.falken (at) uct.ac.za.

Reference number for this position: SR463/13



2013-03-20
03:06 [Event][New] ICISC 2013: The 16th International Conference on Information Security and Cryptology

  Submission: 26 August 2013
Notification: 13 October 2013
From November 27 to November 29
Location: Seoul, South Korea
More Information: http://www.icisc.org/


03:05 [Event][New] ICISS 2013: 9th International Conference on Information Systems Security

  Submission: 12 July 2013
From December 16 to December 20
Location: Kolkata, India
More Information: http://www.iciss.org.in




2013-03-19
21:17 [Pub][ePrint] Incentivizing Outsourced Computation, by Mira Belenkiy and Melissa Chase and C. Chris Erway and John Jannotti and Alptekin Küpçü and Anna Lysyanskaya

  We describe different strategies a central authority, the boss, can use to distribute computation to untrusted contractors. Our problem is inspired by volunteer distributed computing projects such as SETI@home, which outsource computation to large numbers of participants. For many tasks, verifying a task\'s output requires as much work as computing it again; additionally, some tasks may produce certain outputs with greater probability than others. A selfish contractor may try to exploit these factors, by submitting potentially incorrect results and claiming a reward. Further, malicious contractors may respond incorrectly, to cause direct harm or to create additional overhead for result-checking.

We consider the scenario where there is a credit system whereby users can be rewarded for good work and fined for cheating. We show how to set rewards and fines that incentivize proper behavior from rational contractors, and mitigate the damage caused by malicious contractors. We analyze two strategies: random double-checking by the boss, and hiring multiple contractors to perform the same job.

We also present a bounty mechanism when multiple contractors are employed; the key insight is to give a reward to a contractor who catches another worker cheating. Furthermore, if we can assume that at least a small fraction h of the contractors are honest (1% − 10%), then we can provide graceful degradation for the accuracy of the system and the work the boss has to perform. This is much better than the Byzantine approach, which typically assumes h > 60%.





2013-03-15
06:17 [Pub][ePrint] A note on the practical complexity of the NFS in the medium prime case: Smoothness of Norms , by Naomi Benger and Manuel Charlemagne

  During an ongoing examination of the practical complexity of the Number Field Sieve (NFS) in the medium prime case we have noticed numerous interesting patterns. In this paper we present findings on the complexity in practice of an aspect of the sieving stage. The contributions of these observations to the computational mathematics community are twofold: firstly, they bring us a step closer to understanding the true practical complexity of the algorithm and secondly, they enabled the development of a test for the effectiveness of the polynomials used in the NFS. The results of this work are of particular interest to cryptographers: the practical complexity of the NFS determines directly the security level of some discrete logarithm problem based protocols, such as those arising in pairing-based cryptography.



06:17 [Pub][ePrint] AES-like ciphers: are special S-boxes better then random ones? (Virtual isomorphisms again), by Alexander Rostovtsev

  In [eprint.iacr.org/2012/663] method of virtual isomorphisms of ciphers was applied for differential/linear cryptanalysis of AES. It was shown that AES seems to be weak against those attacks. That result can be generalized to AES-like ciphers, which diffusion map is a block matrix, and its block size is the same as the S-box size. S-box is possibly weak if it is affine equivalent to a substitution that has the same cycling type as an affine substitution. Class of possibly weak S-boxes is very large; we do not know is there an S-box that is not possibly weak. Strength of AES-like cipher is defined by virtual isomorphism and not by differential/linear properties of the S-box. So we can assume that special S-boxes have little or no advantage comparatively to random nonlinear S-boxes. The conjecture is verified by experiments. If the conjecture is true, then search of the best S-boxes that maximizes the cipher strength against differential and linear attacks joined with virtual isomorphisms has no sense.



06:17 [Pub][ePrint] Secure and Constant Cost Public Cloud Storage Auditing with Deduplication, by Jiawei Yuan and Shucheng Yu

  Data integrity and storage efficiency are two important requirements for cloud storage. Proof of Retrievability (POR) and Proof of Data Possession (PDP) techniques assure data integrity for cloud storage. Proof of Ownership (POW) improves storage efficiency by securely removing unnecessarily duplicated data on the storage server. However, trivial combination of the two techniques, in order to achieve both data integrity and storage efficiency, results in non-trivial duplication of metadata (i.e., authentication tags), which contradicts the objectives of POW. Recent attempts to this problem introduce tremendous computational and communication costs and have been proven not secure. It calls for a new solution to support efficient and secure data integrity auditing with storage deduplication for cloud storage. In this paper we solve this open problem with a novel scheme based on techniques including polynomial-based authentication tags and homomorphic linear authenticators. Our design allows deduplication of both files and their corresponding authentication tags. Data integrity auditing and storage deduplication are achieved simultaneously. Our proposed scheme is also characterized by constant realtime communication and computational cost on the user side. Public auditing and batch auditing are both supported. Hence, our proposed scheme outperforms existing POR and PDP schemes while providing the additional functionality of deduplication. We prove the security of our proposed scheme based on the Computational Diffie-Hellman problem and the Strong Diffie-Hellman assumption. Numerical analysis and experimental results on Amazon AWS show that our scheme is efficient and scalable.



06:17 [Pub][ePrint] Practical (Second) Preimage Attacks on TCS_SHA-3, by Gautham Sekar and Soumyadeep Bhattacharya

  TCS\\_SHA-3 is a family of four cryptographic hash functions that are covered by an US patent (US 2009/0262925). The digest sizes are 224, 256, 384 and 512 bits. The hash functions use bijective functions in place of the standard, compression functions. In this paper we describe first and second preimage attacks on the full hash functions. The second preimage attack requires negligible time and the first preimage attack requires $O(2^{36})$ time. In addition to these attacks, we also present a negligible-time second preimage attack on a strengthened variant of the TCS\\_SHA-3. All the attacks have negligible memory requirements.



06:17 [Pub][ePrint] Some Fixes To SSH, by xu zijie

  To against some known attacks to Secure Shell (SSH), I propose some fixes to SSH. The fixes include add a key producer function and revise the MAC.