International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-06-18
09:17 [Pub][ePrint] On the Practical Security of a Leakage Resilient Masking Scheme, by Emmanuel Prouff and Matthieu Rivain and Thomas Roche

  At TCC 2012, Dziembowski and Faust show how to construct leakage resilient circuits using secret sharing based on the inner product [2]. At Asiacrypt 2012, Ballash et al. turned the latter construction into an efficient masking scheme and they apply it to protect an implementation of AES against side-channel attacks [1]. The so-called Inner-Product masking (IPmasking for short) was claimed to be secure with respect to two different security models: the $\\lambda$-limited security model (Section 4 of [1]), and the dth-order security model (see definitions p.8 of [1]). In the former model, the security proof makes sense for a sharing dimension $n > 130$ which is acknowledged impractical by the authors. In the latter model, the scheme is claimed secure up to the order $d = n-1$. In this note, we contradict the dth-order security claim by exhibiting a 1st-order flaw in the masking algorithm for any chosen sharing dimension n.



00:17 [Forum] [IACR Publication Reform] Re: The speed of science: two case studies by cbw

  Hi, I guess it\'s quite simple math: If the same paper does not get resubmitted to Crypto / Eurocrypt / Asiacrypt / TCC, we don\'t have to review it again and again 4 (!) times. If the saved time will be spent on better reviews is clearly a different ball-game... Best, Christopher From: 2013-17-06 22:07:18 (UTC)



2013-06-17
22:33 [Job][Update] PostDoc Position in Lightweight Cryptography for the Internet of Things, University of Luxembourg

  The Laboratory of Algorithmics, Cryptology and Security (LACS) of the University of Luxembourg is looking for a post-doctoral researcher in the area of lightweight cryptography. The successful candidate will contribute to a research project entitled \\\"Applied Cryptography for the Internet of Things (ACRYPT)\\\", which is funded by the Fonds National de la Recherche (FNR). Besides conducting high-quality research, the tasks associated with this position include the co-supervision of a Ph.D. student and the dissemination of research results. The ACRYPT project is led by Prof. Alex Biryukov and expected to start in summer 2013.

Candidates must hold a Ph.D. degree (or be in the final stages of a Ph.D. program) in cryptography or a closely related discipline. Applications from researchers with experience in embedded systems security, network security, privacy/anonymity, or mobile/wireless security will also be considered. Preference will be given to candidates with a strong publication record including papers in top-tier crypto/security conference proceedings or journals. Candidates with an interest to conduct leading-edge research in one of the following areas are particularly encouraged to apply:

Design and analysis of symmetric cryptographic primitives

Side-channel attacks (e.g. DPA) on symmetric cryptographic primitives and countermeasures

The position is available from July 2013 on basis of a fixed-term contract for a duration of three years, which includes a probation period of six months. LACS offers excellent working conditions in an attractive research environment and a highly competitive salary. Interested candidates are invited to submit their application by email to lacs.acrypt(at)gmail.com. The application material should contain a cover letter explaining the candidate\\\'s motivation and research interests, a detailed CV (including photo), a list of publications, copies of diploma certificates, and nam

22:32 [Job][Update] Professor of Cyber Security, Tallinn University of Technology, Estonia

  The Department of Computer Science at Tallinn University of Technology is looking for a full Professor of Cyber Security.

This appointment is part of the strategic growth of the Department of Computer Science, supported by the Estonian IT Academy program. The department is seeking an energetic and dynamic candidate who will contribute to and complement the current research and teaching activities, and promote cooperation with national and international partners in academia, industry, government, and military. The candidate’s main responsibility in the areas of cyber security will be research activities, supervising Ph.D work, leading department’s cyber security research and study program, and teaching courses on postgraduate level.

The successful candidate will serve as a leader of research and teaching in the field of practical cyber security and digital forensics.

The position has currently been announced for the period Feb 2014 - Jan 2019. It can be extended. Ask the contact persons about details.



22:24 [Job][New] Professor of Cyber Security, Tallinn University of Technology, Estonia

  The Department of Computer Science at Tallinn University of Technology is looking for a full Professor of Cyber Security.

This appointment is part of the strategic growth of the Department of Computer Science, supported by the Estonian IT Academy program. The department is seeking an energetic and dynamic candidate who will contribute to and complement the current research and teaching activities, and promote cooperation with national and international partners in academia, industry, government, and military. The candidate’s main responsibility in the areas of cyber security will be research activities, supervising Ph.D work, leading department’s cyber security research and study program, and teaching courses on postgraduate level.

The successful candidate will serve as a leader of research and teaching in the field of practical cyber security and digital forensics.

The position has currently been announced for the period Feb 2014 - Jan 2019. It can be extended. Ask the contact persons about details.



21:19 [Pub][JoC] [IACR Publication Reform] The speed of science: two case studies by djb

  Nigel Smart was quite clear at Eurocrypt in advertising the Proceedings of the IACR as fixing our "High review load". Well, gee, sounds great, but how come the IACR Board seems unable to explain to the rest of us _how_ this reduction in review load is supposed to happen? Nigel doesn\'t answer the question but says he\'s putting together "a more detailed proposal". Christian Cachin says that there "could" be a one-year "ban on resubmission" but he fails to define "resubmission". Ivan Damgård (not on the current IACR Board) says "Claiming you added something substantial in two weeks is probably bogus anyway." Let\'s think about this "two weeks" figure for a moment. Case study 1: DBLP for "Ivan Damgård" finds 7 conference papers in 2012 (Crypto, CT-RSA, ICITS, PKC, SCN, SCN, TCC), not to mention 7 eprint papers the same year. That\'s a throughput of one conference paper every 7.4 weeks. How can Ivan claim that 2 weeks isn\'t enough time for a "substantial" improvement to a paper, if he spends a _total_ of only 7.4 weeks per successful conference paper? Furthermore, surely Ivan would agree that some papers are easier to write than others, and also that he\'s not spending all of his time on paper-writing---if he really focuses on a paper then he can probably get it done much more quickly. Is it really so hard to believe that an author has done "something substantial in two weeks"? Of course, it\'s actually Ivan plus coauthors, and increased use of the Internet is in general making it easier and easier to have many coauthors, which makes it even easier to believe that a research team is doing something very quickly. How can anyone imagine that a knee-jerk time-based response could substitute for a proper scientific evaluation? Case study 2: Let\'s look at what happened to one of those eprint papers, 2012/699, in which Ivan proposed a specific "practical" LPN-based cryptosystem. A few days later I pointed out publicly that this specific proposal failed to account for the attack in 2012/355, a paper at RFIDsec 2012. Of course, RFIDsec isn\'t a top-tier IACR conference, but surely Ivan will agree that 2012/355---forcing changes in the parameters and "practicality" of his paper 2012/699---was worthy of publication. Here\'s how 2012/355 evolved. An LPN-related system "Lapin" was presented at FSE 2012 the morning of 21 March 2012. Tanja Lange and I were in the audience, were both immediately skeptical of the security of the system, and started investigating attacks. We had our attack paper ready for the RFIDsec submission deadline on 31 March 2012, and had it in essentially final form by 5 April 2012---two weeks and one day after the FSE talk. We prioritized other tasks at that point, and didn\'t end up doing the last few days of work to post the paper until June 2012, but with some slight rescheduling we would have had the complete paper online two weeks after we started. I\'m sure that Ivan, and many hundreds of other people here, can think of similarly efficient paper-writing examples from their own experience. So why do we have Ivan saying "two weeks is probably bogus anyway" for a mere revision? And how can Christian possibly think that a one-year ban is even marginally reasonable? ---Dan From: 2013-15-06 20:31:51 (UTC)