International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

03:17 [Pub][ePrint] Cryptanalysis of the Speck Family of Block Ciphers, by Farzaneh Abed and Eik List and Stefan Lucks and Jakob Wenzel

  Simon and Speck are two families of ultra-lightweight block ciphers which were proposed by the U.S. National Security Agency in June 2013. Yet, the specification paper discusses only the design and the performance of both cipher families, the task of analyzing their security has been left to the research community.

In this paper we present conventional differential as well as rectangle attacks for almost all members of the \\speck cipher family, where we target up to 11/22, 12/23, 14/16, 15/29, and 18/34 rounds of the 32-, 48-, 64-, 96-, and 128-bit version, respectively. In addition, we discuss rotational attacks, where we show that these attacks can be easily mounted for the full or almost the full number of rounds for large groups of weak keys.

03:17 [Pub][ePrint] More Efficient Cryptosystems From k-th Power Residues, by Zhenfu Cao and Xiaolei Dong and Licheng Wang and Jun Shao

  At Eurocrypt 2013, Joye and Libert proposed a method for constructing public key cryptosystems (PKCs) and lossy trapdoor functions (LTDFs) from $(2^\\alpha)^{th}$-power residue symbols. Their work can be viewed as non-trivial extensions of the well-known PKC scheme due to Goldwasser and Micali, and the LTDF scheme due to Freeman et al., respectively. In this paper, we will demonstrate that this kind of work can be extended \\emph{more generally}: all related constructions can work for any $k^{th}$ residues if $k$ only contains small prime factors, instead of $(2^\\alpha)^{th}$-power residues only. The resultant PKCs and LTDFs are more efficient than that from Joye-Libert method in terms of decryption speed with the same message length.

03:17 [Pub][ePrint] New Efficient Identity-Based Encryption From Factorization, by Jun Shao and Licheng Wang and Xiaolei Dong and Zhenfu Cao

  Identity Based Encryption (IBE) systems are often constructed using pairings or lattices. Three exceptions are due to Cocks in 2001, Boneh, Gentry and Hamburg in 2007, and Paterson and Srinivasan in 2009. In this paper, we propose an efficient identity-based encryption scheme of which the security is rooted in the intractability assumption of integer factorization. We believe that our construction has some essential differences from all existing IBEs.

03:17 [Pub][ePrint] Efficient General-Adversary Multi-Party Computation, by Martin Hirt and Daniel Tschudi

  Secure multi-party computation (MPC) allows a set P of n players to evaluate a function f in presence of an adversary who corrupts a subset of the players. In this paper we consider active, general adversaries, characterized by a so-called adversary structure Z which enumerates all possible subsets of corrupted players. In particular for small sets of players general adversaries better capture real-world requirements than classical threshold adversaries.

Protocols for general adversaries are ``efficient\'\' in the sense that they require |Z|^O(1) bits of communication. However, as |Z| is usually very large (even exponential in n), the exact exponent is very relevant. In the setting with perfect security, the most efficient protocol known to date communicates |Z|^3 bits; we present a protocol for this setting which communicates |Z|^2 bits. In the setting with statistical security, |Z|^3 bits of communication is needed in general (whereas for a very restricted subclass of adversary structures, a protocol with communication

|Z|^2 bits is known); we present a protocol for this setting (without limitations) which communicates |Z|^1 bits.

03:17 [Pub][ePrint] Quad-RC4: Merging Four RC4 States towards a 32-bit Stream Cipher, by Goutam Paul and Subhamoy Maitra and Anupam Chattopadhyay

  RC4 has remained the most popular software stream cipher since the last two decades. In parallel to cryptanalytic attempts, researchers have come up with many variants of RC4, some targeted to more security, some towards more throughput. We observe that the design of RC4 has been changed a lot in most of the variants. Since the RC4 structure is quite secure if the cipher is used with proper precautions, an arbitrary change in the design may lead to potential vulnerabilities, such as the distinguishing attack (Tsunoo et al., 2007) on the word-oriented variant GGHN (Gong et al., 2005). Some variants keep the RC4 structure (Maitra et al., 2008), but is byte-oriented and hence is an overkill for modern wide-word processors. In this paper, we try to combine the best of both the worlds. We keep the basic RC4 structure which guarantees reasonable security (if properly used) and we combine 4 RC4 states tacitly to design a high throughput stream cipher called {\\em Quad-RC4} that produces $32$-bit output at every round. The storage requirement for the internal state is only $1024$ bits. In terms of speed, this cipher performs much faster than normal RC4 and is comparable with HC-128, the fastest software stream cipher amongst the eSTREAM finalists. We also discuss the issue of generalizing the structure of Quad-RC4 to higher word-width variants.

02:34 [Event][New] Africacrypt 2014

  Submission: 8 January 2014
Notification: 1 March 2014
From May 28 to May 30
Location: Marrakech, Morroco
More Information: http://

02:31 [Job][Update] Lead Digital Currency Crypto Contractor, Currency Instruments, Illinois (USA)

  Crypto Engineer is to Design, Develop, Engineer the next generation Digital Currency across all platforms for the global world market to use. (e.g. Internet, Mobile Technology, ect)

Work from your home location

17:47 [Job][New] Lead Digital Currency Crypto Engineer, Currency Instruments, Illinois (USA)

  Crypto Engineer is to Design, Develop, Engineer the next generation Digital Currency across all platforms for the global world market to use. (e.g. Internet, Mobile Technology, ect)

Work from your home location

21:17 [Pub][ePrint] Self-pairings on supersingular elliptic curves with embedding degree $three$, by Binglong Chen and Chang-An~Zhao

  Self-pairings are a special subclass of pairings and

have interesting applications in cryptographic schemes and protocols. In this paper, we explore the computation of the self-pairings on supersingular elliptic curves with embedding degree $k = 3$. We construct a novel self-pairing which has the same Miller loop as the Eta/Ate pairing. However, the proposed self-pairing has a simple final exponentiation. Our results suggest that the proposed self-pairings are more efficient than the other ones on the corresponding curves. We compare the efficiency of self-pairing computations on different curves

over large characteristic and estimate that the proposed self-pairings on curves with $k=3$ require $44\\%$ less field multiplications than the fastest ones on curves with $k=2$ at AES 80-bit security level.

21:17 [Pub][ePrint] Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding, by Zvika Brakerski and Guy N. Rothblum

  We present a new general-purpose obfuscator for all polynomial-size circuits. The obfuscator uses graded encoding schemes, a generalization of multilinear maps. We prove that the obfuscator exposes no more information than the program\'s black-box functionality, and achieves {\\em virtual black-box security}, in the generic graded encoded scheme model. This proof is under a plausible worst-case complexity-theoretic assumption related to the Exponential Time Hypothesis, in addition to standard cryptographic assumptions.

Very recently, Garg et al.~(FOCS 2013) used graded encoding schemes to present a candidate obfuscator for the weaker notion of \\emph{indistinguishability obfuscation}, without a proof of security. They posed the problem of constructing a provably secure indistinguishability obfuscator in the generic model. Our obfuscator, which achieves the stronger guarantee of virtual black-box security, resolves this problem (under the complexity assumptions).

Our construction is different from that of Garg et al., but it is inspired by their use of permutation branching programs. We obtain our obfuscator by developing techniques used to obfuscate $d$-CNF formulas (ePrint 2013), and applying them to permutation branching programs. This yields an obfuscator for the complexity class NC1. We then use homomorphic encryption to obtain an obfuscator for any polynomial-size circuit.

21:17 [Pub][ePrint] Capacity of Non-Malleable Codes, by Mahdi Cheraghchi and Venkatesan Guruswami

  Non-malleable codes, introduced by Dziembowski, Pietrzak and Wichs (ICS 2010), encode messages $s$ in a manner so that tampering the codeword causes the decoder to either output $s$ or a message that is independent of $s$. While this is an impossible goal to achieve against unrestricted tampering functions, rather surprisingly non-malleable coding becomes possible against every fixed family $F$ of tampering functions that is not too large (for instance, when $|F| \\le \\exp(2^{\\alpha n})$ for some $\\alpha \\in [0, 1)$ where $n$ is the number of bits in a codeword).

In this work, we study the \"capacity of non-malleable coding\", and establish optimal bounds on the achievable rate as a function of the family size, answering an open problem from Dziembowski et al. (ICS 2010). Specifically,

1. We prove that for every family $F$ with $|F| \\le \\exp(2^{\\alpha n})$, there exist non-malleable codes against $F$ with rate arbitrarily close to $1-\\alpha$ (this is achieved w.h.p. by a randomized construction).

2. We show the existence of families of size $\\exp(n^{O(1)} 2^{\\alpha n})$ against which there is no non-malleable code of rate $1-\\alpha$ (in fact this is the case w.h.p for a random family of this size).

3. We also show that $1-\\alpha$ is the best achievable rate for the family of functions which are only allowed to tamper the first $\\alpha n$ bits of the codeword, which is of special interest.

As a corollary, this implies that the capacity of non-malleable coding in the split-state model (where the tampering function acts independently but arbitrarily on the two halves of the codeword) equals $1/2$.

We also give an efficient Monte Carlo construction of codes of rate close to 1 with polynomial time encoding and decoding that is non-malleable against any fixed $c > 0$ and family $F$ of size $\\exp(n^c)$, in particular tampering functions with, say, cubic size circuits.