International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

03:17 [Pub][ePrint] Privacy and Verifiability in Voting Systems: Methods, Developments and Trends, by Hugo Jonker and Sjouke Mauw and Jun Pang

  One of the most challenging aspects in computer-supported voting is to combine the apparently conflicting requirements of privacy and verifiability. On the one hand, privacy requires that a vote cannot be traced back from the result to a voter, while on the other hand,

verifiability states that a voter can trace the effect of her vote on the result. This can be addressed using various privacy-enabling cryptographic primitives which also offer verifiability.

As more and more refined voting systems were proposed, understanding of first privacy and later verifiability in voting increased, and notions of privacy as well as notions of verifiability in voting became increasingly more refined. This has culminated in a variety of verifiable systems that use cryptographic primitives to ensure specific kinds of privacy. However, the corresponding privacy and verifiability claims are not often verified independently. When they are investigated, claims have been invalidated sufficiently often to warrant a cautious approach to them.

The multitude of notions, primitives and proposed solutions that claim to achieve both privacy and verifiability form an interesting but complex landscape. The purpose of this paper is to

survey this landscape by providing an overview of the methods, developments and current trends regarding privacy and verifiability in voting systems.

03:17 [Pub][ePrint] Accelerating Fully Homomorphic Encryption over the Integers with Super-size Hardware Multiplier and Modular Reduction, by Xiaolin Cao, Ciara Moore, Maire O\'Neill, Elizabeth O\'Sullivan and Neil Hanle

  A fully homomorphic encryption (FHE) scheme is envisioned as being a key cryptographic tool in building a secure and reliable cloud computing environment, as it allows arbitrarily evaluation of a ciphertext without revealing the plaintext. However, existing FHE implementations remain impractical due to their very high time and resource costs. Of the proposed schemes that can perform FHE to date, a scheme known as FHE over the integers has the ad-vantage of comparatively simpler theory, as well as the employment of a much shorter public key making its implementation somewhat more practical than other competing schemes.

To the author\'s knowledge, this paper presents the first hardware implemen-tations of encryption primitives for FHE over the integers using FPGA technol-ogy. First of all, a super-size hardware multiplier architecture utilising the Inte-ger-FFT multiplication algorithm is proposed, and a super-size hardware Barrett modular reduction module is designed incorporating the proposed multiplier. Next, two encryption primitives that are used in two schemes of FHE over the integers are designed employing the proposed super-size multiplier and modular reduction modules. Finally, the proposed designs are implemented and verified on the Xilinx Virtex-7 FPGA platform. Experimental results show that the speed improvement factors of up to 44.72 and 54.42 are available for the two FHE encryption schemes implemented in FPGA when compared to the corresponding software implementations. Meanwhile, the performance analysis shows that further improvement is speed of these FHE encryption primitives may still be possible.

06:33 [Job][New] Cryptographic Researcher, Security Innovation, Wilmington, MA, USA

  We’re planning to make a hire at Security Innovation to support our NTRU crypto research program, including providing support for the codebase of our NTRU implementations once we make it available under GPL.

Responsibilities will include:

· Work on NTRU crypto research, including efficient signature schemes

· Helping to better understand lattice reduction algorithms, potentially including:

o A complete or partial reimplementation of algorithms developed by Nguyen and Chen to properly understand their claims

o Research into use of the structure of NTRU / ideal lattices to obtain improvements over generic lattice reduction algorithms

o Exploring the relationship between expected-shortest and actual-shortest vector in a lattice and how it affects reduction times

· Support cryptographic queries that come in to NTRU as a result of the GPL move, including participating in discussions on forums such as crypto.stackexchange and others

· Support the codebase of the GPL implementation of NTRU, including:

o General optimizations for the C implementation on 32- and 64-bit processors such as including multiple coefficients in a single word

o Architecture-specific optimizations such as exploring what advantage can be taken of SIMD, etc

o Potentially writing and/or managing a Java implementation

· Support standardization activity

o In particular, manage the passing of one or more NTRU-related TLS ciphersuite drafts through IETF.

06:33 [Job][New] Associate Professor, School of Mathematical and Geospatial Sciences, RMIT University, Melbourne, Australia

  Associate Professor - Mathematical Science

Full-time, Continuing (i.e., permanent) position

Annual Salary: $121,048 to $133,357 + 17% superannuation

Information Security forms one of the research strengths of the School. The Master of Applied Science in Information Security and Assurance is one of the programs in the school with more than 50 coursework students.

Please see the following link for further information about the research group;ID=3kk0nfsjwuuc

and the following for further information about Master\\\'s program in Information Security and Assurance

Situated within the College of Science, Engineering and Health, the School of Mathematical and Geospatial Sciences draws together disciplines involving the collection of data, the analysis of data, data security, and the understanding and optimisation of systems through modelling and visualisation. The School has more than 60 academic staff and over 70 postgraduate research students.

Reporting to the Head of School, the Associate Professor - Mathematical Science will be expected to be an active researcher. This will include supervising research students; undertaking and publishing high quality research, and applying for research grants.

06:17 [Pub][ePrint] Recomputing with Permuted Operands: A Concurrent Error Detection Approach, by Xiaofei Guo and Ramesh Karri

  Naturally occurring and maliciously injected faults reduce the reliability of cryptographic hardware and may leak confidential information. We develop a concurrent error detection (CED) technique called Recomputing with Permuted Operands (REPO). We show that it is cost effective in Advanced Encryption Standard (AES) and a secure hash

function Grøstl. We provide experimental results and formal proofs to show that REPO detects all single-bit and single-byte faults. Experimental results show that REPO achieves close to 100% fault coverage for multiple byte faults. The hardware and throughput overheads are compared with those of previously reported CED techinques on two Xilinx Virtex FPGAs. The hardware overhead is 12.4-27.3%, and the throughput is 1.2-23Gbps, depending on the AES architecture, FPGA family, and detection latency. The performance overhead ranges from 10% to 100% depending on the security

level. Moreover, the proposed technique can be integrated into various block cipher modes of operation. We also discuss the limitation of REPO and its potential vulnerabilities.

07:41 [Event][New] ACNS'14: 12th International Conference on Applied Cryptography and Network Security

  Submission: 10 January 2014
Notification: 14 March 2014
From June 10 to June 13
Location: Lausanne, Switzerland
More Information:

06:17 [Pub][ePrint] Modelling Time, or A Step Towards Reduction-based Security Proofs for OTP and Kerberos, by Jörg Schwenk

  The notion of time plays an important role in many practically deployed cryptographic protocols, ranging from One-Time-Password (OTP) tokens to the Kerberos protocol. However, time is difficult to model in a Turing machine environment.

We propose the first such model, where time is modelled as a global counter T . We argue that this model closely matches several implementations of time in computer environments. The usefulness of the model is shown by giving complexity-theoretic security proofs for OTP protocols, HMQV-like one-round AKE protocols, and a variant of the basic Kerberos building block.

06:17 [Pub][ePrint] Presentation of a new class of public key cryptosystems K(XIII)SE(1)PKC along with Kp(XIII)SE(1)PKC that realizes the coding rate of exactly 1.0, constructed by modifying K(XII)SE(1)PKC., by Masao KAS

  In this paper, we present a new class of public key cryptosystems by modifying K(XII)SE(1)PKC[1], referred to as K(XIII)SE(1)PKC, and a particular class of K(XIII)SE(1)PKC, Kp(XIII)SE(1)PKC. We show that K(XIII)SE(1)PKC would improve both the coding rate and the security, compared with K(XII)SE(1)PKC. We also show that Kp(XIII)SE(1)PKC realizes the coding rate of exactly 1.0. In a sharp contrast with the conventional code based PKC (CB・PKC) that uses Goppa code, in K(XII)SE(1)PKC, K(XIII)SE(1)PKC and Kp(XIII)SE(1)PKC, we do not care for the security of the primitive polynominal that generates the Reed-Solomon code.

06:17 [Pub][ePrint] Revocable quantum timed-release encryption, by Dominique Unruh

  Timed-release encryption is a kind of encryption scheme that a

recipient can decrypt only after a specified amount of time T

(assuming that we have a moderately precise estimate of his computing

power). A revocable timed-release encryption is one where,

before the time T is over, the sender can \"give back\" the

timed-release encryption, provably loosing all access to the data. We

show that revocable timed-release encryption without trusted parties

is possible using quantum cryptography (while trivially impossible


Along the way, we develop two proof techniques in the quantum random

oracle model that we believe may have applications also for other


Finally, we also develop another new primitive, unknown recipient

encryption, which allows us to send a message to an

unknown/unspecified recipient over an insecure network in such a way

that at most one recipient will get the message.

06:17 [Pub][ePrint] Cryptanalysis of Full RIPEMD-128, by Franck Landelle and Thomas Peyrin

  In this article we propose a new cryptanalysis method for double-branch hash functions that we apply on the standard RIPEMD-128, greatly improving over know results. Namely, we were able to build a very good differential path by placing one non-linear differential part in each computation branch of the RIPEMD-128 compression function, but not necessarily in the early steps. In order to handle the low differential probability induced by the non-linear part located in later steps, we propose a new method for using the freedom degrees, by attacking each branch separately and then merging them with free message blocks. Overall, we present the first collision attack on the full RIPEMD-128 compression function as well as the first distinguisher on the full RIPEMD-128 hash function. Experiments on reduced number of rounds were conducted, confirming our reasoning and complexity analysis. Our results show that 16 years old RIPEMD-128, one of the last unbroken primitives belonging to the MD-SHA family, might not be as secure as originally thought.

06:17 [Pub][ePrint] How to Further Increase Leakage Exploitation Rate in Profiled Side-Channel Attacks?, by Guangjun Fan and Yongbin Zhou and Hailong Zhang and Dengguo Feng

  Template Attack is widely accepted to be one of the most powerful side-channel attacks, because it is assumed that one has full knowledge of targeted crypto devices and thus be well capable of characterizing the side-channel leakages. However, whether or not Template Attack exploits side-channel leakages to the fullest is still not clear. In this paper, we present a negative answer to this central question, by introducing a normalization process into original Template Attack. We present Normalized Template Attack, which has the normalization process. Furthermore, we prove that Normalized Template Attack is better that its original counterpart in terms of leakage exploitation rate. We evaluate the key-recovery efficiency of Normalized Template Attack and original Template Attack as well under identical scenarios, by performing attacks against both simulated and real power traces. Our experimental results show that our method is valid end effective. Remarkably enough, this normalization process is of extremely low computation cost. Therefore, we argue that the

normalization process should be integrated as a necessary part of profile attacks in order to better understand the practical threats of these attacks.