International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

09:17 [Pub][ePrint] Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model (Extended version), by Georg Neugebauer and Lucas Brutschy and Ulrike Meyer and Susanne Wetzel

  The problem of fair and privacy-preserving ordered set reconciliation arises in a variety of applications like auctions, e-voting, and appointment reconciliation. While several multi-party protocols have been proposed that solve this problem in the semi-honest model, there are no multi-party protocols that are secure in the malicious model so far. In this paper, we close this gap. Our newly proposed protocols are shown to be secure in the malicious model based on a variety of novel non-interactive zero-knowledge-proofs. We describe the implementation of our protocols and evaluate their performance in comparison to protocols solving the problem in the semi-honest case.

09:17 [Pub][ePrint] Bias-based modeling and entropy analysis of PUFs, by Robbert van den Berg and Boris Skoric and Vincent van der Leest

  Physical Unclonable Functions (PUFs) are increasingly becoming

a well-known security primitive for secure key storage

and anti-counterfeiting. For both applications it is imperative

that PUFs provide enough entropy. The aim of this paper

is to propose a new model for binary-output PUFs such as

SRAM, DFF, Latch and Buskeeper PUFs, and a method to

accurately estimate their entropy. In our model the measurable

property of a PUF is its set of cell biases. We determine

an upper bound on the \'extractable entropy\', i.e. the number

of key bits that can be robustly extracted, by calculating the

mutual information between the bias measurements done at

enrollment and reconstruction.

In previously known methods only uniqueness was studied

using information-theoretic measures, while robustness was

typically expressed in terms of error probabilities or distances.

It is not always straightforward to use a combination of these

two metrics in order to make an informed decision about

the performance of different PUF types. Our new approach

has the advantage that it simultaneously captures both of

properties that are vital for key storage: uniqueness and

robustness. Therefore it will be possible to fairly compare

performance of PUF implementations using our new method.

Statistical validation of the new methodology shows that

it clearly captures both of these properties of PUFs. In other

words: if one of these aspects (either uniqueness or robustness)

is less than optimal, the extractable entropy decreases.

Analysis on a large database of PUF measurement data shows

very high entropy for SRAM PUFs, but rather poor results

for all other memory-based PUFs in this database.

09:17 [Pub][ePrint] New Trapdoor Projection Maps for Composite-Order Bilinear Groups, by Sarah Meiklejohn and Hovav Shacham

  An asymmetric pairing over groups of composite order is a bilinear map $e: G_1 \\times G_2 \\to G_T$ for groups $G_1$ and $G_2$ of composite order $N=pq$. We observe that a recent construction of pairing-friendly elliptic curves in this setting by Boneh, Rubin, and Silverberg exhibits surprising and unprecedented structure: projecting an element of the order-$N^2$ group $G_1 \\oplus G_2$ onto the bilinear groups $G_1$ and $G_2$ requires knowledge of a trapdoor. This trapdoor, the square root of a certain number modulo $N$, seems strictly weaker than the trapdoors previously used in composite-order bilinear cryptography.

In this paper, we describe, characterize, and exploit this surprising structure. It is our thesis that the additional structure available in these curves will give rise to novel cryptographic constructions, and we initiate the study of such constructions. Both the subgroup hiding and SXDH assumptions appear to hold in the new setting; in addition, we introduce custom-tailored assumptions designed to capture the trapdoor nature of the projection maps into $G_1$ and $G_2$. Using the old and new assumptions, we describe an extended variant of the Boneh-Goh-Nissim cryptosystem that allows a user, at the time of encryption, to restrict the homomorphic operations that may be performed. We also present a variant of the Groth-Ostrovsky-Sahai NIZK, and new anonymous IBE, signature, and encryption schemes.

09:17 [Pub][ePrint] Parallel authenticated encryption with the duplex construction, by Pawel Morawiecki and Josef Pieprzyk

  The authentication encryption (AE) scheme based on the duplex construction can no be paralellized at the algorithmic level. To be competitive with some block cipher based modes like OCB (Offset CodeBook) or GCM (Galois Counter Mode), a scheme should allow parallel processing. In this note we show how parallel AE can be realized within the framework provided by the duplex construction. The first variant, pointed by the duplex designers, is a tree-like structure. Then we simplify the scheme replacing the final node by the bitwise xor operation and show that such a scheme has the same security level.

09:17 [Pub][ePrint] A provable secure anonymous proxy signature scheme without random oracles, by Rahim Toluee, Maryam Rajabzadeh Asaar, Mahmoud Salmasizadeh

  In order to protect the proxy signers\' privacy, many anonymous proxy signature schemes which are also called proxy ring signatures, have been proposed. Although the provable security in the random oracle model has received a lot of criticism, there is no provable secure anonymous proxy signature scheme without random oracles. In this paper, we propose the first provable secure anonymous proxy signature scheme without random oracles which is the combination of proxy signature and ring signa-ture. For the security analysis, we categorize the adversaries into three types accord-ing to different resources they can get and prove in the standard model that, our pro-posal is anonymous against full key exposure and existential unforgeable against all kinds of adversaries with the computational Diffie-Hellman and the subgroup hiding assumptions in bilinear groups.

04:47 [Event][New] SEC 2014: 29th IFIP TC11 SEC 2014 Int Conf ICT Systems Security & Privacy Protection

  Submission: 20 January 2014
Notification: 10 March 2014
From June 2 to June 4
Location: Marrakech, Morocco
More Information:

04:46 [Event][New] CHES 2014: Cryptographic Hardware and Embedded Systems

  Submission: 3 March 2014
Notification: 26 May 2014
From September 23 to September 26
Location: Busan, Korea
More Information:

16:30 [Job][New] Two PhD Positions, University of Bristol

  The Government Communications Headquarters (GCHQ) in Cheltenham has agreed in principle to sponsor two PhD/Doctoral Studentships at Bristol University in the area of Cryptography. See the link below for the two project descriptions.

The studentships are only open to UK nationals and the successful candidate will be required to spend in the region of 2 - 4 weeks per year at GCHQ headquarters in Cheltenham. To be considered for this studentship, candidates must therefore be prepared to undergo GCHQ\\\'s security clearance procedures.

The studentships will be funded for a period of 3.5 years. GCHQ will cover the costs of university fees (currently £ 3828 per annum) and will provide an annual stipend to the student corresponding to the National Minimum Stipend (currently £ 13,590 per annum) plus an additional stipend of £ 7,000 per annum. Making a total tax-free stipend of £ 20,590 per annum. A generous travel budget is also provided to enable attendance at international conferences and workshops.

08:41 [News] Deadline for Nominations of IACR Fellows

  Nominations and endorsements for IACR Fellows are due on December 31. Instructions are available at

13:03 [Job][New] Two Post-Docs, Nanyang Technological University, Singapore

  We are looking for two Post-Docs in coding and lattice based cryptography. Contact us if you have (or will have soon) a PhD in Cryptography or a related subject, an excellent publication record and would like to work in a fun environment in Singapore.

More information on Coding and Crypto Research Group at Nanyang Technological University can be found at

The applications will be considered immediately. The positions are for 1 year, but renewable up to 3 years.

18:17 [Pub][ePrint] Direct Chosen-Ciphertext Secure Attribute-Based Key Encapsulations without Random Oracles, by Johannes Blömer and Gennadij Liske

  We present a new technique to realize attribute-based encryption (ABE) schemes secure in the standard model against chosen-ciphertext attacks (CCA-secure). Our approach is to extend certain concrete chosen-plaintext secure (CPA-secure) ABE schemes to achieve more efficient constructions than the known generic constructions of CCA-secure ABE schemes. We restrict ourselves to the construction of attribute-based key encapsulation mechanisms (KEMs) and present two concrete CCA-secure schemes: a key-policy attribute-based KEM that is based on Goyal\'s key-policy ABE and a ciphertext-policy attribute-based KEM that is based on Waters\' ciphertext-policy ABE. To achieve our goals, we use an appropriate hash function and need to extend the public parameters and the ciphertexts of the underlying CPA-secure encryption schemes only by a single group element. Moreover, we use the same hardness assumptions as the underlying CPA-secure encryption schemes.