International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

09:17 [Pub][ePrint] Cryptanalysis of Iterated Even-Mansour Schemes with Two Keys, by Eli Biham and Yaniv Carmeli and Itai Dinur and Orr Dunkelman and Nathan Keller and Adi Shamir

  The iterated Even-Mansour (EM) scheme is a generalization of the original 1-round construction proposed in 1991, and can use one key, two keys, or completely independent keys. In this paper, we methodically analyze the security of all the possible iterated Even-Mansour schemes with two $n$-bit keys and up to four rounds, and show that none of them provides more than $n$-bit security. In particular, we can apply one of our new attacks to 4 steps of the LED-128 block cipher, reducing the time complexity of the best known attack on this scheme from $2^{96}$ to $2^{64}$. As another example of the broad applicability of our techniques, we show how to reduce the time complexity of the attack on two-key triple-DES (which is an extremely well studied and widely deployed scheme) when fewer than $2^n$ known plaintext-ciphertext pairs are given. Our attacks are based on a novel cryptanalytic technique called \\emph{multibridge} which connects different parts of the cipher such that they can be analyzed independently, exploiting its self-similarity properties. Finally, the key suggestions of the different parts are efficiently joined using a meet-in-the-middle attack.

09:17 [Pub][ePrint] A Practical Related-Key Boomerang Attack for the Full MMB Block Cipher, by Tomer Ashur and Orr Dunkelman

  The MMB block cipher (Modular Multiplication-based Block cipher) is an iterative block cipher designed by Daemen, Govaerts, and Vandewalle in 1993 as an improvement of the PES and IPES ciphers.

In this paper we present several new related-key differential characteristics of MMB. These characteristics can be used to form several related-key boomerangs to attack the full MMB. Using 2^{20} adaptive chosen plaintexts and ciphertexts we recover all key bits in 2^{35} time for the full MMB. Our attack was experimentally verified, and it takes less than 15 minutes on a standard Intel i5 machine to recover the full MMB key.

After showing this practical attack on the full key of the full MMB, we present partial attacks on extended versions of MMB with up to 9 rounds (which is three more rounds than in the full MMB). We recover 62 out of the 128-bit key in time of 2^{29.2} for 7-round MMB, using 2^{20} adaptive chosen plaintexts and ciphertexts encrypted under 4 related-keys, and time of 2^{29} for 8-round MMB using 2^{20} adaptive chosen plaintexts and ciphertexts, encrypted under 6 related-keys. We show how an adversary can recover 31 out of the 128-bit key for the 9-round MMB in time of 2^{27.8} using 2^{19} adaptive chosen plaintexts and ciphertexts, encrypted under only 2 related-keys. We also show how the time complexity of all attacks can be reduced by partially precomputing the difference distribution table of MMB\'s components.

09:17 [Pub][ePrint] Automatic Security Evaluation for Bit-oriented Block Ciphers in Related-key Model: Application to PRESENT-80, LBlock and Others, by Siwei Sun, Lei Hu, Peng Wang

  Since AES and PRESENT are two international standard block ciphers representing the most elegant design strategies for byte-oriented and bit-oriented designs respectively, we regard AES and PRES\\-ENT the two most significant candidates to scrutinize with respect to related-key differential attack.

In EUROCRYPT 2010 and CRYPTO 2013, the security of AES with respect to related-key differential attack has been completely analyzed by Alex Biryukov et al and Pierre-Alain Fouque et al with automatic related-key differential characteristic searching tools.

In this paper, we propose two methods to describe the differential behaviour of an S-box with linear inequalities based on logical condition modelling and computational geometry.

In one method, inequalities are generated according to some conditional differential properties of the S-box; in the other method, inequalities are extracted from the H-representation of the convex hull of all possible differential patterns of the S-box.

For the second method, we develop a greedy algorithm for selecting a given number of inequalities from the convex hull. Using these inequalities combined with Mixed-Integer Linear Programming (MILP) technique, we successfully prove that the full-round PRESENT-80 is secure against standard related-key differential attack, which solves an open problem of the symmetric-key cryptography community. This proof is accomplished automatically on a workstation with 8 CPU cores in a time within 16 days. In a similar way, we also prove that the probability of the best related-key differential characteristic of full LBlock is upper bounded by $2^{-56}$, which is the first result concerning the security of full LBlock with respect to related-key differential attack.

The methodology presented in this paper is generic, automatic and applicable to lightweight constructions with small block size, small S-boxes, and bit-oriented operations, including but not limited to PRESENT, EPCBC, LBlock, etc, which opens a new interesting direction of research for bit-oriented ciphers and for the application of MILP technique in cryptography.

04:41 [Event][New] PUFFIN: Physically Unclonable Functions Workshop

  From November 3 to November 3
Location: Berlin, Germany
More Information:

04:34 [Job][New] Security Consultant, ESCRYPT Inc., Ann Arbor


As an internationally active and highly growth-oriented company in the field of embedded security, ESCRYPT supports all industry segments in need of security solutions for embedded systems, including automotive, industrial control systems, energy, and consumer electronics. In this area, ESCRYPT GmbH, a 100-percent subsidiary of ETAS GmbH, a member of the Bosch Group, is a leading system house.


You will consult our customers in the areas concerning embedded and automotive cyber security. The consulting includes, but is not limited to, security analysis of existing security applications, security concepts, architecture of security solutions, and security design of secure systems. In addition, your task will be the adjustment and enhancement of existing IT security solutions. Furthermore, you will compile surveys and decision memos for new IT security technologies and products.

Depending on your background, you might also develop customized software for client projects in the area of embedded data security and engage in product development;


You must have Master’s Degree in Computer Science, Information Technology or Information Security. A PhD. or experience in a position as Security Engineer, Security Consultant or Information Security Analyst is beneficial.


- Willing to work in a flexible team

- Reliability

- Independent and thoughtful

- Pleasant communication skills


We offer opportunities for working independently and with self-reliance in a dynamic team whose members are highly qualified and internationally experienced. Your work environment will feature challenging and diversified tasks, flat hierarchies, and performance based-compensation in an appealing and open-minded corporate climate. We offer generous benefits.

Send us your full application with key number USA-1310S

04:33 [Job][New] Lecturer, University College London, UK, EU

  The Department of Computer Science at University College London (UCL) invites applications for a faculty position in the area of Information Security. We seek world-class talent; candidates must have an outstanding research track record. The appointment will be made at the rank of Lecturer.

We are looking to complement and strengthen our existing expertise in Information Security by recruiting in any of the following areas: computer forensics, information security risk management, economics of security, design and development of secure systems, or human factors of information security.

Since we are an experimental Computer Science department, and UCL is strongly committed to multi-disciplinary research, we are looking for researchers who conduct empirical security research, and are interested in collaboration with colleagues in the Faculty of Engineering (e.g. Crime Science, the Institute of Making) and within UCL (e.g. Transport Studies, Bartlett School of the Built Environment) and beyond (e.g. London Centre for Nanotechnology).

09:36 [Event][New] Summer school on Design and security of crypto algorithms and devices

  From June 1 to June 6
Location: ?ibenik, Croatia
More Information:

06:42 [Job][New] two Ph.D. positions, Worcester Polytechnic Institute

  The Vernam Lab at WPI in Worcester, MA has *two* open PhD positions in applied cryptography:

1) Design and implementation of fully homomorphic encryption schemes.

2) Cache timing attacks on virtualized servers; analysis and countermeasures.

Candidates should have a degree in electronics or computer science with strong interest in algorithms and signal processing. Prior experience in side channel analysis and embedded software or hardware design is an asset. We offer a competitive salary and an international cutting-edge research program in an attractive working environment.

WPI is one of the highest-ranked technical colleges in the US. Located in the greater Boston area, it maintains close interaction with many of the nearby universities and companies.

06:42 [Job][New] Ph.D. Research Training Group, Horst Görtz Institute for IT-Security, Ruhr-University Bochum, Germany


The Horst Görtz Institute for IT-Security (HGI) at Ruhr-University Bochum is one of Europe’s leading research centers in IT security. The DFG, or German Research Foundation, awarded more than €4 million to the HGI for the establishment of the interdisciplinary research training group “New Challenges for Cryptography in Ubiquitous Computing”. We are looking for candidates with outstanding Master/Diplom in the fields of computer science, electrical engineering, mathematics or related areas.

The research training group will study problems which are fundamental for securing the Internet of Things. The research is structured in three levels: cryptographic primitives, device and system level. The research topics range from cryptographic foundations such as fully homomorphic encryption for privacy in cloud computing, over security for medical implants to internet security solutions involving new national ID cards. A central goal of the doctoral training is an interdisciplinary and structured education at the highest scientific level. Establishing networks to top internationally research groups is part of the training.

A group of internationally renowned researchers together with excellent funding provides an extremely interesting scientific environment. The HGI is known for its good working atmosphere.

  • Salary: TV-L 13 (approx. 2000€/month)
  • Limited: 2 years
  • Application: Send your documents by November 15, 2013, to grako (at)
  • Required Documents: CV, certificates, transcript (Master or Diplom), motivation for applying (1 page), names of at least two people who can provide reference letters (email addresses are sufficient)

06:49 [Job][New] Two faculty Positions in Computer Engineering, New York University Polytechnic School of Engineering, USA, North America

  New York University, one of the largest and most highly regarded private universities, is seeking to add several tenured/tenure-track faculty members to its Electrical and Computer Engineering (ECE) Department as part of a major multi-year growth phase.

The faculty and students of the school are at the forefront of the high-tech start-up culture in New York City and have access to world-class research centers in cyber security ( and wireless communications (, among other areas. We enjoy close collaborations with the Langone School of Medicine, the Courant Institute and other schools of NYU. The ECE Department invites outstanding applications for tenure-track or tenured faculty appointments in all areas of ECE, with particular emphasis on Computer Engineering and RF/Analog Circuits. Candidates with a strong record of interdisciplinary research and funding in emerging areas are preferred. Candidates must have a PhD degree in ECE or related discipline and must have the ability to develop and lead high-quality research and attract external funding. Applicants should include a cover letter, current resume, research and teaching statements, and letters from at least three references. All application materials should be submitted electronically.

Applications received by January 17, 2014 will receive full consideration. NYU is an affirmative action, equal opportunity employer.

06:49 [Job][New] Junior Researcher, Senior Researcher, Charles University, Prague, Czech Republic

  We are seeking for up to three researchers who would

  • Conduct research in any area of mathematical cryptology

  • Supervise minor and major theses

  • Organize student seminars

Junior research position.

The length of this contract is for up to three years. A subsequent application for a tenure track position is possible. Applications will be accepted up to January 31, 2014. Results will be announced by the end of March, 2014. The starting day is negotiable, but must be before October 1, 2014.

Senior research position.

The deadlines and the contract length are the same as in the case of Junior research position. Successful candidates may apply in the future for the position of Full or Associate Professor.

(An Assistant Professor position is available too, under different conditions. See a different call.)

Environment and mission

The school of mathematics has carried a program called Mathematical methods of information security for more than 10 years. The program is organized both at a bachelor level (3 years) and a master degree level (additional two years). Each of these levels is completed by both final exams and a minor thesis. Besides specifically cryptographic subjects the curriculum emphasizes mathematics that is relevant for cryptography (computer algebra, number theory, elliptic curves, complexity, probability).

The program produces 7-15 students a year, and their position at the job market seems to be very favorable. Our aim is to strengthen the research associated with this program. The criteria are the quality of the research program and the ability to involve students in research. Communication language is English (or Czech or Slovak).