International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-11-28
13:44 [Event][New]

Submission: 3 March 2014
From June 5 to June 6
Location: Moscow, Russia

2013-11-26
10:25 [Event][New]

Submission: 3 February 2014
From July 19 to July 22
Location: Vienna, Austria

10:24 [Job][New]

A 4 year position as Senior Assistant (postdoc) is available at the Mathematics Department in Neuchatel (Switzerland). Little teaching duties (in French). Preference will be given to candidates who reinforce one of the research directions of the department (among which we have coding theory and cryptography). The starting date is Aug-Sept 2014.

Further information soon available at http://www2.unine.ch/sciences/cms/op/edit/lang/fr/emploi

10:23 [Job][New]

The Information Security Group at Royal Holloway, University of London is seeking to recruit a post-doctoral research assistant to work in the area of “Cryptography: Bridging Theory and Practice”. The position is available immediately and will run until February 28th 2015.

The post-doc will join a team of post-docs and PhD students working under the leadership of Prof. Kenny Paterson. The aim of the project is to find weaknesses in cryptographic specifications and implementations, to understand how these weaknesses can be addressed in practical ways, and to develop extensions of current cryptographic theory that permit more realistic modelling of cryptographic primitives as they are used in fielded systems. The position will also involve activities designed to engage both the theory community and practitioners in the research.

Applicants should have already completed, or be close to completing, a PhD in a relevant discipline. Applicants should have an outstanding research track record in Cryptography, in either theoretical or applied aspects of the subject, and, ideally, in both aspects. Applicants should be able to demonstrate scientific creativity, research independence, and the ability to communicate their ideas effectively in written and verbal form.

Salary is in the range £32,862 to £34,724 per annum inclusive of London Allowance

Informal enquiries can be made to Kenny Paterson at kenny.paterson (at) rhul.ac.uk.

To view further details of this post and to apply please visit http://www.rhul.ac.uk/aboutus/jobvacancies/home.aspx . The RHUL Recruitment Team can be contacted with queries by email at: recruitment (at) rhul.ac.uk or via telephone on: +44 (0)1784 41 4241.

Closing Date: Midnight, Sunday 22nd December 2013

Interview Date: To be confirmed

08:03 [News]

The Ethics Committee of the IACR is responsible for providing recommendations to editors, program chairs, program-committee members, and reviewers concerning fairness and ethical aspects of all matters under the influence of the IACR, such as its operations, its events, and its publications.

The mission of the Ethics Committee is described in the "IACR Policy for the Ethics Committee", available at http://www.iacr.org/docs/

The Ethics committee has discussed only a handful of cases in 2013. In the interest of raising awareness for ethical matters among the researchers in cryptology, the Ethics Committee may occasionally inform the IACR members about its work. An account of one case follows.

A team of authors submitted a paper to a non-IACR conference in the field of cryptology and information security. After submitting the work, the authors developed their method further and discovered other ways to attack the problem. Before receiving an acceptance or rejection notification from the conference, the authors had written another paper on the second method and submitted this to a second conference, this one sponsored by the IACR. The second paper did not cite or mention the first paper.

Some reviewers in the overlap of the two program committees spotted a similarity of the works, and, in line with the IACR Policy on Irregular Submissions, they shared this information with the program chairs of the two venues. The program chair of the first conference then rejected the first paper declaring that it was a "potential double submission" and informed the program chair of the IACR conference about this. The authors then reached out to the IACR Ethics Committee and explained their case. They wanted to obtain a clarification that there was no double submission.

The Ethics Committee reviewed the situation and examined the submitted papers superficially. The committee then concluded that there was no obvious case of "parallel submissions" as described in the IACR Policy and that the second paper should enter the regular reviewing process of the IACR conference. The committee also remarked that it cannot make any statement towards the first conference because it is not an IACR venue. To the committee, it seemed that there was a misunderstanding because the existence and nature of technical links between the contributions of the two papers were not mentioned by the authors.

Last but not least, the committee recommended to the authors that, in the interest of being transparent in scientific work, authors should always cite existing known related work, even when a new contribution would not directly build on it. Furthermore, considering the delicate issues around double submissions, this point was particularly important with related work from the same authors.

#### IACR Ethics Committee (2013)

• Josh Benaloh
• Thomas Berson
• Christian Cachin (chair)

07:58 [Event][New]

Submission: 14 April 2014
From September 3 to September 5
Location: Amalfi, Italy

2013-11-25
22:17 [Pub][ePrint]

The authenticated encryptions which resist misuse of initial value (or nonce) at some desired level of privacy are two-pass or Mac-then-Encrypt constructions (inherently inefficient but provide full privacy) and online constructions, e.g., McOE, sponge-type authenticated encryptions (such as duplex, AEGIS) and COPA. Only the last one is almost parallelizable with some bottleneck in processing associated data. In this paper, {\\em we design a new online secure authenticated encryption, called \\tx{ELmE} or Encrypt-Linear mix-Encrypt, which is completely (two-stage) {\\bf parallel} (even in associated data) and {\\bf pipeline implementable}}. It also provides full privacy when associated data (which includes initial value) is not repeated. The basic idea of our construction and COPA are based on \\tx{EME}, an Encrypt-Mix-Encrypt type SPRP constructions (secure against chosen plaintext and ciphertext). Unlike \\tx{EME}, we consider (so does COPA) online computable {\\bf linear mixing}. In addition with getting rid of bottleneck, our construction optionally supports {\\bf intermediate tags} which can be verified faster with less buffer size. Intermediate tag provides security against block-wise adversaries which is meaningful in low-end device implementation.

22:17 [Pub][ePrint]

We present a new Cryptographically Secure Pseudo-Random Number Generator. It uses permutations as its internal state, similarly to the RC4 stream cipher. We describe a statistical test which revealed non-random patterns in a sample of $2^{16.6}$ outputs of a 3-bit RC4.

Our new algorithm produced $2^{46.8}$ undistinguishable from random 3-bit outputs in the same test. We probed $2^{51}$ outputs of the algorithm in different statistical tests with different word sizes

and found no way of distinguishing the keystream from a random source. The size of the algorithm\'s internal state is $2^{3424}$ (for an 8-bit implementation). The algorithm is cryptographically secure to the extent we were able to analyse it. Its design is simple and easy to implement. We present the generator along with a key scheduling algorithm processing both keys and initialization vectors.

22:17 [Pub][ePrint]

A $d$-broadcast primitive is a communication primitive that allows a

sender to send a value from a domain of size $d$ to a set of parties.

A broadcast protocol emulates the $d$-broadcast primitive using only

point-to-point channels, even if some of the parties cheat, in

the sense that all correct recipients agree on the same value $v$

(consistency), and if the sender is correct, then $v$ is the value

sent by the sender (validity). A celebrated result by Pease, Shostak

and Lamport states that such a broadcast protocol exists if and only if $t 3$ no broadcast amplification

is possible, i.e., $\\phi_n(d)=d$ for any $d$.

However, if other parties than the sender can also broadcast some

short messages, then broadcast amplification is possible for

\\emph{any}~$n$. Let $\\phi^*_n(d)$ denote the minimal $d\'$ such that

$d$-broadcast can be constructed from primitives $d\'_1$-broadcast,

\\ldots, $d\'_k$-broadcast, where $d\'=\\prod_i d\'_i$ (i.e., $\\log d\'=\\sum_i \\log d\'_i$). Note that $\\phi^*_n(d)\\leq\\phi_n(d)$.

We show that broadcasting $8n\\log n$ bits in

total suffices, independently of $d$, and that at least $n-2$ parties,

including the sender, must broadcast at least one bit. Hence

$\\min(\\log d,n-2) \\leq \\log \\phi^*_n(d) \\leq 8n\\log n$.

22:17 [Pub][ePrint]

Template attacks remain a powerful side-channel technique to

eavesdrop on tamper-resistant hardware. They model the probability

distribution of leaking signals and noise to guide a

search for secret data values. In practice, several numerical

obstacles can arise when implementing such attacks

with multivariate normal distributions.

We propose

efficient methods to avoid these. We also demonstrate how to achieve

significant performance improvements, both in terms of information

extracted and computational cost, by pooling covariance estimates

across all data values. We provide a detailed and systematic

overview of many different options for implementing such

attacks. Our experimental evaluation of all these methods based on

measuring the supply current of a byte-load instruction executed in

an unprotected 8-bit microcontroller leads to practical guidance for

choosing an attack algorithm.

22:17 [Pub][ePrint]

In this paper, we design a novel one-way trapdoor function, and then propose a new multivariate public key cryptosystem called $\\rm TOT$, which can be used for encryption, signature and authentication. Through analysis, we declare that $\\rm TOT$ is secure, because it can resist current known algebraic attacks if its parameters are properly chosen. Some practical implementations for $\\rm TOT$ are also given, and whose security level is at least $2^{90}$. The comparison shows that $\\rm TOT$ is more secure than $\\rm HFE$, $\\rm HFEv$ and $\\rm Quartz$ (when $n \\ge 81$ and $D_{HFE} \\ge 129$, $\\rm HFE$ is still secure), and it can reach almost the same speed of computing the secret map by $\\rm C^\\ast$ and $\\rm Sflash^{v2}$ (even though $\\rm C^\\ast$ was broken, its high speed has been affirmed).