International Association for Cryptologic Research

# IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-12-06
16:19 [Job][New]

The Information Security and Cryptography (IS&C) group at the Computer Science Department of Saarland University is currently offering several postdoc positions. The IS&C group is part of the Center for IT-Security, Privacy and Accountability (CISPA).

The IS&C group conducts research in various aspects of IT-security, privacy, and cryptography. Topics of particular interest include, but are not limited to:

• design and formal verification of security protocols, programs, and architectures,
• privacy enhancing technologies in a broad sense, e.g., privacy in data acquisition,

processing, and publishing,

• network and operating systems security,
• web security,
• reliability, accountability and trust,
• cryptography,
• as well cross-cutting disciplines such as usability and social aspects in this research field.

Positions are being offered for two years, with the possibility of renewal for another year. Postdoc applicants are required to hold a doctoral degree in computer science or a closely related area, or have it completed at the time of taking up the position. We expect successful applicants to have a strong background in one or more of the aforementioned research topics, and to maintain an outstanding academic track record. The working and teaching language is English.

Application Instructions

Applications should contain a CV, copies of transcripts, certificates, as well as a research statement and two references. Applications will be accepted for evaluation until the positions have been filled. Please send your application to Michael Backes via e-mail.

09:52 [Job][New]

The Laboratory of Algorithmics, Cryptology and Security (LACS) of the University of Luxembourg is looking a Ph.D. student in lightweight cryptography. The successful candidate will contribute to a research project entitled \\\"Applied Cryptography for the Internet of Things (ACRYPT),\\\" which is funded by the Fonds National de la Recherche (FNR). The ACRYPT project is led by Prof. Alex Biryukov and has started in July 2013.

Candidates are expected to hold an M.Sc. degree in computer science, electrical engineering, or applied mathematics with outstanding grades (GPA > 80%). Applications from M.Sc. students who will graduate in spring 2014 will also be considered. A solid background in algorithms and data structures, discrete mathematics, probability theory and statistics, software development, computer architecture, and information security is a general requirement to qualify for a Ph.D. position in LACS. Hands-on experience in hardware design (VHDL, SystemC) or programming of embedded systems (AVR, MSP430, ARM, etc.) is a plus. Candidates with an interest to conduct research in one of the following areas are particularly encouraged to apply:

• Design and analysis of symmetric cryptographic primitives
• Efficient implementation of cryptosystems in HW and/or SW
• Side-channel attacks and countermeasures

The Ph.D. position is initially available for three years, but an extension to a fourth year is possible. LACS offers excellent working conditions in an attractive research environment and a competitive salary (> 2000€ net). Interested candidates are invited to submit their application by email to lacs.acrypt(at)gmail.com. The application material should contain a cover letter explaining the candidate\\\'s motivation and research interests, a CV (including detailed information about the obtained degrees and overall GPA in both the undergraduate and graduate program), as well as a transcript of courses and grades. A

2013-12-04
15:40 [Job][New]

The Laboratory of Algorithmics, Cryptology and Security (LACS) of the University of Luxembourg is looking for two Ph.D. students in cryptography and IT security. The successful candidate for the first position will contribute to a research project entitled \\\"Applied Cryptography for the Internet of Things (ACRYPT)\\\", which is funded by the Fonds National de la Recherche (FNR). The second Ph.D. position can be in any area of research in which LACS is currently engaged (e.g. applied cryptography, network security, anonymity and privacy) and candidates are invited to submit their own proposals for possible projects.

Candidates are expected to hold an M.Sc. degree in computer science, electrical engineering, or applied mathematics with outstanding grades (GPA > 80%). A solid background in algorithms and data structures, discrete mathematics, probability theory and statistics, software development, computer architecture, and information security is a general requirement to qualify for a Ph.D. position in LACS. Hands-on experience in hardware design (VHDL, SystemC) or programming of embedded systems (AVR, MSP430, ARM, etc.) is an asset for the Ph.D. position related to the ACRYPT project. Candidates with an interest to conduct research in one of the following areas are particularly encouraged to apply:

• Design and analysis of symmetric cryptographic primitives
• Efficient implementation of cryptosystems
• Side-channel attacks and countermeasures

Both Ph.D. positions are initially offered for three years, but an extension to a fourth year is possible. LACS offers excellent working conditions in an attractive research environment and a competitive salary (> 2000 Euro net). Interested candidates are invited to submit their application by email to lacs.acrypt (at) gmail.com. The application material should contain a cover letter explaining the candidate\\\'s motivation and research interests, a CV (including deta

08:57 [Event][New]

Submission: 24 February 2014
From August 27 to August 29
Location: Hirosaki, Japan

08:57 [Event][New]

Submission: 24 March 2014
From January 1 to January 31

2013-12-03
12:41 [PhD][New]

Name: Nicolas Moro
Topic: Complex security strategies for secure embedded circuits
Category: implementation

Description: This thesis aims at defining software-level countermeasures against fault attacks on an up-to-date microcontroller. To perform such an analysis, this thesis relies on a hardware-level attacker\'s fault model. This fault model is obtained by using an electromagnetic fault injection experimental process.[...]

12:41 [PhD][New]

Name: Amitabh Das
Topic: Differential Scan-Based Side-Channel Attacks and Countermeasures
Category: implementation

Description: Cryptographic circuits are vulnerable to various side-channel attacks that target their hardware implementations to extract secret information stored inside them. One such side-channel is the scan chain based Design-for-Test (DfT) infrastructure employed for thorough and faster testing of VLSI circuits. Removing the connectivity of scan chains after manufacturing test prevents such attacks, but also makes in-field test and updates of the circuits impossible. In some applications, such as set-top box decoders, the firmware updates happen through the JTAG port internally connected to the scan chains. Hence, scan chains must be left intact and at the same time protected from these attacks. Moreover, the cost in terms of area and test time overhead must be kept to a minimum to make it feasible to incorporate the security mechanism on a reasonably priced commercial product.This work first investigates the scan attack vulnerability of symmetric-key and public-key hardware implementations, and then presents suitable countermeasures to address the aforementioned trade-off between testability, security and test cost. \r\n\r\nThe thesis first presents scan attacks on hardware implementations of the symmetric-key block cipher AES and the public-key ciphers RSA and ECC in the presence of advanced DfT structures such as test compression and X-handling schemes. In addition, state-of-the-art power analysis side-channel and fault attack countermeasures are analyzed to evaluate whether they are suitable in warding off scan attacks. The thesis also investigates the practical security provided by various scan attack countermeasures (such as partial scan and scan chain scrambling) thatare proposed in the literature. At the algorithmic level, blinding and randomization based schemes that protect against Differential Power Analysis (DPA) attacks are shown to be secure against scan attacks, whereas countermeasures against Simple Power Analysis (SPA) and Fault Attacks are found to be inef[...]

11:22 [PhD][Update]

Name: Daniel Wichs
Topic: Cryptographic Resilience to Continual Information Leakage
Category:foundations

Description: In this thesis, we study the question of achieving cryptographic security on devices that leak information about their internal secret state to an external attacker. This study is motivated by the prevalence of side-channel attacks, where the physical characteristics of a computation (e.g. timing, power-consumption, temperature, radiation, acoustics, etc.) can be measured, and may reveal useful information about the internal state of a device. Since some such leakage is inevitably present in almost any physical implementation, we believe that this problem cannot just be addressed by physical countermeasures alone. Instead, it should already be taken into account when designing the mathematical speci cation of cryptographic primitives and included in the formal study of their security. In this thesis, we propose a new formal framework for modeling the leakage available to an attacker. This framework, called the continual leakage model, assumes that an attacker can continually learn arbitrary information about the internal secret state of a cryptographic scheme at any point in time, subject only to the constraint that the rate of leakage is bounded. More precisely, our model assumes some abstract notion of time periods. In each such period, the attacker can choose to learn arbitrary functions of the current secret state of the scheme, as long as the number of output bits leaked is not too large. In our solutions, cryptographic schemes will continually update their internal secret state at the end of each time period. This will ensure that leakage observed in di erent time periods cannot be meaningfully combined to break the security of the cryptosystem. Although these updates modify the secret state of the cryptosystem, the desired functionality of the scheme is preserved, and the users can remain oblivious to these updates. We construct signatures, encryption, and secret sharing/storage schemes in this model.[...]

11:19 [PhD][New]

Name: Aleksandar Kircanski
Topic: Cryptanalysis of Symmetric Cryptographic Primitives
Category: secret-key cryptography

Description: Symmetric key cryptographic primitives are the essential building blocks in modern information security systems. The security argument for the majority of such primitives in use is only a heuristic one and therefore their respective security evaluation continually remains an open question. In this thesis, we provide cryptanalytic results for several relevant cryptographic hash functions and stream ciphers.\r\n\r\nFirst, we provide results concerning two standardized cryptographic hash functions: HAS-160 and SM3. We develop a new heuristic for finding compatible differential paths and apply it to the the Korean hash function standard HAS-160. Our heuristic leads to a practical second order collision over all of the HAS-160 function steps, which is the first practical complexity distinguisher for this function. In case of SM3, which is a design that builds upon the SHA-2 hash, we study second order collision attacks on reduced-round versions and point out a structural slide-rotational property that exists in the function.\r\n\r\nNext, we examine the security of the following three stream ciphers: Loiss, SNOW 3G and SNOW 2.0. By exploiting the differential properties of a particular component utilized in the Loiss cipher, we provide a key-recovery attack of practical complexity on Loiss in the related-key model. SNOW 3G stream cipher is used in 3rd Generation Partnership Project (3GPP) and the SNOW 2.0 cipher is an ISO/IEC standard (IS 18033-4). For both of these ciphers,we show that the initialization procedure admits a sliding property, resulting in several sets of related-key pairs. Our investigation leads to related-key key recovery attacks against SNOW 2.0 with 256-bit keys.\r\n\r\nFinally, we provide differential fault analysis attacks against two stream ciphers: HC-128 and Rabbit. In this type of attacks, the attacker is assumed to have physical influence over the device that performs the encryption and is able to introduce random faults into the computational p[...]

07:17 [Pub][ePrint]

Proofs of computational effort were devised to control denial of service attacks.

Dwork and Naor (CRYPTO \'92), for example, proposed to use such proofs to discourage spam.

The idea is to couple each email message with a proof of work that demonstrates the sender performed some computational task.

A proof of work can be either CPU-bound or memory-bound. In a CPU-bound proof, the prover must

compute a CPU-intensive function that is easy to check by the verifier. A memory-bound proof, instead, forces the prover to access the main memory several times, effectively replacing

CPU cycles with memory accesses.

In this paper we put forward a new concept dubbed {\\em proof of space}. To compute such a proof, the prover must use a specified amount of space, i.e., we are not interested in the number of accesses to the main memory (as in memory-bound proof of work) but rather on the amount of actual memory the prover must employ to compute the proof.

We give a complete and detailed algorithmic description of our model. We develop a full theoretical analysis which uses combinatorial tools from Complexity Theory (like pebbling games) which are essential in studying space lower bounds.

We remark that a similar concept

has recently been described by Dziembowski et al. (Workshop held in Warsaw, 2013), however their proof-of-space paradigm

is more in line with memory-bound proof of work since the prover can trade off space with computation while our definition disallow this prospect.

07:17 [Pub][ePrint]

We present two hierarchical identity-based encryption (HIBE) schemes, denoted as $\\ahibe$ and $\\hibe$,

from Type-3 pairings with constant sized ciphertexts. Scheme $\\ahibe$ is anonymous and $\\hibe$ is non-anonymous.

The constructions are obtained by extending the IBE scheme recently proposed by Jutla and Roy (Asiacrypt 2013).

Security is based on the standard decision Symmetric eXternal Diffie-Hellman (SXDH) assumption. In terms of provable

security properties, all previous

constructions of constant-size ciphertext HIBE schemes had one or more of the following drawbacks: secure in the weaker model of

selective-identity attacks; exponential security degradation in the depth of the HIBE; and use of non-standard assumptions.

The security arguments for $\\ahibe$ and $\\hibe$ avoid all of these drawbacks. Along with theoretically satisfying security,

the parameter sizes and efficiencies of the different algorithms of the two schemes compare very well with all previously known

constructions. Based on currently known techniques, $\\ahibe$ and $\\hibe$ fill an

important gap in the state-of-the-art on efficient (anonymous) HIBE constructions.