International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-12-27
13:37 [Job][New] Research Fellow, University of Tartu, Estonia

  Coding and Cryptography Group at the University of Tartu, Estonia, is looking for a research fellow for a project on design and decoding of LDPC codes. The ideal candidate will have strength in one or more of the following areas:

• LDPC codes and iterative decoding algorithms

• Optimization methods applied to error correction

• Mathematical foundations of coding theory

• Any area related to coding theory

The project is a collaboration with the University of Bergen, Norway, and the University of Valladolid, Spain. Salary is at least 2000 euro per month before taxes plus social benefits, depending on qualification and experience. Some travel money will also be provided. Cost of living in Estonia is quite low, see e.g. http://www.expatistan.com/cost-of-living. Employment contract is for two years.

A successful candidate should:

• Hold a Ph.D. degree

• Have a strong background in coding theory or a related field

• Have an international publication record at outstanding venues

To apply, please submit the following documents (by email):

• Application letter

• Research statement

• Curriculum vitae

• Publication list

• Document about academic degree, if available

• Two letters of reference (make sure they reach us by the application deadline)

Deadline for applications: 1 February 2014

Do not hesitate to contact us in case of questions.





2013-12-20
16:48 [Job][New] Fully funded Ph.D., Ecole normale supérieure (Paris Area, France)

  The objective of this thesis is the forensic reconstruction of partially erased data of various types. The problem that we will tackle is formalized as follows: We consider a data object instance as the result of a function F(t,r) where t encodes the objet type and r is a random number. The OS can create objects, erase them or update them. Erasure is done by forgetting the object’s reference and hence implicitly recycling the space on which it was written. The problem consists in reconstructing algorithmically erased data objects of various types and modeling the conditions under which various assortments of types subject to a given number of rewriting cycles can still be recovered. The methods that will be developed will subsequently be applied to iOS and Android.

The candidate should have solid programming and algorithmic skills. Prior knowledge of reverse engineering tools such as IDA Pro is a plus. The candidate will interact with zero-day exploit hunters and physical reverse engineering experts and will have access to very advanced computing and forensic facilities. This proposal is reserved to French nationals only and is fully funded.

Interested candidates should contact directly david.naccache (at) ens.fr

16:17 [Pub][ePrint] Multiple-Use Transferable E-Cash , by Pratik Sarkar

  Ecash is a concept of electronic cash which would allow users to carry money in form of digital coins. Transaction can be done both offline and online in absence of a third party/financial institution. This paper proposes an offline model which supports multiple usage of transferable ecoin. The protocol is based on RSA, digital signature and a two-step encryption process. In this two step encryption, the user account details are encrypted in the coin using unique numbers in each step. The first encryption takes place during the successful receipt of the coin, where a receive end number is used for encryption,which is unique for every receipt. The second step of encryption takes place during successful spending of the coin,where a spending end receive number is used for encryption, which is unique for every spenfing of the coin. These two unique numbers comprise the major part of encryption in this model, prevents double spending and preserves user anonymity.



16:17 [Pub][ePrint] Weaknesses in a Recently Proposed RFID Authentication Protocol, by Mete Akg\\\"{u}n, M. Ufuk \\c{C}a\\v{g}layan

  Many RFID authentication protocols have been proposed to provide desired security and privacy level for RFID systems. Almost all of these protocols are based symmetric cryptography because of the limited resources of RFID tags. Recently Cheng et. al have been proposed an RFID security protocol based on chaotic maps. In this paper, we analyze the security of this protocol and discover its vulnerabilities. We firstly present a de-synchronization attack in which a passive adversary makes the shared secrets out-of-synchronization by eavesdropping just one protocol session. We secondly present a secret disclosure attack in which a passive adversary extracts secrets of a tag by eavesdropping just one protocol session. An adversary having the secrets of the tag can launch some other attacks.



16:17 [Pub][ePrint] Tightly-Secure Signatures From Lossy Identification Schemes, by Michel Abdalla and Pierre-Alain Fouque and Vadim Lyubashevsky and Mehdi Tibouchi

  In this paper we present three digital signature schemes with tight security reductions. Our first signature scheme is a particularly efficient version of the short exponent discrete log based scheme of Girault et al. (J. of Cryptology 2006). Our scheme has a tight reduction to the decisional Short Discrete Logarithm problem, while still maintaining the non-tight reduction to the computational version of the problem upon which the original scheme of Girault et al. is based. The second signature scheme we construct is a modification of the scheme of Lyubashevsky (Asiacrypt 2009) that is based on the worst-case hardness of the shortest vector problem in ideal lattices. And the third scheme is a very simple signature scheme that is based directly on the hardness of the Subset Sum problem.

We also present a general transformation that converts what we term lossy identification schemes into signature schemes with tight security reductions. We believe that this greatly simplifies the task of constructing and proving the security of

such signature schemes.





2013-12-18
15:08 [Job][New] Post-Doc, EPFL, Switzerland

  The Laboratory for Security and Cryptography (LASEC) at EPFL is hiring a post doctoral researcher. Applicants are encouraged to apply to job_lasec (at) epfl.ch by sending a detailed CV and a research plan.

LASEC is active in research on cryptography and security. More specifically, our main interests currently span (but are not limited to) the following:

  • hardware implementation and embedded systems,

  • homomorphic and functional encryption,

  • provable security.

We strongly encourage the application by researchers who have proved

excellence in one of these domains.

The selection of applicants will be made on a competitive basis.

Besides conducting top-quality research, postdocs are required to

participate the the lab activities such as training students at all levels,

running projects, fund raising, etc.

EPFL is a top-ranked research and teaching institution that attracts

some of the best intellects in the world. EPFL offers excellent

facilities, environment, and salaries. EPFL\\\'s campus is a multi

cultural, idyllic spot overlooking Lake Geneva and facing the Alps.

Information about EPFL: http://www.epfl.ch

08:54 [Job][New] 3 Phd Students in Trustworthy Hardware/Hardware Security, New York University Polytechnic School of Engineering, USA, North America

  3 PhD Fellowships in the area of hardware Security. A strong background in VLSI Design, Nano-electronics. VLSI Testing, Reliability, Security. Highly competitive, 4-year guaranteed fellowships are available.





2013-12-17
19:17 [Pub][ePrint] Automatic Search for Differential Trails in ARX Ciphers (Extended Version), by Alex Biryukov and Vesselin Velichkov

  We propose a tool for automatic search for differential trails in ARX ciphers. By introducing the concept of a partial difference distribution table (pDDT) we extend Matsui\'s algorithm, originally proposed for DES-like ciphers, to the class of ARX ciphers. To the best of our knowledge this is the first application of Matsui\'s algorithm to ciphers that do not have S-boxes. The tool is applied to the block ciphers TEA, XTEA, SPECK and RAIDEN. For RAIDEN we find an iterative characteristic on all 32 rounds that can be used to break the full cipher using standard differential cryptanalysis. This is the first cryptanalysis of the cipher in a non-related key setting. Differential trails on 9, 10 and 13 rounds are found for SPECK32, SPECK48 and SPECK64 respectively. The 13 round trail covers half of the total number of rounds. These are the first public results on the security analysis of SPECK. For TEA multiple full (i.e. not truncated) differential trails are reported for the first time, while for XTEA we confirm the previous best known trail reported by Hong et al. We also show closed formulas for computing the exact additive differential probabilities of the left and right shift operations. The source code of the tool is publicly available as part of a larger toolkit for the analysis of ARX at the following address: https://github.com/vesselinux/yaarx .



16:17 [Pub][ePrint] Detecting Hidden Leakages, by Amir Moradi and Sylvain Guilley and Annelie Heuser

  Reducing the entropy of the mask is a technique which has been proposed to mitigate the high performance overhead of masked software implementations of symmetric block ciphers. Rotating S-box Masking (RSM) is an example of such schemes applied to AES with the purpose of maintaining the security at least against univariate first-order side-channel attacks. This article examines the vulnerability of a realization of such technique using the side-channel measurements publicly available through DPA contest V4. Our analyses which focus on exploiting the first-order leakage of the implementation discover a couple of potential attacks which can recover the secret key. Indeed the leakage we exploit is due to a design mistake as well as the characteristics of the implementation platform, none of which has been considered during the design of the countermeasure (implemented in naive C code).



16:17 [Pub][ePrint] A Study of Goldbach\'s conjecture and Polignac\'s conjecture equivalence issues, by Jian Ye and Chenglian Liu

  The famous Goldbach\'s conjecture and Polignac\'s conjecture are two of all unsolved problems in the field of number theory today. As well known, the Goldbach\'s conjecture and the Polignac\'s conjecture are equivalent. Most of the literatures does not introduce about internal equivalence in Polignac\'s conjecture. In this paper, we would like to discuss the internal equivalence to the Polignac\'s conjecture, say $T_{2k}(x)$ and $T(x)$ are equivalent. Since $T_{2k}\\sim T(x)\\sim 2c\\cdot \\frac{x}{(\\ln x)^{2}}$, we rewrite and re-express to $T(x)\\sim T_{4}(x)\\sim T_{8}(x)\\sim T_{16}(x)\\sim T_{32}(x)\\sim T_{2^{n}}(x)\\sim 2c\\cdot \\frac{x}{(\\ln x)^{2}}$. And then connected with the Goldbach\'s conjecture. Finally, we will point out the important prime number symmetry role of play in these two conjectures.



16:17 [Pub][ePrint] A generic view on trace-and-revoke broadcast encryption schemes, by Dennis Hofheinz and Christoph Striecks

  At Eurocrypt 2011, Wee presented a generalization of threshold public key encryption, threshold signatures, and revocation schemes arising from threshold extractable hash proof systems. In particular, he gave instances of his generic revocation scheme from the DDH assumption (which led to the Naor-Pinkas revocation scheme), and from the factoring assumption (which led to a new revocation scheme). We expand on Wee\'s work in two directions:

(a) We propose threshold extractable hash proof instantiations from the \"Extended Decisional Diffie-Hellman\" (EDDH) assumption due to Hemenway and Ostrovsky (PKC 2012). This in particular yields EDDH-based variants of threshold public key encryption, threshold signatures, and revocation schemes. In detail, this yields a DCR-based revocation scheme.

(b) We show that our EDDH-based revocation scheme allows for a mild form of traitor tracing (and, thus, yields a new trace-and-revoke scheme). In particular, compared to Wee\'s factoring-based scheme, our DCR-based scheme has the advantage that it allows to trace traitors.