International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-02-21
19:17 [Pub][ePrint] Breaking `128-bit Secure\' Supersingular Binary Curves (or how to solve discrete logarithms in $\\F_{2^{4 \\cdot 1223}}$ and $\\F_{2^{12 \\cdot 367}}$), by Robert Granger and Thorsten Kleinjung and Je

  In late 2012 and early 2013 the discrete logarithm problem (DLP) in finite fields of small characteristic underwent a dramatic series of breakthroughs, culminating in a heuristic quasi-polynomial time algorithm, due to Barbulescu, Gaudry, Joux and Thom\\\'e. Using these developments, Adj, Menezes, Oliveira and Rodr\\\'iguez-Henr\\\'iquez analysed the concrete security of the DLP, as it arises from pairings on (the Jacobians of) various genus one and two supersingular curves in the literature. At the $128$-bit security level, they suggested that the new algorithms have no impact on the security of a genus one curve over $\\F_{2^{1223}}$, and reduce the security of a genus two curve over $\\F_{2^{367}}$ to $94.6$ bits. In this paper we propose a new field representation and efficient descent principles, which together demonstrate that the new techniques can be made practical at the 128-bit security level. In particular, we show that the aforementioned genus one curve offers only $59$ bits of security, and we report a total break of the genus two curve. Since these techniques are widely applicable, we conclude that small characteristic pairings should henceforth be considered completely insecure.





2014-02-19
12:30 [Job][New] cryptologic product development team members and leads, TECHNA, Kolkata India

  TECHNA, an American company is collaborating with ISI faculty to create a range of cybersecurity products using cryptology/cryptography

12:27 [Event][New] ACM TECS: ACM TECS: Embedded Platforms for Cryptography in the Coming Decade

  Submission: 1 July 2014
Notification: 1 October 2014
From July 1 to July 1
More Information: http://acmtecs.acm.org/special-issues/14/embcrypt2014.html




2014-02-18
15:48 [Job][New] Lecturer/Associate Professor/Researcher in Cryptology and Security, Hangzhou Normal University, China, Pacific Area

  The group for Cryptography and Network Security at Hangzhou Normal University, China chaired by Prof. Dr. Qi Xie is looking for two faculty members with strong crypto/security background. Candidates should have a PhD degree in mathematics, computer science, or related disciplines, be highly motivated with strong R&D capability and also a good team player, have good presentation and communication skills, be able to perform deep system-level investigations of security mechanisms. The candidates are expected to publish high-quality papers OR develop security-related projects. Any prior experience in e-health or WSN/VANETs security is certainly an asset..

Interested candidates please send CV to Shengbao Wang {shengbaowang (at) hznu.edu.cn}. The positions offer a competitive salary. All candidates will be contacted for further infomation.



2014-02-17
06:27 [Event][New] NSS 2014: The 8th International Conference on Network and System Security

  Submission: 8 April 2014
Notification: 10 June 2014
From October 15 to October 17
Location: Xi'an, China
More Information: http://anss.org.au/nss2014/index.htm




2014-02-16
22:17 [Pub][ePrint] Quantum position verification in the random oracle model, by Dominique Unruh

  We present a quantum position verification scheme in the random oracle model. In contrast to prior work, our scheme does not require bounded storage/retrieval/entanglement assumptions. We also give an efficient position-based authentication protocol. This enables secret and authenticated communication with an entity that is only identified by its position in space.



16:17 [Pub][ePrint] Halka: A Lightweight, Software Friendly Block Cipher Using Ultra-lightweight 8-bit S-box, by Sourav Das

  This paper presents the design of a lightweight, yet software friendly, block cipher. Most of the lightweight block ciphers are nibble-oriented as the implementation of a 4-bit S-box is much more compact than an 8-bit S-box. This paper uses a novel implementation of multiplicative inverse for 8-bit S-boxes using LFSR requiring only 138 gate-equivalent. With this powerful scheme, we design a lightweight block cipher competitive with existing standards in terms of hardware gate equivalent first time using an 8-bit S-box.



16:17 [Pub][ePrint] A Note on the CLRW2 Tweakable Block Cipher Construction, by Gordon Procter

  In this note, we describe an error in the proof for CLRW2 given by Landecker et al. in their paper at CRYPTO 2012 on the beyond-birthday-bound security for tweakable block ciphers.

We are able to resolve the issue, give a new bound for the security of CLRW2, and identify a potential limitation of this proof technique when looking to extend the scheme to provide asymptotic security.



16:17 [Pub][ePrint] Polynomial Time Attack on Wild McEliece Over Quadratic Extensions, by Alain Couvreur and Ayoub Otmani and Jean-Pierre Tillich

  We present a polynomial time structural attack against the McEliece system based on Wild Goppa codes from a quadratic finite field extension. This attack uses the fact that such codes can be distinguished from random codes to compute some filtration, that is to say a family of nested subcodes which will reveal their secret algebraic description.



16:17 [Pub][ePrint] Secure Compression: Theory \\& Practice, by James Kelley and Roberto Tamassia

  Encryption and compression are frequently used together in both network and storage systems, for example in TLS. Despite often being used together, there has not been a formal framework for analyzing these combined systems; moreover, the systems are usually just a simple chaining of compression followed by encryption. In this work, we present the first formal framework for proving security in combined compression-encryption schemes and relate it to the traditional notion of semantic security. We call this entropy-restricted semantic security. Additionally, we present a new, efficient cipher, called the squeeze cipher, that combines compression and encryption into a single primitive and provably achieves our entropy-restricted security.



16:17 [Pub][ePrint] Prover Anonymous and Deniable Distance-Bounding Authentication, by Sebastien Gambs and Cristina Onete and Jean-Marc Robert

  In distance-bounding authentication protocols, a verifier confirms that a prover is (1) legitimate and (2) in the verifier\'s proximity. Proximity checking is done by running time-critical exchanges between both parties. This enables the verifier to detect relay attacks (a.k.a. mafia fraud). While most distance-bounding protocols

offer resistance to mafia and distance fraud as well as to impersonation attacks, only few protect the privacy of the authenticating prover.

One exception is the protocol due to Hermans, Peeters, and Onete developed in 2013, which offers strong privacy guarantees with respect to a Man-in-the-Middle adversary. However, this protocol provides no privacy guarantees for the prover with respect to a malicious verifier, who can fully identify the prover. Having in

mind possible verifier corruption or data leakage from verifiers to a centralized server, we suggest that stronger privacy properties are needed.

In this paper, we propose an efficient distance-bounding protocol that gives strong prover privacy guarantees even with respect to the verifier or to a centralized back-end server, storing prover information and managing revocation and registration. Specifically, we formally model and define prover anonymity, a property guaranteeing that verifiers infer only the legitimacy of the prover but not his identity, and deniability, which ensures that the back-end server cannot distinguish prover behavior from malicious verifier behavior (i.e., provers can deny that they authenticated). Finally, we present an efficient protocol that achieves these strong guarantees, give exact bounds for each of its security properties, and prove these statements formally.