International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

05:52 [Job][New] Summer Intern – Master\\\'s / Ph.D. student in Computer Science, Computer Engineering, or Applied Math, IBM Research – Almaden, 650 Harry Road, San Jose, CA 95120-6099, USA

  Design and develop security solutions utilizing vetted cryptographic primitives. Application areas include Internet of Things (IoT), sensors, cyber-physical systems, and cloud and cognitive computing. Architectures must meet security and privacy requirements that involve, in particular, device and/or user authentication/authorization under various constraints on connectivity, communications bandwidth, processing complexity, and power consumption.

An important aspect of this position entails porting [our] existing algorithms and code into ARM TrustZone and/or hardware so as to conform to design principles of conventional standardized APIs. 3+ years of coding experience in C/C++ is required. Proficiency in programming FPGAs is a definite plus, as is experience in JNI.

This is a 3-month position with flexible start/end dates during May - September 2014 time frame.

15:17 [Pub][ePrint] Dynamic Searchable Encryption via Blind Storage, by Muhammad Naveed and Manoj Prabhakaran and Carl A. Gunter

  Dynamic Searchable Symmetric Encryption allows a client to store a dynamic collection of encrypted documents with a server, and later quickly carry out keyword searches on these encrypted documents, while revealing minimal information to the server. In this paper we present a new dynamic SSE scheme that is simpler and more efficient than existing schemes while revealing less information to the server than prior schemes, achieving fully adaptive security against honest-but-curious servers.

We implemented a prototype of our scheme and demonstrated its efficiency on datasets from prior work. Apart from its concrete efficiency, our scheme is also simpler: in particular, it does not require the server to support any operation other than upload and download of data. Thus the server in our scheme can be based solely on a cloud storage service, rather than a cloud computation service as well, as in prior work.

In building our dynamic SSE scheme, we introduce a new primitive called Blind Storage, which allows a client to store a set of files on a remote server in such a way that the server does not learn how many files are stored, or the lengths of the individual files; as each file is retrieved, the server learns about its existence (and can notice the same file being downloaded subsequently), but the file\'s name and contents are not revealed. This is a primitive with several applications other than SSE, and is of independent interest.

15:17 [Pub][ePrint] Total Break of Zorro using Linear and Differential Attacks, by Shahram Rasoolzadeh and Zahra Ahmadian and Mahmood Salmasizadeh and Mohammad Reza Aref

  An AES-like lightweight block cipher, namely Zorro, was proposed in CHES 2013. While it has a 16-byte state, it uses only 4 S-Box per round. Its weak nonlinearity was widely criticized and caused serious vulnerabilities, insofar as it has been directly exploited in all the attacks reported by now, including the weak key, reduced round, and even full round attacks.

In this paper, based on some observations discovered by Wang et. al., we present new differential and linear attacks on Zorro, both of which recover the full secret key with practical complexity. These attacks are based on very efficient distinguishers that have only two active sboxes per four rounds. The time complexity of our differential and linear attacks are $2^{52.74}$ and $2^{57.85}$ and the data complexity are $2^{55.15}$ chosen plaintexts and $2^{45.44}$ known plaintexts, respectively. The results clearly show that the block cipher Zorro does not have enough security against differential and linear cryptanalysis.

15:17 [Pub][ePrint] Hybrid Model of Fixed and Floating Point Numbers in Secure Multiparty Computations, by Toomas Krips and Jan Willemson

  This paper develops a new hybrid model of floating point numbers suitable for operations in secure multi-party computations. The basic idea is to consider the significand of the floating point number as a fixed point number and implement elementary function applications separately of the significand. This gives the greatest performance gain for the power functions (e.g. inverse and square root), with computation speeds improving up to 18 times in certain configurations. Also other functions (like exponent and Gaussian error function) allow for the corresponding optimisation.

We have proposed new polynomials for approximation, and implemented and benchmarked all our algorithms on the Sharemind secure multi-party computation framework.

15:17 [Pub][ePrint] Optimizing Obfuscation: Avoiding Barrington\'s Theorem, by Prabhanjan Ananth and Divya Gupta and Yuval Ishai and Amit Sahai

  In this work, we seek to optimize the efficiency of secure general-purpose obfuscation schemes. We focus on the problem of optimizing the obfuscation of general Boolean formulas -- this corresponds to optimizing the \"core obfuscator\'\' from the work of Garg, Gentry, Halevi, Raykova, Sahai, and Waters (FOCS 2013), and all subsequent works constructing general-purpose obfuscators. This core obfuscator builds upon approximate multilinear

maps, where efficiency in proposed instantiations is closely tied to the maximum number of ``levels\'\' of multilinearity required. The most efficient previous construction of a core obfuscator, due to Barak, Garg, Kalai, Paneth, and Sahai (Eurocrypt 2014) required the maximum number of levels of multilinearity to be $\\Theta(\\ell s^{6.82})$, where $s$ is the size of the Boolean formula to be obfuscated, and $\\ell$ is the number of input bits to the formula. In contrast, our construction only requires the maximum number of levels of multilinearity to be $\\Theta(\\ell s)$. This results in significant improvements in both the total size of the obfuscation, as well as the running time of evaluating an obfuscated formula.

18:08 [Event][New] SECRYPT 2014: 11th International Conference on Security and Cryptography

  Submission: 15 April 2014
From September 2 to September 4
Location: Vienna, Austria
More Information:

18:08 [Job][New] Research Scientist, RSA Laboratories, Cambridge, MA, USA

  RSA Laboratories invites applications for a full staff position in the area of systems security, preferably by candidates demonstrating some expertise in data analysis for security. Both well-established scientists with strong research records and graduating PhDs of exceptional caliber are encouraged to apply.

Staff scientists will have an opportunity to blend academic research with leadership in architecting next-generation security systems together with RSA Engineering. Applicants should possess enthusiasm for both cutting-edge research and real-world deployment; also valuable are either implementation skills or a desire to work with development staff to create prototypes. A PhD in Computer Science or a closely related field is required, as is residence in or relocation to the Boston, MA area. To apply, please send a resume to labs_hiring (at) The review of applications will begin immediately and will continue until the position is filled.

RSA is the security division of EMC, the world leader in information infrastructure solutions. RSA Laboratories’ charter is to produce research with practical impact on the products and strategy of RSA and its parent company EMC and scholarly influence in the larger research community.

18:07 [Job][New] Internship, Security in Telecommunications, TU Berlin, Germany

  If you enjoy getting your hands dirty hacking Android code-base, this project is for you. The goal of the project is to extend an existing prototype implementation of a mobile honeypot running on a Samsung Galaxy SII Android phone with auditing capabilities to enable logging facilities for Android apps.

You will be working with a SGSII phone, coding mostly in C/C++. Knowledge of Java is beneficial. Since the prototype is running on top of a microkernel (Fiasco.OC), prior knowledge of virtualization architectures will be useful but can also be picked up during the course of the project. To apply, please email an updated CV/Resume to the email address below indicating in the body of the email why the project interests you. The internship will cover living costs for a student in Berlin.

18:17 [Pub][ePrint] Remarks on the Pocklington and Padr\\\'o-S\\\'aez Cube Root Algorithm in $\\mathbb F_q$, by Geon Heo and Seokhwan Choi and Kwang Ho Lee and Namhun Koo and Soonhak Kwon

  We clarify and generalize a cube root algorithm in $\\mathbb F_q$ proposed by Pocklington, and later rediscovered by Padr\\\'o and S\\\'aez. We correct some mistakes in the result of Padr\\\'o and S\\\'aez and give a full generalization of their result. We also give the comparison of the implementation of our proposed algorithm with two most popular cube root algorithms, namely the Adleman-Manders-Miller algorithm and the Cipolla-Lehmer algorithm. To the authors\' knowledge, our comparison is the first one which compares three fundamental algorithms together.

18:17 [Pub][ePrint] Secret-Sharing for NP from Indistinguishability Obfuscation, by Ilan Komargodski and Moni Naor and Eylon Yogev

  A computational secret-sharing scheme is a method that enables a dealer, that has a secret, to distribute this secret among a set of parties such that a \"qualified\" subset of parties can reconstruct the secret while any \"unqualified\" subset of parties cannot efficiently learn anything about the secret. The collection of \"qualified\" subsets is defined by a monotone Boolean function.

It has been a major open problem to understand which (monotone) functions can be realized by a computational secret-sharing schemes. Yao suggested a method for secret-sharing for any function that has a polynomial-size monotone circuit (a class which is strictly smaller than the class of monotone functions in P). Around 1990 Rudich raised the possibility of obtaining secret-sharing for all monotone functions in NP: In order to reconstruct the secret a set of parties must be \"qualified\" and provide a witness attesting to this fact.

Recently, there has been much excitement regarding the possibility of obtaining program obfuscation satisfying the \"indistinguishability obfuscation\" requirement: A transformation that takes a program and outputs an obfuscated version of it so that for any two functionally equivalent programs the output of the transformation is computationally indistinguishable.

Our main result is a construction of a computational secret-sharing scheme for any monotone function in NP assuming the existence of an efficient indistinguishability obfuscator for P and one-way functions. Furthermore, we show how to get the same result but relying on a weaker obfuscator: an efficient indistinguishability obfuscator for CNF formulas.

18:17 [Pub][ePrint] Squaring Algorithms with Delayed Carry Method and Efficient Parallelization, by Vladislav Kovtun and Andrew Okhrimenko

  Increasing amounts of information that needs to be protecting put in claims specific requirements for information security systems. The main goal of this paper is to find ways to increase performance of cryptographic transformation with public key by increasing performance of integers squaring. Authors use delayed carry mechanism and approaches of effective parallelization for Comba multiplication algorithm, which was previously proposing by authors. They use the idea of carries accumulation by addition products of multiplying the relevant machine words in columns. As a result, it became possible to perform addition of such products in the column independently of each other. However, independent accumulation of products and carries require correction of the intermediate results to account for the accumulated carries. Due to the independence of accumulation in the columns, it became possible to parallelize the process of products accumulation that allowed formulating several approaches. In this paper received theoretical estimates of the computational complexity for proposed squaring algorithms. Software implementations of algorithms in C++ allowed receiving practical results of the performance, which are not contrary to theoretical estimates. The authors first proposed applying the method of delayed carry and parallelization techniques for squaring algorithms, which was previously proposing for integer multiplication.