International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

09:09 [Event][New] AsiaJCIS 2014: 9th Asia Joint Conference on Information Security (AsiaJCIS 2014) 9th Asia

  Submission: 21 May 2014
Notification: 2 July 2014
From September 3 to September 5
Location: Wuhan, China
More Information:

09:09 [Job][New] Full-Time PhD Position in Privacy-Preserving Data Mining, University of Twente, the Netherlands


The Centre for Telematics and Information Technology (CTIT) at the University of Twente invites applications for a 4-year PhD position in “privacy-preserving data mining in electronic health records” starting immediately. The position is funded by the THeCS project (Trusted HealthCare Services) as part of the Dutch national program COMMIT (

The PhD candidate will be supervised by Dr. Andreas Peter and Prof. Pieter Hartel from the Services, Cybersecurity and Safety Group ( and by Prof. Willem Jonker from the Database Group ( of the University of Twente. The candidate will be expected to do active and internationally visible research in privacy-enhancing technologies for electronic health records with a focus on privacy-preserving data mining. The PhD candidate will be appointed for a period of four years, at the end of which he/she must have completed a PhD thesis. During this period, the PhD student has the opportunity to broaden his/her knowledge by joining international exchange programs, to participate in national and international conferences and workshops, and to visit other research institutes and universities worldwide.

Successful candidates must hold an outstanding M.Sc. degree (or equivalent) from the university study of Computer Science, Mathematics, or similar. Applications from students that are about to finish their master thesis will be accepted as well. The candidate is expected to have excellent skills in the English language.

The position will be closed as soon as a suitable candidate is found. Applications must include:

  • CV and academic transcript (with grades)
  • motivation letter (including a description of prior activities with relevance to security and privacy)
  • two references or letters of recommendation
  • <

09:08 [Job][New] Post-doctoral research fellow, Queensland University of Technology, Brisbane, Australia


The Information Security discipline at the Queensland University of Technology (QUT) in Brisbane, Australia, invites applications for a 16-month post-doctoral researcher position in cryptography starting by September 2014. The focus of the position is on analyzing and characterizing the overall security of real-world cryptographic protocols such as TLS, and designing next-generation protocols. We are looking for outstanding candidates with experience in cryptographic modelling, provable security, and/or key exchange protocols. The position is supported by an Australia Research Council (ARC) Discovery Project grant.

Applicants should have recently completed, be under examination for, or be close to submitting a PhD. Starting salary is between AUD$58,903 and $79,926 per annum, plus 17% pension contribution. Funds for relocation and travel will also be available.

QUT\\\'s Science and Engineering Faculty has an active and growing group with research strengths in cryptography, network security, and digital forensics, with a leading national profile and strong international links. QUT is investing heavily in science and technology research, with a new $240 million facility in the heart of Brisbane\\\'s central business district housing many interdisciplinary research groups, including information security. Brisbane is a city of 2 million people with a high quality of living, and many of Queensland\\\'s stunning beaches and wilderness are less than half an hour away.

Applications must be submitted through the QUT Jobs website listed below.

09:08 [Job][New] Cryptographer, USMobile, Inc., North America

  USMobile products secure mobile communications for businesses, government and individuals. More specifically, USMobile products represent a major advance towards the protection of information (voice, video & data) as it travels over the Internet between mobile phones and the Cloud (i.e.- Data Centers).

The Company will release Scrambl3, its first product, in July 2014 that represents the first commercial implementation of the NSA\\\'s \\\'Fishbowl\\\' project. Two independent layers of Suite B encryption algorithms and Internet protocols are employed to create a \\\"Private Mobile Network.\\\" Visit The site is password protected at this time, so use the following credentials: Name: testuser Password: testpasswd

00:17 [Pub][ePrint] Impossible differential cryptanalysis of LBlock with concrete investigation of key scheduling algorithm, by Jiageng Chen, Yuichi Futa, Atsuko Miyaji, Chunhua Su

  Impossible differential cryptanalysis has been proved to be one of the most powerful techniques to attack block ciphers. Based on the impossible differential paths, we can usually add several rounds before or after to launch the key recovery attack. Impossible differential cryptanalysis is powerful not only because the number of rounds it can break is very competitive compared to other attacks, but also unlike differential attacks which are statistical attacks in the essential, impossible differential analysis does not require many statistical assumptions. In this paper, we investigate the key recovery attack part of the impossible differential cryptanalysis. We point out that when taking the (non-linear) key scheduling algorithm into consideration, we can further derive the redundancy among the subkeys, and thus can filter the wrong key at a rather early stage. This can help us control the time complexity and increase the number of rounds we can attack. As an application, we analyze recently proposed lightweight block cipher LBlock, and as a result, we can break 23 rounds with complexity $2^{77.4}$ encryptions without using the whole code block, which is by far the best attack against this cipher.

00:17 [Pub][ePrint] Witness Encryption from Instance Independent Assumptions, by Craig Gentry and Allison Bishop Lewko and Brent Waters

  Witness encryption was proposed by Garg, Gentry, Sahai, and Waters as

a means to encrypt to an instance, x, of an NP language and produce

a ciphertext. In such a system, any decryptor that knows of a witness w that

x is in the language can decrypt the ciphertext and learn the

message. In addition to proposing the concept, their work provided a candidate for a witness encryption scheme built using multilinear encodings. However, one

significant limitation of the work is that the candidate had no proof

of security (other than essentially assuming the scheme secure).

In this work we provide a proof framework for proving witness

encryption schemes secure under instance independent assumptions. At the

highest level we introduce the abstraction of positional witness

encryption which allows a proof reduction of a witness encryption

scheme via a sequence of 2^n hybrid experiments where n is the

witness length of the NP-statement. Each hybrid step proceeds by

looking at a single witness candidate and using the fact that it does not

satisfy the NP-relation to move the proof forward.

We show that this isolation strategy enables one to create a

witness encryption system that is provably secure from assumptions that

are (maximally) independent of any particular encryption instance.

We demonstrate the viability of our approach by implementing this strategy using

level n-linear encodings where n is the witness length. Our

complexity assumption has approximately n group elements,

but does not otherwise depend on the NP-instance x.

00:17 [Pub][ePrint] Weak instances of composite order protocols, by Sorina Ionica and Malika Izabachène

  In pairing-based cryptography, the security of protocols using composite order groups relies on the difficulty of factoring a composite number N. Boneh et al. proposed the Cocks-Pinch method to construct ordinary pairing-friendly elliptic curves having a subgroup of composite order N. Displaying such a curve as a public parameter implies revealing a square root of the complex multiplication discriminant -D modulo N. We exploit this information leak and the structure of the endomorphism ring of the curve to factor the RSA modulus, by computing a square root \\lambda of -D modulo one of its factors. Our attack is based on a generic discrete logarithm algorithm. We recommend that \\lambda should be chosen as a high entropy input parameter when running the Cocks-Pinch algorithm, in order to ensure protection from our attack.

00:17 [Pub][ePrint] Identity-based encryption and digital signature schemes using extended chaotic maps, by SK Hafizul Islam

  This paper designed a new extended chaotic map-based Identity-based encryption (ECM-IBE) scheme and Identity-based digital signature (ECM-IDS) scheme using extended chaotic maps. The security of the ECM-IBE scheme is based on the hardness assumption of chaotic maps-based decisional Diffie-Hellman (CDDH) problem, whereas the ECM-IDS scheme is secure based on the difficulties of chaotic maps-based discrete logarithm (CDL) problem.

00:17 [Pub][ePrint] Design of identity-based digital signature schemes using extended chaotic maps, by SK Hafizul Islam

  Inspired from the Identity-based cryptosystem proposed by Adi Shamir, and Boneh and Franklin, this paper designed a new Identity-based digital signature (ECM-IDS) scheme using extended chaotic maps. The ECM-IDS scheme is secure based on the difficulties of integer factorization problem.

00:17 [Pub][ePrint] New Treatment of the BSW Sampling and Its Applications to Stream Ciphers, by Lin Ding and Chenhui Jin and Jie Guan and Chuanda Qi

  By combining the time-memory-data tradeoff (TMDTO) attack independently proposed by Babbage and Goli\\\'{c} (BG) with the BSW sampling technique, this paper explores to mount a new TMDTO attack on stream ciphers. The new attack gives a wider variety of trade-offs, compared with original BG-TMDTO attack. It is efficient when multiple data is allowed for the attacker from the same key with different IVs, even though the internal state size is twice the key size. We apply the new attack to MICKEY and Grain stream ciphers, and improves the existing TMDTO attacks on them. Our attacks on Grain v1 and Grain-128 stream ciphers are rather attractive in the respect that the online time, offline time and memory complexities are all better than an exhaustive key search, and the amount of keystream needed are completely valid. Finally, we generalize the new attack to a Guess and Determine-TMDTO attack on stream ciphers, and mount a Guess and Determine-TMDTO attack on SOSEMANUK stream cipher with the online time and offline time complexities both equal to $2^{128}$, which achieves the best time complexity level compared with all existing attacks on SOSEMANUK so far.

21:17 [Pub][ePrint] Differential Fault Analysis on SIMON and SPECK ciphers, by Harshal Tupsamudre and Shikha Bisht and Debdeep Mukhopadhyay

  In 2013, the US National Security Agency proposed two new families of lightweight block ciphers: SIMON and SPECK. However, no security analysis was provided for these ciphers. Currently, linear and differential cryptanalytic results for SIMON ciphers are available in the literature, but no fault attacks on these two cipher families have been reported so far. In this paper, we present the first fault attack on SIMON and SPECK families. The attack assumes a fault model that can flip only one bit of the intermediate result. Using this attack the n-bit secret key used in SIMON cipher can be recovered using (n/2) bit faults on an average while the n-bit secret key of SPECK cipher can be recovered using (n/3) bit faults. Furthermore, we demonstrate a more practical attack on SIMON that employs a random byte fault model. This attack retrieves multiple bits of the key depending upon the Hamming weight of the byte fault. The average number of byte faults required to retrieve all n bits of the last round key is (n/8).