International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

00:17 [Pub][ePrint] Privacy-Enhancing Proxy Signatures from Non-Interactive Anonymous Credentials, by David Derler and Christian Hanser and Daniel Slamanig

  Proxy signatures enable an originator to delegate the signing rights for a restricted set of messages to a proxy. The proxy is then able to produce valid signatures only for messages from this delegated set on behalf of the originator. Recently, two variants of privacy-enhancing proxy signatures, namely blank signatures and warrant-hiding proxy signatures, have been introduced. In this context, privacy-enhancing means that a verifier of a proxy signature does not learn anything about the delegated message set beyond the message being presented for verification.

We observe that this principle bears similarities with functionality provided by anonymous credentials. Inspired by this observation, we examine black-box constructions of the two aforementioned proxy signatures from non-interactive anonymous credentials, i.e., anonymous credentials with a non-interactive showing protocol, and show that the so obtained proxy signatures are secure if the anonymous credential system is secure. Moreover, we present two concrete instantiations using well-known representatives of anonymous credentials, namely Camenisch-Lysyanskaya (CL) and Brands\' credentials.

While constructions of anonymous credentials from signature schemes with particular properties, such as CL signatures or structure-preserving signatures, as well as from special variants of signature schemes, such as group signatures, sanitizable and indexed aggregate signatures, are known, this is the first paper that provides constructions of special variants of signature schemes, i.e., privacy-enhancing proxy signatures, from anonymous credentials.

09:09 [Event][New] STM 2014: 10th International Workshop on Security and Trust Management

  Submission: 13 June 2014
Notification: 21 July 2014
From September 10 to September 11
Location: Wroclaw, Poland
More Information:

09:10 [Event][New] SSP: IEEE Symposium on Security and Privacy

  Submission: 15 November 2013
From May 18 to May 21
Location: San Jose, United States
More Information:

09:09 [Event][New] AsiaJCIS 2014: 9th Asia Joint Conference on Information Security (AsiaJCIS 2014) 9th Asia

  Submission: 21 May 2014
Notification: 2 July 2014
From September 3 to September 5
Location: Wuhan, China
More Information:

09:09 [Job][New] Full-Time PhD Position in Privacy-Preserving Data Mining, University of Twente, the Netherlands


The Centre for Telematics and Information Technology (CTIT) at the University of Twente invites applications for a 4-year PhD position in “privacy-preserving data mining in electronic health records” starting immediately. The position is funded by the THeCS project (Trusted HealthCare Services) as part of the Dutch national program COMMIT (

The PhD candidate will be supervised by Dr. Andreas Peter and Prof. Pieter Hartel from the Services, Cybersecurity and Safety Group ( and by Prof. Willem Jonker from the Database Group ( of the University of Twente. The candidate will be expected to do active and internationally visible research in privacy-enhancing technologies for electronic health records with a focus on privacy-preserving data mining. The PhD candidate will be appointed for a period of four years, at the end of which he/she must have completed a PhD thesis. During this period, the PhD student has the opportunity to broaden his/her knowledge by joining international exchange programs, to participate in national and international conferences and workshops, and to visit other research institutes and universities worldwide.

Successful candidates must hold an outstanding M.Sc. degree (or equivalent) from the university study of Computer Science, Mathematics, or similar. Applications from students that are about to finish their master thesis will be accepted as well. The candidate is expected to have excellent skills in the English language.

The position will be closed as soon as a suitable candidate is found. Applications must include:

  • CV and academic transcript (with grades)
  • motivation letter (including a description of prior activities with relevance to security and privacy)
  • two references or letters of recommendation
  • <

09:08 [Job][New] Post-doctoral research fellow, Queensland University of Technology, Brisbane, Australia


The Information Security discipline at the Queensland University of Technology (QUT) in Brisbane, Australia, invites applications for a 16-month post-doctoral researcher position in cryptography starting by September 2014. The focus of the position is on analyzing and characterizing the overall security of real-world cryptographic protocols such as TLS, and designing next-generation protocols. We are looking for outstanding candidates with experience in cryptographic modelling, provable security, and/or key exchange protocols. The position is supported by an Australia Research Council (ARC) Discovery Project grant.

Applicants should have recently completed, be under examination for, or be close to submitting a PhD. Starting salary is between AUD$58,903 and $79,926 per annum, plus 17% pension contribution. Funds for relocation and travel will also be available.

QUT\\\'s Science and Engineering Faculty has an active and growing group with research strengths in cryptography, network security, and digital forensics, with a leading national profile and strong international links. QUT is investing heavily in science and technology research, with a new $240 million facility in the heart of Brisbane\\\'s central business district housing many interdisciplinary research groups, including information security. Brisbane is a city of 2 million people with a high quality of living, and many of Queensland\\\'s stunning beaches and wilderness are less than half an hour away.

Applications must be submitted through the QUT Jobs website listed below.

09:08 [Job][New] Cryptographer, USMobile, Inc., North America

  USMobile products secure mobile communications for businesses, government and individuals. More specifically, USMobile products represent a major advance towards the protection of information (voice, video & data) as it travels over the Internet between mobile phones and the Cloud (i.e.- Data Centers).

The Company will release Scrambl3, its first product, in July 2014 that represents the first commercial implementation of the NSA\\\'s \\\'Fishbowl\\\' project. Two independent layers of Suite B encryption algorithms and Internet protocols are employed to create a \\\"Private Mobile Network.\\\" Visit The site is password protected at this time, so use the following credentials: Name: testuser Password: testpasswd

00:17 [Pub][ePrint] Impossible differential cryptanalysis of LBlock with concrete investigation of key scheduling algorithm, by Jiageng Chen, Yuichi Futa, Atsuko Miyaji, Chunhua Su

  Impossible differential cryptanalysis has been proved to be one of the most powerful techniques to attack block ciphers. Based on the impossible differential paths, we can usually add several rounds before or after to launch the key recovery attack. Impossible differential cryptanalysis is powerful not only because the number of rounds it can break is very competitive compared to other attacks, but also unlike differential attacks which are statistical attacks in the essential, impossible differential analysis does not require many statistical assumptions. In this paper, we investigate the key recovery attack part of the impossible differential cryptanalysis. We point out that when taking the (non-linear) key scheduling algorithm into consideration, we can further derive the redundancy among the subkeys, and thus can filter the wrong key at a rather early stage. This can help us control the time complexity and increase the number of rounds we can attack. As an application, we analyze recently proposed lightweight block cipher LBlock, and as a result, we can break 23 rounds with complexity $2^{77.4}$ encryptions without using the whole code block, which is by far the best attack against this cipher.

00:17 [Pub][ePrint] Witness Encryption from Instance Independent Assumptions, by Craig Gentry and Allison Bishop Lewko and Brent Waters

  Witness encryption was proposed by Garg, Gentry, Sahai, and Waters as

a means to encrypt to an instance, x, of an NP language and produce

a ciphertext. In such a system, any decryptor that knows of a witness w that

x is in the language can decrypt the ciphertext and learn the

message. In addition to proposing the concept, their work provided a candidate for a witness encryption scheme built using multilinear encodings. However, one

significant limitation of the work is that the candidate had no proof

of security (other than essentially assuming the scheme secure).

In this work we provide a proof framework for proving witness

encryption schemes secure under instance independent assumptions. At the

highest level we introduce the abstraction of positional witness

encryption which allows a proof reduction of a witness encryption

scheme via a sequence of 2^n hybrid experiments where n is the

witness length of the NP-statement. Each hybrid step proceeds by

looking at a single witness candidate and using the fact that it does not

satisfy the NP-relation to move the proof forward.

We show that this isolation strategy enables one to create a

witness encryption system that is provably secure from assumptions that

are (maximally) independent of any particular encryption instance.

We demonstrate the viability of our approach by implementing this strategy using

level n-linear encodings where n is the witness length. Our

complexity assumption has approximately n group elements,

but does not otherwise depend on the NP-instance x.

00:17 [Pub][ePrint] Weak instances of composite order protocols, by Sorina Ionica and Malika Izabachène

  In pairing-based cryptography, the security of protocols using composite order groups relies on the difficulty of factoring a composite number N. Boneh et al. proposed the Cocks-Pinch method to construct ordinary pairing-friendly elliptic curves having a subgroup of composite order N. Displaying such a curve as a public parameter implies revealing a square root of the complex multiplication discriminant -D modulo N. We exploit this information leak and the structure of the endomorphism ring of the curve to factor the RSA modulus, by computing a square root \\lambda of -D modulo one of its factors. Our attack is based on a generic discrete logarithm algorithm. We recommend that \\lambda should be chosen as a high entropy input parameter when running the Cocks-Pinch algorithm, in order to ensure protection from our attack.

00:17 [Pub][ePrint] Identity-based encryption and digital signature schemes using extended chaotic maps, by SK Hafizul Islam

  This paper designed a new extended chaotic map-based Identity-based encryption (ECM-IBE) scheme and Identity-based digital signature (ECM-IDS) scheme using extended chaotic maps. The security of the ECM-IBE scheme is based on the hardness assumption of chaotic maps-based decisional Diffie-Hellman (CDDH) problem, whereas the ECM-IDS scheme is secure based on the difficulties of chaotic maps-based discrete logarithm (CDL) problem.