Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:
To receive your credentials via mail again, please click here.
You can also access the full news archive.
In this paper, we construct a full-fledged ledger-based digital currency with strong privacy guarantees. Our results leverage recent advances in zero-knowledge Succinct Non-interactive ARguments of Knowledge (zk-SNARKs).
First, we formulate and construct decentralized anonymous payment schemes (DAP schemes). A DAP scheme enables users to directly pay each other privately: the corresponding transaction hides the payment\'s origin, destination, and transferred amount. We provide formal definitions and proofs of the construction\'s security.
Second, we build Zerocash, a practical instantiation of our DAP scheme construction. In Zerocash, transactions are less than 1 kB and take under 6 ms to verify --- orders of magnitude more efficient than the less-anonymous Zerocoin and competitive with plain Bitcoin.
In this work we propose the extended concept of distributed smooth projective hash functions where the computation of the hash value is distributed across $n$ parties and show how to instantiate the underlying approach for languages consisting of Cramer-Shoup ciphertexts.
As an application of distributed smooth projective hashing we build a new framework for the design of two-server password authenticated key exchange protocols, which we believe can help to \"explain\" the design of earlier two-server password authenticated key exchange protocols.
For more information about our group and projects, visit
For questions, contact Asst. Prof. Alptekin Küpçü
For applying online, and questions about the application-process, visit
For summer internship opportunities, visit
The future holder of the position will represent the subject in research and teaching.
We are seeking a candidate with an excellent research record in cryptography, in particular in theoretical cryptography, provable security, protocols, or secure multi-party computation.
The position is non-tenured with an initial appointment for 3 years, and renewable for another 3 years after a positive mid-term review.
Candidates for the professorship are expected to have strong leadership qualities, particularly
• excellent level of commitment in academic teaching
• willingness to participate in interdisciplinary research
• willingness and ability to attract externally funded research projects
• or to contribute to joint research projects of the department.
encryption methods used today provide only very restricted possibilities or none at all to operate on encrypted data without decrypting it first. Homomorphic encryption provides a tool for
handling such computations on encrypted data, without decrypting the data, and without even needing the decryption key.
In this paper, we discuss possible application scenarios for homomorphic encryption in order to ensure privacy of sensitive medical data. We describe how to privately conduct predictive analysis tasks on encrypted data using homomorphic encryption. As a proof of concept, we present a working implementation of a prediction service running in the cloud (hosted on Microsoft\'s Windows Azure), which takes as input private encrypted health data, and returns the probability of suffering cardiovascular disease in encrypted form. Since the cloud service uses homomorphic encryption, it makes this prediction while handling only encrypted data, learning nothing about
the submitted confidential medical data.
The compiled program tolerates arbitrary independent tampering of the disks. That is, the adversary can tamper with the intermediate values produced by the CPU, and the program code of the compiled primitive on the public disk. In addition, it tolerates bounded independent leakage from the disks and continuous leakage from the communication channels between the disks and the CPU.
Although it is required that the circuit of the CPU is tamper and leakage proof, its design is independent of the actual primitive being computed and its internal storage is non-persistent, i.e., all secret registers are reset between invocations. Hence, our result can be interpreted as reducing the problem of shielding arbitrary complex computations to protecting a single, simple and ``universal\'\' component. As a main ingredient of our construction we use continuous
non-malleable codes that satisfy certain additional properties.