International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

18:17 [Pub][ePrint] Private Database Access With HE-over-ORAM Architecture, by Craig Gentry and Shai Halevi and Charanjit Jutla and Mariana Raykova

  Enabling private database queries is an important and challenging research problem with many real-world applications. The goal is for the client to obtain the results of its queries without learning anything else about the database, while the outsourced server learns nothing about the queries or data, including access patterns. The secure-computation-over-ORAM architecture offers a promising approach to this problem, permitting sub-linear time processing of the queries (after pre-processing) without compromising security.

In this work we examine the feasibility of this approach, focusing specifically on secure-computation protocols based on somewhat-homomorphic encryption (SWHE). We devised and implemented secure two-party protocols in the semi-honest model for the path-ORAM protocol of Stefanov et al. This provides access by index or keyword, which we extend (via pre-processing) to limited conjunction queries and range queries. Some of our sub-protocols may be interesting in their own right, such as our new protocols for encrypted comparisons and blinded permutations.

We implemented our protocols on top of the HElib homomorphic encryption library. Our basic single-threaded implementation takes about 30 minutes to process a query on a database with $2^{22}$ records and 120-bit long keywords, providing a cause for optimism about the viability of this direction, and we expect a better optimized implementation to be much faster.

18:17 [Pub][ePrint] Time-Memory Trade-offs for Index Calculus in Genus 3, by Kim Laine and Kristin Lauter

  In this paper, we present a variant of Diem\'s $\\widetilde{O}(q)$ index calculus algorithm to attack the discrete logarithm problem (DLP) in Jacobians of genus 3 non-hyperelliptic curves over a finite field $\\mathbb{F}_q$. We implement this new variant in C++ and study the complexity in both theory and practice, making the logarithmic factors and constants hidden in the $\\widetilde{O}$-notation precise.

Our variant improves the computational complexity at the cost of a moderate increase in memory consumption, but we also improve the computational complexity even when we limit the memory usage to that of Diem\'s original algorithm. Finally, we examine how parallelization can help to reduce both the memory cost per computer and the running time for our algorithms.

18:17 [Pub][ePrint] One-Way Functions and (Im)perfect Obfuscation, by Ilan Komargodski and Tal Moran and Moni Naor and Rafael Pass and Alon Rosen and Eylon Yogev

  A program obfuscator takes a program and outputs an \"scrambled\" version of it, where the goal is that the obfuscated program will not reveal much

about its structure beyond what is apparent from executing it. There are several ways of formalizing this goal. Specifically, in

indistinguishability obfuscation, first defined by Barak et al. (CRYPTO 2001), the requirement is that the results of obfuscating any two

functionally equivalent programs (circuits) will be computationally indistinguishable. Recently, a fascinating candidate construction for

indistinguishability obfuscation was proposed by Garg et al. (FOCS 2013). This has led to a flurry of discovery of intriguing constructions of

primitives and protocols whose existence was not previously known (for instance, fully deniable encryption by Sahai and Waters, STOC 2014). Most

of them explicitly rely on additional hardness assumptions, such as one-way functions.

Our goal is to get rid of this extra assumption. We cannot argue that indistinguishability obfuscation of all polynomial-time circuits implies

the existence of one-way functions, since if $P = NP$, then program obfuscation (under the indistinguishability notion) is possible. Instead, the

ultimate goal is to argue that if $P \\neq NP$ and program obfuscation is possible, then one-way functions exist.

Our main result is that if $NP \\not\\subseteq ioBPP$ and there is an efficient (even imperfect) indistinguishability obfuscator, then there are

one-way functions. In addition, we show that the existence of an indistinguishability obfuscator implies (unconditionally) the existence of SZK-

arguments for NP. This, in turn, provides an alternative version of our main result, based on the assumption of hard-on-the average NP problems.

To get some of our results we need obfuscators for simple programs such as CNF formulas.

18:17 [Pub][ePrint] A Simple Cast-as-Intended E-Voting Protocol by Using Secure Smart Cards, by Helger Lipmaa

  We propose a simple cast-as-intended remote e-voting protocol where the security is based on the use of secure (and trusted) smart cards that incorporate incard numeric keyboards and LCD displays, and can perform a limited number of cryptographic operations (like encryption, signing, and random number generation). The protocol, while very simple, is significantly more secure (in the sense of ``cast-as-intended\'\') and convenient to use than the e-voting protocol currently used in Norway. The protocol is developed primarily with the idea of deploying it in Estonia within the next $3$ to $10$ years. Since in Estonia, a vast majority of the population already has ID-cards with digital signing and authentication functionality, and the use of ID-cards is a required prerequisite to participate in Estonian e-voting anyway, our assumption of every voter having a secure hardware token makes sense in this concrete context.

18:17 [Pub][ePrint] Zerocash: Decentralized Anonymous Payments from Bitcoin, by Eli Ben-Sasson and Alessandro Chiesa and Christina Garman and Matthew Green and Ian Miers and Eran Tromer and Madars Virza

  Bitcoin is the first digital currency to see widespread adoption. While payments are conducted between pseudonyms, Bitcoin cannot offer strong privacy guarantees: payment transactions are recorded in a public decentralized ledger, from which much information can be deduced. Zerocoin (Miers et al., IEEE S&P 2013) tackles some of these privacy issues by unlinking transactions from the payment\'s origin. Yet, it still reveals payments\' destinations and amounts, and is limited in functionality.

In this paper, we construct a full-fledged ledger-based digital currency with strong privacy guarantees. Our results leverage recent advances in zero-knowledge Succinct Non-interactive ARguments of Knowledge (zk-SNARKs).

First, we formulate and construct decentralized anonymous payment schemes (DAP schemes). A DAP scheme enables users to directly pay each other privately: the corresponding transaction hides the payment\'s origin, destination, and transferred amount. We provide formal definitions and proofs of the construction\'s security.

Second, we build Zerocash, a practical instantiation of our DAP scheme construction. In Zerocash, transactions are less than 1 kB and take under 6 ms to verify --- orders of magnitude more efficient than the less-anonymous Zerocoin and competitive with plain Bitcoin.

18:17 [Pub][ePrint] Distributed Smooth Projective Hashing and its Application to Two-Server PAKE, by Franziskus Kiefer and Mark Manulis

  Smooth projective hash functions have been used as building block for various cryptographic applications, in particular for password-based authentication.

In this work we propose the extended concept of distributed smooth projective hash functions where the computation of the hash value is distributed across $n$ parties and show how to instantiate the underlying approach for languages consisting of Cramer-Shoup ciphertexts.

As an application of distributed smooth projective hashing we build a new framework for the design of two-server password authenticated key exchange protocols, which we believe can help to \"explain\" the design of earlier two-server password authenticated key exchange protocols.

14:43 [Job][New] Ph.D. / M.Sc. Scholarships and Summer Internship, Cryptography, Security, and Privacy Research Group, Koç University, Istanbul, Turkey

  Cryptography, Security & Privacy Research Group at Koç University has multiple openings for both M.Sc. and Ph.D. level applications. All accepted applicants will receive competitive scholarships including tuition waiver, housing, monthly stipend, computer, travel support, etc.

For more information about our group and projects, visit

For questions, contact Asst. Prof. Alptekin Küpçü

For applying online, and questions about the application-process, visit

For summer internship opportunities, visit

08:00 [Job][New] Professor in Cryptography (W1 - non-tenured), Ruhr-Universität Bochum, Germany

  The Ruhr-Universität Bochum (RUB) is one of Germany’s leading research universities with more than 50 scientists working in IT-security and cryptography. The Faculty of Mathematics invites applications for the position of a Junior Professor (W1) in Cryptography to start as soon as possible.

The future holder of the position will represent the subject in research and teaching.

We are seeking a candidate with an excellent research record in cryptography, in particular in theoretical cryptography, provable security, protocols, or secure multi-party computation.

The position is non-tenured with an initial appointment for 3 years, and renewable for another 3 years after a positive mid-term review.

Candidates for the professorship are expected to have strong leadership qualities, particularly

• excellent level of commitment in academic teaching

• willingness to participate in interdisciplinary research

• willingness and ability to attract externally funded research projects

• or to contribute to joint research projects of the department.

09:17 [Pub][ePrint] LCPR: High Performance Compression Algorithm for Lattice-Based Signatures and Schnorr-like Constructions, by Rachid El Bansarkhani and Johannes Buchmann

  We present a novel and generic construction of a lossless compression algorithm for Schnorr-like signatures utilizing publicly accessible randomness. This strategy is from a mathematical and algorithmic point of view very interesting, since it is closely related to vector quantization techniques used for audio and video compression. Conceptually, exploiting public randomness in order to reduce the signature size has never been considered in cryptographic applications. This opens new directions for improving existing signature schemes. We illustrate the applicability of our compression algorithm using the examples of current-state-of-the-art signature schemes such as the efficient constructions due to Lyubashevsky et al. and the GPV signature scheme instantiated with the efficient trapdoor construction from Micciancio and Peikert. Both schemes benefit from increasing the main security parameter $n$, which is positively correlated with the compression rate measuring the amount of storage savings. For instance, GPV signatures admit improvement factors of approximately $\\lg n$ implying compression rates of about $65$\\% for practical parameters without suffering loss of information or decrease in security, meaning that the original signature can always be recovered from its compressed state. Similarly, for signatures generated according to the scheme due to G\\\"uneysu et al. we achieve compression rates of approximately $60$\\% and even $73$\\%, when combining with previous compression algorithms. As a further interesting result, we propose a generic unrestricted aggregate signature scheme.

09:17 [Pub][ePrint] Shadow Numbers Public Key Encryption, by John Almeida

  The present public key encryption in this paper involves the use of two values and they are the shadows values of a base value, and the base value is derived from the two shadows values. Whenever two integer values (first shadow value and second shadow value) are multiplied producing a product value and the value of one is subtracted from the product value a first base value is derived and it is the first base value of the two shadows values. The derived first base value may be divided by any divisor that it may be divided with which produces a positive integer quotient result and zero for the remainder. All values that are used in the division and the quotient result are bases values for the chosen shadow value-pair. Then one of the base values is chosen along with the two chosen shadows values and they comprise a triplet values that represent the public key to encrypt a message and the private key to decrypt the encrypted message.

09:17 [Pub][ePrint] Private Predictive Analysis on Encrypted Medical Data, by Joppe W. Bos and Kristin Lauter and Michael Naehrig

  Increasingly, confidential medical records are being stored in data centers hosted by hospitals or large companies. As sophisticated algorithms for predictive analysis on medical data continue to be developed, it is likely that, in the future, more and more computation will be done on private patient data. While encryption provides a tool for assuring the privacy of medical information, it limits the functionality for operating on such data. Conventional

encryption methods used today provide only very restricted possibilities or none at all to operate on encrypted data without decrypting it first. Homomorphic encryption provides a tool for

handling such computations on encrypted data, without decrypting the data, and without even needing the decryption key.

In this paper, we discuss possible application scenarios for homomorphic encryption in order to ensure privacy of sensitive medical data. We describe how to privately conduct predictive analysis tasks on encrypted data using homomorphic encryption. As a proof of concept, we present a working implementation of a prediction service running in the cloud (hosted on Microsoft\'s Windows Azure), which takes as input private encrypted health data, and returns the probability of suffering cardiovascular disease in encrypted form. Since the cloud service uses homomorphic encryption, it makes this prediction while handling only encrypted data, learning nothing about

the submitted confidential medical data.