International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

12:17 [Pub][ePrint] Optimal Contracts for Outsourced Computation, by Viet Pham and MHR. Khouzani and Carlos Cid

  While expensive cryptographically verifiable computation aims at defeating malicious agents, many civil purposes of outsourced computation tolerate a weaker notion of security, i.e., ``lazy-but-honest\'\' contractors. Targeting this type of agents, we develop optimal contracts for outsourcing of computational tasks via appropriate use of rewards, punishments, auditing rate, and ``redundancy\'\'. Our contracts provably minimize the expense of the outsourcer (principal) while guaranteeing correct computation. Furthermore, we incorporate practical restrictions of the maximum enforceable fine, limited and/or costly auditing, and bounded budget of the outsourcer. By examining the optimal contracts, we provide insights on how resources should be utilized when auditing capacity and enforceability are limited. Finally, we present a light-weight cryptographic implementation of the contracts and discuss a comparison across different implementations of auditing in outsourced computation.

11:42 [News] Fellows 2014

  The IACR Fellows 2014 have been announced:
  • Ran Canetti
  • Antoine Joux
  • Eyal Kushilevitz
  • Moti Yung

06:59 [Event][New] CryptoBG*2014: CryptoBG*2014: Cryptology and Cyber Resilience

  Submission: 15 June 2014
Notification: 25 June 2014
From July 20 to July 27
Location: Oriahovitza, Bulgaria
More Information:

06:59 [Event][New] UbiCrypt Summer School crypt@b-it 2014

  Submission: 1 July 2014
From July 28 to August 1
Location: Bochum, Germany
More Information:

12:17 [Pub][ePrint] New Results in the Linear Cryptanalysis of DES, by Igor Semaev

  Two open problems on using Matsui\'s Algorithm 2 with multiple linear approximations posed earlier by Biryukov, De Canni$\\grave{\\hbox{e}}$re and M. Quisquater at Crypto\'04 are solved in the present paper. That improves the linear cryptanalysis of 16-round DES reported by Matsui at Crypto\'94.

12:17 [Pub][ePrint] Nothing is for Free: Security in Searching Shared & Encrypted Data, by Qiang Tang

  Most existing symmetric searchable encryption schemes aim at allowing a user to outsource her encrypted data to a cloud server and delegate the latter to search on her behalf. These schemes do not qualify as a secure and scalable solution for the multi-party setting, where users outsource their encrypted data to a cloud server and selectively authorize each other to search. Due to the possibility that the cloud server may collude with some malicious users, it is a challenge to have a secure and scalable multi-party searchable encryption (MPSE) scheme. This is shown by our analysis on the Popa-Zeldovich scheme, which says that an honest user may leak all her search patterns even if she shares only one of her documents with another malicious user. Based on our analysis, we present a new security model for MPSE by considering the worst-case and average-case scenarios, which capture different server-user collusion possibilities. We then propose a MPSE scheme by employing the bilinear property of Type-3 pairings, and prove its security based on the Bilinear Diffie-Hellman Variant (BDHV) and Symmetric eXternal Diffie-Hellman (SXDH) assumptions in the random oracle model.

12:17 [Pub][ePrint] Forging Attacks on two Authenticated Encryptions COBRA and POET, by Mridul Nandi

  In FSE 2014, an authenticated encryption mode COBRA [4], based on pseudorandom permutation (PRP) blockcipher, and POET [3], based on Almost XOR-Universal (AXU) hash and strong pseudorandom permutation (SPRP), were proposed. Few weeks later, COBRA mode and a simple

variant of the original proposal of POET (due to a forging attack [13] on the original proposal) with AES as an underlying blockcipher, were submitted in CAESAR, a competition [1] of authenticated encryption

(AE). In this paper we show a forging attack on the mode COBRA based on any n-bit blockcipher. Our attack on COBRA requires about O(n) queries with success probability about 1/2. This disproves the

claim proved in FSE 2014 paper. We also show both privacy and forging attack on the parallel version of POET, denoted POET-m. We can also recover some derived key of the construction. In case of the

modes POET or POE (the underlying modes for encryption), we show one query distinguishing attack when we instantiate the underlying AXU-hash function with some other AXU hash function, namely

uniform random involution. Thus, our result violates the designer\'s main claim (Theorem 8.1 in [1]). However, the attacks can not be extended directly for the specific choices of existing submitted versions to the CAESAR competition.

12:17 [Pub][ePrint] Deleting Secret Data with Public Verifiability, by Feng Hao and Dylan Clarke and Avelino Francisco Zorzo

  The problem of secure data erasure has been extensively studied in the past with a rich body of literature available. All existing software-based solutions can be summarized as following the same one-bit-return protocol: the deletion program performs data erasure and returns either success or failure. However, such a one-bit-return protocol turns the data deletion system into a black box -- the user has to trust the outcome but cannot easily verify it. This is especially problematic when the deletion program is encapsulated within a Trusted Platform Module (TPM), and the user has no access to the code inside.

In this paper, we initiate a study on how to delete secret data with public verifiability. This is a subject that has not been investigated before, partly because it seems intuitively impossible. In this paper, we show a solution is possible by applying appropriate cryptographic primitives. Based on combining DHIES, Chaum-Pedersen Zero Knowledge Proof and ECDSA, we present a Secure Storage and Erasure (SSE) protocol. The key idea in our solution is based on a ``trust-but-verify\'\' paradigm, which is generally applicable to many security problems but has been largely neglected in the field of secure data deletion. Finally, we present a concrete implementation of the SSE system to demonstrate its practical feasibility.

18:33 [Job][New] Post-Doc, Cryptology Group, CWI, Amsterdam, The Netherlands

  The CWI Cryptology Group is opening a position for a research staff member (post-doc). We encourage candidates with an excellent research track-record in (theoretical) cryptology, preferably with substantial emphasis on its mathematical aspects, to apply.

Excellent candidates whose research has emphasized the interface between theory of computation and discrete mathematics (e.g., (algorithmic) coding theory) may also consider to apply if active interests in pursuing cryptologic research can be shown.

The initial appointment is for 1 year, with a possible extension of (at least) 1 year. Review of applications starts immediately until the position is filled. The starting date is negotiable.

13:11 [Job][New]


09:17 [Pub][ePrint] A mechanical approach to derive identity-based protocols from Diffie-Hellman-based protocols, by Kim-Kwang Raymond Choo and Junghyun Nam and Dongho Won

  We describe a mechanical approach to derive identity-based (ID-based) protocols from existing Diffie-Hellman-based ones. As case studies, we present the ID-based versions of the Unified Model protocol, UMP-ID, Blake-Wilson, Johnson & Menezes (1997)\'s protocol, BJM-ID, and Krawczyk (2005)\'s HMQV protocol, HMQV-ID. We describe the calculations required to be modified in existing proofs. We conclude with a comparative security and efficiency of the three proposed ID-based protocols (relative to other similar published protocols) and demonstrate that our proposed ID-based protocols are computationally efficient.