International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

15:17 [Pub][ePrint] Cofactorization on Graphics Processing Units, by Andrea Miele, Joppe W. Bos, Thorsten Kleinjung, and Arjen K. Lenstra

  We show how the cofactorization step, a compute-intensive part of the relation collection phase of the number field sieve (NFS), can be farmed out to a graphics processing unit. Our implementation on a GTX 580 GPU, which is integrated with a state-of-the-art NFS implementation, can serve as a cryptanalytic co-processor for several Intel i7-3770K quad-core CPUs simultaneously. This allows those processors to focus on the memory-intensive sieving and results in more useful NFS-relations found in less time.

06:23 [Job][New] Lecturer/Senior Lecturer in Cyber Security
(equiv. to Assistant/Associate Professor), Surrey Centre for Cyber Security, Department of Computing, University of Surrey, Guildford, UK

  Department of Computing at University of Surrey is currently seeking to make an appointment at Lecturer (equiv. to Assistant Professor) or Senior Lecturer (equiv. to Associate Professor) level in Cyber Security to support the Department’s continued growth by complementing our existing research strengths and contributing to the research leadership within the Department, to play a leading role in the recently established interdisciplinary Surrey Centre for Cyber Security (SCCS) and to contribute to the new MSc Information Security programme.

Applications are welcome particularly in the areas of Software Security, Web and Network Security, System Security, Applied Cryptography and Protocols, Privacy and Data Protection, Multimedia Security, Digital Forensics, and Human-Centred Security.

The Department is research-led with around 70 RAs and PhD students, and is attracting growing research support from funding bodies such as the UK Research Councils, UK Technology Strategy Board (TSB), the EU-IST, and also private foundations e.g. The Leverhulme Trust. Major IT, telecommunication, defence and security organisations are sponsoring research in the Department.

Applicants at the Lecturer level should have a relevant PhD, a developing track record in publication with demonstrable high potential in high-quality research and teaching. Applicants at the Senior Lecturer level will have an international research profile, a significant track record of high-quality publications in leading journals and conference proceedings, and experience in a leadership or development role in high quality teaching. A record in attracting research funding would be an advantage.

Closing date for applications is 30 June 2014. The post is to start in September 2014 or as soon as possible thereafter.

18:17 [Pub][ePrint] Improved Cryptanalysis on Reduced-Round GOST and Whirlpool Hash Function (Full Version), by Bingke Ma and Bao Li and Ronglin Hao and Xiaoqian Li

  The GOST hash function family has served as the new Russian national hash standard (GOST R 34.11-2012) since January 1, 2013, and it has two members, $i.e.$, GOST-256 and GOST-512 which correspond to two different output lengths. Most of the previous analyses of GOST emphasize on the compression function rather than the hash function. In this paper, we focus on security properties of GOST under the hash function setting. First we give two improved preimage attacks on 6-round GOST-512 compared with the previous preimage attack, $i.e.$, a time-reduced attack with the same memory requirements and a memoryless attack with almost identical time. Then we improve the best collision attack on reduced GOST-256 (resp. GOST-512) from 5 rounds to 6.5 (resp. 7.5) rounds. Finally, we construct a limited-birthday distinguisher on 9.5-round GOST using the limited-birthday distinguisher on hash functions proposed at ASIACRYPT 2013. An essential technique used in our distinguisher is the carefully chosen differential trail, which can further exploit freedom degrees in the inbound phase when launching rebound attacks on the GOST compression function. This technique helps us to reduce the time complexity of the distinguisher significantly. We apply this strategy to Whirlpool, an ISO standardized hash function, as well. As a result, we construct a limited-birthday distinguisher on 9-round Whirlpool out of 10 rounds, and reduce the time complexity of the previous 7-round distinguisher. To the best of our knowledge, all of our results are the best cryptanalytic results on GOST and Whirlpool in terms of the number of rounds analyzed under the hash function setting.

18:17 [Pub][ePrint] How Secure is Deterministic Encryption?, by Mihir Bellare and Rafael Dowsley and Sriram Keelveedhi

  This paper presents three curious findings about deterministic public-key encryption (D-PKE) that further our understanding of its security, in particular because of the contrast with standard, randomized public-key encryption (R-PKE):

(1) It would appear to be a triviality, for any primitive, that security in the standard model implies security in the random-oracle model, and it is certainly true, and easily proven, for R-PKE. For D-PKE it is not clear and depends on details of the definition. In particular we can show it in the non-uniform case but not in the uniform case.

(2) The power of selective-opening attacks (SOA) comes from an adversary\'s ability, upon corrupting a sender, to learn not just the message but also the coins used for encryption. For R-PKE, security is achievable. For D-PKE, where there are no coins, one\'s first impression may be that SOAs are vacuous and security should be easily achievable. We show instead that SOA-security is impossible, meaning no D-PKE scheme can achieve it.

(3) For R-PKE, single-user security implies multi-user security, but we show that there are D-PKE schemes secure for a single user and insecure with two users.

18:17 [Pub][ePrint] Logic Synthesis based Public Key Scheme, by Boaz Shahar

  This article proposes a method for the construction of a public key system that is based on VLSI logic synthesis algorithms. First, we discuss the properties of VLSI logic synthesis algorithms. Then we view them in the context of cryptographic primitives. Then we propose a public key encryption system and finally discuss its security properties.

18:17 [Pub][ePrint] Attacks on Lin\'s Mobile Dynamic Identity-based Authenticated Key Agreement Scheme using Chebyshev Chaotic Maps, by SK Hafizul Islam

  In 2014, Lin proposed an authentication system with dynamic identity of the user for low-power mobile devices using Chebyshev chaotic map. The scheme is proposed to provide mutual authentication and session key agreement between a remote server and its legitimate user. The scheme provides user anonymity and untracibility, and resilience from many cryptographic attacks. However, the author of this paper showed that Lin\'s scheme is no longer usable for practical applications as (i) it cannot verify the wrong identity and password at the user side in the login and password change phases, (ii) it cannot protect user impersonation attack, and (ii) it has the problem of session key forward secrecy.

18:17 [Pub][ePrint] Hyper-and-elliptic-curve cryptography, by Daniel J. Bernstein and Tanja Lange

  This paper introduces \"hyper-and-elliptic-curve cryptography\", in which a single high-security group supports fast genus-2-hyperelliptic-curve formulas for variable-base-point single-scalar multiplication (e.g., Diffie--Hellman shared-secret computation) and at the same time supports fast elliptic-curve formulas for fixed-base-point scalar multiplication (e.g., key generation) and multi-scalar multiplication (e.g., signature verification).

18:17 [Pub][ePrint] Efficient Adaptively Secure IBBE from Standard Assumptions, by Somindu C. Ramanna and Palash Sarkar

  This paper describes the first construction of efficient identity-based broadcast encryption (IBBE) schemes which

can be proved secure against adaptive-identity attacks based on standard assumptions. The constructions are

obtained by extending the currently known most efficient identity-based encryption scheme proposed by Jutla

and Roy in 2013. Ciphertext size and user storage compare favourably to previously known constructions. The

new constructions fill both a practical and a theoretical gap in the literature on efficient IBBE schemes.

18:17 [Pub][ePrint] Using Indistinguishability Obfuscation via UCEs, by Christina Brzuska and Arno Mittelbach

  We provide the first standard model construction for a powerful class of Universal Computational Extractors (UCEs; Bellare et al. Crypto 2013) based on indistinguishability obfuscation. Our construction suffices to instantiate correlation-secure hash functions and universal one-way functions.

For many cryptographic primitives and in particular for correlation-secure hash functions all known constructions are in the random-oracle model. Indeed, recent negative results by Wichs (ITCS 2013) rule out a large class of techniques to prove the security of correlation-secure hash functions in the standard model. Our construction is based on puncturable PRFs (Sahai und Waters; STOC 2014) and indistinguishability obfuscation. However, our proof also relies on point obfuscation under auxiliary inputs (AIPO). This is crucial in light of Wichs\' impossibility result. Namely, Wichs proves that it is often hard to reduce two-stage games (such as UCEs) to a \"one-stage assumption\" such as DDH. In contrast, AIPOs and their underlying assumptions are inherently two-stage and, thus, allow us to circumvent Wichs\' impossibility result.

Our positive result is also noteworthy insofar as Brzuska, Farshim and Mittelbach (Crypto 2014) have shown recently, that iO and some variants of UCEs are mutually exclusive. Our results, hence, validate some of the new UCE notions that emerged as a response to the iO-attack.

18:17 [Pub][ePrint] Privacy-Enhanced Participatory Sensing with Collusion-Resistance and Data Aggregation, by Felix Günther and Mark Manulis and Andreas Peter

  Participatory sensing enables new paradigms and markets for information collection based on the ubiquitous availability of smartphones, but also introduces privacy challenges for participating users and their data. In this work, we review existing security models for privacy-preserving participatory sensing and propose several improvements that are both of theoretical and practical significance.

We first address an important drawback of prior work, namely the lack of consideration of collusion attacks that are highly relevant for such multi-user settings. We explain why existing security models are insufficient and why previous protocols become insecure in the presence of colluding parties. We remedy this problem by providing new security and privacy definitions that guarantee meaningful forms of collusion resistance. We propose new collusion-resistant participatory sensing protocols satisfying our definitions: a generic construction that uses anonymous identity-based encryption (IBE) and its practical instantiation based on the Boneh-Franklin IBE scheme.

We then extend the functionality of participatory sensing by adding the ability to perform aggregation on the data submitted by the users, without sacrificing their privacy. We realize this through an additively-homomorphic IBE scheme which in turn is constructed by slightly modifying the Boneh-Franklin IBE scheme. From a practical point of view, the resulting scheme is suitable for calculations with small sensor readings/values such as temperature measurements, noise levels, or prices, which is sufficient for many applications of participatory sensing.

18:17 [Pub][ePrint] Cryptanalysis of and Improvement on Biometric-based User Authentication Scheme for C/S System, by Younsung Choi, Dongho Won

  Password-based authentication schemes are convenient, but vulnerable to simple dictionary attacks. Cryptographic secret keys are safe, but difficult to memorize. More recently, biometric information has been used for authentication schemes. Das proposed a biometric-based authentication scheme, but it has various vulnerabilities. Jiping et al. improved Das\'s scheme, but some vulnerabilities remain. In this paper, we analyze the cryptanalysis of Jiping et al.\'s authentication scheme and propose the security enhanced biometric-based user authentication scheme for the C/S System.