International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

17:41 [Job][New] PhD studentship , University of Birmingham, UK

  Applications are invited for a fully funded, four year PhD studentship in the area of embedded security/cryptography for next generation vehicles at the School of Computer Science, University of Birmingham. The studentship is jointly sponsored by Jaguar Land Rover and EPSRC and covers the university fees (UK/EU) and a tax-free annual stipend of £18,0000. The project will additionally provision for a laptop, equipment and travel to attend conferences and workshops.

Research Project:

Modern automotive vehicles have several wireless interfaces, are interconnected with various devices and with the internet. This connectivity adds great functionality but it also introduces a number of security and privacy threats.

This PhD studentship will be focused on improving the security of the next generation electronic vehicle architecture. Develop optimized implementations of cryptographic primitives and protocols for time critical automotive applications.


  • The successful applicant will have at least a strong 2:1 degree in Computer Science, Engineering, Mathematics or a related MSc course as well as excellent programming skills (especially C).
  • A demonstrable interest/background in security, cryptography and/or embedded devices is desirable.
  • International students are encouraged to apply, but the studentship only fully covers UK/EU fees.
  • For non-native English speakers, the university requires IELTS of 6.5 (with no band less than 6.5) or equivalent qualification.
  • The student is expected to collaborate with and visit Jaguar Land Rover on a regular basis.

  • 17:41 [Job][New] Faculty , Istanbul Technical University, Istanbul, Turkey

      The Informatics Institute at Istanbul Technical University (ITU) invites applications from accomplished scholars for several full-time/part time open rank faculty positions in Cyber Security related areas:

    • wireless and network security,

    • secure software,

    • cyber supply chain security,

    • cybersecurity policy,

    • cryptography,

    • multimedia forensics.

    Applicants should have a well-established record of research. Duties of these positions include mainly research and teaching at graduate level. The salaries for these positions are internationally competitive and commensurate with candidates’ qualifications and academic ranks. “Information Security and Cryptography” department is a newly opening division at ITU and the prospective candidates for these positions are supposed to assume duties as early as September, 2015.

    Istanbul Technical University, located at the heart of Istanbul, is one of the most prominent research universities of Turkey. Admission to ITU is highly competitive and the student body is from top scorers of the nationwide university entrance exam. With its well-qualified departments and institutions, ITU provides an excellent research environment for engineers and scientists. As a state university, ITU provides a free of charge health and dental insurance for its faculty members and their families.

    About the application procedure:

    To apply please send your application package including a cover letter, CV, research plan, and the names of 3 or 4 references to:

    hiring (at)

    17:40 [Event][New] ISCTURKEY 2014: International Conference on Information Security and Cryptology

      Submission: 19 July 2014
    From October 17 to October 18
    Location: Istanbul, Turkey
    More Information:

    17:39 [Event][New] WPES 2014: Workshop on Privacy in the Electronic Society

      Submission: 24 July 2014
    Notification: 25 August 2014
    From November 3 to November 3
    Location: Scottsdale, USA
    More Information:

    15:17 [Pub][ePrint] Constructing Abelian Surfaces for Cryptography via Rosenhain Invariants, by Craig Costello and Alyson Deines-Schartz and Kristin Lauter and Tonghai Yang

      This paper presents an algorithm to construct cryptographically strong genus 2 curves and their Kummer surfaces via Rosenhain invariants and related Kummer parameters. The most common version of the complex multiplication (CM) algorithm for constructing cryptographic curves in genus 2 relies on the well-studied Igusa invariants and Mestre\'s algorithm for reconstructing the curve. On the other hand, the Rosenhain invariants typically have much smaller height, so computing them requires less precision, and in addition, the Rosenhain model for the curve can be written down directly given the Rosenhain invariants. Similarly, the parameters for a Kummer surface can be expressed directly in terms of rational functions of theta constants.

    CM-values of these functions are algebraic numbers, and when computed to high enough precision, LLL can recognize their minimal polynomials. Motivated by fast cryptography on Kummer surfaces, we investigate a variant of the CM method for computing cryptographically strong Rosenhain models of curves (as well as their associated Kummer surfaces) and use it to generate several example curves at different security levels that are suitable for use in cryptography.

    15:17 [Pub][ePrint] Note of Multidimensional MITM Attack on 25-Round TWINE-128, by Long Wen and Meiqin Wang and Andrey Bogdanov and Huaifeng Chen

      TWINE is a lightweight block cipher proposed in SAC 2012 by Suzaki et al. TWINE operates on 64-bit block and supports 80 or 128-bit key, denoted as TWINE-80 and TWINE-128 respectively. TWINE has attracted some attention since its publication and its security has been analyzed against several cryptanalytic techniques in both single-key and related-key settings. In the single-key setting, the best attack so far is reported by Bozta\\c{s} et al. at LightSec\'13, where a splice-and-cut attack on 21-round TWINE-128 and a multidimensional meet-in-the-middle (MITM) attack on 25-round TWINE-128 are presented. Yet, the evaluation of the time complexity of the multidimensional MITM attack on 25-round TWINE-128 is somehow controversial in the way we understand. We here describe the attack in detail and explains our concerns about the time complexity of the attack. And it turns out that the multidimensional MITM attack on 25-round TWINE-128 may have a time complexity higher than exhaustive search.

    15:17 [Pub][ePrint] Efficient Authentication and Pseudorandomness from Weaker (Ring-)LPN Assumptions, by Ivan Damg{\\aa}rd and Sunoo Park and Sarah Zakarias

      We propose a two new approaches to authentication based on the (ring-)LPN problem. In contrast to all known approaches, we can use a noise rate for the LPN problem that is arbitrarily close to 1/2, without this affecting the communication complexity of the protocol, and while doing only (poly-)logarithmic depth computation. At the cost of having the prover keep a small amount of state, our approach allows us to ``upgrade\'\' the HB protocol from passive to the man-in-the-middle security (the strongest notion) while maintaining its simple structure.

    A technical contribution of independent interest is a construction of a poly-logarithmic depth PRF from LPN that is secure if at most a predetermined number $\\ell$ of queries are asked; if more queries are asked, the same PRF is still secure, but now under a stronger assumption closely related to LPN. The basic idea of the construction also applies to other problems with a similar structure, such as subset-sum.

    15:17 [Pub][ePrint] Fast point multiplication algorithms for binary elliptic curves with and without precomputation, by Thomaz Oliveira and Diego F. Aranha and Julio López and Francisco Rodríguez-Henríquez

      In this paper we introduce new methods for computing constant-time variable-base point multiplications over the Galbraith-Lin-Scott (GLS) and the Koblitz families of elliptic curves. Using a left-to-right double-and-add and a right-to-left halve-and-add Montgomery ladder over a GLS curve, we present some of the fastest timings yet reported in the literature for point multiplication. In addition, we combine these two procedures to compute a multi-core protected scalar multiplication. Furthermore, we designed for the first time a regular $\\tau$-adic scalar expansion for Koblitz curves. As a result, using the regular recoding approach, we set the speed record for a single constant-time point multiplication on standardized binary elliptic curves at the $128$-bit security level.

    06:17 [Pub][ePrint] FNR : Arbitrary length small domain block cipher proposal, by Sashank Dara, Scott Fluhrer

      We propose a practical flexible (or arbitrary) length small domain block cipher.

    FNR can cipher small domain data formats like IPv4, Port numbers, MAC Addresses, IPv6 address, any random short strings and numbers while preserving their input length.

    In addition to the classic Feistel networks, Naor and Reingold propose usage of pair-wise independent permutation (PWIP) functions in first and last rounds of LR constructions to provide additional randomness and security. But their PWIP functions are based on Galois Fields. Representing GF(2n) for different input lengths would be

    complicated for implementation. For this reason, the PWIP functions we propose are based on random N X N Invertible matrices.

    In this paper we propose the specification of FNR mode of encryption. Its properties, limitations, features etc.

    We provide possible example applications of this block cipher for preserving formats of input types like IPv4 addresses, Credit card numbers. We provide reference implementation\'s experimental results and performance numbers in different setups. FNR should be used only when deterministic encryption is needed. It does not provide semantic security.

    FNR denotes Flexible Naor and Reingold

    06:17 [Pub][ePrint] System-level non-interference for constant-time cryptography, by Gilles Barthe and Gustavo Betarte and Juan Diego Campo and Carlos Luna and David Pichardie

      Cache-based attacks are a class of side-channel attacks that are

    particularly effective in virtualized or cloud-based environments,

    where they have been used to recover secret keys from cryptographic

    implementations. One common approach to thwart cache-based attacks is

    to use \\emph{constant-time} implementations, i.e.\\, which do not

    branch on secrets and do not perform memory accesses that depend on

    secrets. However, there is no rigorous proof that constant-time

    implementations are protected against concurrent cache-attacks in

    virtualization platforms with shared cache; moreover, many prominent

    implementations are not constant-time. An alternative approach is to

    rely on system-level mechanisms. One recent such mechanism is stealth

    memory, which provisions a small amount of private cache for programs

    to carry potentially leaking computations securely. Stealth memory

    induces a weak form of constant-time, called \\emph{S-constant-time},

    which encompasses some widely used cryptographic

    implementations. However, there is no rigorous analysis of stealth

    memory and S-constant-time, and no tool support for checking if

    applications are S-constant-time.

    We propose a new information-flow analysis that checks if an x86

    application executes in constant-time, or in

    S-constant-time. Moreover, we prove that constant-time

    (resp. S-constant-time) programs do not leak confidential information

    through the cache to other operating systems executing concurrently on

    virtualization platforms (resp. platforms supporting stealth

    memory). The soundness proofs are based on new theorems of independent

    interest, including isolation theorems for virtualization platforms

    (resp. platforms supporting stealth memory), and proofs that

    constant-time implementations (resp. S-constant-time implementations)

    are non-interfering with respect to a strict information flow policy

    which disallows that control flow and memory accesses depend on

    secrets. We formalize our results using the \\textsf{Coq} proof

    assistant and we demonstrate the effectiveness of our analyses on

    cryptographic implementations, including PolarSSL AES, DES and RC4,

    SHA256 and Salsa20.

    06:17 [Pub][ePrint] The Hash Function \"Fugue\", by Shai Halevi and William E. Hall and Charanjit S. Jutla

      We describe Fugue, a hash function supporting inputs of length

    upto 2^{64}-1 bits and hash outputs of length upto 512 bits. Notably, Fugue is not based on a compression function. Rather, it is directly a hash function that supports variable-length inputs.

    The starting point for Fugue is the hash function Grindahl, but it extends that design to protect against the kind of attacks that were developed for Grindahl, as well as earlier hash functions like SHA-1.

    A key enhancement is the design of a much stronger round function which replaces the AES round function of Grindahl, using better

    codes (over longer words) than the AES 4 X 4 MDS matrix. Also,

    Fugue makes judicious use of this new round function on a much larger

    internal state.

    The design of Fugue is proof-oriented: the various components are

    designed in such a way as to allow proofs of security, and yet be efficient to implement. As a result, we can prove that current attack methods cannot find collisions in Fugue any faster than the trivial birthday attack. Although the proof is computer assisted, the assistance is limited to computing ranks of various matrices.