International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

03:17 [Pub][ePrint] A Statistical Model for Higher Order DPA on Masked Devices, by A. Adam Ding and Liwei Zhang and Yunsi Fei and Pei Luo

  A popular effective countermeasure to protect block cipher implementations against differential power analysis (DPA) attacks is to mask the internal operations of the cryptographic algorithm with random numbers. While the masking technique resists against first-order (univariate) DPA attacks, higher-order (multivariate) attacks were able to break masked devices. In this paper, we formulate a statistical model for higher-order DPA attack. We derive an analytic success rate formula that distinctively shows the effects of algorithmic confusion property, signal-noise-ratio (SNR), and masking on leakage of masked devices. It further provides a formal proof for the centered product combination function being optimal for higher-order attacks in very noisy scenarios. We believe that the statistical model fully reveals how the higher-order attack works around masking, and would offer good insights for embedded system designers to implement masking techniques.

21:17 [Pub][ePrint] Memento: How to Reconstruct your Secrets from a Single Password in a Hostile Environment, by Jan Camenisch and Anja Lehmann and Anna Lysyanskaya and Gregory Neven

  Passwords are inherently vulnerable to dictionary attacks, but are quite secure if guessing attempts can be slowed down, for example by an online server. If this server gets compromised, however, the attacker can again perform an offline attack. The obvious remedy is to distribute the password verification process over multiple servers, so that the password remains secure as long as no more than a threshold of the servers are compromised. By letting these servers additionally host shares of a strong secret that the user can recover upon entering the correct password, the user can perform further cryptographic tasks using this strong secret as a key, e.g., encrypting data in the cloud. Threshold password-authenticated secret sharing (TPASS) protocols provide exactly this functionality, but the two only known schemes by Bagherzandi et al. (CCS 2011) and Camenisch et al. (CCS 2012) leak the password if a user mistakenly executes the protocol with malicious servers. Authenticating to the wrong servers is a common scenario when users are tricked in phishing attacks.

We propose the first t-out-of-n TPASS protocol for any n > t that does not suffer from this shortcoming. We prove our protocol secure in the UC framework, which for the particular case of password-based protocols offers important advantages over property-based definitions, e.g., by correctly modeling typos in password attempts.

13:06 [Job][New] Post-Doctoral Researcher (junior or senior, depending on record), Universitat Rovira i Virgili, Tarragona, Catalonia, Spain

  What we offer:

We offer a post-doctoral research contract at Universitat Rovira i Virgili, for up to three years. The selected candidate will work in a new generously funded research project at the UNESCO Chair in Data Privacy/CRISES research group within the Department of Computer Engineering and Mathematics.

What we require:

Candidates should have provable research expertise in game theory (specifically mechanism design and/or implementation theory) and also be familiar with cryptographic protocols. Suitable backgrounds include but are not limited to computer science, mathematics, economics and engineering.

Where we are:

Universitat Rovira i Virgili (URV) is based in Tarragona (Catalonia), which is a coastal city 90 km south of Barcelona. URV has been ranked by Times Higher Education 2014 as the world´s 66th best university under 50 years of age. Also, according to the CWTS Leiden 2014 ranking, URV has the second highest research impact on ``Math., Comp. Sci. and Engineering´´ among European universities.

What candidates should send:

Send your CV and publication record, plus two recommendation letters to Prof. Josep Domingo-Ferrer ( josep.domingo (at) ).

08:13 [Event][New] CrossFyre: 4th Workshop on Crypto, Robustness, and Secure Schemes for Females

  From July 3 to July 4
Location: Bochum, Germany
More Information:

21:17 [Pub][ePrint] Dual System Encryption via Doubly Selective Security: Framework, Fully-secure Functional Encryption for Regular Languages, and More, by Nuttapong Attrapadung

  Dual system encryption techniques introduced by Waters in Crypto\'09 are powerful approaches for constructing fully secure functional encryption (FE) for many predicates. However, there are still some FE for certain predicates to which dual system encryption techniques seem inapplicable, and hence their fully-secure realization remains an important problem. A notable example is FE for regular languages, introduced by Waters in Crypto\'12.

We propose a generic framework that abstracts the concept of dual system encryption techniques. We introduce a new primitive called \\emph{pair encoding} scheme for predicates and show that it implies fully secure functional encryption (for the same predicates) via a generic construction. Using the framework, we obtain the first fully secure schemes for functional encryption primitives of which only selectively secure schemes were known so far. Our three main instantiations include FE for regular languages, unbounded attribute-based encryption (ABE) for large universes, and ABE with constant-size ciphertexts.

Our main ingredient for overcoming the barrier of inapplicability for the dual system techniques to certain predicates is a computational security notion of the pair encoding scheme which we call \\emph{doubly selective security}. This is in contrast with most of the previous dual system based schemes, where information-theoretic security are implicitly utilized. The doubly selective security notion resembles that of selective security and its complementary notion, co-selective security, and hence its name. Our framework can be regarded as a method for boosting doubly selectively security (of encoding) to full security (of functional encryption).

Besides generality of our framework, we remark that improved security is also obtained, as our security proof enjoys tighter reduction than previous schemes, notably the reduction cost does not depend on the number of all queries, but only that of \\emph{pre-challenged} queries.

17:49 [Job][Update] Faculty , Istanbul Technical University, Istanbul, Turkey

  The Informatics Institute at Istanbul Technical University (ITU) invites applications from accomplished scholars for several full-time/part time open rank faculty positions in Cyber Security related areas:

• wireless and network security,

• secure software,

• cyber supply chain security,

• cybersecurity policy,

• cryptography,

• multimedia forensics.

Applicants should have a well-established record of research. Duties of these positions include mainly research and teaching at graduate level. The salaries for these positions are internationally competitive and commensurate with candidates’ qualifications and academic ranks. “Information Security and Cryptography” department is a newly opening division at ITU and the prospective candidates for these positions are supposed to assume duties as early as September, 2015.

Istanbul Technical University, located at the heart of Istanbul, is one of the most prominent research universities of Turkey. Admission to ITU is highly competitive and the student body is from top scorers of the nationwide university entrance exam. With its well-qualified departments and institutions, ITU provides an excellent research environment for engineers and scientists. As a state university, ITU provides a free of charge health and dental insurance for its faculty members and their families.

About the application procedure:

To apply please send your application package including a cover letter, CV, research plan, and the names of 3 or 4 references to:

hiring (at)

17:49 [Job][New] PhD studentship in Hardware Security, University of Cambridge, England, UK, European Union

  A fully funded 3.5 year PhD Studentship is available from October 2014 to work on “Model-Based Assessment of Compromising Emanations”. The project aims to improve our understanding of electro-magnetic emissions that are unintentionally emitted by computing equipment, and the eavesdropping risks they pose. In particular, it aims to improve test and measurement procedures (TEMPEST) for computing equipment that processes extremely confidential data. We are looking for an Electrical Engineering, Computer Science or Physics graduate with an interest in electronics, radio communication, hardware security, side-channel cryptanalysis, digital signal processing, electromagnetic compatibility, or machine learning.

This Studentship is funded through Government Communication Headquarters (GCHQ) under their Academic Centres of Excellence in Cyber Security Research (ACE-CSR) programme. As part of this programme, the doctoral student will be able to visit and work with GCHQ experts in Cheltenham. To enable such collaboration, this studentship is awarded under the condition that the applicant obtains an advanced UK government security clearance (“developed vetting”). To make this feasible, the applicant should have lived in the UK for the last 10 years and ideally be a British National.

17:33 [Event][New] DIAC 2014: Directions in Authenticated Ciphers

  Submission: 20 June 2014
Notification: 7 July 2014
From August 23 to August 24
Location: Santa Barbara, USA
More Information:

17:18 [Event][New] PKC 2015: 18th Int'l Conference on Practice and Theory in Public-Key Cryptography

  Submission: 6 October 2014
Notification: 15 December 2014
From March 30 to April 1
Location: Washington, D.C., USA
More Information:

17:41 [Job][New] Research Scientist, Temasek Laboratories, National University of Singapore, Singapore

  Temasek Laboratories at National University of Singapore, Singapore is seeking highly motivated professionals interested in conducting research in the area of cryptography.

Applicants are expected to have a PhD degree in Mathematics/Computer Science/Engineering and experience in analysis/design of symmetric ciphers.

Preferred candidates are expected to be proficient in C/C++ language, a team worker and able to conduct independent research.

Review of applications will start immediately and continue until position is filled.

Interested candidates can contact Dr Tan Chik How tsltch (at)

Closing Date for applications : 10 July 2014

17:41 [Job][New] PhD studentship , University of Birmingham, UK

  Applications are invited for a fully funded, four year PhD studentship in the area of embedded security/cryptography for next generation vehicles at the School of Computer Science, University of Birmingham. The studentship is jointly sponsored by Jaguar Land Rover and EPSRC and covers the university fees (UK/EU) and a tax-free annual stipend of £18,0000. The project will additionally provision for a laptop, equipment and travel to attend conferences and workshops.

Research Project:

Modern automotive vehicles have several wireless interfaces, are interconnected with various devices and with the internet. This connectivity adds great functionality but it also introduces a number of security and privacy threats.

This PhD studentship will be focused on improving the security of the next generation electronic vehicle architecture. Develop optimized implementations of cryptographic primitives and protocols for time critical automotive applications.


  • The successful applicant will have at least a strong 2:1 degree in Computer Science, Engineering, Mathematics or a related MSc course as well as excellent programming skills (especially C).
  • A demonstrable interest/background in security, cryptography and/or embedded devices is desirable.
  • International students are encouraged to apply, but the studentship only fully covers UK/EU fees.
  • For non-native English speakers, the university requires IELTS of 6.5 (with no band less than 6.5) or equivalent qualification.
  • The student is expected to collaborate with and visit Jaguar Land Rover on a regular basis.