International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

09:17 [Pub][ePrint] Curve41417: Karatsuba revisited, by Daniel J. Bernstein and Chitchanok Chuengsatiansup and Tanja Lange

  This paper introduces constant-time ARM Cortex-A8 ECDH software that

(1) is faster than the fastest ECDH option in the latest version of OpenSSL but

(2) achieves a security level above 2^200 using a prime above 2^400.

For comparison, this OpenSSL ECDH option is not constant-time and has a security level of only 2^80.

The new speeds are achieved in a quite different way

from typical prime-field ECC software:

they rely on a synergy between Karatsuba\'s method

and choices of radix smaller than the CPU word size.

09:17 [Pub][ePrint] Good is Not Good Enough: Deriving Optimal Distinguishers from Communication Theory, by Annelie Heuser and Olivier Rioul and Sylvain Guilley

  We find mathematically optimal side-channel distinguishers by looking at the side-channel as a communication channel. Our methodology can be adapted to any given scenario (device, signal-to-noise ratio, noise distribution, leakage model, etc.). When the model is known and the noise is Gaussian, the optimal distinguisher outperforms CPA and covariance. However, we show that CPA is optimal when the model is only known on a proportional scale. For non-Gaussian noise, we obtain different optimal distinguishers, one for each noise distribution. When the model is imperfectly known, we consider the scenario of a weighted sum of the sensitive variable bits where the weights are unknown and drawn from a normal law. In this case, our optimal distinguisher performs better than the classical linear regression analysis.

18:17 [Pub][ePrint] Cryptography from Compression Functions: The UCE Bridge to the ROM, by Mihir Bellare and Viet Tung Hoang and Sriram Keelveedhi

  This paper suggests and explores the use of UCE security for the task of

turning VIL-ROM schemes into FIL-ROM ones. The benefits we offer over

indifferentiability, the current leading method for this task, are the ability

to handle multi-stage games and greater efficiency. The paradigm consists of

(1) Showing that a VIL UCE function can instantiate the VIL RO in the scheme,

and (2) Constructing the VIL UCE function given a FIL random oracle. The main

technical contributions of the paper are domain extension transforms that

implement the second step. Leveraging known results for the first step we

automatically obtain FIL-ROM constructions for several primitives whose

security notions are underlain by multi-stage games. Our first domain extender

exploits indifferentiability, showing that although the latter does not work

directly for multi-stage games it can be used indirectly, through UCE, as a

tool for this end. Our second domain extender targets performance. It is

parallelizable and shown through implementation to provide significant

performance gains over indifferentiable domain extenders.

18:17 [Pub][ePrint] Realizing Pico: Finally No More Passwords!, by Jens Hermans and Roel Peeters

  In 2011 Stajano proposed Pico, a secure and easy-to-use alternative for passwords. Among the many proposals in this category, Pico stands out by being creative and convincing. However, the description as published leaves some details unspecified, and to the best of our knowledge the complete system has not yet been tested. This work presents detailed specifications and future-proof security protocols for Pico. Moreover, we present the first robust and efficient Pico implementation. Our implementation allows to further mature the Pico concept and can be used for large scale usability evaluations at negligible cost.

18:17 [Pub][ePrint] On powers of codes, by Ignacio Cascudo and Ronald Cramer and Diego Mirandola and Gilles Z\\\'emor

  Given a linear code $C$, one can define the $d$-th power of $C$ as the span of all componentwise products of $d$ elements of $C$. A power of $C$ may quickly fill the whole space. Our purpose is to answer the following question: does the square of a code ``typically\'\' fill the whole space? We give a positive answer, for codes of dimension $k$ and length roughly $\\frac{1}{2}k^2$ or smaller. The proof uses random coding and combinatorial arguments, together with algebraic tools involving the precise computation of the number of quadratic forms of a given rank, and the number of their zeros.

15:55 [Event][New] ICICS2014: The 16th International Conference on Information & Communications Security

  Submission: 15 August 2014
Notification: 15 September 2014
From December 16 to December 17
Location: Hong Kong, China
More Information:

21:17 [Pub][ePrint] On Constrained Implementation of Lattice-based Cryptographic Primitives and Schemes on Smart Cards, by Ahmad Boorghany and Siavash Bayat Sarmadi and Rasool Jalili

  Most lattice-based cryptographic schemes with a security proof suffer from large key sizes and heavy computations. This is also true for the simpler case of authentication protocols which are used on smart cards, as a very-constrained computing environment.

Recent progress on ideal lattices has significantly improved the efficiency, and made it possible to implement practical lattice-based cryptography on constrained devices. However, to the best of our knowledge, no previous attempts were made to implement lattice-based schemes on smart cards.

In this paper, we provide the results of our implementation of several state-of-the-art lattice-based authentication protocols on smart cards and a microcontroller widely used in smart cards. Our results show that only a few of the proposed lattice-based authentication protocols can be implemented using limited resources of such constrained devices, however, cutting-edge ones are suitably-efficient to be used practically on smart cards.

Moreover, we have implemented fast Fourier transform (FFT) and discrete Gaussian sampling with different typical parameters sets, as well as versatile lattice-based public-key encryptions. These results have noticeable points which help to design or optimize lattice-based schemes for constrained devices.

21:17 [Pub][ePrint] Ideal Social Secret Sharing Using Birkhoff Interpolation Method, by Nasrollah Pakniat and Ziba Eslami and Mehrdad Nojoumian

  The concept of social secret sharing (SSS) was introduced in 2010 by Nojoumian et al. [1,2]. In this scheme, the number of shares allocated to each party depends on the players reputation and the way he interacts with other parties. In other words, weights of the players are periodically adjusted such that cooperative participants receive more shares compared to non-cooperative parties. As our contribution, we propose an ideal social secret sharing (Ideal-SSS) in which the size of each player\'s share is equal to the size of the secret. This property will be achieved using hierarchical threshold secret sharing rather than weighted secret sharing. We show that the proposed scheme is secure in a passive adversary model. Compared to SSS, our proposed scheme is more efficient in terms of the share size, communication complexity and computational complexity of the \"sharing\" protocol. However, the \"social tuning\" and \"reconstruction\" protocols of SSS are computationally more efficient than those of the proposed scheme. Depending on the number of execution of social tuning protocol, this might be a reasonable compromise because the reconstruction protocol is executed only once throughout the secret\'s lifetime.

21:17 [Pub][ePrint] On the Classification of Finite Boolean Functions up to Fairness, by Nikolaos Makriyannis

  Two parties, $P_1$ and $P_2$, wish to jointly compute some function $f(x,y)$ where $P_1$ only knows $x$, whereas $P_2$ only knows $y$. Furthermore, and most importantly, the parties wish to reveal only what the output suggests. Function $f$ is said to be computable with \\emph{complete fairness} if there exists a protocol computing $f$ such that whenever one of the parties obtains the correct output, then both of them do. The only protocol known to compute functions with complete fairness is the one of Gordon et al (STOC 2008). The functions in question are finite, Boolean, and the output is shared by both parties. The classification of such functions up to fairness may be a first step towards the classification of all functionalities up to fairness. Recently, Asharov (TCC 2014) identifies two families of functions that are computable with fairness using the protocol of Gordon et al and another family for which the protocol (potentially) falls short. Surprisingly, these families account for almost all finite Boolean functions. In this paper, we expand our understanding of what can be computed fairly with the protocol of Gordon et al. In particular, we fully describe which functions the protocol computes fairly and which it (potentially) does not. Furthermore, we present a new class of functions for which fair computation is outright impossible. Finally, we confirm and expand Asharov\'s observation regarding the fairness of finite Boolean functions: almost all functions $f:X\\times Y\\rightarrow \\{0,1\\}$ for which $|X|\\neq |Y|$ are fair, whereas almost all functions for which $|X|= |Y|$ are not.

21:17 [Pub][ePrint] On the Connection between Leakage Tolerance and Adaptive Security, by Jesper Buus Nielsen and Daniele Venturi and Angela Zottarel

  We revisit the context of leakage-tolerant interactive protocols as

defined by Bitanski, Canetti and Halevi (TCC 2012). Our contributions

can be summarized as follows:



For the purpose of secure message transmission, any encryption

protocol with message space $\\cM$ and secret key space $\\cSK$

tolerating poly-logarithmic leakage on the secret state of the

receiver must satisfy $|\\cSK| \\ge (1-\\epsilon)|\\cM|$, for every $0

16:01 [Job][New] Post-Doc, Cryptolux, University of Luxembourg

  The Cryptolux team of the Computer Science and Communications research unit of the University of Luxembourg is looking for a postdoc in Cryptography and Information Security. In particular we are interested in candidates who are experts in one of the following topics:

  • Symmetric Cryptography
  • Privacy and Anonymity (Tor,I2P, etc.)
  • Digital Currencies
  • Reverse engineering, code obfuscation
  • Network Security

Interested candidates are invited to submit their application by email to lacs.application AT The application material should contain a cover letter explaining the candidate\\\'s expertise, motivation and research interests, a CV (including photo, information about the obtained degrees, overall GPA in B.Sc. and M.Sc., transcript of grades for relevant courses). We expect proven expertise in your area of research by publications at top conferences, successful participation in competitions and challenges, etc.