International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

15:54 [Job][New] Postdoc position at the Center for the Theory of Interactive Computation (CTIC), Aarhus University

  A postdoc position is available at CTIC, Department of Computer Science, to be filled as soon as possible. The position is for 1 year with the possibility of extension.

We are looking for an applicant committed to playing an active part in continuously building strong research collaborations between the Department of Computer Science at Aarhus University ( and IIIS at Tsinghua University, Beijing. In particular, the successful applicant will spend significant time at IIIS, with funding for such visits being part of the position.

The applicant should have a background in at least one of the four focus areas of CTIC: Computational complexity theory, cryptography, quantum information theory or algorithmic game theory.

CTIC is a collaboration between the Department of Computer Science at Aarhus University, Denmark and IIIS at Tsinghua University, Beijing, China. The center leaders are Andrew Chi-Chih Yao, Tsinghua University and Peter Bro Miltersen, Aarhus University. More information about CTIC can be found at the center website:

Salary depends on seniority as agreed between the Danish Ministry of Finance and the Confederation of Professional Unions.

The application should be in English and include a curriculum vitae, degree certificate, a complete list of publications, a statement of future research plans and information about research activities.

Please apply by email to Katrine Aakjær Nielsen at katnie (at)

For more information on the position, you may contact Peter Bro Miltersen at bromille (at)

15:54 [Event][New] EEETEM2015: The International Conference on Electrical and Electronic Engineering Telec

  Submission: 27 September 2015
From October 27 to October 29
Location: Kuala Lumpur, Malaysia
More Information:

02:17 [Event][New] DIPDMWC: The International Conference on Digital Information Processing, Data Mining

  Submission: 18 January 2015
Notification: 20 January 2015
From January 28 to January 30
Location: Dubai, UAE
More Information:

15:17 [Pub][ePrint] Pretty Understandable Democracy 2.0, by Stephan Neumann and Christian Feier and Perihan Sahin and Sebastian Fach

  The technological advance is entering almost all aspects of our everyday life. One interesting aspect is the possibility to conduct elections over the Internet. However, many proposed Internet voting schemes and systems build on unrealistic assumptions about the trustworthiness of the voting environment and other voter-side assumptions. Code voting -- first introduced by Chaum [Cha01] -- is one approach that minimizes the voter-side assumptions. The voting scheme Pretty UnderstandableDemocracy [BNOV13] builds on the idea of code voting while it ensures on the server-side an arguably practical security model based on a strict separation of duty, i.e. all security requirements are ensured if any two components do not collaborate in order to violate the corresponding requirement. As code voting and strict separation of duty realizations come along with some challenges (e.g. pre-auditing phase, usability issues, clearAPIs), the goal of our research was to implement Pretty UnderstandableDemocracy and run a trial election. This paper reports about necessary refinements of the original scheme, the implementation process, and atrial election among the different development teams (each team being responsible for one component).

18:18 [Job][New] Security Architect, Nagravision, Cheseaux - Switzerland


• Capture security needs at business level, define appropriate security target for the system, and build threat analysis, detailed security requirements.

• Define system’ security architecture: select / design appropriate solutions, techniques and technologies to meet the targeted security level.

• Work with experts, designers and developers to review detailed design and implementations

• Plan and coordinate security evaluations of the products with internal attack laboratory or external provider of security assessment.

• Follow evolutions in security related technologies such as cryptography, attacks techniques, security evaluation methodologies…

• Act as a thought leader across the department, providing deep expertise on one or some domain of expertise on security related topics and serving as an internal reference point your specialization.

• Follow evolution of the CAS/DRM product ecosystem regarding standards and technical trends so as to anticipate changes.

• Contribute to the Nagravision patent portofolio and innovation by designing new security mechanism and approaches


• Strong skills in applied cryptography and security protocols, with the ability to define new ones.

• Strong skills in extended areas of software security techniques, white box cryptography, hardening.

• A strong interest and some previous experience in the area of hacking and security are mandatory

• Transversal knowledge of CAS/DRM products with a focus on connected systems. Good understanding of their architecture and security foundation

• Previous experience or knowledge in one or some of the following area is a strong plus:

o Previous experience in the development of embedded system and a good understanding of low level software and hardware mechanism.

o Knowledge of related formalism and methodologies such as Common Criteria.

00:17 [Pub][ePrint] Computing on the Edge of Chaos: Structure and Randomness in Encrypted Computation, by Craig Gentry

  This survey, aimed mainly at mathematicians rather than practitioners, covers recent developments in homomorphic encryption (computing on encrypted data) and program obfuscation (generating encrypted but functional programs). Current schemes for encrypted computation all use essentially the same \"noisy\" approach: they encrypt via a noisy encoding of the message, they decrypt using an \"approximate\" ring homomorphism, and in between they employ techniques to carefully control the noise as computations are performed. This noisy approach uses a delicate balance between structure and randomness: structure that allows correct computation despite the randomness of the encryption, and randomness that maintains privacy against the adversary despite the structure. While the noisy approach \"works\", we need new techniques and insights, both to improve efficiency and to better understand encrypted computation conceptually.

00:17 [Pub][ePrint] Accumulating Automata and Cascaded Equations Automata for Communicationless Information Theoretically Secure Multi-Party Computation, by Shlomi Dolev and Niv Giboa and Ximing Li

  Information theoretically secure multi-party computation implies severe communication overhead among the computing participants, as there is a need to reduce the polynomial degree after each multiplication. In particular, when the input is (practically) unbounded, the number of multiplications and therefore the communication bandwidth among the participants may be practically unbounded. In some scenarios the communication among the participants should better be avoided altogether, avoiding linkage among the secret share holders. For example, when processes in clouds operate over streaming secret shares without communicating with each other, they can actually hide their linkage and activity in the crowd. An adversary that is able to compromise processes in the cloud may need to capture and analyze a very large number of possible shares.

Consider a dealer that wants to repeatedly compute functions on a long file with the assistance of $m$ servers. The dealer does not wish to leak either the input file or the result of the computation to any of the servers. We investigate this setting given two constraints. The dealer is allowed to share each symbol of the input file among the servers and is allowed to halt the computation at any point. However, the dealer is otherwise stateless. Furthermore, each server is not allowed any communication beyond the shares of the inputs that it receives and the information it provides to the dealer during reconstruction.

We present a protocol in this setting for generalized string matching, including wildcards. We also present solutions for identifying other regular languages, as well as particular context free and context sensitive languages. The results can be described by a newly defined {\\em accumulating automata} and {\\em cascaded equations automata} which may be of an independent interest. As an application of {\\em accumulating automata} and {\\em cascaded equations automata}, secure and private repeated computations on a secret shared file among communicationless clouds are presented.

00:17 [Pub][ePrint] Attribute-Based Encryption Optimized for Cloud Computing, by Máté Horváth

  In this work, we aim to make attribute-based encryption (ABE) more suitable for access control to data stored in the cloud. For this purpose, we concentrate on giving to the encryptor full control over the access rights, providing feasible key management even in case of multiple independent authorities, and enabling viable user revocation, which is essential in practice.

Our main result is an extension of the decentralized CP-ABE scheme of Lewko and Waters with identity-based user revocation. Our revocation system is made feasible by removing the computational burden of a revocation event from the cloud service provider, at the expense of some permanent, yet acceptable overhead of the encryption and decryption algorithms run by the users. Thus, the computation overhead is distributed over a potentially large number of users, instead of putting it on a single party (e.g., a proxy server), which would easily lead to a performance bottleneck.

Besides describing our scheme, we also give a formal proof of its security in the generic bilinear group and random oracle models.

00:17 [Pub][ePrint] A Security Analysis of the Composition of ChaCha20 and Poly1305, by Gordon Procter

  This note contains a security reduction to demonstrate that Langley\'s composition of Bernstein\'s ChaCha20 and Poly1305, as proposed for use in IETF protocols, is a secure authenticated encryption scheme.

The reduction assumes that ChaCha20 is a PRF, that Poly1305 is epsilon-almost-Delta-universal, and that the adversary is nonce respecting.

00:17 [Pub][ePrint] Expressive and Secure Searchable Encryption in the Public Key Setting, by Zhiquan Lv and Cheng Hong and Min Zhang and Dengguo Feng

  Searchable encryption allows an untrusted server to search

on encrypted data without knowing the underlying data contents. Traditional searchable encryption schemes focus only on single keyword or conjunctive keyword search. Several solutions have been recently proposed to design more expressive search criteria, but most of them are in the setting of symmetric key encryption. In this paper, based on the

composite-order groups, we present an expressive and secure asymmetric

searchable encryption (ESASE) scheme, which is the first that simultaneously supports conjunctive, disjunctive and negation search operations. We analyze the efficiency of ESASE and prove it is secure under the standard model. In addition, we show that how ESASE could be extended to support the range search and the multi-user setting.

00:17 [Pub][ePrint] Optimally Resilient and Adaptively Secure Multi-Party Computation with Low Communication Locality, by Nishanth Chandran and Wutichai Chongchitmate and Juan A. Garay and Shafi Goldwasser and Rafail Ost

  Secure multi-party computation (MPC) has been thoroughly studied over the past decades. The vast majority of works assume a full communication pattern: every party exchanges messages with all the network participants over a complete network of point-to-point channels. This can be problematic in modern large scale networks, where the number of parties can be of the order of millions, as for example when computing on large distributed data.

Motivated by the above observation, Boyle, Goldwasser, and Tessaro [TCC 2013] recently put forward the notion of communication locality, namely, the total number of point-to-point channels that each party uses in the protocol, as a quality metric of MPC protocols. They proved that assuming a public-key infrastructure (PKI) and a common reference string (CRS), an MPC protocol can be constructed for computing any n-party function, with communication locality O(log^c n) and round complexity O(log^{c\'} n), for appropriate constants c and c\'. Their protocol tolerates a static (i.e., non-adaptive) adversary corrupting up to t < (1/3- e) n parties for any given constant 0 < e < 1/3 . These results leave open the following questions:

(1) Can we achieve low communication locality and round complexity while tolerating adaptive adversaries? (2) Can we achieve low communication locality with optimal resiliency t < n/2?

In this work we answer both questions affirmatively. First, we consider the model from [TCC 2013], where we replace the CRS with a symmetric-key infrastructure (SKI). In this model we give a protocol with communication locality and round complexity polylog(n) (as in the [TCC 2013] work) which tolerates up to t < n/2 adaptive corruptions, under a standard intractability assumption for adaptively secure protocols, namely, the existence of trapdoor permutations whose domain has invertible sampling. This is done by using the SKI to derive a sequence of random hidden communication graphs among players. A central new technique then shows how to use these graphs to emulate a complete network in polylog(n) rounds while preserving the polylog(n) locality. Second, we show how we can even remove the SKI setup assumption at the cost, however, of increasing the communication locality (but not the round complexity) by a factor of \\sqrt{n}.