IACR News
If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.
Here you can see all recent updates to the IACR webpage. These updates are also available:
13 May 2025
Daniel Rausch, Nicolas Huber, Ralf Kuesters
ePrint Report
Voter privacy and end-to-end (E2E) verifiability are critical features of electronic voting (e-voting) systems to safeguard elections. To achieve these properties commonly a perfect bulletin board (BB) is assumed that provides consistent, reliable, and tamper-proof storage and transmission of voting data. However, in practice, BBs operate in asynchronous and unreliable networks, and hence, are susceptible to vulnerabilities such as equivocation attacks and dropped votes, which can compromise both verifiability and privacy. Although prior research has weakened the perfect BB assumption, it still depends on trusting certain BB components.
In this work, we present and initiate a formal exploration of designing e-voting systems based on fully untrusted BBs. For this purpose, we leverage the notion of accountability and in particular use accountable BBs. Accountability ensures that if a security breach occurs, then cryptographic evidence can identify malicious parties. Fully untrusted BBs running in asynchronous networks bring new challenges. Among others, we identify several types of attacks that a malicious but accountable BB might be able to perform and propose a new E2E verifiability notion for this setting. Based on this notion and as a proof of concept, we construct the first e-voting system that is provably E2E verifiable and provides vote privacy even when the underlying BB is fully malicious. This establishes an alternative to traditional e-voting architectures that rely on (threshold) trusted BB servers.
In this work, we present and initiate a formal exploration of designing e-voting systems based on fully untrusted BBs. For this purpose, we leverage the notion of accountability and in particular use accountable BBs. Accountability ensures that if a security breach occurs, then cryptographic evidence can identify malicious parties. Fully untrusted BBs running in asynchronous networks bring new challenges. Among others, we identify several types of attacks that a malicious but accountable BB might be able to perform and propose a new E2E verifiability notion for this setting. Based on this notion and as a proof of concept, we construct the first e-voting system that is provably E2E verifiable and provides vote privacy even when the underlying BB is fully malicious. This establishes an alternative to traditional e-voting architectures that rely on (threshold) trusted BB servers.
Renas Bacho, Benedikt Wagner
ePrint Report
Multi-signatures over pairing-free cyclic groups have seen significant advancements in recent years, including achieving two-round protocols and supporting key aggregation.
Key aggregation enables the combination of multiple public keys into a single succinct aggregate key for verification and has essentially evolved from an optional feature to a requirement.
To enhance the concrete security of two-round schemes, Pan and Wagner (Eurocrypt 2023, 2024) introduced the first tightly secure constructions in this setting. However, their schemes do not support key aggregation, and their approach inherently precludes a single short aggregate public key. This leaves the open problem of achieving tight security and key aggregation simultaneously.
In this work, we solve this open problem by presenting the first tightly secure two-round multi-signature scheme in pairing-free groups supporting key aggregation. As for Pan and Wagner's schemes, our construction is based on the DDH assumption. In contrast to theirs, it also has truly compact signatures, with signature size asymptotically independent of the number of signers.
To enhance the concrete security of two-round schemes, Pan and Wagner (Eurocrypt 2023, 2024) introduced the first tightly secure constructions in this setting. However, their schemes do not support key aggregation, and their approach inherently precludes a single short aggregate public key. This leaves the open problem of achieving tight security and key aggregation simultaneously.
In this work, we solve this open problem by presenting the first tightly secure two-round multi-signature scheme in pairing-free groups supporting key aggregation. As for Pan and Wagner's schemes, our construction is based on the DDH assumption. In contrast to theirs, it also has truly compact signatures, with signature size asymptotically independent of the number of signers.
12 May 2025
Maciej Czuprynko, Anisha Mukherjee, Sujoy Sinha Roy
ePrint Report
This paper presents a side-channel attack targeting the LESS and CROSS post-quantum digital signature schemes, resulting in full key recovery for both. These schemes have advanced to the second round of NIST’s call for additional signatures. By leveraging correlation power analysis and horizontal attacks, we are able to recover the secret key by observing the power consumption during the multiplication of an ephemeral secret vector with a public matrix. The attack path is enabled by the presence of a direct link between the secret key elements and the ephemeral secret, given correct responses. This attack targets version 1.2 of both schemes. In both settings we can recover the secret key in a single trace for the NIST’s security level I parameter set. Additionally, we propose improvements to the existing horizontal attack on CROSS, reducing the required rounds that need to be observed by an order of magnitude for the same parameter sets.
Virtual event, Anywhere on Earth, 4 December - 5 December 2025
Event Calendar
Event date: 4 December to 5 December 2025
Submission deadline: 29 June 2025
Notification: 29 July 2025
Submission deadline: 29 June 2025
Notification: 29 July 2025
Koç University, İstanbul, Türkiye
Job Posting
Cryptography, Security & Privacy Research Group at Koç University has multiple openings for summer research interns (at both undergraduate and graduate level). Topics include cryptography, cyber security, blockchains, artificial intelligence and machine learning, game theory and mechanism design. Apply via:
https://research.ku.edu.tr/research-infrastructure/programs/supported-research-programs/kusrp/kusrp/
For more information about joining our group and projects, visit
https://crypto.ku.edu.tr/
All applications must be completed online. Applications with missing documents will not be considered. Applications via e-mail will not be considered. Application Requirements:
https://research.ku.edu.tr/research-infrastructure/programs/supported-research-programs/kusrp/kusrp/
For more information about joining our group and projects, visit
https://crypto.ku.edu.tr/
All applications must be completed online. Applications with missing documents will not be considered. Applications via e-mail will not be considered. Application Requirements:
- CV
- 2 Recommendation Letters
- Official transcripts from all the universities attended
- Statement of Purpose
Closing date for applications:
Contact: https://research.ku.edu.tr/research-infrastructure/programs/supported-research-programs/kusrp/kusrp/
More information: https://research.ku.edu.tr/research-infrastructure/programs/supported-research-programs/kusrp/kusrp/
Koç University, İstanbul, Türkiye
Job Posting
Cryptography, Security & Privacy Research Group at Koç University has one opening at the post-doctoral researcher level. Accepted applicants may receive competitive salary, housing (accommodation) support, health insurance, computer, travel support, and lunch meal card.
Your duties include performing research on cryptography, security, and privacy in line with our research group's focus, as well as directing graduate and undergraduate students in their research and teaching. The project funding is related to applied cryptography focusing on privacy-preserving and adversarial machine learning.
Applicants are expected to have already obtained their Ph.D. degrees in Computer Science or related discipline with a thesis topic related to the duties above.
For more information about joining our group and projects, visit
https://crypto.ku.edu.tr/
Submit your application via email including
Application deadline is 31 July 2025 and position start date is 1 September 2025.
Your duties include performing research on cryptography, security, and privacy in line with our research group's focus, as well as directing graduate and undergraduate students in their research and teaching. The project funding is related to applied cryptography focusing on privacy-preserving and adversarial machine learning.
Applicants are expected to have already obtained their Ph.D. degrees in Computer Science or related discipline with a thesis topic related to the duties above.
For more information about joining our group and projects, visit
https://crypto.ku.edu.tr/
Submit your application via email including
- full CV,
- transcripts of all universities attended,
- 1-3 sample publications where you are the main author,
- a detailed research proposal,
- 2-3 reference letters sent directly by the referees.
Application deadline is 31 July 2025 and position start date is 1 September 2025.
Closing date for applications:
Contact: Prof. Alptekin Küpçü
https://member.acm.org/~kupcu
More information: https://crypto.ku.edu.tr/