International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

08:05 [News] Double Crypto? - on Publication Bandwidth


The number of publication at IACR conferences hardly changed over the last 15 years. At the same time, the number of submissions increased by nearly 60% while the quality of submissions stayed the same - at least according to members of the programme committees. To worsen things, the IACR community has grown and there are many more researchers active in our domain than used to be 15 years ago.
Detailed statistics on submissions and acceptance rates:

To better serve our community, the Board of Directors expressed its with that Conference Programme Chairs (for Eurocrypt, Crypto, and Asiacrypt) to accept substancially more papers then used to be the case and to work with their General Chair for the logistics to make this possible (using extra slots, shorter talks, and parallel sessions).

07:53 [Conf][FSE] Report on FSE 2012


The 19th annual Fast Software Encryption workshop (FSE 2012) was held at the Washington Marriott Hotel in Washington DC, USA, on March 19-21, 2012. The general chair was Bruce Schneier and the program chair was Anne Canteaut.

The conference attracted 143 delegates from 30 countries, including 27 students.

The technical program featured 24 papers selected from 90 submissions, along with two invited lectures, one on "Provable" security against differential and linear cryptanalysis" by Kaisa Nyberg (Aalto University and Nokia), and one on "The history of linear cryptanalysis" by Mitsuru Matsui (Mitsubishi Electric Corporation).

As last year, FSE 2012 did not have printed pre-proceedings, but instead made the papers available online, before and during the conference. Revised versions of the accepted papers are going to appear in the proceedings of the conference published by Springer. The presentation slides for the technical sessions and the rump session can be found on the conference website at:

00:17 [Pub][ePrint] Information-flow control for programming on encrypted data, by J.C. Mitchell, R. Sharma, D. Stefan and J. Zimmerman

  Using homomorphic encryption and secure multiparty computation, cloud

servers may perform regularly structured computation on encrypted

data, without access to decryption keys. However, prior approaches

for programming on encrypted data involve restrictive models such as

boolean circuits, or standard languages that do not guarantee secure

execution of all expressible programs. We present an expressive

core language for secure cloud computing, with primitive types,

conditionals, standard functional features, mutable state, and a

secrecy preserving form of general recursion. This language, which

uses an augmented information-flow type system to prevent

control-flow leakage, allows programs to be developed and tested

using conventional means, then exported to a variety of secure

cloud execution platforms, dramatically reducing the amount of

specialized knowledge needed to write secure code. We present a

Haskell-based implementation and prove that cloud implementations

based on secret sharing, homomorphic encryption, or other

alternatives satisfying our general definition meet precise security


15:59 [Event][New] Eurocrypt 2013

  From May 26 to May 30
Location: Athens, Greece
More Information:

18:11 [Event][New] CANS 2012: The 11th International Conference on Cryptology and Network Security

  Submission: 2 July 2012
Notification: 17 September 2012
From December 12 to December 14
Location: Darmstadt, Germany
More Information:

06:46 [Event][Update] FDTC: Workshop on Fault Diagnosis and Tolerance in Cryptography

  Submission: 10 May 2012
Notification: 18 June 2012
From September 9 to September 9
Location: Leuven, Belgium
More Information:

18:17 [Pub][ePrint] Comment an Anonymous Multi-receiver Identity-based Encryption Scheme, by J.H.Zhang, Y.B.cui

  Anonymous receiver encryption is an important cryptographic

primitive. It can protect the privacy of the receiver. In 2010, Fan

\\emph{et al} proposed an anonymous multi-receiver ID-based

encryption by using Lagrange interpolating polynomial. Recently,

Wang \\emph{et al} showed that Fan \\emph{et al}\'s scheme satisfied

anonymity of the receivers. Then they provided an improved scheme to

fix it and showed that the improved scheme was secure.

Unfortunately, we pointed out that Wang \\emph{et al}\'s improved

scheme did\'t satisfy the receiver\'s anonymity by analyzing the

security of the scheme yet. After analyzing the reason to produce

such flaw, we give an improved method to repair it and show that our

improved scheme satisfies the receiver\'s anonymity.

18:17 [Pub][ePrint] Secure Similarity Coefficients Computation with Malicious Adversaries, by Bo Zhang and Fangguo Zhang

  Similarity coefficients play an important role in many application aspects. Recently, a privacy-preserving similarity coefficients protocol for binary data was proposed by Wong and Kim (Computers and Mathematics with Application 2012). In this paper, we show that their protocol is not secure, even in the semi-honest model, since the client can retrieve the input of the server without deviating from the protocol. Also we propose a secure similarity coefficients computation in the presence of malicious adversaries, and prove it using the standard simulation-based security definitions for secure two-party computation. We also discuss several extensions of our protocol for settling other problems. Technical tools in our protocol include zero-knowledge proofs and distributed ElGamal encryption.

18:17 [Pub][ePrint] Robust biometric-based user authentication scheme for wireless sensor networks, by Debiao He

  Wireless sensor networks (WSNs) are applied widely a variety of areas such as real-time traffic monitoring, measurement of seismic activity, wildlife monitoring and so on. User authentication in WSNs is a critical security issue due to their unattended and hostile deployment in the field. In 2010, Yuan et al. proposed the first biometric-based user authentication scheme for WSNs. However, Yoon et al. pointed out that Yuan et al.\'s scheme is vulnerable to the insider attack, user impersonation attack, GW-node impersonation attack and sensor node impersonate attack. To improve security, Yoon et al.\'s proposed an improved scheme and claimed their scheme could withstand various attacks. Unfortunately, we will show Yoon et al.\'s scheme is vulnerable to the denial-of-service attack (DoS) and the sensor node impersonation attack. To overcome the weaknesses in Yoon et al.\'s scheme, we propose a new biometric-based user authentication scheme for WSNs. The analysis shows our scheme is more suitable for practical applications.

18:17 [Pub][ePrint] Unique Group Signatures, by Matthew Franklin and Haibin Zhang

  We initiate the study of unique group signature such that signatures of the same message by the same user will always have a large common component (i.e., unique identifier). We present a number of unique group signature schemes under a variety of security models that extend the standard security models of ordinary group signatures (without random oracles). Our work is a beneficial step towards mitigating the well-known group signature paradox, and it also has many other interesting applications and efficiency implications.

09:17 [Pub][ePrint] On the Security of an Improved Password Authentication Scheme Based on ECC, by Ding Wang and Chun-guang Ma

  The design of secure remote user authentication schemes for mobile applications is still an open and quite challenging problem, though many schemes have been published lately. Recently, Islam and Biswas pointed out that Lin and Hwang et al.\'s password-based authentication scheme is vulnerable to various attacks, and then presented an improved scheme based on elliptic curve cryptography (ECC) to overcome the drawbacks. Based on heuristic security analysis, Islam and Biswas claimed that their scheme is secure and can withstand all related attacks. In this paper, however, we show that Islam and Biswas\'s scheme cannot achieve the claimed security goals and report its flaws: (1) It is vulnerable to offline password guessing attack, stolen verifier attack and denial of service (DoS) attack; (2) It fails to preserve user anonymity. The cryptanalysis demonstrates that the scheme under study is unfit for practical use.