International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

07:14 [Event][Update] CARDIS 2012: Eleventh Smart Card Research and Advanced Application Conference

  Submission: 20 August 2012
Notification: 15 October 2012
From November 28 to November 30
Location: Graz, Austria
More Information:

15:54 [Event][New] CARDIS 2012: Eleventh Smart Card Research and Advanced Application Conference

  Submission: 15 October 2012
From November 28 to November 30
Location: Graz, Austria
More Information:

20:24 [Job][New] PhD. student, Orange Labs Caen (France)

  Orange Labs and the ENS (Ecole Normale SupĂ©rieure) are searching Ph.D. candidates to work on the way to securely delegate some basic cryptographic operations to a more powerful but not necessarily trusted entity.

The candidate should have a Master degree with a strong knowledge in cryptography. In particular, mathematical and algorithmic aspects of cryptography are very important for this Ph.D. thesis.

20:19 [Event][New] EuroPKI 2012: 9th European PKI Workshop: Research and Applications

  Submission: 25 May 2012
Notification: 15 July 2012
From September 13 to September 14
Location: Pisa, Italy
More Information:

09:23 [Event][Update] ProvSec 2012: The Sixth International Conference on Provable Security

  Submission: 20 April 2012
Notification: 20 June 2012
From September 26 to September 28
Location: Chengdu, China
More Information:

00:17 [Pub][ePrint] A New Guess-and-Determine Attack on the A5/1, by Jay Shah and Ayan Mahalanobis

  In Europe and North America, the most widely used stream cipher to ensure privacy and confidentiality of conversations in GSM mobile phones is the A5/1. In this paper, we present a new attack on the A5/1 stream cipher with a minimum time complexity of around 2^(40) and an average complexity of 2^(48.5), which is much lesser than the brute-force attack with a complexity of 2^(64). The attack has a 100% success rate and requires about 5.65GB storage. We provide a detailed description of our new attack along with its implementation and results.

00:17 [Pub][ePrint] Adaptive Preimage Resistance Analysis Revisited:\\\\ Requirements, Subtleties and Implications, by Donghoon Chang and Moti Yung

  In the last few years, the need to design new cryptographic hash

functions has led to the intense study of when desired hash

multi-properties are preserved or assured under compositions and

domain extensions. In this area, it is important to identify the

exact notions and provide often complex proofs of the resulting

properties. Getting this analysis right (as part of provable security

studies) is, in fact, analogous to cryptanalysis. We note that it is

important and quite subtle to get indeed the ``right\'\' notions and

properties, and ``right\'\' proofs in this relatively young

area. Specifically, the security notion we deal with is ``adaptive

preimage resistance\'\' (apr) which was introduced by Lee and Park as an extension of ``preimage resistance\'\' (pr). In

Eurocrypt 2010, in turn, Lee and Steinberger already

used the apr security notion to prove ``preimage awareness\'\' and

``indifferentiable security\'\' of their new double-piped mode of

operation. They claimed that if $H^P$ is collision-resistant (cr) and apr,

then $F(M)=\\mathcal{R}(H^P(M))$ is indifferentiable from a variable

output length (VIL) random oracle $\\mathcal{F}$, where $H^P$ is a

function based on an ideal primitive $P$ and $\\mathcal{R}$ is a fixed

input length (FIL) random oracle. However, there are some limitations in their claim, because they considered only indifferentiability security notion in the information-theoretic adversarial model, not in the computation-theoretic adversarial model. As we show in the current

work, the above statement is \\textit{not} correct in the computation-theoretic adversarial model. First in our

studies, we give a counterexample to the above. Secondly, we describe

\\textit{a new requirement} on $H^P$ (called ``admissibility\'\') so that

the above statement is correct even in the computation-theoretic adversarial model. Thirdly, we show that apr is, in fact,

not a strengthened notion of preimage resistance. Fourthly, we

explain the relation between preimage awareness and cr+apr+(our new

requirement) in the computation-theoretic adversarial model. Finally, we show that a polynomial-based mode of

operation \\cite{LeSt10} satisfies our new requirement; namely, the

polynomial-based mode of operation with fixed-input-length random

oracles is indifferentiable from a variable-input-length random oracle in the computation-theoretic adversarial model.

00:17 [Pub][ePrint] On the Existence of Boolean Functions with Optimal Resistance against Fast Algebraic Attacks, by Yusong Du, and Fangguo Zhang

  It has been pointed out that an $n$-variable Boolean function $f$ has optimal resistance against fast algebraic attacks if and only if there does not exist a nonzero $n$-variable Boolean function $g$ of degree lower than $\\frac{n}{2}$ such that $fg=h$ and $\\mathrm{deg}(g)+\\mathrm{deg}(h)

00:17 [Pub][ePrint] Strongly Secure Authenticated Key Exchange from Factoring, Codes, and Lattices, by Atsushi Fujioka and Koutarou Suzuki and Keita Xagawa and Kazuki Yoneyama

  An unresolved problem in research on authenticated key exchange (AKE) is to construct a secure protocol against advanced attacks such as key compromise impersonation and maximal exposure attacks without relying on random oracles. HMQV, a state of the art AKE protocol, achieves both efficiency and the strong security model proposed by Krawczyk (we call it the CK+ model), which includes resistance to advanced attacks. However, the security proof is given under the random oracle model. We propose a generic construction of AKE from a key encapsulation mechanism (KEM). The construction is based on a chosen-ciphertext secure KEM, and the resultant AKE protocol is $\\CKHMQV$ secure in the standard model. The protocol gives the first CK+ secure AKE protocols based on the hardness of integer factorization problem, code-based problems, or learning problems with errors. In addition, instantiations under the Diffie-Hellman assumption or its variant can be proved to have strong security without non-standard assumptions such as $\\pi$PRF and KEA1.

00:17 [Pub][ePrint] Perfect Algebraic Immune Functions, by Meicheng Liu and Yin Zhang and Dongdai Lin

  A perfect algebraic immune function is a Boolean function with perfect immunity against algebraic and fast algebraic attacks. The main results are that for a perfect algebraic immune balanced function the number of input variables is one more than a power of two; for a perfect algebraic immune unbalanced function the number of input variables is a power of two. Also the Carlet-Feng function on $2^s+1$ variables and the modified Carlet-Feng function on $2^s$ variables are shown to be perfect algebraic immune functions. Furthermore, it is shown that a perfect algebraic immune function behaves good against probabilistic algebraic attacks as well.

00:17 [Pub][ePrint] Relation between Verifiable Random Functions and Convertible Undeniable Signatures, and New Constructions, by Kaoru Kurosawa and Ryo Nojima and Le Trieu Phong

  Verifiable random functions (VRF) and selectively-convertible undeniable signature (SCUS) schemes were proposed independently in the literature. In this paper, we observe that they are tightly related. This directly yields several deterministic SCUS schemes based on existing VRF constructions. In addition, we create a new probabilistic SCUS scheme, which is very compact. The confirmation and disavowal protocols of these SCUS are efficient, and can be run either sequentially, concurrently, or arbitrarily. These protocols are based on what we call zero-knowledge protocols for generalized DDH and non-DDH, which are of independent interest.