International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

15:06 [Conf][Crypto] Crypto 2012 list of accepted papers

  The list of accepted papers has been posted on the CRYPTO 2012 website.

13:45 [Event][New] FPS 2012: 5th International Symposium on Foundations & Practice of Security

  Submission: 1 July 2012
Notification: 20 August 2012
From October 25 to October 26
Location: Montreal, Canada
More Information:

02:23 [Conf][Crypto] Crypto 2012 online registration is open

  Crypto 2012 online registration is now open.

Registration website --

Early registration deadline: July 8, 2012

21:17 [Pub][ePrint] Quo Vadis Quaternion? Cryptanalysis of Rainbow over Non-Commutative Rings, by Enrico Thomae

  The Rainbow Signature Scheme is a non-trivial generalization of the well known Unbalanced Oil and Vinegar Signature Scheme (Eurocrypt \'99) minimizing the length of the signatures. Recently a new variant based on non-commutative rings, called NC-Rainbow, was introduced at CT-RSA 2012 to further minimize the secret key size.

We disprove the claim that NC-Rainbow is as secure as Rainbow in general and show how to reduce the complexity of MinRank attacks from 2^288 to 2^112 and of HighRank attacks from 2^128 to 2^96 for the proposed instantiation over the ring of Quaternions. We further reveal some facts about Quaternions that increase the complexity of the signing algorithm. We show that NC-Rainbow is just a special case of introducing further structure to the secret key in order to decrease the key size. As the results are comparable with the ones achieved by equivalent keys, which provably do not decrease security, and far worse than just using a PRNG, we recommend not to use NC-Rainbow.

21:17 [Pub][ePrint] Homomorphic Signature for Identity Authentication in Cloud Computing, by Zhiwei Wang, Guozi Sun and Danwei Chen

  In this paper, we introduce a new kind of homomorphic signature, which is suitable for identity authentication in cloud computing. User firstly gives his full signature (involves all his identity attributes) to the identity authentication server. During the valid period of his full signature, if the user wants to require a cloud service on a special identity (only involves part of identity attributes), he only needs to secretly send a $\\{0,1\\}^n$ vector to the identity authentication server. The identity authentication server who doesn\'t know the secret key can compute the partial signature on the special identity, and then signs it to the cloud server. We give a formal secure definition of this homomorphic signature, and construct a scheme from GHR signature. We prove that our scheme is secure under strong RSA assumption.

21:17 [Pub][ePrint] Passive Corruption in Statistical Multi-Party Computation, by Martin Hirt and Christoph Lucas and Ueli Maurer and Dominik Raub

  The goal of Multi-Party Computation (MPC) is to perform an arbitrary computation in a distributed, private, and fault-tolerant way. For this purpose, a fixed set of n parties runs a protocol that tolerates an adversary corrupting a subset of the parties, preserving certain security guarantees like correctness, secrecy, robustness, and fairness. Corruptions can be either passive or active: A passively corrupted party follows the protocol correctly, but the adversary learns the entire internal state of this party. An actively corrupted party is completely controlled by the adversary, and may deviate arbitrarily from the protocol. A mixed adversary may at the same time corrupt some parties actively and some additional parties passively.

In this work, we consider the statistical setting with mixed adversaries and study the exact consequences of active and passive corruptions on secrecy, correctness, robustness, and fairness separately (i.e., hybrid security). Clearly, the number of passive corruptions affects the thresholds for secrecy, while the number of active corruptions affects all thresholds. It turns out that in the statistical setting, the number of passive corruptions in particular also affects the threshold for correctness, i.e., in all protocols there are (tolerated) adversaries for which a single additional passive corruption is sufficient to break correctness. This is in contrast to both the perfect and the computational setting, where such an influence cannot be observed. Apparently, this effect arises from the use of information-theoretic signatures, which are part of most (if not all) statistical protocols.

21:17 [Pub][ePrint] Public-Key Cryptography from New Multivariate Quadratic Assumptions, by Yun-Ju Huang and Feng-Hao Liu and Bo-Yin Yang

  In this work, we study a new multivariate quadratic (MQ) assumption that can be used to construct public-key encryption schemes. In particular, we research in the following two directions:

We establish a precise \\emph{asymptotic} formulation of a family of hard MQ problems, and provide empirical evidence to confirm the hardness. %Since there are many practical solvers studied and implemented during the studies of algebraic attacks, we use

We construct public-key encryption schemes, and prove their security under the hardness assumption of this family. Also, we provide a new \\emph{perspective} to look at MQ systems that plays a key role to our design and proof of security.

As a consequence, we construct the \\emph{first} public-key encryption scheme that is \\emph{provably secure} under the MQ assumption.

Moreover, our public-key encryption scheme is efficient in the sense that it only needs a ciphertext length $L + \\poly(k)$ to encrypt a message $M\\in \\{0, 1 \\}^{L}$ for any un-prespecified polynomial $L$, where $k$ is the security parameter. This is essentially \\emph{optimal} since an additive overhead is the best we can hope for.

21:17 [Pub][ePrint] Boomerang and Slide-Rotational Analysis of the SM3 Hash Function, by Aleksandar Kircanski and Amr M. Youssef

  SM3 is a hash function designed by Xiaoyun Wang et al., and

published by the Chinese Commercial Cryptography Administration Office

for the use of electronic authentication service system. The design of

SM3 builds upon the design of the SHA-2 hash function, but introduces

additional strengthening features. In this paper, using a higher order

differential cryptanalysis approach, we present a practical 4-sum

distinguisher against the compression function of SM3 reduced to 32

rounds. In addition, we point out a slide-rotational property of

SM3-XOR, which exists due to the fact that constants used in the rounds

are not independent.

21:17 [Pub][ePrint] Implementing BLAKE with AVX, AVX2, and XOP, by Samuel Neves and Jean-Philippe Aumasson

  In 2013 Intel will release the AVX2 instructions, which introduce 256-bit single-instruction multiple-data (SIMD) integer arithmetic. This will enable desktop and server processors from this vendor to support 4-way SIMD computation of 64-bit add-rotate-xor algorithms, as well as 8-way 32-bit SIMD computations. AVX2 also includes interesting instructions for cryptographic functions, like any-to-any permute and vectorized table-lookup. In this paper, we explore the potential of AVX2 to speed-up the SHA-3 finalist BLAKE, and present the first working assembly implementations of BLAKE-256 and BLAKE-512 with AVX2. We then investigate the potential of the recent AVX and XOP instructions to accelerate BLAKE, and report new speed records on Sandy Bridge and Bulldozer microarchitectures (7.47 and 11.64 cycles per byte for BLAKE-256, 5.71 and 6.95 for BLAKE-512).

21:17 [Pub][ePrint] Official Arbitration and its Application to Secure Cloud Storage, by Alptekin Küpçü

  Many cryptographic protocols exist that enable two parties to exchange items (e.g., e-commerce) or agree on something (e.g., contract-signing). In such settings, disputes may arise. Official arbitration refers to the process of resolving disputes between two (or more) parties by a trusted and authorized Judge, based on evidence provided. As an example, consider the secure cloud storage scenario where there needs to be an official arbitration process between the client and the server in case of data loss or corruption. Without such a mechanism that can be officially used by the Judge in the court, the barrier on the enterprise adoption of such systems is high.

In this paper we first formally define official arbitration, and then provide several general purpose official arbitration protocols. Later, we focus on secure cloud storage, and provide efficient official arbitration schemes that can be used on top of any secure cloud storage scheme. We furthermore present a completely automated system where the Judge can just be a computer instead of a human being. All our constructions have security proofs, and we conclude with performance measurements showing that our overhead for official arbitration is roughly 2 ms and 80 bytes for each update on the stored data.

21:17 [Pub][ePrint] Cyptanalysis CDHP , BDHP and Tate pairing under certain conditions The Tate pairing is less secure than Weil, by Rkia Aouinatou (1) Mostafa Belkasmi (2)

  This work fall within the cadre of Cryptanalysis. Because, under

certain condition, we would give a fairly simple method to solve

the CDHP (the Problem Computational of Diffie and Hellman) and

others problems associated to it. Since, solving this problem, will help

us to provide a solution to the BDH (Problem Bilinear of Diffie and

Hellman). The CDHP and BDHP are the heart of many cryptosystems

in the point of view security, so solving it may be a threat to this

cryptosystem\'s. To elucidate this, we use a concept of geometry

algebraic named Tate Pairing.

This work is purely theoretical, we give firstly an overview on the

idea and we illustrate it by an examples to see its efficiency.