International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

19:24 [PhD][New] Roel Peeters: Security Architecture for Things That Think

  Name: Roel Peeters
Topic: Security Architecture for Things That Think
Category: cryptographic protocols

Description: The observation that people already carry lots of personal devices (e.g., a smart phone, an electronic identity card, an access badge, an electronic car key, a laptop, ... ), serves as starting point for this thesis. Furthermore, with the arrival of smart objects, the number of things that think one carries is expected to grow. Sensors will be built into clothing and attached to the body to monitor\r\nour health. It is clear that these devices need to be protected. However, due to the vast amount of devices involved, the traditional approach of protecting\r\neach device on its own, results in a usability nightmare.\r\n
\r\nWe investigate how to tap into the potential that arises from cooperation between these devices. This is done by deploying threshold cryptography on\r\npersonal devices. Threshold cryptography has the benefit of increased overall security, since an adversary can compromise a number (up to the threshold\r\nnumber) of devices without gaining any advantage towards breaking the overall security. Furthermore, the end-user does not need to carry all his personal\r\ndevices, any subset of size at least the threshold number is sufficient to make use of the threshold security system.\r\n
\r\nWe propose technical solutions to tackle some of the practical issues related to this approach, paving the road for real world implementations. First, we\r\nshow how one can include devices that do not have the necessary (secure) storage capabilities needed to store shares (e.g., car keys) in our threshold\r\nscheme. Second, we investigate how the end-user can add or remove devices from his set of personal devices used in this threshold scheme. Finally, in\r\norder to get user acceptance, the (location) privacy of consumers should not be disregarded. Towards this goal we examine how to achieve private and\r\nsecure device authentication over an open channel. This is done specifically for RFID tags, which are the least powerful devices that can be included in our\[...]

05:16 [PhD][New] U. Rajeswar Rao

  Name: U. Rajeswar Rao

05:16 [PhD][New] Rayanki Balakrishna: Multihop Performace Issuess in Wire less Mobile Ad Hoc networks

  Name: Rayanki Balakrishna
Topic: Multihop Performace Issuess in Wire less Mobile Ad Hoc networks
Category: implementation

05:15 [PhD][New] U.Rajeswar Rao

  Name: U.Rajeswar Rao

20:52 [Event][Update] SPACE'12: Int. Conference on Security, Privacy and Applied Cryptography Engineering

  Submission: 3 July 2012
Notification: 17 August 2012
From November 2 to November 3
Location: Chennai, India
More Information:

18:17 [Pub][ePrint] Using Variance to Analyze Visual Cryptography Schemes, by Teng Guo and Feng Liu and ChuanKun Wu and YoungChang Hou

  A visual cryptography scheme (VCS) is a secret sharing method, for which the secret can be decoded by human eyes without needing any cryptography knowledge nor any computation. Variance is first introduced by Hou et al. in 2005 and then thoroughly verified by Liu et al. in 2012 to evaluate the visual quality of size invariant VCS. In this paper, we introduce the idea of using variance as an error-detection measurement, by which we find the security defect of Hou et al.\'s multi-pixel encoding method. On the other hand, we find that variance not only effects the visual quality of size invariant VCS, but also effects the

visual quality of VCS. At last, average contrast associated with variance is used as a new criterion to evaluate the visual quality of VCS.

18:17 [Pub][ePrint] Computationally Sound Verification of the NSL Protocol via Computationally Complete Symbolic Attacker, by Gergei Bana and Pedro Adão and Hideki Sakurada

  In this paper we show that the recent technique of computationally complete symbolic attackers proposed by Bana and Comon-Lundh for computationally sound verification is powerful enough to verify actual protocols, such as the Needham-Schroeder-Lowe Protocol. In their model, one does not define explicit Dolev-Yao adversarial capabilities but rather the limitations of the adversarial capabilities. In this paper we present a set of axioms sufficient to show that no symbolic adversary compliant with these axioms can successfully violate secrecy or authentication in case of the NSL protocol. Hence all implementations for which these axioms are sound - namely, implementations using CCA2 encryption, and satisfying a minimal parsing requirement for pairing - exclude the possibility of successful computational attacks.

18:17 [Pub][ePrint] A Do-It-All-Cipher for RFID: Design Requirements (Extended Abstract) , by Markku-Juhani O. Saarinen and Daniel Engels

  Recent years have seen significant progress in the development of lightweight symmetric cryptoprimitives. The main concern of the designers of these primitives has been to minimize the number of gate equivalents (GEs) of the hardware implementation. However, there are numerous additional requirements that are present in real-life RFID systems. We give an overview of requirements emerging or already present in the widely deployed EPCGlobal Gen2 and ISO / IEC 18000-63 passive UHF RFID air interface standards. Lightweight stateful authenticated encryption algorithms seem to offer the most complete set of features for this purpose. In this work we give a Gen2-focused \"lessons learned\" overview of the challenges and related developments in RFID cryptography and propose what we see as appropriate design criteria for a cipher (dubbed \"Do-It-All-Cipher\" or DIAC) in this application area. We also comment on the applicability of NSA\'s new SIMON and SPECK proposals for this purpose.

18:17 [Pub][ePrint] Non-uniform cracks in the concrete: the power of free precomputation, by Daniel J. Bernstein and Tanja Lange

  There is a flaw in the standard security definitions used in the literature on provable concrete security. The definitions are frequently conjectured to assign a security level of 2^128 to AES, the NIST P-256 elliptic curve, DSA-3072, RSA-3072, and various higher-level protocols, but they actually assign a far lower security level to each of these primitives and protocols. This flaw undermines security evaluations and comparisons throughout the literature. This paper analyzes the magnitude of the flaw in detail and discusses several strategies for fixing the definitions.

18:17 [Pub][ePrint] Bounds on the Threshold Gap in Secret Sharing over Small Fields, by Ignacio Cascudo and Ronald Cramer and Chaoping Xing

  We consider the class of secret sharing schemes where there is no a priori bound on the number of players $n$ but where each of the $n$ share-spaces has fixed cardinality~$q$. We show two fundamental lower bounds on the {\\em threshold gap} of such schemes.

The threshold gap $g$ is defined as $r-t$, where $r$ is minimal and $t$ is maximal such that

the following holds: for a secret with arbitrary a priori distribution, each $r$-subset of players can

reconstruct this secret from their joint shares without error ($r$-reconstruction) and the information

gain about the secret is nil for each $t$-subset of players jointly ($t$-privacy).

Our first bound, which is completely general, implies that if $1\\leq t

05:55 [Job][New] Research Scientist / Senior Research Scientist, PARC, Palo Alto, CA, USA

  We invite applications for outstanding researchers to strengthen and broaden our research activities in security research. Our expertise ranges from applied cryptography and privacy to network, system, and usable security. Both recent Ph.D. graduates and well-established scientists are encouraged to apply.

A premier center for commercial innovation, PARC, a Xerox company, is in the business of breakthroughs. We work closely with global enterprises, entrepreneurs, government agencies and partners, and other clients to invent, co-develop, and bring to market game-changing innovations by combining imagination, investigation, and return on investment for our clients. For 40 years, we have lived at the leading edge of innovation, merging inquiry and strategy to pioneer technological change. PARC was incorporated in 2002 as a wholly owned independent subsidiary of Xerox Corporation – enabling us to continue pioneering technological change but across a broader set of industries and clients today.

Depending on seniority, the successful candidate will be responsible for one or more of the following roles:

. Formulating research problems based on real-world needs and independently conducting high-quality research

. Working with existing research and development staff on a broad range of research topics

. Working with business development team in identifying important business opportunities with industry and government agencies.

. Identifying new promising research directions and contributing them to the group’s long-term research agenda.

Candidates in all areas of cyber security will be considered, however, the following areas are of particular interest:

. Systems & network security

. Security in cloud computing

. Data mining and machine learning applied to security and privacy

. Security and privacy in ubiquitous and mobile computing environments

. Formal methods and software