International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

12:17 [Pub][ePrint] An All-In-One Approach to Differential Cryptanalysis for Small Block Ciphers, by Martin Albrecht and Gregor Leander

  We present a framework that unifies several standard differential techniques. This unified view allows us to consider many, potentially all, output differences for a given input difference and to combine the information derived from them in an optimal way. We then propose a new attack that implicitly mounts several standard, truncated, impossible, improbable and possible future variants of differential attacks in parallel and hence allows to significantly improve upon known differential attacks using the same input difference. To demonstrate the viability of our techniques, we apply them to KATAN-32. In particular, our attack allows us to break 115 rounds of KATAN-32, which is 37 rounds more than previous work. For this, our attack exploits the non-uniformity of the difference distribution after 91 rounds which is 20 rounds more than the previously best known differential characteristic.

Since our results still cover less than 1/2 of the cipher, they further strengthen our confidence in KATAN-32\'s resistance against differential attacks.

00:17 [Pub][ePrint] A Certificateless Multiple-key Agreement Protocol Based on Bilinear Pairings, by Mohammad Sabzinejad Farash and Mahmoud Ahmadian Attari and Majid Bayat

  Certificateless cryptosystems were proposed by Al-Riyami and Paterson in 2003 [1] to solve problems of public key cryptosystems based on PKI and based on identity. Up to now, various types of certificateless cryptographic primitives as encryption functions, signature schemes, key agreement protocols and etc, have been designed. But to the best of our knowledge, multiple-key agreement protocols have not been proposed based on certificateless cryptosystem yet. So in this paper we propose a certificateless authenticated multiple-key agreement protocol with bilinear pairings.

21:17 [Pub][ePrint] ID Based Signcryption Scheme in Standard Model, by S. Sharmila Deva Selvi and S. Sree Vivek and Dhinakaran Vinayagamurthy and C. Pandu Rangan

  Designing an ID based signcryption scheme in the standard model is among the most interesting and important problems in cryptography. However, all the existing systems in the ID based setting, in the standard model, do not have either the unforgeability property or the indistinguishability property or both of them. In this paper, we present the first provably secure ID based signcryption scheme in the standard model with both these properties. The unforgeability property of this scheme is based on the hardness of Computational Diffie-Hellman problem and the indistinguishability property of this scheme is based on the hardness of Decisional Bilinear Diffie-Hellman problem. Our scheme is strongly unforgeable in the strong attack mode called insider security. Moreover, our scheme possess an interesting property called public verifiability of the ciphertext. Our scheme integrates cleverly, a modified version of Waters\' IBE and a suitably modified version of the ID based signature scheme in the standard model proposed by Paterson et al. However, our security reductions are more efficient. Specifically, while the security reductions for indistinguishability is similar to the bounds of Waters\' scheme, the unforgeability reductions are way better than the bounds for Paterson et al.\'s scheme.

06:17 [Pub][ePrint] Analysis and Construction of Efficient RFID Authentication Protocol with Backward Privacy, by Shaohui Wang,Sujuan Liu,Danwei Chen

  Privacy of RFID systems is receiving increasing attentions in the

RFID community and an important issue required as to the security of RFID system. Backward privacy means the adversary can not trace the tag later even if he reveals the internal states of the tag sometimes before. In this paper, we analyze two recently proposed RFID authentication schemes: Randomized GPS and Randomized Hashed GPS scheme. We show both of them can not provide backward privacy in Juels and Weis privacy model, which allows the adversary to know whether the reader authenticates the tag successfully or not. In addition, we present a new protocol, called Challenge-Hiding GPS, based on the Schnorr identification scheme. The challenge is hidden from the eavesdropping through the technique of Diffie-Hellman key agreement protocol. The new protocol can satisfy backward privacy, and it has less communication overheads and almost the same computation, compared with the two schemes analyzed.

18:17 [Event][New] ICDIPC: 3rd Inter. Conf. on Digital Information Processing & Communications

  Submission: 15 December 2012
Notification: 1 January 2013
From January 30 to February 1
Location: Dubai, United Arab Emirates
More Information:

08:35 [Event][New] Inscrypt 2012: The 8th China International Conference on Information Security and Cryptology

  Submission: 20 August 2012
Notification: 20 August 2012
From November 28 to December 1
Location: Beijing, China
More Information:

08:35 [Event][New] Inscrypt'2012: The 8th China International Conference on Information Security and Cryptology

  Submission: 20 August 2012
Notification: 20 August 2012
From November 28 to December 1
Location: Beijing, China
More Information:

18:39 [Event][New] WESS 2012: 7th Workshop on Embedded Systems Security

  Submission: 27 July 2012
Notification: 24 August 2012
From October 12 to October 12
Location: Tampere, Finland
More Information:

15:20 [Conf][Crypto] CRYPTO 2012 - CALL FOR PARTICIPATION

  CALL FOR PARTICIPATION **********************************************************
CRYPTO 2012 - The 32nd International Cryptology Conference
Santa Barbara, CA, USA. August 19 - 23, 2012 **********************************************************


CRYPTO 2012 is the 32nd International Cryptology Conference. It is sponsored by the International Association for Cryptologic Research (IACR), in cooperation with the Computer Science Department of UCSB. The conference started in 1981 and has attracted a wide international audience from both the academic and industrial communities. The conference program covers a broad spectrum of topics in cryptology, and it is organized as a 4-day event featuring:
-- two invited talks
-- one tutorial
-- 48 technical presentations


-- "The End of Crypto", by Jonathan Zittrain, Harvard University
-- "Recent Advances and Existing Research Questions in Platform Security", by Ernie Brickell, Intel Corporation

-- "Pinning Down 'Privacy' in Statistical Databases", by Adam Smith, Pennsylvania State University



With funding support from the NSF and our industry sponsors, we are now able to award a second round of stipends to student attendees, both domestic and international. Application deadline: July 27th, 2012.

Google, Microsoft Research, Qualcomm, RIM, Voltage Security

03:17 [Pub][ePrint] CCBKE - Session Key Negotiation for Fast and Secure Scheduling of Scientific Applications in Cloud Computing, by Chang Liu and Xuyun Zhang and Chi Yang and Jinjun Chen

  Instead of purchasing and maintaining their own computing infrastructure, scientists can now run data-intensive scientific applications in a hybrid environment such as cloud computing by facilitating its vast storage and computation capabilities. During the scheduling of such scientific applications for execution, various computation data flows will happen between the controller and computing server instances. Amongst various quality-of-service (QoS) metrics, data security is always one of the greatest concerns to scientists because their data may be intercepted or stolen by malicious parties during those data flows, especially for less secure hybrid cloud systems. An existing typical method for addressing this issue is to apply Internet Key Exchange (IKE) scheme to generate and exchange session keys, and then to apply these keys for performing symmetric-key encryption which will encrypt those data flows. However, the IKE scheme suffers from low efficiency due to its low performance of asymmetric-key cryptological operations over a large amount of data and high-density operations which are exactly the characteristics of scientific applications. In this paper, we propose Cloud Computing Background Key Exchange (CCBKE), a novel authenticated key exchange scheme that aims at efficient security-aware scheduling of scientific applications. Our scheme is designed based on randomness-reuse strategy and Internet Key Exchange (IKE) scheme. Theoretical analyses and experimental results demonstrate that, compared with the IKE scheme, our CCBKE scheme can significantly improve the efficiency by dramatically reducing time consumption and computation load without sacrificing the level of security.

03:17 [Pub][ePrint] Cryptanalysis of Sood et al.\'s Authentication Scheme using Smart Cards, by Rafael Martínez-Peláez and Francisco Rico-Novella

  In 2010, Sood-Sarje-Singh proposed a dynamic ID-based remote user authentication scheme and claimed that their scheme is more secure than Das et al.\'s scheme and Liao et al.\'s scheme. However, we show that Sood et al.\'s scheme is still vulnerable to malicious user attack, man-in-the-middle attack, stolen smart card attack, off-line ID guessing attack, impersonation attack, and server spoofing attack, making the scheme unfeasible for practical implementation.