International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

05:22 [Job][New] M.Sc. and Ph.D. in Cryptography, Security, and Privacy, Koç University, Turkey

  Want to store your data online securely? Want a fair Internet? What about outsourcing your job while still being assured of the result? Want to work on cryptography, game theory, peer-to-peer networks, or similar fields?

If you want to secure the cloud through the use of provable cryptographic techniques, then you should definitely apply to the Cryptography, Security & Privacy Research Group at Koç University, Istanbul, Turkey. We have multiple openings for both M.Sc. and Ph.D. level applications. All accepted applicants will receive competitive scholarships.

For more information about our group, visit

For application material, visit

The application deadline has passed, but top-quality candidates will still be considered as long as open positions remain. TOEFL and GRE scores must be submitted. Do NOT apply online, since the deadline has passed. Send your documents via email, specifically indicating our research group as your interest.

05:19 [Event][New] IPICS 2012: IPICS Summer School 2012

  From September 3 to September 14
Location: Vienna, Austria
More Information:

18:17 [Pub][ePrint] Forward-Secure Hierarchical Predicate Encryption, by Juan Manuel Gonz{\\\'a}lez Nieto and Mark Manulis and Dongdong Sun

  Secrecy of decryption keys is an important pre-requisite for security of any encryption scheme and compromised private keys must be immediately replaced. \\emph{Forward Security (FS)}, introduced to Public Key Encryption (PKE) by Canetti, Halevi, and Katz (Eurocrypt 2003), reduces damage from compromised keys by guaranteeing confidentiality of messages that were encrypted prior to the compromise event. The FS property was also shown to be achievable in (Hierarchical) Identity-Based Encryption (HIBE) by Yao, Fazio, Dodis, and Lysyanskaya (ACM CCS 2004). Yet, for emerging encryption techniques, offering flexible access control to encrypted data, by means of functional relationships between ciphertexts and decryption keys, FS protection was not known to exist.\\smallskip

In this paper we introduce FS to the powerful setting of \\emph{Hierarchical Predicate Encryption (HPE)}, proposed by Okamoto and Takashima (Asiacrypt 2009). Anticipated applications of FS-HPE schemes can be found in searchable encryption and in fully private communication. Considering the dependencies amongst the concepts, our FS-HPE scheme implies forward-secure flavors of Predicate Encryption and (Hierarchical) Attribute-Based Encryption.\\smallskip

Our FS-HPE scheme guarantees forward security for plaintexts and for attributes that are hidden in HPE ciphertexts. It further allows delegation of decrypting abilities at any point in time, independent of FS time evolution. It realizes zero-inner-product predicates and is proven adaptively secure under standard assumptions. As the ``cross-product\" approach taken in FS-HIBE is not directly applicable to the HPE setting, our construction resorts to techniques that are specific to existing HPE schemes and extends them with what can be seen as a reminiscent of binary tree encryption from FS-PKE.

18:17 [Pub][ePrint] Fully Private Revocable Predicate Encryption, by Juan Manuel Gonz{\\\'a}lez Nieto and Mark Manulis and Dongdong Sun

  We introduce the concept of \\emph{Revocable Predicate Encryption (RPE)}, which extends the previous PE setting with revocation support: private keys can be used to decrypt an RPE ciphertext only if they match the decryption policy (defined via attributes encoded into the ciphertext and predicates associated with private keys) and were not revoked by the time the ciphertext was created.

The first challenge in RPE schemes is to preserve privacy for RPE ciphertexts, namely to ensure the \\emph{attribute-hiding} property, which is inherent to traditional PE constructions, and which implies the more basic property of payload hiding, used in the context of Attribute-Based Encryption (ABE). We formalize the notion of attribute hiding in the presence of revocation and propose our first RPE construction, called AH-RPE, which is attribute-hiding under the Decision Linear assumption in the standard model. In the AH-RPE scheme we deploy the revocation system of Lewko, Sahai, and Waters (IEEE S\\&P 2010), introduced for a simpler setting of broadcast encryption, which we modify for integration with the payload-hiding ABE scheme of Okamoto and Takashima (CRYPTO 2010), after making the latter attribute-hiding by borrowing additional techniques from Lewko, Okamoto, Sahai, Takashima, and Waters (Eurocrypt 2010).

As a second major step we show that RPE schemes may admit more stringent privacy requirements in comparison to PE schemes, especially when it comes to the revocation of private keys. In addition to attribute-hiding, RPE ciphertexts should ideally not leak any information about the revoked keys and by this about the revoked users. We formalize this stronger privacy notion, termed \\emph{full hiding}, and propose another RPE scheme, called FH-RPE, which achieves this notion in the setting of ``sender-local revocation\'\' of Attrapadung and Imai (Cryptography and Coding 2009), under the same assumptions as our AH-RPE construction. Our FH-RPE scheme is also based on the attribute-hiding variant of Okamoto and Takashima\'s ABE scheme, yet with a different revocation method, in which we integrate the Subset-Cover Framework of Naor, Naor, and Lotspiech (CRYPTO 2001) for better efficiency.

18:17 [Pub][ePrint] Secret Sharing Schemes for Very Dense Graphs, by Amos Beimel and Oriol Farràs and Yuval Mintz

  A secret-sharing scheme realizes a graph if every two vertices connected by an edge can reconstruct the secret while every independent set in the graph does not get any information on the secret. Similar to secret-sharing schemes for general access structures, there are gaps between the known lower bounds and upper bounds on the share size for graphs. Motivated by the question of what makes a graph ``hard\'\' for secret-sharing schemes (that is, require large shares), we study very dense graphs, that is, graphs whose complement contains few edges. We show that if a graph with $n$ vertices contains $\\binom{n}{2}-n^{1+\\beta}$ edges for some constant $0\\leq\\beta

18:17 [Pub][ePrint] Secure Computation on Floating Point Numbers, by Mehrdad Aliasgari and Marina Blanton and Yihua Zhang and Aaron Steele

  Secure computation undeniably received a lot of attention in the recent years, with the shift toward cloud computing offering a new incentive for secure computation and outsourcing. Surprisingly little attention, however, has been paid to computation with non-integer data types. To narrow this gap, in this work we develop efficient solutions for computation with real numbers in floating point representation, as well as more complex operations such as square root, logarithm, and exponentiation. Our techniques are information-theoretically secure, do not use expensive cryptographic techniques, and can be applied to a variety of settings. Our experimental results also show that the techniques exhibit rather fast performance and in some cases outperform operations on integers.

18:17 [Pub][ePrint] Comments on four multi-server authentication protocols using smart card, by *Jue-Sam Chou 1, Yalin Chen2, Chun-Hui Huang 3, Yu-Siang Huang4

  Recently, researchers have proposed several nice multi-server authentication protocols. They claim that their protocols are secure and can withstand various attacks. However, after reviewing their schemes, we found that they although are perfect whereas flawed. Due to this observation, in this paper, we list the weakness found in these recent literatures.

18:17 [Pub][ePrint] Cross-Unlinkable Hierarchical Group Signatures, by Julien Bringer and Herve Chabanne and Alain Patey

  We introduce the notion of Cross-Unlinkability for group signature schemes. Considering groups organized in a tree structure, where belonging to the parent group is required to join a new group, Cross-Unlinkability enables a cascade revocation process that takes into account the underlying tree structure, while ensuring anonymity for non-revoked users, in particular, towards the managers of the other groups. We show how to achieve Cross-Unlinkability using the Verifier-Local Revocation group signature scheme of Bringer and Patey at Secrypt 2012, by exploiting its property of Backward Unlinkability.

18:17 [Pub][ePrint] Efficient Implementation of Bilinear Pairings on ARM Processors, by Gurleen Grewal, Reza Azarderakhsh, Patrick Longa, Shi Hu, and David Jao

  As hardware capabilities increase, low-power devices such

as smartphones represent a natural environment for the efficient

implementation of cryptographic pairings. Few works in the literature

have considered such platforms despite their growing importance in a

post-PC world. In this paper, we investigate the efficient computation

of the Optimal-Ate pairing over Barreto-Naehrig curves in software at

different security levels on ARM processors. We exploit

state-of-the-art techniques and propose new optimizations to speed up

the computation in the tower field and curve arithmetic. In

particular, we extend the concept of lazy reduction to inversion in

extension fields, analyze an efficient alternative for the sparse

multiplication used inside the Miller\'s algorithm and reduce further

the cost of point/line evaluation formulas in affine and projective

homogeneous coordinates. In addition, we study the efficiency of using

M-type sextic twists in the pairing computation and carry out a

detailed comparison between affine and projective coordinate

systems. Our implementations on various mass-market smartphones and

tablets significantly improve the state-of-the-art of pairing

computation on ARM-powered devices, outperforming by at least a factor

of 3.5 the best previous results in the literature.

04:48 [Event][New] (IJCSS): International Journal of Computer Science and Security

  Submission: 31 July 2012
Notification: 15 September 2012
From October 31 to October 31
More Information:

12:17 [Pub][ePrint] An ID-Based Key Agreement Protocol Based on ECC Among Users of Separate Networks, by Mohammad Sabzinejad Farash and Mahmoud Ahmadian Attari

  In this article we propose an identity based key agreement protocol based on elliptic curve cryptography (ECC) between users of different networks with independent private key generations (PKGs). Our protocol is based on Cao et al.\'s protocol ,proposed in 2010, in which instead of bilinear pairings, elliptic curves are used for constructing an ID-based key agreement protocol . Our protocol develops Cao et al\'s protocol for situations that two users of independent organizations or networks with separate servers (that in this article, are named PKGs, because their main duty is generating private keys for the users) want to share a secret key via an insecure link. We also prove the security of the protocol in the random oracle model.