International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

15:17 [Pub][ePrint] On 3-share Threshold Implementations for 4-bit S-boxes, by Sebastian Kutzner and Phuong Ha Nguyen and Axel Poschmann and Huaxiong Wang

  One of the most promising lightweight hardware countermeasures against SCA attacks is the so-called Threshold Implementation (TI) countermeasure. In this work we resolve many of the remaining open issues towards it\'s applicability. In particular, our contribution is

three-fold: first we define which optimal (from a cryptographic point of view)

S-boxes can be implemented with a 3-share TI. Second, we

introduce two methodologies to efficiently implement

these S-boxes. Third, as an example, we successfully apply these

methodologies to PRESENT and are able to decrease the area requirements of its protected S-box

by 57\\%.

15:17 [Pub][ePrint] Enabling 3-share Threshold Implementations for any 4-bit S-box, by Sebastian Kutzner and Phuong Ha Nguyen and Axel Poschmann

  Threshold Implementation (TI) is an elegant and widely accepted countermeasure against

1-st order Differential Power Analysis (DPA) in Side Channel

Attacks. The 3-share TI is the most efficient version of TI,

but so far, it can only be applied to 50\\% of all 4-bit S-boxes.

In this paper, we study the limitations of decomposition and introduce factorization

to enable the 3-share TI for any optimal 4-bit

S-box. We propose an algorithm which can decompose any optimal 4-bit

S-box to quadratic vectorial boolean functions with a time complexity of $2^{19}$.

Furthermore, we use our new methodology in combination with decomposition to optimize ciphers utilizing many different

S-boxes, and,

to highlight the strength of our new methodology, we construct a 3-share Threshold Implementation of SERPENT which was believed to be not possible until now. Last, we show how to implemented all SERPENT S-boxes with only one mutual core.

15:17 [Pub][ePrint] Entangled Cloud Storage, by Giuseppe Ateniese and Özgür Dagdelen and Ivan Damgard and Daniele Venturi

  Entangled cloud storage enables a set of clients {P_i} to \"entangle\" their files {f_i} into a single clew c to be stored by a (potentially malicious) cloud provider S. The entanglement makes it impossible to modify or delete significant part of the clew without affecting all files in c. A clew keeps the files in it private but still lets each client P_i recover his own data by interacting with S; no cooperation from other clients is needed. At the same time, the cloud provider is

discouraged from altering or overwriting any significant part of c as this will imply that none of the clients can recover their files.

We provide theoretical foundations for entangled cloud storage, introducing the notion of an entangled encoding scheme that guarantees strong security requirements capturing the properties above. We also give a concrete construction based on privacy-preserving polynomial interpolation, along with protocols for using the encoding scheme in practice.

Protocols for cloud storage find application in the cloud setting, where clients store their files on a remote server and need to be ensured that the cloud provider will not delete their data illegitimately. Current solutions, e.g., based on Provable Data Possession and Proof of Retrievability, catch a malicious server \"after-the-fact\", meaning that the server needs to be challenged regularly to provide evidence that the clients\' files are stored at a given time.

Entangled storage makes all clients equal and with the same rights: It makes it financially inconvenient for a cloud provider to alter specific files and exclude certain \"average\" customers, since doing so would undermine all customers in the system, even those considered \"important\" and, thus, profitable. Therefore, entangled storage schemes offer security \"before-the-fact\".

15:17 [Pub][ePrint] Constant-Overhead Secure Computation for Boolean Circuits in the Preprocessing Model, by Ivan Damgard and Sarah Zakarias

  We present a protocol for securely computing a Boolean circuit $C$ in presence of a dishonest and malicious majority. The protocol is unconditionally secure, assuming access to a preprocessing functionality that is not given the inputs to compute on. For a large number of players the work done by each player is the same as the work needed to compute the circuit in the clear, up to a constant factor. Our protocol is the first to obtain these properties for Boolean circuits. On the technical side, we develop new homomorphic authentication schemes based on asymptotically good codes with an additional multiplication property. We also show a new algorithm for verifying the product of Boolean matrices in quadratic time with exponentially small error probability, where previous methods would only give a constant error.

15:17 [Pub][ePrint] Commitments and Efficient Zero-Knowledge Proofs from Hard Learning Problems, by Abhishek Jain and Stephan Krenn and Krzysztof Pietrzak and Aris Tentes

  We construct a perfectly binding string commitment scheme whose security is based on the learning parity with noise ($\\LPN$) assumption, or equivalently, the hardness of decoding random linear codes. Our scheme not only allows for a simple and efficient zero-knowledge proof of knowledge for committed values (essentially a $\\Sigma$-protocol), but also for such proofs showing any kind of relation amongst committed values, i.e. proving that messages $\\vm_0,\\ldots,\\vm_u$, are such that $\\vm_0=C(\\vm_1,\\ldots,\\vm_u)$ for any circuit $C$.

To get soundness which is exponentially small in a security parameter $t$, and when the zero-knowledge property relies on the LPN problem with secrets of length $\\ell$, our $3$ round protocol has communication complexity $\\bigO(t|C|\\ell\\log(\\ell))$ and computational complexity of $\\bigO(t|C|\\ell)$ bit operations. The hidden constants are small, and the computation consists mostly of computing inner products of bit-vectors.

00:59 [Event][New] ICISC 2012: The International Conference on Information Security and Cryptology

  Submission: 9 September 2012
Notification: 22 October 2012
From November 28 to November 30
Location: Seoul, Korea
More Information:

14:07 [Event][New] -: Crypto 2013

  From August 18 to August 22
Location: Santa Barbara, CA, USA
More Information:

10:36 [Job][New] Security Software Developer, escrypt Inc.

  ESCRYPT is an ambitious company in the area of applied data security. Our clients include all global auto makers as well as leading global players in the area of machinery, automation, semiconductors and high-tech companies. ESCRYPT is a German company with offices in the US and Europe. ESCRYPT is leader in automotive data security and is expanding the US business. We are looking for highly motivated people who have great ideas and who want to realize those.


Your role will be developing customized software for our client projects and support our product development. You will potentially develop a Javabased enterprise security server, customized applications for JCOP-based smart-cards, and security applications for embedded devices in C. You will be located in our Ann Arbor office in Michigan, USA, and work in an international team and collaborate with our colleagues in the German offices.


We seek:

  • Top graduates in the fields of computer science,

    electrical engineering, or applied


  • Java Enterprise Edition experience

  • Software development experience (C, C++,


  • Industry experience is an advantage

We look for all-rounders willing to improve ESCRYPT every day. You should be able to work independently and be willing to take responsibility.

23:03 [News] IACR BibTeX file available

  There is now a BibTeX file available that contains all IACR publications in cryptodb.

11:08 [Job][New] Ph.D. student, University of Trier, Germany


The PhD candidate will contribute to the research in the project “Implementation-Level Analysis of E-Voting Systems”, which is funded by the German Research Foundation (DFG) and is part of the DFG priority programme “Reliably Secure Software Systems - RS3”. The goal of this project is to develop general methods and techniques for the security analysis of Java systems that use cryptography, with e-voting systems being one of the motivating examples. The project combines techniques from program analysis/verification with techniques from cryptography and cryptographic protocol analysis.

We offer a creative international environment and the possibility to participate in internationally visible research. The salary scale for the position is TV-L E13 (100%). Subject to the final decision of the DFG, the position will be available from October 1st, 2012. Contracts are initially offered for two years, with the perspective of an extension by another two years.

The successful candidate should have a Master’s degree (or should be very close to completion thereof) in Computer Science, Mathematics, Information Security, or a related field, with a strong background in Theoretical Computer Science. Knowledge in program analysis/verification, logic, or cryptography is an asset. Good English skills are expected; knowledge of German is not required.

Applications should include:

  • Curriculum Vitae (including your contact address and work experience)
  • Cover letter explaining your motivation
  • Transcript of all courses and grades for your Bachelor and Master program
  • A short description of your Master’s work (max 1 page)
  • Contact details of (at least) one professor that can provide a recommendation for your application.

The deadline for applications is September 30th, 2012. However, late applications will be considered until the position is filled.

11:08 [Job][New] Assistant Professor, Kanazawa University, Japan

  Kanazawa University, Japan, invites applications for a tenure-track assistant professor position in advanced research area of information security, such as IT Security and Cryptography.

An appointee is expected on duty on December 1st, 2012 or at a possibly early time after that, and at latest by the end of March, 2013.

Research budget: Kanazawa University will provide funding support for the start-up of research: 10 million Yen for the first fiscal year and 5 million Yen for the second fiscal year.