International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

21:47 [Election] Nomination now open

  2012 Election

The 2012 election is being held to fill three of nine IACR Director positions. The election will again be run electronically and further information will be available on the IACR website.

Nominations Are Now Open

Nominations are due by September 25, 2012.

A nomination form is available at

Election of Directors

The three directors whose terms are expiring are

  • Thomas Berson
  • David Naccache
  • Serge Vaudenay

Election Committee

  • Josh Benaloh (Chair)
  • David Pointcheval (Returning Officer)
  • Greg Rose

16:48 [Event][New] MCCCC26: 26th Midwest Conference on Combinatorics, Cryptography and Computing

  Submission: 12 September 2012
From October 11 to October 13
Location: Cedar City, Utah, USA
More Information:

16:47 [Event][New] JSC: Journal of Symbolic Computation

  Submission: 30 November 2012
Notification: 30 March 2013
From November 30 to March 30
More Information:

16:46 [Event][New] ICIEIS2013: The Second International Conference on Informatics Engineering & Informatio

  Submission: 1 August 2013
Notification: 20 August 2013
From November 12 to November 14
Location: Kuala Lumpur, Malaysia
More Information:

16:45 [Job][New] Post-Doc in Security and Privacy, Saarland University, Germany


The Language-based Security (LBS) group ( in the Computer Science Department of Saarland University is looking for postdoctoral researchers in security and privacy. The LBS group is part of the newly established Center for IT-Security, Privacy and Accountability (CISPA). CISPA actively supports collaborations with other research centers worldwide, and offers young researchers an ideal working environment. The close connection of CISPA to the Department of Computer Science, the Max-Planck-Institute (MPI) for Informatics, the MPI for Software Systems, the German Research Center for Artificial Intelligence (DFKI), the Cluster of Excellence on Multimodal Computing and Interaction (MMCI), the Saarbruecken Graduate School of Computer Science, and the Intel Visual Computing Institute (IVCI) is crucial for the success of the location. All of these institutes are in close proximity on the campus.

Topics of particular interest include, but are not limited to:

  • language-based security
  • cryptographic protocols
  • formal methods for security
  • web security
  • privacy enhancing technologies
  • reliability, accountability, and trust

Positions are initially offered for two years with an internationally competitive salary.

Applicants must hold a first degree in Computer Science, Mathematics or a related discipline, and have completed, or be near completion of a PhD degree in Computer Science or a closely related area. We expect successful applicants to have a strong background in one or more of the aforementioned research topics and to maintain an outstanding academic track record. The working and teaching language is English.

Applications should contain a CV, a publication list, a research statement, and the names of at least two references. Please send your applicat

16:45 [Job][New] PhD Studentship in Zero-Knowledge Proofs, University College London, United Kingdom


Zero-knowledge proofs enable a prover to convince a verifier that a statement is true without revealing any other information and are widely used in cryptographic protocols. The goal of the PhD studentship under the supervision of Dr Jens Groth is to develop new and more efficient zero-knowledge techniques. The project is expected to involve both theoretical research and practical work on implementing protocols.

Prospective candidates should have a strong undergraduate degree or masters in mathematics or computer science. The PhD studentship is funded by an ERC Starting Grant on Efficient Cryptographic Arguments and Proofs with a flexible starting date and duration of 4 years. The studentship will provide a tax-free annual stipend of £19,790, however, ERC funding does not cover student fees (currently £4,200 for UK/EU students and £19,250 for Overseas students).

University College London is one of Europe\\\'s highest ranked universities and has recently been recognized by the EPSRC and GCHQ as one of UK\\\'s Academic Centres of Excellence in Cyber Security Research. The Computer Science Department is one of the largest in the UK and is located at UCL\\\'s main campus in the centre of London.

00:17 [Pub][JoC] An Efficient State Recovery Attack on the X-FCSR Family of Stream Ciphers


Abstract  We describe a state recovery attack on the X-FCSR family of stream ciphers. In this attack we analyse each block of output keystream and try to solve for the state. The solver will succeed when a number of state conditions are satisfied. For X-FCSR-256, our best attack has a computational complexity of only 24.7 table lookups per block of keystream, with an expected 244.3 such blocks before the attack is successful. The precomputational storage requirement is 233. For X-FCSR-128, the computational complexity of our best attack is 216.3 table lookups per block of keystream, where we expect 255.2 output blocks before the attack comes through. The precomputational storage requirement for X-FCSR-128 is 267.

  • Content Type Journal Article
  • Pages 1-22
  • DOI 10.1007/s00145-012-9130-9
  • Authors

    • Paul Stankovski, Dept. of Electrical and Information Technology, Lund University, P.O. Box 118, 221 00 Lund, Sweden
    • Martin Hell, Dept. of Electrical and Information Technology, Lund University, P.O. Box 118, 221 00 Lund, Sweden
    • Thomas Johansson, Dept. of Electrical and Information Technology, Lund University, P.O. Box 118, 221 00 Lund, Sweden

    • Journal Journal of Cryptology
    • Online ISSN 1432-1378
    • Print ISSN 0933-2790

From: Fri, 07 Sep 2012 16:46:28 GMT

15:17 [Pub][ePrint] An ID-Based Signcryption Scheme with Compartmented Secret Sharing for Unsigncryption, by Graham Enos and Yuliang Zheng

  In this paper the ID-based signcryption scheme of Li, Xin, and Hu is extended to a compartmented scheme. If an organization is partitioned into different compartments, this scheme allows any member of a specific compartment to participate in the unsigncryption; moreover, each mem- ber of a compartment has information unique to that individual. This construction is the first (to the authors\' knowledge) to combine identity-based encryption, Shamir\'s threshold scheme, and signcryption into an implementable compartmented sharing scheme.

15:17 [Pub][ePrint] PRINCE- A Low-latency Block Cipher for Pervasive Computing Applications (Full version), by Julia Borghoff and Anne Canteaut and Tim G\\\"{u}neysu and Elif Bilge Kavun and Miroslav Knezevic and Lars R.

  This paper presents a block cipher that is optimized with respect to latency when implemented in hardware. Such ciphers are desirable for many future pervasive applications with real-time security needs. Our cipher, named PRINCE, allows encryption of data within one clock cycle with a very competitive chip area compared to known solutions. The fully unrolled fashion in which such algorithms need to be implemented calls for innovative design choices. The number of rounds must be moderate and rounds must have short delays in hardware. At the same time, the traditional need that a cipher has to be iterative with very similar round functions disappears, an observation that increases the design space for the algorithm. An important further requirement is that realizing decryption and encryption results in minimum additional costs. PRINCE is designed in such a way that the overhead for decryption on top of encryption is negligible. More precisely for our cipher it holds that decryption for one key corresponds to encryption with a related key. This property we refer to as $\\alpha$-reflection is of independent interest and we prove its soundness against generic attacks.

15:17 [Pub][ePrint] Dynamic Searchable Symmetric Encryption, by Seny Kamara and Charalampos Papamanthou and Tom Roeder

  Searchable symmetric encryption (SSE) allows a client to encrypt its data in such a way that this data can still be searched. The most immediate application of SSE is to cloud storage, where it enables a client to securely outsource its data to an untrusted cloud provider without sacrificing the ability to search over it.

SSE has been the focus of active research and a multitude of schemes that achieve various levels of security and efficiency have been proposed. Any practical SSE scheme, however, should (at a minimum) satisfy the following properties: sublinear search time, security against adaptive chosen-keyword attacks, compact indexes and the ability to add and delete files efficiently. Unfortunately, none of the previously-known SSE constructions achieve all these properties at the same time. This severely limits the practical value of SSE and decreases its chance of deployment in real-world cloud storage systems.

To address this, we propose the first SSE scheme to satisfy all the properties outlined above. Our construction extends the inverted index approach (Curtmola et al., CCS 2006) in several non-trivial ways and introduces new techniques for the design of SSE. In addition, we implement our scheme and conduct a performance evaluation, showing that our approach is highly efficient and ready for deployment.

15:17 [Pub][ePrint] Generic Construction of Trace and Revoke Schemes, by Murat Ak, Aggelos Kiayias, Serdar Pehlivanoglu, Ali Aydın Selcuk

  Broadcast encryption (BE) is a cryptographic primitive that allows a broadcaster to encrypt a content to a specific group of users called privileged users and prevent revoked users from decrypting the content. In BE schemes, a group of users, called traitor s may leak their keys and allow illegal reception of the content. Such malicious users can be detected through traitor tracing (TT) schemes. The ultimate goal in a content distribution system would be combining traitor tracing and broadcast encryption (trace and revoke mechanisms) so that any receiver key found to be compromised in a tracing process would be revoked in the future transmissions.

In this paper, we propose a generic method to transform a broadcast encryption scheme into a trace and revoke scheme. This transformation involves imposing a fingerprinting code over the underlying BE transmissions. In conventional usage of fingerprinting codes, this will inflate the public key size with an additional data linear in the length of the code. To restrain from such increase in public key size, we introduce a new property, called public samplability, of a fingerprinting code. This property enables us to simulate the code independently from the actual code generated for tracing purposes. We have proved this property for the open fingerprinting code of [10].

We have instantiated our generic transformation with the BE schemes of [4, 12, 19]: we introduce (i) trace and revoke schemes with constant private key size and short ciphertext size, (ii) the first ID-based trace and revoke scheme, (iii) the first publicly traceable scheme with constant private key size and (iv) the first trace and revoke scheme against pirate rebroadcasting attack in the public key setting.