International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

19:17 [Pub][ePrint] Self-Differential Cryptanalysis of Up to 5 Rounds of SHA-3, by Itai Dinur and Orr Dunkelman and Adi Shamir

  On October 2-nd 2012 NIST announced its selection of the Keccak scheme as the new SHA-3 hash standard. In this paper

we present the first published collision finding attacks on reduced-round versions of Keccak-384 and Keccak-512,

providing actual collisions for 3-round versions, and describing attacks which are much faster than birthday

attacks for 4-round Keccak-384. For Keccak-256, we increase the number of rounds which can be attacked to 5.

All these results are based on a new type of {\\it self-differential} attack, which makes it possible to map

a large number of Keccak inputs into a relatively small subset of possible outputs with a surprisingly large probability, which

makes it easier to find random collisions in this subset.

14:09 [Job][New] Ph.D. / M.Sc. and Summer Internship, Cryptography, Security, and Privacy Research Group, Koç University, Turkey

  Cryptography, Security & Privacy Research Group at Koç University has multiple openings for both M.Sc. and Ph.D. level applications. All accepted applicants will receive competitive scholarships.

Koç University has a beautiful campus in the middle of a forest, with a nice view of the Black Sea and the Bosporus, and is close to the ?stanbul city center. The application deadline is 15th of January for Spring 2013 applications.

  • For more information about our group and projects, visit

  • For applying online, and questions about the application process, visit

  • For summer internship opportunities, visit

  • For questions, contact Asst. Prof. Alptekin Küpçü

13:40 [Event][New] CASE-13: 1st International workshop on Cloud Computing Applications and SEcurity

  Submission: 15 December 2012
Notification: 20 February 2013
From April 23 to April 25
Location: Irbid, Jordan
More Information:

06:58 [Job][New] Two Ph.D. Positions in Lightweight Cryptography for the Internet of Things, University of Luxembourg


The Laboratory of Algorithmics, Cryptology and Security (LACS) of the University of Luxembourg is looking for two Ph.D. students in the area of lightweight cryptography. The successful candidates will contribute to a research project entitled \"Applied Cryptography for the Internet of Things (ACRYPT)\", which is funded by the Fonds National de la Recherche (FNR). Both Ph.D. students will be supervised by Prof. Alex Biryukov and collaborate with other members of LACS as well as external research partners.

Candidates are expected to hold an M.Sc. degree in computer science, electrical engineering, or applied mathematics with outstanding grades. Applications from M.Sc. students who will graduate in spring 2013 will also be considered. A solid background in algorithms and data structures, discrete mathematics, probability theory and statistics, software development, computer architecture, and information security is a general requirement to qualify for a Ph.D. position in LACS. Hands-on experience in hardware design (VHDL, SystemC) or programming of embedded systems (AVR, MSP430, ARM, etc.) is an asset for one of the two positions. Candidates with an interest to conduct leading-edge research in one of the following areas are particularly encouraged to apply:

  • Design and analysis of symmetric cryptographic primitives
  • Efficient implementation of cryptosystems in hardware and/or software
  • Physical attacks (SPA, DPA, fault attacks, etc.) and countermeasures

Both Ph.D. positions are initially offered for three years, but an extension to a fourth year is possible. The monthly salary is roughly 2,000 Euros net (i.e. after deduction of taxes and social security contributions). Interested candidates are invited to submit their application by email to lacs.acrypt(at) The application material should contain a cover letter explaining the candidate\'s motivation and research interests, a detailed CV (including photo),

06:58 [Job][New] Post-Doc, Ben-Gurion University of the Negev, Israel

  The research will be in the scopes of:

Securing and preserving private computation in the cloud.

Cyber security.

Distributed computing.

04:17 [Pub][ePrint] Fixed Argument Pairing Inversion on Elliptic Curves, by Sungwook Kim and Jung Hee Cheon

  Let $E$ be an elliptic curve over a finite field ${\\mathbb F}_q$ with a power of prime $q$, $r$ a prime dividing $\\#E({\\mathbb F}_q)$, and $k$ the smallest positive integer satisfying $r | \\Phi_k(p)$, called embedding degree. Then a bilinear map $t: E({\\mathbb F}_q)[r] \\times E({\\mathbb F}_{q^k})/rE({\\mathbb F}_{q^k}) \\rightarrow {\\mathbb F}_{q^k}^*$ is defined, called the Tate pairing. And the Ate pairing and other variants are obtained by reducing the domain for each argument and raising it to some power.

In this paper we consider the {\\em Fixed Argument Pairing Inversion (FAPI)} problem for the Tate pairing and its variants. In 2012, considering FAPI for the Ate$_i$ pairing, Kanayama and Okamoto formulated the {\\em Exponentiation Inversion (EI)} problem. However the definition gives a somewhat vague description of the hardness of EI. We point out that the described EI can be easily solved, and hence clarify the description so that the problem does contain the actual hardness connection with the prescribed domain for given pairings.

Next we show that inverting the Ate pairing (including other variants of the Tate pairing) defined on the smaller domain is neither easier nor harder than inverting the Tate pairing defined on the lager domain. This is very interesting because it is commonly believed that the structure of the Ate pairing is so simple and good (that is, the Miller length is short, the solution domain is small and has an algebraic structure induced from the Frobenius map) that it may leak some information, thus there would be a chance for attackers to find further approach to solve FAPI for the Ate pairing, differently from the Tate pairing.

04:17 [Pub][ePrint] Digital Signatures with Minimal Overhead, by Eike Kiltz and Krzysztof Pietrzak and Mario Szegedy

  In a digital signature scheme with message recovery, rather than transmitting the message $m$ and its signature $\\sigma$, a single enhanced signature $\\tau$ is transmitted. The verifier is able to recover $m$ from $\\tau$ and at the same time

verify its authenticity. The two most important parameters of such a scheme are its security and the overhead $|\\tau|-|m|$. A simple argument shows that for any scheme with ``$n$ bits security\" $|\\tau|-|m|\\ge n$, i.e., the overhead is at least the security. The best previous constructions required an overhead of $2n$. In this paper we show that the $n$ bit lower bound can basically be matched. Concretely, we propose a new simple RSA-based digital signature scheme that, for $n=80$ bits security in the random oracle model, has an overhead of $\\approx 90$ bits.

At the core of our security analysis is an almost tight upper bound for the expected number of edges of the densest ``small\'\' subgraph of a random Cayley graph, which may be of independent interest.

04:17 [Pub][ePrint] Does Counting Still Count? Revisiting the Security of Counting based User Authentication Protocols against Statistical Attacks, by Hassan Jameel Asghar and Shujun Li and Ron Steinfeld and Josef Pierpz

  At NDSS 2012, Yan et al. analyzed the security of several challenge-response type user authentication protocols against passive observers, and proposed a generic counting based statistical attack to recover the secret of some counting based protocols given a number of observed authentication sessions. Roughly speaking, the attack is based on the fact that secret (pass) objects appear in challenges with a different probability from non-secret (decoy) objects when the responses are taken into account. Although they mentioned that a protocol susceptible to this attack should minimize this difference, they did not give details as to how this can be achieved barring a few suggestions.

In this paper, we attempt to fill this gap by generalizing the attack with a much more comprehensive theoretical analysis. Our treatment is more quantitative which enables us to describe a method to theoretically estimate a lower bound on the number of sessions a protocol can be safely used against the attack. Our results include 1) two proposed fixes to make counting protocols practically safe against the attack at the cost of usability, 2) the observation that the attack can be used on non-counting based protocols too as long as challenge generation is contrived, 3) and two main design principles for user authentication protocols which can be considered as extensions of the principles from Yan et al. This detailed theoretical treatment can be used as a guideline during the design of counting based protocols to determine their susceptibility to this attack. The Foxtail protocol, one of the protocols analyzed by Yan et al., is used as a representative to illustrate our theoretical and experimental results.

04:17 [Pub][ePrint] Design of Secure Image Transmission in MANET using Number Theory Based Image Compression and Quasigroup Encryption (NTICQE) Algorithm, by Munivel E and Rajeswari Mukesh

  Image compression and image encryption are pivotal to proper storage and transmission of images over MANET. Simultaneous image compression and encryption aims at achieving enhanced bandwidth utilization and security at the same time. The Number Theory based Image Compression and Quasigroup Encryption (NTICQE) algorithm employs number theoretic paradigm - Chinese Remainder Theorem and Quasigroup Encryption, to solve congruencies and hence realize the twin ideals of compression and encryption simultaneously. Quasigroup encryptor that has very good data-scrambling properties and, therefore, it has potential uses in symmetric cryptography.

04:17 [Pub][ePrint] Breaking Another Quasigroup-Based Cryptographic Scheme, by Markus Dichtl and Pascale B\\\"offgen

  In their paper ``A Quasigroup Based Random Number Generator for Resource Constrained Environments\", the authors Matthew Battey and Abhishek Parakh propose the pseudo random number generator LOQG PRNG 256. We show several highly efficient attacks on LOQG PRNG 256.

04:17 [Pub][ePrint] Asynchronous Physical Unclonable Functions - AsyncPUF, by Julian Murphy

  Physically Unclonable Functions (PUFs) exploit the physical characteristics of silicon and provide an alternative to storing digital encryption keys in non-volatile memory. A PUF maps a unique set of digital inputs to a corresponding set of digital outputs. In this paper, the use of asynchronous logic and design techniques to implement PUFs is advocated for Asynchronous Physically Unclonable Functions (APUFs). A new method of using asynchronous rings to implement PUFs is described called ASYNCPUF which features inherent field programmability. It is both a novel and holistic PUF design compared to the existing state-of-the-art as it naturally addresses the two challenges facing PUFs to-date that prevent wide-spread adoption: robustness and entropy. Results of electrical simulation in a 90 nano-meter lithography process are presented and discussed.