International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

23:41 [Event][New] Crypto: CryptoIdeaLab: Early Career Researchers/Efficient Homomorphic Encyption

  Submission: 31 March 2013
From July 15 to July 19
Location: Providence, RI, United States
More Information:

09:51 [Event][New] SAC 2013: Selected Areas in Cryptography 2013

  Submission: 10 May 2013
Notification: 24 June 2013
From August 14 to August 16
Location: Burnaby, BC, Canada
More Information:

09:50 [Event][New] ECTCM 2013: First International Workshop on Emerging Cyberthreats and Countermeasures

  Submission: 30 March 2013
Notification: 9 May 2013
From September 2 to September 6
Location: Regensburg, Germany
More Information:

12:19 [Event][New] RISI 2013: The Third International Workshop on Resilience and IT-Risk in Social Infra

  Submission: 8 March 2013
Notification: 2 May 2013
From September 2 to September 6
Location: Regensburg, Germany
More Information:

10:17 [Pub][ePrint] Symbolic Universal Composability, by Florian Böhl and Dominique Unruh

  We introduce a variant of the Universal Composability framework (UC; Canetti, FOCS 2001) that uses symbolic cryptography. Two salient properties of the UC framework are secure composition and the possibility of easily defining security by giving an ideal functionality as specification. These advantages are now also available in a symbolic modeling of cryptography, allowing for a modular analysis of complex protocols.

We furthermore introduce a new technique for modular design of protocols that uses UC but avoids the need for powerful cryptographic primitives that often comes with UC protocols; this \"virtual primitives\" approach is unique to the symbolic setting and has no counterpart in the original computational UC framework.

10:17 [Pub][ePrint] A Verifiable 1-out-of-n Distributed Oblivious Transfer Protocol, by Christian L. F. Corniaux and Hossein Ghodosi

  In the various 1-out-of-$n$ distributed oblivious transfer protocols (DOT) designed in an unconditionally secure environment, a receiver contacts $k$ out of $m$ servers to obtain one of the $n$ secrets held by a sender. After a protocol has been executed, the sender has no information on the choice of the receiver and the receiver has no information on the secrets she did not obtain. Likewise, a coalition of $k - 1$ servers is unable to infer any information, neither on the sender\'s secrets, nor on the receiver\'s choice.

These protocols are based on a semi-honest model: no mechanism prevents a group of malicious servers from disrupting the protocol such that the secret obtained by the receiver does not correspond to the chosen secret. Actually, to verify the information transmitted by the servers seems to require some properties difficult to reconcile: on one hand the receiver has to collect more information from the servers to discard the incorrect data generated by the malicious servers; on the other hand, if the receiver is allowed to gather more information from the servers, the sender\'s security may be compromised.

We study the first unconditionally secure DOT protocol in the presence of an active adversary who may corrupt up to $k - 1$ servers. In addition to the active adversary, we also assume that the sender may (passively) corrupt up to $k - 1$ servers to learn the choice of the receiver. Similarly, the receiver may (passively) corrupt up to $k - 1$ servers to learn more than the chosen secret. However, we assume that the sender, receiver, and active adversary do not collaborate with each other. Our DOT protocol allows the receiver to contact $4k - 3$ servers to obtain one secret, while the required security is maintained.

10:17 [Pub][ePrint] Lightweight Zero-Knowledge Proofs for Crypto-Computing Protocols, by Sven Laur and Bingsheng Zhang

  Crypto-computing is a set of well-known techniques for computing with encrypted data. The security of the corresponding protocols are usually proven in the semi-honest model. In this work, we propose a new class of zero- knowledge proofs, which are tailored for crypto-computing protocols. First, these proofs directly employ properties of the underlying crypto systems and thus many facts have more concise proofs compared to generic solutions. Second, we show how to achieve universal composability in the trusted set-up model where all zero-knowledge proofs share the same system-wide parameters. Third, we de- rive a new protocol for multiplicative relations and show how to combine it with several crypto-computing frameworks to get security in the malicious model.

10:17 [Pub][ePrint] Instantiating Treeless Signature Schemes, by Patrick Weiden and Andreas Hülsing and Daniel Cabarcas and Johannes Buchmann

  We study the efficiency of the treeless signature schemes [Lyu08], [Lyu09], [Lyu12] and evaluate their practical performance. We explain how to implement them, e.g., how to realize discrete Gaussian sampling and how to instantiate the random oracles. Our software implementation as well as extensive experimental results are presented. In particular, we compare the treeless signature schemes with currently used schemes and other post-quantum signature schemes. As the experimental data shows non-competitiveness, a discussion of possible improvements concludes the paper.

08:52 [Event][New] ICICS'13: 15th International Conference on Information and Communications Security

  Submission: 5 June 2013
Notification: 24 July 2013
From November 20 to November 22
Location: Beijing, China
More Information:

07:46 [Event][New] SSTiC 2013: International Summer School on Trends in Computing

  From July 22 to July 26
Location: Tarragona, Spain
More Information:

19:17 [Pub][ePrint] Cryptanalysis of the Dragonfly Key Exchange Protocol, by Dylan Clarke and Feng Hao

  Dragonfly is a password authenticated key exchange protocol that has been submitted to the Internet Engineering Task Force as a candidate standard for general internet use. We analyzed the security of this protocol and devised an attack that is capable of extracting both the session key and password from an honest party. This attack was then implemented and experiments were performed to determine the time-scale required to successfully complete the attack.