International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

18:32 [Job][New] Post-Doc, Aalto University School of Science, Helsinki, Finland

  The cryptography group at Aalto University School of Science is specialized in statistical cryptanalysis of symmetric-key cryptographic primitives as well as implementation efficiency and security of both asymmetric-key and symmetric-key primitives. Also mathematical structures that provide resistance against such attacks belong to the groupĀ“s interest areas. In the current call we look for researchers who have PhD degree and background in the areas mentioned above.

18:00 [Event][New] SIN'13: The 6th Intl Conf on Security of Information and Networks

  Submission: 30 June 2013
Notification: 10 August 2013
From November 26 to November 28
Location: Aksaray, Turkey
More Information:

20:47 [Event][New] Keccak & SHA-3 Day

  From March 27 to March 27
Location: Brussels, Belgium
More Information:

20:46 [Event][New] RFIDsec '13: Workshop on RFID Security

  Submission: 2 April 2013
Notification: 28 May 2013
From July 9 to July 11
Location: Graz, Austria
More Information:

13:17 [Pub][ePrint] A new index calculus algorithm with complexity $L(1/4+o(1))$ in very small characteristic, by Antoine Joux

  In this paper, we describe a new algorithm for discrete logarithms in

small characteristic. It works especially well when the characteristic

is fixed. Indeed, in this case, we obtain a total complexity of $L(1/4+o(1)).$

19:17 [Pub][ePrint] Secure Signatures and Chosen Ciphertext Security in a Post-Quantum World, by Dan Boneh and Mark Zhandry

  We initiate the study of quantum-secure digital signatures and quantum chosen ciphertext security. In the case of signatures, we enhance the standard chosen message query model by allowing the adversary to issue quantum chosen message queries: given a superposition of messages, the adversary receives a superposition of signatures on those messages. Similarly, for encryption, we allow the adversary to issue quantum chosen ciphertext queries: given a superposition of ciphertexts, the adversary receives a superposition of their decryptions. These adversaries model a natural post-quantum environment where end-users sign messages and decrypt ciphertexts on a personal quantum computer.

We construct classical systems that remain secure when exposed to such quantum queries. For signatures we construct two compilers that convert classically secure signatures into signatures secure in the quantum setting and apply these compilers to existing post-quantum signatures. We also show that standard constructions such as Lamport one-time signatures and Merkle signatures remain secure under quantum chosen message attacks, thus giving signatures whose quantum security is based on generic assumptions. For encryption, we define security under quantum chosen ciphertext attacks and present both public-key and symmetric-key constructions.

19:17 [Pub][ePrint] Filtered nonlinear cryptanalysis of reduced-round Serpent, and the Wrong-Key Randomization Hypothesis., by James McLaughlin and John A. Clark

  We present a deterministic algorithm to find nonlinear S-box approximations, and a new nonlinear cryptanalytic technique; the \"filtered\" nonlinear attack, which achieves the lowest data complexity of any known-plaintext attack on reduced-round Serpent so far. We demonstrate that the Wrong-Key Randomization Hypothesis is not entirely valid for attacks on reduced-round Serpent which rely on linear cryptanalysis or a variant thereof, and survey the effects of this on existing attacks (including existing nonlinear attacks) on 11 and 12-round Serpent.

19:17 [Pub][ePrint] Functional Encryption Supporting Recursive Languages, by Somindu C. Ramanna and Palash Sarkar

  We provide a construction for functional encryption over the set of recursive languages.

In this scheme, a secret key $\\sk_{\\mathcal{M}}$ encodes a halting double-stack deterministic pushdown

automaton (2DPDA) $\\mathcal{M}$ that accepts by final state. Encryption algorithm takes a message $m$

and a string $w$ as input and outputs a ciphertext $\\cipher$. A user possessing $\\sk_{\\mathcal{M}}$ can

decrypt $\\cipher$ only if $\\mathcal{M}$ accepts $w$. Halting 2DPDAs can simulate halting deterministic

Turing machines and hence our construction essentially covers all

recursive languages.

The construction is built upon Waters\' bilinear pairing-based functional encryption scheme

over regular languages. The main technical novelty is in handling stack contents and

$\\lambda$-transitions (i.e., transitions that do not advance the input pointer)

of the automata. This is reflected both in the construction and the security arguments.

The scheme is shown to be selectively secure based on the decision $\\ell$-expanded bilinear

Diffie-Hellman exponent assumption introduced by Waters.

19:17 [Pub][ePrint] Systematic Construction and Comprehensive Evaluation of the Kolmogorov-Smirnov Test based Side-Channel Distinguishers, by Hui Zhao, Yongbin Zhou, Francois-Xavier Standaert, Hailong Zhang

  Generic side-channel distinguishers aim at revealing the correct key embedded in cryptographic modules even when few assumptions can be made about their physical leakages. In this context, Kolmogorov-Smirnov Analysis (KSA) and Partial Kolmogorov-Smirnov analysis (PKS) were proposed respectively. Although both KSA and PKS are based on the Kolmogorov-Smirnov (KS) test, they really differ a lot from each other in terms of construction strategies. Inspired by this, we construct nine new variants by combining their strategies in a systematic way. Furthermore, we explore the effectiveness and efficiency of all these twelve KS test based distinguishers under various simulated scenarios in a univariate setting within a unified comparison framework, and also investigate how these distinguishers behave in practical scenarios. For these purposes, we perform a series of attacks against both simulated traces and real traces. Evaluation metrics such as Success Rate (SR) and Guessing Entropy (GE) are used to measure the efficiency of key recovery attacks in our evaluation. Our experimental results not only show how to choose the most suitable KS test based distinguisher in a particular scenario, but also clarify the practical meaning of all these KS test based distinguishers in practice.

19:17 [Pub][ePrint] Man-in-the-Middle Secure Authentication Schemes from LPN and Weak PRFs, by Vadim Lyubashevsky and Daniel Masny

  We show how to construct, from any weak pseudorandom function, a 3-round symmetric-key authentication protocol that is secure against man-in-the-middle attacks. The construction is very efficient, requiring both the secret key and communication size to be only 3n bits long. Our techniques also extend to certain classes of randomized weak-PRFs, chiefly among which are those based on the classical LPN problem and its more efficient variants such as Toeplitz-LPN and Ring-LPN. Building a man-in-the-middle secure authentication scheme from any weak-PRF resolves a problem left open by Dodis et al. (Eurocrypt 2012), while building a man-in-the-middle secure scheme based on any variant of the LPN problem solves the main open question in a long line of research aimed at constructing a practical light-weight authentication scheme based on learning problems, which began with the work of Hopper and Blum (Asiacrypt 2001).

19:17 [Pub][ePrint] On the security of a certificateless aggregate signature scheme, by Lin Cheng and Qiaoyan Wen and Zhengping Jin and Hua Zhang and Liming Zhou

  Aggregate signature can combinensignatures on nmessages fromnusers into a single short signature, and the resulting signature can convince the verifier that thenusers indeed signed

the ncorresponding messages. This feature makes aggregate signature very useful especially in environments with low bandwidth communication, low storage and low computability since it

greatly reduces the total signature length and verification cost. Recently, Xiong et al. presented an efficient certificateless aggregate signature scheme. They proved that their scheme is secure in a strengthened security model, where the \"malicious-but-passive\" KGC attack was considered. In this paper, we show that Xiong et al.\'s certificateless aggregate signature scheme is not secure

even in a weaker security model called \"honest-but-curious\" KGC attack model.