International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

12:35 [Event][New] SPACE 2013: Conference on Security, Privacy, and Applied Cryptography Engineering

  Submission: 3 June 2013
Notification: 1 July 2013
From October 21 to October 22
Location: Kharagpur, India
More Information:

17:54 [Job][New] Post Doc, Applied Cryptography & Telecom Group, Laboratoire Hubert Curien, University of Lyon, Saint-Etienne, France

  The main objective of the research in the group Applied Cryptography & Telecom is to propose efficient and robust hardware architectures aimed at applied cryptography and telecom that are resistant to passive and active cryptographic attacks. Currently, the central theme of this research consists in designing architectures for Secure Embedded Systems implemented in logic devices such as FPGAs and ASICs. We are also working on efficient and secure implementations of post-quantum cryptographic schemes. More information on

For a new project which addresses the problem of secure handling of personal data and privacy in many-core architectures, we proposes a Post Doc position to work on secure-by-design crypto-processor embedded in many-core architecture. We are looking for candidates with an outstanding Ph.D. in computer science or electrical engineering. Strong knowledge in digital system (VHDL, SystemC) design would be appreciated.

The Post-Doc position will start in January 2014, it is funded for 12 month extendable to 36 month.

To apply please send your detailed CV, motivation for applying (1 page) and names of at least two people who can provide reference letters (email).

17:54 [Job][New] Post-Doc, Dept. of Computer Science, Aarhus University, Denmark

  The cryptography group at Aarhus University is looking for postdocs. We do research in theory and practice of cryptographic protocols and public-key cryptography. Recently, we have worked on multiparty computation, leakage and tamper resilience of public-key cryptography and quantum cryptography. Whether you have already expertise in these areas or are just interested in getting into them, we would like to hear from you as soon as possible. We will consider your application immediately, even if you contact us before the closing date below.

The group has two faculty members (Ivan Damgard and Jesper Buus Nielsen), 3 postdocs and 8 PhD students. We can offer an active and welcoming research environment with good possibilities for travels and inviting guests. We usually offer 1-year contracts with an option for prolonging by a year.

15:17 [Pub][ePrint] Security Analysis of Linearly Filtered NLFSRs, by Mohammad Ali Orumiehchiha and Josef Pieprzyk and Ron Steinfeld and Harry Bartlett

  Our contributions are applying distinguishing attack on Linearly Filtered NLFSR as a primitive or associated with filter generators. We extend the attack on linear combinations of Linearly Filtered NLFSRs as well. Generally, these structures can be examined by the proposed techniques and the criteria will be achieved to design secure primitive. The attacks allow attacker to mount linear attack to distinguish the output of the cipher and recover its internal state. Also, we investigate security of the modified version of Grain stream cipher to present how invulnerable is the scheme against distinguishing attacks.

15:17 [Pub][ePrint] On the (Im)possibility of Projecting Property\\\\, by Jae Hong Seo

  Projecting bilinear pairings have frequently been used for designing cryptosystems since they were first derived from composite order bilinear groups. There have been only a few studies on the (im)possibility of projecting bilinear pairings. Groth and Sahai (EUROCRYPT 2008) showed that projecting bilinear pairings can be achieved in a prime-order group setting. They constructed both projecting asymmetric bilinear pairings and projecting symmetric bilinear pairings, where a bilinear pairing $e$ is symmetric if it satisfies $e(g,h)=e(h,g)$ for any group elements $g$ and $h$; otherwise, it is asymmetric. Subsequently, Freeman (EUROCRYPT 2010) generalized Groth-Sahai\'s projecting asymmetric bilinear pairings.

In this paper, we provide impossibility results on projecting bilinear pairings in a prime-order group setting. More precisely, we specify the lower bounds of

1. the image size of a projecting asymmetric bilinear pairing

2. the image size of a projecting symmetric bilinear pairing

3. the computational cost for a projecting asymmetric bilinear pairing

4. the computational cost for a projecting symmetric bilinear pairing

in a prime-order group setting naturally induced from the $k$-linear assumption, where the computational cost means the number of generic operations.

Our lower bounds regarding a projecting asymmetric bilinear pairing are tight, i.e., it is impossible to construct a more efficient projecting asymmetric bilinear pairing than the constructions of Groth-Sahai and Freeman. However, our lower bounds regarding a projecting symmetric bilinear pairing differ from Groth and Sahai\'s results regarding a symmetric bilinear pairing; We fill these gaps by constructing projecting symmetric bilinear pairings.

In addition, on the basis of the proposed symmetric bilinear pairings, we construct more efficient instantiations of cryptosystems that essentially use the projecting symmetric bilinear pairings in a modular fashion. Example applications include new instantiations of the Boneh-Goh-Nissim cryptosystem, the Groth-Sahai non-interactive proof system, and Seo-Cheon round optimal blind signatures proven secure under the DLIN assumption. These new instantiations are more efficient than the previous ones, which are also provably secure under the DLIN assumption. These applications are of independent interest.

15:17 [Pub][ePrint] Enhanced Ownership Transfer Protocol for RFID in an Extended Communication Model, by Jorge Munilla, Alberto Peinado, Guoming Yang and Willy Susilo

  Ownership Transfer Protocols for RFID allow transferring the

rights over a tag from a current owner to a new owner in a secure

and private way. Recently, Kapoor and Piramuthu have proposed two

schemes which overcome most of the security weaknesses detected in

previously published protocols. Still, this paper reviews that

work and points out that such schemes still present some practical

and security issues. In particular, they do not manage to

guarantee the privacy of the new owner without the presence of a

Trusted Third Party, and we find that the assumed communication

model is not suitable for many practical scenarios. We then

propose here a lightweight protocol that can be used in a wider

range of applications, and which incorporates recently defined

security properties such as Tag Assurance, Undeniable Ownership

Transfer, Current Ownership Proof and Owner Initiation. Finally,

this protocol is complemented with a proposed Key Change Protocol,

based on noisy tags, which provides privacy to the new owner

without either resorting to a Trusted Third Party or assuming an

Isolated Environment.

15:17 [Pub][ePrint] A family of 6-to-4-bit S-boxes with large linear branch number, by Daniel Loebenberger and Michael Nüsken

  We propose a family of 6-to-4-bit S-boxes with linear branch number 3. Since they also fulfill various further desirable properties, such S-boxes can serve as a building block for various block ciphers.

15:17 [Pub][ePrint] Ideal and Perfect Hierarchical Secret Sharing Schemes based on MDS codes, by Appala Naidu Tentu and Prabal Paul and V Ch Venkaiah

  An ideal conjunctive hierarchical secret sharing scheme, constructed based on the Maximum Distance Separable (MDS) codes, is proposed in this paper. The scheme, what we call, is computationally perfect. By computationally perfect, we mean, an authorized set can always reconstruct the secret in polynomial time whereas for an unauthorized set this is computationally hard. Also, in our scheme, the size of the ground field is independent of the parameters of the access structure. Further, it is efficient and requires $O(n^3)$, where $n$ is the number of participants.

Keywords: Computationally perfect, Ideal, Secret sharing scheme, Conjunctive hierarchical access structure, Disjunctive hierarchical access structure, MDS code.

15:17 [Pub][ePrint] Power Analysis Attacks against FPGA Implementations of KLEIN, by Shaohua Tang and Jianhao Wu and Weijian Li and Zheng Gong

  KLEIN is a family of block ciphers proposed by Zheng Gong et al. at RFIDSec 2011, and its lightweight features are suitable for resource-constrained devices. However, the original design of KLEIN does not consider the potential attacks by power analysis methods. This paper presents power analysis attacks against a FPGA implementation of KLEIN by the authors of KLEIN. The attacking strategy, attacking point and complexity of our attacks via power analysis against KLEIN are discussed in detail. Besides, the implementation of the attacks is also described, and the experimental data is given. A lot of attacking experiments are launched by this paper, and the experiments confirm that the success probability of our attacks is nearly 100%. Finally, a defensive countermeasure against our attacks is proposed.

15:17 [Pub][ePrint] Improved Differential Fault Analysis on ARIA using Small Number of Faults, by Yuseop Lee, Kitae Jeong, Jaechul Sung, Seokhie Hong

  In [15], Li et al. firstly proposed a differential fault analysis on ARIA-128. This attack requires average 45 random byte fault injections. In 2012, Park et al. proposed the improve DFA by using 33 random byte fault injection. Also Kim proposed differential fault analysis based on multi byte fault model. In this model, the number of fault injections is reduce to 13 and If access to the decryption oracle is allowed, only 7 faults are required. In this paper, we propose improved differential fault analysis on ARIA. Based on random byte fault model, the proposed attacks can recover the secret key of ARIA-128/192/256 by using 6 fault injections within a few minutes. Moreover, in cases of ARIA-128 and ARIA-256, it is possible to recover the secret key using only 4 fault injections under a fault assumption where an attacker can induce some faults during both encryption and decryption process, respectively.

Our results on ARIA-192/256 are the first known DFA results on them.

15:17 [Pub][ePrint] A generalisation of Miller\'s algorithm and applications to pairing computations on abelian varieties, by David Lubicz and Damien Robert

  In this paper, we use the theory of theta functions to generalize to

all abelian varieties the usual Miller\'s algorithm to compute a

function associated to a principal divisor. We also explain how to

use the Frobenius morphism on abelian varieties defined over a

finite field in order to shorten the loop of the Weil and Tate

pairings algorithms. This extend preceding results about ate and

twisted ate pairings to all abelian varieties. Then building upon

the two preceding ingredients, we obtain a variant of optimal

pairings on abelian varieties. Finally, by introducing new addition

formulas, we explain how to compute optimal pairings on Kummer

varieties. We compare in term of performance the resulting

algorithms to the algorithms already known in the genus one and two