International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

15:17 [Pub][ePrint] Verifiable Delegation of Computation on Outsourced Data, by Michael Backes and Dario Fiore and Raphael M. Reischuk

  We address the problem in which a client stores a large amount of data with an untrusted server in such a way that, at any moment, the client can ask the server to compute a function on some portion of its outsourced data. In this scenario, the client must be able to efficiently verify the correctness of the result despite no longer knowing the inputs of the delegated computation, it must be able to keep adding elements to its remote storage, and it does not have to fix in advance (i.e., at data outsourcing time) the functions that it will delegate. Even more ambitiously, clients should be able to verify in time independent of the input-size - a very appealing property for computations over huge amounts of data.

In this work we propose novel cryptographic techniques that solve the above problem for the class of computations of quadratic polynomials over a large number of variables. This class covers a wide range of significant arithmetic computations - notably, many important statistics. To confirm the efficiency of our solution, we show encouraging performance results, e.g., correctness proofs have size below 1 kB and are verifiable by clients in less than 10 milliseconds.

08:05 [Job][New] Post-Doc, Telecom ParisTech, Communication and Electrical Engineering Department, Sophia-Antipolis, France


We are looking for a postdoctoral researcher to contribute a project named LibreCloud on self hosted, distributed, redundant and secured cloud services. The main goal of the LibreCloud project is to help end users to better control their personal information and data, at a very low cost and with the quality of service of a commercial cloud solution.

The LibreCloud project aims at packaging a GNU/Linux distribution tailored for cheap and power efficient personal computers (Raspberry Pi, Parallella, Plug Computers). The distribution shall be easy to install and manage and shall embed the largest possible set of services (agenda, notes, address books, bookmarks, keyring, storage, e-mail,...) that are usually found on commercial cloud infrastructures. Its main characteristics shall be strong security (privacy, confidentiality, integrity) and safety (redundancy, backups, continuous availability across time and space).

06:17 [Pub][ePrint] Verifiable Attribute-based Keyword Search over Outsourced Encrypted Data, by Qingji Zheng and Shouhuai Xu and Giuseppe Ateniese

  It is quite common nowadays for data owners to outsource their data to the cloud.

However, since the cloud is not fully trusted, the outsourced data should be encrypted, which brings a range of problems, such as: How can authorized data users search over a data owner\'s outsourced encrypted data?

How should a data owner grant search capabilities to data users?

How can data users be assured that the cloud faithfully executed the search operations? Towards ultimately addressing these problems, in this paper we propose a novel cryptographic scheme, called {\\em verifiable attribute-based keyword search} (\\vabks). This scheme

allows a data user, whose attributes or credentials satisfy a data owner\'s access control policy,

to (i) search over the data owner\'s outsourced encrypted data,

(ii) outsource the tedious search operations to the cloud, and

(iii) verify whether the cloud has faithfully executed the search operations.

We define \\vabks\'s security properties, and present concrete constructions that are proven to possess these properties. Performance evaluation shows that the proposed schemes are practical.

06:17 [Pub][ePrint] Secret Key Cryptosystem based on Polar Codes over Binary Erasure Channel, by Reza Hooshmand, Masoumeh Koochak Shooshtari, Mohammad Reza Aref

  This paper proposes an efficient secret key cryptosystem based on polar codes over Binary Erasure Channel. We introduce a method, for the first time to our knowledge, to hide the generator matrix of the polar codes from an attacker. In fact, our main goal is to achieve secure and reliable communication using finite-length polar codes. The proposed cryptosystem has a significant security advantage against chosen plaintext attacks in comparison with the Rao-Nam cryptosystem. Also, the key length is decreased after applying a new compression algorithm. Moreover, this scheme benefits from high code rate and proper error performance for reliable communication.

06:17 [Pub][ePrint] Towards A Practical JCJ / Civitas Implementation, by Stephan Neumann and Christian Feier and Melanie Volkamer and Reto Koenig

  Internet voting continues to enjoy wide interest from both research and practice. Among the Internet voting schemes developed over the last decades, JCJ / Civitas stands out from the masses due to its innovative approach to resist voter coercion. To achieve its ambitious goal, the scheme builds upon particularly restrictive assumptions and an abstract credential handling rendering the scheme impractical for real-world use. At ARES 2012, Neumann and Volkamer presented a proposal which implements several of these assumptions (voter-side assumptions) and the credential handling by the use of smart cards. While addressing these practical shortcomings of JCJ / Civitas, their proposal did not take performance into account, and accordingly its performance has not been evaluated. In the present work, we revise the ARES proposal from a performance perspective in a security-invariant manner. Based on the herein proposed revisions, we are able to conclude that the revised ARES proposal is feasible to be used in real-world elections.

06:17 [Pub][ePrint] Practical & Provably Secure Distance-Bounding, by Ioana Boureanu and Aikaterini Mitrokotsa and Serge Vaudenay

  Distance-bounding is a practical solution to be used in security-sensitive contexts, to prevent relay attacks. Its applied cryptographic role is definitely spreading fast and it is clearly far reaching, extending from contactless payments to remote car unlocking. However, security models for distance-bounding are not well-established and, as far as we know, no existing protocol is proven to resist all classical attacks: distance-fraud, mafia-fraud, and terrorist-fraud. We herein amend the latter, whilst maintaining the lightweight nature that makes these protocols appropriate for concrete applications. Firstly, we develop a general formalism for distance-bounding protocols and their security requirements. In fact, we also propose specifications of generalised frauds, stemming from the (attack-prone) multi-party scenarios. This entails our incorporation of newly advanced threats, e.g., distance-hijacking. Recently, Boureanu et al. proposed the SKI protocol. We herein extend it and prove its security. To attain resistance to terrorist-fraud, we put forward the use of a leakage scheme and of secret sharing, which we specialise and reinforce with additional requirements. In view of resistance to generalised mafia-frauds (and terrorist frauds), we further introduce the notion of circular-keying for pseudorandom functions (PRFs); this notion models the employment of a PRF, with possible linear reuse of the key. We also identify the need of PRF masking to fix common mistakes in existing security proofs/claims of distance-fraud security. We then enhance our design such that we guarantee resistance to terrorist-fraud in the presence of noise. To our knowledge, all this gives rises the first practical and provably secure class of distance-bounding protocols, even when our protocols are run in noisy communications, which is indeed the real-life setting of deployed, time-critical cryptographic protocols.

09:17 [Pub][ePrint] HPAZ: a High-throughput Pipeline Architecture of ZUC in Hardware, by Zongbin Liu and Neng Gao and Jiwu Jing and Peng Liu

  Abstract.In this paper, we propose a high-throughput pipeline architecture of the stream cipher ZUC which has been included in the security portfolio of 3GPP LTE-Advanced. In the literature, the schema with the highest throughput only implements the working stage of ZUC. The schemas which implement ZUC completely can only achieve a much lower throughput, since a self-feedback loop in the critical path significantly reduces operating frequency. In this paper we design a mixed two-stage pipeline architecture which not only completely implements ZUC but also significantly raises the throughput. We have imple-mented our architecture on FPGA and ASIC. On FPGA platform, the new architecture increases the throughput by 45%, compared with the latest work, and particularly the new architecture also saves nearly 12% of hardware resource. On 65nm ASIC technology, the throughput of the new design can up to 80Gbps, which is 2.7 times faster than the fastest one in the literature, in particularly, it also saves at least 40% of hardware resource. In addition to the academic design, compared with the fastest commercial design, the new architecture doubles the throughput of that. To the best of our knowledge, this evaluation

result is so far the best outcome. It can be assumed that hardware implementations of ZUC following our architecture will fit in future LTE equipments better

06:17 [Pub][ePrint] Reset Indifferentiability and its Consequences, by Paul Baecher and Christina Brzuska and Arno MIttelbach

  The equivalence of the random oracle model and the ideal cipher model has been studied in a long series of results. Holenstein, Künzler, and Tessaro (STOC, 2011) have recently completed the picture positively, assuming that, roughly speaking, equivalence is indifferentiability from each other. However, under the stronger notion of reset indifferentiability this picture changes significantly, as Demay et al. (EUROCRYPT, 2013) and Luykx et al. (ePrint, 2012) demonstrate.

We complement these latter works in several ways. First, we show that any simulator satisfying the reset indifferentiability notion must be stateless and pseudo-deterministic. Using this characterization we show that, with respect to reset indifferentiability, two ideal models are either equivalent or incomparable, that is, a model cannot be strictly stronger than the other model. In the case of the random oracle model and the ideal cipher model, this implies that the two are incomparable. Finally, we examine weaker notions of reset indifferentiability that, while not being able to allow composition in general, allow composition for a large class of multi-stage games. Here we show that the seemingly much weaker notion of 1-reset indifferentiability proposed by Luykx et al. is equivalent to reset indifferentiability. Hence, the impossibility of coming up with a reset indifferentiable construction transfers to the setting where only one reset is permitted, thereby re-opening the quest for an achievable and meaningful notion in between the two variants.

06:17 [Pub][ePrint] Solving Terminal Revocation in EAC by Augmenting Terminal Authentication, by Rafik Chaabouni

  In this paper we propose a solution to enable an accurate terminal revocation in the Extended Access Control (EAC). Chaabouni and Vaudenay in [CV09] pointed out the need for an accurate revocation procedure, but failed to provide a complete solution description. We aim at filling this gap. Our solution relies on augmenting terminal authentication with a t-out-of-l threshold signature provided by neighboring terminals. These terminals will be in charge of checking the revocation status of the requested terminal. As Terminals have a real clock embedded and more computational power than Machine Readable Travel Documents (MRTDs), they are better suited for checking revocation status.

17:40 [Job][New] Post-Doc Positions, University of Bristol

  The Cryptography group within the Department of Computer Science has grown considerably in the last year and additional researchers are required in the following areas:

- Analysis of “real world” protocols

- Formal Methods applied to security protocols

- Fully Homomorphic Encryption

- Lattice Based Cryptography

- Provable Security, i.e. Protocol and Mechanism design

- Multi-Party Computation

You will hold a PhD, or expect to be awarded soon, and have experience in one of the sub-areas of cryptography mentioned above.

You will have a good level of analytical skills and the ability to communicate complex information clearly, both orally and through the written word together with the ability to use personal initiative, and creativity, to solve problems encountered in the research context.

Ideally, you will also have a strong publication record in top relevant venues, such as the IACR conferences and journal, ACM-CCS, IEEE S&P, ESORICS, etc

Appointment may be made at the Research Assistant (grade I) or Research Associate (grade J) level depending on skills and experience and will be for 2 to 3 years in the first instance.

17:39 [Job][New] Post-doc, LIX, École polytechnique, France


We are looking for a postdoctoral researcher to participate in Project CATREL (theoretical and practical improvements for algorithms for breaking discrete logarithms over finite fields). This two-year position is with the GRACE team at the École polytechnique (in the southern suburbs of Paris), starting no later than January 1, 2014.

For more information, see

Candidates should have a PhD in number theory or computer science.

Good programming skills and knowledge of number theory are essential; experience in C/C++ development, algorithmic number theory, and computer algebra systems (such as Magma, Sage, Pari-GP, etc) would be an advantage.