International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

03:17 [Pub][ePrint] Cryptanalysis of GOST R Hash Function, by Zongyue Wang, Hongbo Yu, Xiaoyun Wang

  GOST R is the hash function standard of Russia. This paper presents some cryptanalytic results on GOST R. Using the rebound attack technique, we achieve collision attacks on the reduced round compression function. Result on up to 9.5 rounds is proposed, the time complexity is 2^{176} and the memory requirement is 2^{128} bytes. Based on the 9.5-round collision result, a limited birthday distinguisher is presented. More

over, a method to construct k collisions on 512-bit version of GOST R is given which show the weakness of the structure used in GOST R. To the best of our knowledge, these are the first results on GOST R.

03:17 [Pub][ePrint] On Algebraic Immunity of $\\Tr(x^{-1})$ over $\\mathbb{F}_{2^n}, by Xiutao Feng

  The trace inverse function $\\Tr(x^{-1})$ over the finite field $\\mathbb{F}_{2^n}$ is a class of very important Boolean functions in stream ciphers, which possesses many good properties,

including high algebraic degree, high nonlinearity, ideal autocorrelation, etc. In this work we discuss properties of $\\Tr(x^{-1})$ in resistance to (fast) algebraic attacks.

As a result, we prove that the algebraic immunity of $\\Tr(x^{-1})$ arrives the upper bound

given by Y. Nawaz et al when $n\\ge4$, that is, $\\AI(\\Tr(x^{-1}))=\\ceil{2\\sqrt{n}}-2$, which shows that D.K. Dalai\' conjecture on the algebraic immunity

of $\\Tr(x^{-1})$ is correct for almost all positive integers $n$. What is more, we further demonstrate some weak properties of $\\Tr(x^{-1})$ in resistance to fast algebraic attacks.

03:17 [Pub][ePrint] Generic related-key and induced chosen IV attacks using the method of key differentiation, by Enes Pasalic and Yongzhuang Wei

  Related-key and chosen IV attacks are well known cryptanalytic tools in cryptanalysis of stream ciphers. Though the related-key model is considered to be much more unrealistic scenario than the chosen IV model we show that under certain circumstances the attack assumptions may become equivalent. We show that the key differentiation method induces a generic attack in a related-key model whose time complexity in the on-line phase is less than the exhaustive key search. The case of formal equivalency between the two scenarios arises when so-called {\\em differentiable polynomials} with respect to some subset of key variables are a part of the state bit expressions (from which the output keystream bits are built). Then the differentiation over a key cube has the same effect as the differentiation over the corresponding IV cube, so that a generic nature of a related-key model is transferred into a more practical chosen IV model. The existence of such polynomials is confirmed for the reduced round stream cipher TRIVIUM up to some 710 rounds and an algorithm for their detection is proposed.

The key differentiation method induces a time/related-key trade-off (TRKTO) attack which (assuming the existence of differentiable polynomials) can be run in a chosen IV model. The resulting trade-off curve of our TMDTO attack is given by $T^2M^2D^2=(KV)^2$ ($V$ denoting the IV space), which is a significant improvement over the currently best known trade-off $TM^2D^2=(KV)^2$ \\cite{IVDunkel08}.

03:17 [Pub][ePrint] ESPOON ERBAC: Enforcing Security Policies in Outsourced Environments, by Muhammad Rizwan Asghar and Mihaela Ion and Giovanni Russello and Bruno Crispo

  Data outsourcing is a growing business model offering services to individuals and enterprises for processing and storing a huge amount of data. It is not only economical but also promises higher availability, scalability, and more effective quality of service than in-house solutions. Despite all its benefits, data outsourcing raises serious security concerns for preserving data confidentiality. There are solutions for preserving confidentiality of data while supporting search on the data stored in outsourced environments. However, such solutions do not support access policies to regulate access to a particular subset of the stored data.

For complex user management, large enterprises employ Role-Based Access Controls (RBAC) models for making access decisions based on the role in which a user is active in. However, RBAC models cannot be deployed in outsourced environments as they rely on trusted infrastructure in order to regulate access to the data. The deployment of RBAC models may reveal private information about sensitive data they aim to protect. In this paper, we aim at filling this gap by proposing ESPOON ERBAC for enforcing RBAC policies in outsourced environments. ESPOON ERBAC enforces RBAC policies in an encrypted manner where a curious service provider may learn a very limited information about RBAC policies. We have implemented ESPOON ERBAC and provided its performance evaluation showing a limited overhead, thus confirming viability of our approach.

00:17 [Pub][ePrint] Equivalence between MAC and PRF for Blockcipher based Constructions, by Nilanjan Datta and Mridul Nandi

  In FSE 2010, Nandi proved a sufficient condition of pseudo random function (PRF) for affine domain extensions (ADE), wide class of block cipher based domain extensions. This sufficient condition is satisfied by all known blockcipher based ADE constructions, however, it is not a characterization of PRF. In this paper we completely characterize the ADE and show that {\\em message authentication code (MAC) and weakly collision resistant (WCR) are indeed equivalent to PRF}. Note that a PRF is trivially a MAC and WCR, however, the converse need not be true in general. So our result suggests that it would be sufficient to ensure resisting against weakly collision attack or the forging attack to construct a pseudo random function ADE. Unlike FSE 2010 paper, here we consider the {\\em forced collisions of inputs of underlying blockciphers by incorporating the final outputs of a domain extension queried by an adaptive adversary}. This is the main reason why we are able to obtain a characterization of PRF. Our

approach is a more general and hence might have other theoretical interest.

00:17 [Pub][ePrint] Extended Criterion for Absence of Fixed Points, by Oleksandr Kazymyrov and Valentyna Kazymyrova

  One of the criteria for substitutions used in block ciphers is the absence of fixed points. In this paper we show that this criterion must be extended taking into consideration a mixing key function. In practice, we give a description of AES when fixed points are reached. Additionally, it is shown that modulo addition has more advantages then XOR operation.

00:17 [Pub][ePrint] Secure Two-Party Computation with Reusable Bit-Commitments, via a Cut-and-Choose with Forge-and-Lose Technique, by Luís T. A. N. Brandão

  A Secure Two Party Computation (S2PC) protocol allows two parties to compute over their combined private inputs, as if intermediated by a trusted third party. In the active model, security is maintained even if one party is malicious, deviating from the protocol specification. For example, a honest party retains privacy of its input and is ensured a correct output. This can be achieved with a cut-and-choose of garbled circuits (C&C-GCs), where some GCs are verified for correctness and the remaining are evaluated to determine the circuit output.

This paper presents a new C&C-GCs-based S2PC protocol, with significant advantages in efficiency and applicability. First, in contrast with prior protocols that require a majority of evaluated GCs to be correct, the new protocol only requires that at least one evaluated GC is correct. In practice this reduces the total number of GCs to approximately one third, for the same statistical security goal. This is accomplished by augmenting the C&C with a new forge-and-lose technique based on bit commitments with trapdoor. Second, the output of the new protocol includes reusable XOR-homomorphic bit commitments of all circuit input and output bits, thereby enabling efficient linkage of several S2PCs in a reactive manner.

The protocol has additional interesting characteristics (which may allow new comparison tradeoffs). The number of exponentiations is only linear with the number of input and output wires and a statistical parameter -- this is an improvement over protocols whose number of exponentiations is proportional to the number of GCs multiplied by the number of input and output wires. It uses unconditionally hiding bit commitments with trapdoor as the basis of oblivious transfers, with the circuit evaluator choosing a single value and the circuit constructor receiving two (a sort of 2-out-of-1 oblivious transfer, instead of the typical 1-out-of-2). The verification of consistency of circuit input and output keys across different GCs is embedded in the C&C structure.

00:17 [Pub][ePrint] A Method For Generation Of High-Nonlinear S-Boxes Based On Gradient Descent, by Oleksandr Kazymyrov and Valentyna Kazymyrova and Roman Oliynykov

  Criteria based on the analysis of the properties of vectorial Boolean functions for selection of substitutions (S-boxes) for symmetric cryptographic primitives are given. We propose an improved gradient descent method for increasing performance of nonlinear vectorial Boolean functions generation with optimal cryptographic properties. Substitutions are generated by proposed method for the most common 8-bits input and output messages have nonlinearity 104, 8-uniformity and algebraic immunity 3.

00:17 [Pub][ePrint] On Measurable Side-Channel Leaks inside ASIC Design Primitives, by Takeshi Sugawara and Daisuke Suzuki and Minoru Saeki and Mitsuru Shiozaki and Takeshi Fujino

  Leaks inside semi-custom ASIC (Application Specific Integrated Circuit) design primitives are rigorously investigated. The study is conducted by measuring a dedicated TEG (Test Element Group) chip with a small magnetic-field probe on the chip surface. Measurement targets are standard cells and a memory macro cell. Leaks inside the primitives are focused as many of conventional countermeasures place measurability boundaries on these primitives. Firstly, it is shown that current-path leak: a leak based on input-dependent active current path within a standard cell is measurable. Major gate-level countermeasures (RSL, MDPL, and WDDL) become vulnerable if the current-path leak is considered. Secondly, it is shown that internal-gate leak: a leak based on non-linear sub-circuit within a XOR cell is measurable. It can be exploited to bias the distribution of the random mask. Thirdly, it is shown that geometric leak: a leak based on geometric layout of the memory matrix structure is measurable. It is a leak correlated to integer representation of the memory address. We also show that a ROM-based countermeasure (Dual-rail RSL memory) becomes vulnerable with the geometric leak. A general transistor-level design method to counteract the current-path and internal-gate leaks is also shown.

12:24 [Job][New] PhD scholarship, TU Berlin and DLR and HRS ST, Germany, Europe

  In connection with the „Helmholtz Research School on Security Technologies“ (see we are offering an opening for PhD applicants with an outstanding Mathematics/Computer Science/Engineering degree. The successful candidates will have a strong and proven background and as well a self-motivated research interest in at least one of the following research fields:

• sw-induced faultattacks

• fault attacks against crypto systems

• processor bugs in ARM and Intel x86

• excellent programming and Linux system knowledge skills

• computer architecture expertise especially multi-core hw architecture

• reverse engineering of CPU architecture details via patents adn other means

While practically oriented candidates are preferred, outstanding theorists are also considered. Strong candidates are encouraged to send their qualifying applications in electronic form directly to jean-pierre.seifert (at) or doerthe.thiel (at)

Application materials at

Technische Universität Berlin and DLR envisage to ensure equal opportunity for men and women, applications from female candidates with the advertised qualifications are explicitly solicited. Provided qualifications are equal, persons with disabilities will be preferred.

09:33 [Job][New] Professors (all ranks), Nazarbayev University, Kazakhstan

  Nazarbayev University is seeking highly-qualified faculty to join its rapidly growing Mathematics program in the School of Science and Technology (SST). Nazarbayev University was launched in 2010 as a premier national and regional university, partnering with some of the most internationally recognized universities in Higher Education.

Applicants should specify their area of expertise as well as its relevance to one of the three groups within the department: pure mathematics, applied mathematics or statistics.

Successful candidates should hold a doctorate degree (Ph.D.), possess strong teaching skills and experience, excellent English-language communication skills and a demonstrated rank-appropriate research accomplishment. International experience is helpful but not required. Positions are available at all ranks (assistant, associate and full professor); visiting faculty positions are also considered.

Position responsibilities include: a teaching load of two courses (on average) per semester, curricular and program development, ongoing engagement in relevant professional and research activities, general program guidance and leadership, student advising, committee service, and other activities related to the intellectual and cultural environment of the university.

Admission to NU is highly competitive. The student body is selected from the top high schools throughout the country and region.

The NU campus is located in Astana, the capital of Kazakhstan, in the heart of the new and ultra-modern Left-Bank region of the city.

Faculty appointments are scheduled to start in July 2014, with the possibility of earlier start dates. Nazarbayev University offers an attractive benefits package, including:

  • competitive compensation;

  • housing based on family size and rank;

  • relocation allowance;

  • air tickets to home country, twice per year;