International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

15:17 [Pub][ePrint] Differentially 4-Uniform Bijections by Permuting the Inverse Function, by Deng Tang and Claude Carlet and Xiaohu Tang

  Block ciphers use Substitution boxes (S-boxes) to create confusion into the cryptosystems. Functions used as S-boxes should have low differential uniformity, high nonlinearity and algebraic degree larger than 3 (preferably strictly larger). They should be fastly computable; from this viewpoint, it is better when they are in even number of variables. In addition, the functions should be bijections in a Substitution-Permutation Network. Almost perfect nonlinear (APN) functions have the lowest differential uniformity 2 and the existence of APN bijections over $\\F_{2^n}$ for even $n\\ge 8$ is a big open problem. In the present paper, we focus on constructing differentially 4-uniform bijections suitable for designing S-boxes for block ciphers. Based on the idea of permuting the inverse function, we design a construction providing a large number of differentially 4-uniform bijections with maximum algebraic degree and high nonlinearity. For every even $n\\ge 12$, we mathematically prove that the functions in a subclass of the constructed class are CCZ-inequivalent to known differentially 4-uniform power functions and to quadratic functions. This is the first mathematical proof that an infinite class of differentially 4-uniform bijections is CCZ-inequivalent to known differentially 4-uniform power functions and to quadratic functions. We also get a general lower bound on the nonlinearity of our functions, which can be very high in some cases, and obtain three improved lower bounds on the nonlinearity for three special subcases of functions which are extremely large.

23:47 [Event][New] WiSec'14: The 7th ACM Conference on Security and Privacy

  Submission: 10 March 2014
Notification: 7 May 2014
From June 21 to June 25
Location: Oxford, England
More Information:

06:34 [Event][New] COSADE'14: Workshop on Constructive Side-Channel Analysis and Secure Design

  Submission: 15 December 2013
Notification: 10 February 2014
From April 13 to April 15
Location: Paris, France
More Information: http://

06:25 [Job][New] Two Postdoc Positions, Technical University of Denmark, DTU

  Department of Applied Mathematics and Computer Science, Technical University of Denmark, would like to invite applications for two Postdoc positions of each 18 months, both starting 1 January 2014 or soon thereafter. The topic of the project is lightweight cryptology, which regards scenarios involving strongly resource-constrained devices.

Candidates for the first postdoc position should have a strong cryptanalytic and mathematical background and be able to analyze the security of ciphers to be designed. Candidates for the second postdoc should have a solid background in hardware design and automation and be able to work on the physical constraints and optimization of the hardware implementations.

06:25 [Job][New] Lecturer in Secure Digital Systems, Centre for Secure Information Technologies (CSIT), Queen’s University Belfast, UK

  Applications are invited for Lectureships in Secure Digital Systems to undertake research in Data, Network and/or Malware security within the Centre for Secure Information Technologies (CSIT), which is part of the School of Electronics, Electrical Engineering and Computer Science (EEECS). Candidates will also be required to undertake lecturing duties at undergraduate and post-graduate level and to actively engage in major research with industry.

Applicants must have at least a 2:1 Honours Degree (or equivalent) in Electrical and Electronics Engineering, Computer Science, Mathematics or closely related discipline and a PhD, or expect, within 6 months, to obtain a PhD, in a relevant subject. Evidence of high quality research in a relevant field commensurate with stage of academic career, or extensive industrial experience in a relevant area, is essential. Applicants with research expertise in one or more of the following areas are strongly encouraged to apply: applied cryptography, side channel analysis, security protocols, malware/botnet analysis, network forensics, cloud security, threat and attack mitigation, insider threat behaviour, software security.

21:17 [Pub][ePrint] Protecting Obfuscation Against Algebraic Attacks, by Boaz Barak and Sanjam Garg and Yael Tauman Kalai and Omer Paneth and Amit Sahai

  The goal of general-purpose program obfuscation is to make an arbitrary computer program ``unintelligible\'\' while preserving its functionality. At least as far back as the work of Diffie and Hellman in 1976, researchers have contemplated applications of general-purpose obfuscation. However, until 2013, even heuristic constructions for general-purpose obfuscation were not known.

This changed with the work of Garg, Gentry, Halevi, Raykova, Sahai, and Waters ({FOCS 2013}), which gave the first candidate construction of general-purpose obfuscation. The heart of their construction is an obfuscator for log-depth (\\textbf{NC$^1$}) circuits, building upon a simplified subset of the Approximate Multilinear Maps framework of Garg, Gentry, and Halevi ({Eurocrypt 2013}) that they call Multilinear Jigsaw Puzzles.

Given the importance of general-purpose obfuscation, it is imperative that we gain as much confidence as possible in candidates for general-purpose obfuscation. In this work, we focus on the following question: Do there exist \\emph{algebraic} attacks (a.k.a. generic multilinear attacks) against candidate constructions of general-purpose obfuscation? Indeed, Garg \\emph{et al.} posed

the problem of proving that there exist no generic multilinear attacks against their core \\textbf{NC$^1$} scheme as a major open problem in their work. Solving this problem will give us essential evidence that mathematical approaches to general purpose obfuscation introduced by Garg \\emph{et al.} are sound.

This problem was first addressed in the recent work of Brakerski and Rothblum (eprint 2013), who constructed a variant of the Garg \\emph{et al.} candidate obfuscator, and proved that it achieves the strongest definition of security for general-purpose obfuscation --- Virtual Black Box (VBB) security --- against

all generic multilinear attacks, albeit under an unproven assumption they introduce as the Bounded Speedup Hypothesis, which strengthens the Exponential Time Hypothesis.

In this work, we resolve the open problem of Garg \\emph{et al.} completely, by removing the need for this additional assumption. More specifically, we describe

a different (and arguably simpler) variant of the construction of Garg \\emph{et al.}, for which we can prove that it achieves Virtual Black Box security against

all generic multilinear attacks, \\emph{with no further assumptions}.

21:17 [Pub][ePrint] Combined Modeling and Side Channel Attacks on Strong PUFs, by Ahmed Mahmoud and Ulrich Rührmair and Mehrdad Majzoobi and Farinaz Koushanfar

  Physical Unclonable Functions (PUFs) have established themselves

in the scientific literature, and are also gaining ground

in commercial applications. Recently, however, several attacks

on PUF core properties have been reported. They concern

their physical and digital unclonability, as well as their

assumed resilience against invasive or side channel attacks.

In this paper, we join some of these techniques in order

to further improve their effectiveness. The combination of

machine-learning based modeling techniques with side channel

information allows us to attack so-called XOR Arbiter

PUFs and Lightweight PUFs up to a size and complexity

that was previously out of reach. For Lightweight PUFs,

for example, we report successful attacks for bitlengths of

64, 128 and 256, and for up to nine single Arbiter PUFs

whose output is XORed. Previous work at CCS 2010 and

IEEE TIFS 2013, which provides the currently most efficient

modeling results, had only been able to attack this structure

for up to five XORs and bitlength 64.

Our attack employs the first power side channel (PSC) for

Strong PUFs in the literature. This PSC tells the attacker

the number of single Arbiter PUF within an XOR Arbiter

PUF or Lightweight PUF architecture that are zero or one.

This PSC is of little value if taken by itself, but strongly

improves an attacker\'s capacity if suitably combined with

modeling techniques. At the end of the paper, we discuss efficient

and simple countermeasures against this PSC, which

could be used to secure future PUF generations.

15:05 [Election] IACR Election & Referendum - Please Vote

  The 2013 Election for Directors and Officers of the IACR Board and the Referendum on Bylaws Amendments are open from October 1st until November 15, 2013. All 2013 members of the IACR (generally, people who attended an IACR conference or workshop in 2012) should receive voting credentials from sent to their email address of record with the IACR on October 1st, 2013.

18:17 [Pub][ePrint] Improved Linear Attacks on the Chinese Block Cipher Standard, by Mingjie Liu and Jiazhe Chen

  The block cipher used in the Chinese Wireless LAN Standard (WAPI), SMS4, was recently renamed as SM4, and became the block cipher standard issued by the Chinese government. This paper improves the previous linear cryptanalysis of SMS4 by giving the first 19-round one-dimensional approximations. The 19-round approximations hold with bias 2^{−62.27}; we use one of them to leverage a linear attack on 23-round SMS4. Our attack improves the previous 23-round attacks by reducing the time complexity. Furthermore, the data complexity of our attack is further improved by the multidimensional linear approach.

18:17 [Pub][ePrint] Flexible and Publicly Verifiable Aggregation Query for Outsourced Databases in Cloud, by Jiawei Yuan and Shucheng Yu

  For securing databases outsourced to the cloud, it is important to allow cloud users to verify that their queries to the cloud-hosted databases are correctly executed by the cloud. Existing solutions on this issue suffer from a high communication cost, a heavy storage overhead or an overwhelming computational cost on clients. Besides, only simple SQL queries (e.g., selection query, projection query, weighted sum query, etc) are supported in existing solutions. For practical considerations, it is desirable to design a client-verifiable (or publicly verifiable) aggregation query scheme that supports more flexible queries with affordable storage overhead, communication and computational cost for users. This paper investigates this challenging problem and proposes an efficient publicly verifiable aggregation query scheme for databases outsourced to the cloud. By designing a renewable polynomial-based authentication tag, our scheme supports a wide range of practical SQL queries including polynomial queries of any degrees, variance query and many other linear queries. Remarkably, our proposed scheme only introduces constant communication and computational cost to cloud users. Our scheme is provably secure under the Static Diffie-Hellman problem, the t-Strong Diffie-Hellman problem and the Computational Diffie-Hellman problem. We show the efficiency and scalability of our scheme through extensive numerical analysis.

18:17 [Pub][ePrint] Parallelizable Authenticated Encryption from Functions, by Kazuhiko Minematsu

  A new authenticated encryption (AE) mode for blockcipher is presented.

The proposed scheme has attractive features for fast and compact operation.

It requires rate-1 blockcipher call, and uses the encryption function of a blockcipher for both encryption and decryption.

Moreover, the scheme enables one-pass, parallel operation under two-block partition.

The proposed scheme thus attains similar characteristics as the seminal OCB mode, without using the inverse blockcipher.

The key idea of our proposal is a novel usage of two-round Feistel permutation, where the round functions are derived from the theory of tweakable blockcipher.

We also describe an instantiation of our idea using a non-invertible primitive, such as a keyed hash function.