International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

09:17 [Pub][ePrint] New Trapdoor Projection Maps for Composite-Order Bilinear Groups, by Sarah Meiklejohn and Hovav Shacham

  An asymmetric pairing over groups of composite order is a bilinear map $e: G_1 \\times G_2 \\to G_T$ for groups $G_1$ and $G_2$ of composite order $N=pq$. We observe that a recent construction of pairing-friendly elliptic curves in this setting by Boneh, Rubin, and Silverberg exhibits surprising and unprecedented structure: projecting an element of the order-$N^2$ group $G_1 \\oplus G_2$ onto the bilinear groups $G_1$ and $G_2$ requires knowledge of a trapdoor. This trapdoor, the square root of a certain number modulo $N$, seems strictly weaker than the trapdoors previously used in composite-order bilinear cryptography.

In this paper, we describe, characterize, and exploit this surprising structure. It is our thesis that the additional structure available in these curves will give rise to novel cryptographic constructions, and we initiate the study of such constructions. Both the subgroup hiding and SXDH assumptions appear to hold in the new setting; in addition, we introduce custom-tailored assumptions designed to capture the trapdoor nature of the projection maps into $G_1$ and $G_2$. Using the old and new assumptions, we describe an extended variant of the Boneh-Goh-Nissim cryptosystem that allows a user, at the time of encryption, to restrict the homomorphic operations that may be performed. We also present a variant of the Groth-Ostrovsky-Sahai NIZK, and new anonymous IBE, signature, and encryption schemes.

09:17 [Pub][ePrint] Parallel authenticated encryption with the duplex construction, by Pawel Morawiecki and Josef Pieprzyk

  The authentication encryption (AE) scheme based on the duplex construction can no be paralellized at the algorithmic level. To be competitive with some block cipher based modes like OCB (Offset CodeBook) or GCM (Galois Counter Mode), a scheme should allow parallel processing. In this note we show how parallel AE can be realized within the framework provided by the duplex construction. The first variant, pointed by the duplex designers, is a tree-like structure. Then we simplify the scheme replacing the final node by the bitwise xor operation and show that such a scheme has the same security level.

09:17 [Pub][ePrint] A provable secure anonymous proxy signature scheme without random oracles, by Rahim Toluee, Maryam Rajabzadeh Asaar, Mahmoud Salmasizadeh

  In order to protect the proxy signers\' privacy, many anonymous proxy signature schemes which are also called proxy ring signatures, have been proposed. Although the provable security in the random oracle model has received a lot of criticism, there is no provable secure anonymous proxy signature scheme without random oracles. In this paper, we propose the first provable secure anonymous proxy signature scheme without random oracles which is the combination of proxy signature and ring signa-ture. For the security analysis, we categorize the adversaries into three types accord-ing to different resources they can get and prove in the standard model that, our pro-posal is anonymous against full key exposure and existential unforgeable against all kinds of adversaries with the computational Diffie-Hellman and the subgroup hiding assumptions in bilinear groups.

04:47 [Event][New] SEC 2014: 29th IFIP TC11 SEC 2014 Int Conf ICT Systems Security & Privacy Protection

  Submission: 20 January 2014
Notification: 10 March 2014
From June 2 to June 4
Location: Marrakech, Morocco
More Information:

04:46 [Event][New] CHES 2014: Cryptographic Hardware and Embedded Systems

  Submission: 3 March 2014
Notification: 26 May 2014
From September 23 to September 26
Location: Busan, Korea
More Information:

16:30 [Job][New] Two PhD Positions, University of Bristol

  The Government Communications Headquarters (GCHQ) in Cheltenham has agreed in principle to sponsor two PhD/Doctoral Studentships at Bristol University in the area of Cryptography. See the link below for the two project descriptions.

The studentships are only open to UK nationals and the successful candidate will be required to spend in the region of 2 - 4 weeks per year at GCHQ headquarters in Cheltenham. To be considered for this studentship, candidates must therefore be prepared to undergo GCHQ\\\'s security clearance procedures.

The studentships will be funded for a period of 3.5 years. GCHQ will cover the costs of university fees (currently £ 3828 per annum) and will provide an annual stipend to the student corresponding to the National Minimum Stipend (currently £ 13,590 per annum) plus an additional stipend of £ 7,000 per annum. Making a total tax-free stipend of £ 20,590 per annum. A generous travel budget is also provided to enable attendance at international conferences and workshops.

08:41 [News] Deadline for Nominations of IACR Fellows

  Nominations and endorsements for IACR Fellows are due on December 31. Instructions are available at

13:03 [Job][New] Two Post-Docs, Nanyang Technological University, Singapore

  We are looking for two Post-Docs in coding and lattice based cryptography. Contact us if you have (or will have soon) a PhD in Cryptography or a related subject, an excellent publication record and would like to work in a fun environment in Singapore.

More information on Coding and Crypto Research Group at Nanyang Technological University can be found at

The applications will be considered immediately. The positions are for 1 year, but renewable up to 3 years.

18:17 [Pub][ePrint] Direct Chosen-Ciphertext Secure Attribute-Based Key Encapsulations without Random Oracles, by Johannes Blömer and Gennadij Liske

  We present a new technique to realize attribute-based encryption (ABE) schemes secure in the standard model against chosen-ciphertext attacks (CCA-secure). Our approach is to extend certain concrete chosen-plaintext secure (CPA-secure) ABE schemes to achieve more efficient constructions than the known generic constructions of CCA-secure ABE schemes. We restrict ourselves to the construction of attribute-based key encapsulation mechanisms (KEMs) and present two concrete CCA-secure schemes: a key-policy attribute-based KEM that is based on Goyal\'s key-policy ABE and a ciphertext-policy attribute-based KEM that is based on Waters\' ciphertext-policy ABE. To achieve our goals, we use an appropriate hash function and need to extend the public parameters and the ciphertexts of the underlying CPA-secure encryption schemes only by a single group element. Moreover, we use the same hardness assumptions as the underlying CPA-secure encryption schemes.

18:17 [Pub][ePrint] A note on high-security general-purpose elliptic curves, by Diego F. Aranha and Paulo S. L. M. Barreto and Geovandro C. C. F. Pereira

  In this note we describe some general-purpose, high-efficiency elliptic curves targeting at security levels beyond $2^{128}$. As a bonus, we also include legacy-level curves. The choice was made to facilitate state-of-the-art implementation techniques.

15:17 [Pub][ePrint] Communication-Efficient MPC for General Adversary Structures, by Joshua Lampkins and Rafail Ostrovsky

  A multiparty computation (MPC) protocol allows a set of players to compute a function of their inputs while keeping the inputs private and at the same time securing the correctness of the output. Most MPC protocols assume that the adversary can corrupt up to a fixed fraction of the number of players. Hirt and Maurer initiated the study of MPC under more general corruption patterns, in which the adversary is allowed to corrupt any set of players in some pre-defined collection of sets [6]. In this paper we consider this important direction of research and present significantly improved communication complexity of MPC protocols for general adversary structures. More specifically, ours is the first unconditionally secure protocol that achieves linear communication in the size of Monotone Span Program representing the adversary structure in the malicious setting against any Q2 adversary structure, whereas all previous protocols were at least cubic.