International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

04:17 [Pub][ePrint] ECC-Based Non-Interactive Deniable Authentication with Designated Verifier, by Yalin Chen and Jue-Sam Chou2

  Recently, researchers have proposed many non-interactive deniable authentication (NIDA) protocols. Most of them claim that their protocols possess full deniability. However, after reviewing, we found that they either cannot achieve full deniability, or suffer KCI or SKCI attack; moreover, lack efficiency, because they are mainly based on DLP, factoring problem, or bilinear pairings. Due to this observation, and that ECC provides the security equivalence to RSA and DSA by using much smaller key size, we used Fiat-Shamir heuristic to propose a novel ECC-based NIDA protocol for achieving full deniability as well as getting more efficient than the previous schemes. After security analyses and efficiency comparisons, we confirmed the success of the usage. Therefore, the proposed scheme was more suitable to be implemented in low power mobile devices than the others.

04:17 [Pub][ePrint] Secure Multiparty Computations on BitCoin, by Marcin Andrychowicz and Stefan Dziembowski and Daniel Malinowski and Łukasz Mazurek

  itCoin is a decentralized digital currency, introduced in 2008, that has recently gained noticeable popularity. Its main features are: (a) it lacks a central authority that controls the transactions, (b) the list of transactions is publicly available, and (c) its syntax allows more advanced transactions than simply transferring the money. The goal of this paper is to show how these properties of BitCoin can be used in the area of secure multiparty computation protocols (MPCs).

Firstly, we show that the BitCoin system provides an attractive way to construct a version of \"timed commitments\", where the committer has to reveal his secret within a certain time frame, or to pay a fine. This, in turn, can be used to obtain fairness in some multiparty protocols. Secondly, we introduce a concept of multiparty protocols that work \"directly on BitCoin\". Recall that the standard definition of the MPCs guarantees only that the protocol \"emulates the trusted third party\". Hence ensuring that the inputs are correct, and the outcome is respected is beyond the scope of the definition. Our observation is that the BitCoin system can be used to go beyond the standard \"emulation-based\" definition, by constructing protocols that link their inputs and the outputs with the real BitCoin transactions.

As an instantiation of this idea we construct protocols for secure multiparty lotteries using the BitCoin currency, without relying on a trusted authority (one of these protocols uses the BitCoin-based timed commitments mentioned above). Our protocols guarantee fairness for the honest parties no matter how the looser behaves. For example: if one party interrupts the protocol then her money is lost and transferred to the honest participants. Our protocols are practical (to demonstrate it we performed their transactions in the actual BitCoin system), and can be used in real life as a replacement for the online gambling sites. We think that this paradigm can have also other applications. We discuss some of them.

04:17 [Pub][ePrint] Efficient Leakage-Resilient Signature Schemes in the Generic Bilinear Group Model, by Fei Tang, Hongda Li, Qihua Niu, and Bei Liang

  We extend the techniques of Kiltz et al. (in ASIACRYPT 2010) and Galindo et al. (in SAC 2012) to construct two efficient leakage-resilient signature schemes. Our schemes based on Boneh-Lynn-Shacham (BLS) short signature and Waters signature schemes, respectively. Both of them are more efficient than Galindo et al.\'s scheme, and can tolerate leakage of (1-o(1))/2 of the secret key at every signature invocation. The security of the proposed schemes are proved in the generic bilinear group model (additionally, in our first scheme which based on the BLS short signature, a random oracle is needed for the proof).

13:44 [Event][New] CTCrypt 2014: 3rd Workshop on Current Trends in Cryptology

  Submission: 3 March 2014
Notification: 14 April 2014
From June 5 to June 6
Location: Moscow, Russia
More Information:

10:25 [Event][New] CSF'14: 27th IEEE Computer Security Foundations Symposium

  Submission: 3 February 2014
Notification: 11 April 2014
From July 19 to July 22
Location: Vienna, Austria
More Information:

10:24 [Job][New] Maitre Assistant(e) - Senior Assistant (postdoc), University of Neuchatel, Switzerland

  A 4 year position as Senior Assistant (postdoc) is available at the Mathematics Department in Neuchatel (Switzerland). Little teaching duties (in French). Preference will be given to candidates who reinforce one of the research directions of the department (among which we have coding theory and cryptography). The starting date is Aug-Sept 2014.

Further information soon available at

10:23 [Job][New] Post-Doc, Royal Holloway, University of London, UK

  The Information Security Group at Royal Holloway, University of London is seeking to recruit a post-doctoral research assistant to work in the area of “Cryptography: Bridging Theory and Practice”. The position is available immediately and will run until February 28th 2015.

The post-doc will join a team of post-docs and PhD students working under the leadership of Prof. Kenny Paterson. The aim of the project is to find weaknesses in cryptographic specifications and implementations, to understand how these weaknesses can be addressed in practical ways, and to develop extensions of current cryptographic theory that permit more realistic modelling of cryptographic primitives as they are used in fielded systems. The position will also involve activities designed to engage both the theory community and practitioners in the research.

Applicants should have already completed, or be close to completing, a PhD in a relevant discipline. Applicants should have an outstanding research track record in Cryptography, in either theoretical or applied aspects of the subject, and, ideally, in both aspects. Applicants should be able to demonstrate scientific creativity, research independence, and the ability to communicate their ideas effectively in written and verbal form.

Salary is in the range £32,862 to £34,724 per annum inclusive of London Allowance

Informal enquiries can be made to Kenny Paterson at kenny.paterson (at)

To view further details of this post and to apply please visit . The RHUL Recruitment Team can be contacted with queries by email at: recruitment (at) or via telephone on: +44 (0)1784 41 4241.

Please quote the reference: X1113/7450

Closing Date: Midnight, Sunday 22nd December 2013

Interview Date: To be confirmed

08:03 [News] IACR Ethics Committee


The Ethics Committee of the IACR is responsible for providing recommendations to editors, program chairs, program-committee members, and reviewers concerning fairness and ethical aspects of all matters under the influence of the IACR, such as its operations, its events, and its publications.

The mission of the Ethics Committee is described in the "IACR Policy for the Ethics Committee", available at

The Ethics committee has discussed only a handful of cases in 2013. In the interest of raising awareness for ethical matters among the researchers in cryptology, the Ethics Committee may occasionally inform the IACR members about its work. An account of one case follows.

A team of authors submitted a paper to a non-IACR conference in the field of cryptology and information security. After submitting the work, the authors developed their method further and discovered other ways to attack the problem. Before receiving an acceptance or rejection notification from the conference, the authors had written another paper on the second method and submitted this to a second conference, this one sponsored by the IACR. The second paper did not cite or mention the first paper.

Some reviewers in the overlap of the two program committees spotted a similarity of the works, and, in line with the IACR Policy on Irregular Submissions, they shared this information with the program chairs of the two venues. The program chair of the first conference then rejected the first paper declaring that it was a "potential double submission" and informed the program chair of the IACR conference about this. The authors then reached out to the IACR Ethics Committee and explained their case. They wanted to obtain a clarification that there was no double submission.

The Ethics Committee reviewed the situation and examined the submitted papers superficially. The committee then concluded that there was no obvious case of "parallel submissions" as described in the IACR Policy and that the second paper should enter the regular reviewing process of the IACR conference. The committee also remarked that it cannot make any statement towards the first conference because it is not an IACR venue. To the committee, it seemed that there was a misunderstanding because the existence and nature of technical links between the contributions of the two papers were not mentioned by the authors.

Last but not least, the committee recommended to the authors that, in the interest of being transparent in scientific work, authors should always cite existing known related work, even when a new contribution would not directly build on it. Furthermore, considering the delicate issues around double submissions, this point was particularly important with related work from the same authors.

IACR Ethics Committee (2013)

  • Josh Benaloh
  • Thomas Berson
  • Christian Cachin (chair)

07:58 [Event][New] SCN 2014: Ninth Conference on Security and Cryptography for Networks

  Submission: 14 April 2014
Notification: 9 June 2014
From September 3 to September 5
Location: Amalfi, Italy
More Information:

22:17 [Pub][ePrint] Misuse Resistant Parallel Authenticated Encryptions, by Mridul Nandi and Nilanjan Datta

  The authenticated encryptions which resist misuse of initial value (or nonce) at some desired level of privacy are two-pass or Mac-then-Encrypt constructions (inherently inefficient but provide full privacy) and online constructions, e.g., McOE, sponge-type authenticated encryptions (such as duplex, AEGIS) and COPA. Only the last one is almost parallelizable with some bottleneck in processing associated data. In this paper, {\\em we design a new online secure authenticated encryption, called \\tx{ELmE} or Encrypt-Linear mix-Encrypt, which is completely (two-stage) {\\bf parallel} (even in associated data) and {\\bf pipeline implementable}}. It also provides full privacy when associated data (which includes initial value) is not repeated. The basic idea of our construction and COPA are based on \\tx{EME}, an Encrypt-Mix-Encrypt type SPRP constructions (secure against chosen plaintext and ciphertext). Unlike \\tx{EME}, we consider (so does COPA) online computable {\\bf linear mixing}. In addition with getting rid of bottleneck, our construction optionally supports {\\bf intermediate tags} which can be verified faster with less buffer size. Intermediate tag provides security against block-wise adversaries which is meaningful in low-end device implementation.

22:17 [Pub][ePrint] VMPC-R Cryptographically Secure Pseudo-Random Number Generator Alternative to RC4, by Bartosz Zoltak

  We present a new Cryptographically Secure Pseudo-Random Number Generator. It uses permutations as its internal state, similarly to the RC4 stream cipher. We describe a statistical test which revealed non-random patterns in a sample of $2^{16.6}$ outputs of a 3-bit RC4.

Our new algorithm produced $2^{46.8}$ undistinguishable from random 3-bit outputs in the same test. We probed $2^{51}$ outputs of the algorithm in different statistical tests with different word sizes

and found no way of distinguishing the keystream from a random source. The size of the algorithm\'s internal state is $2^{3424}$ (for an 8-bit implementation). The algorithm is cryptographically secure to the extent we were able to analyse it. Its design is simple and easy to implement. We present the generator along with a key scheduling algorithm processing both keys and initialization vectors.