International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

07:17 [Pub][ePrint] APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography, by Elena Andreeva and Beg\\\"ul Bilgin and Andrey Bogdanov and Atul Luykx and Bart Mennink and Nicky Mouha and Kan Yasuda

  The domain of lightweight cryptography focuses on cryptographic algorithms for extremely constrained devices. It is very costly to avoid nonce reuse in such environments, because this requires either a secure pseudorandom number generator (PRNG), or non-volatile memory to store a counter. At the same time, a lot of cryptographic schemes actually require the nonce assumption for their security. In this paper, we propose APE as the first permutation-based authenticated encryption scheme that is resistant against nonce misuse. We formally prove that APE is secure, based on the security of the underlying permutation. To decrypt, APE processes the ciphertext blocks in reverse order, and uses inverse permutation calls. APE therefore requires a permutation that is both efficient for forward and inverse calls. We instantiate APE with the permutations of three recent lightweight hash function designs: \\quark, \\photon, and \\spongent. For any of these permutations, an implementation that supports both encryption and decryption requires less than 1.9~kGE and 2.8~kGE for 80-bit and 128-bit security levels, respectively.

07:17 [Pub][ePrint] Improved Authenticity Bound of EAX, and Refinements, by Kazuhiko Minematsu and Stefan Lucks and Tetsu Iwata

  EAX is a mode of operation for blockciphers to implement an authenticated encryption. The original paper of EAX proved that EAX is unforgeable up to $O(2^{n/2})$ data with one verification query. However, this generally guarantees a rather weak bound for the unforgeability under multiple verification queries, i.e., only $(2^{n/3})$ data is acceptable.

This paper provides an improvement over the previous security proof, by showing that EAX is unforgeable up to $O(2^{n/2})$ data with multiple verification queries. Our security proof is based on the techniques appeared in a paper of FSE 2013 by Minematsu et al. which studied the security of a variant of EAX called EAX-prime.

We also provide some ideas to reduce the complexity of EAX while keeping our new security bound. In particular, EAX needs three blockcipher calls and keep them in memory as a pre-processing, and our proposals can effectively reduce three calls to one call. This would be useful when computational power and memory are constrained.

07:17 [Pub][ePrint] A fast integer-based batch full-homomorphic encryption scheme over finite field, by Long Zhang and Qiuling Yue

  In view of the problems that the plaintext space is too small in the existing schemes. In this paper, a new improved scheme is presented by improving the DGHV scheme. The plaintext space of the improved scheme is extended from finite prime field $F_{2}$ in the original scheme to finite prime field $F_{p}$. Combine and apply the method of encryption in the batch encryption scheme was proposed in 2013, and the plaintext space is further extended to finite fields $F_{q}$.

The new improved scheme encrypts the message by applying the modular mathematical operation

and the Chinese remainder theorem, and the security of the scheme is based on the the difficulty of approximate greatest common divisor problem and the spare subset sum problem. The improved scheme we got has the advantages of encrypt fast, and the size of ciphertext is small. So compared with the original scheme, it is better for practical application.

04:17 [Pub][ePrint] ECC-Based Non-Interactive Deniable Authentication with Designated Verifier, by Yalin Chen and Jue-Sam Chou2

  Recently, researchers have proposed many non-interactive deniable authentication (NIDA) protocols. Most of them claim that their protocols possess full deniability. However, after reviewing, we found that they either cannot achieve full deniability, or suffer KCI or SKCI attack; moreover, lack efficiency, because they are mainly based on DLP, factoring problem, or bilinear pairings. Due to this observation, and that ECC provides the security equivalence to RSA and DSA by using much smaller key size, we used Fiat-Shamir heuristic to propose a novel ECC-based NIDA protocol for achieving full deniability as well as getting more efficient than the previous schemes. After security analyses and efficiency comparisons, we confirmed the success of the usage. Therefore, the proposed scheme was more suitable to be implemented in low power mobile devices than the others.

04:17 [Pub][ePrint] Secure Multiparty Computations on BitCoin, by Marcin Andrychowicz and Stefan Dziembowski and Daniel Malinowski and Łukasz Mazurek

  itCoin is a decentralized digital currency, introduced in 2008, that has recently gained noticeable popularity. Its main features are: (a) it lacks a central authority that controls the transactions, (b) the list of transactions is publicly available, and (c) its syntax allows more advanced transactions than simply transferring the money. The goal of this paper is to show how these properties of BitCoin can be used in the area of secure multiparty computation protocols (MPCs).

Firstly, we show that the BitCoin system provides an attractive way to construct a version of \"timed commitments\", where the committer has to reveal his secret within a certain time frame, or to pay a fine. This, in turn, can be used to obtain fairness in some multiparty protocols. Secondly, we introduce a concept of multiparty protocols that work \"directly on BitCoin\". Recall that the standard definition of the MPCs guarantees only that the protocol \"emulates the trusted third party\". Hence ensuring that the inputs are correct, and the outcome is respected is beyond the scope of the definition. Our observation is that the BitCoin system can be used to go beyond the standard \"emulation-based\" definition, by constructing protocols that link their inputs and the outputs with the real BitCoin transactions.

As an instantiation of this idea we construct protocols for secure multiparty lotteries using the BitCoin currency, without relying on a trusted authority (one of these protocols uses the BitCoin-based timed commitments mentioned above). Our protocols guarantee fairness for the honest parties no matter how the looser behaves. For example: if one party interrupts the protocol then her money is lost and transferred to the honest participants. Our protocols are practical (to demonstrate it we performed their transactions in the actual BitCoin system), and can be used in real life as a replacement for the online gambling sites. We think that this paradigm can have also other applications. We discuss some of them.

04:17 [Pub][ePrint] Efficient Leakage-Resilient Signature Schemes in the Generic Bilinear Group Model, by Fei Tang, Hongda Li, Qihua Niu, and Bei Liang

  We extend the techniques of Kiltz et al. (in ASIACRYPT 2010) and Galindo et al. (in SAC 2012) to construct two efficient leakage-resilient signature schemes. Our schemes based on Boneh-Lynn-Shacham (BLS) short signature and Waters signature schemes, respectively. Both of them are more efficient than Galindo et al.\'s scheme, and can tolerate leakage of (1-o(1))/2 of the secret key at every signature invocation. The security of the proposed schemes are proved in the generic bilinear group model (additionally, in our first scheme which based on the BLS short signature, a random oracle is needed for the proof).

13:44 [Event][New] CTCrypt 2014: 3rd Workshop on Current Trends in Cryptology

  Submission: 3 March 2014
Notification: 14 April 2014
From June 5 to June 6
Location: Moscow, Russia
More Information:

10:25 [Event][New] CSF'14: 27th IEEE Computer Security Foundations Symposium

  Submission: 3 February 2014
Notification: 11 April 2014
From July 19 to July 22
Location: Vienna, Austria
More Information:

10:24 [Job][New] Maitre Assistant(e) - Senior Assistant (postdoc), University of Neuchatel, Switzerland

  A 4 year position as Senior Assistant (postdoc) is available at the Mathematics Department in Neuchatel (Switzerland). Little teaching duties (in French). Preference will be given to candidates who reinforce one of the research directions of the department (among which we have coding theory and cryptography). The starting date is Aug-Sept 2014.

Further information soon available at

10:23 [Job][New] Post-Doc, Royal Holloway, University of London, UK

  The Information Security Group at Royal Holloway, University of London is seeking to recruit a post-doctoral research assistant to work in the area of “Cryptography: Bridging Theory and Practice”. The position is available immediately and will run until February 28th 2015.

The post-doc will join a team of post-docs and PhD students working under the leadership of Prof. Kenny Paterson. The aim of the project is to find weaknesses in cryptographic specifications and implementations, to understand how these weaknesses can be addressed in practical ways, and to develop extensions of current cryptographic theory that permit more realistic modelling of cryptographic primitives as they are used in fielded systems. The position will also involve activities designed to engage both the theory community and practitioners in the research.

Applicants should have already completed, or be close to completing, a PhD in a relevant discipline. Applicants should have an outstanding research track record in Cryptography, in either theoretical or applied aspects of the subject, and, ideally, in both aspects. Applicants should be able to demonstrate scientific creativity, research independence, and the ability to communicate their ideas effectively in written and verbal form.

Salary is in the range £32,862 to £34,724 per annum inclusive of London Allowance

Informal enquiries can be made to Kenny Paterson at kenny.paterson (at)

To view further details of this post and to apply please visit . The RHUL Recruitment Team can be contacted with queries by email at: recruitment (at) or via telephone on: +44 (0)1784 41 4241.

Please quote the reference: X1113/7450

Closing Date: Midnight, Sunday 22nd December 2013

Interview Date: To be confirmed

08:03 [News] IACR Ethics Committee


The Ethics Committee of the IACR is responsible for providing recommendations to editors, program chairs, program-committee members, and reviewers concerning fairness and ethical aspects of all matters under the influence of the IACR, such as its operations, its events, and its publications.

The mission of the Ethics Committee is described in the "IACR Policy for the Ethics Committee", available at

The Ethics committee has discussed only a handful of cases in 2013. In the interest of raising awareness for ethical matters among the researchers in cryptology, the Ethics Committee may occasionally inform the IACR members about its work. An account of one case follows.

A team of authors submitted a paper to a non-IACR conference in the field of cryptology and information security. After submitting the work, the authors developed their method further and discovered other ways to attack the problem. Before receiving an acceptance or rejection notification from the conference, the authors had written another paper on the second method and submitted this to a second conference, this one sponsored by the IACR. The second paper did not cite or mention the first paper.

Some reviewers in the overlap of the two program committees spotted a similarity of the works, and, in line with the IACR Policy on Irregular Submissions, they shared this information with the program chairs of the two venues. The program chair of the first conference then rejected the first paper declaring that it was a "potential double submission" and informed the program chair of the IACR conference about this. The authors then reached out to the IACR Ethics Committee and explained their case. They wanted to obtain a clarification that there was no double submission.

The Ethics Committee reviewed the situation and examined the submitted papers superficially. The committee then concluded that there was no obvious case of "parallel submissions" as described in the IACR Policy and that the second paper should enter the regular reviewing process of the IACR conference. The committee also remarked that it cannot make any statement towards the first conference because it is not an IACR venue. To the committee, it seemed that there was a misunderstanding because the existence and nature of technical links between the contributions of the two papers were not mentioned by the authors.

Last but not least, the committee recommended to the authors that, in the interest of being transparent in scientific work, authors should always cite existing known related work, even when a new contribution would not directly build on it. Furthermore, considering the delicate issues around double submissions, this point was particularly important with related work from the same authors.

IACR Ethics Committee (2013)

  • Josh Benaloh
  • Thomas Berson
  • Christian Cachin (chair)