International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

07:17 [Pub][ePrint] Parallelizable and Authenticated Online Ciphers, by Elena Andreeva and Andrey Bogdanov and Atul Luykx and Bart Mennink and Elmar Tischhauser and Kan Yasuda

  Online ciphers encrypt an arbitrary number of plaintext blocks and output ciphertext blocks which only depend on the preceding plaintext blocks. All online ciphers proposed so far are essentially serial, which significantly limits their performance on parallel architectures such as modern general-purpose CPUs or dedicated hardware. We propose the first parallelizable online cipher, COPE. It performs two calls to the underlying block cipher per plaintext block and is fully parallelizable in both encryption and decryption. COPE is proven secure against chosen-plaintext attacks assuming the underlying block cipher is a strong PRP. We then extend COPE to create COPA, the first parallelizable, online authenticated cipher with nonce-misuse resistance. COPA only requires two extra block cipher calls to provide integrity. The privacy and integrity of the scheme is proven secure assuming the underlying block cipher is a strong PRP. Our implementation with Intel AES-NI on a Sandy Bridge CPU architecture shows that both COPE and COPA are about \\textit{5 times faster} than their closest competition: TC1, TC3, and McOE-G. This high factor of advantage emphasizes the paramount role of parallelizability on up-to-date computing platforms.

07:17 [Pub][ePrint] APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography, by Elena Andreeva and Beg\\\"ul Bilgin and Andrey Bogdanov and Atul Luykx and Bart Mennink and Nicky Mouha and Kan Yasuda

  The domain of lightweight cryptography focuses on cryptographic algorithms for extremely constrained devices. It is very costly to avoid nonce reuse in such environments, because this requires either a secure pseudorandom number generator (PRNG), or non-volatile memory to store a counter. At the same time, a lot of cryptographic schemes actually require the nonce assumption for their security. In this paper, we propose APE as the first permutation-based authenticated encryption scheme that is resistant against nonce misuse. We formally prove that APE is secure, based on the security of the underlying permutation. To decrypt, APE processes the ciphertext blocks in reverse order, and uses inverse permutation calls. APE therefore requires a permutation that is both efficient for forward and inverse calls. We instantiate APE with the permutations of three recent lightweight hash function designs: \\quark, \\photon, and \\spongent. For any of these permutations, an implementation that supports both encryption and decryption requires less than 1.9~kGE and 2.8~kGE for 80-bit and 128-bit security levels, respectively.

07:17 [Pub][ePrint] Improved Authenticity Bound of EAX, and Refinements, by Kazuhiko Minematsu and Stefan Lucks and Tetsu Iwata

  EAX is a mode of operation for blockciphers to implement an authenticated encryption. The original paper of EAX proved that EAX is unforgeable up to $O(2^{n/2})$ data with one verification query. However, this generally guarantees a rather weak bound for the unforgeability under multiple verification queries, i.e., only $(2^{n/3})$ data is acceptable.

This paper provides an improvement over the previous security proof, by showing that EAX is unforgeable up to $O(2^{n/2})$ data with multiple verification queries. Our security proof is based on the techniques appeared in a paper of FSE 2013 by Minematsu et al. which studied the security of a variant of EAX called EAX-prime.

We also provide some ideas to reduce the complexity of EAX while keeping our new security bound. In particular, EAX needs three blockcipher calls and keep them in memory as a pre-processing, and our proposals can effectively reduce three calls to one call. This would be useful when computational power and memory are constrained.

07:17 [Pub][ePrint] A fast integer-based batch full-homomorphic encryption scheme over finite field, by Long Zhang and Qiuling Yue

  In view of the problems that the plaintext space is too small in the existing schemes. In this paper, a new improved scheme is presented by improving the DGHV scheme. The plaintext space of the improved scheme is extended from finite prime field $F_{2}$ in the original scheme to finite prime field $F_{p}$. Combine and apply the method of encryption in the batch encryption scheme was proposed in 2013, and the plaintext space is further extended to finite fields $F_{q}$.

The new improved scheme encrypts the message by applying the modular mathematical operation

and the Chinese remainder theorem, and the security of the scheme is based on the the difficulty of approximate greatest common divisor problem and the spare subset sum problem. The improved scheme we got has the advantages of encrypt fast, and the size of ciphertext is small. So compared with the original scheme, it is better for practical application.

04:17 [Pub][ePrint] ECC-Based Non-Interactive Deniable Authentication with Designated Verifier, by Yalin Chen and Jue-Sam Chou2

  Recently, researchers have proposed many non-interactive deniable authentication (NIDA) protocols. Most of them claim that their protocols possess full deniability. However, after reviewing, we found that they either cannot achieve full deniability, or suffer KCI or SKCI attack; moreover, lack efficiency, because they are mainly based on DLP, factoring problem, or bilinear pairings. Due to this observation, and that ECC provides the security equivalence to RSA and DSA by using much smaller key size, we used Fiat-Shamir heuristic to propose a novel ECC-based NIDA protocol for achieving full deniability as well as getting more efficient than the previous schemes. After security analyses and efficiency comparisons, we confirmed the success of the usage. Therefore, the proposed scheme was more suitable to be implemented in low power mobile devices than the others.

04:17 [Pub][ePrint] Secure Multiparty Computations on BitCoin, by Marcin Andrychowicz and Stefan Dziembowski and Daniel Malinowski and Łukasz Mazurek

  itCoin is a decentralized digital currency, introduced in 2008, that has recently gained noticeable popularity. Its main features are: (a) it lacks a central authority that controls the transactions, (b) the list of transactions is publicly available, and (c) its syntax allows more advanced transactions than simply transferring the money. The goal of this paper is to show how these properties of BitCoin can be used in the area of secure multiparty computation protocols (MPCs).

Firstly, we show that the BitCoin system provides an attractive way to construct a version of \"timed commitments\", where the committer has to reveal his secret within a certain time frame, or to pay a fine. This, in turn, can be used to obtain fairness in some multiparty protocols. Secondly, we introduce a concept of multiparty protocols that work \"directly on BitCoin\". Recall that the standard definition of the MPCs guarantees only that the protocol \"emulates the trusted third party\". Hence ensuring that the inputs are correct, and the outcome is respected is beyond the scope of the definition. Our observation is that the BitCoin system can be used to go beyond the standard \"emulation-based\" definition, by constructing protocols that link their inputs and the outputs with the real BitCoin transactions.

As an instantiation of this idea we construct protocols for secure multiparty lotteries using the BitCoin currency, without relying on a trusted authority (one of these protocols uses the BitCoin-based timed commitments mentioned above). Our protocols guarantee fairness for the honest parties no matter how the looser behaves. For example: if one party interrupts the protocol then her money is lost and transferred to the honest participants. Our protocols are practical (to demonstrate it we performed their transactions in the actual BitCoin system), and can be used in real life as a replacement for the online gambling sites. We think that this paradigm can have also other applications. We discuss some of them.

04:17 [Pub][ePrint] Efficient Leakage-Resilient Signature Schemes in the Generic Bilinear Group Model, by Fei Tang, Hongda Li, Qihua Niu, and Bei Liang

  We extend the techniques of Kiltz et al. (in ASIACRYPT 2010) and Galindo et al. (in SAC 2012) to construct two efficient leakage-resilient signature schemes. Our schemes based on Boneh-Lynn-Shacham (BLS) short signature and Waters signature schemes, respectively. Both of them are more efficient than Galindo et al.\'s scheme, and can tolerate leakage of (1-o(1))/2 of the secret key at every signature invocation. The security of the proposed schemes are proved in the generic bilinear group model (additionally, in our first scheme which based on the BLS short signature, a random oracle is needed for the proof).

13:44 [Event][New] CTCrypt 2014: 3rd Workshop on Current Trends in Cryptology

  Submission: 3 March 2014
Notification: 14 April 2014
From June 5 to June 6
Location: Moscow, Russia
More Information:

10:25 [Event][New] CSF'14: 27th IEEE Computer Security Foundations Symposium

  Submission: 3 February 2014
Notification: 11 April 2014
From July 19 to July 22
Location: Vienna, Austria
More Information:

10:24 [Job][New] Maitre Assistant(e) - Senior Assistant (postdoc), University of Neuchatel, Switzerland

  A 4 year position as Senior Assistant (postdoc) is available at the Mathematics Department in Neuchatel (Switzerland). Little teaching duties (in French). Preference will be given to candidates who reinforce one of the research directions of the department (among which we have coding theory and cryptography). The starting date is Aug-Sept 2014.

Further information soon available at

10:23 [Job][New] Post-Doc, Royal Holloway, University of London, UK

  The Information Security Group at Royal Holloway, University of London is seeking to recruit a post-doctoral research assistant to work in the area of “Cryptography: Bridging Theory and Practice”. The position is available immediately and will run until February 28th 2015.

The post-doc will join a team of post-docs and PhD students working under the leadership of Prof. Kenny Paterson. The aim of the project is to find weaknesses in cryptographic specifications and implementations, to understand how these weaknesses can be addressed in practical ways, and to develop extensions of current cryptographic theory that permit more realistic modelling of cryptographic primitives as they are used in fielded systems. The position will also involve activities designed to engage both the theory community and practitioners in the research.

Applicants should have already completed, or be close to completing, a PhD in a relevant discipline. Applicants should have an outstanding research track record in Cryptography, in either theoretical or applied aspects of the subject, and, ideally, in both aspects. Applicants should be able to demonstrate scientific creativity, research independence, and the ability to communicate their ideas effectively in written and verbal form.

Salary is in the range £32,862 to £34,724 per annum inclusive of London Allowance

Informal enquiries can be made to Kenny Paterson at kenny.paterson (at)

To view further details of this post and to apply please visit . The RHUL Recruitment Team can be contacted with queries by email at: recruitment (at) or via telephone on: +44 (0)1784 41 4241.

Please quote the reference: X1113/7450

Closing Date: Midnight, Sunday 22nd December 2013

Interview Date: To be confirmed