International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).


  At Eurocrypt\'12, Pandey and Rouselakis~\\cite{PR12} proposed the notion of property preserving symmetric encryption ({\\PPE}).

They defined several security notions for {\\PPE} and studied their relationship. They also proposed a concrete scheme which preserves

the orthogonality of encrypted vectors. The proposed construction is claimed to achieve the strongest security notion

of property preserving encryption, called {\\LoR} security. In this work, we take a critical look at the three security theorems in the context of {\\PPE} from~\\cite{PR12}. In particular, we show

that the Pandey-Rouselakis construction does not even satisfy the weakest notion of security for {\\PPE}. We also note that

their separation results between different notions of security for {\\PPE} stand vacuous in the absence of any concrete example. We fill up this gap in the separation results of~\\cite{PR12} by suggesting an example construction of


19:17 [Pub][ePrint] Provable Security Proofs and their Interpretation in the Real World, by Vikram Singh

  This paper analyses provable security proofs, using the EDL signature scheme as its case study, and interprets their benefits and drawbacks when applied to the real world.

Provable security has been an area of contention. Some, such as Koblitz and Menezes, give little credit to the potential extra security provided and argue that it is a distracting goal. However, others believe that an algorithm with a security proof is superior to one without it, and are prepared to accept the impact to performance that their use might involve. Goldreich has been notable for his defence of the security proof, and for his opposition to the view of Koblitz and Menezes.

This paper is designed to help the reader make their own decisions on security proofs. We achieve this by giving an introduction to the typical security model used, then give a description of the EDL signature scheme and its tight reduction to the CDH problem in the Random Oracle Model, then analyse the proof\'s assumptions, meaning, validity and overhead for real world security.

19:17 [Pub][ePrint] Practical Dynamic Searchable Encryption with Small Leakage, by Emil Stefanov and Charalampos Papamanthou and Elaine Shi

  Dynamic Searchable Symmetric Encryption (DSSE) enables a client to encrypt his document collection in a way that it is still searchable and efficiently updatable. However, all DSSE constructions that have been presented in the literature so far come with several problems: Either they leak a significant amount of information (e.g., hashes of the keywords contained in the updated document) or are inefficient in terms of space or search/update time (e.g., linear in the number of documents).

In this paper we revisit the DSSE problem. We propose the first DSSE scheme that achieves the best of both worlds, i.e., both small leakage and efficiency. In particular, our DSSE scheme leaks significantly less information than any other previous DSSE construction and supports both updates and searches in sublinear time in the worst case, maintaining at the same time a data structure of only linear size. We finally provide an implementation of our construction, showing its practical efficiency.

19:17 [Pub][ePrint] Verifier-Based Password-Authenticated Key Exchange: New Models and Constructions, by Fabrice Benhamouda and David Pointcheval

  While password-authenticated key exchange (or PAKE) protocols have

been deeply studied, a server corruption remains the main threat, with

many concrete cases nowadays. Verifier-based PAKE (or VPAKE)

protocols, initially called Augmented-PAKE, have been proposed to

limit the impact of any leakage. However, no satisfactory security

model has ever been proposed to quantify the actual security of a

protocol in the standard model. The unique model proposed so far is an

ideal functionality in the universal composability (UC) framework, but

is only meaningful in idealized models.

In this paper, we first enhance the Bellare-Pointcheval-Rogaway

game-based model for PAKE to VPAKE protocols, and then propose the

first game-based security model for both PAKE and VPAKE protocols that

additionally handles related passwords. It also allows a VPAKE

protocol to be secure in the standard model. We then propose several

VPAKE candidates which involve smooth projective hash functions and

multi-linear maps.

19:17 [Pub][ePrint] Keyless Signatures\' Infrastructure: How to Build Global Distributed Hash-Trees, by Ahto Buldas and Andres Kroonmaa and Risto Laanoja

  Keyless Signatures Infrastructure (KSI) is a globally distributed system for providing time-stamping and server-supported digital signature services. Global per-second hash trees are created and their root hash values published.

We discuss some service quality issues that arise in practical implementation of the service and present solutions for avoiding single points of failure and guaranteeing a service with reasonable and stable delay. Guardtime AS has been operating a KSI Infrastructure for 5 years. We summarize how the KSI Infrastructure is built, and the lessons learned during the operational period of the service.

19:17 [Pub][ePrint] A Modular Framework for Building Variable-Input Length Tweakable Ciphers, by Thomas Shrimpton and R. Seth Terashima

  We present the Protected-IV construction (PIV) a simple, modular method for building variable-input-length tweakable ciphers. At our level of abstraction, many interesting design opportunities surface. For example, an obvious pathway to building beyond birthday-bound secure tweakable ciphers with performance competitive with existing birthday-bound-limited constructions. As part of our design space exploration, we give two fully instantiated PIV constructions, TCT1 and TCT2; the latter is fast and has beyond birthday-bound security, the former is faster and has birthday-bound security. Finally, we consider a generic method for turning a VIL tweakable cipher (like PIV) into an authenticated encryption scheme that admits associated data, can withstand nonce-misuse, and allows for multiple decryption error messages. Thus, the method offers robustness even in the face of certain sidechannels, and common implementation mistakes.

15:47 [Job][New] Postdoc Positions in IT-Security, Privacy, and Cryptography, Max Planck Institute for Software Systems, Saarbrücken, Germany

  The security and privacy group (S&P) group at the Max Planck Institute for Software Systems is currently offering postdoc positions under the supervision of Michael Backes. The S&P group collaborates closely with the Center for IT-Security, Privacy and Accountability (CISPA) at Saarland University.

Please refer to the link below for a full description of the open positions.

08:38 [Job][New] Ph.D student , Chalmers University of Technology, Sweden

  We are looking for an excellent PhD candidate to work in the area of information and communication security with a focus on authentication problems in constrained settings. This is particularly important for applications involving mobile phones, wireless communication and RFID systems, which suffer from restrictions in terms of power resources, network connectivity, computational capabilities, as well as potential privacy issues. The overall aim of the project will be to develop nearly optimal algorithms for achieving security and privacy while minimising resource use.

More concretely, part of the research will involve the analysis and development of authentication protocols in specific settings. This will include investigating resistance of both existing and novel protocols against different types of attacks, theoretically and experimentally. In addition to investigating established settings, such as RFID authentication, the research will also explore more general authentication problems, such as those that arise in the context of trust in social networks, smartphone applications and collaborative data processing. This will be done by grounding the work in a generalised decision-making framework. The project should result in the development of theory and authentication mechanisms for noisy, constrained settings that strike an optimal balance between reliable authentication, privacy-preservation and resource consumption. Some previous research related to this research project can be found here:


Applicants for the position shall have a Master’s Degree or corresponding in Computer Science, Informatics, Telecommunications, Information Security and Cryptography or in a related discipline. A master\\\'s degree in information security and cryptography is a bonus.

Experience in one or more of cryptography, probability and statistics, decision and game theory are ben

08:07 [Event][New] IEEE Computer SI on Mobile App Sec: IEEE Computer SI on methodologies and solutions for mobile app. security

  Submission: 31 December 2013
Notification: 1 February 2014
From June 1 to June 1
More Information:

13:17 [Pub][ePrint] Decentralized Traceable Attribute-Based Signatures, by Ali El Kaafarani and Essam Ghadafi and Dalia Khader

  Attribute-based signatures allow a signer owning a set of attributes to anonymously sign a message w.r.t.\\ some signing policy. A recipient of the signature is convinced that a signer with a set of attributes satisfying the signing policy has indeed produced the signature without learning the identity of the signer or which set of attributes was used in the signing.

Traceable attribute-based signatures add anonymity revocation mechanisms to attribute-based signatures whereby a special tracing authority equipped with a secret key is capable of revealing the identity of the signer. Such a feature is important in settings where accountability and abuse prevention are required.

In this work, we first provide a formal security model for traceable attribute-based signatures. Our focus is on the more practical case where attribute management is distributed among different authorities rather than relying on a single central authority.

By specializing our model to the single attribute authority setting, we overcome some of the shortcomings of the existing model for the same setting.

Our second contribution is a generic construction for the primitive which achieves a strong notion of security. Namely, it achieves CCA anonymity and its security is w.r.t.\\ adaptive adversaries. Moreover, our framework permits expressive signing polices.

Finally, we provide some instantiations of the primitive whose security reduces to falsifiable intractability assumptions and without relying on idealized assumptions.

12:10 [Job][New] Research Assistent, Institute for Security in Information Technology, Technische Universitaet Muenchen; Munich (Germany)

  We are part of the electrical engineering and information technology department at TUM. We develop new technologies, to counteract new threats in hardware security. Due to the increasing complexity of integrated and embedded systems, designing tools to support the hardware design of such secure devices is a challenging task and in our focus. Also research on PUFs and architectures for secure embedded systems is carried out at our Institute. To ensure security in the long term we research new attacks on secure elements.

To advance the Development of Tools for the Design of Secure Embedded Systems, we are searching for the closest possible point in time a

Research Assistant (m/f)

for a full time position.

Your Tasks:

  • Participation in industry-related research projects with focus on development and implementation of new approaches and tools to support designers in the design of secure embedded systems.
  • Tutor for labs and/or lectures


  • finished your master’s degree in Electrical Engineering or Computer Sciences or equivalent with outstanding grades.
  • have strong focus on security.
  • are autonomous, can work in teams and are highly motivated.
  • like to work with students.
  • should have practical or theoretical previous knowledge on embedded systems and/or circuit design. You are also experienced in programming and have good mathematical skills.

We offer

a position as research assistant which includes the ability to carry out a PhD thesis. With your research, you contribute to one of our main fields.

The position as research assistant is initially offered for a limited time of 2.5 years. It is paid according to TV-L E13.

TUM aims at increasing the percentage of women. Therefore, qualified women