International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

13:26 [Job][New] Postdoctoral and Internship Positions, MICROSOFT RESEARCH, Redmond, Washington USA

  Microsoft Research invites applications from graduate students and recent Ph.D.s for Postdoctoral and Internship positions in the Microsoft Research Cryptography Group. Number Theory candidates should have interest/experience in one or more of the following areas: algorithmic/arithmetic/algebraic number theory, elliptic and hyperelliptic curve cryptography, pairing-based cryptosystems, lattice-based cryptography. Cryptography candidates should have research interests in at least one of the following: protocols, security models, cryptanalysis, hash functions, applied or theoretical cryptography.

Post-docs and interns will be in residence at Microsoft Research Redmond, the main campus of Microsoft\\\'s basic research division with over four hundred researchers in dozens of areas of computer science research. Researchers benefit from close proximity to Microsoft product units, collaborative relations and joint seminars with University of Washington, and an active research environment. For more information about MSR Redmond and the Cryptography group see: and

The post-doctoral positions offer a competitive salary, benefits, and a relocation allowance. The term is for two years; the start date is July 1, 2014. Post-docs will report to Dr. Kristin Lauter, Research Manager for the MSR Crypto Group. Internships for graduate students will be for 10-12 weeks in Summer 2014, with flexible start date.

13:26 [Job][New]


13:24 [Event][New] DBSec'14: 28th IFIP WG 11.3 Working Conf. on Data and Applications Security & Privacy

  Submission: 28 February 2014
Notification: 21 April 2014
From July 14 to July 16
Location: Vienna, Austria
More Information:

19:17 [Pub][ePrint] DAA-related APIs in TPM2.0 Revisited, by Li Xi

  In TPM2.0, a single signature primitive is proposed to sup-

port various signature schemes including Direct Anonymous Attestation

(DAA), U-Prove and Schnorr signature. This signature primitive is im-

plemented by several APIs. In this paper, we show these DAA-related

APIs can be used as a static Diffie-Hellman oracle thus the security

strength of these signature schemes can be weakened by 14-bit. We pro-

pose a novel property of DAA called forward anonymity and show how

to utilize these DAA-related APIs to break forward anonymity. Then we

propose new APIs which not only remove the Static Diffie-Hellman oracle

but also support the forward anonymity, thus significantly improve the

security of DAA and the other signature schemes supported by TPM2.0.

We prove the security of our new APIs under the discrete logarithm

assumption in the random oracle model. We prove that DAA satisfy for-

ward anonymity using the new APIs under the Decision Diffie-Hellman

assumption. Our new APIs are almost as efficient as the original APIs

in TPM2.0 specification and can support LRSW-DAA and SDH-DAA

together with U-Prove as the original APIs.

16:17 [Pub][ePrint] An Equivalence-Preserving Transformation of Shift Registers, by Elena Dubrova

  The Fibonacci-to-Galois transformation is useful for reducing the propagation delay of feedback shift register-based stream ciphers and hash functions. In this paper, we extend it to handle Galois-to-Galois case as well as feedforward connections. This makes possible transforming Trivium stream cipher and increasing its keystream data rate by 27\\% without any penalty in area. The presented transformation might open new possibilities for cryptanalysis of Trivium, since it induces a class of stream ciphers which generate the same set of keystreams as Trivium, but have a different structure.

16:17 [Pub][ePrint] When a Boolean Function can be Expressed as the Sum of two Bent Functions, by Longjiang Qu and Shaojing Fu and Qingping Dai and Chao Li

  In this paper we study the problem that when a Boolean function can

be represented as the sum of two bent functions. This problem was

recently presented by N. Tokareva in studying the number of bent

functions. Firstly, many functions, such as

quadratic Boolean functions, Maiorana-MacFarland bent functions,

partial spread functions etc, are proved to be able to be

represented as the sum of two bent functions. Methods to construct

such functions from low dimension ones are also introduced. N.

Tokareva\'s main hypothesis is proved for $n\\leq 6$. Moreover,

two hypotheses which are equivalent to N. Tokareva\'s main hypothesis

are presented. These hypotheses may lead to new ideas or methods to

solve this problem. At last, necessary and sufficient conditions on

the problem when the sum of several bent functions is again a bent

function are given.

16:17 [Pub][ePrint] Data Security in Cloud Architecture Based on Diffie Hellman and Elliptical Curve Cryptography, by Neha tirthani and Ganesan

  Technological advancements in cloud computing due to increased connectivity and exponentially proliferating data has resulted in migration towards cloud architecture. Cloud computing is technology where the users\' can use high end services in form of software that reside on different servers and access data from all over the world. Cloud storage enables users to access and store their data anywhere. It also ensures optimal usage of the available resources. There is no need for the user to maintain the overhead of hardware and software costs. With a promising technology like this, it certainly abdicates users\' privacy, putting new security threats towards the certitude of data in cloud. The user relies entirely for his data protection on the cloud providers, making them solely responsible for safeguarding it. The security threats such as maintenance of data integrity, data hiding and data safety dominate our concerns when the issue of cloud security come up. The voluminous data and time consuming encryption calculations related to applying any encryption method have been proved as a hindrance in this field.

In this research paper, we have contemplated a design for cloud architecture which ensures secured movement of data at client and server end. We have used the non breakability of Elliptic curve cryptography for data encryption and Diffie Hellman Key Exchange mechanism for connection establishment. The proposed encryption mechanism uses the combination of linear and elliptical cryptography methods. It has three security checkpoints: authentication, key generation and encryption of data.

16:17 [Pub][ePrint] Some Theoretical Conditions for Menezes--Qu--Vanstone Key Agreement to Provide Implicit Key Authentication, by Daniel R. L. Brown

  Menezes--Qu--Vanstone key agreement (MQV) is intended to provide implicit key authentication (IKA) and several other security objectives. MQV is approved and specified in five standards.

This report focuses on the IKA of two-pass MQV, without key confirmation. Arguably, implicit key authentication is the most essential security objective in authenticated key agreement. The report examines various necessary or sufficient formal conditions under which MQV may provide IKA.

Incidentally, this report defines, relies on, and inter-relates various conditions on the key deriviation function and Diffie--Hellman groups. While it should be expected that most such definitions and results are already well-known, a reader interested in these topics may be interested in this report as a kind of review, even if they have no interest in MQV whatsoever.

09:48 [Event][New] CMS 2014: 15th Joint IFIP TC6 and TC11 Conf. on Communications and Multimedia Security

  Submission: 16 March 2014
Notification: 23 May 2014
From September 25 to September 26
Location: Aveiro, Portugal
More Information:

10:17 [Pub][ePrint] Human Assisted Randomness Generation Using Video Games, by Mohsen Alimomeni and Reihaneh Safavi-Naini

  Random number generators have direct applications in information security, online

gaming, gambling, and computer science in general. True random number generators

need an entropy source which is a physical source with inherent uncertainty, to ensure

unpredictability of the output. In this paper we propose a new indirect approach to

collecting entropy using human errors in the game play of a user against a computer. We

argue that these errors are due to a large set of factors and provide a good source of

randomness. To show the viability of this proposal, we design and implement a game,

conduct a user study in which we collect user input in the game, and extract randomness

from it. We measure the rate and the quality of the resulting randomness that clearly

show effectiveness of the approach. Our work opens a new direction for construction of

entropy sources that can be incorporated into a large class of video games.

10:17 [Pub][ePrint] Crypto-analyses on \"user efficient recoverable off-line e-cashs scheme with fast anonymity revoking\", by Yalin Chen1 and Jue-Sam Chou*2

  Recently, Fan et al. proposed a user efficient recoverable off-line e-cash scheme with fast anonymity revoking. They claimed that their scheme could achieve security requirements of an e-cash system such as, anonymity, unlinkability, double spending checking, anonymity control, and rapid anonymity revoking on double spending. They further formally prove the unlinkability and the un-forgeability security features. However, after crypto-analysis, we found that the scheme cannot attain the two proven security features, anonymity and unlinkability. We, therefore, modify it to comprise the two desired requirements which are very important in an e-cash system.