International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

16:17 [Pub][ePrint] Multipermutations in Crypto World: Different Faces of the Perfect Diffusion Layer, by Aleksandra Mileva

  Diffusion layers, and specially perfect diffusion layers, are very important subject for cryptographic research. Main quest is a perfect diffusion layer with more optimal hardware and/or software implementations (if possible, the last needs to holds also for its inverse). Different structures can be used for representing these layers, but all are interconnected. We start with multipermutations as a tools for obtaining perfect diffusion, and we summarize the interconnections between them, MDS codes, Latin squares and quasigroups, orthogonal arrays and $m$-arcs. We give a new construction of perfect recursive diffusion layer from $r$-recursive MDS codes, or recursively $r$-differentiable quasigroups.

16:17 [Pub][ePrint] Randomized and Efficient Authentication in Mobile Environments, by Wei Jiang, Dan Lin, Feng Li, Elisa Bertino

  In a mobile environment, a number of users act as a network nodes and communicate with one another to acquire location based information and services. This emerging paradigm has opened up new business opportunities and enables numerous applications such as road safety enhancement, service recommendations and mobile entertainment. A fundamental issue that impacts the success of these applications is the security and privacy concerns raised regarding the mobile users. In that, a malicious user or service provider can track the locations of a user traveled so that other malicious act can be carried out more effectively against the user. Therefore, the challenge becomes how to authenticate mobile users while preserving their actual identity and location privacy. In this work, we propose a novel randomized or privacy-preserving authentication protocol based on homomorphic encryption. The protocol allows individual users to self generate any number of authenticated identities to achieve full anonymity in mobile environment. The proposed protocol prevents users being tracked by any single party including peer users, service providers, authentication servers, and other infrastructure. Meanwhile, our protocol also provides traceability in case of any dispute. We have conducted experimental study which demonstrates

the efficiency of our protocol. Another advantage of the proposed protocol is lightweight computation and storage requirement, particularly suitable for any mobile devices with limited computation power and storage space.

16:17 [Pub][ePrint] AnoA: A Framework For Analyzing Anonymous Communication Protocols, by Michael Backes and Aniket Kate and Praveen Manoharan and Sebastian Meiser and Esfandiar Mohammadi

  Protecting individuals\' privacy in online communications has become a challenge of paramount importance. To this end, anonymous communication (AC) protocols such as the widely used Tor network have been designed to provide anonymity to their participating users. While AC protocols have been the subject of several security and anonymity analyses in the last years, there still does not exist a framework for analyzing complex systems such as Tor and their different anonymity properties in a unified manner.

In this work we present AnoA: a generic framework for defining, analyzing, and quantifying anonymity properties for AC protocols. AnoA relies on a novel relaxation of the notion of (computational) differential privacy, and thereby enables a unified quantitative analysis of well- established anonymity properties, such as sender anonymity, sender unlinkability, and relationship anonymity. While an anonymity analysis in AnoA can be conducted in a purely information theoretical manner, we show that the protocol\'s anonymity properties established in AnoA carry over to secure cryptographic instantiations of the protocol. We exemplify the applicability of AnoA for analyzing real-life systems by conducting a thorough analysis of the anonymity properties provided by the Tor network against passive adversarys. Our analysis significantly improves on known anonymity results from the literature.

05:59 [Event][New] NSPW'14: 2014 New Security Paradigms Workshop

  Submission: 11 April 2014
Notification: 6 June 2014
From September 15 to September 18
Location: Victoria, Canada
More Information:

15:45 [Event][New] MPC14: Workshop on Theory and Practice of Secure Multiparty Computation

  From May 5 to May 9
Location: Aarhus, Denmark
More Information:

15:41 [Event][New] ECTCM 2014: Second International Workshop on Emerging Cyberthreats and Countermeasures

  Submission: 31 March 2014
Notification: 23 May 2014
From September 8 to September 12
Location: Fribourg, Switzerland
More Information:

16:17 [Pub][ePrint] A Full Characterization of Completeness for Two-party Randomized Function Evaluation, by Daniel Kraschewski and Hemanta K. Maji and Manoj Prabhakaran and Amit Sahai

  We settle a long standing open problem which has pursued a full characterization of completeness of (potentially randomized) finite functions for 2-party computation that is secure against active adversaries. Since the first such complete function was discovered [Kilian, FOCS 1988], the question of which finite 2-party functions are complete has been studied extensively, leading to characterization in many special cases. In this work, we completely settle this problem.

We provide a polynomial time algorithm to test whether a 2-party finite secure function evaluation (SFE) functionality (possibly randomized) is complete or not. The main tools in our solution include:

-- A formal linear algebraic notion of {\\em redundancy} in a general 2-party randomized function.

-- A notion of {\\em statistically testable games}. A kind of interactive proof in the information-theoretic setting where {\\em both} parties are computationally unbounded but differ in their knowledge of a secret.

-- An extension of the (weak) {\\em converse of Shannon\'s channel coding theorem}, where an adversary can adaptively choose the channel based on it view.

We show that any function $f$, if complete, can implement any (randomized) circuit $C$ using only $O(|C| + k)$ calls to $f$, where $k$ is the statistical security parameter. In particular, for any two-party functionality $g$, this establishes a universal notion of its quantitative ``cryptographic complexity\'\' independent of the setup and has close connections to circuit complexity.

16:17 [Pub][ePrint] Efficient Round Optimal Blind Signatures, by Sanjam Garg and Divya Gupta

  Known constructions of blind signature schemes suffer from at least one of the following limitations: (1) rely on parties having access to a common reference string or a random oracle, (2) are not round-optimal, or (3) are prohibitively expensive.

In this work, we construct the \\emph{first} blind-signature scheme that does not suffer from any of these limitations. In other words, besides being round optimal and having a standard model proof of security, our scheme is very efficient. Specifically, in our scheme, one signature is of size $6.5$ KB and the communication complexity of the signing protocol is roughly $100$ KB. An amortized variant of our scheme has communication complexity less that $1$ KB.

16:17 [Pub][ePrint] Garbled RAM Revisited, Part I, by Craig Gentry and Shai Halevi and Mariana Raykova and Daniel Wichs

  The notion of *garbled random-access machines* (garbled RAMs) was introduced by Lu and Ostrovsky (Eurocrypt 2013). It can be seen as an analogue of Yao\'s garbled circuits, that allows a user to garble a RAM program directly, without performing the expensive step of converting it into a circuit. In particular, the size of the garbled program and the time it takes to create and evaluate it are only proportional to its running time on a RAM rather than its circuit size. Lu and Ostrovsky gave a candidate construction of this primitive based on pseudo-random functions (PRFs).

The starting point of this work is a subtle yet difficult-to-overcome issue with the Lu-Ostrovsky construction, that prevents a proof of security from going through. Specifically, the construction requires a complex \"circular\" use of Yao garbled circuits and PRFs. As our main result, we show how to remove this circularity and get a provably secure solution using *identity-based encryption* (IBE). We also abstract out, simplify and generalize the main ideas behind the Lu-Ostrovsky construction, making them easier to understand and analyze.

In a companion work to ours (Part II), Lu and Ostrovsky show an alternative approach to solving the circularity problem. Their approach relies only on the existence of one-way functions, at the price of higher overhead. Specifically, our construction has overhead $\\poly(k)\\polylog(n)$ (with $k$ the security parameter and $n$ the data size), while the Lu-Ostrovsky approach can achieve overhead $\\poly(k)n^\\eps$ for any constant $\\eps>0$. It remains as an open problem to achieve an overhead of $\\poly(k)\\polylog(n)$ assuming only the existence of one-way functions.

16:17 [Pub][ePrint] Garbled RAM Revisited, Part II, by Steve Lu and Rafail Ostrovsky

  In EUROCRYPT 2013, Lu and Ostrovsky proposed the notion of Garbled RAM (GRAM) programs. These GRAM programs are analogous to the classic result of Yao\'s garbled circuits: a large encrypted memory can first be provided to evaluator, and then a program can separately be garbled and sent to an evaluator to securely execute while learning nothing but the output of the program and its running time. The key feature of GRAM is that it harnesses the natural complexity-theoretic power that Random Access Memory (RAM) programs have over circuits, such as in binary search or randomized algorithms, where program can be executed in a garbled way without \"unrolling\" it into a circuit. The candidate Lu-Ostrovsky GRAM scheme proposed in that paper is based on the existence of one-way functions, but due to an implicit reliance on a complex \"circular\" use of Yao garbled circuits, the scheme requires an additional circularity assumptions and may not be secure otherwise.

In this paper, we show how to construct efficient GRAM without circularity and based solely on the existence of any one-way function. The novel approach that allows us to break the circularity is a modification of the Goldreich-Goldwasser-Micali (PRF) construction. More specifically, we modify the PRF to allow PRF-keys to be \"adaptively revoked\" during run-time at the additive cost of roughly log n per revocation. Then, to improve the overhead of this scheme, we apply a delicate recursion technique that bootstraps mini-GRAM schemes into larger, more powerful ones while still avoiding circularity in the hybrid arguments. This results in secure GRAM with overhead of poly($k$)(min($t; n^\\eps$)) for any constant $\\eps>0$, where $n$ is the size of memory and $t$ is the running time.

In a companion work (Part I), Gentry, Halevi, Raykova, and Wichs show an alternative approach using identity-based encryption to solve the circularity problem. Their scheme achieves overhead of poly($k$)polylog($n$) assuming the existence of IBE.

05:44 [Job][New] Security Engineer, CloudFlare Inc. (San Francisco, USA and London, UK)


CloudFlare is looking for a talented security engineer to join our team. We are working on a number of ambitious projects to secure the web and protect our customers from threats of all sorts. The role of security engineer at CloudFlare is more that of a builder than a breaker. You will have to approach problems with creativity and flexibility and be able to identify and use the best tools for the job or build better ones from scratch. At CloudFlare, we are serious about protecting our customers and advancing the state of the art in computer security.


  • Strong systems-level programming skills
  • Deep understanding of networking protocols (TCP/IP, SSL/TLS, DNS)

  • Experience with cryptographic libraries and APIs

  • Expert in C/C++ and performance analysis

  • Proficiency in Go and/or Lua or willingness to learn

  • Strong understanding of security concepts (key management, access control, authentication)

  • Understanding of Linux internals

  • Interest in advancements in security and cryptography

    Bonus Points:

  • Contributions to the open source community

  • Experience implementing production-grade cryptographic algorithms

  • Knowledge or expertise in White-box cryptography

  • Experience with DNSSEC

  • Familiarity with compilers or code generation tools (e.g.

  • Experience with cryptographic hardware (TPM, HSM, etc.)

  • Healthy sense of paranoia