International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

09:17 [Pub][ePrint] Logical Reasoning to Detect Weaknesses About SHA-1 and MD4/5, by Florian Legendre and Gilles Dequen and Michaƫl Krajecki

  In recent years, studies about the SATisfiability Problem (short for SAT) were more and more numerous because of its conceptual simplicity and ability to express a large set of various problems. Within a practical framework, works highlighting SAT impli- cations in real world problems had grown significantly. In this way, a new field called logical cryptanalysis appears in the 2000s and consists in an algebraic cryptanalysis in a binary context thanks to SAT solving. This paper deals with this concept applied to cryptographic hash functions. We first present the logical cryptanalysis principle, and provide details about our encoding approach. In a second part, we put the stress on the contribution of SAT to analyze the generated problem thanks to the discover of logical inferences and so simplifications in order to reduce the computational complexity of the SAT solving. This is mainly realized thanks to the use as a preprocessor of learning and pruning techniques from the community. Third, thanks to a probabilistic reasoning applied on the formulas, we present a weakness based on the use of round constants to detect probabilistic relations as implications or equivalences between certain vari- ables. Finally, we present a practical framework to exploit these weaknesses through the inversions of reduced-step versions of MD4, MD5, SHA-0 and SHA-1 and open some prospects.

09:17 [Pub][ePrint] Automatic Proofs of Privacy of Secure Multi-Party Computation Protocols Against Active Adversaries, by Martin Pettai and Peeter Laud

  We describe an automatic analysis to check secure multiparty computation protocols against privacy leaks. The analysis is sound --- a protocol that is deemed private does not leak anything about its private inputs, even if active attacks are performed against it. Privacy against active adversaries is an essential ingredient in constructions aiming to provide security (privacy + correctness) in adversarial models of intermediate (between passive and active) strength. Using our analysis we are able to show that the protocols used by the Sharemind secure multiparty computation platform are actively private.

12:01 [Conf] Proceedings PKC 2014 online

  The proceedings of PKC 2014 are now available online to IACR members.

11:07 [Event][New] SCN 2014: 9th Conference on Security and Cryptography for Networks

  Submission: 21 April 2014
Notification: 9 June 2014
From September 3 to September 5
Location: Amalfi, Italy
More Information:

11:06 [Event][New] Indocrypt: 15th International Conference on Cryptology, Indocrypt

  Submission: 18 July 2014
From December 14 to December 17
Location: Delhi, India
More Information:

06:19 [Job][New] PhD Student, PhD positions at CTIC, Aarhus University, Denmark, Northern Europe

  A number of attractive PhD grants is available at Center for the Theory of Interactive Computation (CTIC), which is a Sino-Danish research center. The center is a collaboration between the Computer Science Department at Aarhus University, Denmark and IIIS, Tsinghua University, Beijing, China, and is led by Professor Andrew Chi-Chih Yao, Tsinghua University, and Professor Peter Bro Miltersen, Aarhus University. The positions are within the focus areas of the center which are computational complexity theory, cryptography, quantum informatics, and algorithmic game theory. See also

The successful candidates will obtain their degrees from Aarhus University and are expected to do most of their studies there, but also do stays at IIIS.

To be admitted as a PhD student at Aarhus University Graduate School of Science and Technology PhD program requires between 3 and 5 years of study, depending on the background of the candidate. The minimum requirement for applying is a Bachelor\\\'s degree. Applications should be entered at the Aarhus Graduate School of Science and Technology (GSST) web interface, where PhD applicants will also find detailed and relevant information about the application process, deadlines, financing etc.:

To obtain further information before applying, please email ctic (at) The next application deadline is May 1st, 2014.

06:19 [Job][New] Ph.D. Scholarship in Computer Science (3 years full time), University of Wollongong, Australia

  The Centre for Computer and Information Security Research (CCISR) at the University of Wollongong, Australia, is looking for a high caliber PhD student to work in the topic of \\\"Post-quantum Cryptography\\\".

The topic includes the following sub-topics:

- lattice-based cryptography,

- multivariate cryptography,

- code-based cryptography,

- quantum computing.

Candidates are required to have a good background in mathematics.

All the decisions made will be final and there is no appeal procedure.

Ideally, it is expected that the candidate will start the PhD candidature by August 2014.

Interested candidates should send their complete CV, which includes their research experience and publication to Dr. Thomas Plantard (thomaspl (at)

Any questions regarding this position should be directed to

Prof. Willy Susilo (wsusilo (at) or Dr. Thomas Plantard (thomaspl (at)

21:17 [Pub][ePrint] SIMON Says, Break the Area Records for Symmetric Key Block Ciphers on FPGAs, by Aydin Aysu and Ege Gulcan and Patrick Schaumont

  While AES is extensively in use in a number of applications, its area cost limits its deployment in resource constrained platforms. In this paper, we have implemented SIMON, a recent promising low-cost alternative of AES on reconfigurable platforms. The Feistel network, the construction of the round function and the key generation of SIMON, enables bit-serial hardware architectures which can significantly reduce the cost. Moreover, encryption and decryption can be done using the same hardware. The results show that with an equivalent security level, SIMON is 86\\% smaller than AES, 70\\% smaller than PRESENT (a standardized low-cost AES alternative), and its smallest hardware architecture only costs 36 slices (72 LUTs, 30 registers). To our best knowledge, this work sets the new area records as we propose the hardware architecture of the smallest block cipher ever published on FPGAs at 128-bit level of security. Therefore, SIMON is a strong alternative to AES for low-cost FPGA based applications.

21:17 [Pub][ePrint] High Parallel Complexity Graphs and Memory-Hard Functions, by Joel Alwen and Vladimir Serbinenko

  Motivated by growing importance of parallelism in modern computational systems, we introduce a very natural generalization to a parallel setting of the powerful (sequential) black pebbling game over DAGs. For this new variant, when considering pebbling graphs with with multiple disconnected components (say when modelling the computation of multiple functions in parallel), we demonstrate a significant shortcoming of the two most common types of complexity measures for DAGs inherited from the sequential setting (namely S-complexity and ST-complexity). Thus, to ensure the applicability of the new pebbling game as a tool for proving results about say the \\emph{amortized} hardness of functions being repeatedly evaluated, we introduce a new complexity measure for DAGs called \\emph{cumulative complexity} (CC) and show how it overcomes this problem.\\\\

With the aim of facilitating the new complexity lower-bounds in parallel settings we turn to the task of finding high CC graphs for the parallel pebbling game. First we look at several types of graphs such as certain stacks of superconcentrators, permutation graphs, bit-reversal graphs and pyramid graphs, which are known to have high (even optimally so) complexity in the sequential setting. We show that all of them have much lower parallel CC then one could hope for from a graph of equal size. This motivates our first main technical result, namely the construction of a new family of constant in-degree graphs whose parallel CC approaches maximality to within a polylogarithmic factor.\\\\

The second contribution of this work is to demonstrate an application of these new theoretical tools, in particular to the field of cryptography. Memory-hard function (MHF), introduced by Percival~\\cite{Per09}, have the intuitive goal of leverage the relatively high cost of memory in integrated circuits compared to general purpose computers in order to decrease the attractiveness of using custom circuits to mount brute-force attacks. We provide a new formalization for key property of such functions (overcoming problems with the approach of~\\cite{Per09}) using a new type of \\emph{amortized} computational hardness for families of functions in the (parallel) random oracle model. We motivate the hardness definition by showing how it provides an immediate lower-bound on the monetary cost of repeatedly evaluating such functions in several real-world (parallel) computational environments (e.g. FPGAs, ASICs, Cloud Computers). Indeed, in practice such devices are often the most cost effective means for mounting large-scale brute-force attacks on security relevant functions (such as say Proofs-of-Work and the hash functions used to obscure stored passwords in login servers). As the main technical result of this section, for the family of functions $f_G$ (over strings) characterized via a given DAG $G$, we prove a lower-bound on the hardness of $f_G$ in terms of the parallel CC of $G$. In consequence, we obtain the first provably secure (and intuitively sound) MHF.

14:46 [Job][New] PhD scholarship, University of Auckland, New Zealand

  The Inaugural Sir Vaughan F.R. Jones PhD Scholarship

This prestigious scholarship will fund the research in any area of mathematics of a PhD student supervised by a member of the Department of Mathematics. Selection is based purely on the record and research promise of the candidate. The Jones Scholarship offers an annual stipend of NZ$25,000 (tax free), plus fees, for three years of PhD study.

New Zealand mathematician Vaughan Jones, KNZM FRS FRSNZ FAAAS, was awarded the Fields Medal in 1990. He is Distinguished Professor at both the University of Auckland and Vanderbilt University. He is best known for his work on knot (Jones) polynomials and von Neumann algebras.

Interested candidates are encouraged to contact members of the Department informally concerning possible research projects. For public key cryptography or number theory, please contact Steven Galbraith.

Full applications must be received by August 30, 2014.

15:05 [Event][New] M2MSec'14: First International Workshop on Security and Privacy in M2M Communications

  Submission: 1 June 2014
Notification: 1 July 2014
From October 29 to October 29
Location: San Francisco, USA
More Information: