International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

06:17 [Pub][ePrint] Zero-Knowledge Password Policy Checks and Verifier-Based PAKE, by Franziskus Kiefer and Mark Manulis

  We propose the concept of Zero-Knowledge Password Policy Checks (ZKPPC) to enable remote registration of client passwords without their actual transmission to the server. The ZKPPC protocol executed as part of the client registration process allows the client to prove compliance of the chosen password with the password policy defined by the server. The main benefit of ZKPPC-based password registration is that it guarantees that passwords can never be processed nor stored in clear on the server side. At the end of the registration phase the server only receives and stores some verification information that can later be used for authentication in suitable Verifier-based Password Authenticated Key Exchange (VPAKE) protocols.

To this end, we first formalize the requirements of ZKPPC protocols and propose a general framework for their construction in the standard model using randomised password hashing and set membership proofs. We design a suitable encoding scheme for password characters and show how to express password policies to allow the adoption of set membership proofs. Finally, we present a concrete ZKPPC-based registration protocol that is based on efficient Pedersen commitments and corresponding proofs, and analyse its performance.

To complete the ZKPPC-based registration and authentication framework we propose a concrete VPAKE protocol, where the server can use the obtained verification information from the ZKPPC-based registration phase to subsequently setup secure communication sessions with the client. Our VPAKE protocol follows the recent framework for the construction of such protocols and is secure in the standard model.

06:17 [Pub][ePrint] Key Derivation From Noisy Sources With More Errors Than Entropy, by Ran Canetti and Benjamin Fuller and Omer Paneth and Leonid Reyzin

  Fuzzy extractors convert a noisy source of entropy into a consistent uniformly-distributed key. In the process of eliminating noise, they lose some of the entropy of the original source---in the worst case, as much as the logarithm of the number of correctable error patterns. We call what is left after this worst-case loss the minimum usable entropy. Unfortunately, this quantity is negative for some sources that are important in practice. Most known approaches for building fuzzy extractors work in the worst case and cannot be used when the minimum usable entropy is negative.

We construct the first fuzzy extractors that work for a large class of distributions that have negative minimum usable entropy. Their security is computational. They correct Hamming errors over a large alphabet. In order to avoid the worst-case loss, they necessarily restrict distributions for which they work.

Our first construction requires high individual entropy of a constant fraction of symbols, but permits symbols to be dependent. Our second construction requires a constant fraction of symbols to have a constant amount of entropy conditioned on prior symbols. The constructions can be implemented efficiently based on number-theoretic assumptions or assumptions on cryptographic hash functions.

06:17 [Pub][ePrint] bitcoin.BitMint: Reconciling Bitcoin with Central Banks, by Gideon Samid

  The sweeping success of the original (2008) bitcoin protocol proves that digital currency has arrived. The mounting opposition from the financial establishment indicates an overshoot. We propose to tame bitcoin into bitcoin.BitMint: keeping the bitcoin excitement -- fitted into real world security, stability and fraud concerns.

The basic idea is to excise the bitcoin money generation formula, and otherwise apply bitcoin essentially \"as is\" over digital coins which are redeemable by the mint that minted them. This will preserve the bitcoin assured anonymity. The new bitcoin.BitMint solution will benefit from bitcoin\'s double-spending prevention, and would otherwise enjoy all the benefits associated with money in a digital form.

bitcoin.BitMint will allow traders to invest in US$, gold, or any other commodity while practicing their trade in cyberspace, anonymously, securely, and non-speculatively.

This \"mint-in-the-middle\" protocol will allow law enforcement authorities to execute a proper court order to enforce the disclosure of a suspected fraudster, but the community of honest traders will trade with robust privacy as offered by the original bitcoin protocol.

We envision interlinked bitcoin.BitMint trading environments, integrated via an InterMint protocol: a framework for the evolution of a cascaded super currency - global and highly stable.

05:24 [Event][New] LightSEC 2014: Third International Workshop on Lightweight Cryptography

  Submission: 1 June 2014
Notification: 11 July 2014
From September 1 to September 2
Location: Istanbul, Turkey
More Information:

09:17 [Pub][ePrint] Logical Reasoning to Detect Weaknesses About SHA-1 and MD4/5, by Florian Legendre and Gilles Dequen and Michaƫl Krajecki

  In recent years, studies about the SATisfiability Problem (short for SAT) were more and more numerous because of its conceptual simplicity and ability to express a large set of various problems. Within a practical framework, works highlighting SAT impli- cations in real world problems had grown significantly. In this way, a new field called logical cryptanalysis appears in the 2000s and consists in an algebraic cryptanalysis in a binary context thanks to SAT solving. This paper deals with this concept applied to cryptographic hash functions. We first present the logical cryptanalysis principle, and provide details about our encoding approach. In a second part, we put the stress on the contribution of SAT to analyze the generated problem thanks to the discover of logical inferences and so simplifications in order to reduce the computational complexity of the SAT solving. This is mainly realized thanks to the use as a preprocessor of learning and pruning techniques from the community. Third, thanks to a probabilistic reasoning applied on the formulas, we present a weakness based on the use of round constants to detect probabilistic relations as implications or equivalences between certain vari- ables. Finally, we present a practical framework to exploit these weaknesses through the inversions of reduced-step versions of MD4, MD5, SHA-0 and SHA-1 and open some prospects.

09:17 [Pub][ePrint] Automatic Proofs of Privacy of Secure Multi-Party Computation Protocols Against Active Adversaries, by Martin Pettai and Peeter Laud

  We describe an automatic analysis to check secure multiparty computation protocols against privacy leaks. The analysis is sound --- a protocol that is deemed private does not leak anything about its private inputs, even if active attacks are performed against it. Privacy against active adversaries is an essential ingredient in constructions aiming to provide security (privacy + correctness) in adversarial models of intermediate (between passive and active) strength. Using our analysis we are able to show that the protocols used by the Sharemind secure multiparty computation platform are actively private.

12:01 [Conf] Proceedings PKC 2014 online

  The proceedings of PKC 2014 are now available online to IACR members.

11:07 [Event][New] SCN 2014: 9th Conference on Security and Cryptography for Networks

  Submission: 21 April 2014
Notification: 9 June 2014
From September 3 to September 5
Location: Amalfi, Italy
More Information:

11:06 [Event][New] Indocrypt: 15th International Conference on Cryptology, Indocrypt

  Submission: 18 July 2014
From December 14 to December 17
Location: Delhi, India
More Information:

06:19 [Job][New] PhD Student, PhD positions at CTIC, Aarhus University, Denmark, Northern Europe

  A number of attractive PhD grants is available at Center for the Theory of Interactive Computation (CTIC), which is a Sino-Danish research center. The center is a collaboration between the Computer Science Department at Aarhus University, Denmark and IIIS, Tsinghua University, Beijing, China, and is led by Professor Andrew Chi-Chih Yao, Tsinghua University, and Professor Peter Bro Miltersen, Aarhus University. The positions are within the focus areas of the center which are computational complexity theory, cryptography, quantum informatics, and algorithmic game theory. See also

The successful candidates will obtain their degrees from Aarhus University and are expected to do most of their studies there, but also do stays at IIIS.

To be admitted as a PhD student at Aarhus University Graduate School of Science and Technology PhD program requires between 3 and 5 years of study, depending on the background of the candidate. The minimum requirement for applying is a Bachelor\\\'s degree. Applications should be entered at the Aarhus Graduate School of Science and Technology (GSST) web interface, where PhD applicants will also find detailed and relevant information about the application process, deadlines, financing etc.:

To obtain further information before applying, please email ctic (at) The next application deadline is May 1st, 2014.

06:19 [Job][New] Ph.D. Scholarship in Computer Science (3 years full time), University of Wollongong, Australia

  The Centre for Computer and Information Security Research (CCISR) at the University of Wollongong, Australia, is looking for a high caliber PhD student to work in the topic of \\\"Post-quantum Cryptography\\\".

The topic includes the following sub-topics:

- lattice-based cryptography,

- multivariate cryptography,

- code-based cryptography,

- quantum computing.

Candidates are required to have a good background in mathematics.

All the decisions made will be final and there is no appeal procedure.

Ideally, it is expected that the candidate will start the PhD candidature by August 2014.

Interested candidates should send their complete CV, which includes their research experience and publication to Dr. Thomas Plantard (thomaspl (at)

Any questions regarding this position should be directed to

Prof. Willy Susilo (wsusilo (at) or Dr. Thomas Plantard (thomaspl (at)