International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

00:17 [Pub][ePrint] On The Orthogonal Vector Problem and The Feasibility of Unconditionally Secure Leakage Resilient Computation, by Ivan Damgård and Frédéric Dupuis and Jesper Buus Nielsen

  We consider unconditionally secure leakage resilient two-party

computation, where security means that the leakage obtained by an

adversary can be simulated using a similar amount of leakage from the

private inputs or outputs. A related problem is known as circuit

compilation, where there is only one device doing a computation on

public input and output. Here the goal is to ensure that the adversary

learns only the input/output behaviour of the computation, even given

leakage from the internal state of the device. We study these

problems in an enhanced version of the ``only computation leaks\'\'

model, where the adversary is additionally allowed a bounded amount of

{\\em global} leakage from the state of the entity under attack. In

this model, we show the first unconditionally secure leakage resilient

two-party computation protocol. The protocol assumes access to

correlated randomness in the form of a functionality $\\fOrt$ that

outputs pairs of orthogonal vectors $(\\vec{u}, \\vec{v})$ over some

finite field, where the adversary can leak independently from

$\\vec{u}$ and from $\\vec{v}$. We also construct a general circuit

compiler secure in the same leakage model. Our constructions work,

even if the adversary is allowed to corrupt a constant fraction of the

calls to $\\fOrt$ and decide which vectors should be output. On the

negative side, we show that unconditionally secure two-party

computation and circuit compilation are in general impossible in the

plain version of our model. For circuit compilation we need a

computational assumption to exhibit a function that cannot be securely

computed, on the other hand impossibility holds even if global leakage

is not allowed. It follows that even a somewhat unreliable version of

$\\fOrt$ cannot be implemented with unconditional security in the plain

leakage model, using classical communication. However, we show that an

implementation using quantum communication does exist. In particular,

we propose a simple ``prepare-and-measure\'\' type protocol which we

show secure using a new result on sampling from a quantum

population. Although the protocol may produce a small number of

incorrect pairs, this is sufficient for leakage resilient computation

by our other results.

00:17 [Pub][ePrint] Structural Lattice Reduction: Generalized Worst-Case to Average-Case Reductions, by Nicolas Gama and Malika Izabachene and Phong Q. Nguyen and Xiang Xie

  In lattice cryptography, worst-case to average-case reductions rely on two problems: Ajtai\'s SIS and Regev\'s LWE,

which refer to a very small class of random lattices related to the group G=Z_q^n.

We generalize worst-case to average-case reductions to (almost) all integer lattices,

by allowing G to be any (sufficiently large) finite abelian group.

In particular, we obtain a partition of the set of full-rank integer lattices of large volume

such that finding short vectors in a lattice chosen uniformly at random from any of the partition cells is as hard as finding short vectors in any integer lattice.

Our main tool is a novel group generalization of lattice reduction, which we call structural lattice reduction: given a finite abelian group $G$ and a lattice $L$,

it finds a short basis of some lattice $\\bar{L}$ such that $L \\subseteq \\bar{L}$ and $\\bar{L}/L \\simeq G$.

Our group generalizations of SIS and LWE allow us to abstract lattice cryptography, yet preserve worst-case assumptions.

00:17 [Pub][ePrint] Resettably Sound Zero-Knoweldge Arguments from OWFs - the (semi) Black-Box way, by Rafail Ostrovsky and Alessandra Scafuro and Muthuramakrishnan Venkitasubramaniam

  We show how to construct a O(1)-round resettably-sound zero-knowledge argument of knowledge based on one-way functions where additionally the construction and proof of security is black-box. Zero-knowledge proofs (ZK) are fundamental cryptographic constructs used in numerous applications. Formalized using a \"simulation\" paradigm, ZK requires that for every malicious verifier there exists a \"simulator\" that can indistinguishably reproduce the view of the verifier in an interaction with the honest prover. Resettable-soundness introduced by Barak, Goldreich, Goldwasser and Lindell (FOCS 01) additionally demands the soundness property to hold even if the malicious prover is allowed to \"reset\" and \"restart\" the verifier. Using the breakthrough non-black-box technique of Barak (FOCS 01) they also provided a constant-round construction of a resettably-sound ZK argument relying on the existence of collision-resistance hash-functions. This construction and subsequent constructions all rely on the underlying cryptographic primitive in a non black-box way. Recently, Goyal, Ostrovsky, Scafuro and Visconti (STOC 14) showed how to extend the Barak\'s technique to obtain a construction and proof of security that relies on the collision-resistant hash-function in a black-box manner while still having a non black-box simulator. Such a construction is referred to as semi black-box. From the work of Chung, Pass and Seth (STOC 13) we know that the minimal assumption required to construct resettably-sound ZK argument is the existence of one-way functions.

In this work we close the gap between (semi) black-box and non black-box constructions by showing a black-box (round-efficient) resettably-sound argument relying on one-way functions only.

00:17 [Pub][ePrint] Privacy-Enhancing Proxy Signatures from Non-Interactive Anonymous Credentials, by David Derler and Christian Hanser and Daniel Slamanig

  Proxy signatures enable an originator to delegate the signing rights for a restricted set of messages to a proxy. The proxy is then able to produce valid signatures only for messages from this delegated set on behalf of the originator. Recently, two variants of privacy-enhancing proxy signatures, namely blank signatures and warrant-hiding proxy signatures, have been introduced. In this context, privacy-enhancing means that a verifier of a proxy signature does not learn anything about the delegated message set beyond the message being presented for verification.

We observe that this principle bears similarities with functionality provided by anonymous credentials. Inspired by this observation, we examine black-box constructions of the two aforementioned proxy signatures from non-interactive anonymous credentials, i.e., anonymous credentials with a non-interactive showing protocol, and show that the so obtained proxy signatures are secure if the anonymous credential system is secure. Moreover, we present two concrete instantiations using well-known representatives of anonymous credentials, namely Camenisch-Lysyanskaya (CL) and Brands\' credentials.

While constructions of anonymous credentials from signature schemes with particular properties, such as CL signatures or structure-preserving signatures, as well as from special variants of signature schemes, such as group signatures, sanitizable and indexed aggregate signatures, are known, this is the first paper that provides constructions of special variants of signature schemes, i.e., privacy-enhancing proxy signatures, from anonymous credentials.

09:09 [Event][New] STM 2014: 10th International Workshop on Security and Trust Management

  Submission: 13 June 2014
Notification: 21 July 2014
From September 10 to September 11
Location: Wroclaw, Poland
More Information:

09:10 [Event][New] SSP: IEEE Symposium on Security and Privacy

  Submission: 15 November 2013
From May 18 to May 21
Location: San Jose, United States
More Information:

09:09 [Event][New] AsiaJCIS 2014: 9th Asia Joint Conference on Information Security (AsiaJCIS 2014) 9th Asia

  Submission: 21 May 2014
Notification: 2 July 2014
From September 3 to September 5
Location: Wuhan, China
More Information:

09:09 [Job][New] Full-Time PhD Position in Privacy-Preserving Data Mining, University of Twente, the Netherlands


The Centre for Telematics and Information Technology (CTIT) at the University of Twente invites applications for a 4-year PhD position in “privacy-preserving data mining in electronic health records” starting immediately. The position is funded by the THeCS project (Trusted HealthCare Services) as part of the Dutch national program COMMIT (

The PhD candidate will be supervised by Dr. Andreas Peter and Prof. Pieter Hartel from the Services, Cybersecurity and Safety Group ( and by Prof. Willem Jonker from the Database Group ( of the University of Twente. The candidate will be expected to do active and internationally visible research in privacy-enhancing technologies for electronic health records with a focus on privacy-preserving data mining. The PhD candidate will be appointed for a period of four years, at the end of which he/she must have completed a PhD thesis. During this period, the PhD student has the opportunity to broaden his/her knowledge by joining international exchange programs, to participate in national and international conferences and workshops, and to visit other research institutes and universities worldwide.

Successful candidates must hold an outstanding M.Sc. degree (or equivalent) from the university study of Computer Science, Mathematics, or similar. Applications from students that are about to finish their master thesis will be accepted as well. The candidate is expected to have excellent skills in the English language.

The position will be closed as soon as a suitable candidate is found. Applications must include:

  • CV and academic transcript (with grades)
  • motivation letter (including a description of prior activities with relevance to security and privacy)
  • two references or letters of recommendation
  • <

09:08 [Job][New] Post-doctoral research fellow, Queensland University of Technology, Brisbane, Australia


The Information Security discipline at the Queensland University of Technology (QUT) in Brisbane, Australia, invites applications for a 16-month post-doctoral researcher position in cryptography starting by September 2014. The focus of the position is on analyzing and characterizing the overall security of real-world cryptographic protocols such as TLS, and designing next-generation protocols. We are looking for outstanding candidates with experience in cryptographic modelling, provable security, and/or key exchange protocols. The position is supported by an Australia Research Council (ARC) Discovery Project grant.

Applicants should have recently completed, be under examination for, or be close to submitting a PhD. Starting salary is between AUD$58,903 and $79,926 per annum, plus 17% pension contribution. Funds for relocation and travel will also be available.

QUT\\\'s Science and Engineering Faculty has an active and growing group with research strengths in cryptography, network security, and digital forensics, with a leading national profile and strong international links. QUT is investing heavily in science and technology research, with a new $240 million facility in the heart of Brisbane\\\'s central business district housing many interdisciplinary research groups, including information security. Brisbane is a city of 2 million people with a high quality of living, and many of Queensland\\\'s stunning beaches and wilderness are less than half an hour away.

Applications must be submitted through the QUT Jobs website listed below.

09:08 [Job][New] Cryptographer, USMobile, Inc., North America

  USMobile products secure mobile communications for businesses, government and individuals. More specifically, USMobile products represent a major advance towards the protection of information (voice, video & data) as it travels over the Internet between mobile phones and the Cloud (i.e.- Data Centers).

The Company will release Scrambl3, its first product, in July 2014 that represents the first commercial implementation of the NSA\\\'s \\\'Fishbowl\\\' project. Two independent layers of Suite B encryption algorithms and Internet protocols are employed to create a \\\"Private Mobile Network.\\\" Visit The site is password protected at this time, so use the following credentials: Name: testuser Password: testpasswd

00:17 [Pub][ePrint] Impossible differential cryptanalysis of LBlock with concrete investigation of key scheduling algorithm, by Jiageng Chen, Yuichi Futa, Atsuko Miyaji, Chunhua Su

  Impossible differential cryptanalysis has been proved to be one of the most powerful techniques to attack block ciphers. Based on the impossible differential paths, we can usually add several rounds before or after to launch the key recovery attack. Impossible differential cryptanalysis is powerful not only because the number of rounds it can break is very competitive compared to other attacks, but also unlike differential attacks which are statistical attacks in the essential, impossible differential analysis does not require many statistical assumptions. In this paper, we investigate the key recovery attack part of the impossible differential cryptanalysis. We point out that when taking the (non-linear) key scheduling algorithm into consideration, we can further derive the redundancy among the subkeys, and thus can filter the wrong key at a rather early stage. This can help us control the time complexity and increase the number of rounds we can attack. As an application, we analyze recently proposed lightweight block cipher LBlock, and as a result, we can break 23 rounds with complexity $2^{77.4}$ encryptions without using the whole code block, which is by far the best attack against this cipher.