International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

06:17 [Pub][ePrint] ZAPs and Non-Interactive Witness Indistinguishability from Indistinguishability Obfuscation, by Nir Bitansky and Omer Paneth

  We present new constructions of two-message and one-message witness-indistinguishable proofs (ZAPs and NIWIs). This includes:



ZAP (or, equivalently, non-interactive zero-knowledge in the common random string model) from indistinguishability obfuscation and one-way functions.


NIWIs from indistinguishability obfuscation and one-way permutations.


The previous construction of ZAPs [Dwork and Naor, FOCS 00] was based on trapdoor permutations. The two previous NIWI constructions were based either on ZAPs and a derandomization-type complexity assumption [Barak, Ong, and Vadhan CRYPTO 03], or on a specific number theoretic assumption in bilinear groups [Groth, Sahai, and Ostrovsky, CRYPTO 06].

21:17 [Pub][ePrint] Trial multiplication is not optimal but... On the symmetry of finite cyclic groups (Z/pZ)∗, by Antonio Sanso

  The Discrete Logarithm Problem is at the base of the famous Diffie Hellman key agreement algorithm and many others. The key idea behind Diffie Helmann is the usage of the Discrete Logarithm function in (Z/pZ)∗ as a trap door function. The Discrete Logarithm function output in (Z/pZ)∗ seems to escape to any attempt of finding some sort of pattern. Nevertheless some new characterization will be introduced together with a novel and more efficient trial multi- plication algorithm.

21:17 [Pub][ePrint] Improved Meet-in-the-Middle Attacks on Reduced-Round Camellia-192/256, by Leibo Li and Keting Jia

  Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. In this paper, we focus on the key-recovery attacks on reduced-round Camellia-192/256 with meet-in-the-middle methods. We utilize multiset and the differential enumeration methods which are popular to analyse AES in the recent to attack Camellia-192/256. We propose a 7-round property for Camellia-192, and achieve a 12-round attack with $2^{180}$ encryptions, $2^{113}$ chosen plaintexts and $2^{130}$ 128-bit memories. Furthermore, we present an 8-round property for Camellia-256, and apply it to break the 13-round Camellia-256 with $2^{232.7}$ encryptions, $2^{113}$ chosen ciphertexts and $2^{227}$ 128-bit memories.

11:39 [Event][New]


07:54 [PhD][Update] Nicolas Moro: Security of assembly programs against attacks on embedded processors

  Name: Nicolas Moro
Topic: Security of assembly programs against attacks on embedded processors

Description: This thesis aims at defining software-level countermeasures against fault attacks on an up-to-date microcontroller. To perform such an analysis, this thesis relies on a hardware-level attacker's fault model. This fault model is obtained by using an electromagnetic fault injection experimental process.[...]

00:17 [Pub][ePrint] Weaknesses of Password Authentication Scheme Based on Geometric Hashing, by Martin Stanek

  We show that a recently proposed password authentication scheme based on geometric hashing has several security weaknesses, and that the use of this scheme should be avoided in practice.

00:17 [Pub][ePrint]


00:17 [Pub][ePrint] Resilient Aggregation in Simple Linear Sensor Networks, by Kevin J. Henry and Douglas R. Stinson

  A sensor network is a network comprised of many small, wireless, resource-limited nodes that sense data about their environment and report readings to a base station. One technique to conserve power in a sensor network is to aggregate sensor readings hop-by-hop as they travel towards a base station, thereby reducing the total number of messages required to collect each sensor reading. In an adversarial setting, the ability of a malicious node to alter this aggregate total must be limited. We present three aggregation protocols inspired by three natural key pre-distribution schemes for linear networks. Assuming no more than k consecutive nodes are malicious, each of these protocols limits the capability of a malicious node to altering the aggregate total by at most a single valid sensor reading. Additionally, our protocols are able to detect malicious behavior as it occurs, allowing the protocol to be aborted early, thereby conserving energy in the remaining nodes. A rigorous proof of security is also given for each protocol.

00:17 [Pub][ePrint] An Empirical Study and some Improvements of the MiniMac Protocol for Secure Computation, by Ivan Damgaard and Rasmus Lauritsen, and Tomas Toft

  Recent developments in Multi-party Computation (MPC) has resulted in very efficient protocols for dishonest majority in the preprocessing model. In particular, two very promising protocols for Boolean circuits have been proposed by Nielsen et al. (nicknamed TinyOT) and by Damg ̊ard and Zakarias (nicknamed MiniMac). While TinyOT has already been implemented, we present in this paper the first implementation of MiniMac, using the same platform as the existing TinyOT implementation. We also suggest several improvements of MiniMac, both on the protocol design and implementation level. In particular, we suggest a modification of MiniMac that achieves increased parallelism at no extra communication cost. This gives an asymptotic improvement of the original protocol as well as an 8-fold speed-up of our implementation. We compare the resulting protocol to TinyOT for the case of secure computation in parallel of a large number of AES encryptions and find that it performs better than results reported so far on TinyOT, on the same hardware.

00:17 [Pub][ePrint] Optimal Resilience Broadcast against Locally Bounded and General Adversaries, by Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas

  We study the Reliable Broadcast problem in incomplete networks, under the locally bounded adversarial model (Koo, 2004), that is, there is a known bound on the number of players that a Byzantine adversary controls in each player\'s neighborhood. We generalize the model

to the more realistic non-uniform case, by allowing this bound to vary from node to node.

We first settle an open question of Pelc and Peleg (2005) in the affirmative, by showing that Koo\'s Certified Propagation Algorithm (CPA) for ad hoc networks is indeed unique, that is, it can tolerate as many local corruptions as any other non-faulty algorithm, thus having optimal resilience. Actually, we prove the stronger result that a natural extension of CPA is unique for the non-uniform model. We do this by providing a necessary and sufficient condition for reliable broadcast in ad hoc networks. On the other hand, we show that it is NP-hard to check whether this condition holds for a given graph G.

We also study known topology networks and prove that a topological condition, shown by Pelc and Peleg to be necessary for the existence of a Broadcast algorithm, is also sufficient. This leads to an optimal resilience algorithm for known networks as well. On the downside, we prove that PPA is inefficient. However, we are able to provide evidence showing that probably no efficient protocol of optimal resilience exists.

We take one more step, by considering a hybrid between ad hoc and known topology networks: each node knows a part of the network, namely a connected subgraph containing itself. We show that this partial knowledge model allows for more accurate reliable broadcast


Finally, we show that our results extend to the general adversary model. This, among others, means that an appropriate adaptation of CPA is unique against general adversaries in ad hoc networks.

13:40 [Event][New] ASK 2014: The Fourth Asian Workshop on Symmetric Key Cryptography

  Submission: 30 November 2014
From December 19 to December 23
Location: Chennai, India
More Information: http://