International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-08-11
06:17 [Pub][ePrint] DTKI: a new formalized PKI with no trusted parties, by Jiangshan Yu and Vincent Cheval and Mark Ryan

  The security of public key validation protocols for web-based applications has recently attracted attention because of weaknesses in the certificate authority model, and consequent attacks.

Recent proposals using public logs have succeeded in making certificate management more transparent and verifiable. How- ever, those proposals involve a fixed set of authorities which create a monopoly, and they have heavy reliance on trusted parties that monitor the logs.

We propose a distributed transparent key infrastructure (DTKI), which greatly reduces the monopoly of service providers and removes the reliance on trusted parties. In addition, this paper formalises the public log data structure and provides a formal analysis of the security that DTKI guarantees.



06:17 [Pub][ePrint] Adaptive versus Static Security in the UC Model, by Ivan Damgård and Jesper Buus Nielsen

  We show that for certain class of unconditionally secure protocols and

target functionalities, static security implies adaptive security in the UC

model. Similar results were previously only known for models with

weaker security and/or composition guarantees. The result is, for

instance, applicable to a wide range of protocols based on secret

sharing. It ``explains\'\' why an often used proof technique for such

protocols works, namely where the simulator runs in its head a copy of

the honest players using dummy inputs and generates a protocol

execution by letting the dummy players interact with the

adversary. When a new player $P_i$ is corrupted, the simulator

adjusts the state of its dummy copy of $P_i$ to be consistent with

the real inputs and outputs of $P_i$ and gives the state to the

adversary. Our result gives a characterisation of the cases where this

idea will work to prove adaptive security. As a special case,

we use our framework to give the first proof of adaptive security

of the seminal BGW protocol in the UC framework.



06:17 [Pub][ePrint] A Cryptographic Study of Tokenization Systems, by Sandra D\\\'iaz-Santiago and Lil Mar\\\'ia Rodr\\\'iguez-Henr\\\'iquez and Debrup Chakraborty

  Payments through cards have become very popular in today\'s world. All businesses now have options to receive payments through this instrument, moreover most organizations store card information of its customers in

some way to enable easy payments in future. Credit card data is a very sensitive information and theft of this data is a serious threat to any company. Any organization that stores credit card data needs to achieve payment card industry (PCI) compliance, which is an intricate process where the organization needs to demonstrate that the data it stores is safe. Recently there has been a paradigm shift in treatment of the problem of storage of payment card information. In this new paradigm instead of the real credit card data a token is stored, this process is called ``tokenization\". The token resembles the

credit/debit card number but is in no way related to it. This solution relieves the merchant from the burden of PCI compliance in several ways.

Though tokenization systems are heavily in use, to our knowledge, a formal cryptographic study of this problem has not yet been done. In this paper we initiate a study in this direction. We formally define the syntax of a tokenization system, and several notions of security for such systems. Finally, we provide some constructions of tokenizers and analyze their security in the light of our definitions.





2014-08-10
15:54 [Event][New] Inscrypt 2014: The 10th International Conference on Information Security and Cryptology

  Submission: 31 August 2014
Notification: 7 November 2014
From December 13 to December 15
Location: Beijing, China
More Information: http://www.inscrypt.cn/2014/




2014-08-08
23:09 [Event][New] WCC 2015: The 9th International Workshop on Coding and Cryptography

  Submission: 19 January 2015
Notification: 2 March 2015
From April 13 to April 17
Location: Paris, France
More Information: http://wcc2015.inria.fr/




2014-08-07
17:28 [Event][New] CT-RSA 2015: RSA Conference 2015 Cryptographers' Track

  Submission: 20 October 2014
Notification: 20 December 2014
From April 20 to April 24
Location: San Francisco, USA
More Information: http://www.rsaconference.com/events/us15


16:59 [Job][New] Cryptography Engineer, Nagravision, Cheseaux - Switzerland

  - Conception and definition of cryptographic algorithms (block ciphers, hash functions, asymmetric primitives, protocols)

- Implementation cryptographic primitives and protocols in C/C++/Python languages

- Definitions of related tests for validation

- Definition and implementation of dedicated tools to aid implementation and analysis of cryptographic algorithms

- Work closely with HW design and verification team

- Close collaboration with software teams for system validation

- Working closely with security architects and system architects for definition of requirements

- Follow-up of related academic literature and developments

- Deliver crypto specifications documents to internal teams

- Provide guidance and support to peers in tools and IP design



16:58 [Job][Update] PhD and PostDoc positions in applied cryptography, Radboud University Nijmegen, The Netherlands

  The Digital Security group at the Radboud University Nijmegen invites applications for PhD and PostDoc positions in applied cryptography and embedded security.

The research envisioned is on side-channel cryptanalysis, fault attacks and countermeasures and/or lightweight cryptography (protocols, crypto primitives and implementations).

The project has sufficient funds to support career development, conference visits, summer schools, and similar scientific activities.

Requirements

For PhD students:

Successful candidates must hold an M.Sc. degree (or equivalent) from the university study of Computer Science, Mathematics or Engineering. Applications from students that are expected to finish their master thesis within 1 year will also be considered. Prior background/experience in cryptography and/or computer security is an asset.

For PostDocs:

Applicants should have a Ph.D. and expertise in at least one of the following research areas:

- applied cryptography

- embedded security

- hardware design for cryptography/cryptanalysis

- side-channel analysis and countermeasures

- machine learning and data mining

We expect proven expertise in your area of research by publications at top conferences and journals, some experience with EU projects, student supervision etc.

Conditions of employment

PhD positions are for 4 years, PostDoc positions are for up to 2 years, the expected starting dates are flexible.

Candidates moving to the Netherlands from abroad may qualify for a tax incentive scheme, where 30% of your income is tax-free.

For additional information, see http://www.ru.nl/ds, and for the positions contact:

Lejla Batina (http://www.cs.ru.nl/~lejla/), lejlaATcs.ru.nl



16:58 [Job][New] PhD and PostDoc positions in applied cryptography, Radboud University Nijmegen, The Netherlands

  The Digital Security group at the Radboud University Nijmegen invites

applications for PhD and PostDoc positions in applied cryptography and embedded security.

The research envisioned is on side-channel cryptanalysis, fault attacks and countermeasures and/or lightweight cryptography (protocols, crypto primitives and implementations).

The project has sufficient funds to support career development, conference visits, summer schools, and similar scientific activities.

Requirements

For PhD students:

Successful candidates must hold an M.Sc. degree (or equivalent) from the university study of Computer Science, Mathematics or Engineering. Applications from students that are expected to finish their master thesis within 1 year will also be considered. Prior background/experience in cryptography and/or computer security is an asset.

For PostDocs:

Applicants should have a Ph.D. and expertise in at least one of the following research areas:

- applied cryptography

- embedded security

- hardware design for cryptography/cryptanalysis

- side-channel analysis and countermeasures

- machine learning and data mining

We expect proven expertise in your area of research by publications at top conferences and journals, some experience with EU projects, student supervision etc.

Conditions of employment

PhD positions are for 4 years, PostDoc positions are for up to 2 years, the expected starting dates are flexible.

Candidates moving to the Netherlands from abroad may qualify for a tax incentive scheme, where 30% of your income is tax-free.

For additional information, see http://www.ru.nl/ds, and for the positions contact:

Lejla Batina (http://www.cs.ru.nl/~lejla/), lejlaATcs.ru.nl

<


16:57 [Event][New] EBECEGC2015: The International Conference on Electrical and Bio-medical Engineering, Cle

  Submission: 8 January 2015
From January 28 to January 30
Location: Dubai, UAE
More Information: http://sdiwc.net/conferences/ebecegc2015/




2014-08-05
21:17 [Pub][ePrint] Scalable Zero Knowledge via Cycles of Elliptic Curves, by Eli Ben-Sasson and Alessandro Chiesa and Eran Tromer and Madars Virza

  Non-interactive zero-knowledge proofs of knowledge for general NP statements are a powerful cryptographic primitive, both in theory and in practical applications. Recently, much research has focused on achieving an additional property, succinctness, requiring the proof to be very short and easy to verify. Such proof systems are known as zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs), and are desired when communication is expensive, or the verifier is computationally weak.

Existing zk-SNARK implementations have severe scalability limitations, in terms of space complexity as a function of the size of the computation being proved (e.g., running time of the NP statement\'s decision program). First, the size of the proving key is quasilinear in the upper bound on the computation size. Second, producing a proof requires \"writing down\" all intermediate values of the entire computation, and then conducting global operations such as FFTs.

The bootstrapping technique of Bitansky et al. (STOC \'13), following Valiant (TCC \'08), offers an approach to scalability, by recursively composing proofs: proving statements about acceptance of the proof system\'s own verifier (and correctness of the program\'s latest step). Alas, recursive composition of known zk-SNARKs has never been realized in practice, due to enormous computational cost.

Using new elliptic-curve cryptographic techniques, and methods for exploiting the proof systems\' field structure and nondeterminism, we achieve the first zk-SNARK implementation that practically achieves recursive proof composition. Our zk-SNARK implementation runs random-access machine programs and produces proofs of their correct execution, on today\'s hardware, for any program running time. It takes constant time to generate the keys that support all computation sizes. Subsequently, the proving process only incurs a constant multiplicative overhead compared to the original computation\'s time, and an essentially-constant additive overhead in memory. Thus, our zk-SNARK implementation is the first to have a well-defined, albeit low, clock rate of \"verified instructions per second\".