International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

06:17 [Pub][ePrint] Quantum Bit Commitment with Application in Quantum Zero-Knowledge Proof, by Dongdai Lin and Yujuan Quan and Jian Weng and Jun Yan

  Watrous (STOC 2006) proved that plugging classical bit commitment scheme that is secure against quantum attack into the GMW-type construction of zero-knowledge gives a classical zero-knowledge proof that is secure against quantum attack. In this paper, we showed that plugging quantum bit commitment scheme (allowing quantum computation and communication) into the GMW-type construction also gives a quantum zero-knowledge proof, as one expects. However, since the binding condition of quantum bit commitment scheme is inherently different from its classical counterpart, compared with Watrous\' security proof, here we encounter new difficulty in soundness analysis. To overcome the difficulty, we take a geometric approach, managing to reduce quantum soundness analysis to classical soundness analysis.

We also propose a formalization of non-interactive quantum bit commitment scheme, which may come in handy in other places. Moreover, inspired by our formalization, we generalize Naor\'s construction of bit commitment scheme to the quantum setting, achieving non-interactive commit stage.

We hope quantum bit commitment scheme can find more applications in quantum cryptography.

06:17 [Pub][ePrint] Classification of the CAESAR Candidates, by Farzaneh Abed and Christian Forler and Stefan Lucks

  In this work we give an overview of the candidates submitted to the

CAESAR competition which are not withdrawn yet. Furthermore, we

propose a classification with regard to their core primitives that

includes several design characteristics.

06:17 [Pub][ePrint] Robust Authenticated-Encryption: AEZ and the Problem that it Solves, by Viet Tung Hoang and Ted Krovetz and Phillip Rogaway

  With a scheme for \\textit{robust} authenticated-encryption a user can select an arbitrary value $\\lambda \\ge 0$ and then encrypt a plaintext of any length into a ciphertext that\'s $\\lambda$ characters longer. The scheme must provide all the privacy and authenticity possible for the requested~$\\lambda$. We formalize and investigate this idea, and construct a well-optimized solution, AEZ, from the AES round function. Our scheme encrypts strings at almost the same rate as OCB-AES or CTR-AES (on Haswell, AEZ has a peak speed of about 0.7 cpb). To accomplish this we employ an approach we call \\textit{accelerated} provable security: the scheme is designed and proven secure in the provable-security tradition, but, to improve speed, one instantiates by scaling down most instances of the underlying primitive.

06:17 [Pub][ePrint] Efficient Identity-Based Encryption over NTRU Lattices, by Léo Ducas and Vadim Lyubashevsky and Thomas Prest

  Efficient implementations of lattice-based cryptographic schemes have been limited to only the most basic primitives like encryption and digital signatures. The main reason for this limitation is that at the core of many advanced lattice primitives is a trapdoor sampling algorithm(Gentry, Peikert, Vaikuntanathan, STOC 2008) that produced outputs that were too long for practical applications.

In this work, we show that using a particular distribution over NTRU lattices can make GPV-based schemes suitable for practice. More concretely, we present the first lattice-based IBE scheme with practical parameters - key and ciphertext sizes are between two and four kilobytes, and all encryption and decryption operations take approximately one millisecond on a moderately-powered laptop.

As a by-product, we also obtain digital signature schemes which are shorter than the previously most-compact ones of Ducas, Durmus, Lepoint, and Lyubashevsky from Crypto 2013.

06:17 [Pub][ePrint] SPHINCS: practical stateless hash-based signatures, by Daniel J. Bernstein and Daira Hopwood and Andreas Hülsing and Tanja Lange and Ruben Niederhagen and Louiza Papachristodoulou and Peter Schwabe a

  This paper introduces a high-security post-quantum stateless hash-based signature scheme that signs hundreds of messages per second on a modern 4-core 3.5GHz Intel CPU. Signatures are 41~KB, public keys are 1~KB, and private keys are 1~KB. The signature scheme is designed to provide long-term $2^{128}$ security even against attackers equipped with quantum computers. Unlike most hash-based designs, this signature scheme is stateless, allowing it to be a drop-in replacement for current signature schemes.

06:17 [Pub][ePrint] Distributed Cryptography Based on the Proofs of Work, by Marcin Andrychowicz and Stefan Dziembowski

  Motivated by the recent success of Bitcoin we study the question of constructing distributed cryptographic protocols in a fully peer-to-peer scenario (without any trusted setup) under the assumption that the adversary has limited computing power. We propose a formal model for this scenario and then we construct the following protocols working in it:

(i) a broadcast protocol secure under the assumption that the honest parties have computing power that is some non-negligible fraction of computing power of the adversary (this fraction can be small, in particular it can be much less than 1/2),

(ii) a protocol for identifying a set of parties such that the majority of them is honest, and every honest party belongs to this set (this protocol works under the assumption that the majority of computing power is controlled by the honest parties).

Our broadcast protocol can be used to generate an unpredictable beacon (that can later serve, e.g., as a genesis block for a new cryptocurrency). The protocol from Point (ii) can be used to construct arbitrary multiparty computation protocols. Our main tool for checking the computing power of the parties are the Proofs of Work (Dwork and Naor, CRYPTO 92). Our broadcast protocol is built on top of the classical protocol of Dolev and Strong (SIAM J. on Comp. 1983). Although our motivation is mostly theoretic, we believe that our ideas can lead to practical implementations (probably after some optimizations and simplifications). We discuss some possible applications of our protocols at the end of the paper.

06:17 [Pub][ePrint] Tightly-Secure Authenticated Key Exchange, by Christoph Bader and Dennis Hofheinz and Tibor Jager and Eike Kiltz and Yong Li

  We construct the first Authenticated Key Exchange (AKE) protocol whose security does not degrade with an increasing number of users or sessions. We describe a three-message protocol and prove security in an enhanced version of the classical Bellare-Rogaway security model.

Our construction is modular, and can be instantiated efficiently from standard assumptions (such as the SXDH or DLIN assumptions in pairing-friendly groups). For instance, we provide an SXDH-based protocol whose communication complexity is only 14 group elements and 4 exponents (plus some bookkeeping information).

Along the way we develop new, stronger security definitions for digital signatures and key encapsulation mechanisms. For instance, we introduce a security model for digital signatures that provides existential unforgeability under chosen-message attacks in a multi-user setting with adaptive corruptions of secret keys. We show how to construct efficient schemes that satisfy the new definitions with tight security proofs under standard assumptions.

06:17 [Pub][ePrint] Multi-Identity and Multi-Key Leveled FHE from Learning with Errors, by Michael Clear and Ciar\\\'{a}n McGoldrick

  Gentry, Sahai and Waters recently presented the first (leveled) identity-based fully homomorphic (IBFHE) encryption scheme (CRYPTO 2013). Their scheme however only works in the single-identity setting; that is, homomorphic evaluation can only be performed on ciphertexts created with the same identity. In this work, we extend their results to the multi-identity setting and obtain a multi-identity IBFHE scheme that is selectively secure in the random oracle model under the hardness of Learning with Errors (LWE). We also obtain a multi-key fully-homomorphic encryption (FHE) scheme that is secure under LWE in the standard model. This is the first multi-key FHE based on a well-established assumption such as standard LWE. The multi-key FHE of L\\\'{o}pez-Alt, Tromer and Vaikuntanathan (STOC 2012) relied on a non-standard assumption, referred to as the Decisional Small Polynomial Ratio assumption.

06:17 [Pub][ePrint] Verifiable Random Functions from Weaker Assumptions, by Tibor Jager

  Constructing a verifiable random function (VRF) with large input space and full adaptive security from a static complexity assumption, like decisional Diffie-Hellman for instance, has proven to be a challenging task. To date it is not even clear that such a VRF exists. Most known constructions either allow only a small input space of polynomially-bounded size, or do not achieve full adaptive security under a static complexity assumption.

The only known constructions without these restrictions are based on non-static, so-called \"q-type\" assumptions, which are parametrized by an integer q. Since q-type assumptions get stronger with larger q, it is desirable to have q as small as possible. In current constructions q is a polynomial (Hohenberger and Waters, Eurocrypt 2010) or at least linear (Boneh et al., CCS 2010) in the security parameter.

We construct a relatively simple and efficient verifiable random function, based on a q-type assumption where q is only logarithmic in the security parameter. We also describe a verifiable unpredictable function from a similar, but weaker assumption. Both constructions have full adaptive security and large input spaces.

06:17 [Pub][ePrint] Efficient Pairings and ECC for Embedded Systems, by Thomas Unterluggauer and Erich Wenger

  The research on pairing-based cryptography brought forth a wide range of protocols interesting for future embedded applications. One significant obstacle for the widespread deployment of pairing-based cryptography are its tremendous hardware and software requirements. In this paper we present three side-channel protected hardware/software designs for pairing-based cryptography yet small and practically fast: our plain ARM Cortex-M0+-based design computes a pairing in less than one second. The utilization of a multiply-accumulate instruction-set extension or a light-weight drop-in hardware accelerator that is placed between CPU and data memory improves runtime up to six times. With a 10.1 kGE large drop-in module and a 49 kGE large platform, our design is one of the smallest pairing designs available. Its very practical runtime of 162 ms for one pairing on a 254-bit BN curve and its reusability for other elliptic-curve based crypto systems offer a great solution for every microprocessor-based embedded application.

09:44 [Job][New] Associate professor (lecturer) in Computer Security., University of Birmingham, UK

  This is a permanent research and teaching position in one of UK\'s top research-led universities. The Security and Privacy group undertakes research in all fields related to information and cyber security,

privacy, cryptography, etc.