International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

20:00 [Event][New] IEEE S&P 2015: IEEE Symposium on Security and Privacy

  Submission: 14 November 2014
Notification: 8 February 2015
From May 18 to May 20
Location: Oakland, USA
More Information:

09:05 [Job][New] PhD Student, RMIT University, Melbourne, Australia

  Recently, there has been increasing interest in the paradigm of data mining-as-a-service, where a company lacking of expertise of computation resources outsources its mining needs to the cloud. However, privacy concerns have become a major barrier to the widespread growth of data mining-as-a-service.

We offer one PhD scholarship to support a PhD student to work on a project which aims to explore practical privacy-preserving solutions for cloud data mining-as-a-service. The candidate is expected to submit a PhD thesis based on the research.

Candidates should have a Master degree in Computer Science, Knowledge of cryptographic protocols, data mining algorithms and cloud computing architecture. Publications in database security and privacy will be regarded as an additional merit.

Send your CV and publication record to xun.yi (at)

14:16 [Job][New] Post-Doc Fully Homomorphic Encryption, University of Bristol

  We are looking for Post-Docs for a new project on Fully Homomorphic Encryption (FHE). The goal is to implement, test and improve a number of homomorphic encryption schemes. Previous experience with FHE would be a bonus, but not a necessity. However, the ability to pick up and implement advanced mathematical concepts is a must.

12:17 [Pub][ePrint] Remarks on Quantum Modular Exponentiation and Some Experimental Demonstrations of Shor\'s Algorithm, by Zhengjun Cao and Zhenfu Cao and Lihua Liu

  An efficient quantum modular exponentiation method is indispensible for Shor\'s factoring algorithm. But we find that all descriptions presented by Shor, Nielsen and Chuang, Markov and Saeedi, et al., are flawed. We also remark that some experimental demonstrations of Shor\'s algorithm are misleading, because they violate the necessary condition that the selected number $q=2^s$, where $s$ is the number of qubits used in the first register, must satisfy $n^2 \\leq q < 2n^2$, where $n$ is the large number to be factored.

12:17 [Pub][ePrint] Additively Homomorphic UC commitments with Optimal Amortized Overhead, by Ignacio Cascudo and Ivan Damgård and Bernardo David and Irene Giacomelli and Jesper Buus Nielsen and Roberto Trifiletti

  We propose the first UC secure commitment scheme with (amortized) computational complexity linear in the size of the string committed to. After a preprocessing phase based on oblivious transfer, that only needs to be done once and for all, our scheme only requires a pseudorandom generator and a linear code with efficient encoding. We also construct an additively homomorphic version of our basic scheme using VSS. Furthermore we evaluate the concrete efficiency of our schemes and show that the amortized computational overhead is significantly lower than in the previous best constructions. In fact, our basic scheme has amortised concrete efficiency comparable with previous protocols in the Random Oracle Model even though it is constructed in the plain model.

12:17 [Pub][ePrint] Adaptively Secure UC Constant Round Multi-Party Computation Protocols, by Ivan Damgaard and Antigoni Polychroniadou and Vanishree Rao

  We present an adaptively secure universally composable multiparty computation protocol in the dishonest majority setting. The protocol has a constant number of rounds and communication complexity that depends only on the number of inputs and outputs (and not on the size of the circuit to be computed securely). Such protocols were already known for honest majority. However, adaptive security and constant round was known to be impossible in the stand-alone model and with black-box proofs of security. Here, we solve the problem in the UC model using a set-up assumption. Our protocol is secure assuming LWE is hard and achieved by building a special type of crypto system we call equivocal FHE from LWE. We also build adaptively secure and constant round UC commitment and zero-knowledge proofs (of knowledge) based on LWE.

12:17 [Pub][ePrint] Tweaks and Keys for Block Ciphers: the TWEAKEY Framework, by Jérémy Jean and Ivica Nikolić and Thomas Peyrin

  We propose the TWEAKEY framework with goal to unify the design of tweakable block ciphers and of block ciphers resistant to related-key attacks. Our framework is simple, extends the key-alternating construction, and allows to build a primitive with arbitrary tweak and key sizes, given the public round permutation (for instance, the AES round). Increasing the sizes renders the security analysis very difficult and thus we identify a subclass of TWEAKEY, that we name STK, which solves the size issue by the use of finite field

multiplications on low hamming weight constants. We give very efficient instances of STK, in particular, a 128-bit tweak/key/state block cipher Deoxys-BC that is the first AES-based ad-hoc tweakable block cipher. At the same time, Deoxys-BC could be seen as a secure alternative to AES-256, which is known to be insecure in the related-key model. As another member of the TWEAKEY framework, we describe Kiasu-BC, which is a very simple and even more efficient tweakable variation of AES-128 when the tweak size is limited to 64 bits.

In addition to being efficient, our proposals, compared to the previous schemes that use AES as a black box, offer security beyond the birthday bound. Deoxys-BC and Kiasu-BC represent interesting pluggable primitives for authenticated encryption schemes, for instance, OCB instantiated with Kiasu-BC runs at about 0.75 c/B on Intel Haswell. Our work can also be seen as

advances on the topic of secure key schedule design for AES-like ciphers, describing several proposals in this direction.

09:38 [Job][Update] Tenure-Track Faculty Positions, Shanghai Jiao Tong University, Shanghai, China

  The Laboratory of Cryptology and Computer Security (LoCCS) at the CS Department of Shanghai Jiao Tong University invites applications for several tenure-track faculty positions in the area of cryptology, in particular (but not limited to), authenticated encryptions, leakage-resilient cryptography, side-channel attacks, obfuscation. Candidates are expected to have the following: (1) a PhD in a relevant area; (2) a proven track record (especially publications at top venues); (3) preferably a postdoctoral training for two years or more. Salaries will be globally competitive and commensurate with candidates\\\' accomplishments and experience. Shanghai Jiao Tong University is a member of China\\\'s C9 League and she has one of the country\\\'s best CS schools.

09:34 [Job][New] Post Doc, Université de Caen Basse-Normandie

  Applications are invited a post-doctoral position in pairing-based cryptography at Caen University. The successful applicant will participate in the project SIMPATIC (SIM and PAiring Theory for Information and Communications security) financed by the French governemental research funding agency ANR (Agence Nationale de la Recherche) and organized by Orange Labs, Caen. He/she will be a member of one of the research teams in the Computer Science (GREYC) or Mathematics (LMNO) laboratories at Caen University, France.

The position is open for one year. The starting date can be arranged as convenient, but in any case not later than 1st July 2015.

The partners involved in the SIMPATIC project are the crypto teams of the Laboratoire d\'Informatique de l\'ENS Paris, IMB (Bordeaux), University Paris 8, University Rennes 1, Oberthur, INVIA, STmicroelectronics (Le Mans) and Orange Labs (Caen).

The successful applicant will work on one of the following priorities of the project:

(i) The conception of cryptographic primitives suitable for SIMs and other small supports. Candidates are expected to have a high quality potential in theoretical cryptography. He/she will be expected to interact with members of the Applied Crypto Group (ACG) at Orange Labs (OL) in Caen.

(ii) The study of suitable pairing-friendly curves, both theoretical and algorithmic aspects. Candidates should therefore have a very strong background in relevant number theory and algebraic geometry. Some experience in software implementation (for example in Pari, Magma, Sage, ...) would be useful.

Preference will be given to candidates working on priority (i), but all applications related to the project themes will be examined.

Candidates must hold a PhD thesis or equivalent in mathematics or computer science, together with a strong research record.

15:17 [Forum] [2013 Reports] 2013/235 by Ben.Smyth

  Galindo & Cortier (private communication) have shown that our original presentation of ballot secrecy (ESORICS\'13) is incompatible with verifiability and revision overcomes this limitation. From: 2014-12-10 13:35:30 (UTC)

03:17 [Pub][ePrint] Riding on Asymmetry: Efficient ABE for Branching Programs, by Sergey Gorbunov and Dhinakaran Vinayagamurthy

  In an Attribute-Based Encryption (ABE) a ciphertext, encrypting message $\\mu$, is associated with a public attribute vector $\\vecx$ and a secret key $\\sk_P$ is associated with a predicate $P$. The decryption returns $\\mu$ if and only if $P(\\vecx) = 1$. ABE provides efficient and simple mechanism for data sharing supporting fine-grained access control. Moreover, it is used as a critical component in constructions of succinct functional encryption, reusable garbled circuits, token-based obfuscation and more.

In this work, we describe a new efficient ABE scheme for a family of branching programs with short secret keys over a small ring. In particular, in our constriction the size of the secret key for a branching program $P$ is $|P| + \\poly(\\secp)$, where $\\secp$ is the security parameter. Our construction is secure assuming $n^{\\omega(1)}$-hardness of standard Learning With Errors (LWE) problem, resulting in small ring modulo. Previous constructions relied on $n^{O(\\log n)}$-hardness of LWE (resulting in large ring modulo) or had large secret keys of size $|P| \\times \\poly(\\secp)$. We rely on techniques developed by Boneh et al. (EUROCRYPT\'14) and Brakerski et al. (ITCS\'14) in the context of ABE for circuits and fully-homomorphic encryption.