Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:
To receive your credentials via mail again, please click here.
You can also access the full news archive.
A messaging app that has attracted a lot of attention lately is TextSecure, an app that claims to provide secure instant messaging and has a large number of installations via Google\'s Play Store. It\'s protocol is part of Android\'s most popular aftermarket firmware CyanogenMod. In this paper, we present the first complete description of TextSecure\'s complex cryptographic protocol and are the first to provide a thorough security analysis of TextSecure. Among other findings, we present an Unknown Key-Share Attack on the protocol, along with a mitigation strategy, which has been acknowledged by TextSecure\'s developers. Furthermore, we formally prove that---if our mitigation is applied---TextSecure\'s push messaging can indeed achieve the goals of authenticity and confidentiality.
Serve as a SME (Subject Matter Expert) advising SafeNet customers, partners and prospects on SafeNet Data Protection solutions to secure data while at rest (storage, file and database encryption), in use (hardware security modules, encryption technologies), and in transit (wide area network encryption).
This focused expertise will drive increased revenue for SafeNet StorageSecure, Hardware Security Modules, KeySecure and ProtectV products.
• Experienced in the concepts of Cryptography, Security and PKI
• Experience with Hardware Security Modules (HSM)
• Experience with the concept and practice of Key Management
• Experience with virtualisation products such as VMWare, XEN and HyperV is beneficial, as well as prior involvement with Amazon Web Services
• Strong familiarity with Windows and Linux based systems
• Familiarity with a range of enterprise security solutions would be beneficial as they relate to the wider SafeNet portfolio. These include database encryption, data tokenization, storage encryption, wide area network encryption, and authentication.
The position will require significant travel throughout the EMEA region.
For further information, please contact julia.robson (at) safenet-inc.com
We encourage candidates with an excellent track-record in cryptography and computer security to apply. Please send your application with a CV, a cover letter and two reference letters.
Review starts immediately until suitable candidates have been hired.
functions has been prevalent in complexity theory as well as in computational learning theory, but little attention has been given to
it in the cryptographic context. Recently, Goldreich and
Izsak (2012) have initiated a study of whether cryptographic
primitives can be monotone, and showed that one-way functions can be
monotone (assuming they exist), but a pseudorandom generator cannot.
In this paper, we start by filling in the picture and proving that many
other basic cryptographic primitives cannot be monotone. We then
initiate a quantitative study of the power of negations,
asking how many negations are required. We provide several
lower bounds, some of them tight,
for various cryptographic primitives and building blocks
including one-way permutations, pseudorandom functions, small-bias generators, hard-core predicates, error-correcting codes, and randomness extractors.
Among our results, we highlight the following.
i) Pseudorandom functions can only be computed by circuits
containing at least log n - O(1) negations
(which is optimal up to the additive term).
ii) We prove that error-correcting codes with optimal distance
parameters require log n - O(1) negations (again, optimal up to
the additive term).
iii) Unlike one-way functions, one-way permutations cannot be
iv) We prove a general result for monotone functions,
showing a lower bound on the depth of any
circuit with t negations on the bottom that computes a monotone function f in terms of the monotone
circuit depth of f. This result addresses a question posed by Koroth and Sarma (2014) in the context of the circuit complexity
of the Clique problem.
Our results lead to a few intriguing open problems, and to interesting directions for further research.
at Indocrypt 2008. It was claimed by the authors that this new
stream cipher is designed to overcome all the weaknesses reported
on the alleged RC4 stream cipher. In the design specifications of
RC4+, the authors make use of an 8-bit design parameter called
pad which is fixed to the value 0xAA. The first Distinguishing
Attack on RC4+ based on the bias of its first output byte was shown by Banik et. al. in Indocrypt 2013. In this paper, it was also mentioned that the distinguishing attack would still hold if the pad used in RC4+ is fixed to any even 8-bit constant other than 0xAA. Therefore, the question that arises is whether the design of RC4+ can be protected by fixing the pad parameter to some constant odd value. In this paper, we try to answer this very question. We show that the design is still vulnerable by mounting a distinguishing attack even if the pad is fixed to some constant 8-bit odd value. Surprisingly we find that if the value of the pad is made equal to 0x03, the design provides maximum resistance to distinguishing attacks. Lastly we return to the original cipher i.e. in which pad is set to 0xAA and unearth another bias in the second output byte of the cipher, thereby showing that practical implementations of this cipher should discard the use of the first two output bytes for encryption.
side-channel attacks. However, they can be computationally expensive
when processing a large number of samples. Various compression
techniques have been used very successfully to reduce the data
dimensionality prior to applying template attacks, most notably
Principal Component Analysis (PCA) and Fisher\'s Linear Discriminant
Analysis (LDA). These make the attacks more efficient computationally
and help the profiling phase to converge faster. We show how these
ideas can also be applied to implement stochastic models more
efficiently, and we also show that they can be applied and evaluated
even for more than eight unknown data bits at once.