International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

13:17 [Pub][ePrint] Improving the Polynomial time Precomputation of Frobenius Representation Discrete Logarithm Algorithms - Simplified Setting for Small Characteristic Finite Fields, by Antoine Joux and Cécile Pierrot

  In this paper, we revisit the recent small characteristic discrete logarithm algorithms. We show that a simplified description of the algorithm, together with some additional ideas, permits to obtain an improved complexity for the polynomial time precomputation that arises during the discrete logarithm computation. With our new improvements, this is reduced to O(q^6), where q is the cardinality of the basefield we are considering. This should be compared to the best currently documented complexity for this part, namely O(q^7). With our simplified setting, the complexity of the precomputation in the general case becomes similar to the complexity known for Kummer (or twisted Kummer) extensions.

13:17 [Pub][ePrint] Indistinguishability Obfuscation for Turing Machines with Unbounded Memory, by Venkata Koppula and Allison Bishop Lewko and Brent Waters

  We show how to build indistinguishability obfuscation (iO) for Turing Machines where the overhead is polynomial in the security parameter lambda, machine description |M| and input size |x| (with only a negligible correctness error). In particular, we avoid growing polynomially with the maximum space of a computation. Our construction is based on iO for circuits, one way functions and injective pseudo random generators.

Our results are based on new \'\'selective enforcement\'\' techniques. Here we first create a primitive called positional accumulators that allows for a small commitment to a much larger storage. The commitment is unconditionally sound for a select piece of the storage. This primitive serves as an \'\'iO-friendly\'\' tool that allows us to make two different programs equivalent at different stages of a proof. The pieces of storage that are selected depend

on what hybrid stage we are at in a proof.

We first build up our enforcement ideas in a simpler context of \'\'message hiding encodings\'\' and work our way up to indistinguishability obfuscation.

13:17 [Pub][ePrint] Road-to-Vehicle Communications with Time-Dependent Anonymity: A Light Weight Construction and its Experimental Results, by Keita Emura and Takuya Hayashi

  This paper describes techniques that enable vehicles to collect local information (such as road conditions and traffic information) and report it via road-to-vehicle communications. To exclude malicious data, the collected information is signed by each vehicle. In this communications system, the location privacy of vehicles must be maintained. However, simultaneously linkable information (such as travel routes) is also important. That is, no such linkable information can be collected when full anonymity is guaranteed through the use of cryptographic tools such as group signatures. Similarly, continuous linkability (via pseudonyms, for example) may also cause problem from the viewpoint of privacy.

In this paper, we propose a road-to-vehicle communication system with relaxed anonymity by considering time-dependent linking properties via group signatures with time-token dependent linking (GS-TDL). These techniques are used to construct an anonymous time-dependent authentication system via GS-TDL. Briefly, a vehicle is unlinkable unless it generates multiple signatures simultaneously. In addition, we describe vulnerability in the anonymous authentication system proposed by Wu, Domingo-Ferrer and Gonz{\\\'a}lez-Nicol{\\\'a}s (IEEE T. Vehicular Technology 2010), where an unauthorized individual can create a valid group signature without using signing key. Moreover, our GS-TDL scheme supports verifier-local revocation (VLR), which maintains constant signing and verification costs by using the linkable part of signatures. These appear to be related to independent interests. Finally, we provide our experimental results (using the TEPLA library) and confirm that our system is feasible in practice.

18:03 [Job][New] Post-Doc (Research Fellow), University of Birmingham

  This position will be part of the EPSRC-funded project: “SCEPTICS: A SystematiC Evaluation Process for Threats to Industrial Control Systems”. In this project we will work with the UK\'s National Grid and Rail Safety and Standards Board to perform a detailed security analysis of their systems, looking for possible points of cyber attack and building an understanding of the impact of possible failures.

The postdoc will work primarily on the modelling and analysis of Rail and Power industrial control systems. Other researchers involved in this project are Dr Tom Chothia and Prof Mark Ryan in the Security and Privacy Group, as well as Prof. Clive Roberts in Birmingham\'s Rail Research Group, and Prof. Xiao-Ping Zhang in Birmingham’s Power Research Group.

Candidates must have, or be about to receive, a PhD in Computer Science. Experience in cyber security, formal security analysis of systems, and/or industrial control systems will be a plus. The position is for 2 years at Grade 7, and will pay £30,4341 p.a. The closing date for applications is the 1st of Dec. 2014 and the start date will be in early 2015 (negotiable). To apply please go to For informal enquires please contact Dr. Tom Chothia (T.Chothia (at)

The Security and Privacy Group at the University of Birmingham is a GCHQ Academic Centre of Excellence in Cyber-Security. Other research programs in the group include work on the formal verification of systems, security of hardware devices, detection of backdoors, and designs for privacy in the cloud. The School of Computer Science at the University of Birmingham is on of the leading Computer Science departments in the UK; the Guardian newspaper ranked it as the best UK computer science department overall for 2014.

18:03 [Job][New] PhD student, Swedish Institute of Computer Science, Security Lab and Lund University

  We are looking for an excellent, motivated, self-driven PhD student to work in the area of cloud computing with a focus on security, privacy and trusted computing. The position is for four years and the main aim of the PhD project is to develop security protocols for cloud environments and specifically for IaaS and PaaS.

The successful candidate is expected to perform research on the aforementioned areas based on their experience and research interests. They must have strong background in Computer Science and/or Mathematics. They are expected to publish articles in well-known security related conferences and journals. Although all applications will be carefully evaluated, candidates with prior publications as well as research experience in the following areas are specifically encouraged to apply: cloud computing, security and privacy in cloud environments, trusted computing and applied cryptography.

Candidates should fulfill the following requirements:

- A Master degree in Computer Science;

- Knowledge of Cryptographic Protocols;

- Trusted Computing;

- Cloud Computing Architecture;

- Good Academic Writing and Presentation Skills;

- Good Social and Organizational Skills;

Publications in security and privacy will be regarded as an additional merit.

The Security Lab in SICS intends to increase the number of women in those areas where they are underrepresented. Therefore women are explicitly encouraged to apply.

Details about Employment

PhD student positions are limited to four years and the starting salary is 27.000 SEK a month before taxes.

07:17 [Pub][ePrint] The Trojan Method in Functional Encryption: From Selective to Adaptive Security, Generically, by Prabhanjan Ananth, Zvika Brakerski, Gil Segev, Vinod Vaikuntanathan

  In a functional encryption (FE) scheme, the owner of the secret key can generate restricted decryption keys that allow users to learn specific functions of the encrypted messages and nothing else. In many known constructions of FE schemes, such a notion of security is guaranteed only for messages that are fixed ahead of time (i.e., before the adversary even interacts with the system). This is called selective security, which is too restrictive for many realistic applications. Achieving adaptive security (also called full security), where security is guaranteed even for messages that are adaptively chosen at any point in time, seems significantly more challenging. The handful of known fully-secure schemes are based on specifically tailored techniques that rely on strong assumptions (such as obfuscation assumptions or multilinear maps assumptions).

In this paper we show that any sufficiently expressive selectively-secure FE scheme can be transformed into a fully secure one without introducing any additional assumptions. We present a direct black-box transformation, making novel use of hybrid encryption, a classical technique that was originally introduced for improving the efficiency of encryption schemes, combined with a new technique we call the Trojan Method. This method allows to embed a secret execution thread in the functional keys of the underlying scheme, which will only be activated within the proof of security of the resulting scheme.As another application of the Trojan Method, we show how to construct functional encryption schemes for arbitrary circuits starting from ones for shallow circuits (NC1 or even TC0).

07:17 [Pub][ePrint] Web Tap Payment Authentication and Encryption With Zero Customer Effort, by Henry Ng

  We propose a public-key authentication and encryption application that secures the messages between Tap-Card-Pay application, Tap-Card-Pay Systems Corporation, customers, and merchants allowing the customer to complete transactions without requiring the customer to input sensitive information. With authentication and encryption, the application transfers the credit card information from the smartphone\'s near field communication device onto the merchant webpage. Security weaknesses are also presented to show how to attack this design.

07:17 [Pub][ePrint] Experimenting with Shuffle Block Cipher and SMT Solvers, by Martin Stanek

  We experiment with the block cipher proposed by Hoang, Morris, and Rogaway. The cipher is based on swap-or-not shuffle, and we call it the Shuffle Block Cipher. We show how the cipher can be translated into SMT-LIB v2 format, suitable for automated solving by SMT solvers. We compare performance of various SMT solvers on the encryption and known plaintext attack problems. Simple cryptanalysis of the Shuffle Block Cipher with artificially small parameters indicate that this approach cannot be used to attack \"real instances\" of the cipher.

07:17 [Pub][ePrint] Simpler and More Efficient Rank Estimation for Side-Channel Security Assessment, by Cezary Glowacz and Vincent Grosso and Romain Poussier and Joachim Schueth and François-Xavier Standaert

  Rank estimation algorithms allow analyzing the computational security of cryptographic keys for which adversaries have obtained partial information thanks to leakage or cryptanalysis. They are particularly useful in side-channel security evaluations, where the key is known by the evaluator but not reachable with exhaustive search. A first instance of such algorithms has been proposed at Eurocrypt 2013. In this paper, we propose a new tool for rank estimation that is conceptually simpler and much more efficient than this previous proposal. It allows approximating the key rank of (128-bit, 256-bit) symmetric keys with very tight bounds (i.e. with less than one bit of error), almost instantaneously and with limited memory. It also scales nicely to larger (e.g. asymmetric) key sizes, for which the previous algorithm was hardly applicable.

07:17 [Pub][ePrint] Batch NFS, by Daniel J. Bernstein and Tanja Lange

  This paper shows, assuming standard heuristics regarding the number-field sieve, that a \"batch NFS\" circuit of area L^{1.181...+o(1)} factors L^{0.5+o(1)} separate B-bit RSA keys in time L^{1.022...+o(1)}. Here L=exp((log 2^B)^{1/3}(log log 2^B)^{2/3}). The circuit\'s area-time product (price-performance ratio) is just L^{1.704...+o(1)} per key. For comparison, the best area-time product known for a single key is L^{1.976...+o(1)}.

This paper also introduces new \"early-abort\" heuristics implying that \"early-abort ECM\" improves the performance of batch NFS by a superpolynomial factor, specifically exp((c+o(1))(log 2^B)^{1/6}(log log 2^B)^{5/6}) where c is a positive constant.

20:58 [Event][New] ACISP 2014: 20th Australasian Conference on Information Security and Privacy

  Submission: 9 February 2015
Notification: 6 April 2015
From June 30 to July 1
Location: Brisbane, Australia
More Information: