International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

17:42 [Job][New] Junior professorship with tenure track in computer algebra, University of Ulm, Germany

  A successful candidate should be an excellent young researcher with a focus in computeralgebra specializing for example in number theory, algebraic geometry, cryptography, combinatorics, or symbolic computation. Collaboration within the university and as well as the acquisition of third party funding is desired.

10:17 [Pub][ePrint] Balanced Encoding to Mitigate Power Analysis: A Case Study, by Cong Chen and Thomas Eisenbarth and Aria Shahverdi and Xin Ye

  Most side channel countermeasures for software implementations of cryptography either rely on masking or randomize the execution

order of the cryptographic implementation. This work proposes a countermeasure that has constant leakage in common linear leakage models.

Constant leakage is achieved not only for internal state values, but also for

their transitions. The proposed countermeasure provides perfect protection in the theoretical leakage model. To study the practical relevance of

the proposed countermeasure, it is applied to a software implementation

of the block cipher Prince. This case study allows us to give realistic values

for resulting implementation overheads as well as for the resulting side

channel protection levels that can be achieved in realistic implementation


10:17 [Pub][ePrint] The Related-Key Security of Iterated Even-Mansour Ciphers, by Pooya Farshim and Gordon Procter

  The simplicity and widespread use of blockciphers based on the iterated Even--Mansour (EM) construction has sparked recent interest in the theoretical study of their security. Previous work has established their strong pseudorandom permutation and indifferentiability properties, with some matching lower bounds presented to demonstrate tightness. In this work we initiate the study of the EM ciphers under related-key attacks which, despite extensive prior work, has received little attention. We show that the simplest one-round EM cipher is strong enough to achieve non-trivial levels of RKA security even under chosen-ciphertext attacks. This class, however, does not include the practically relevant case of offsetting keys by constants. We show that two rounds suffice to reach this level under chosen-plaintext attacks and that three rounds can boost security to resist chosen-ciphertext attacks. We also formalize how indifferentiability relates to RKA security, showing strong positive results despite counterexamples presented for indifferentiability in multi-stage games.

22:01 [Conf][AC] Asiacrypt proceedings available

  The proceedings for Asiacrypt 2014 are now available from Springer. As a reminder, all IACR proceedings in the last 4 years are freely available online to IACR members. To access them, simply enter your IACR credentials at

21:00 [Job][New] Post-Doc, University of Luxembourg

  The position arises from a recently awarded joint project with the University of Nancy and ENS Cachin Paris. The postdoc position involves the study of process equivalences to model the security of protocols employing weak secrets, such as voting and password based protocols.

Further details on these positions and their requirements are available at the following urls:

The research will be conducted at the Interdisciplinary Centre for Security, Reliability and Trust (SnT) in the research group ApSIA (Applied Security and Information Assurance) headed by Prof. Dr. Peter Y.A Ryan. Contact Prof Ryan, peter.ryan (at), for more information.

The University offers highly competitive salaries and is an equal opportunity employer.

19:17 [Pub][ePrint] Tree-Structured Composition of Homomorphic Encryption: How to Weaken Underlying Assumptions, by Koji Nuida and Goichiro Hanaoka and Takahiro Matsuda

  Cryptographic primitives based on infinite families of progressively weaker assumptions have been proposed by Hofheinz-Kiltz and by Shacham (the n-Linear assumptions) and by Escala et al. (the Matrix Diffie-Hellman assumptions). All of these assumptions are extensions of the decisional Diffie-Hellman (DDH) assumption. In contrast, in this paper, we construct (additive) homomorphic encryption (HE) schemes based on a new infinite family of assumptions extending the decisional Composite Residuosity (DCR) assumption. This is the first result on a primitive based on an infinite family of progressively weaker assumptions not originating from the DDH assumption. Our assumptions are indexed by rooted trees, and provides a completely different structure compared to the previous extensions of the DDH assumption.

Our construction of a HE scheme is generic; based on a tree structure, we recursively combine copies of building-block HE schemes associated to each leaf of the tree (e.g., the Paillier cryptosystem, for our DCR-based result mentioned above). Our construction for depth-one trees utilizes the \"share-then-encrypt\" multiple encryption paradigm, modified appropriately to ensure security of the resulting HE schemes. We prove several separations between the CPA security of our HE schemes based on different trees; for example, the existence of an adversary capable of breaking all schemes based on depth-one trees, does not imply an adversary against our scheme based on a depth-two tree (within a computational model analogous to the generic group model). Moreover, based on our results, we give an example which reveals a type of \"non-monotonicity\" for security of generic constructions of cryptographic schemes and their building-block primitives; if the building-block primitives for a scheme are replaced with other ones secure under stronger assumptions, it may happen that the resulting scheme becomes secure under a weaker assumption than the original.

19:17 [Pub][ePrint] Modified Alternating Step Generators with Non-Linear Scrambler, by Robert Wicik and Tomasz Rachwalik and RafaƂ Gliwa

  Pseudorandom generators, which produce keystreams for stream ciphers by the exclusive-or sum of output bits from alternately clocked linear feedback shift registers, are vulnerable to cryptanalysis. In order to increase their resistance to attacks, we introduce a nonlinear scrambler at the output of these generators. The role of the scrambler plays the nonlinear feedback shift register. In addition, we propose the Modified Alternating Step Generator (MASG1S) built with the nonlinear scrambler and regularly or irregularly clocked linear feedback shift registers with nonlinear filtering functions.

23:51 [Job][New] PhD students and Postdoctoral Fellowships in Post-Quantum Cryptography, University of Waterloo

  The Institute for Quantum Computing and the Centre for Applied Cryptographic Research at the University of Waterloo seek qualified applicants for postdoctoral fellowships and graduate student positions in post-quantum cryptography, in particular in public-key cryptography based on computational assumptions believed to be secure against quantum computers (e.g. systems based on lattices, error-correcting codes codes, multivariate functions, elliptic curve isogenies, and also signature schemes based on hash-functions).

Projects may include studying new attacks (classical or quantum) on proposed systems, improved implementation methods for such systems, and reductions or equivalences between candidate post-quantum systems.

Successful applications will join a broad team of leading researchers in quantum computing and applied cryptography. They will also be able to take advantage of the CryptoWorks21 supplementary training program, which develops the technical and professional skills and knowledge needed to create cryptographic solutions that will be safe in a world with quantum computing technologies.

13:17 [Pub][ePrint] EUF-CMA-Secure Structure-Preserving Signatures on Equivalence Classes, by Georg Fuchsbauer and Christian Hanser and Daniel Slamanig

  At ASIACRYPT\'14 Hanser and Slamanig proposed a new primitive called structure-preserving signatures on equivalence classes (SPS-EQ) and used it to construct very efficient attribute-based anonymous credentials. They also presented a candidate construction of an SPS-EQ scheme and claimed that the scheme was existentially unforgeable under adaptive chosen message attacks (EUF-CMA). Fuchsbauer has however recently shown that the construction is insecure under adaptive queries and consequently the security claim is invalid. We fix this issue by providing an EUF-CMA-secure construction of an SPS-EQ, which is also more efficient than the original construction in every respect. We prove our scheme secure in the generic group model for Type-3 bilinear groups.

13:17 [Pub][ePrint] Boomerang Attack on Step-Reduced SHA-512, by Hongbo Yu, Dongxia Bai

  SHA-2 (SHA-224, SHA-256, SHA-384 and SHA-512) is hash function family issued by the National Institute of Standards and Technology (NIST) in 2002 and is widely used all over the world. In this work, we analyze the security of SHA-512 with respect to boomerang attack. Boomerang distinguisher on SHA-512 compression function reduced to 48 steps is proposed, with a practical complexity of $2^{51}$. A practical example of the distinguisher for 48-step SHA-512 is also given. As far as we know, it is the best practical attack on step-reduced SHA-512.

13:17 [Pub][ePrint] On a new fast public key cryptosystem, by Samir Bouftass.

  This paper presents a new fast public key cryptosystem namely : A key exchange algorithm, a public key encryption algorithm and a digital signature algorithm, based on a the difficulty to invert the following function :

$F(X) =(A\\times X)Mod(2^r)Div(2^s)$ .\\\\* Mod is modulo operation , Div is integer division operation , A , r and s are known natural numbers while $( r > s )$ .\\\\* In this paper it is also proven that this problem is equivalent to SAT problem which is NP complete .