International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

15:21 [Job][New] PhD Student, ETH Zurich, Switzerland

  The Cryptography Group at ETH Zurich, led by Prof. Ueli Maurer, has an open position for a PhD student in the general field of Cryptography. Candidates with an excellent Master\'s degree in Mathematics, Computer Science, or a related field, and with good English skills (written and spoken), are invited to apply.

15:24 [Job][New] Postdoc position, Royal Institute of Technology, Stockholm, Sweden

  The Department of Electronic Systems at the School of Information and Communication Technology, Royal Institute of Technology (KTH), seeks qualified applicants for a postdoctoral position in secure and trustworthy hardware. The research will be focused on developing efficient cryptographic solutions for hardware applications as well as on providing assurance of the new security solutions.

The candidate must hold a PhD Degree in computer science or computer engineering and have top grades.

Send following documents to the contact person (in pdf) :

- Curriculum Vitae

- List of publications

- Poof of English proficiency

- PhD degree and transcripts (translation if the original is not in English)

- Research proposal (1 page) describing the research you would like to do

- Names and contact details of 2 referees

KTH offers highly competitive salaries and is an equal opportunity employer.

10:17 [Pub][ePrint] Improved Linear (hull) Cryptanalysis of Round-reduced Versions of SIMON, by Danping Shi and Lei Hu and Siwei Sun and Ling Song and Kexin Qiao and Xiaoshuang Ma

  SIMON is a family of lightweight block ciphers designed by the U.S. National Security Agency (NSA) that has attracted much attention since its publication in 2013.

In this paper, we thoroughly investigate the properties of linear approximations of the bitwise AND operation with dependent input bits. By using a Mixed-integer Linear Programming based technique presented in Aasicrypt 2014 for automatic search for characteristics, we obtain improved linear characteristics for several versions of the SIMON family. Moreover, by employing a recently published method for automatic enumeration of differential and linear characteristics by Sun et. al., we present an improved linear hull analysis of some versions of the SIMON family, which are the best results for linear cryptanalysis of SIMON published so far.

Specifically, for SIMON$128$, where the number denotes the block length, a 34-round linear characteristic with correlation $2^{-61}$ is found, which is the longest linear characteristic that can be used in a key-recovery attack for SIMON$128$ published so far. Besides, several linear hulls superior to the best ones known previously are presented as follows: linear hulls for the 13-round SIMON$32$ with potential $2^{-30.19}$ versus previous $2^{-31.69}$, for the 15-round SIMON$48$ with potential $2^{-42.28}$ versus previous $2^{-44.11}$ and linear hulls for the 21-round SIMON$64$ with potential $2^{-61.10}$ versus previous $2^{-62.53}$.

10:17 [Pub][ePrint] Non-Linearity and Affine Equivalence of Permutations, by P R Mishra, Indivar Gupta and N Rajesh Pillai

  In this paper we consider permutations on n symbols as bijections

on Z/nZ. Treating permutations this way facilitates us with additional

structures such as group, ring defined in the set Z/nZ. We explore

some of the properties of permutations arising out of this treatment.

We propose two properties viz. affine equivalence and non-linearity for permutations on the lines similar to there description given in the case of functions. We also establish some results which are quite similar to those given for Boolean functions. We also define Mode Transform of a permutation and investigate its relationship with non-linearity.

We propose an efficient algorithm using Mode transform for computing non-linearity of a permutation and show that it is O(n^2), as

compared to O(n^3) of the direct approach. At the end we discuss

these properties in the context of cryptography.

10:17 [Pub][ePrint] Cryptanalysis of Two Candidate Fixes of Multilinear Maps over the Integers, by Jean-Sebastien Coron and Tancrede Lepoint and Mehdi Tibouchi

  Shortly following Cheon, Han, Lee, Ryu and Stehle attack against the multilinear map of Coron, Lepoint and Tibouchi (CLT), two independent approaches to thwart this attack have been proposed on the cryptology ePrint archive, due to Garg, Gentry, Halevi and Zhandry on the one hand, and Boneh, Wu and Zimmerman on the other. In this short note, we show that both countermeasures can be defeated in polynomial time using extensions of the Cheon et al. attack.

10:17 [Pub][ePrint] Geppetto: Versatile Verifiable Computation, by Craig Costello and Cédric Fournet and Jon Howell and Markulf Kohlweiss and Benjamin Kreuter and Michael Naehrig and Bryan Parno and Samee Zahur

  Cloud computing sparked interest in Verifiable Computation protocols, which allow a weak client to securely outsource computations to remote parties. Recent work has dramatically reduced the client\'s cost to verify the correctness of results, but the overhead to produce proofs largely remains impractical.

Geppetto introduces complementary techniques for reducing prover overhead and increasing prover flexibility. With Multi-QAPs, Geppetto reduces the cost of sharing state between computations (e.g., for MapReduce) or within a single computation by up to two orders of magnitude. Via a careful instantiation of cryptographic primitives, Geppetto also brings down the cost of verifying outsourced cryptographic computations (e.g., verifiably computing on signed data); together with Geppetto\'s notion of bounded proof bootstrapping, Geppetto improves on prior bootstrapped systems by five orders of magnitude, albeit at some cost in universality. Geppetto also supports qualitatively new properties like verifying the correct execution of proprietary (i.e., secret) algorithms. Finally, Geppetto\'s use of energy-saving circuits brings the prover\'s costs more in line with the program\'s actual (rather than worst-case) execution time.

Geppetto is implemented in a full-fledged, scalable compiler that consumes LLVM code generated from a variety of apps, as well as a large cryptographic library.

10:17 [Pub][ePrint] Secure Lightweight Entity Authentication with Strong PUFs: Mission Impossible II, by Jeroen Delvaux and Dawu Gu and Roel Peeters and Ingrid Verbauwhede

  Physically unclonable functions (PUFs) exploit the unavoidable manufacturing variations of an integrated circuit (IC). Their input-output behavior serves as a unique IC \'fingerprint\'. Therefore, they have been envisioned as an IC authentication mechanism, in particular the subclass of so-called strong PUFs. The protocol proposals are typically accompanied with two PUF promises: lightweight and an increased resistance against physical attacks. In our prior CHES 2014 manuscript, we reviewed eight proposals in chronological order. This work comprehends a sequel. Most notably, five additional strong PUF protocols are included in our large-scale overview-analysis. Again, numerous security and practicality issues are revealed. Furthermore, we improve the transparency of our analysis by explicitly listing protocol requirements. These can also be used as a guideline for future protocol design. Finally, token privacy has been included in the analysis.

07:00 [Job][New] Postdoc fellow, Zhejiang University City College

  one postdoc position is opening at Zhejiang University City College, Hangzhou, CHINA. The position is centered on design, implementation and applications of cryptographic algorithms and protocols in the cloud computing and database management systems. The University offers highly competitive salaries and is an equal opportunity employer.

If you are interested in this position, please send your CV and recent 3-publication to zhuhf (at)

07:00 [Job][New] 6 Ph.D. students and 2 Post-docs, Cosic, KU Leuven, Belgium


COSIC’s research focus lays in the design, evaluation and implementation of cryptographic algorithms and protocols, the development of security architectures for information and communication systems, the development of security mechanisms for embedded systems and the design and analysis of privacy preserving systems.

COSIC is looking for 8 motivated researchers who fit into following profiles:

  • PhD candidate in public key cryptography and cryptographic protocols (multiple positions)
  • PhD candidate in symmetric cryptography and PRNGs
  • PhD position in biometry and federated identity management
  • PhD position in secure circuits for RNG and PUFs
  • Post-doctoral position in biometry and federated identity management
  • Post-doctoral position in multi party computation

General Profile and Skills required

For all the above positions the candidates must hold a Master’s Degree in engineering, mathematics or computer science, have good grades and have a keen interest in cryptography. We prefer candidates who can demonstrate that they have developed their research skills during their Master’s studies. For the postdoctoral positions a PhD degree in the relevant area is required. The candidate should also have an interest in implementation of cryptographic algorithms.

How to apply

Send following documents (in pdf) to jobs-cosic (at)

  • Curriculum Vitae
  • Motivation letter
  • List of publications
  • Relevant research experience
  • Study curriculum with rankings
  • English proficiency
  • Pdf of diploma and transcripts (translation if the original is not in Dutch, English, French or German)
  • Research propo

07:17 [Pub][ePrint] Privacy-Preserving Data Publish-Subscribe Service on Cloud-based Platforms, by Kan Yang and Xiaohua Jia and Kuan Zhang and Xuemin (Sherman) Shen

  Data publish-subscribe service is an effective approach to share and filter data. Due to the huge volume and velocity of data generated daily, cloud systems are inevitably becoming the platform for data publication and subscription. However, the privacy becomes a challenging issue as the cloud server cannot be fully trusted by both data publishers and data subscribers. In this paper, we propose a privacy-preserving data publish-subscribe service for cloud-based platforms. Specifically, we first formulate the problem of privacy-preserving data publish-subscribe service by refining its security requirements on cloud-based platforms. Then, we propose a bi-policy attribute-based encryption (BP-ABE) scheme as the underlying technique that enables the encryptor to define access policies and the decryptor to define filtering policies. Based on BP-ABE, we also propose a \\underline{P}rivacy-preserving \\underline{D}ata \\underline{P}ublish-\\underline{S}ubscribe (PDPS) scheme on cloud-based platforms, which enables the cloud server to evaluate both subscription policy and access policy in a privacy-preserving way. The security analysis and performance evaluation show that the PDPS scheme is secure in standard model and efficient in practice.

07:17 [Pub][ePrint] A Comprehensive Comparison of Shannon Entropy and Smooth Renyi Entropy, by Maciej Skorski

  We provide a new result that links two crucial entropy notions: Shannon entropy $\\mathrm{H}_1$ and collision entropy $\\mathrm{H}_2$. Our formula gives the \\emph{worst possible} amount of collision entropy in a probability distribution, when its Shannon entropy is fixed.

Our results and techniques used in the proof immediately imply

many quantitatively tight separations between Shannon and smooth Renyi entropy, which were previously known as qualitative statements or one-sided bounds. In particular, we precisely calculate the number of bits that can be extracted from a Shannon entropy source, and calculate how far from the uniform distribution is a distribution with the given amount Shannon entropy. To illustrate our results we provide clear numerical examples.

In the typical situation, when the gap between Shannon entropy of a distribution and its length is bigger than $1$, the length of the extracted sequence is very small, even if we allow the randomness quality to be poor. In the case of almost full entropy, where the gap is close to $0$, the $\\ell_2$-distance to uniform is roughly of the same order as the gap. Therefore, it is actually not possible to decide the strong quality of supposed true randomness, {efficiently and at extremely high confidence level} , by means of Shannon entropy estimators, like Maurer\'s Universal Test or others.

Our approach involves convex optimization techniques, applied to characterize worst case distributions, and the use of the Lambert $W$ function, by which we resolve equations coming from Shannon entropy constraints. We believe that it may be of independent interests and useful in studying Shannon entropy with constraints elsewhere.