International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

04:17 [Pub][ePrint] First Experimental Result of Power Analysis Attacks on a FPGA Implementation of LEA, by Yongdae Kim and Hyunsoo Yoon

  The lightweight encryption algorithm (LEA) is a 128-bit block cipher introduced in 2013. It is based on Addition, rotation, XOR operations for 32-bit words. Because of its structure,it is useful for several devices to achieve a high speed of encryption and low-power consumption.However, side-channel attacks on LEA implementations have not been examined.In this study, we perform a power analysis attack on LEA. We implemented LEA with 128-bit key size on FPGA in a straightforward manner. Our experimental results show that we can successfully retrieve a 128-bit master key by attacking a first round encryption.

04:17 [Pub][ePrint] Complete Characterization of Fairness in Secure Two-Party Computation of Boolean Functions, by Gilad Asharov and Amos Beimel and Nikolaos Makriyannis and Eran Omri

  Fairness is a desirable property in secure computation; informally it means that if one party gets the output of the function, then all parties get the output.

Alas, an implication of Cleve\'s result (STOC 86) is that when there is no honest majority, in particular in the important case of the two-party setting, there exist

functions that cannot be computed with fairness. In a surprising result, Gordon et al.\\ (JACM 2011) showed that some interesting functions can be computed with fairness in the two-party setting, and re-opened the question of understanding which Boolean functions can be computed with fairness, and which cannot.

Our main result in this work is a complete characterization of the (symmetric)

Boolean functions that can be computed with fairness in the two-party setting; this settles an open problem of Gordon et al. The characterization is quite simple: A function can be computed with fairness \\emph{if and only if} the all one-vector or the all-zero vector are in the affine span of either the rows or the columns of the matrix describing the function. This is true for both deterministic and randomized functions. To prove the possibility result, we modify the protocol of Gordon et al.\\ (JACM 2011); the resulting protocol computes with full security (and in particular with fairness) all functions that are computable with fairness.

We extend the above result in two directions. First, we completely characterize the Boolean functions that can be computed with fairness in the multiparty case, when the number of parties is constant and at most half of the parties can be malicious.

Second, we consider the two-party setting with asymmetric Boolean functionalities, that is, when the output of each party is one bit, but the outputs are not necessarily the same. We generalize our aforementioned protocol for symmetric functions to handle asymmetric functions, and obtain a sufficient condition for computing such functions with fairness. In addition, we provide a necessary condition for fairness; however, a gap is left between these two conditions.

We then consider a specific asymmetric function in this gap area, and by designing a new protocol, we show that it is computable with fairness. However, we do not give a complete characterization for all functions that lie in this gap, and their classification remains open.

04:17 [Pub][ePrint] Robustly Secure Two-Party Authenticated Key Exchange from Ring-LWE, by Xiaopeng Yang, Wenping Ma and Chengli Zhang

  Using the hard assumption of Ring-Decision Learning With Errors (DLWE) in the lattice, we propose a new authenticated key exchange (AKE) scheme which is based on Peikert\'s reconciliation technique. Under the CK model, the proposed scheme is provably secure. Compared with the traditional Diffie-Hellman (DH) authenticated key exchange (AKE) schemes, the proposed scheme not only has better efficiency and

stronger security but also resists quantum attacks because of the hard assumption on lattice problem. The comparisons between Ring-LWE based ones shows that the proposed scheme protects the shared session key with balanced key derivation function (KDF) compared with those current AKE schemes from LWE.

04:17 [Pub][ePrint] Experiments in Encrypted and Searchable Network Audit Logs , by Bhanu Prakash Gopularam and Sashank Dara and Nalini N

  We consider the scenario where a consumer can securely outsource their network telemetry data to a Cloud Service Provider and enable a third party to audit such telemetry for any security forensics. Especially we consider the use case of privacy preserving search in network log audits. In this paper we experiment with advances in Identity Based Encryption and Attribute-Based encryption schemes for auditing network logs.

04:17 [Pub][ePrint] COFFE: Ciphertext Output Feedback Faithful Encryption, by Christian Forler and David McGrew and Stefan Lucks and Jakob Wenzel

  In this paper we introduce the first authenticated encryption scheme

based on a hash function, called COFFE. This research has been

motivated by the challenge to fit secure cryptography into constrained

devices -- some of these devices have to use a hash function, anyway,

and the challenge is to avoid the usage of an additional block cipher

to provide authenticated encryption. COFFE satisfies the common

security requirements regarding authenticated encryption, i.e., IND-CPA-

and INT-CTXT-security. Beyond that, it provides the following

additional security features: resistance against side-channel attacks

and INT-CTXT security in the nonce-misuse scenario. It also support

failure-friendly authentication under reasonable assumptions.

04:17 [Pub][ePrint] CONIKS: A Privacy-Preserving Consistent Key Service for Secure End-to-End Communication, by Marcela S. Melara and Aaron Blankstein and Joseph Bonneau and Michael J. Freedman and Edward W. Felten

  Recent revelations about government surveillance have significantly

increased the demand for end-to-end secure communications. However, key management remains a major barrier to adoption. Current

systems are often either vulnerable to a malicious or coerced key directory or they make unrealistic assumptions about user behavior,

for example, that users will verify key fingerprints out of band.

We present CONIKS, a system that provides automated key management for end users capable of seamless integration into existing secure messaging applications. In CONIKS, key servers maintain consistent directories of username-to-public key bindings that

allow participants to detect any equivocation or unexpected key

changes by malicious key servers. CONIKS also preserves user\'s

privacy by ensuring that adversaries cannot harvest large numbers

of usernames from the directories. Our prototype chat application

extends the Off-the-Record Messaging plug-in for Pidgin. A single

commodity server can support up to 10 million users and clients

need only download less than 100 kB per day of additional data.

02:07 [PhD][Update] Vijayakrishnan Pasupathinathan: Hardware-based Identification and Authentication Systems

  Name: Vijayakrishnan Pasupathinathan
Topic: Hardware-based Identification and Authentication Systems

Description: The digitisation of the traditional brick-and-mortar applications has increased our dependence on computing systems. It has also led to an increased usage of such systems, to store and transact, sensitive personal and financial information. The failure to secure such information adequately has resulted in identity theft, credit fraud and related crimes. The lack of protection offered by software-only solutions has led to the development of new security mechanisms, designed using an intermediate hardware device. Such hardware-based security solutions are playing a vital role in many applications that aim to provide security and privacy; this makes it important to study, and solve security issues that arise during the design and implementation of such security solutions. This PhD thesis presents the results of our analysis and design of cryptographic protocols used to construct hardware-based secure systems. In this thesis, we first analyse the security of the passive hardware devices. Standard cryptographic primitives though provide strong security; they are demanding with respect to, power consumption, memory size and circuitry design, thus making them unsuitable for the design of security solutions for passive devices. To illustrate, we consider an application of passive devices in the supply chain and product identification, and provide a security analysis of the EPC Gen2 standard. To resolve the weaknesses identified, we propose an EPC Gen2 compliant authentication protocol that provides locational privacy. We then examine the use of hardware devices in identity documents, where the device capabilities are comparable to those of the semi-passive devices. Here, we consider two recent proposals for electronic passports that rely on hardware-based security. We provide a security analysis of the ICAO first-generation ePassport standard and the EU's proposal for a second generation of ePassports. Resolving the weaknesses identified, we outline our proposal for a[...]

02:05 [PhD][Update] Mike Rosulek: The Structure of Secure Multi-Party Computation

  Name: Mike Rosulek
Topic: The Structure of Secure Multi-Party Computation

Description: Secure multi-party computation is a conceptual framework in which distrusting parties engage in a protocol to securely perform a computational task. Depending on the precise model of security, different sets of tasks admit secure protocols. We take a complexity-theoretic approach to studying the inherent difficulty of securely realizing tasks in various standard security models.
  • We give the first alternate characterization of secure realizability in the framework of universally composable (UC) security. This is the first characterization in any model to consider completely arbitrary computational tasks and completely arbitrary communication channels.
  • The most long-standing class of computational tasks studied are those in which two parties evaluate a deterministic function. For these tasks, we give the first complete, combinatorial characterizations of secure realizability in the passive, standalone, and universally composable security models, against computationally unbounded adversaries.
  • Say that a task \G has ``as much cryptographic complexity'' as another task \F if there is a secure protocol for \F that uses access to a secure implementation of \G. We show that there is an infinite hierarchy of tasks with strictly increasing cryptographic complexities, with respect to computationally unbounded security. We also show that there exist tasks whose cryptographic complexities are incomparable.
  • In contrast, we show that under a standard cryptographic assumption, there exist only two distinct levels of cryptographic complexity with respect to polynomial-time security. Every task either has a trivial protocol using plain communication channels, or is complete (i.e., given access to a secure implementation of this task, there are secure protocols for all other tasks). This is the first result to derive [...]

19:53 [Job][New] Assistant Professor in Computer Science with Specialization in Computer Security, KTH Royal Institute of Technology


The Department of Theoretical Computer Science (the TCS group) at the School of Computer Science and Communication (CSC) invites applications for a full-time tenure-track assistant professor in Computer Science with specialization in Computer Security, starting in the second half of 2015.

The TCS group has a strong academic record and good external funding from EU and national sources. There is active research in foundational topics such as complexity theory, logic, and formal methods, as well as more applied ones such as computer security, cryptography, programming languages, databases, natural languages, and computer science education. Within computer security, research topics include software security and secure execution platforms, network security and privacy preserving computation, and cryptography, in particular in the foundations of electronic voting.

For more information about KTH, the CSC school, and the TCS group visit,,

For full information about the position, requirements, and the application procedure visit

19:07 [Job][New] PhD Student, Worcester Polytechnic Institute, United States

  The Vernam Lab at WPI in Worcester, MA has two open PhD positions in applied cryptography and side channel analysis.

Candidates should have a degree in electronics, computer science or applied mathematics, with strong interest in algorithms and signal processing. Prior experience in side channel analysis and embedded software or hardware design is an asset.

We offer a competitive salary and an international cutting-edge research program in an attractive working environment. WPI is one of the highest-ranked technical colleges in the US. Located in the greater Boston area, it maintains close interaction with many of the nearby universities and companies.

17:15 [Job][New] Post-Doc, Université Libre de Bruxelles

  Applications are invited for a three-years Post-Doc position in the Quality and Computer Security research Lab ( of the Université Libre de Bruxelles.

In the framework of a research project in machine learning and computer security and in collaboration with the Machine Learning Group of the Université Libre de Bruxelles and the Machine Learning Group of the Université Catholique de Louvain, the successful applicant will work on the use of machine learning techniques in the design of secure architectures.