International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

20:00 [PhD][New] Paul Camion

  Name: Paul Camion

19:59 [PhD][New] Khaled Ouafi: Security and Privacy in RFID Systems

  Name: Khaled Ouafi
Topic: Security and Privacy in RFID Systems
Category: cryptographic protocols

Description: This PhD thesis is concerned with authentication protocols using portable lightweight devices such as RFID tags. these devices have lately gained a significant attention for the diversity of the applications that could benefit form their features, ranging from inventory systems and building access control, to medical devices. However, the emergence of this technology has raised concerns about the possible loss of privacy carrying such tags induce in allowing tracing persons or unveiling the contents of a hidden package. This fear led to the appearance of several organizations which goal is to stop the spread of RFID tags. We take a cryptographic viewpoint on the issue and study the extent of security and privacy that RFID-based solutions can offer. In the first part of this thesis, we concentrate on analyzing two original primitives that were proposed to ensure security for RFID tags. the first one, HB#, is a dedicated authentication protocol that exclusively uses very simple arithmetic operations: bitwise AND and XOR. HB# was proven to be secure against a certain class of man-in-the-middle attacks and conjectured secure against more general ones. We show that the latter conjecture does not hold by describing a practical attack that allows an attacker to recover the tag\'s secret key. Moreover, we show that to be immune against our attack, HB#\'s secret key size has to be increased to be more than 15 000 bits. this is an unpractical value for the considered applications. We then turn to SQUASH, a message authentication code built around a public-key encryption scheme, namely Rabin\'s scheme. By mounting a practical key recovery attack on the earlier version of SQUASH, we show that the security of all versions of SQUASH is unrelated to the security of Rabin encryption function. The second part of the thesis is dedicated to the privacy aspects related to the RFID technology. We first emphasize the importance of establishing a framework that correctly captures the intu[...]

19:59 [PhD][New] Olivier Billet: Multivariate cryptology

  Name: Olivier Billet
Topic: Multivariate cryptology
Category: (no category)

19:57 [PhD][New]


19:56 [PhD][New] Jacques Patarin: Étude des générateurs de permutations pseudo-aléatoires basés sur le schéma du D.E.S.

  Name: Jacques Patarin
Topic: Étude des générateurs de permutations pseudo-aléatoires basés sur le schéma du D.E.S.
Category: secret-key cryptography

18:00 [News] Call for IACR Cryptology School Proposals


In 2014, IACR started to sponsor a small number of Cryptology Schools providing intensive training on clearly identified topics in cryptology. The aim of this program is to develop awareness and increased capacity for research in cryptology.

A Cryptology School is typically held full-time for 4-5 days of intensive learning and constitutes an efficient way to provide high-quality training for graduate students, as well as for professionals. Attendance should be open to anyone who is interested and qualified. In order to facilitate learning, a school is usually taught by a few domain experts with a focus on educating the audience rather than impressing with results. In line with the mission of IACR, a Cryptology School should enable the audience to advance the theory and practice of cryptology and related fields.

There are two rounds of submissions every year. The submission deadlines are:

  • December 31st of year X-1: For schools that take place between March of year X and February of year X + 1.
  • June 30th of year X: For schools that take place between September of year X and August of year X + 1.
Submissions must be sent by email to

For more information about this new program and how to prepare a proposal, please refer to

15:09 [Event][New] RCD 2015: 3rd Romanian Cryptology Days Conference

  Submission: 15 May 2015
Notification: 15 June 2015
From September 21 to September 23
Location: Bucharest, Romania
More Information:

05:08 [Pub][ePrint] ePrint surpasses 1000 papers in 2014

  Today is a historic day for ePrint, with our 1000th paper published in 2014. Check out the exciting new 4-digit paper IDs!

04:17 [Pub][ePrint] Cryptanalysis of Full PRIDE Block Cipher, by Yibin Dai and Shaozhen Chen

  PRIDE is a lightweight block ciphers designed by Albrecht et al., appears in CRYPTO 2014. The designers claim that the construction of linear layers is nicely in line with a bit-sliced implementation of the Sbox layer and security. In this paper, we find 8 2-round iterative related-key differential characteristics, which can be used to construct 18-round related-key differentials. Then, by discussing the function $g^{(1)}_r$, we also find 4 2-round iterative related-key differential characteristics with $\\Delta g^{(1)}_r(k_{1,2})=0x80$ and 4 2-round iterative characteristics with $\\Delta g^{(1)}_r(k_{1,2})=0x20$ which cause three weak-key classes. Based on the related-key differentials, we launch related-key differential attack on full PRIDE. The data and time complexity are $2^{39}$ chosen plaintexts and $2^{60}$ encryptions, respectively. Moreover, by using multi related-key differentials, we improve the cryptanalysis, which requires $2^{41.4}$ chosen plaintexts and $2^{44}$ encryptions, respectively. Finally, by using 17-round related-key differentials, the cryptanalysis requires $2^{34}$ plaintexts and $2^{53.7}$ encryptions. These are the first results on full PRIDE.

04:17 [Pub][ePrint] Armadillo: a compilation chain for privacy preserving applications, by Sergiu Carpov and Paul Dubrulle and Renaud Sirdey

  In this work we present Armadillo a compilation chain used for compiling applications written in a high-level language (C++) to work on encrypted data. The back-end of the compilation chain is based on homomorphic encryption. The tool-chain further automatically handle a huge amount of parallelism so as to mitigate the performance overhead of using homomorphic encryption.

04:17 [Pub][ePrint] Controlled Homomorphic Encryption: Definition and Construction, by Yvo Desmedt and Vincenzo Iovino and Giuseppe Persiano and Ivan Visconti

  Fully Homomorphic Encryption schemes (FHEs) and Functional Encryption schemes (FunctEs) have a tremendous impact in Cryptography both for the natural questions that they address and for the wide range of applications in which they have been (sometimes critically) used. In this work we put forth the notion of a Controllable Homomorphic Encryption scheme (CHES), a new primitive that includes features of both FHEs and FunctEs. In a CHES it is possible (similarly to a FHE) to homomorphically evaluate a ciphertext Ct = Enc(m) and a circuit C therefore obtaining Enc(C(m)) but only if (similarly to a FunctE) a token for C has been received from the owner of the secret key. We discuss difficulties in constructing a CHES and then show a construction based on any FunctE.