International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

07:17 [Pub][ePrint] Simple composition theorems of one-way functions -- proofs and presentations, by Jaime Gaspar and Eerke Boiten

  One-way functions are both central to cryptographic theory and a clear example of its complexity as a theory. From the aim to understand theories, proofs, and communicability of proofs in the area better, we study some small theorems on one-way functions, namely: composition theorems of one-way functions of the form \"if $f$ (or $h$) is well-behaved in some sense and $g$ is a one-way function, then $f \\circ g$ (respectively, $g \\circ h$) is a one-way function\".

We present two basic composition theorems, and generalisations of them which may well be folklore. Then we experiment with different proof presentations, including using the Coq theorem prover, using one of the theorems as a case study.

07:17 [Pub][ePrint] Fair Multiple-bank E-cash in the Standard Model, by Jiangxiao Zhang and Yanwu Gao and Chunhui Feng and Hua Guo and Zhoujun Li

  Multiple-bank e-cash (electronic cash) model allows users and merchants to open their accounts at different banks which are monitored by the Center Bank. Some multiple-bank e-cash systems were proposed in recent years. However, prior implementations of multiple-bank e-cash all require the random oracle model idealization in their security analysis. We know some schemes are secure in the random oracle model, but are trivially insecure under any instantiation of the oracle.

In this paper, based on the automorphic blind signature, the Groth-Sahai proof system and a new group blind signature, we construct a fair multiple-bank e-cash scheme. The new scheme is proved secure in the standard model and provides the following

functionalities, such as owner tracing, coin tracing, identification of the double spender and

signer tracing. In order to sign two messages at once, we extend Ghadafi\'s group blind signature to a new group blind signature. The new signature scheme may be of independent interest.

07:17 [Pub][ePrint] DTLS-HIMMO: Efficiently Securing a Post-Quantum World with a Fully-Collusion Resistant KPS, by Oscar Garcia-Morchon and Ronald Rietman and Sahil Sharma and Ludo Tolhuizen and Jose Luis Torre-Arce

  The future development of quantum-computers could turn many key agreement algorithms used in the Internet today fully insecure, endangering many applications such as online banking, e-commerce, e-health, etc. At the same time, the Internet is further evolving to enable the Internet of Things (IoT) in which billions of devices

deployed in critical applications like healthcare, smart cities

and smart energy are being connected to the Internet. The IoT not only requires strong and quantum-secure security, as current Internet applications, but also efficient operation. The recently introduced HIMMO scheme enables lightweight identity-based key sharing and verification of credentials in a non-interactive way. The collusion resistance properties of HIMMO enable direct secure communication between any pair of Internet-connected devices. The facts that attacking HIMMO requires lattice techniques and that it is extremely lightweight make HIMMO an ideal lightweight approach for key agreement and information verification in a post-quantum world.

Building on the HIMMO scheme, this paper firstly shows how HIMMO can be efficiently implemented even in resource-constrained devices enabling combined key agreement and credential verification one order of magnitude more efficiently than using ECDH-ECDSA, while being

quantum secure. We further explain how HIMMO helps to secure the Internet and IoT by introducing the DTLS- HIMMO operation mode. DTLS, the datagram version of TLS, is becoming the standard security protocol in the IoT, however, it is very frequently discussed that it does not offer the right performance for IoT scenarios. Our design,

implementation, and evaluation show that DTLS-HIMMOoperation mode achieves the security properties of DTLS Certificate security suite while being quantum secure and exhibiting the overhead of symmetric-key primitives.

07:10 [Event][New] SAC'15: Selected Areas in Cryptography 2015

  Submission: 25 May 2015
Notification: 6 July 2015
From August 12 to August 14
Location: Sackville, Canada
More Information:

16:41 [PhD][Update] Olivier Billet: Cryptologie multivariable

  Name: Olivier Billet
Topic: Cryptologie multivariable
Category:(no category)

15:29 [Event][New] C2SI-berger2015: International Conference in "Codes, Cryptology and Information Security"

  Submission: 31 January 2015
Notification: 15 March 2015
From May 26 to May 28
Location: Rabat, Morocco
More Information:

20:00 [PhD][New] Paul Camion

  Name: Paul Camion

19:59 [PhD][New] Khaled Ouafi: Security and Privacy in RFID Systems

  Name: Khaled Ouafi
Topic: Security and Privacy in RFID Systems
Category: cryptographic protocols

Description: This PhD thesis is concerned with authentication protocols using portable lightweight devices such as RFID tags. these devices have lately gained a significant attention for the diversity of the applications that could benefit form their features, ranging from inventory systems and building access control, to medical devices. However, the emergence of this technology has raised concerns about the possible loss of privacy carrying such tags induce in allowing tracing persons or unveiling the contents of a hidden package. This fear led to the appearance of several organizations which goal is to stop the spread of RFID tags. We take a cryptographic viewpoint on the issue and study the extent of security and privacy that RFID-based solutions can offer. In the first part of this thesis, we concentrate on analyzing two original primitives that were proposed to ensure security for RFID tags. the first one, HB#, is a dedicated authentication protocol that exclusively uses very simple arithmetic operations: bitwise AND and XOR. HB# was proven to be secure against a certain class of man-in-the-middle attacks and conjectured secure against more general ones. We show that the latter conjecture does not hold by describing a practical attack that allows an attacker to recover the tag\'s secret key. Moreover, we show that to be immune against our attack, HB#\'s secret key size has to be increased to be more than 15 000 bits. this is an unpractical value for the considered applications. We then turn to SQUASH, a message authentication code built around a public-key encryption scheme, namely Rabin\'s scheme. By mounting a practical key recovery attack on the earlier version of SQUASH, we show that the security of all versions of SQUASH is unrelated to the security of Rabin encryption function. The second part of the thesis is dedicated to the privacy aspects related to the RFID technology. We first emphasize the importance of establishing a framework that correctly captures the intu[...]

19:59 [PhD][New] Olivier Billet: Multivariate cryptology

  Name: Olivier Billet
Topic: Multivariate cryptology
Category: (no category)

19:57 [PhD][New]


19:56 [PhD][New] Jacques Patarin: Étude des générateurs de permutations pseudo-aléatoires basés sur le schéma du D.E.S.

  Name: Jacques Patarin
Topic: Étude des générateurs de permutations pseudo-aléatoires basés sur le schéma du D.E.S.
Category: secret-key cryptography