International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

10:17 [Pub][ePrint] A linear attack on Kahrobaei-Lam-Shpilrain key exchange protocol, by Jintai Ding, Alexei Miasnikov, Alexander Ushakov

  In this paper we analyze the Kahrobaei-Lam-Shpilrain (KLS) key

exchange protocols that use extensions by endomorpisms of matrices over a Galois field

proposed in 2014.

We show that both protocols are vulnerable to a simple linear algebra attack.

10:17 [Pub][ePrint] Strongly-Optimal Structure Preserving Signatures from Type II Pairings: Synthesis and Lower Bounds, by Gilles Barthe and Edvard Fagerholm and Dario Fiore and Andre Scedrov and Benedikt Schmidt and Meh

  Recent work on structure-preserving signatures studies optimality of these schemes in terms of the number of group elements needed in the verification key and the signature, and the number of pairing-product equations in the verification algorithm. While the size of keys and signatures is crucial for many applications, another important aspect to consider for performance is the time it takes to verify a given signature. By far, the most expensive operation during verification is the computation of pairings. However, the concrete number of pairings that one needs to compute is not captured by the number of pairing-product equations considered in earlier work.

To fill this gap, we consider the question of what is the minimal number of pairings that one needs to compute in the verification of structure-preserving signatures. First, we prove lower bounds for schemes in the Type~II setting that are secure under chosen message attacks in the generic group model, and we show that three pairings are necessary and that at most one of these pairings can be precomputed. We also extend our lower bound proof to schemes secure under random message attacks and show that in this case two pairings are still necessary. Second, we build an automated tool to search for schemes matching our lower bounds. The tool can generate automatically and exhaustively all valid structure-preserving signatures within a user-specified search space, and analyze their (bounded) security in the generic group model. Interestingly, using this tool, we find a new randomizable structure-preserving signature scheme in the Type~II setting that is optimal with respect to the lower bound on the number of pairings, and also minimal with respect to the number of group operations that have to be computed during verification.

10:17 [Pub][ePrint] Simpler Efficient Group Signatures from Lattices, by Phong Q. Nguyen and Jiang Zhang and Zhenfeng Zhang

  A group signature allows a group member to anonymously sign messages on behalf of the group. In the past few years, new group signatures

based on lattice problems have appeared: the most efficient lattice-based constructions are due to Laguillaumie {\\it et al.} (Asiacrypt \'13)

and Langlois {\\it et al.} (PKC \'14). Both have at least $O(n^2\\log^2 n \\log N)$-bit group public key and $O(n\\log^3 n\\log N)$-bit signature,

where $n$ is the security parameter and $N$ is the maximum number of group members. In this paper, we present a simpler lattice-based group signature, which is more efficient by a $O(\\log N)$ factor in both the group public key and the signature size. We achieve this by using a new non-interactive zero-knowledge (NIZK) proof corresponding to a simple identity-encoding function.

The security of our group signature can be reduced to the hardness of SIS and LWE in the random oracle model.

10:17 [Pub][ePrint] Non-Malleable Condensers for Arbitrary Min-Entropy, and Almost Optimal Protocols for Privacy Amplification, by Xin Li

  Recently, the problem of privacy amplification with an active adversary has received a lot of attention. Given a shared $n$-bit weak random source $X$ with min-entropy $k$ and a security parameter $s$, the main goal is to construct an explicit 2-round privacy amplification protocol that achieves entropy loss $O(s)$. Dodis and Wichs \\cite{DW09} showed that optimal protocols can be achieved by constructing explicit \\emph{non-malleable extractors}. However, the best known explicit non-malleable extractor only achieves $k=0.49n$ \\cite{Li12b} and evidence in \\cite{Li12b} suggests that constructing explicit non-malleable extractors for smaller min-entropy may be hard. In an alternative approach, Li \\cite{Li12} introduced the notion of a non-malleable condenser and showed that explicit non-malleable condensers also give optimal privacy amplification protocols.

In this paper, we give the first construction of non-malleable condensers for arbitrary min-entropy. Using our construction, we obtain a 2-round privacy amplification protocol with optimal entropy loss for security parameter up to $s=\\Omega(\\sqrt{k})$. This is the first protocol that simultaneously achieves optimal round complexity and optimal entropy loss for arbitrary min-entropy $k$. We also generalize this result to obtain a protocol that runs in $O(s/\\sqrt{k})$ rounds with optimal entropy loss, for security parameter up to $s=\\Omega(k)$. This significantly improves the protocol in \\cite{ckor}. Finally, we give a better non-malleable condenser for linear min-entropy, and in this case obtain a 2-round protocol with optimal entropy loss for security parameter up to $s=\\Omega(k)$, which improves the entropy loss and communication complexity of the protocol in \\cite{Li12b}.

10:17 [Pub][ePrint] TMSUI: A Trust Management Scheme of USB Storage Devices for Industrial Control Systems, by Bo Yang and Dengguo Feng and Yu Qin and Yingjun Zhang and Weijin Wang

  The security of sensitive data and the safety of control signal are two core issues in industrial control system (ICS). However, the prevalence of USB storage devices brings a great challenge on protecting ICS in those respects. Unfortunately, there is currently no solution especially for ICS to provide a complete defense against data transmission between untrusted USB storage devices and critical equipment without forbidding normal USB device function. This paper proposes a trust management scheme of USB storage devices for ICS (TMSUI). By fully considering the background of application scenarios, TMSUI is designed based on security chip to achieve authoring a certain USB storage device to only access some exact protected terminals in ICS for a particular period of time. The issues about digital forensics and revocation of authorization are discussed. The prototype system is nally implemented and the evaluation on it indicates that TMSUI eectively meets the security goals with high compatibility and good performance.

10:17 [Pub][ePrint] Multilinear Maps Using Ideal Lattices without Encodings of Zero, by Gu Chunsheng

  Recently, Garg, Gentry and Halevi (GGH) described the first candidate multilinear maps using ideal lattices. However, there exists zeroizing attack in the GGH construction. We first describe an improved construction of multilinear maps from ideal lattices, by multiplying matrices on both sides of the level-1 encoding of non-zero element. The security of our construction depends upon new hardness assumption, which is seemingly closely related to hardness problems of lattices. Then, we describe an asymmetric construction to avoid any nontrivial encoding of zero. Using our constructions over polynomial ring instead of integer ring, we implement one-round multipartite Diffie-Hellman key exchange protocol to decrease the public parameter size.

10:17 [Pub][ePrint] Non-Abelian Analogs of Lattice Rounding, by Evgeni Begelfor and Stephen D. Miller and Ramarathnam Venkatesan

  Lattice rounding in Euclidean space can be viewed as finding the nearest point in the orbit of an action by a discrete group, relative to the norm inherited from the ambient space. Using this point of view, we initiate the study of non-abelian analogs of lattice rounding involving matrix groups. In one direction, we give an algorithm for solving a normed word problem when the inputs are random products over a basis set, and give theoretical justification for its success. In another direction, we prove a general inapproximability result which essentially rules out strong approximation algorithms (i.e., whose approximation factors depend only on dimension) analogous to LLL in the general case.

09:21 [Event][New] ICCC 2015: International Conference on Coding and Cryptography

  Submission: 10 July 2015
Notification: 1 October 2015
From November 2 to November 5
Location: Algiers, Algeria
More Information:

22:17 [Forum] [2014 Reports] 2014/728 Unpicking PLAID response - Nit-Picking PLAID by Graeme.Freedman

  See the following link for the Nit-Picking PLAID response to this Paper From: 2014-27-11 22:00:58 (UTC)

22:17 [Forum] [2014 Reports] Re: 2014/728 Unpicking PLAID response - Nit-Picking PLAID by tommaso.gagliardoni

  On behalf of the "Unpicking PLAID" research team, I would like to point out that our response to this report is available from: This response expresses our viewpoint on that report, rectifying some misrepresented facts and countering false allegations. In particular (but not limited to): 1) The author(s) of the report seem to consistently confuse the mere lack of known attacks with a proof of security. 2) They argue about a lack of a formal definition of privacy in our work and digress into musing about an Oxford dictionary definition of privacy. Our paper, however, allows the reader to easily infer what our attacks against the ISO standard achieve: tracing cards across executions, and identifying the supported key set of a card. None of these attacks should be possible according to PLAID\'s own claims of privacy. 3) They try to minimise the impact of our attacks, based on the availability of CPLC data, implying that CPLC data is anyway always available even in privacy-sensitive scenarios - which is incorrect. Furthermore, they completely ignore our fingerprinting attack on key sets, and focus only on the RSA fingerprinting attack. 4) They credit us for claims which we never made, and misrepresent the timeline and references in our paper. Finally, we wish to remark that the personal email correspondence with Professors Fischlin and Paterson, linked to in Annex A of the project editor\'s report, was published without their consent. We consider the situation to be self-explanatory, and encourage readers to draw their own conclusions. Sincerely, The "Unpicking PLAID" team. From: 2015-08-01 09:52:28 (UTC)

00:14 [Job][New] Lecturer, University of Wollongong


• School of Computer Science and Software Engineering

• Full Time, Fixed Term (3 year) Appointment

• Level B

• Ref No: 25277

The School is one of leading computing schools in Australia. It conducts research in a number of thematic areas including Intelligent Systems, Software Engineering, Computer and Information Security, Visual Information Processing and Multimedia Content Management.

The School of Computer Science and Software Engineering is one of seven Schools with the Faculty of Engineering and Information Sciences. It delivers a full range of quality courses, both onshore and offshore (Dubai, Singapore, Malaysia), ranging from undergraduate Bachelor’s degrees, through Coursework and Research Masters to PhD.

This position will teach and coordinate subjects in the School at undergraduate and postgraduate level; contribute to the research in information security and cryptography and supervise research students. You will work closely with the Head of School and other staff on the introduction, revision and maintenance of undergraduate and postgraduate subjects.

To apply for this position you will need to address the selection criteria as part of your application which is located within the position description below.

Apply online: