International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

12:56 [Job][New] Post-Doc, AIT Austrian Institute of Technology

  We are looking for a research scientist (post-doc) in cryptography with a special emphasis on topics relevant in the context of security and privacy for cloud environments. Ideally you have experience in fields like multi-party computation, distributed cryptography, rational cryptography or privacy enhancing technologies.

You will be mainly involved in a EU research project on cloud cryptography with tasks related to the design of cryptography for novel distributed information sharing systems.

  • Direct job posting:

  • Project homepage (avail. Feb. 2015):

  • AIT Safety&Security Department:

10:17 [Pub][ePrint] Type-Based Verification of Electronic Voting Protocols, by VĂ©ronique Cortier and Fabienne Eigner and Steve Kremer and Matteo Maffei and Cyrille Wiedling

  E-voting protocols aim at achieving a wide range of sophisticated security properties and, consequently, commonly employ advanced cryptographic primitives. This makes their design as well as rigorous analysis quite challenging. As a matter of fact, existing

automated analysis techniques, which are mostly based on automated

theorem provers, are inadequate to deal with commonly used

cryptographic primitives, such as homomorphic encryption and mix-nets, as well as some fundamental security properties, such as


This work presents a novel approach based on refinement type systems

for the automated analysis of e-voting protocols. Specifically, we

design a generically applicable logical theory which, based on pre-

and post-conditions for security-critical code, captures and guides

the type-checker towards the verification of two fundamental

properties of e-voting protocols, namely, vote privacy and

verifiability. We further develop a code-based cryptographic

abstraction of the cryptographic primitives commonly used in

e-voting protocols, showing how to make the underlying algebraic

properties accessible to automated verification through logical

refinements. Finally, we demonstrate the effectiveness of our

approach by developing the first automated analysis of Helios, a

popular web-based e-voting protocol, using an off-the-shelf


10:17 [Pub][ePrint] Automated Dynamic Cube Attack on Block Ciphers: Cryptanalysis of SIMON and KATAN, by Zahra Ahmadian and Sahram Rasoolzadeh and Mahmoud Salmasizadeh and Mohammad Reza Aref

  A few work has ever been performed in cryptanalysis of block ciphers using cube attacks. This paper presents a new framework for an efficient key recovery attack on block ciphers based on cube technique. In this method, a cube tester is positioned at the middle of the cipher which is extended in two directions over the maximum possible upper and lower rounds, given that some subkey bits are guessed. It is shown that an automated algorithm for this dynamic cube attack on block ciphers can be realized. Furthermore, we show its effectiveness on two lightweight block ciphers KATAN and SIMON. Our results shows that this method can break 117 and 152 out of 254 rounds of KATAN-32 in non-full-codebook and full-codebook attack scenarios, respectively. In the case of SIMON32/64, we succeed to cryptanalyse 16 and 18 out of 32 rounds, by the same scenarios. Both results show that although this method does not outperform all the existing attacks on these two ciphers, it can absolutely compete with the well-established and mature methods of cryptanalysis of block ciphers, such as linear, differential and meet in

the middle attack families.

10:17 [Pub][ePrint] Parallel (probable) lock-free HashSieve: a practical sieving algorithm for the SVP, by Artur Mariano and Thijs Laarhoven and Christian Bischof

  In this paper, we assess the practicability of HashSieve, a recently proposed sieving algorithm for the Shortest Vector Problem (SVP) on lattices, on multi-core shared memory systems. To this end, we devised a parallel implementation that scales well, and is based on a probable lock-free system to handle concurrency. The probable lock-free system, implemented with spin-locks and compare-and-swap operations, acts, likely, as a lock-free mechanism, since threads block only when strictly required and chances are that they are not required to block, because resource contention is very low. With our implementation, we were able to solve the SVP on an arbitrary lattice in dimension 96, in less than 17.5 hours, using 16 physical cores. The least squares fit of the execution times of our implementation, in seconds, lies between $2^{(0.32n-15)}$ or $2^{(0.33n-16)}$, which indicates that sieving algorithms are indeed way more practical than believed.

10:17 [Pub][ePrint] High Performance Lattice-based CCA-secure Encryption, by Rachid El~Bansarkhani and Johannes Buchmann

  Lattice-based encryption schemes still suffer from a low message throughput per ciphertext. This is mainly due to the fact that the underlying schemes do not tap the full potentials of LWE. Many constructions still follow the one-time-pad approach considering LWE instances as random vectors added to a message, most often encoded bit vectors. Recently, at Financial Crypto 2015 El Bansarkhani et al. proposed a novel encryption scheme based on the A-LWE assumption (Augmented LWE), where data is embedded into the error term without changing its target distributions. By this novelty it is possible to encrypt much more data as compared to the traditional one-time-pad approach and it is even possible to combine both concepts. In this paper we revisit this approach and propose amongst others several algebraic techniques in order to significantly improve the message throughput per ciphertext. Furthermore, we give a thorough security analysis as well as an efficient implementation of the CCA1-secure encryption scheme instantiated with the most efficient trapdoor construction. In particular, we attest that it even outperforms the CPA-secure encryption scheme from Lindner and Peikert presented at CT-RSA 2011.

15:33 [Event][New] IEEE CNS 2015: 3rd IEEE Conference on Communications and Network Security

  Submission: 24 April 2015
Notification: 29 June 2015
From September 28 to September 30
Location: Florence, Italy
More Information:

15:32 [Event][New] ARES: 10th International Conference on Availability, Reliability and Security

  Submission: 2 March 2015
Notification: 11 May 2015
From August 24 to August 28
Location: Toulouse, France
More Information:

15:31 [Event][New] ECC: Workshop on Elliptic Curve Cryptography Standards

  Submission: 15 March 2015
Notification: 10 April 2015
From June 11 to June 12
Location: Gaithersburg, USA
More Information:

10:17 [Pub][ePrint] Aggregate Pseudorandom Functions and Connections to Learning, by Aloni Cohen and Shafi Goldwasser and Vinod Vaikuntanathan

  In the first part of this work, we introduce a new type of pseudo-random function for which ``aggregate queries\'\' over exponential-sized sets can be efficiently answered. An example of an aggregate query may be the product of all function values

belonging to an exponential-sized interval, or the sum of all function values on points for which a polynomial time predicate holds. We show how to use algebraic properties of underlying

classical pseudo random functions, to construct aggregatable pseudo random functions for a number of classes of aggregation queries under cryptographic hardness assumptions. On the flip side, we show that certain aggregate queries are impossible to support.

In the second part of this work, we show how various extensions of pseudo-random functions considered recently in the cryptographic literature, yield impossibility results for various extensions of machine learning models, continuing a line of investigation originated by Valiant and Kearns in the 1980s and 1990s. The extended pseudo-random functions we address include constrained pseudo random functions, aggregatable pseudo random functions, and pseudo random functions secure under related-key attacks.

19:17 [Pub][ePrint] On the Security of Fresh Re-keying to Counteract Side-Channel and Fault Attacks, by Christoph Dobraunig and Maria Eichlseder and Stefan Mangard and Florian Mendel

  At AFRICACRYPT 2010 and CARDIS 2011, fresh re-keying schemes to counter side-channel and fault attacks were introduced. The idea behind those schemes is to shift the main burden of side-channel protection to a re-keying function $g$ that is easier to protect than the main block cipher. This function produces new session keys based on the secret master key and random nonces for every block of message that is encrypted. In this paper, we present a generic chosen-plaintext key-recovery attack on both fresh re-keying schemes. The attack is based on two observations: Since session key collisions for the same message are easy to detect, it is possible to recover one session key with a simple time-memory trade-off strategy; and if the re-keying function is easy to invert (such as the suggested multiplication constructions), the attacker can use the session key to recover the master key. The attack has a complexity of about $2 \\cdot 2^{n/2}$ (instead of the expected $2^n$) for an $n$-bit key. For the typically employed block cipher AES-128, this would result in a key-recovery attack complexity of only $2^{65}$. If weaker primitives like 80-bit PRESENT are used, even lower attack complexities are possible.

19:17 [Pub][ePrint] Suit up! Made-to-Measure Hardware Implementations of Ascon, by Hannes Gro{\\ss} and Erich Wenger and Christoph Dobraunig and Christoph Ehrenh{\\\"o}fer

  Having ciphers that provide confidentiality and authenticity, that are fast in software and efficient in hardware, these are the goals of the CAESAR authenticated encryption competition. In this paper, the promising CAESAR candidate Ascon is implemented in hardware and optimized for different typical applications to fully explore Ascon\'s design space. Thus, we are able to present hardware implementations of Ascon suitable for RFID tags, Wireless Sensor Nodes, Embedded Systems, and applications that need maximum performance. For instance, we show that an Ascon implementation with a single unrolled round transformation is only 7 kGE large, but can process up to 5.5 Gbit/sec of data (0.75 cycles/byte), which is already enough to encrypt a Gigabit Ethernet connection. Besides, Ascon is not only fast and small, it can also be easily protected against DPA attacks. A threshold implementation of Ascon just requires about 8 kGE of chip area, which is only 3.1 times larger than the unprotected low-area optimized implementation.