International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

10:17 [Pub][ePrint] Reliable Information Extraction for Single Trace Attacks, by Valentina Banciu and Elisabeth Oswald and Carolyn Whitnall

  Side-channel attacks using only a single trace crucially

rely on the capability of reliably extracting side-channel

information (e.g. Hamming weights of intermediate target values)

from traces. In particular, in original versions of simple power

analysis (SPA) or algebraic side channel attacks (ASCA) it was

assumed that an adversary can correctly extract the Hamming

weight values for all the intermediates used in an attack. Recent

developments in error tolerant SPA style attacks relax this

unrealistic requirement on the information extraction and bring

renewed interest to the topic of template building or training

suitable machine learning classifiers.

In this work we ask which classifiers or methods, if any, are

most likely to return the true Hamming weight among their first

(say $s$) ranked outputs. We experiment on two data sets with

different leakage characteristics. Our experiments show that the

most suitable classifiers to reach the required performance for

pragmatic SPA attacks are Gaussian templates, Support Vector

Machines and Random Forests, across the two data sets that we

considered. We found no configuration that was able to satisfy

the requirements of an error tolerant ASCA in case of complex


10:17 [Pub][ePrint] On the concrete hardness of Learning with Errors, by Martin R. Albrecht and Rachel Player and Sam Scott

  The Learning with Errors (LWE) problem has become a central building block of modern cryptographic constructions. This work collects and presents hardness results for concrete instances of LWE. In particular, we discuss algorithms proposed in the literature and give the expected resources required to run them. We consider both generic instances of LWE as well as small secret variants. Since for several methods of solving LWE we require a lattice reduction step, we also review lattice reduction algorithms and propose a refined model for estimating their running times. We also give concrete estimates for various families of LWE instances, provide a Sage module for computing these estimates and highlight gaps in the knowledge about algorithms for solving the Learning with Errors problem.

09:23 [Event][New] GenoPri'15: 2nd International Workshop on Genome Privacy and Security

  Submission: 25 January 2015
Notification: 22 February 2015
From May 21 to May 21
Location: San Jose, USA
More Information:

12:56 [Job][New] Post-Doc, AIT Austrian Institute of Technology

  We are looking for a research scientist (post-doc) in cryptography with a special emphasis on topics relevant in the context of security and privacy for cloud environments. Ideally you have experience in fields like multi-party computation, distributed cryptography, rational cryptography or privacy enhancing technologies.

You will be mainly involved in a EU research project on cloud cryptography with tasks related to the design of cryptography for novel distributed information sharing systems.

  • Direct job posting:

  • Project homepage (avail. Feb. 2015):

  • AIT Safety&Security Department:

10:17 [Pub][ePrint] Type-Based Verification of Electronic Voting Protocols, by VĂ©ronique Cortier and Fabienne Eigner and Steve Kremer and Matteo Maffei and Cyrille Wiedling

  E-voting protocols aim at achieving a wide range of sophisticated security properties and, consequently, commonly employ advanced cryptographic primitives. This makes their design as well as rigorous analysis quite challenging. As a matter of fact, existing

automated analysis techniques, which are mostly based on automated

theorem provers, are inadequate to deal with commonly used

cryptographic primitives, such as homomorphic encryption and mix-nets, as well as some fundamental security properties, such as


This work presents a novel approach based on refinement type systems

for the automated analysis of e-voting protocols. Specifically, we

design a generically applicable logical theory which, based on pre-

and post-conditions for security-critical code, captures and guides

the type-checker towards the verification of two fundamental

properties of e-voting protocols, namely, vote privacy and

verifiability. We further develop a code-based cryptographic

abstraction of the cryptographic primitives commonly used in

e-voting protocols, showing how to make the underlying algebraic

properties accessible to automated verification through logical

refinements. Finally, we demonstrate the effectiveness of our

approach by developing the first automated analysis of Helios, a

popular web-based e-voting protocol, using an off-the-shelf


10:17 [Pub][ePrint] Automated Dynamic Cube Attack on Block Ciphers: Cryptanalysis of SIMON and KATAN, by Zahra Ahmadian and Sahram Rasoolzadeh and Mahmoud Salmasizadeh and Mohammad Reza Aref

  A few work has ever been performed in cryptanalysis of block ciphers using cube attacks. This paper presents a new framework for an efficient key recovery attack on block ciphers based on cube technique. In this method, a cube tester is positioned at the middle of the cipher which is extended in two directions over the maximum possible upper and lower rounds, given that some subkey bits are guessed. It is shown that an automated algorithm for this dynamic cube attack on block ciphers can be realized. Furthermore, we show its effectiveness on two lightweight block ciphers KATAN and SIMON. Our results shows that this method can break 117 and 152 out of 254 rounds of KATAN-32 in non-full-codebook and full-codebook attack scenarios, respectively. In the case of SIMON32/64, we succeed to cryptanalyse 16 and 18 out of 32 rounds, by the same scenarios. Both results show that although this method does not outperform all the existing attacks on these two ciphers, it can absolutely compete with the well-established and mature methods of cryptanalysis of block ciphers, such as linear, differential and meet in

the middle attack families.

10:17 [Pub][ePrint] Parallel (probable) lock-free HashSieve: a practical sieving algorithm for the SVP, by Artur Mariano and Thijs Laarhoven and Christian Bischof

  In this paper, we assess the practicability of HashSieve, a recently proposed sieving algorithm for the Shortest Vector Problem (SVP) on lattices, on multi-core shared memory systems. To this end, we devised a parallel implementation that scales well, and is based on a probable lock-free system to handle concurrency. The probable lock-free system, implemented with spin-locks and compare-and-swap operations, acts, likely, as a lock-free mechanism, since threads block only when strictly required and chances are that they are not required to block, because resource contention is very low. With our implementation, we were able to solve the SVP on an arbitrary lattice in dimension 96, in less than 17.5 hours, using 16 physical cores. The least squares fit of the execution times of our implementation, in seconds, lies between $2^{(0.32n-15)}$ or $2^{(0.33n-16)}$, which indicates that sieving algorithms are indeed way more practical than believed.

10:17 [Pub][ePrint] High Performance Lattice-based CCA-secure Encryption, by Rachid El~Bansarkhani and Johannes Buchmann

  Lattice-based encryption schemes still suffer from a low message throughput per ciphertext. This is mainly due to the fact that the underlying schemes do not tap the full potentials of LWE. Many constructions still follow the one-time-pad approach considering LWE instances as random vectors added to a message, most often encoded bit vectors. Recently, at Financial Crypto 2015 El Bansarkhani et al. proposed a novel encryption scheme based on the A-LWE assumption (Augmented LWE), where data is embedded into the error term without changing its target distributions. By this novelty it is possible to encrypt much more data as compared to the traditional one-time-pad approach and it is even possible to combine both concepts. In this paper we revisit this approach and propose amongst others several algebraic techniques in order to significantly improve the message throughput per ciphertext. Furthermore, we give a thorough security analysis as well as an efficient implementation of the CCA1-secure encryption scheme instantiated with the most efficient trapdoor construction. In particular, we attest that it even outperforms the CPA-secure encryption scheme from Lindner and Peikert presented at CT-RSA 2011.

15:33 [Event][New] IEEE CNS 2015: 3rd IEEE Conference on Communications and Network Security

  Submission: 24 April 2015
Notification: 29 June 2015
From September 28 to September 30
Location: Florence, Italy
More Information:

15:32 [Event][New] ARES: 10th International Conference on Availability, Reliability and Security

  Submission: 2 March 2015
Notification: 11 May 2015
From August 24 to August 28
Location: Toulouse, France
More Information:

15:31 [Event][New] ECC: Workshop on Elliptic Curve Cryptography Standards

  Submission: 15 March 2015
Notification: 10 April 2015
From June 11 to June 12
Location: Gaithersburg, USA
More Information: