International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

23:16 [Event][New] C2SI-Berger2015: International Conference in Codes, Cryptology and Information Security

  Submission: 15 February 2015
Notification: 15 March 2015
From May 26 to May 28
Location: Rabat, Morocco
More Information: http://

13:17 [Pub][ePrint] Verified Proofs of Higher-Order Masking, by Gilles Barthe and Sonia Bela\\\"id and Fran\\c{c}ois Dupressoir and Pierre-Alain Fouque and Benjamin Gr\\\'egoire and Pierre-Yves Strub

  In this paper, we study the problem of automatically verifying higher-order masking countermeasures. This problem is important in practice (weaknesses have been discovered in schemes that were thought secure), but is inherently exponential: for $t$-order masking, it involves proving that every subset of $t$ intermediate variables is distributed independently of the secrets. Some type systems have been proposed to help cryptographers check their proofs, but many of these approaches are insufficient for higher-order implementations.

We propose a new method, based on program verification techniques, to check the independence of sets of intermediate variables from some secrets. Our new language-based characterization of the problem also allows us to design and implement several algorithms that greatly reduce the number of sets of variables that need to be considered to prove this independence property on \\emph{all} valid adversary observations. The result of these algorithms is either a proof of security or a set of observations on which the independence property cannot be proved. We focus on AES implementations to check the validity of our algorithms. We also confirm the tool\'s ability to give useful information when proofs fail, by rediscovering existing attacks and discovering new ones.

13:17 [Pub][ePrint] More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries, by Gilad Asharov and Yehuda Lindell and Thomas Schneider and Michael Zohner

  Oblivious transfer (OT) is one of the most fundamental primitives in cryptography and is widely used in protocols for secure two-party and multi-party computation. As secure computation becomes more practical, the need for practical large scale oblivious transfer protocols is becoming more evident. Oblivious transfer extensions are protocols that enable a relatively small number of \"base-OTs\" to be utilized to compute a very large number of OTs at low cost. In the semi-honest setting, Ishai et al. (CRYPTO 2003) presented an OT extension protocol for which the cost of each OT (beyond the base-OTs) is just a few hash function operations. In the malicious setting, Nielsen et al. (CRYPTO 2012) presented an efficient OT extension protocol for the setting of active adversaries, that is secure in the random oracle model.

In this work, we present an OT extension protocol for the setting of malicious adversaries that is more efficient and uses less communication than previous works. In addition, our protocol can be proven secure in both the random oracle model, and in the standard model with a type of correlation robustness. Given the importance of OT in many secure computation protocols, increasing the efficiency of OT extensions is another important step forward to making secure computation practical.

13:17 [Pub][ePrint] Evaluation and Cryptanalysis of the Pandaka Lightweight Cipher, by Yuval Yarom and Gefei Li and Damith C. Ranasinghe

  There is a growing need to develop lightweight cryptographic primitives suitable for resource-constrained devices permeating in increasing numbers into the fabric of life. Such devices are exemplified none more so than by batteryless radio frequency identification (RFID) tags in applications ranging from automatic identification and monitoring to anti-counterfeiting. Pandaka is a lightweight cipher together with a protocol proposed in INFOCOM 2014 for extremely resource limited RFID tags. It is designed to reduce the hardware cost (area of silicon) required for implementing the cipher by shifting the computationally intensive task of cryptographically secure random number generation to the reader. In this paper we evaluate Pandaka and demonstrate that the communication protocol contains flaws which completely break the security of the cipher and make Pandaka susceptible to de-synchronisation. Furthermore, we show that, even without the protocol flaws, we can use a guess and determine method to mount an attack on the cipher for the more challenging scenario of a known-plaintext attack with an expected complexity of only $2^{55}$. We conclude that Pandaka needs to be amended and highlight simple measures to prevent the above attacks.

02:35 [Event][New] Cyber Security in the Critical Infrastructure: Advances and Future Direction

  Submission: 31 August 2015
From January 1 to August 31
More Information:

02:28 [Event][New] Cloud Cryptography: State of the Art and Recent Advances

  Submission: 1 May 2015
Notification: 1 October 2015
From January 1 to May 1
More Information:

23:57 [Job][New] 1 PhD student, 2 Postdocs , Graz University of Technology

  Graz University of Technology employs about 60 researchers in the area of information security. We are currently expanding our research team and we are looking for two postdocs and one PhD student in the following fields of research:

  • Leakage-resilient cryptography
  • Side-channel and fault attacks
  • System security
  • Secure processor design
  • Verification tools and compilers for security

In case you are interested in pursuing a PhD in one of the fields or in joining our team as a postdoc, please send an application by email to Stefan Mangard.

The application should include a curriculum vitae, a statement of motivation, a transcript of records as well as names and email addresses of two persons that can provide references. More information on our research topics and our team can be found on our group website - see link below.

16:17 [Pub][ePrint] Cold Boot Attacks in the Discrete Logarithm Setting, by Bertram Poettering and Dale L. Sibborn

  In a cold boot attack a cryptosystem is compromised by analysing a noisy version of its internal state. For instance, if a computer is rebooted the memory contents are rarely fully reset; instead, after the reboot an adversary might recover a noisy image of the old memory contents and use it as a stepping stone for reconstructing secret keys. While such attacks were known for a long time, they recently experienced a revival in the academic literature. Here, typically either RSA-based schemes or blockciphers are targeted.

We observe that essentially no work on cold boot attacks on schemes defined in the discrete logarithm setting (DL) and particularly for elliptic curve cryptography (ECC) has been conducted. In this paper we hence consider cold boot attacks on selected wide-spread implementations of DL-based cryptography. We first introduce a generic framework to analyse cold boot settings and construct corresponding key-recovery algorithms. We then study common in-memory encodings of secret keys (in particular those of the wNAF-based and comb-based ECC implementations used in OpenSSL and PolarSSL, respectively), identify how redundancies can be exploited to make cold boot attacks effective, and develop efficient dedicated key-recovery algorithms. We complete our work by providing theoretical bounds for the success probability of our attacks.

16:17 [Pub][ePrint] Universally Verifiable Multiparty Computation from Threshold Homomorphic Cryptosystems, by Berry Schoenmakers and Meilof Veeningen

  Multiparty computation can be used for privacy-friendly outsourcing of computations on private inputs of multiple parties. A computation is outsourced to several computation parties; if not too many are corrupted (e.g., no more than half), then they cannot determine the inputs or produce an incorrect output. However, in many cases, these guarantees are not enough: we need correctness even if /all/ computation parties may be corrupted; and we need that correctness can be verified even by parties that did not participate in the computation. Protocols satisfying these additional properties are called ``universally verifiable\'\'. In this paper, we propose a new security model for universally verifiable multiparty computation, and we present a practical construction, based on a threshold homomorphic cryptosystem. We also develop a multiparty protocol for jointly producing non-interactive zero-knowledge proofs, which may be of independent interest.

16:17 [Pub][ePrint] Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation, by Alexandra Boldyreva and Jean Paul Degabriele and Kenneth G. Paterson and Martijn Stam

  In recent years, a number of standardized symmetric encryption schemes

have fallen foul of attacks exploiting the fact that in some real world scenarios ciphertexts can be delivered in a fragmented fashion. We initiate the first general and formal study of the security of symmetric encryption against such attacks. We extend the SSH-specific work of Paterson and Watson (Eurocrypt 2010) to develop security models for the fragmented setting. We also develop security models to formalize the additional desirable properties of ciphertext boundary hiding and robustness against Denial-of-Service (DoS) attacks for schemes in this setting. We illustrate the utility of each of our models via efficient constructions for schemes using only standard cryptographic components, including constructions that simultaneously achieve confidentiality, ciphertext boundary hiding and DoS robustness.

02:17 [Job][New] 2 x Lectureships (equivalent to assistant professor) in Security of Cyber-Physical Systems, Security Lancaster Research Centre, Lancaster University, UK

  Cyber-physical systems (CPS) present the new frontier for security. The number of connected devices is expected to grow to 50 billion by the year 2020. This growth is being driven by innovations in the areas of smart cities, internet of things, body-area networks (in healthcare), smart grids and wearable sensors. With digital technologies becoming embedded in everyday objects and infrastructures, CPS offer both great opportunities and great problems of security for modern society. They raise major research challenges with regards to security of the data and information, the systems and infrastructures and the users interacting with them on a daily basis. The research agendas raised by these questions are interdisciplinary and can be tackled from a range of technical, behavioural and socio-economic perspectives. The proposed position will, therefore, be based in Security Lancaster, our inter-disciplinary research centre on Security and Protection Science.

Security Lancaster is one of only four flagship Lancaster Research Centres and was amongst the first 8 Academic Centres of Excellence in Cyber Security Research recognised by the UK government. With over 70 researchers, it is one of the few multi-disciplinary centres to tackle human and technological challenges to cyber security by integrating computer science researchers with expertise from social and behavioural sciences. The centre has a thriving PhD programme with over 30 current graduate students engaged in security research.

For these posts (equivalent to Assistant Professor) we are seeking a ‘rising star’ in security of cyber-physical systems, with a strong and growing international reputation, evidenced by excellent international publications in leading security journals and conferences.