International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

20:18 [PhD][Update] Jian Guo: Analysis of Cryptographic Hash Functions

  Name: Jian Guo
Topic: Analysis of Cryptographic Hash Functions
Category:secret-key cryptography

Description: This thesis concentrates on analysis of cryptographic hash functions, one of the most important primitives used in the modern cryptography. We start with an introduction of the cryptographic hash functions, and a survey on the development of the cryptanalysis tools. To enrich the cryptanalysts’ toolbox, we developed several interesting techniques under the framework of differential cryptanalysis, and applied them to LAKE, BLAKE, ARIRANG and BMW to ?nd collisions. We also improved the meet-in-the-middle preimage attacks, one of the most powerful techniques for breaking one-wayness of many functions, and applied these techniques to SHA-2, Tiger, MD4, and HAVAL to ?nd preimages. All these techniques await for further development and applications to other hash functions including the candidates in current SHA-3 competition.[...]

13:17 [Pub][ePrint] CamlCrush: A PKCS\\#11 Filtering Proxy, by R. Benadjila and T. Calderon and M. Daubignard

  PKCS\\#11 is a very popular cryptographic API: it is the standard used by many Hardware Security Modules, smartcards and software cryptographic tokens. Several attacks have been uncovered against

PKCS\\#11 at different levels: intrinsic logical flaws, cryptographic

vulnerabilities or severe compliance issues. Since affected hardware remains widespread in computer infrastructures, we propose a user-centric and pragmatic approach for secure usage of vulnerable devices.

We introduce \\textit{Caml Crush}, a PKCS\\#11 filtering proxy. Our solution allows to dynamically protect PKCS\\#11 cryptographic tokens from state of the art attacks. This is the first approach that is immediately applicable to commercially available products. We provide a fully functional open source implementation with an extensible filter engine effectively shielding critical resources. This yields additional advantages to using \\textit{Caml Crush} that go beyond classical PKCS\\#11 weakness mitigations.

13:17 [Pub][ePrint] Optimally Efficient Multi-Party Fair Exchange and Fair Secure Multi-Party Computation, by Handan Kılınç and Alptekin Küpçü

  Multi-party fair exchange (MFE) and fair secure multi-party computation (fair SMPC) are under-studied fields of research, with practical importance. We examine MFE scenarios where every participant has some item, and at the end of the proto- col, either every participant receives every other participant\'s item, or no participant receives anything. This is a particularly hard scenario, even though it is directly ap- plicable to protocols such as fair SMPC or multi-party contract signing. We further generalize our protocol to work for any exchange topology. We analyze the case where a trusted third party (TTP) is optimistically available, although we emphasize that the trust put on the TTP is only regarding the fairness, and our protocols preserve the privacy of the exchanged items even against a malicious TTP.

We construct an asymptotically optimal (for the complete topology) multi-party fair exchange protocol that requires a constant number of rounds, in comparison to linear, and O(n^2) messages, in comparison to cubic, where n is the number of par- ticipating parties. We enable the parties to efficiently exchange any item that can be efficiently put into a verifiable escrow (e.g., signatures on a contract). We show how to apply this protocol on top of any SMPC protocol to achieve a fairness guarantee with very little overhead, especially if the SMPC protocol works with arithmetic cir- cuits. Our protocol guarantees fairness in its strongest sense: even if all n − 1 other participants are malicious and colluding, fairness will hold.

13:17 [Pub][ePrint] A lightweight-friendly modifcation of GOST block cipher, by Andrey Dmukh and Denis Dygin and Grigory Marshalko

  We study the possibility of GOST block cipher modifcation in such way, that

it would resist Isobe and Dinur-Dunkelman-Shamir attacks, and, at the same time,

would be still lightweight-friendly.

13:17 [Pub][ePrint] Arithmetic Addition over Boolean Masking - Towards First- and Second-Order Resistance in Hardware, by Tobias Schneider and Amir Moradi and Tim Güneysu

  A common countermeasure to thwart side-channel analysis attacks is algorithmic masking. For this, algorithms that mix Boolean and arithmetic operations need to either apply two different masking schemes with secure conversions or use dedicated arithmetic units that can process Boolean masked values. Several proposals have been published that can realize these approaches securely and efficiently in software. But to the best of our knowledge, no hardware design exists that fulfills relevant properties such as efficiency and security at the same time.

In this paper, we present two design strategies to realize a secure and efficient arithmetic adder for Boolean-masked values. First, we introduce an architecture based on the ripple-carry adder that targets low-cost applications. The second architecture is based on a pipelined Kogge-Stone adder and targets high-performance applications. In particular, all our implementations adopt the threshold implementation approach to improve their resistance against SCA attacks even in the presence of glitches. We evaluated the security of our designs practically against SCA using a non-specific statistical t-test. Based on our analysis, we show that our constructions not only achieve resistance against first- and (univariate) second-order attacks but also require fewer random bits per operation compared to any existing software-based approach.

13:17 [Pub][ePrint] An Alternative Approach to Non-black-box Simulation in Fully Concurrent Setting, by Susumu Kiyoshima

  We give a new proof of the existence of public-coin concurrent zero-knowledge arguments for NP in the plain model under standard assumptions (the existence of one-to-one one-way functions and collision-resistant hash functions), which was originally proven by Goyal (STOC\'13).

In the proof, we use a new variant of the non-black-box simulation technique of Barak (FOCS\'01). An important property of our simulation technique is that the simulator runs in a straight-line manner in the fully concurrent setting. Compared with the simulation technique of Goyal, which also has such a property, the analysis of our simulation technique is (arguably) simpler.

13:17 [Pub][ePrint] A Generic Approach to Invariant Subspace Attacks: Cryptanalysis of Robin, iSCREAM and Zorro, by Gregor Leander and Brice Minaud and Sondre Rønjom

  Invariant subspace attacks were introduced at CRYPTO 2011 to cryptanalyze PRINTcipher. The invariant subspaces for PRINTcipher were discovered in an ad hoc fashion, leaving a generic technique to discover invariant subspaces in other ciphers as an open problem. Here, based on a rather simple observation, we introduce a generic algorithm to detect invariant subspaces. We apply this algorithm to the CAESAR candidate iSCREAM, the closely related LS-design Robin, as well as the lightweight cipher Zorro. For all three candidates invariant subspaces were detected, and result in practical breaks of the ciphers. A closer analysis of independent interest reveals that these invariant subspaces are underpinned by a new type of self-similarity property. For all ciphers, our strongest attack shows the existence of a weak key set of density $2^{-32}$. These weak keys lead to a simple property on the plaintexts going through the whole encryption process with probability one. All our attacks have been practically verified on reference implementations of the ciphers.

13:17 [Pub][ePrint] On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key Attacks, by Benoît Cogliati and Yannick Seurin

  The iterated Even-Mansour cipher is a construction of a block cipher from $r$ public permutations $P_1,\\ldots,P_r$ which abstracts in a generic way the structure of key-alternating ciphers. The indistinguishability of this construction from a truly random permutation by an adversary with oracle access to the inner permutations $P_1,\\ldots,P_r$ has been investigated in a series of recent papers. This construction has also been shown to be (fully) indifferentiable from an ideal cipher for a sufficient number of rounds (five or twelve depending on the assumptions on the key-schedule). In this paper, we extend this line of work by considering the resistance of the iterated Even-Mansour cipher to xor-induced related-key attacks (i.e., related-key attacks where the adversary is allowed to xor any constant of its choice to the secret key) and to chosen-key attacks. For xor-induced related-key attacks, we first provide a distinguishing attack for two rounds, assuming the key-schedule is linear. We then prove that for a linear key-schedule, three rounds yield a cipher which is secure against xor-induced related-key attacks up to $O(2^{\\frac{n}{2}})$ queries of the adversary, whereas for a nonlinear key-schedule, one round is sufficient to obtain a similar security bound. We also show that the iterated Even-Mansour cipher with four rounds offers some form of provable resistance to chosen-key attacks, which is the minimal number of rounds to achieve this property. The main technical tool that we use to prove this result is \\emph{sequential indifferentiability}, a weakened variant of (full) indifferentiability introduced by Mandal \\emph{et al.} (TCC~2010).

08:06 [Event][New] ICISC 2015: 18th International Conference on Information Security and Cryptology

  Submission: 31 August 2015
From November 25 to November 27
Location: Seoul, Korea
More Information:

23:18 [Job][New] Assistant Professor, Kyushu University, Fukuoka (Japan)

  The Institute of Mathematics for Industry at Kyushu University (Fukuoka, JAPAN) invites applications for ONE ASSISTANT PROFESSOR POSITION (`Jyokyo` in Japanese) beginning April 2015. Candidates in all areas of mathematical cryptography who are interested in applications of mathematics to, and collaboration with, industry will be considered. We are looking for candidates, who possess a strong record of research achievements and expertise related to mathematical cryptography such as theory of cryptography, number theory, representation theory, computer algebra, quantum computation, graph theory, combinatorics, and so on. The selection will be based on the past achievements and/or the potential of the candidates to work in the area of mathematical cryptography.

Kyushu University is one of the major seven national universities in Japan, located in Fukuoka in the western part of Japan. The Institute of Mathematics for Industry ( consists of approximately 25 members, who are active in various areas of pure and applied mathematics and also in collaboration with industry.

For full information about the position and the application procedure, visit the URL below.

23:18 [Job][New] Post-doctoral Researcher and Researcher positions, Microsoft Research, Redmond, Washington

  The Cryptography Research group at Microsoft Research in Redmond seeks outstanding applicants for Post-doctoral Researcher and Researcher positions in all areas of cryptography. Post-doctoral Researcher positions start in summer 2015 and are for a term of 2 years. Required qualifications include a PhD in computer science or mathematics and experience in cryptography research. Particular areas of interest include: Secure Multi-party Computation, Searchable Encryption, and Homomorphic Encryption. Areas of interest in mathematics include lattice-based cryptography, cyclotomic number fields, elliptic-curve cryptography, pairing-based cryptography, factoring, discrete log, algorithmic number theory.