International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

10:17 [Pub][ePrint] On the behaviors of affine equivalent Sboxes regarding differential and linear attacks, by Anne Canteaut and Joëlle Roué

  This paper investigates the effect of affine transformations of the Sbox on the maximal expected differential probability MEDP and linear potential MELP over two rounds of a substitution-permutation network, when the diffusion layer is linear over the finite field defined by the Sbox alphabet. It is mainly motivated by the fact that the 2-round MEDP and MELP of the AES both increase when the AES Sbox is replaced by the inversion in $GF(2^8)$. Most notably, we give new upper bounds on these two quantities which are not invariant under affine equivalence. Moreover, within a given equivalence class, these new bounds are maximal when the considered Sbox is an involution. These results point out that different Sboxes within the same affine equivalence class may lead to different two-round MEDP and MELP. In particular, we exhibit some examples where the basis chosen for defining the isomorphism between $GF(2)^m$ and $GF(2^m)$ affects these values.

For Sboxes with some particular properties, including all Sboxes of the form $A(x^s)$ as in the AES, we also derive some lower and upper bounds for the 2-round MEDP and MELP which hold for any MDS linear layer.

10:17 [Pub][ePrint] Practical Compact E-Cash with Arbitrary Wallet Size, by Patrick Märtens

  Compact e-cash schemes allow users to withdraw a wallet containing $K$ coins and to spend each coin unlinkably. We present the first compact e-cash scheme with arbitrary wallet size $k \\leq K$ while the spending protocol is of constant time and space complexity.

Known compact e-cash schemes are constructed from either verifiable random functions or bounded accumulators. We use both building blocks to construct the new scheme which is secure under the $q$-SDH, the $y$-DDHI and the SXDH assumptions in the random oracle


10:17 [Pub][ePrint] Revisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives, by David Derler and Christian Hanser and Daniel Slamanig

  Cryptographic accumulators allow to accumulate a finite set of values into a single succinct accumulator. For every accumulated value, one can efficiently compute a witness, which certifies its membership in the accumulator. However, it is computationally infeasible to find a witness for any non-accumulated value. Since their introduction, various accumulator schemes for numerous practical applications and with different features have been proposed. Unfortunately, to date there is no unifying model capturing all existing features. Such a model can turn out to be valuable as it allows to use accumulators in a black-box fashion.

To this end, we propose a unified formal model for (randomized) cryptographic accumulators which covers static and dynamic accumulators, their universal features and includes the notions of undeniability and indistinguishability. Additionally, we provide an exhaustive classification of all existing schemes. In doing so, it turns out that most accumulators are distinguishable. Fortunately, a simple, light-weight generic transformation allows to make many existing dynamic accumulator schemes indistinguishable. As this transformation, however, comes at the cost of reduced collision freeness, we additionally propose the first indistinguishable scheme that does not suffer from this shortcoming. Finally, we employ our unified model for presenting a black-box construction of commitments from indistinguishable accumulators as well as a black-box construction of indistinguishable, undeniable universal accumulators from zero-knowledge sets. Latter yields the first universal accumulator construction that provides indistinguishability.

10:17 [Pub][ePrint] Structural Weaknesses in the Open Smart Grid Protocol, by Klaus Kursawe and Christiane Peters

  The Open Smart Grid Protocol (OSGP) is currently deployed in various European countries in large-scale Smart Metering projects. The protocol was developed by the OSGP Alliance and published as a standard by the European Telecommunications Standards Institute (ETSI).

We identify several security issues in the OSG Protocol, primarily the use of a weak digest function and the way the protocol utilizes the RC4 algorithm for encryption. A straight-forward oracle attack triggers the leakage of key material of the digest function. We outline how an attacker can make use of the simple protocol structure to send maliciously altered messages with valid authentication tags to the meters.

The results of our analysis have been made available to the manufacturer the beginning of 2014, and mitigation strategies have been discussed with the vendor and utilities.

13:13 [Job][New] Research scientist & post-doc, Advanced Digital Sciences Center, Singapore

  We are actively seeking competent researchers for the project \"A Cyber-Physical Approach to Securing Urban Transportation Systems\" - Future cities will increasingly be smart, providing an environment where people\'s everyday lives are supported by various cyber-physical infrastructures including urban transportation systems. ADSC will develop new security technologies for urban transportation systems and make fundamental breakthroughs in cyber security research through collaboration with Singapore\'s Institute for Infocomm Research (I2R), Singapore University of Technology and Design (SUTD), and industry partners.

13:10 [Job][New] Post-doctorate in Information and Network Security, The Information Security Centre of Excellence, University of New Brunswick, Fredericton, Canada

  The Information Security Centre of Excellence (ISCX) is seeking a full-time postdoctoral fellow to work with Dr. Natalia Stakhanova to carry out research & development activities in the areas of Critical infrastructure protection and Network Security. The Center is a vibrant research centre known for its active collaboration with industry.

Applicants should have an expertise in one or more of the following research areas:

• Network Security, and network technologies and tools.

• Security of Critical infrastructure

• Malware analysis

The post-doc appointment is for one year and can be extended for up to three more years depending upon the availability of funding.

Applications will be considered until the available position is filled. To apply submit your CV via email to Dr. Natalia Stakhanova


03:30 [Job][New] PostDoc on Vehicular Networking Security, Institute of Distributed Systems, Ulm University, Germany

  You are expected to support and strengthen our research activities in the area of security and privacy in Intelligent Transport Systems (ITS) and vehicular networking. In addition, you may contribute to topics like high-speed networking and physical-layer security. You will work in ongoing projects, as well as contribute to new project proposals. You will be involved in project management and support the supervision of PhD candidates.

The ideal candidate has experience in ITS security or vehicular networking, which is docu­mented by high-quality publications, a Ph.D. degree in computer science or a closely related discipline from an internationally renowned university, and a strong motivation to become part of our team. Proficient knowledge of written and spoken English is required. Conversational German skills are an advantage.

14:30 [Event][New] ICISS 2015: 11th International Conference on Information Systems Security

  Submission: 29 July 2015
Notification: 15 September 2015
From December 16 to December 20
Location: Kolkata, India
More Information:

07:17 [Pub][ePrint] On the Difficulty of Securing Web Applications using CryptDB, by İhsan Haluk AKIN and Berk Sunar

  CryptDB has been proposed as a practical and secure

middleware to protect databases deployed on semi-honest

cloud servers. While CryptDB provides sufficient protection

under Threat-1, here we demonstrate that when CryptDB is

deployed to secure the cloud hosted database of a realistic web

application, an attacker to database or a Malicious Database

Administrator (mDBA) can easily steal information, and even

escalate his privilege to become the administrator of the

web application. Our attacks, fall under a restricted form

of Threat-2 where we only assume that the attackers or the

mDBA tampers with the CryptDB protected database and is

opens an ordinary user account through the web application.

Our attacks, are carried out assuming perfectly secure proxy

and application servers. Therefore, the attacks work without

recovering the master key residing on the proxy server. At

the root of the attack lies the lack of any integrity checks

for the data in the CryptDB database. We propose a number

of practical countermeasures to mitigate attacks targeting the

integrity of the CryptDB database. We also demonstrate that

the data integrity is not sufficient to protect the databases,

when query integrity and frequency attacks are considered.

02:59 [Event][New] ECTCM 2015: Third International Workshop on Emerging Cyberthreats and Countermeasures

  Submission: 31 March 2015
From August 24 to August 28
Location: Toulouse, France
More Information:

01:17 [Pub][ePrint] Amortizing Garbled Circuits, by Yan Huang and Jonathan Katz and Vladimir Kolesnikov and Ranjit Kumaresan and Alex J. Malozemoff

  We consider secure two-party computation in a multiple-execution setting, where two parties wish to securely evaluate the same circuit multiple times. We design efficient garbled-circuit-based two-party protocols secure against malicious adversaries. Recent works by Lindell (Crypto 2013) and Huang-Katz-Evans (Crypto 2013) have obtained optimal complexity for cut-and-choose performed over garbled circuits in the single execution setting. We show that it is possible to obtain much lower amortized overhead for cut-and-choose in the multiple-execution setting.

Our efficiency improvements result from a novel way to combine a recent technique of Lindell (Crypto 2013) with LEGO-based cut-and-choose techniques (TCC 2009, Eurocrypt 2013). In concrete terms, for 40-bit statistical security we obtain a 2x improvement (per execution) in communication and computation for as few as 7 executions, and require only 8 garbled circuits (i.e., a 5x improvement) per execution for as low as 3500 executions. Our results suggest the exciting possibility that secure two-party computation in the malicious setting can be less than an order of magnitude more expensive than in the semi-honest setting.