International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

03:08 [PhD][New] Przemyslaw Sokolowski: Contributions to cryptanalysis: design and analysis of cryptographic hash functions

  Name: Przemyslaw Sokolowski
Topic: Contributions to cryptanalysis: design and analysis of cryptographic hash functions
Category: secret-key cryptography


A cryptographic hash function is a mechanism producing a fixed-length output of a message of arbitrary length. It fulfills a collection of security requirements guaranteeing that a hash function does not introduce any weakness into the system to which it is applied. The example applications of cryptographic hash functions include digital signatures and message authentication codes. This thesis analyzes cryptographic hash functions and studies the design principles in the construction of secure cryptographic hash functions.

We investigate the problem of building hash functions from block ciphers and the security properties of different structures used to design compression functions. We show that we can build open-key differential distinguishers for Crypton, Hierocrypt-3, SAFER++ and Square. We know that our attack on SAFER++ is the first rebound attack with standard differentials. To demonstrate the efficiency of proposed distinguishers, we provide formal proof of a lower bound for finding a differential pair that follows a truncated differential in the case of a random permutation. Our analysis shows that block ciphers used as the underlying primitive should also be analyzed in the open-key model to prevent possible collision attacks.

We analyze the IDEA-based hash functions in a variety of cipher modes. We present practical complexity collision search attacks and preimage attacks, where we exploit a null weak-key and a new non-trivial property of IDEA. We prove that even if a cipher is considered secure in the secret-key model, one has to be very careful when using it as a building block in the hashing modes.

Finally, we investigate the recent rotational analysis. We show how to extend the rotational analysis to subtractions, shifts, bit-wise Boolean functions, multi additions and multi subtractions. In particular, we develop formulae for calculation of probabilities of preserving the rotation property for multiple modular additions and subtra[...]

13:11 [Event][New] SECITC'15: 8th International Conference on Security for Information Technology & Comm.

  Submission: 20 March 2015
Notification: 20 April 2015
From June 11 to June 7
Location: Bucharest, Romania
More Information:

05:37 [Event][New] MSPN�2015: International Conference on Mobile, Secure and Programmable Networking

  Submission: 20 March 2015
Notification: 13 April 2015
From June 15 to June 17
Location: Paris, France
More Information:

05:37 [Event][New] MSPN’2015: International Conference on Mobile, Secure and Programmable Networking

  Submission: 20 March 2015
Notification: 13 April 2015
From June 15 to June 17
Location: Paris, France
More Information: http://

13:07 [Event][New] WISTP'2015: The 9th WISTP International Conference on Information Security Theory and P

  Submission: 10 April 2015
Notification: 30 May 2015
From August 24 to August 25
Location: Heraklion, Crete, Greece
More Information:

08:08 [Event][New] Summer School on Fully Homomorphic Encryption and Multi-Linear Maps

  From October 12 to October 16
Location: Paris, France
More Information:

07:17 [Pub][ePrint] On the security margin of MAC striping, by Thomas Eisenbarth and Aaron Meyerowitz and Rainer Steinwandt

  MAC striping has been suggested as a technique to authenticate encrypted payloads using short tags. For an idealized MAC scheme, the probability of a selective forgery has been estimated as $\\binom{\\ell+m}{m}^{-1}\\cdot 2^{-m}$, when utilizing MAC striping with $\\ell$-bit payloads and $m$-bit tags. We show that this estimate is too optimistic. For $m\\le\\ell$ and any payload, we achieve a selective forgery with probability $\\ge \\binom{\\ell+m}{m}^{-1}$, and usually many orders of magnitude more than that.

07:17 [Pub][ePrint] Structural Evaluation by Generalized Integral Property, by Yosuke Todo

  In this paper, we show structural cryptanalyses against two popular networks, i.e., the Feistel Network and the Substitute-Permutation Network (SPN). Our cryptanalyses are distinguishing attacks by an improved integral distinguisher. The integral distinguisher is one of the most powerful attacks against block ciphers, and it is usually constructed by evaluating the propagation characteristic of integral properties, e.g., the ALL or BALANCE property. However, the integral property does not derive useful distinguishers against block ciphers with non-bijective functions and bit-oriented structures. Moreover, since the integral property does not clearly exploit the algebraic degree of block ciphers, it tends not to construct useful distinguishers against block ciphers with low-degree functions. In this paper, we propose a new property called {\\it the division property}, which is the generalization of the integral property. It can effectively construct the integral distinguisher even if the block cipher has non-bijective functions, bit-oriented structures, and low-degree functions. From viewpoints of the attackable number of rounds or chosen plaintexts, the division property can construct better distinguishers than previous methods. Although our attack is a generic attack, it can improve several integral distinguishers against specific cryptographic primitives. For instance, it can reduce the required number of chosen plaintexts for the 10-round distinguisher on Keccak-f from $2^{1025}$ to $2^{515}$. For the Feistel cipher, it theoretically proves that Simon 32, 48, 64, 96, and 128 have 9-, 11-, 11-, 13-, and 13-round integral distinguishers, respectively.

07:17 [Pub][ePrint] Related-Key Forgeries for Prøst-OTR, by Christoph Dobraunig and Maria Eichlseder and Florian Mendel

  We present a forgery attack on Prøst-OTR in a related-key setting. Prøst is a family of authenticated encryption algorithms proposed as candidates in the currently ongoing CAESAR competition, and Prøst-OTR is one of the three variants of the Prøst design. The attack exploits how the Prøst permutation is used in an Even-Mansour construction in the Feistel-based OTR mode of operation. Given the ciphertext and tag for any two messages under two related keys K and K + Delta with related nonces, we can forge the ciphertext and tag for a modified message under K. If we can query ciphertexts for chosen messages under K + Delta, we can achieve almost universal forgery for K. The computational complexity is negligible.

06:26 [Job][New] Research Fellows (2 Openings), Cyber Security Researchers of Waikato (CROW), University of Waikato

  2 Research Fellow Openings, Department of Computer Science, Faculty of Computing and Mathematical Sciences

We have two fixed-term positions available to be a part of an exciting new MBIE-funded Cyber Security STRATUS (Security Technologies Returning Accountability, Transparency and User-centric Services to the Cloud) project, led by the Faculty’s CROW (Cyber Security Researchers of Waikato) Research Group (

STRATUS will deliver a platform of user-empowering cloud security software, human capability and technical resources easily accessible by a broad range of NZ industry and government organisations.

You will have a PhD in Computer Science or a related field in an active area of research and will have demonstrated the ability to sustain a successful quality research programme. You will be expected to enhance the Department’s research environment, technology commercialisation process, and to produce high quality research and publications in computer security and Cloud computing as a part of this externally funded programme.

In addition to the requirements above, preference will be given to those with experience in data provenance, network security, digital forensics, linked data visualisation, data mining, applied cryptography and/or related areas.

Current salary range for Research Fellows is NZ$67,477 to $82,383 per year.

Fixed-term for three years.

Closing date: 6 March 2015 (NZ time) Vacancy number: 350045

For more information and to apply, visit

10:17 [Pub][ePrint] Key Recovery Attack against an NTRU-type Somewhat Homomorphic Encryption Scheme, by Massimo Chenal, Qiang Tang

  In this note, we present our key recovery attacks against NTRU-type somewhat homomorphic encryption schemes.