International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

18:06 [Job][New] Post-Doc, Ph.D., High Assurance Software Lab --- INESC TEC & Minho University

  The High Assurance Software Lab (HASLab) is an R&D unit at INESC TEC, a leading research institution in Portugal. The HASLab specialises in the rigorous development of software applications for critical systems and infrastructures, drawing on expertise in software engineering, dependable distributed systems, and cryptography and information security.

The HASLab has recently opened 10 positions for Post Doctoral researchers and 6 positions for Ph.D. students.

We are looking for Post Doctoral researchers that can be integrated into the activities of HASLab — in EU and national projects — and also lead their own research projects within the group, preferably in the following areas: source code analysis, testing and verification, formal methods, large scale data management, theory of cryptography or computer and network security.

A successful Post Doctoral candidate will be offered a package that may include up to 25K EUR/Year salary, health insurance, one Ph.D. grant and one internship grant for recruitment, as well as access to the HASLab travel and equipment funding schemes. Post-doc positions may be extended until up to 5 years.

18:06 [Job][New] Research Fellow / Post-doc, Nanyang Technological University (NTU), Singapore

  SYmmetric and Lightweight cryptography Lab (SYLLAB) at Nanyang Technological University (NTU), Singapore, is seeking candidates for 2 research fellow positions (from fresh post-docs to senior research fellows) in the areas of:

  • symmetric key cryptography
  • lightweight cryptography
  • side-channel attacks

Salaries are competitive and are determined according to the successful applicants accomplishments, experience and qualifications. Interested applicants should send their detailed CVs, cover letter and references to Thomas Peyrin (thomas.peyrin [at]

Review of applications starts immediately and will continue until positions are filled.

16:17 [Pub][ePrint] Lyra2: Password Hashing Scheme with improved security against time-memory trade-offs, by Marcos A. Simplicio Jr. and Leonardo C. Almeida and Ewerton R. Andrade and Paulo C. F. dos Santos and Paulo S.

  We present Lyra2, a password hashing scheme (PHS) based on cryptographic sponges. Lyra2 was designed to be strictly sequential (i.e., not easily parallelizable), providing strong security even against attackers that uses multiple processing cores (e.g., custom hardware or a powerful GPU). At the same time, it is very simple to implement in software and allows legitimate users to fine tune its memory and processing costs according to the desired level of security against brute force password-guessing. Lyra2 is an improvement of the recently proposed Lyra algorithm, providing an even higher security level against different attack venues and overcoming some limitations of this and other existing schemes.

16:17 [Pub][ePrint] Multi-keyword Similarity Search Over Encrypted Cloud Data, by Mikhail Strizhov and Indrajit Ray

  Searchable encryption allows one to upload encrypted documents on a remote honest-but-curious server and query that data at the server itself without requiring the documents to be decrypted prior to searching. In this work, we propose a novel secure and efficient multi-keyword similarity searchable encryption (MKSim) that returns the matching data items in a ranked ordered manner. Unlike all previous schemes, our search complexity is sublinear to the total number of documents that contain the queried set of keywords. Our analysis demonstrates that proposed scheme is proved to be secure against adaptive chosen-keyword attacks. We show that our approach is highly efficient and ready to be deployed in the real-world cloud storage systems.

23:11 [Job][New] Research Associate, Technische Universitaet Muenchen; Instiute for Security in Information Technology; Munich; Germany

  Our Institute is part of the TUM Department of Electrical and Computer Engineering. We develop innovative technologies for embedded systems, to counteract new threats in hardware security. Physical Unclonable Functions (PUFs) – as important new security elements – and countermeasures against side channel leakage and fault attacks are only two of the exciting topics in the focus of our institute’s research. Our teaching activities range from lectures on basics in cryptology to lab courses where students design secure embedded systems on their own.

For research in the field of Countermeasures against Attacks on Physical Unclonable Functions we are searching for the closest possible point in time for a

Research Associate (m/f)

for a full time position.

Your Tasks:

  • Carrying out your own research in the field of secure PUF concepts
  • Participation in industry-related and scientific research projects
  • Supervising students


    finished your master’s degree in Electrical Engineering, Computer Sciences or equivalent with outstanding grades.

  • have strong focus on security.
  • have profound knowledge in hardware attacks and counter measures
  • have a sound education in information theory and error correcting codes
  • are a creative thinking and independent working person, can work in teams, and are highly motivated.
  • like to work with students.
  • should have practical or theoretical previous knowledge on embedded systems.

We offer a very interesting position as research associate which is rich in variety and includes the ability to carry out a Doctoral thesis in engineering. With your research in the field of PUFs, you contribute to one of the main fields of the Institute for Security in Information Technology and are

22:17 [Pub][ePrint] Generalizing Efficient Multiparty Computation, by Bernardo David and Ryo Nishimaki and Samuel Ranellucci and Alain Tapp

  We focus on generalizing constructions of Batch Single-Choice Cut-And-Choose Oblivious Transfer and Multi-sender k-out-of-n Oblivious Transfer, which are at the core of efficient secure computation constructions proposed by Lindell \\textit{et al.} and the IPS compiler.

Our approach consists in showing that such primitives can be based on a much weaker and simpler primitive called Verifiable Oblivious Transfer (VOT) with low overhead. As an intermediate step we construct Generalized Oblivious Transfer from VOT. Finally, we show that Verifiable Oblivious Transfer can be obtained from a structure preserving oblivious transfer protocol (SPOT) through an efficient transformation that uses Groth-Sahai proofs and structure preserving commitments.

19:17 [Pub][ePrint] How to Bootstrap Anonymous Communication, by Sune K. Jakobsen and Claudio Orlandi

  We ask whether it is possible to anonymously communicate a large amount of data using only public (non-anonymous) communication together with a small anonymous channel. We think this is a central question in the theory of anonymous communication and to the best of our knowledge this is the first formal study in this direction.

To solve this problem, we introduce the concept of \\emph{anonymous steganography}: think of a leaker Lea who wants to leak a large document to Joe the journalist. Using anonymous steganography Lea can embed this document in innocent looking communication on some popular website (such as cat videos on \\emph{YouTube} or funny memes on \\emph{9GAG}). Then Lea provides Joe with a short key $k$ which, \\emph{when applied to the entire website}, recovers the document while hiding the identity of Lea among the large number of users of the website. Our contributions include:


\\item Introducing and formally defining \\emph{anonymous steganography},

\\item A construction showing that anonymous steganography is possible (which uses recent results in circuits obfuscation),

\\item A lower bound on the number of bits which are needed to bootstrap anonymous communication.


19:17 [Pub][ePrint] On Lightweight Stream Ciphers with Shorter Internal States, by Frederik Armknecht and Vasily Mikhalev

  To be resistant against certain time-memory-data-tradeoff (TMDTO) attacks, a common rule of thumb says that the internal state size of a stream cipher should be at least twice the security parameter. As memory gates are usually the most area and power consuming components, this implies a sever limitation with respect to possible lightweight implementations.

In this work, we revisit this rule. We argue that a simple shift in the established design paradigm, namely to involve the fixed secret key not only in the initialization process but in the keystream generation phase as well, enables stream ciphers with smaller area size for two reasons. First, it improves the resistance against the mentioned TMDTO attacks which allows to choose smaller state sizes. Second, one can make use of the fact that storing a fixed value (here: the key) requires less area size than realizing a register of the same length. We demonstrate the feasibility of this approach by describing and implementing a concrete stream cipher Sprout which uses significantly less area than comparable existing lightweight stream ciphers.

19:17 [Pub][ePrint] Homomorphic Computation of Edit Distance, by Jung Hee Cheon and Miran Kim and Kristin Lauter

  These days genomic sequence analysis provides a key way of understanding the biology of an organism. However, since these sequences contain much private information, it can be very dangerous to reveal any part of them. It is desirable to protect this sensitive information when performing sequence analysis in public. As a first step in this direction, we present a method to perform the edit distance algorithm on encrypted data to obtain an encrypted result. In our approach, the genomic data owner provides only the encrypted sequence, and the public commercial cloud can perform the sequence analysis without decryption. The result can be decrypted only by the data owner or designated representative holding the decryption key.

In this paper, we describe how to calculate edit distance on encrypted data with a somewhat homomorphic encryption scheme and analyze its performance. More precisely, given two encrypted sequences of lengths $n$ and $m$, we show that a somewhat homomorphic scheme of depth $\\bigo((n+m) \\log\\log (n+m))$ can evaluate the edit distance algorithm in $\\bigo(nm \\log (n+m))$ homomorphic computations. In the case of $n=m$, the depth can be brought down to $\\bigo(n)$ using our optimization technique. Finally, we present the estimated performance of the edit distance algorithm and verify it by implementing it for short DNA sequences.

19:17 [Pub][ePrint] Private Computation on Encrypted Genomic Data, by Kristin Lauter and Adriana Lopez-Alt and Michael Naehrig

  A number of databases around the world currently host a wealth of genomic data that is invaluable to researchers conducting a variety of genomic studies. However, patients who volunteer their genomic data run the risk of privacy invasion. In this work, we give a cryptographic solution to this problem: to maintain patient privacy, we propose encrypting all genomic data in the database. To allow meaningful computation on the encrypted data, we propose using a homomorphic encryption scheme.

Specifically, we take basic genomic algorithms which are commonly used in genetic association studies and show how they can be made to work on encrypted genotype and phenotype data. In particular, we consider the Pearson Goodness-of-Fit test, the D\' and r^2-measures of linkage disequilibrium, the Estimation Maximization (EM) algorithm for haplotyping, and the Cochran-Armitage Test for Trend. We also provide performance numbers for running these algorithms on encrypted data.

19:17 [Pub][ePrint] From Related-Key Distinguishers to Related-Key-Recovery on Even-Mansour Constructions, by Pierre Karpman

  We show that the distinguishing attacks on Even-Mansour block ciphers

in the related key model can easily be converted into extremely efficient key recovery attacks.

This includes in particular all iterated Even-Mansour constructions with independent keys.

We apply this observation to the Caesar candidate Prøst-OTR and are able to recover the whole key with a number of requests linear in its size. This improves on recent forgery attacks in a similar setting.