International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

04:47 [Job][New] • Research Fellow/Postdoctoral Researcher in Applied Crypto, University of Auckland, Auckland, New Zealand

  The Computer Science department at the University of Auckland seeks a Research Fellow/Postdoctoral Researcher to join the cloud security team led by Dr Giovanni Russello.

This research will take place in a new MBIE-funded Cyber Security STRATUS (Security Technologies Returning Accountability, Transparency and User-centric Services to the Cloud) project and will be in collaboration with University of Waikato, UniTech, the Cloud Security Alliance, and several New Zealand-based industrial partners ( The aim is to research novel yet practical cloud security tools to be adopted by the industry partners.

The research conducted by the University of Auckland’s team will focus on applied cryptography for retrieval and processing of encrypted data in outsourced and untrusted environments. This involves a substantial program of research to develop, implement and apply to industrial case studies.

This is a full time post for a fixed-term of 2 years. Salary starts at 74,000 NZD per annum.

Applicants should have a PhD in computer science in a relevant field (cloud security with emphasis on crypto solutions) a demonstrable research interest in the area of applied crypto with emphasis in homomorphic encryption for encrypted data processing and retrieval focusing on cloud computing, and experience in designing, analysing, and efficiently implement novel crypto algorithms. Previous experience in the area of big data with emphasis on privacy/confidentiality would be advantageous.

Host Institution: The University of Auckland is New Zealand\'s leading university. In the 2013 QS survey, the Computer Science Department ranked 38th. The University of Auckland has a strong international focus and is the only New Zealand member of Universitas 21 and the Association of Pacific Rim Universities - international consortia of research-led universities. Auckland is ranked third out of 221 world citie

22:39 [Event][New] ISC: The Eighteenth Information Security Conference

  Submission: 27 April 2015
Notification: 12 June 2015
From September 9 to September 11
Location: Trondheim, Norway
More Information:

09:17 [Pub][ePrint] GCM Security Bounds Reconsidered, by Yuichi Niwa and Keisuke Ohashi and Kazuhiko Minematsu and Tetsu Iwata

  A constant of $2^{22}$ appears in the security bounds of the Galois/Counter Mode of Operation, GCM. In this paper, we first develop an algorithm to generate nonces that have a high counter-collision probability. We show concrete examples of nonces with the counter-collision probability of about $2^{20.75}/2^{128}$. This shows that the constant in the security bounds, $2^{22}$, cannot be made smaller than $2^{19.74}$ if the proof relies on ``the sum bound.\'\' We next show that it is possible to avoid using the sum bound, leading to improved security bounds of GCM. One of our improvements shows that the constant of $2^{22}$ can be reduced to 32.

09:17 [Pub][ePrint] A revocable anonymity in Tor, by Amadou Moctar Kane

  This new protocol is based on the idea of introducing a revocable anonymity in Tor, which was presented in our recent paper entitled \"Another Tor is possible\". Compared to that previous paper, this present scheme simplify the first protocol and reduce the power of the directory server, while maintaining the ability for the Tor community, to break the anonymity of a sender in case of misconduct.

We also take the opportunity of this paper, to appeal the majors internet companies, to help in the creation of a responsible Tor network (without pedophiles, spies, ....), by mixing billions of data flowing through their networks with those of Tor.

09:17 [Pub][ePrint] Quasi-Adaptive NIZK for Linear Subspaces Revisited, by Eike Kiltz and Hoeteck Wee

  Non-interactive zero-knowledge (NIZK) proofs for algebraic relations in a group, such as the Groth-Sahai proofs, are an extremely powerful tool in pairing-based cryptography. A series of recent works focused on obtaining very efficient NIZK proofs for linear spaces in a weaker quasi-adaptive model. We revisit recent quasi-adaptive NIZK constructions, providing clean, simple, and improved constructions via a conceptually different approach inspired by recent developments in identity-based encryption. We then extend our techniques also to linearly homomorphic structure-preserving signatures, an object both of independent interest and with many applications.

09:17 [Pub][ePrint] Salsa20 Cryptanalysis: New Moves and Revisiting Old Styles, by Subhamoy Maitra and Goutam Paul and Willi Meier

  In this paper, we revisit some existing techniques in Salsa20 cryptanalysis, and provide some new ideas as well. As a new result, we explain how a valid initial state can be obtained from a Salsa20 state after one round. This helps in studying the non-randomness of Salsa20 after 5 rounds. In particular, it can be seen that the 5-round bias reported by Fischer et al. (Indocrypt 2006) is a special case of our analysis. Towards improving the existing results, we revisit the idea of Probabilistic Neutral Bit (PNB) and how a proper choice of certain parameters reduce the complexity of the existing attacks. For cryptanalysis against 8-round Salsa20, we could achieve the key search complexity of $2^{247.2}$ compared to $2^{251}$ (FSE 2008) and

$2^{250}$ (ICISC 2012).

09:17 [Pub][ePrint] Efficient k-out-of-n oblivious transfer protocol, by wang qinglong

  A new k-out-of-n oblivious transfer protocol is presented in this paper. The communication cost of our scheme are n+1 messages of sender to receiver and k messages from the receiver to sender. To the best knowledge of the authors, the com-munication complexity of our scheme is the least. Also, our scheme has a lower computation cost with (k+1)n modular ex-ponentiations for sender and 3k modular exponentiations for the receiver. The security of our scheme is only based on the Decision Diffie-Hellman assumption. Further, we proved the sender\'s computational security and the receiver\'s uncondition-al security under standard model.

09:17 [Pub][ePrint] Efficient Format Preserving Encrypted Databases, by Prakruti C, Sashank Dara and V.N. Muralidhara

  We propose storage efficient SQL-aware encrypted databases that preserve the format of the fields. We give experimental results of storage improvements in CryptDB using FNR encryption scheme.

19:37 [Event][New] CyberSec2015: 4th Inter. Conf. on Cyber Security, Cyber Welfare, and Digital Forensic

  Submission: 29 September 2015
Notification: 10 October 2015
From October 29 to October 31
Location: Jakarta, Indonesia
More Information:

16:17 [Pub][ePrint] Statistical Properties of Multiplication mod $2^n$, by A. Mahmoodi Rishakani and S. M. Dehnavi and M. R. Mirzaee Shamsabad and Hamidreza Maimani and Einollah Pasha

  In this paper, we investigate some statistical properties of multiplication mod $2^n$ for cryptographic use.

For this purpose, we introduce a family of T-functions similar to modular multiplication, which we call

M-functions as vectorial Boolean functions. At first, we determine the joint probability distribution of

arbitrary number of the output of an M-function component bits. Then, we obtain the probability distribution

of the component Boolean functions of combination of a linear transformation with an M-function. After that,

using a new measure for computing the imbalance of maps, we show that the restriction of the output of an

M-function to its upper bits is asymptotically balanced.

16:17 [Pub][ePrint] Adaptively Secure Coin-Flipping, Revisited, by Shafi Goldwasser and Yael Tauman Kalai and Sunoo Park

  The full-information model was introduced by Ben-Or and Linial in 1985 to study collective coin-flipping: the problem of generating a common bounded-bias bit in a network of $n$ players with $t=t(n)$ faults. They showed that the majority protocol, in which each player sends a random bit and the output is the majority of the players\' bits, can tolerate $t(n)=O (\\sqrt n)$ even in the presence of \\emph{adaptive} corruptions, and they conjectured that this is optimal for such adversaries. Lichtenstein, Linial, and Saks proved that the conjecture holds for protocols in which each player sends only a single bit. Their result has been the main progress on the conjecture during the last 30 years.

In this work we revisit this question and ask: what about protocols where players can send longer messages? Can increased communication allow for a larger fraction of corrupt players?

We introduce a model of \\emph{strong adaptive} corruptions, in which an adversary sees all messages sent by honest parties in any given round and, based on the message content, decides whether to corrupt a party (and alter its message or sabotage its delivery) or not. This is in contrast to the (classical) adaptive adversary who can corrupt parties only based on past messages, and cannot alter messages already sent.

We prove that any one-round coin-flipping protocol, \\emph{regardless of message length}, can be secure against at most $\\widetilde{O}(\\sqrt n)$ strong adaptive corruptions. Thus, increased message length does not help in this setting.

We then shed light on the connection between adaptive and strongly adaptive adversaries, by proving that for any symmetric one-round coin-flipping protocol secure against $t$ adaptive corruptions, there is a symmetric one-round coin-flipping protocol secure against $t$ strongly adaptive corruptions. Going back to the standard adaptive model, we can now prove that any symmetric one-round protocol with arbitrarily long messages can tolerate at most $\\widetilde{O}(\\sqrt n)$ adaptive corruptions.

At the heart of our results there is a new technique for converting any one-round secure protocol with arbitrarily long messages into a secure one where each player sends only $\\polylog(n)$ bits. This technique may be of independent interest.