International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

20:35 [Job][New] One Postdoc and one PhD studentship, University of Strathclyde, UK

  Applications are invited for a Research Associate (postdoc) position and a PhD studentship.

You will work on the project “Practical Data-intensive Secure Computation: a Data Structural Approach”. This is a 4-year grant funded by the EPSRC. The aim of the project is to investigate how data structures can be used as an efficiency and scalability booster in the context of secure computation. You will design novel cryptographic data structures and associated protocols for efficient secure computation, as well as apply them in domains such as cloud computing and data mining in order to solve real-world security/privacy problems. The project has particular emphasis on putting theory into practice. There will be opportunities to collaborate with industrial research labs and other leading universities.

The RA position (Ref: 15884):

Application Closing Date: Friday, 1 May 2015

The candidate must have:

* a PhD (or equivalent) in a relevant area;

* a strong background in cryptography/security;

* good programming skills (C++/Java, parallel/GPU computing experience is a plus).

* good communication and time management skills.

Experience/knowledge in one or more of the following areas would be desirable but not essential: computer networks, operating systems, databases, statistics and data mining.

More information and online application form:

The PhD Studentship:

Full time, 3 years with a stipend + home fees. Students from outside of EU are eligible but need other funding sources to cover the difference between home fees and overseas fees.

Application Closing Date: until filled

Online Application Form:

The candidate must have:

* a first or upper second class honours degree, or a good master degree in a relevant area;

* good programming skills (C++/Java, parallel/

15:36 [Event][New] BCS 2015: 2nd Conference on Cryptography and Information Theory- BalkanCryptSec 2015

  Submission: 20 June 2015
Notification: 1 August 2015
From September 3 to September 4
Location: Koper, Slovenia
More Information:

12:17 [Pub][ePrint] Collision Attack on 4-branch, Type-2 GFN based Hash Functions using Sliced Biclique Cryptanalysis Technique, by Megha Agrawal and Donghoon Chang and Mohona Ghosh and Somitra Kumar Sanadhya

  In this work, we apply the sliced biclique cryptanalysis

technique to show 8-round collision attack on a hash function H

based on 4-branch, Type-2 Generalized Feistel Network (Type-2 GFN).

This attack is generic and works on 4-branch, Type-2 GFN with any

parameters including the block size, type of round function, the number of S-boxes in each round and the number of SP layers inside the round function. We first construct a 8-round distinguisher on 4-branch, Type-2 GFN and then use this distinguisher to launch 8-round collision attack on compression functions based on Matyas-Meyer-Oseas (MMO) and Miyaguchi-Preneel (MP) modes. The complexity of the attack on 128-bit compression function is 2^56. The attack can be directly translated to collision attack on MP and MMO based hash functions and pseudo-collision attack on Davies-Meyer (DM) based hash functions. When the round function F is instantiated with double SP layer, we show the first 8-round collision attack on 4-branch, Type-2 GFN with double SP layer based compression function. The previous best attack on this structure was a 6-round near collision attack shown by Sasaki at Indocrypt\'12. His attack cannot be used to generate full collisions on 6-rounds and hence our result can be regarded the best so far in literature on this structure.

12:17 [Pub][ePrint] Performance and Security Improvements for Tor: A Survey, by Mashael AlSabah and Ian Goldberg

  Tor [Dingledine et al. 2004] is the most widely used anonymity network today, serving millions of users on a daily basis using a growing number of volunteer-run routers. Since its deployment in 2003, there have been more than three dozen proposals that aim to improve its performance, security, and unobservability. Given the significance of this research area, our goal is to provide the reader with the state of current research directions and challenges in anonymous communication systems, focusing on the Tor network.We shed light on the design weaknesses and challenges facing the network and point out unresolved issues.

12:17 [Pub][ePrint] Key Recovery from State Information of Sprout: Application to Cryptanalysis and Fault Attack, by Subhamoy Maitra and Santanu Sarkar and Anubhab Baksi and Pramit Dey

  Abstract. Design of secure light-weight stream ciphers is an important area in cryptographic hardware & embedded systems and a very recent design by Armknecht and Mikhalev (FSE 2015) has received serious attention that uses shorter internal state and still claims to resist the time-memory-data-tradeoff (TMDTO) attacks. An instantiation of this design paradigm is the stream cipher named Sprout with 80-bit secret key. In this paper we cryptanalyze the cipher and refute various claims. The designers claim that the secret key of Sprout can not be recovered efficiently from the complete state information using a guess and determine attack. However, in this paper, we show that it is possible with a few hundred bits in practical time. More importantly, from around 850 key-stream bits, complete knowledge of NFSR (40 bits) and a partial knowledge of LFSR (around one third, i.e., 14 bits); we can obtain all the secret key bits. This cryptanalyzes Sprout with 2^{54} attempts (considering constant time complexity required by the SAT solver in each attempt, which is around 1 minute in a laptop). This is less than the exhaustive key search. Further, we show how related ideas can be employed to mount a fault attack against Sprout that requires around 120 faults in random locations (20 faults, if the locations are known), whereas the designers claim that such a fault attack may not be possible. Our cryptanalytic results raise quite a few questions about this design paradigm in general that should be revisited with greater care.

12:17 [Pub][ePrint] Fast Revocation of Attribute-Based Credentials for Both Users and Verifiers, by Wouter Lueks and Gergely Alpár and Jaap-Henk Hoepman and Pim Vullers

  Attribute-based credentials allow a user to prove properties about herself anonymously. Revoking such credentials, which requires singling them out, is hard because it is at odds with anonymity. All revocation schemes proposed to date either sacrifice anonymity altogether, require the parties to be online, or put high load on the user or the verifier. As a result, these schemes are either too complicated for low-powered devices like smart cards or they do not scale. We propose a new revocation scheme that has a very low computational cost for users and verifiers, and does not require users to process updates. We trade only a limited, but well-defined, amount of anonymity to make the first practical revocation scheme that is efficient at large scales and fast enough for smart cards.

12:17 [Pub][ePrint] One Time Programs with Limited Memory, by Konrad Durnoga and Stefan Dziembowski and Tomasz Kazana and Michał Zając

  We reinvestigate a notion of {\\em one-time programs} introduced in the CRYPTO 2008 paper by Goldwasser {\\it et~al.} A one-time program is a device containing a program $C$, with the property that the program $C$ can be executed on at most one input. Goldwasser {\\it et~al.}~show how to implement one-time programs on devices equipped with special hardware gadgets called {\\em one-time memory} tokens.

We provide an alternative construction that does not rely on the hardware gadgets. Instead, it is based on the following assumptions: (1) the total amount of data that can leak from the device is bounded, and (2) the total memory on the device (available both to the honest user and to the attacker) is also restricted, which is essentially the model used recently by Dziembowski {\\it et al.}\\ (TCC 2011, CRYPTO 2011) to construct one-time computable {\\em pseudorandom} functions and key-evolution schemes.

04:06 [Job][New] Summer Intern – M.A./M.S./Ph.D. student in Computer Science, Computer Engineering, or Applied Math, IBM Research – Almaden, 650 Harry Road, San Jose, CA 95120-6099, USA

  Design and develop security solutions utilizing vetted cryptographic primitives. Application areas include Internet of Things (IoT), sensors, cyber-physical systems, and cloud and cognitive computing. Architectures must meet security and privacy requirements that involve, in particular, device and/or user identity management under various constraints on connectivity, communications bandwidth, processing complexity, and power consumption.

The investigation may include the use of proxy devices to bridge secure authorized communications between IoT sensor endpoint nodes and data collection-, data processing/analyzing/aggregating-, and feedback/calibration- providing- systems. Robustness against various forms of denial of service should be considered.

3+ years of coding experience in C/C++ is required. Proficiency in programming devices such as Arduino, Raspberry Pi, and BeagleBone Black is a definite plus.

This is a 3-month position with flexible start/end dates during May - September 2015 time frame.

09:17 [Pub][ePrint] Improving GGH Public Key Scheme Using Low Density Lattice Codes, by Reza Hooshmand, Taraneh Eghlidos and Mohammad Reza Aref

  Goldreich-Goldwasser-Halevi (GGH) public key cryptosystem is an instance of lattice-based cryptosystems whose security is based on the hardness of lattice problems. In fact, GGH cryptosystem is the lattice version of the first code-based cryptosystem, proposed by McEliece. However, it has a number of drawbacks such as; large public key length and low security level. On the other hand, Low Density Lattice Codes (LDLCs) are the practical classes of linear codes which can achieve capacity on the additive white Gaussian noise (AWGN) channel with low complexity decoding algorithm. This paper introduces a public key cryptosystem based on LDLCs to withdraw the drawbacks of GGH cryptosystem. To reduce the key length, we employ the generator matrix of the used LDLC in Hermite normal form (HNF) as the public key. Also, by exploiting the linear decoding complexity of the used LDLC, the decryption complexity is decreased compared to GGH cryptosystem. These increased efficiencies allow us to use the bigger values of security parameters. Moreover, we exploit the special Gaussian vector whose variance is upper bounded by the Poltyrev limit as the perturbation vector. These techniques can resist the proposed scheme against the most efficient attacks to the GGH-like cryptosystems.

09:17 [Pub][ePrint] W-SPS: Designing a Wide-Area Secure Positioning System, by Der-Yeuan Yu and Aanjhan Ranganathan and Ramya Jayaram Masti and Claudio Soriente and Srdjan Capkun

  Motivated by the security and functional limitations of satellite positioning systems, we explore a design of a Wide-Area Secure Positioning System. The main goals of this system are strong spoofing resilience, location verification, and privacy. We propose a realization of a Wide-Area Secure Positioning System and show that this solution is viable and can fulfill our defined security goals. Specifically, our system is composed of a secure positioning infrastructure to obtain reliable location information of an entity and a location verification architecture that allows others to be convinced of certain location properties of such an entity. The proposed system enables the verification of location claims in a privacy-preserving manner, thus enhancing existing security solutions and supporting future location-based applications.

09:17 [Pub][ePrint] A Related-Key Chosen-IV Distinguishing Attack on Full Sprout Stream Cipher, by Yonglin Hao

  Sprout is a new lightweight stream cipher proposed at FSE 2015.

According to its designers, Sprout can resist time-memory-data trade-off (TMDTO) attacks with small internal state size.

However, we find a weakness in the updating functions of Sprout and propose a related-key chosen-IV distinguishing attack on full Sprout.

Our attack enable the adversary to distinguish detect non-randomness on full 320-round Sprout with a practical complexity (no more than $2^{20}$ key-IV pairs).