International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

09:17 [Pub][ePrint] Linearization of Multi-valued Nonlinear Feedback Shift Registers, by Haiyan Wang, Jianghua Zhong, Dongdai Lin

  The Linearization of Nonlinear feedback shift registers (NFSRs) is to find their state transition matrices. In this paper,

we investigate the linearization multi-valued NFSRs by considering it as a logical network via a semi-tensor product approach.

A new state transition matrix is found for an multi-valued NFSR, which can be simply computed from the truth table of its

feedback function, and the new state transition matrix is easier to compute and is more explicit. First, a linear representation of a

multi-valued NFSR is given, based on which several necessary and sufficient conditions for the nonsingularity are given. Then,

some properties of the state transition matrice are provided, which are helpful to theoretically analyze NFSRs. Finally, we give

properties of a maximum length multi-valued NFSR and the linear representation of the general structure of an n-bit shift register

with updating functions.

09:17 [Pub][ePrint] Stability and Linearization of Multi-valued Nonlinear Feedback Shift Registers, by Haiyan Wang , Dongdai Lin

  In this paper, we study stability and linearization of multi-

valued nonlinear feedback shift registers which are considered as logic

networks. First, the linearization of multi-valued nonlinear feedback shift

registers (NFSRs) is discussed, which is to nd their state transition ma-

trices by considering it as a logical network via a semi-tensor product ap-

proach. For a multi-valued NFSR, the new state transition matrix which

can be simply computed from the truth table of its feedback function is

more explicit. Second, based on the linearization theory of multi-valued

NFSRs, we investigate the stability of multi-valued NFSRs, and some suf-

cient and necessary conditions are provided for globally (locally) stable

multi-valued NFSRs. Finally, some examples are presented to show the

eectiveness of the proposed results.

09:17 [Pub][ePrint] Tornado Attack on RC4 with Applications to WEP \\& WPA, by Pouyan Sepehrdad and Petr Susil and Serge Vaudenay and Martin Vuagnoux

  In this paper, we construct several tools for building and manipulating pools of biases in the analysis of RC4. We report extremely fast and optimized active and passive attacks against IEEE 802.11 wireless communication protocol WEP and a key recovery and a distinguishing attack against WPA. This was achieved through a huge amount of theoretical and experimental analysis (capturing WiFi packets), refinement and optimization of all the former known attacks and methodologies against RC4 stream cipher in WEP and WPA modes. We support all our claims on WEP by providing an implementation of this attack as a publicly available patch on Aircrack-ng. Our new attack improves its success probability drastically. Our active attack, based on ARP injection, requires 22500 packets to gain success probability of 50\\% against a 104-bit WEP key, using Aircrack-ng in non-interactive mode. It runs in less than 5 seconds on an off-the-shelf PC. Using the same number of packets, Aicrack-ng yields around 3\\% success rate. Furthermore, we describe very fast passive only attacks by just eavesdropping TCP/IPv4 packets in a WiFi communication. Our passive attack requires 27500 packets. This is much less than the number of packets Aircrack-ng requires in active mode (around 37500), which is a huge improvement. Deploying a similar theory, we also describe several attacks on WPA. Firstly, we describe a distinguisher for WPA with complexity 2^{42} and advantage 0.5 which uses 2^{42} packets. Then, based on several partial temporary key recovery attacks, we recover the full 128-bit temporary key of WPA by using 2^{42} packets. It works with complexity 2^{96}. So far, this is the best key recovery attack against WPA. We believe that our analysis brings on further insight to the security of RC4.

09:17 [Pub][ePrint] A comprehensive analysis of game-based ballot privacy definitions, by David Bernhard and Veronique Cortier and David Galindo and Olivier Pereira and Bogdan Warinschi

  We critically survey game-based security definitions for the privacy of voting schemes. In addition to known limitations, we unveil several previously unnoticed shortcomings. Surprisingly, the conclusion of our study is that none of the existing definitions is satisfactory: they either provide only weak guarantees, or can be applied only to a limited class of schemes, or both.

Based on our findings, we propose a new game-based definition of privacy which we call BPRIV. We also identify a new property which we call {\\em strong consistency}, needed to express that tallying does not leak sensitive information. We validate our security notions by showing that BPRIV, strong consistency and strong correctness for a voting scheme imply its security in a simulation-based sense. This result also yields a proof technique for proving entropy-based notions of privacy which offer the strongest security guarantees but are hard

to prove directly: first prove your scheme BPRIV, strongly consistent and strongly correct,

then study the entropy-based privacy of the result function of the election, which is a much easier task.

09:17 [Pub][ePrint] Cryptanalysis of Three Certificate-Based Authenticated Key Agreement Protocols and a Secure Construction, by Yang Lu, Quanling Zhang, Jiguo Li

  Certificate-based cryptography is a new public-key cryptographic paradigm that has very appealing features, namely it simplifies the certificate management problem in traditional public key cryptography while eliminating the key escrow problem in identity-based cryptography. So far, three authenticated key agreement (AKA) protocols in the setting of certificate-based cryptography have been proposed in the literature. Unfortunately, none of them are secure under the public key replacement (PKR) attack. In this paper, we first present a security model for certificate-based AKA protocols that covers the PKR attacks. We then explore the existing three certificate-based AKA protocols and show the concrete attacks against them respectively. To overcome the weaknesses in these protocols, we propose a new certificate-based AKA protocol and prove its security strictly in the random oracle model. Performance comparison shows that the proposed protocol outperforms all the previous certificate-based AKA protocols.

16:16 [Event][New] FPS 2015: 8th International Symposium on Foundations & Practice of Security

  Submission: 14 June 2015
Notification: 17 August 2015
From October 26 to October 28
Location: Clermont-Ferrand, France
More Information:

16:15 [Event][New] PQCrypto 2016: The Seventh International Conference on Post-Quantum Cryptography

  Submission: 7 October 2015
Notification: 20 November 2015
From February 24 to February 26
Location: Fukuoka, Japan
More Information:

20:35 [Job][New] One Postdoc and one PhD studentship, University of Strathclyde, UK

  Applications are invited for a Research Associate (postdoc) position and a PhD studentship.

You will work on the project “Practical Data-intensive Secure Computation: a Data Structural Approach”. This is a 4-year grant funded by the EPSRC. The aim of the project is to investigate how data structures can be used as an efficiency and scalability booster in the context of secure computation. You will design novel cryptographic data structures and associated protocols for efficient secure computation, as well as apply them in domains such as cloud computing and data mining in order to solve real-world security/privacy problems. The project has particular emphasis on putting theory into practice. There will be opportunities to collaborate with industrial research labs and other leading universities.

The RA position (Ref: 15884):

Application Closing Date: Friday, 1 May 2015

The candidate must have:

* a PhD (or equivalent) in a relevant area;

* a strong background in cryptography/security;

* good programming skills (C++/Java, parallel/GPU computing experience is a plus).

* good communication and time management skills.

Experience/knowledge in one or more of the following areas would be desirable but not essential: computer networks, operating systems, databases, statistics and data mining.

More information and online application form:

The PhD Studentship:

Full time, 3 years with a stipend + home fees. Students from outside of EU are eligible but need other funding sources to cover the difference between home fees and overseas fees.

Application Closing Date: until filled

Online Application Form:

The candidate must have:

* a first or upper second class honours degree, or a good master degree in a relevant area;

* good programming skills (C++/Java, parallel/

15:36 [Event][New] BCS 2015: 2nd Conference on Cryptography and Information Theory- BalkanCryptSec 2015

  Submission: 20 June 2015
Notification: 1 August 2015
From September 3 to September 4
Location: Koper, Slovenia
More Information:

12:17 [Pub][ePrint] Collision Attack on 4-branch, Type-2 GFN based Hash Functions using Sliced Biclique Cryptanalysis Technique, by Megha Agrawal and Donghoon Chang and Mohona Ghosh and Somitra Kumar Sanadhya

  In this work, we apply the sliced biclique cryptanalysis

technique to show 8-round collision attack on a hash function H

based on 4-branch, Type-2 Generalized Feistel Network (Type-2 GFN).

This attack is generic and works on 4-branch, Type-2 GFN with any

parameters including the block size, type of round function, the number of S-boxes in each round and the number of SP layers inside the round function. We first construct a 8-round distinguisher on 4-branch, Type-2 GFN and then use this distinguisher to launch 8-round collision attack on compression functions based on Matyas-Meyer-Oseas (MMO) and Miyaguchi-Preneel (MP) modes. The complexity of the attack on 128-bit compression function is 2^56. The attack can be directly translated to collision attack on MP and MMO based hash functions and pseudo-collision attack on Davies-Meyer (DM) based hash functions. When the round function F is instantiated with double SP layer, we show the first 8-round collision attack on 4-branch, Type-2 GFN with double SP layer based compression function. The previous best attack on this structure was a 6-round near collision attack shown by Sasaki at Indocrypt\'12. His attack cannot be used to generate full collisions on 6-rounds and hence our result can be regarded the best so far in literature on this structure.

12:17 [Pub][ePrint] Performance and Security Improvements for Tor: A Survey, by Mashael AlSabah and Ian Goldberg

  Tor [Dingledine et al. 2004] is the most widely used anonymity network today, serving millions of users on a daily basis using a growing number of volunteer-run routers. Since its deployment in 2003, there have been more than three dozen proposals that aim to improve its performance, security, and unobservability. Given the significance of this research area, our goal is to provide the reader with the state of current research directions and challenges in anonymous communication systems, focusing on the Tor network.We shed light on the design weaknesses and challenges facing the network and point out unresolved issues.