International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

10:36 [News] Micali & Reyzin receive inaugural TCC Test-of-Time award


Starting this year, the IACR is introducing an annual TCC Test-of-Time (ToT) award. The award recognizes outstanding papers, published in TCC at least eight years ago, making a significant contribution to the theory of cryptography, preferably with influence also in other area of cryptography, theory, and beyond. The inaugural 2015 TCC ToT award was announced this week at the TCC business meeting in Warsaw. The winners are Silvio Micali and Leonid Reyzin, for their paper "Physically Observable Cryptography" from TCC 2004. The award committee recognized Micali and Reyzin "for pioneering a mathematical foundation of cryptography in the presence of information leakage in physical systems."

For more information about the new Test-of-Time award, including information on nominating a paper, please see the page at

10:23 [News] Message from the IACR President


Dear members of the IACR

With the spring conference season in full swing, you have certainly noticed a few changes in IACR's workshops and conferences.

Online proceedings

The online proceedings of TCC 2015 and PKC 2015 are now available to members via the IACR online library at

Based on IACR's arrangement with Springer, we install access for members to conference proceedings as soon as these are available, which is usually a few weeks before the event. We also implement online access to everyone during the time of the conference and this is valid for a few weeks afterwards. Technically, this uses "referer" authorization, where the general chair includes a link to the online proceedings in the conference website.

In that context, recall that all IACR proceedings four years and older are available as "Gold Open Access" (that is, openly from the publisher's online library), and the younger ones are "Green Open Access."

Submission format:

Compared to when IACR started to publish conference proceedings, authors are nowadays formatting the "final" versions of papers almost by themselves; based on common tools and style files, the result also looks much more uniform than 30 years ago. Discussions among authors, program chairs, the Board of Directors, and conference reviewers during 2014 have now resulted in a change to the "traditional" submission format of N pages, 11pt font, and A4/letter size. For EUROCRYPT and CRYPTO in 2015, the LNCS style of the final version has been preferred or even declared mandatory. As could be expected, this change has created some confusion, but we trust that this was just a transition effect.

The Board, as the representative of all IACR members, acknowledges that there should be continuity across IACR publications. A corresponding policy is being worked out right now and should be adopted uniformly by the community. The main reason to format submissions in the same way as the final accepted version is to make transparent to readers, as well as to reviewers, that the published version and the reviewed version correspond to each other in length and scope. However, no bound on "supplementary material" is foreseen and authors are still strongly encouraged to revise and improve their submissions based on the feedback received.

Parallel sessions:

As explained in my news update from September last year, the Board has asked EUROCRYPT, CRYPTO, and ASIACRYPT to organize parallel sessions for a significant part of the program. EUROCRYPT in Sofia will be the first IACR conference with parallel sessions, and I invite you to check out the program on the website. At the end of this year, we will hold a referendum among the IACR membership for deciding whether the format should be kept like this.

Cryptology Schools:

The Board has approved funding for the following IACR Cryptology Schools:

  1. SAC Summer School (S3). August 10--12, 2015, Sackville, New Brunswick, Canada. Contact: Orr Dunkelman and Liam Keliher
  2. School on Computer-Aided Cryptography: sometime between May 20th and July 10th, 2015, University of Maryland. Contact: Benedikt Schmidt
See the website for more information and other upcoming schools.


Before I close, let me congratulate Craig Gentry for receiving a MacArthur "genius grant" last year, the first member of our community to receive this prestigious award.

The TCC annual Test of Time (ToT) award was presented for the first time during TCC 2015 this week. This award is given to TCC papers of yore that withstood the test of time. The winners were Silvio Micali and Leonid Reyzin, for their paper "Physically Observable Cryptography" from TCC 2004, receiving the award "for pioneering a mathematical foundation of cryptography in the presence of information leakage in physical systems."

Moreover, TCC has decided to shift its date to fall, and the conference will move there in steps, with TCC 2016 being in January. The Board has recently approved the proposal to hold TCC 2016 in January 2016 in Tel Aviv, Israel.

Best regards,

Christian Cachin, IACR President

22:33 [Event][New] Fifteenth IMA International Conference on Cryptography and Coding

  Submission: 26 June 2015
Notification: 28 August 2015
From December 15 to December 17
Location: Oxford, United Kingdom
More Information:

22:48 [Job][New] Marie Sklodowska-Curie Research Fellows in Cryptography (Early Stage Researchers – 2 posts), NXP Semiconductors, Leuven, Belgium


ECRYPT-NET is a European research network that intends to develop advanced cryptographic techniques and implementations for the Internet of Things and the Cloud. The network is currently recruiting a group of 15 PhD students who will be trained in an international context that involves Summer Schools and internships in a company or research organization in a second country. We are looking for highly motivated candidates, ideally with background on cryptology and with proven research abilities.

Two of these PhD students will be based at NXP Semiconductors in Leuven, Belgium. One for research on cryptography for passively powered devices (details: and one for the design of lightweight privacy-preserving authentication mechanisms for the internet of things (details:

NXP Semiconductors is one of the market leaders in providing High Performance Mixed Signal and Standard Product solutions that leverage its leading RF, Analog, PM, Interface, Security, Digital Processing and Manufacturing expertise. NXP’s strong drive for innovation ensures secure identification in a smart connected world. Headquartered in Europe, the company has about 23,000 employees working in more than 25 countries.

The PhD student will, in addition to a supervisor from NXP, be supervised by a member of the Computer Security and Industrial Cryptography group (COSIC) at KU Leuven and closely collaborate with PhD students there; COSIC is within biking distance of the NXP site in Leuven. The research of COSIC has led to important cryptographic advances such as the Rijndael algorithm. The goal of the student is to receive a PhD from the KU Leuven after three years.

Please apply following the instructions in the detailed descriptions (links above).

15:17 [Pub][ePrint] BlindBox: Deep Packet Inspection over Encrypted Traffic, by Justine Sherry and Chang Lan and Raluca Ada Popa and Sylvia Ratnasamy

  Many network middleboxes perform deep packet inspection, a set of useful tasks which examine packet payloads. These tasks include intrusion detection (IDS), exfiltration detection, and parental filtering. However, a long-standing issue is that once packets are sent over https, the middleboxes can no longer accomplish their tasks because the payloads are encrypted. Hence, one is faced with choosing at most one of two desirable properties: the functionality of the middleboxes and the privacy of encryption. We propose BlindBox, a novel system that for the first time enables both properties together. The approach of BlindBox is to perform the deep-packet inspection {\\em directly on the encrypted traffic}. We demonstrate how BlindBox enables applications such as IDS, exfiltration detection and parental filtering; BlindBox supports real rulesets from both open source (Snort) DPI systems as well as rulesets from industrial DPI systems. While BlindBox\'s performance is not yet ready for real deployment, BlindBox is nearly practical and improves performance by more than $10^6$ times as compared to a direct application of cryptography.

15:17 [Pub][ePrint] Password Hashing Competition - Survey and Benchmark, by George Hatzivasilis and Ioannis Papaefstathiou and Charalampos Manifavas

  Password hashing is the common approach for maintaining users\' password-related information that is later used for authentication. A hash for each password is calculated and maintained at the service provider end. When a user logins the service, the hash of the given password is computed and contrasted with the stored hash. If the two hashes match, the authentication is successful. However, in many cases the passwords are just hashed by a cryptographic hash function or even stored in clear. These poor password protection practises have lead to efficient attacks that expose the users\' passwords. PBKDF2 is the only standardized construction for password hashing. Other widely used primitives are bcrypt and scrypt. The low variety of methods derive the international cryptographic community to conduct the Password Hashing Competition (PHC). The competition aims to identify new password hashing schemes suitable for widespread adoption. It started in 2013 with 22 active submissions. Nine finalists are announced during 2014. In 2015, a small portfolio of schemes will be proposed. This paper provides the first survey and benchmark analysis of the 22 proposals. All proposals are evaluated on the same platform over a common benchmark suite. We measure the execution time, code size and memory consumption of PBKDF2, bcrypt, scrypt, and the 22 PHC schemes. The first round results are summarized along with a benchmark analysis that is focused on the nine finalists and contributes to the final selection of the winners.

15:17 [Pub][ePrint] GRECS: Graph Encryption for Approximate Shortest Distance Queries, by Xianrui Meng and Seny Kamara and Kobbi Nissim and George Kollios

  We propose graph encryption schemes that efficiently support approximate shortest distance queries on large-scale encrypted graphs. Shortest distance queries are one of the most fundamental graph operations and have a wide range of applications. Using such graph encryption schemes, a client can outsource large-scale privacy-sensitive graphs to an untrusted server without losing the ability to query it. Other applications include encrypted graph databases and controlled disclosure systems. We propose GRECS (stands for GRaph EnCryption for approximate Shortest distance queries) which includes three schemes that are provably secure against any semi-honest server. Our first construction makes use of only symmetric-key operations, resulting in a computationally-efficient construction. Our second scheme, makes use of somewhat-homomorphic encryption and is less computationally-efficient but achieves optimal communication complexity (i.e., uses a minimal amount of bandwidth). Finally, our third scheme is both computationally- efficient and achieves optimal communication complexity at the cost of a small amount of additional leakage. We implemented and evaluated the efficiency of our constructions experimentally. The experiments demonstrate that our schemes are efficient and can be applied to graphs that scale up to 1.6 million nodes and 11 million edges.

15:17 [Pub][ePrint] The Simplest Protocol for Oblivious Transfer, by Tung Chou and Claudio Orlandi

  Oblivious Transfer (OT) is the fundamental building block of cryptographic protocols. In this paper we describe the simplest and most efficient protocol for $1$-out-of-$2$ OT to date, which is obtained by tweaking the Diffie-Hellman key-exchange protocol. The protocol achieves UC-security against active corruptions in the random oracle model.

Due to its simplicity, the protocol is extremely efficient and it allows to perform $n$ OTs using only:


\\item \\textbf{Computation:} $3n+2$ exponentiations ($2n$ for the receiver, $n+2$ for the sender) and

\\item \\textbf{Communication:} $32(n+1)$ bytes (for the group elements), and $2n$ ciphertexts.


We also report on an implementation of the protocol using elliptic curves (Curve25519), and on a number of mechanisms we employ to ensure that our software is secure against active attacks too.

Experimental results show that our protocol (thanks to both algorithmic and implementation optimizations) is at least one order of magnitude faster than previous work.

15:17 [Pub][ePrint] Improved Top-Down Techniques in Differential Cryptanalysis, by Itai Dinur and Orr Dunkelman and Masha Gutman and Adi Shamir

  The fundamental problem of differential cryptanalysis is to find the highest entries in the Difference Distribution Table (DDT) of a given mapping F over n-bit values, and in particular to find the highest diagonal entries which correspond to the best iterative characteristics of $F$. The standard bottom-up approach to this problem is to consider all the internal components of the mapping along some differential characteristic, and to multiply their transition probabilities. However, this can provide seriously distorted estimates since the various events can be dependent, and there can be a huge number of low probability characteristics contributing to the same high probability entry.

In this paper we use a top-down approach which considers the given mapping as a black box, and uses only its input/output relations in order to obtain direct experimental estimates for its DDT entries which are likely to be much more accurate. In particular, we describe three new techniques which reduce the time complexity of three crucial aspects of this problem: Finding the exact values of all the diagonal entries in the DDT for small values of n, approximating all the diagonal entries which correspond to low Hamming weight differences for large values of $n$, and finding an accurate approximation for any $DDT$ entry whose large value is obtained from many small contributions. To demonstrate the potential contribution of our new techniques, we apply them to the SIMON family of block ciphers, show experimentally that most of the previously published bottom-up estimates of the probabilities of various differentials are off by a significant factor, and describe new differential properties which can cover more rounds with roughly the same probability for several of its members. In addition, we show how to use our new techniques to attack a 1-key version of the iterated Even-Mansour scheme in the related key setting, obtaining the first generic attack on 4 rounds of this well-studied construction.

15:17 [Pub][ePrint] Ideal Multilinear Maps Based on Ideal Lattices, by Gu Chunsheng

  Cryptographic multilinear maps have found many applications, such as multipartite Diffie-Hellman key exchange, general software obfuscation. However, currently only three constructions are known, and are \"noisy\" and bounded to polynomial degree. In this paper, we describe constructions of ideal multilinear maps using ideal lattices, which support arbitrary multilinearity levels. The security of our construction depends on hardness assumption over ideal lattices. Moreover, we describe one-round multipartite Diffie-Hellman key exchange protocols by using our construction.