International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

15:17 [Pub][ePrint] Accelerating Somewhat Homomorphic Evaluation using FPGAs, by Erd\\.{i}n\\c{c} \\\"{O}zt\\\"{u}rk and Yark{\\i}n Dor\\\"{o}z and Berk Sunar and Erkay Sava\\c{s}

  After being introduced in 2009, the first fully homomorphic encryption (FHE) scheme has created significant excitement in academia and industry. Despite rapid advances in the last 6 years, FHE schemes are still not ready for deployment due to an efficiency bottleneck. Here we introduce a custom hardware accelerator optimized for a class of reconfigurable logic to bring LTV based somewhat homomorphic encryption (SWHE) schemes one step closer to deployment in real-life applications. The accelerator we present is connected via a fast PCIe interface to a CPU platform to provide homomorphic evaluation services to any application that needs to support blinded computations. Specifically we introduce a number theoretical transform based multiplier architecture capable of efficiently handling very large polynomials. When synthesized for the Xilinx Virtex 7 family the presented architecture can compute the product of large polynomials in under $6.25$~msec making it the fastest multiplier design of its kind currently available in the literature and is more than 102 times faster than a software implementation. Using this multiplier we can compute a relinearization operation in $526$ msec. When used as an accelerator, for instance, to evaluate the AES block cipher, we estimate a per block homomorphic evaluation performance of $442$~msec yielding performance gains of $28.5$ and $17$ times over similar CPU and GPU implementations, respectively.

15:17 [Pub][ePrint] Security Analysis of Re-Encryption RPC Mix Nets, by Ralf Kuesters and Tomasz Truderung

  Re-Encryption randomized partial checking (RPC) mix nets were introduced by Jakobsson, Juels, and Rivest in 2002 and since then have been employed in prominent modern e-voting systems and in politically binding elections in order to provide verifiable elections in a simple and efficient way. Being one of or even the most used mix nets in practice so far, these mix nets are an interesting and valuable target for rigorous security analysis.

In this paper, we carry out the first formal cryptographic analysis of re-encryption RPC mix nets. We show that these mix nets, with fixes recently proposed by Khazaei and Wikstr{\\\"o}m, provide a good level of verifiability, and more precisely, accountability: cheating mix servers, who try to manipulate the election outcome, are caught with high probability. Moreover, we show that all attacks that would break the privacy of voters\' inputs are caught with a probability of at least $1/4$. In many cases, for example, when penalties are severe or reputation can be lost, adversaries might not be willing to take this risk, and hence, would behave in a way that avoids this risk. Now, for such a class of ``risk-avoiding\'\' adversaries, we show that re-encryption RPC mix nets provide a good level of privacy, even if only one mix server is honest.

15:17 [Pub][ePrint] The Uniform Distribution of Sequences Generated by Iteration of Polynomials, by Emil Lerner

  Consider a collection $f$ of polynomials $f_i(x)$, $i=1, \\ldots,s$, with integer coefficients such that polynomials $f_i(x)-f_i(0)$, $i=1, \\ldots,s$, are linearly independent. Denote by $D_m$ the discrepancy for the set of points $\\left(\\frac{f_1(x) \\bmod m}{m},\\ldots,\\frac{f_s(x) \\bmod m}{p^n}\\right)$ for all $x \\in \\{0,1,\\ldots,m\\}$, where $m=p^n$, $n \\in N$, and $p$ is a prime number. We prove that $D_m\\to 0$ as $n\\to\\infty$, and $D_m

15:17 [Pub][ePrint] Identity-Based Encryption Secure Against Selective Opening Chosen-Ciphertext Attack, by Junzuo Lai and Robert H. Deng and Shengli Liu and Jian Weng and Yunlei Zhao

  Security against selective opening attack (SOA) requires that in a multi-user setting, even if an adversary has access to all ciphertexts from users, and adaptively corrupts some fraction of the users by exposing not only their messages but also the random coins, the remaining unopened messages retain their privacy. Recently, Bellare, Waters and Yilek considered SOA-security in the identity-based setting, and presented the first identity-based encryption (IBE) schemes that are proven secure against selective opening chosen plaintext attack (SO-CPA). However, how to achieve SO-CCA security for IBE is still open.

In this paper, we introduce a new primitive called extractable IBE, which is a hybrid of one-bit IBE and identity-based key encapsulation mechanism (IB-KEM), and define its IND-ID-CCA security notion. We present a generic construction of SO-CCA secure IBE from an IND-ID-CCA secure extractable IBE with ``One-Sided Public Openability\'\'(1SPO), a collision-resistant hash function and a strengthened cross-authentication code. Finally, we propose two concrete constructions of extractable 1SPO-IBE schemes, resulting in the first simulation-based SO-CCA secure IBE schemes without random oracles.

15:17 [Pub][ePrint] Secure Random Linear Code Based Public Key Encryption Scheme RLCE, by Yongge Wang

  As potential post-quantum cryptographic schemes, lattice based encryption schemes

and linear codes based encryption schemes

have received extensive attention in recent years.

Though LLL reduction algorithm has been one of the major cryptanalysis techniques

for lattice based cryptographic systems, cryptanalysis techniques for linear codes

based cryptographic systems are generally scheme specific. In recent years,

several important techniques such as

Sidelnikov-Shestakov attack and filtration attacks have been

developed to crypt-analyze linear codes based encryption schemes.

Though most of these cryptanalysis techniques

are relatively new, they prove to be very powerful and many systems have been broken

using these techniques. Thus it is important to systematically investigate and

design linear code based cryptographic systems that are immune against these attacks.

This paper proposes linear code based encryption schemes RLCE which share

many characteristics with random linear codes. Our analysis shows

that the scheme RLCE is secure against existing attacks and we expect that

the security of the RLCE scheme is equivalent to the hardness of decoding random linear codes.

15:17 [Pub][ePrint] A Note on the Lindell-Waisbard Private Web Search Scheme, by Zhengjun Cao and Lihua Liu

  In 2010, Lindell and Waisbard proposed a private web search scheme for malicious adversaries. At the end of the scheme, each party obtains one search word and query the search engine with the word. We remark that a malicious party could query the search engine with a false word instead of the word obtained. The malicious party can link the true word to its provider if the party publicly complain for the false searching result. To fix this drawback, each party has to broadcast all shares so as to enable every party to recover all search words and query the search engine with all these words.

We also remark that there is a very simple method to achieve the same purpose of private shuffle. When a user wants to privately query the search engine with a word, he can choose another n-1 padding words to form a group of $n$ words and permute these words randomly. Finally, he queries the search engine with these words.

15:17 [Pub][ePrint] Scalable Divisible E-cash, by Sébastien Canard, David Pointcheval, Olivier Sanders and Jacques Traoré

  Divisible E-cash has been introduced twenty years ago but no construction is both fully secure in the standard model and efficiently scalable. In this paper, we fill this gap by providing an anonymous divisible E-cash construction with constant-time withdrawal and spending protocols. Moreover, the deposit protocol is constant-time for the merchant, whatever the spent value is. It just has to compute and store $2^l$ serial numbers when a value $2^l$ is deposited, compared to $2^n$ serial numbers whatever the spent amount (where $2^n$ is the global value of the coin) in the recent state-of-the-art paper. This makes a very huge difference when coins are spent many times.

Our approach follows the classical tree representation for the divisible coin. However we manage to build the values on the nodes in such a way that the elements necessary to recover the serial numbers are common to all the nodes of the same level: this leads to strong unlinkability and anonymity, the strongest security level for divisible E-cash.

23:25 [Job][New] Software Security Engineer, Oblong Industries

  Oblong Industries

Los Angeles, CA, United States


What would you do: Oblong is looking for a Security Software Engineer responsible for keeping our core product, Mezzanine, secure. This is a high-impact role in charge of enhancing our existing PKI, writing new security related code, auditing existing code and architectures for security flaws, and reviewing new features for security and privacy. You will work closely with many parts of the organization and interact with customers occasionally. Clear communications skills are crucial for this role.


• Develop production-quality code

• Architect and develop security requirements for Mezzanine

• Take responsibility for current PKI and code

• Improve and maintain current Mezzanine security policies and communicate them to other parts of the company

• Keep up-to-date with software vulnerabilities and provide and implement recommendations

• Evaluate third-party security updates


• Substantial experience delivering production-quality, security-related code

• Fluency in C and C++ programming and at least one scripting language

• Proven ability to design security policies and specifications

• Excellent written and verbal communications

• Good understanding of cryptography (symmetric and asymmetric ciphers) and secure protocols (TLS, SRTP)

• Experience with at least one crypto library (e.g. OpenSSL, GnuTLS)

• Good knowledge of PKI and certificate standards

Nice to have:

• Experience working with Open Source projects

• DOD 8570 compliant certification such as CISSP, CISM, CISA or equivalent

Benefits and perks:

• Competitive compensation package of salary and stock options?

• Medical, dental, and vision insurance ?

• 401K plan

• Gourmet lunches 3 days/week

15:39 [Event][New] SPE2015: IEEE 5th International Workshop on Security and Privacy Engineering

  Submission: 14 April 2015
Notification: 24 April 2015
From June 27 to July 2
Location: New York, USA
More Information:

17:55 [Job][New] Marie Sklodowska-Curie Research Fellows in Cryptography (Early Stage Researchers - 2 posts), Royal Holloway, University of London

  The Information Security Group at Royal Holloway, University of London, is seeking to recruit two Marie Sklodowska-Curie Research Fellows in Cryptography to start in September 2015, as part of the ECRYPT-NET project.

ECRYPT-NET is a research network of six universities and two companies that intends to develop advanced cryptographic techniques for the Internet of Things and the Cloud, and to create efficient and secure implementations of those techniques on a broad range of platforms. ECRYPT-NET is funded by a prestigious Marie Sklodowska-Curie ITN (Integrated Training Network) grant. The network will educate a group of 15 PhD students with a set of interdisciplinary skills in the areas of mathematics, computer science and electrical engineering. The training will be provided in an international context that include Summer Schools, workshops and internships. Participants are expected to spend at least six months abroad in a network partner or in one of the seven associated companies. We are looking for highly motivated candidates, ideally with background on cryptology and with proven research abilities.

Two of the ECRYPT-NET ESR (Early Stage Researcher) positions will be based at the Information Security Group at Royal Holloway, to work on the following projects:

(1) Design and analysis of efficient and lightweight authenticated encryption schemes.

(2) Secure outsourcing of computation.

Marie Curie ITN eligibility criteria apply to both of these positions.

Founded in 1990, the Information Security Group at Royal Holloway is a world-leading interdisciplinary research group dedicated to research and education in the area of cyber security, with an extensive and long-standing record of research in cryptography. It has 16 established academics, 11 RAs, and over 50 PhD students. It gained the status of UK Academic Centre of Excellence in Cyber Security Research by EPSRC and GCHQ, and hosts one of the

12:17 [Pub][ePrint] Fully-Dynamic Verifiable Zero-Knowledge Order Queries for Network Data, by Esha Ghosh and Michael T. Goodrich and Olga Ohrimenko and Roberto Tamassia

  We show how to provide privacy-preserving (zero-knowledge) answers to order queries on network data that is organized in lists, trees, and partially-ordered sets of bounded dimension. Our methods are efficient and dynamic, in that they allow for updates in the ordering information while also providing for quick and verifiable answers to queries that reveal no information besides the answers to the queries themselves.