International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2015-05-12
14:00 [News] A survey on the Helios e-voting system

  Dear IACR Member,

We are conducting a study on the verifiability aspects of e-voting and specifically the verifiability features of Helios, the system used in IACR elections. It will only take a couple of seconds to complete the survey.

https://www.surveymonkey.com/s/3C7YCGL

The results and analysis of the survey will be made available to the community. The study is conducted by the U. of Athens Crypto.Sec group http://crypto.di.uoa.gr No personal information of any form is collected in this study.

IACR webmaster




2015-05-11
17:24 [Conf][TCC] TCC 2016 CFP released

  The Thirteen Theory of Cryptography Conference will be held in Tel-Aviv, Israel, sponsored by the International Association for Cryptologic Research (IACR). Papers presenting original research on foundational and theoretical aspects of cryptography are sought.
  • Submission Deadline: 5:00 pm EDT July 13, 2015
  • Notification of Decision: October 2nd, 2015
  • Proceedings Version Due: October 26, 2015 (2PM EDT)
  • Conference: January 10-13, 2016
More details: http://www.cs.tau.ac.il/conferences/tcc2016/call_for_papers.html


17:15 [Job][New] Professor in Cyber Security / Cyber Crime, Newcastle University, UK

  The School of Computing Science at Newcastle University has been awarded the status of Centre of Excellence in Cyber Security Research by GCHQ/EPSRC and is investing significantly in its research in cyber security and cybercrime. A lectureship position is associated with this professorial post and once a Professor has been appointed, we will work with them to appoint a lecturer in the field.

The research in cyber security in Newcastle has recently received significant research grants and has particular strengths in interdisciplinary and crime research. To continue building these research strengths, we are looking for an outstanding computer scientist with an excellent track record of research leadership in an area related to cyber security and cybercrime. This includes, computer security, computer and cyber forensics, cybercrime and human factors of security and privacy.

The School of Computing Science at Newcastle University is one of the strongest computer science Schools in the UK and in the 2014 REF was ranked 1st in the UK for the economic and social impact of its research. With an exciting, £58m development new building in Science Central and two centres for doctoral training, providing one hundred PhD students in the coming five years, including topics relevant to security, this is a great time to join the School.

17:15 [Job][New] Senior Engineer - Applied Cryptography, Centre for Secure Information Technologies (CSIT), Queen’s University Belfast, UK

  Applications are invited for Senior Engineer positions in Applied Cryptography within the Centre for Secure Information Technologies (CSIT), Queen’s University Belfast. CSIT is one of the UK’s lead Universities for cyber security research. It was awarded Academic Centre of Excellence in Cyber Security Research (ACE-CSR) status in 2012 by the UK’s GCHQ, in partnership with the Research Councils’ Global Uncertainties Programme (RCUK). There are currently 80 staff and researchers at CSIT, made up of academics, research assistants, engineers, PhD students and commercial staff. CSIT has a strong emphasis on internationally leading research with a focus on innovation and commercialisation. Stakeholders in CSIT include several major companies (Cisco, Thales, BAE Systems, Infosys, McAfee, IBM, Roke, Altera) and UK government agencies with a strong interest in this area. More details about CSIT are available on the website http://www.csit.qub.ac.uk/.

Applicants must have at least a 2:1 Honours Degree (or equivalent) in Electrical and Electronics Engineering, Computer Science, Mathematics or closely related discipline. Applicants must have significant R&D or industrial experience in data security/cryptography. Familiarity with cryptographic theory and cryptographic hardware and/or software design is essential, while knowledge of quantum-safe cryptography, physical unclonable functions and/or side channel analysis is desirable



17:14 [Job][New] Ph.D. Scholarship funded by the Royal Society of UK, Cryptography, Security, and Privacy Research Group, Koç University, ?stanbul, Turkey

  Cryptography, Security & Privacy Research Group at Koç University is looking for exceptional Ph.D. students for a password based authentication project funded by the Royal Society of UK. The student will be registered to Koç University, but will also work jointly with Emiliano De Cristofaro at University College London. The student will visit University College London multiple times. The position may start immediately.

For more information about our group and projects, visit

http://crypto.ku.edu.tr

For applying online, and questions about the application-process, visit

http://gsse.ku.edu.tr

For research questions, contact Asst. Prof. Alptekin Küpçü

http://home.ku.edu.tr/~akupcu



17:14 [Job][New] Ph.D. / M.Sc. Scholarships, Cryptography, Security, and Privacy Research Group, Koç University, ?stanbul, Turkey

  Cryptography, Security & Privacy Research Group at Koç University has multiple openings for both M.Sc. and Ph.D. level applications. All accepted applicants will receive competitive scholarships including tuition waiver, housing, monthly stipend, computer, travel support , etc.

For more information about our group and projects, visit

http://crypto.ku.edu.tr

For applying online, and questions about the application-process, visit

http://gsse.ku.edu.tr

For summer internship opportunities, visit

http://kusrp.ku.edu.tr

For research questions, contact Asst. Prof. Alptekin Küpçü

http://home.ku.edu.tr/~akupcu



17:13 [Event][New] SPC: First Workshop on Security and Privacy in the Cloud

  From September 30 to September 30
Location: Florence, Italy
More Information: http://www.zurich.ibm.com/spc2015/


17:13 [Event][New] SWJ'15: Scientific World Journal, special issue on Physical Cryptanalysis

  Submission: 29 May 2015
Notification: 21 August 2015
From January 1 to October 16
More Information: http://www.hindawi.com/journals/tswj/si/324049/cfp/


09:17 [Pub][ePrint] A Comment on Gu Map-1, by Yupu Hu and Huiwen Jia

  Gu map-1 is a modified version of GGH map. It uses same ideal lattices for constructing the trapdoors, while the novelty is that no encodings of zero are given. In this short paper we show that Gu map-1 cannot be used for the instance of witness encryption (WE) based on the hardness of 3-exact cover problem. That is, if Gu map-1 is used for such instance, we can break it by solving a combined 3-exact cover problem. The reason is just that no encodings of zero are given.





2015-05-10
09:17 [Pub][ePrint] A New Model for Error-Tolerant Side-Channel Cube Attacks, by Zhenqi Li and Bin Zhang and Junfeng Fan and Ingrid Verbauwhede

  Side-channel cube attacks are a class of leakage attacks on block ciphers in which the attacker is assumed to have access to some leaked information on the internal state of the cipher as well as the plaintext/ciphertext pairs. The known Dinur-Shamir model and its variants require error-free data for at least part of the measurements. In

this paper, we consider a new and more realistic model which can deal with the case when \\textit{all} the leaked bits are noisy. In this model, the key recovery problem is converted to the problem of decoding a binary linear code over a binary symmetric channel with the crossover probability which is determined by the measurement quality and the cube size. We use the maximum likelihood decoding method to recover the key. As a case study, we demonstrate efficient key recovery attacks on PRESENT. We show that the full $80$-bit key can be restored with $2^{10.2}$ measurements with an error probability of $19.4\\%$ for each measurement.





2015-05-09
18:17 [Pub][ePrint] Individualizing Electrical Circuits of Cryptographic Devices as a Means to Hinder Tampering Attacks, by Zoya Dyka, Thomas Basmer, Christian Wittke and Peter Langendoerfer

  Side channel and fault attacks take advantage from the fact that the behavior of crypto implementations can be observed and provides hints that simplify revealing keys. In a real word a lot of devices, that are identical to the target device, can be attacked before attacking the real target to increase the success of the attack. Their package can be opened and their electromagnetic radiation and structure can be analyzed. Another example of how to improve significantly the success rate of attacks is the measurement of the difference of the side channel leakage of two identical devices, one of these devices being the target, using the Wheatstone bridge measurement setup. Here we propose to individualize the electrical circuit of cryptographic devices in order to prevent attacks that use identical devices: attacks, that analyze the structure of devices identical to the target device in a preparation phase; usual side channel attacks, that use always the same target device for collecting many traces, and attacks that use two identical devices at the same time for measuring the difference of side-channel leakages. The proposed individualization can prevent such attacks because the power consumption and the electromagnetic radiation of devices with individualized electrical circuit are individualized while providing the same functionality. We implemented three individualized ECC designs that provide exactly the same cryptographic function on a Spartan-6 FPGA. These designs differ from each other in a single block only, i.e. in the field multiplier. The visualization of the routed design and measurement results show clear differences in the topology, in the resources consumed as well as in the power and electromagnetic traces. We show that the influence of the individualized designs on the power traces is comparable with the influence of inputs. These facts show that individualizing of electrical circuits of cryptographic devices can be exploited as a protection mechanism. We envision that this type of protection mechanism is relevant if an attacker has a physical access to the cryptographic devices, e.g. for wireless sensor networks from which devices can easily be stolen for further analysis in the lab.