International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

16:28 [Event][New] TRUDEVICE: 4th Workshop on Secure Hardware and Security Evaluation

  Submission: 31 May 2015
Notification: 13 July 2015
From September 17 to September 17
Location: Saint-Malo, France
More Information:

09:17 [Pub][ePrint] Accelerating SWHE based PIRs using GPUs, by Wei Dai, Yarkın Dor\\\"{o}z and Berk Sunar

  In this work we focus on tailoring and optimizing the computational Private Information Retrieval (cPIR) scheme proposed in WAHC 2014 for efficient execution on graphics processing units (GPUs). Exploiting the mass parallelism in GPUs is a commonly used approach in speeding up cPIRs. Our goal is to eliminate the efficiency bottleneck of

the Dor\\\"{o}z et al construction which would allow us to take advantage of its excellent bandwidth performance. To this end, we develop custom code to support polynomial ring operations and extend them to realize the evaluation functions in an optimized manner on high end GPUs. Specifically, we develop optimized CUDA code to support large degree/large

coefficient polynomial arithmetic operations such as modular multiplication/reduction, and modulus switching. Moreover, we choose same prime numbers for both the CRT domain representation of the polynomials and for the modulus switching implementation of the somewhat homomorphic encryption scheme. This allows us to combine two arithmetic domains, which reduces the number of domain conversions and permits us to perform faster arithmetic. Our implementation achieves 14-34 times speedup for index comparison and 4-18 times speedup for data aggregation compared to a pure CPU software implementation.

tion compared to a pure CPU software implementation.

09:17 [Pub][ePrint] Multilinear Maps Using Random Matrix, by Gu Chunsheng

  Garg, Gentry and Halevi (GGH) described the first candidate multilinear maps using ideal lattices. However, Hu and Jia presented an efficient attack on GGH map, which breaks two applications of multipartite key exchange (MPKE) and witness encryption (WE) based on the hardness of 3-exact cover problem by using GGH. We describe a new construction of multilinear map using random matrix, which supports the applications for public tools of encoding in the origin GGH, such as MPKE and WE. The security of our construction depends upon new hardness assumption. Furthermore, our construction removes the special structure of the ring element in the principal ideal lattice problem, and avoids potential attacks generated by algorithm of solving short principal ideal lattice generator.

17:16 [Job][New] Senior Software / Principal - Security, Apcera - Hybrid Cloud Start-Up San Francisco, CA

  Apcera is disrupting the world of IT with the world’s first OS for the Hybrid Cloud. Our Hybrid Cloud OS has policy and governance built in at the core, allowing IT organizations and developers alike to safely and easily develop, deploy, orchestrate and govern any imaginable workload — apps, services, Docker containers, OS’s — either on premise or in any cloud, public or private, in a friction-free and trusted fashion.

Based in SOMA in SF and led by CEO Derek Collison, Apcera has substantial backing from Ericsson, the global technology, cloud and mobile giant headquartered in Sweden. Join us and help build the world\'s first Hybrid Cloud OS.

As a Security Architect at Apcera, you will oversee the security protocols in use inside and outside the Continuum platform, inform choices for security technologies and policies and review code for secure practices and patterns. You will lead efforts to infiltrate Apcera’s security controls, you will work within the Go community, the open source cryptographic community and with security leaders in the industry to improve and harden the Continuum platform.


Bachelor’s degree in Computer Science or equivalent experience with security technologies

Minimum of 7 years software development experience in a combination of any of the following languages: GO, C, C++, Java, C#, Python or Ruby

Minimum of 5 years’ experience working with Linux operating system development

Minimum 2 years in security engineering, crypto, policy, auth or related technologies

Understanding of the basic underpinnings of cryptographic technologies, authentication, authorization and distributed trust

Understanding about how Kerberos authentication works

Experience with techniques for escalating privilege

Knowledge about how basic cryptographic technologies relate to the design of OpenPGP and X.509 PKIX

In-depth knowledge of security

17:15 [Job][New] Lecturer, University of Cape Town


The Department of Mathematics and Applied Mathematics at the University of Cape Town is a large and dynamic establishment with over thirty faculty members. We seek to make one new appointment in Mathematics or Applied Mathematics at the level of Lecturer. Applications in all areas of Mathematics and Applied Mathematics will be considered.

Requirements include: A PhD in the mathematical sciences. (Scientific publications, postdoc, teaching experience and student supervision are all advantageous.)

Responsibilities include: Teaching and developing undergraduate as well as postgraduate courses in mathematics (within and beyond the science faculty). Developing and pursuing an active research program, which includes student supervision. Course convening, departmental and faculty administrative duties.

The annual remuneration package for 2015, including benefits: R528 275.

To apply, please e-mail the below documents in a single pdf file to Ms Edith Graham at recruitment04 (at)

- UCT Application Form (download at

- Full Curriculum Vitae (CV)

- A clearly articulated statement describing their teaching experience and philosophy (applies to both positions), and a research statement (applies to standard academic position)

Please ensure the title and reference number are indicated in the subject line.

An application which does not comply with the above requirements will be regarded as incomplete.

You can also write to Dr Christine Swart at christine.swart (at) for more information on the department.

Telephone: +27 21 650 5405


Reference number: E15074

Closing date: 05 June 2015

15:17 [Pub][ePrint] Generic Conversions from CPA to CCA secure Functional Encryption, by Mridul Nandi and Tapas Pandit

  In 2004, Canetti-Halevi-Katz and later Boneh-Katz showed generic CCA-secure PKE constructions from a CPA-secure IBE. Goyal et al. in 2006 further extended the aforementioned idea implicitly to provide a specific CCA-secure KP-ABE with policies represented by monotone access trees. Later, Yamada et al. in 2011 generalized the CPA to CCA conversion to all those ABE, where the policies are represented by either monotone access trees (MAT) or monotone span programs (MSP), but not the others like sets of minimal sets. Moreover, the underlying CPA-secure constructions must satisfy one of the two features called {\\em key-delegation} and {\\em verifiability}. Along with ABE, many other different encryptions schemes, such as inner-product, hidden vector, spatial encryption schemes etc. can be studied under an unified framework, called {\\em functional encryption} (FE), as introduced by Boneh-Sahai-Waters in 2011. The generic conversions, due to Yamada et al., can not be applied to all these functional encryption schemes. On the other hand, to the best of our knowledge, there is no known CCA-secure construction beyond ABE over MSP and MAT. This paper provides different ways of obtaining CCA-secure functional encryptions of almost all categories. In particular, we provide {\\bf a generic conversion from a CPA-secure functional encryption into a CCA-secure functional encryption} provided the underlying CPA-secure encryption scheme has either restricted delegation or verifiability feature. We observe that almost all functional encryption schemes have this feature. The KP-FE schemes of Waters (proposed in 2012) and Attrapadung (proposed in 2014) for regular languages do not possess the usual delegation property. However, they can be converted into corresponding CCA-secure schemes as they satisfy the {\\em restricted delegation}.

15:17 [Pub][ePrint] A HYBRID APPROACH FOR THE SECURE TRANSMISSION OF H.264/AVC VIDEO STREAMS, by Sheena Sathyan and Shaji R S Professor

  In order to keep privacy and to maintain security of a data; it was necessary to keep the data in hidden manner or in a crypt format. The proposed work describes the encryption and data hiding techniques for an H.264/ AVC video in a cloud environment. And it clearly specifies how the integrity of the data should be relevant enough in an unsecured and constrained communication medium. The proposed scheme is based on the stream cipher, RC4 encryption; while encrypting a data, it is necessary to transfer the encryption keys in a secure manner for that the public key cryptosystem is proposed for the efficient key transferring. It also explains about the data embedding via compound mapping method in order secure the original video content, and then generating the hash value for the embedded data which may contain the encrypted video content, in order to check the integrity of the data. And at the receiver end, the processes; the verification of the hash value, the decryption and extraction of the video content may be done in an efficient manner. The results may clearly shows the size of the video is strictly preserved even after the encryption and the embedding techniques.

15:17 [Pub][ePrint] Improved Integral Cryptanalysis of Feistel Structures, by Bing Sun and Xin Hai and Lei Cheng and Zhichao Yang and Wenyu Zhang

  Feistel structure is among the most popular choices for designing ciphers. Recently, 3-round/5-round integral distinguishers for Feistel structures with non-bijective/bijective round functions are presented. At EUCRYPT 2015, Todo proposed the Division Property to effectively construct integral distinguishers for both Feistel and SPN structures. In this paper, firstly, it is proved that if a subset X of F_2^n has the division property D_k^n, the number of elements in X is at least 2^k, based on which we can conclude that if a multi-set X has the division property D_n^n, it is in some sense equivalent to either F_2^n or the empty set. Secondly, let d be the algebraic degree of the round function F of a Feistel structure. If d\\le n-1, the corresponding integral distinguishers are improved as follows: there exists a 3-round integral distinguisher with at most 2^n chosen plaintexts and a 4-round integral distinguisher with at most 2^{2n-2} chosen plaintexts. These results can give new insights to both the division property and Feistel structures.

15:17 [Pub][ePrint] Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab, by Kevin Delmolino, Mitchell Arnett, Ahmed Kosba, Andrew Miller, and Elaine Shi

  This paper describes a smart contract programming lab conducted in our undergraduate security class at the University of Maryland. Through our experiences, we have gained various insights on why it is difficult to create a safe smart contract. This lab also led to new insights for cybersecurity education.

15:17 [Pub][ePrint] Cryptanalysis of the multilinear map on the ideal lattices, by Jung Hee Cheon and Changmin Lee

  We improve the zeroizing attack on the multilinear map of Garg, Gentry and Halevi (GGH). Our algorithm can solve the Graded Decisional Diffie-Hellman (GDDH) problem on the GGH scheme when the dimension n of the ideal lattice Z[X]/(X^n+1) is O(kappa lambda^2) as suggested for the kappa-linear GGH scheme.

The zeroizing attack is to recover a basis of an ideal generated by a secret element g in Z[X]/(X^n+1) from the zero testing parameter and several encodings in public.

It can solve the DLIN and subgroup decision problems, but not the GDDH problem on the GGH scheme for the suggested dimension n due to the hardness of the smallest basis problem and the shortest vector problem on the ideal lattice. In this paper, we propose an algorithm to find a short vector in the ideal lattice (g) by applying a lattice reduction to a sublattice obtained from the Hermit Normal Form of (g). This attack utilizes that the determinant of the lattice (g) is not large.

We further show that if (g) has a large residual degree, one can find a short element of (g) in polynomial time of n.

In order to resist the proposed attacks, it is required that n= Omega tilde(kappa^2 lambda^3) and the positive generator of (g) intersection with Z is large enough.

11:44 [Job][New] Research Associate in Information Assurance, University of Luxembourg

  The Applied Security and Information Assurance Research Group – APSIA – has around 20 members and is headed by Professor Peter Y.A. Ryan. APSIA specialises in the mathematical foundations of information assurance: the mathematical modelling and analysis of information flows, the design and analysis of cryptographic primitives and protocols (both classical and quantum), secure verifiable voting systems, and anonymous marking systems and game-theoretic analysis of non-interference and coercion-resistance. The group has expertise in both the symbolic (formal methods) and the computational (“provable security”) styles of analysis and is investigating the links and synergies between them.

Role: to contribute to the research goals of the group, as outlined above. Expertise outside those listed above, but complementary will also be considered.