International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

21:17 [Pub][ePrint] Quantum homomorphic encryption for circuits of low $T$-gate complexity, by Anne Broadbent and Stacey Jeffery

  Fully homomorphic encryption is an encryption method with the property that any computation on the plaintext can be performed by a party having access to the ciphertext only.

Here, we formally define and give schemes for \\emph{quantum} homomorphic encryption, which is the encryption of \\emph{quantum} information such that \\emph{quantum} computations can be performed given the ciphertext only. Our schemes allow for arbitrary Clifford group gates, but become inefficient for circuits with

large complexity, measured in terms of the non-Clifford portion of the circuit (we use the ``$\\pi/8$\'\' non-Clifford group gate, also known as the $T$-gate).

More specifically, two schemes are proposed: the first scheme has a decryption procedure whose complexity scales with the square of the \\emph{number} of $T$-gates (compared with a trivial scheme in which the complexity scales with the total number of gates); the second scheme

uses a quantum evaluation key of length given by a polynomial of degree exponential in the circuit\'s

$T$-gate depth, yielding a homomorphic scheme for quantum circuits with constant $T$-depth. Both schemes build on a classical fully homomorphic encryption scheme.

A further contribution of ours is to formally define the security of encryption schemes for quantum messages: we define \\emph{quantum indistinguishability under chosen plaintext attacks} in both the public- and private-key settings. In this context, we show the equivalence of several definitions.

Our schemes are the first of their kind that are secure under modern cryptographic definitions, and can be seen as a quantum analogue of classical results establishing homomorphic encryption for circuits with a limited number of \\emph{multiplication} gates. Historically, such results appeared as precursors to the breakthrough result establishing classical fully homomorphic encryption.

04:08 [Event][New] PRIVAGEN 2015: Privacy-Aware Computational Genomics 2015

  Submission: 30 June 2015
Notification: 20 July 2015
From September 8 to September 8
Location: Tokyo, Japan
More Information:

21:17 [Forum] [2014 Reports] 2015/468 FHE for plaintexts from Z_p, with prime p, do not work? by movax

  From: 2015-11-06 21:11:12 (UTC)

17:37 [Event][New] PETS: Privacy Enhancing Technologies Symposium (PETS)

  From June 30 to July 2
Location: PHILADELPHIA, United States
More Information:

15:16 [Job][New] Doctoral Research Fellows, University of Passau

  Two 0.5 full-time equivalent (FTE) positions are offered as part of the DFG funded project Algebraic Fault Attacks.

These positions are remunerated pro rata at salary band E13 of the German public-sector wage agreement (TV-L E13). Candidates may combine these positions with one 0.25 FTE teaching assistantship each.

The successful candidates will participate in an area of the project which uses Computer Algebra techniques and their integration with SAT solvers to break cryptographic hardware primitives based on the information obtained from fault attacks. The interdisciplinary, state-of-the-art approach requires rigorous and broad-based mathematical knowledge and an openness towards computer science methods.

Detailed job requirements are listed in the link below.

06:37 [Job][New] Post-Doc, Ruhr University Bochum

  The Ruhr University Bochum is offering a 2-year post-doc position in theoretical cryptography, working on the ERC project \"Efficient Resource Constrained Cryptography\". Required is a PhD in cryptography and excellence in research, proven for example by publications in IACR conferences and workshops.

Applicants interested in the positions should provide the following information in pdf format with the application:

- Motivation letter

- CV

- List of publications, mark your top 2

This position will be filled as soon as possible, late applications will be considered.

06:37 [Job][New] PhD Research Fellowship in Secure Networking Technologies, Norwegian University of Science and Technology (NTNU), Trondheim, Norway

  The researcher will work on a project entitled “Securing emerging network technologies with homomorphic encryption”. The overall aim of the project is to design methods for secure processing of network data in emerging networks using practical variants of homomorphic encryption. Recent advances in cryptography will be applied to secure the virtualization of the ICT infrastructure (such as “cloud” processing and storage) and new flexible networking technologies such as software defined networks (SDN) and network function virtualization (NFV). Work tasks will include: analysis of suitable network functions for homomorphic processing; analysis of practical homomorphic encryption algorithms; secure protocol design and analysis; and experimental implementations.

14:44 [Event][New] CT-RSA'16: RSA Conference 2016 Cryptographer's Track

  Submission: 7 September 2015
Notification: 12 November 2015
From February 29 to March 4
Location: San Francisco, USA
More Information:

15:06 [Event][New] ICISSP 2016: 2nd International Conference on Information Systems Security and Privacy

  Submission: 9 September 2015
Notification: 26 November 2015
From January 19 to February 21
Location: Rome, Italy
More Information:

00:17 [Pub][ePrint] Security of Full-State Keyed and Duplex Sponge: Applications to Authenticated Encryption, by Bart Mennink and Reza Reyhanitabar and Damian Vizár

  We provide a security analysis for full-state keyed Sponge and full-state Duplex constructions. Our results can be used for making a large class of Sponge-based authenticated encryption schemes more efficient by concurrent absorption of associated data and message blocks. In particular, we introduce and analyze a new variant of SpongeWrap with almost free authentication of associated data. The idea of using full-state message absorption for higher efficiency was first made explicit in the Donkey Sponge MAC construction, but without any formal security proof. Recently, Gazi, Pietrzak and Tessaro (CRYPTO 2015) have provided a proof for the fixed-output-length variant of Donkey Sponge. Yasuda and Sasaki (CT-RSA 2015) have considered partially full-state Sponge-based authenticated encryption schemes for efficient incorporation of associated data. In this work, we unify, simplify, and generalize these results about the security and applicability of full-state keyed Sponge and Duplex constructions; in particular, for designing more efficient authenticated encryption schemes. Compared to the proof of Gazi et al., our analysis directly targets the original Donkey Sponge construction as an arbitrary-output-length function. Our treatment is also more general than that of Yasuda and Sasaki, while yielding a more efficient authenticated encryption mode for the case that associated data might be longer than messages.

00:17 [Pub][ePrint] Improved Side-Channel Analysis of Finite-Field Multiplication, by Sonia Belaïd and Jean-Sébastien Coron and Pierre-Alain Fouque and Benoît Gérard and Jean-Gabriel Kammerer and Emmanuel Prouff

  A side-channel analysis of multiplication in GF(2^{128}) has recently been published by Belaïd, Fouque and Gérard at Asiacrypt 2014, with an application to AES-GCM. Using the least significant bit of the Hamming weight of the multiplication result, the authors have shown how to recover the secret multiplier efficiently. However such least significant bit is very sensitive to noise measurement; this implies that without averaging their attack can only work for high signal-to-noise ratios (SNR > 128). In this paper we describe a new side-channel attack against the multiplication in GF(2^{128}) that uses the most significant bits of the Hamming weight. We show that much higher values of noise can be then tolerated. For instance with an SNR equal to 8, the key can be recovered using 2^{20} consumption traces with time and memory complexities respectively equal to 2^{51.68} and 2^{36}. We moreover show that the new method can be extended to attack the fresh re-keying countermeasure proposed by Medwed, Standaert, Großschädl and Regazzoni at Africacrypt 2010.