International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

21:17 [Pub][ePrint] McBits: fast constant-time code-based cryptography, by Daniel J. Bernstein and Tung Chou and Peter Schwabe

  This paper presents extremely fast algorithms for code-based

public-key cryptography, including full protection against timing attacks. For example, at a 2^128 security level, this paper achieves a reciprocal decryption throughput of just 60493 cycles (plus cipher cost etc.) on a single Ivy Bridge core. These algorithms rely on an additive FFT for fast root computation, a transposed additive FFT for fast syndrome computation, and a sorting network to avoid cache-timing attacks.

21:17 [Pub][ePrint] A Unified Security Analysis of Two-phase Key Exchange Protocols in TPM 2.0, by Shijun Zhao and Qianying Zhang

  The Trusted Platform Module (TPM) version 2.0 provides an authenticated key exchange functionality by a single key exchange primitive, which can be called to implement three key exchange protocols (denoted as two-phase key exchange protocols in TPM 2.0): the Full Unified Model, the MQV, and the SM2 key exchange protocols. However, some vulnerabilities have been found in all of these protocols. Fortunately, it seems that protections provided by the TPM can deal with vulnerabilities of these protocols. This paper investigates whether the TPM key exchange primitive provides a secure key exchange functionality under protections of the TPM. We first perform an informal analysis of the TPM key exchange primitive which helps us to model in a precise way. Then we formally analyze the TPM key exchange primitive in a security model for AKE, based on which all the protocols adopted by TPM 2.0 can be analyzed in a unified way. Our analysis indicates under what conditions the TPM 2.0 can provide a provable secure key exchange functionality. In the end, we give suggestions on how to leverage the TPM key exchange primitive properly, and suggestions on how to improve the security of current TPM key exchange primitive to enable its wide use in practice.

23:21 [Event][New] ACNS'16: 14th International Conference on Applied Cryptography and Network Security

  Submission: 27 January 2016
Notification: 25 March 2016
From June 19 to June 22
Location: London, UK
More Information:

16:08 [Job][New] Two PhD Positions in Cryptography, University of Bristol

  We are looking for PhD applicants in the areas of practical Multi-Party Computation and in Multi-Linear Maps and associated techniques. The positions include a tax free stipend as well as payment of your tuition fees. The projects are with partners in the USA and so travel to the USA will be a major component of the projects.

Please contact Nigel Smart, as soon as possible, to informally discuss the positions.

16:27 [Job][New] Ph.D. scholarship, University of Bergen

  There is a vacancy for a PhD position at Department of Informatics ( in cryptography. The position is for a fixed-term period of 4 years and within the Simula@UiB group, a joint collaboration in cyber security between UiB and Simula Research Laboratory. Salary at pay grade 50 upon appointment; currently NOK 430,500 gross p.a. Further promotions are made according to length of service in the position.

22:47 [Job][New] Postdoc, Cryptographic Algorithms Group, CISPA, Saarland University, Germany

  The Cryptographic Algorithms Group is offering a 2-year post-doc position. We are part of the Center for IT-Security and Privacy (short: CISPA). The CISPA was founded in October 2011 as a competence center for IT security at Saarland University. It is a joint endeavor of Saarland University (UdS) and its on-site partner institutions: the Max Planck Institute for Informatics (MPI-INF), the Max Planck Institute for Software Systems (MPI-SWS), and the German Research Center for Artificial Intelligence (DFKI).

Requirements: A PhD in cryptography and related areas, excellence in research proven for example by publications in IACR conferences and workshops or venues like IEEE S&P, ACM CCS, NDSS, USENIX Security,…

Applicants interested in the positions should provide the following information in pdf format with the application:

- Research Statement

- CV

- List of publications, mark your top 2

- 2 reference letters

Expected starting date is Nov, 1st.

Cryptographic Algorithms Group:


22:47 [Job][New] Sr. SW Engineer – Security/Applied Cryptography Expert , Aspera - an IBM Company

  Aspera, an IBM Company is profitable, and headquartered in Emeryville, California with satellite offices in the United Kingdom, France and Singapore. Over 3,000 customers across all industries that need to move large volumes of data in industries such as enterprise IT, games and software development, government, legal & eDiscovery, life sciences, media & entertainment and oil & gas rely on Aspera software to move extreme data sets at high-speed over global distances.

• Focus on defining and building out security programs and quality programs

• Develop an analysis framework for vulnerabilities

• Code or help code the security framework components

• Develop patches and new security features to help mitigate security flaws

• Coordinate activities during the deployment of security-relevant features

• Perform security code audits and design reviews

• Architecture, design and coding of Aspera’s end-to-end security framework

• Threat and vulnerability analysis

• Code analysis, scanning

• Pen-test

• Ability to deliver results quickly and efficiently with iterative approache


• Strong software development background - C and C++, systems programming, web application frameworks, JavaScript

• Expert knowledge of applied cryptography and software security

• Ultra familiarity with common software security threats, CWE

• Expert knowledge of applied cryptography and software security

• Proven record - contribution or ownership of security framework design and implementation for large scale software systems

• Authentication and distributed authorization frameworks (SAML, OpenID, OAuth(2))

• Code analysis and scanning tools and processes

• Secure communication protocols, data protection, secure interaction with authentication and authorizations systems, and cloud services (particularly cloud storage)

• To

03:55 [News] Open Letter to the Hon'ble President of India


Open Letter to the Hon'ble President of India

The International Association of Cryptologic Research (IACR) is dismayed by reports of Professor Bimal Roy being dismissed in all but name as Director of the Indian Statistical Institute in Kolkata. Professor Roy has been a driving force in advancing the important field of cryptology in India, elevating its visibility to international level. Cryptology is a prime application of statistical and probabilistic methods.

The IACR confirms that Professor Roy deserves great recognition for his service to India and to the field of cryptology. He devoted his career to strengthening India's standing in this timely, fast advancing field. Removing him from this position one month before the appointment expires is an act that has put India in a shameful and awkward position in front of the international community of cryptology research and of mathematics in general.

The International Association of Cryptologic Research
June 21, 2015

18:17 [Pub][ePrint] How to Securely Prolong the Computational Bindingness of Pedersen Commitments, by Denise Demirel and Jean Lancrenon

  Pedersen commitments are important cryptographic primitives.

They allow a prover to commit to a certain value without revealing

any information about it and without the prover being able to change its mind later on. Since the first property holds unconditionally this is an essential primitive for many schemes providing long-term confidentiality. However, the second property only holds computationally. Hence, in the long run bindingness is lost, making the primitive improper for long-lived systems. Thus in this paper, we describe a protocol that, in a sense, prolongs the bindingness of a given Pedersen commitment. More precisely, we demonstrate how to prove in perfect zero-knowledge that a new Pedersen commitment - generated with a larger security parameter - and a corresponding old commitment both commit to the same value. We stress that this is a non-trivial procedure. Up until now the only known perfect zero-knowledge proof techniques for proving message equivalence of two commitments work when both commitments use isomorphic message spaces. However, as we will show in this work, to prolong the security of Pedersen commitments we cannot tolerate this restriction. Our prolonging technique works for non-isomorphic message spaces, is efficient, can be repeated an arbitrary number of times, maintains

unconditional confidentiality, and allows to preserve the format of

the Pedersen commitments. This makes the construction presented here

an important contribution to long-lived systems. Finally, we illustrate this by discussing how commitments with prolongable bindingness can be used to allow for archiving solutions that provide not only integrity but also confidentiality in the long-term.

18:17 [Pub][ePrint] SIMON and SPECK: Block Ciphers for the Internet of Things, by Ray Beaulieu and Douglas Shors and Jason Smith and Stefan Treatman-Clark and Bryan Weeks and Louis Wingers

  The U.S. National Security Agency (NSA) developed the SIMON and SPECK families of lightweight block ciphers as an aid for securing applications in very constrained environments where AES may not be suitable. This paper summarizes the algorithms, their design rationale, along with current cryptanalysis and implementation results.