International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

20:15 [Job][New] Post.doc., Norwegian University of Science and Technology (NTNU), Trondheim, Norway

  Malicious cryptography is about using cryptography for cyber attacks. We have already seen applications of malicious cryptography in so-called ransomware. Sophisticated attackers may want to use cryptography to hide an attack, the target of the attack, the source of the attack or to protect attack infrastructure (botnets).

The project goal is not to design sophisticated malware, but to understand the possible threats that we need to defend against.

18:17 [Pub][ePrint] The Simeck Family of Lightweight Block Ciphers, by Gangqiang Yang and Bo Zhu and Valentin Suder and Mark D. Aagaard and Guang Gong

  Two lightweight block cipher families, SIMON and SPECK, have been proposed by researchers from the NSA recently. In this paper, we introduce Simeck, a new family of lightweight block ciphers that combines the good design components from both SIMON and SPECK, in order to devise even more compact and efficient block ciphers. For Simeck32/64, we can achieve 505 GEs (before the Place and Route phase) and 549 GEs (after the Place and Route phase), with the power consumption of 0.417 $\\mu W$ in CMOS 130nm ASIC, and 454 GEs (before the Place and Route phase) and 488 GEs (after the Place and Route phase), with the power consumption of 1.292 $\\mu W$ in CMOS 65nm ASIC. Furthermore, all of the instances of Simeck are smaller than the ones of hardware-optimized cipher SIMON in terms of area and power consumption in both CMOS 130nm and CMOS 65nm techniques. In addition, we also give the security evaluation of Simeck with respect to many traditional cryptanalysis methods, including differential attacks, linear attacks, impossible differential attacks, meet-in-the-middle attacks, and slide attacks. Overall, all of the instances of Simeck can satisfy the area, power, and throughput requirements in passive RFID tags.

18:17 [Pub][ePrint] Accountable Authority Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability and Public Auditing in the Cloud, by Jianting Ning, Xiaolei Dong, Zhenfu Cao and Lifei Wei

  As a sophisticated mechanism for secure fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) is a highly promising solution for commercial applications such as cloud computing. However, there still exists one major issue awaiting to be solved, that is, the prevention of key abuse. Most of the existing CP-ABE systems missed this critical functionality, hindering the wide utilization and commercial application of CP-ABE systems to date. In this paper, we address two practical problems about the key abuse of CP-ABE: (1) The key escrow problem of the semi-trusted authority; and, (2) The malicious key delegation problem of the users. For the semi-trusted authority, its misbehavior (i.e., illegal key (re-)distribution) should be caught and prosecuted. And a user, his/her malicious behavior (i.e., illegal key sharing) need be traced. We affirmatively solve these two key abuse problems by proposing the first accountable authority CP-ABE with white-box traceability that supports policies expressed in any monotone access structures. Moreover, we provide an auditor to judge publicly whether a suspected user is guilty or is framed by the authority.

18:17 [Pub][ePrint] Bit Security of the Hyperelliptic Curves Diffie-Hellman Problem, by Fangguo Zhang

  The Diffie-Hellman problem as a cryptographic primitive plays an important role in modern cryptology. The Bit Security or Hard-Core Bits of Diffie-Hellman problem in arbitrary finite cyclic group is a long-standing open problem in cryptography. Until now, only few groups have been studied. Hyperelliptic curve cryptography is an alternative to elliptic curve cryptography. Due to the recent cryptanalytic results that the best known algorithms to attack hyperelliptic curve cryptosystems of genus $g

16:29 [Job][New] Ph.D. scholarship, Institute of Computer Science, Polish Academy of Sciences, POLAND

  We offer two, 3-year Ph.D. scholarships in area of design and cryptanalysis of authenticated encryption schemes.

Working place: Kielce, POLAND

In the second part of the scholarship timeline, it may be possible to continue research in Australia, under supervision of Josef Pieprzyk, QUT, Brisbane.

21:24 [Event][New] FC '16: Financial Cryptography and Data Security 2016

  Submission: 2 October 2015
Notification: 22 November 2015
From February 22 to February 26
Location: Rockley, Christ Church, Barbados
More Information:

21:17 [Pub][ePrint] A Secure Oblivious Transfer Protocol from Indistinguishing Obfuscation, by Mei Wang, Zheng Yuan,Xiao Feng

  We proposed a new secure oblivious transfer protocol from indistinguishability obfuscation in this paper. Our main technical tool

is the candidate indistinguishability obfuscation introduced in [1] and

a dual-mode cryptosystem proposed in [2]. Following their steps, we

presents a new k-out-of-l oblivious transfer protocol, its realization from

DDH is described in this paper, in which we combined indistinguishability obfuscation with the dual-mode cryptosystem. The security of our

scheme mainly relies on the indistinguishability of the obf-branches ( corresponding to the two modes in dual-mode model). Our paper explores

a new way for the application of indistinguishability obfuscation.

21:17 [Pub][ePrint] Combined Side-Channel and Fault Analysis Attack on Protected Grain Family of Stream Ciphers, by Abhishek Chakraborty and Bodhisatwa Mazumdar and Debdeep Mukhopadhay

  In this paper, we first demonstrate a new Differential Power Analysis (DPA) attack technique against the Grain family of stream ciphers (Grain v1 and Grain-128) by resynchronizing the cipher multiple times with the same value of the secret \\emph{key} and randomly generated different initialization vectors (IVs). Subsequently, we develop a combined side channel and fault analysis attack strategy targeting various fault attack countermeasures for the Grain cipher family.

We considered clock glitch induced faults occurring in practice for a hardware implementation of the cipher to devise our novel attack technique. Our proposed combined attack strategy works well even if the \\emph{useful} ciphertexts are not available to the adversary.

Further, the power trace classifications of a Grain cipher implementation on SASEBO G-II standard side channel evaluation board is shown in order to validate our proposed attack against the cipher.

The captured power traces were analyzed using Least Squares Support Vector Machine (LS-SVM) learning algorithm based multiclass classifiers to classify the power traces into the respective

Hamming distance (HD) classes. To extract power samples with high information about HD classes, Signal-to-noise ratio (SNR) metric

was chosen for feature selection. The experimental results of power trace classifications of test set showed a high success rate of $98\\%$ when the five largest SNR sample instants over a clock cycle were chosen as features. Our proposed attack strategy can also be extended to other stream cipher designs based on Fibonacci

configured shift registers.

21:17 [Pub][ePrint] Complementary Dual Codes for Counter-measures to Side-Channel Attacks, by Claude Carlet and Sylvain Guilley

  We recall why linear codes with complementary duals (LCD codes) play a role in counter-measures to passive and active side-channel analyses on embedded cryptosystems. The rate and the minimum distance of such LCD codes must be as large as possible. We investigate primary constructions of such codes, in particular with cyclic codes, specifically with generalized residue codes, and we study their idempotents. We study those secondary constructions which preserve the LCD property, and we characterize conditions under which codes obtained by puncturing, shortening or extending codes, or obtained by the Plotkin sum, can be LCD.

21:17 [Pub][ePrint] Structure-Preserving Signatures from Standard Assumptions, Revisited, by Eike Kiltz and Jiaxin Pan and Hoeteck Wee

  Structure-preserving signatures (SPS) are pairing-based signatures

where all the messages, signatures and public keys are group elements, with

numerous applications in public-key cryptography. We present new,

simple and improved SPS constructions under standard assumptions via a

conceptually different approach. Our constructions significantly

narrow the gap between existing constructions from standard assumptions

and optimal schemes in the generic group model.

21:17 [Pub][ePrint] Computing Elliptic Curve Discrete Logarithms with Improved Baby-step Giant-step Algorithm, by Steven D. Galbraith and Ping Wang and Fangguo Zhang

  The negation map can be used to speed up the computation of elliptic curve discrete logarithms using either the baby-step-giant-step algorithm (BSGS) or Pollard rho. Montgomery\'s simultaneous modular inversion can also be used to speed up Pollard rho when running many walks in parallel. We generalize these ideas and exploit the fact that for any two elliptic curve points $X$ and $Y$, we can efficiently get $X-Y$ when we compute $X+Y$. We apply these ideas to speed up the baby-step-giant-step algorithm. Compared to the previous methods, the new methods can achieve a significant speedup for computing elliptic curve discrete logarithms.

Another contribution of our paper is to give an analysis of the average-case running time of Bernstein and Lange\'s ``grumpy giants and a baby\'\' algorithm, and also to consider this algorithm in the case of groups with efficient inversion.

Our conclusion is that, in the fully-optimised context, both the interleaved BSGS and grumpy-giants algorithms have superior average-case running time compared with Pollard rho.