International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

18:42 [Job][New] Ph.D. student in Crypto-Finance, Cybersecurity and Privacy, University of Luxembourg

  The University of Luxembourg is offering a Ph.D. student position in one of the topics:

  • cryptofinance, cryptocurrencies
  • anonymity and privacy
  • cybersecurity

Applicants interested in symmetric cryptography, authenticated encryption will be also considered.


  • An M.Sc. in Computer Science or Applied Mathematics (some background in Economics/Finance is a plus)
  • GPA > 85%
  • Fluent written and verbal communication skills in English are mandatory.

We offer international research environment and competitive salary. The position is available from the 1-October 2015. Applications will be considered upon receipt, therefore applying before the deadline is encouraged.

16:34 [Job][New] Ph.D., Hochschule Offenburg (University of Applied Sciences)

  * The Chair for Security in Distributed Systems, computer science Hochschule Offenburg, Germany, offers a full-time PhD positions:

* The position involves research in the area of IT-security within the project PAL SAaaS \'Building Triangular Trust for Secure Cloud Auduting\' in cooperation with the University of Mannheim (Prof. Dr. Frederik Armknecht).

The successful candidate is expected to contribute to research in IT-Security and applied cryptography for Cloud Security.

Besides other cloud security related aspects topics of interest for the open positions are

- application of homomorphic cryptographic primitives for secure cloud storage,

- applying the above schemes to the auditing process for cloud services.

* The position is available from August on and is fully funded. The salary scale is TV-L E13.

The gross income depends on the candidate\'s experience level. At the lowest level it corresponds to approx. 40,000 EUR per year.

* Contracts are offered for three years.

* She or he is given the possiblity to carry out a Ph.D.

* The successful candidate should have a Master\'s degree in Computer Science, Mathematics, Information Security, or a related field.

Deep Knowledge in cryptography is not a must but an asset.

* The deadline for applications is July 20, 2015. However, late applications will be considered until the position is filled.

Please send your application with reference number to Prof. Dr. Dirk Westhoff (dirk DOT westhoff AT hs-offenburg DOT de).

09:17 [Pub][ePrint] Analyzing the Efficiency of Biased-Fault Based Attacks, by Nahid Farhady Ghalaty, Bilgiday Yuce, Patrick Schaumont

  The traditional fault analysis techniques developed over the past decade rely on a fault

model, a rigid assumption about the nature of the fault. A practical challenge for all faults attacks is to identify a fault injection method that achieves the presumed fault model.

In this paper, we analyze a class of more recently proposed fault analysis techniques,

which adopt a biased fault model. Biased fault attacks enable

a more flexible fault model, and are therefore easier to adopt to practice.

The purpose of our analysis is to evaluate the relative efficiency of several recently proposed biased-fault attacks, including Fault Sensitivity Analysis (FSA), Non-Uniform Error Value Analysis (NUEVA), Non-Uniform Faulty Value Analysis (NUFVA), and Differential Fault Intensity Analysis (DFIA).

We compare the relative performance of each technique in a common framework, using a common circuit and using a common fault injection method. We show that, for an identical circuit and an identical fault injection method, the number of faults per attack greatly varies according with the analysis technique.

In particular, DFIA is more efficient than FSA, and FSA is more efficient than both NUEVA and NUFVA. In terms of number of fault injections until full key disclosure, for a typical case, FSA uses 8x more faults than DFIA, and NUEVA uses 33x more faults than DFIA. Hence, the post-processing technique selected in a biased-fault attack has a significant impact on the probability of a successful attack.

16:39 [News] CRYPTO registration open, Journal of Cryptology delivery changes


Registration for CRYPTO 2015 is now open (, which makes it a good time to let you know about a few important updates.

Paper delivery of the Journal of Cryptology is now *opt-in*. If you would like to receive hard-copy JoC editions, you must update your membership info. You can update proactively via the membership info form ( or when paying your membership dues for 2016 during conference registration. If you have already paid your membership dues for 2016 you can still opt in and pay at a later time.

We have made some changes in how IACR membership records are stored internally. As a result, there is a small chance you will be asked to reset your password when authenticating. You will need access to the email address of record associated with your membership. If you experience problems, please contact the membership secretary at

15:17 [Pub][ePrint] Strong Security of the Strongly Multiplicative Ramp Secret Sharing based on Algebraic Curves, by Ryutaroh Matsumoto

  We introduce a coding theoretic criterion for

Yamamoto\'s strong security

of the ramp secret sharing scheme.

After that, by using it, we show the strong security of

the strongly multiplicative

ramp secret sharing proposed by Chen et al. in 2008.

09:17 [Pub][ePrint] DAA-TZ: An Efficient DAA Scheme for Mobile Devices using ARM TrustZone, by Bo Yang and Kang Yang and Yu Qin and Zhenfeng Zhang and Dengguo Feng

  Direct Anonymous Attestation (DAA) has been studied for applying to mobile devices based on ARM TrustZone. However, current solutions bring in extra performance overheads and security risks when adapting existing DAA schemes originally designed for PC platform. In this paper, we propose a complete and efficient DAA scheme (DAA-TZ) specifically designed for mobile devices using TrustZone. By considering the application scenarios, DAA-TZ extends the interactive model of original DAA and provides anonymity for a device and its user against remote service providers. The proposed scheme requires only one-time switch of TrustZone for signing phase and elaborately takes pre-computation into account. Consequently, the frequent on-line signing just needs at most three exponentiations on elliptic curve. Moreover, we present the architecture for trusted mobile devices. The issues about key derivation and sensitive data management relying on a root of trust from SRAM Physical Unclonable Function (PUF) are discussed. We implement a prototype system and execute DAA-TZ using MNT and BN curves with different security levels. The comparison result and performance evaluation indicate that our scheme meets the demanding requirement of mobile users in respects of both security and efficiency.

09:17 [Pub][ePrint] An Efficient Multi-Message Multi-Receiver Signcryption Scheme with Forward Secrecy on Elliptic Curves, by Nizamud Din, Arif Iqbal Umar, Abdul Waheed, Noor Ul Amin

  Secure multicast communication has application in growing number of applications. Forward secrecy is of prime importance and insures message confidentiality even long-term private key compromised. We present an efficient construction of multi message multi receiver signcryption with forward secrecy on elliptic curves. It provides confidentiality, integrity, authenticity, non-repudiation, public verifiability, unforgeability and forward secrecy of multi message multicast. It is efficient in computation cost and communication overhead and suitable for resource constrained IP-based secure multi message multicast systems.

09:17 [Pub][ePrint] Cryptanalysis of a Markov Chain Based User Authentication Scheme, by Ruhul Amin and G.P. Biswas

  Session key agreement protocol using smart card is extremely popular in client-server environment for secure communication. Remote user authentication protocol plays a crucial role in our daily life such as e-banking, bill-pay, online games, e-recharge, wireless sensor network, medical system, ubiquitous devices etc. Recently, Djellali et al. proposed a session key agreement protocol using smart card for ubiquitous devices. The main focus of this paper is to analyze security pitfalls of smart card and password based user authentication scheme. We have carefully reviewed Djellali et al.\'s scheme and found that the same scheme suffers from several security weaknesses such as off-line password guessing attack, privileged insider attack. Moreover, we demonstrated that the Djellali et al.\'s scheme does not provide proper security protection on the secret key of the server and presents inefficient password change phase.

09:17 [Pub][ePrint] Randomizing the Montgomery Powering Ladder, by Duc-Phong Le \\and Chik How Tan \\and Michael Tunstall

  In this paper, we present novel randomized techniques to enhance Montgomery powering ladder. The proposed techniques increase the resistance against side-channel attacks and especially recently published correlation collision attacks in the horizontal setting. The first of these operates by randomly changing state such that the difference between registers varies, unpredictably, between two states. The second algorithm takes a random walk, albeit tightly bounded, along the possible addition chains required to compute an exponentiation. We also generalize the Montgomery powering ladder and present randomized (both left-to-right and right-to-left) $m$-ary exponentiation algorithms.

09:17 [Pub][ePrint] Single-Cycle Implementations of Block Ciphers, by Pieter Maene and Ingrid Verbauwhede

  Security mechanisms to protect our systems and data from malicious adversaries have become essential. Strong encryption algorithms are an important building block of these solutions. However, each application has its own requirements and it is not always possible to find a cipher that meets them all. This work compares unrolled combinatorial hardware implementations of six lightweight block ciphers, along with an AES implementation as a baseline. Up until now, the majority of such ciphers were designed for area-constrained environments where speed is often not crucial, but recently the need for single-cycle, low-latency block ciphers with limited area requirements has arisen to build security architectures for embedded systems. Our comparison shows that some designers are already on this track, but a lot of work still remains to be done.

09:17 [Pub][ePrint] Diversity and Transparency for ECC, by Jean-Pierre Flori and Jérôme Plût and Jean-René Reinhard and Martin Ekerå

  Generating and standardizing elliptic curves to use

them in a cryptographic context is a hard task.

In this note, we don\'t make an explicit proposal

for an elliptic curve, but we deal with the following


Security: We give a list of criteria that should be

satisfied by a secure elliptic curve. Although a few

of these criteria are incompatible, we detail what we

think are the best choices for optimal security.

Transparency: We sketch a way to generate a

curve in a fully transparent way so that it can be

trusted and not suspected to belong to a (not publicly

known to be) vulnerable class. In particular, since the

computational cost of verifying the output of such a

process may be quite high, we sketch out the format

of a certificate that eases the computations. We think

that this format might deserve being standardized.