International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

Updates on the COVID-19 situation are on the Announcement channel.

Here you can see all recent updates to the IACR webpage. These updates are also available:

RSS symbol icon
via RSS feed
Twitter bird icon
via Twitter
Weibo icon
via Weibo
Facebook icon
via Facebook

27 March 2024

Cameron Foreman, Richie Yeung, Florian J. Curchod
ePrint Report ePrint Report
Random number generators (RNGs) are notoriously hard to build and test, especially in a cryptographic setting. Although one cannot conclusively determine the quality of an RNG by testing the statistical properties of its output alone, running numerical tests is both a powerful verification tool and the only universally applicable method. In this work, we present and make available a comprehensive statistical testing environment (STE) that is based on existing statistical test suites. The STE can be parameterised to run lightweight (i.e. fast) all the way to intensive testing, which goes far beyond what is required by certification bodies. With it, we benchmark the statistical properties of several RNGs, comparing them against each other. We then present and implement a variety of post-processing methods, in the form of randomness extractors, which improve the RNG's output quality under different sets of assumptions and analyse their impact through numerical testing with the STE.
Expand
Christian Badertscher, Monosij Maitra, Christian Matt, Hendrik Waldner
ePrint Report ePrint Report
Policy-compliant signatures (PCS) are a recently introduced primitive by Badertscher et al. [TCC 2021] in which a central authority distributes secret and public keys associated with sets of attributes (e.g., nationality, affiliation with a specific department, or age) to its users. The authority also enforces a policy determining which senders can sign messages for which receivers based on a joint check of their attributes. For example, senders and receivers must have the same nationality, or only senders that are at least 18 years old can send to members of the computer science department. PCS further requires attribute-privacy – nothing about the users’ attributes is revealed from their public keys and signatures apart from whether the attributes satisfy the policy or not. The policy in a PCS scheme is fixed once and for all during the setup. Therefore, a policy update requires a redistribution of all keys. This severely limits the practicality of PCS. In this work, we introduce the notion of updatable policy-compliant signatures (UPCS) extending PCS with a mechanism to efficiently update the policy without redistributing keys to all participants. We define the notion of UPCS and provide the corresponding security definitions. We then provide a generic construction of UPCS based on digital signatures, a NIZK proof system, and a so-called secret-key two-input partially-hiding predicate encryption (2-PHPE) scheme. Unfortunately, the only known way to build the latter for general two-input predicates is using indistinguishability obfuscation. We show that the reliance on the heavy tool of 2-PHPE is inherent to build UPCS by proving that non-interactive UPCS implies 2-PHPE. To circumvent the reliance on 2-PHPE, we consider interactive UPCS, which allows the sender and receiver to interact during the message signing procedure. In this setting, we present two schemes: the first one requires only a digital signature scheme, a NIZK proof system, and secure two-party computation. This scheme works for arbitrary policies, but requires sender and receiver to engage in a two-party computation protocol for each policy update. Our second scheme additionally requires a (single-input) predicate-encryption scheme but, in turn, only requires a single interaction between sender and receiver, independent of the updates. In contrast to 2-PHPE, single-input predicate encryption for certain predicate classes is known to exist (e.g., from pairings) under more concrete and well-understood assumptions.
Expand
Carsten Baum, Ward Beullens, Shibam Mukherjee, Emmanuela Orsini, Sebastian Ramacher, Christian Rechberger, Lawrence Roy, Peter Scholl
ePrint Report ePrint Report
The use of MPC-in-the-Head (MPCitH)-based zero-knowledge proofs of knowledge (ZKPoK) to prove knowledge of a preimage of a one-way function (OWF) is a popular approach towards constructing efficient post-quantum digital signatures. Starting with the Picnic signature scheme, many optimized MPCitH signatures using a variety of (candidate) OWFs have been proposed. Recently, Baum et al. (CRYPTO 2023) showed a fundamental improvement to MPCitH, called VOLE-in-the-Head (VOLEitH), which can generically reduce the signature size by at least a factor of two without decreasing computational performance or introducing new assumptions. Based on this, they designed the FAEST signature which uses AES as the underlying OWF. However, in comparison to MPCitH, the behavior of VOLEitH when using other OWFs is still unexplored.

In this work, we improve a crucial building block of the VOLEitH and MPCitH approaches, the so-called all-but-one vector commitment, thus decreasing the signature size of VOLEitH and MPCitH signature schemes. Moreover, by introducing a small Proof of Work into the signing procedure, we can improve the parameters of VOLEitH (further decreasing signature size) without compromising the computational performance of the scheme. Based on these optimizations, we propose three VOLEitH signature schemes FAESTER, KuMQuat, and MandaRain based on AES, MQ, and Rain, respectively. We carefully explore the parameter space for these schemes and implement each, showcasing their performance with benchmarks. Our experiments show that these three signature schemes outperform MPCitH-based competitors that use comparable OWFs, in terms of both signature size and signing/verification time.
Expand
Zhe CEN, Xiutao FENG, Zhangyi WANG, Yamin ZHU, Chunping CAO
ePrint Report ePrint Report
The guess and determine attack is a common method in cryptanalysis. Its idea is to firstly find some variables which can deduced all remaining variables in a cipher and then traverse all values of these variables to find a solution. People usually utilize the exhausted search to find these variables. However, it is not applicable any more when the number of variables is a bit large. In this work we propose a guess and determine analysis based on set split to find as few variables as possible in the first step of guess and determine attack, which is a kind of exhausted search based on trading space for time and is more effective than the latter. Firstly we give an idea of set split in detail by introducing some conceptions such as base set, likely solution region and so on. And then we discuss how to utilize the set split to achieve a guess and determine analysis and give its specific implementation scheme. Finally, comparing it with the other two guess and determine analysis based on the exhausted search and the MILP method, we illustrate the effectiveness of our method by two ciphers Snow 2.0 and Enocoro-128v2. Our method spends about 0.000103 seconds finding a best solution of 9 variables for the former and 0.13 seconds finding a best solution of 18 variables for the latter in a personal Macbook respectively, which are better than those of both the exhausted search and the MILP method.
Expand
Xavier Bonnetain, Rachelle Heim Boissier, Gaëtan Leurent, André Schrottenloher
ePrint Report ePrint Report
Over the past ten years, the statistical properties of random functions have been particularly fruitful for generic attacks. Initially, these attacks targeted iterated hash constructions and their combiners, developing a wide array of methods based on internal collisions and on the average behavior of iterated random functions. More recently, Gilbert et al. (EUROCRYPT 2023) introduced a forgery attack on so-called duplex-based Authenticated Encryption modes which was based on exceptional random functions, i.e., functions whose graph admits a large component with an exceptionally small cycle. In this paper, we expand the use of such functions in generic cryptanalysis with several new attacks. First, we improve the attack of Gilbert et al. from O(2^3c/4) to O(2^2c/3), where c is the capacity. This new attack uses a nested pair of functions with exceptional behavior, where the second function is defined over the cycle of the first one. Next, we introduce several new generic attacks against hash combiners, notably using small cycles to improve the complexities of the best existing attacks on the XOR combiner, Zipper Hash and Hash-Twice. Last but not least, we propose the first quantum second preimage attack against Hash-Twice, reaching a quantum complexity O(2^3n/7).
Expand

26 March 2024

Zvika Brakerski, Nir Magrafta
ePrint Report ePrint Report
We explore a very simple distribution of unitaries: random (binary) phase -- Hadamard -- random (binary) phase -- random computational-basis permutation. We show that this distribution is statistically indistinguishable from random Haar unitaries for any polynomial set of orthogonal input states (in any basis) with polynomial multiplicity. This shows that even though real-valued unitaries cannot be completely pseudorandom (Haug, Bharti, Koh, arXiv:2306.11677), we can still obtain some pseudorandom properties without giving up on the simplicity of a real-valued unitary.

Our analysis shows that an even simpler construction: applying a random (binary) phase followed by a random computational-basis permutation, would suffice, assuming that the input is orthogonal and flat (that is, has high min-entropy when measured in the computational basis).

Using quantum-secure one-way functions (which imply quantum-secure pseudorandom functions and permutations), we obtain an efficient cryptographic instantiation of the above.
Expand
Dario Catalano, Emanuele Giunta, Francesco Migliaro
ePrint Report ePrint Report
The elegant paradigm of Anamorphic Encryption (Persiano et al., Eurocrypt 2022) considers the question of establishing a private communication in a world controlled by a dictator. The challenge is to allow two users, sharing some secret anamorphic key, to exchange covert messages without the dictator noticing, even when the latter has full access to the regular secret keys. Over the last year several works considered this question and proposed constructions, novel extensions and strengthened definitions.

In this work we make progress on the study of this primitive in three main directions. First, we show that two general and well established encryption paradigms, namely hybrid encryption and the IBE-to-CCA transform, admit very simple and natural anamorphic extensions. Next, we show that anamorphism, far from being a phenomenon isolated to "basic" encryption schemes, extends also to homomorphic encryption. We show that some existing homomorphic schemes, (and most notably the fully homomorphic one by Gentry, Sahai and Waters) can be made anamorphic, while retaining their homomorphic properties both with respect to the regular and the covert message.

Finally we refine the notion of anamorphic encryption by envisioning the possibility of splitting the anamorphic key into an encryption component (that only allows to encrypt covert messages) and a decryption component. This makes possible for a receiver to set up several, independent, covert channels associated with a single covert key.
Expand
Florette Martinez
ePrint Report ePrint Report
Pseudo-random generators are deterministic algorithms that take in input a random secret seed and output a flow of random-looking numbers. The Knapsack generator, presented by Rueppel and Massey in 1985 is one of the many attempt at designing a pseudo-random generator that is cryptographically secure. It is based on the subset-sum problem, a variant of the Knapsack optimization problem, which is considered computationally hard.

In 2011 Simon Knellwolf et Willi Meier found a way to go around this hard problem and exhibited a weakness of this generator. In addition to be able to distinguish the outputs from the uniform distribution, they designed an algorithm that retrieves a large portion of the secret. We present here an alternate version of the attack, with similar costs, that works on the same range of parameters but retrieves a larger portion of the secret.
Expand
Harishma Boyapally, Durba Chatterjee, Kuheli Pratihar, Sayandeep Saha, Debdeep Mukhopadhyay, Shivam Bhasin
ePrint Report ePrint Report
Physically Unclonable Functions (PUFs) have been a potent choice for enabling low-cost, secure communication. However, in most applications, one party holds the PUF, and the other securely stores the challenge-response pairs (CRPs). It does not remove the need for secure storage entirely, which is one of the goals of PUFs. This paper proposes a PUF-based construction called Harmonizing PUFs ($\textsf{H_PUF}$s), allowing two independent PUFs to generate the same outcome without storing any confidential data. As an application of $\textsf{H_PUF}$ construction, we present $\textsf{H-AKE}$: a low-cost authenticated key exchange protocol for resource-constrained nodes that is secure against replay and impersonation attacks. The novelty of the protocol is that it achieves forward secrecy without requiring to perform asymmetric group operations like elliptic curve scalar multiplications underlying traditional key-exchange techniques.
Expand
Orhun Kara
ePrint Report ePrint Report
The Advanced Encryption Standard (AES) is one of the most commonly used and analyzed encryption algorithms. In this work, we present new combinations of some prominent attacks on AES, achieving new records in data requirements among attacks, utilizing only $2^4$ and $2^{16}$ chosen plaintexts (CP) for 6-round and 7-round AES-192/256 respectively. One of our attacks is a combination of a meet-in-the-middle (MiTM) attack with a square attack mounted on 6-round AES-192/256 while another attack combines an MiTM attack and an integral attack, utilizing key space partitioning technique, on 7-round AES-192/256. Moreover, we illustrate that impossible differential (ID) attacks can be viewed as the dual of MiTM attacks in certain aspects which enables us to recover the correct key using the meet-in-the-middle (MiTM) technique instead of sieving through all potential wrong keys in our ID attack. Furthermore, we introduce the constant guessing technique in the inner rounds which significantly reduces the number of key bytes to be searched. The time and memory complexities of our attacks remain marginal.
Expand
Ben Fisch, Arthur Lazzaretti, Zeyu Liu, Charalampos Papamanthou
ePrint Report ePrint Report
Private Information Retrieval (PIR) is a two player protocol where the client, given some query $x \in [N]$ interacts with the server, which holds a $N$-bit string $\textsf{DB}$ in order to privately retrieve $\textsf{DB}[x]$. In this work, we focus on the single server client-preprocessing model, initially idealized by Corrigan-Gibbs and Kogan (EUROCRYPT 2020), where the client and server first run some joint preprocessing algorithm, after which the client can retrieve elements of the server's string $\textsf{DB}$ privately in time sublinear in $N$.

All known constructions of single server client-preprocessing PIR rely on one of the following two paradigms: (1) a linear-bandwidth offline phase where the client downloads the whole database from the server, or (2) a sublinear-bandwidth offline phase where however the server has to compute a large-depth ($O_\lambda (N)$) circuit under FHE in order to execute the preprocessing phase.

In this paper, we construct a single server client-preprocessing PIR scheme which achieves both sublinear offline bandwidth (the client does not have to download the whole database offline) and a low-depth (i.e. $O_\lambda(1)$), highly parallelizable preprocessing circuit. We estimate that on a single thread, our scheme's preprocessing time should be more than 350x times faster than in prior single server client-preprocessing PIR constructions. Moreover, with parallelization, the latency reduction would be even more drastic. In addition, this construction also allows for updates in $O_\lambda (1)$ time, something not achieved before in this model.
Expand
Røros, Noorwegen, 12 May - 15 May 2025
PKC PKC
Event date: 12 May to 15 May 2025
Submission deadline: 16 October 2024
Notification: 5 February 2025
Expand
Madrid, Spain, 4 May - 8 May 2025
Eurocrypt Eurocrypt
Event date: 4 May to 8 May 2025
Expand
Shonan, Japan, 30 July - 2 August 2024
Event Calendar Event Calendar
Event date: 30 July to 2 August 2024
Expand
NXP Semiconductors Gratkorn/Austria, Hamburg/Germany, Eindhoven/Netherlands & Toulouse/France
Job Posting Job Posting
Ready to join the future of innovation in Crypto & Security at NXP?

Become part of a highly talented and dynamic international development team that develops state-of-the art secure cryptographic libraries which are protected against physical and logical attacks, which have applications across all different NXP domains and business lines (payment, identification, mobile, IoT, Automotive, Edge Processing, etc.).

When you join NXP you have the opportunity to broaden your technical knowledge in all of these areas.

Responsibilities

  • You will develop crypto algorithms (incl. Post Quantum Crypto) based on specifications, being involved from the coding/programming, test, code review, release stages.
  • You will align with our innovation team, architectural team, hardware teams and support teams to develop the algorithms which contribute to a complete security subsystem in all of NXP's business lines.

Your Profile

  • Bachelor + 3-5 years of relevant experience Or​ You are a graduate with a Master or PhD Degree in Computer Science, Electronics Engineering, Mathematics, Information Technology, Cryptography
  • You have a passion for technology, you bring ideas to the table and you are proud of your results.

We offer

  • We offer you the opportunity to learn and build on your technical knowledge and experience in some of the following areas: algorithm development including post quantum cryptography (DES, AES, RSA, ECC, SHA and many more)
  • embedded software development in C and Assembly
  • work with ARM Cortex M and RISC V platforms
  • Work on hardware and software countermeasures against side channel (SCA) and fault attacks, (FA).

Ready to create a smarter world? Join the future of Innovation. Join NXP. Apply online!

https://nxp.wd3.myworkdayjobs.com/fr-FR/careers/job/Gratkorn/Embedded-Crypto-Software-Developer--m-f-d-_R-10052127

Closing date for applications:

Contact: Veronika von Hepperger (veronika.vonhepperger@nxp.com)

More information: https://nxp.wd3.myworkdayjobs.com/fr-FR/careers/job/Gratkorn/Embedded-Crypto-Software-Developer--m-f-d-_R-10052127

Expand
Luxembourg Institute of Science and Technology
Job Posting Job Posting
I-2421 – POST DOC IN SOFTWARE AND DATA SECURITY Temporary contract | 24 months | Belval Are you passionate about research? So are we! Come and join us Do you want to know more about LIST? Check our website: https://www.list.lu/ Discover our IT for Innovative Services department: https://www.list.lu/en/informatics/ How will you contribute? Your specific mission includes, but is not limited to, participating into the following activities along the project partners: • to design and develop DevSecOps solutions and Data security solutions • to prototype ML-based anti-fuzzing, vulnerability detection, information sharing technologies for cybersecurity, and anomaly detection solutions • to develop open-source software • to validate the effectiveness of developed technologies You are in charge of disseminating and promoting the research activities that will be carried out, whether through publications, prototype development or technical reports. You’re highly motivated and have proven skills in machine learning & cybersecurity to address the security concerns in software development and data protection. You have already good experience in collaborative cyberthreat intelligence systems that use advanced analytics solutions as can offer significant advantages over the local systems by detecting cyberattacks early and promptly responding to them. And last, but not least, you’re a great practitioner of cybersecurity techniques such as vulnerability detection, information sharing, fuzzing, anti-fuzzing. Is Your profile described below? Are you our future colleague? Apply now! As to join us, you: • hold a PhD. degree in Computer Science or related disciplines • have good programming skills (particularly experience on Python and C++) • have good track record on applied ML for cybersecurity, such as fuzzing and ML-based vulner

Closing date for applications:

Contact: SCHWARTZ Cathy

More information: https://bit.ly/3xa6NAy

Expand
RWTH Aachen, Department of Computer Science, Germany
Job Posting Job Posting

At the Chair of Quantum Information Systems at RWTH Aachen, Germany, we have several phd and postdoc positions available in the area of quantum formal verification, quantum programs, quantum crypto, connected to the ERC project "Certified Quantum Security".

Supervisor would be Dominique Unruh.

In particular, there are the following topics, but we accept phd and postdoc applications for other topics if they fit into the general direction of our group.

  • PhD position “Verification of Quantum Key Distribution”
  • PhD position “Functional quantum programs in F*”
  • PhD position “Certified quantum compilation”

All positions are fully funded (German salary class TV-L E13).

Application deadline is April 15, 2024. See the webpage for application instructions.

Closing date for applications:

Contact: Dominique Unruh, email: job.igxkb0@rwth.unruh.de

More information: https://qis.rwth-aachen.de/positions/

Expand

23 March 2024

University of Edinburgh and ZK Lab
Job Posting Job Posting
The ZK-lab (zk-lab.org) and Blockchain Technology Laboratory (https://www.ed.ac.uk/informatics/blockchain) at Edinburgh University has several open Ph.D. and postdoc positions to work on zero-knowledge proofs, succinct arguments, and multi-party computation with applications to decentralization and privacy protection. You will work in a dynamic collaborative environment with a focus on conceptual and foundational problems of practical relevance. To express interest, send an email including a CV to markulf.kohlweiss@ed.ac.uk and jan.bobolz@ed.ac.uk. Positions are open until filled, but we give priority to applications received by May 31st. Female candidates and other underrepresented groups are strongly encouraged to apply.

Closing date for applications:

Contact: Markulf Kohlweiss (markulf.kohlweiss@ed.ac.uk), Jan Bobolz (jan.bobolz@ed.ac.uk)

More information: https://zk-lab.org

Expand
Tallinn University of Technology
Job Posting Job Posting
The Department of Computer Systems at Tallinn University of Technology invites PhD holders in Computer Science or relevant fields to apply for a post-doctoral researcher position in the NSF IMPRESS-U project titled "Hardware-Efficient Realization of UA Cryptographic Standards". Ukraine has its standardized cryptographic algorithms, namely Kalyna – block cipher and Kupyna – hash function, which are significantly dissimilar to other standardized solutions adopted by NIST in the US. For several reasons, including performance and security, hardware implementations of cryptographic algorithms are sought. In this project, the partners based in US, Estonia, and Ukraine will jointly investigate how to implement these algorithms in an Application Specific Integrated Circuit (ASIC) while disseminating knowledge in both directions. The Estonian partner is responsible for accomplishing three main tasks: (i) security-aware design exploration of cryptographic primitives in Kalyna and Kupyna, such as substitution and linear transformation operations; (ii) realization of design architectures targeting high performance and low power dissipation; (iii) secure design of Kalyna and Kupyna against well-known attacks, such as side-channel analysis and fault injection.

Closing date for applications:

Contact: Levent Aksoy (levent.aksoy@taltech.ee)

More information: https://candidate.recrur.com/public/jobad/en/b98a4a29-7

Expand
PQShield Ltd, Research and Development
Job Posting Job Posting
We are looking for a bright and ambitious Postdoc to join PQShield's R&D team, focusing on advancing post-quantum secure messaging. This 2-year position, preferably starting before July 1st, 2024 , offers the opportunity to contribute to exciting research in Tokyo, Japan or Paris, France. While physical presence in these locations is preferred for collaboration with our researchers, remote work arrangements can be negotiated.

What you’ll be doing: The primary responsibility of this position will be to advance the state of post-quantum secure messaging such as Signal and Message Layer Security (MLS). While the main focus is to conduct groundbreaking research, we encourage and support translating academic research into tangible contributions, such as proposals to the Internet Engineering Task Force (IETF) for standardisation.

Qualifications: While you will mostly collaborate with a group, it is preferred that you have some of the following backgrounds to ensure a smooth start into the project:

  • Previous involvement with secure protocols are helpful to better understand the open problems posed by post-quantum secure messaging.
  • Ability to conduct formal security proofs and to propose new security models are important to handle a complex protocol such as secure messaging.
  • A general knowledge of lattice-based cryptography is preferred to understanding the pros/cons compared to classical cryptography.


    In addition to cryptographic expertise, we seek candidates with:

  • Previous experience working with diverse teams on projects that cover various cryptographic fields.
  • PhD qualified in Cryptography.
  • Strong communication and presentation skills.
  • The ability to work both independently and collaboratively within a diverse team.

    Closing date for applications:

    Contact: Please apply to the job through the PQShield's Careers page or through the link below:

    PQShield Career page: https://pqshield.com/careers/apply/?gh_jid=4309579101

    More information: https://pqshield.com/careers/apply/?gh_jid=4309579101

  • Expand
    Next ►