International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.

Here you can see all recent updates to the IACR webpage. These updates are also available:

email icon
via email
RSS symbol icon
via RSS feed

01 August 2018

Kallepu Raju, Appala Naidu Tentuand, V. Ch. Venkaiah
ePrint Report ePrint Report
Group key distribution protocol is a mechanism in which a group key is generated and distributed by KGC to a set of communicating parties in a group. This group key generally ensures secure communication among communicating parties in an unsecure channel. Harn and Lin protocol is one such. It is based on Shamir's secret sharing scheme. Nam et al. exposed the vulnerability in Harn and Lin protocol through their replay attack and proposed a countermeasure using nonce mechanism. In this paper, we are generalizing the replay attack proposed by Nam et al. and proposing an alternative countermeasure without using nonce mechanism. Novelty of our countermeasure is that KGC is not required to detect replay messages and hence each user doesn't need to compute authentication message as in Nam et al. Proposed countermeasure thereby brings down the computational complexity of the scheme.
Expand
Megha Byali, Arun Joseph, Arpita Patra, Divya Ravi
ePrint Report ePrint Report
Secure Multi-Party Computation (MPC) with small number of parties is an interesting area of research, primarily due to its ability to model most real-life MPC applications and the simplicity and efficiency of the resulting protocols. In this work, we present efficient, constant-round 3-party (3PC) and 4-party (4PC) protocols in the honest-majority setting that achieve strong security notions of fairness (corrupted parties receive their output only if all honest parties receive output) and guaranteed output delivery (corrupted parties cannot prevent honest parties from receiving their output). Being constant-round, our constructions are suitable for Internet-like high-latency networks and are built from garbled circuits (GC).

Assuming the minimal model of pairwise-private channels, we present two protocols that involve computation and communication of a single GC-- (a) a 4-round 3PC with fairness, (b) a 5-round 4PC with guaranteed output delivery. Empirically, our protocols are on par with the best known 3PC protocol of Mohassel et al. [CCS 2015] that only achieves security with selective abort, in terms of the computation time, LAN runtime, WAN runtime and communication cost. In fact, our 4PC outperforms the 3PC of Mohassel et al. significantly in terms of per-party computation and communication cost. With an extra GC, we improve the round complexity of our 4PC to four rounds. The only 4PC in our setting, given by Ishai et al. [CRYPTO 2015], involves 12 GCs.

Assuming an additional broadcast channel, we present a 5-round 3PC with guaranteed output delivery that involves computation and communication of a single GC. A broadcast channel is inevitable in this setting for achieving guaranteed output delivery, owing to an impossibility result in the literature. The overall broadcast communication of our protocol is nominal and most importantly, is independent of the circuit size. This protocol too induces a nominal overhead compared to the protocol of Mohassel et al.
Expand
Vanessa Vitse
ePrint Report ePrint Report
The key exchange protocol of Diffie and Hellman, which can be defined for any group, has the special feature of using only exponentiations. In particular, it can also be instantiated in Kummer varieties, which are not groups, and in the post-quantum isogeny-based setting, with the supersingular isogeny DH scheme of De Feo, Jao and Plût (SIDH).

In this article, we propose a new simple oblivious transfer (OT) protocol, based on the Diffie-Hellman key exchange, that only uses exponentiations; we also revisit the older Wu-Zhang-Wang scheme. Both protocols can be directly instantiated on fast Kummer varieties; more importantly, they can also be transposed in the post-quantum SIDH setting. The security of our proposals relies on the hardness of non-standard versions of the (supersingular) Diffie-Hellman problem, that are investigated within this article. To the best of our knowledge, these protocols are the simplest secure discrete-log based OT schemes using only exponentiations, and the first isogeny-based OT schemes.
Expand
Alexandre Adomnicai, Jacques J.A. Fournier, Laurent Masson
ePrint Report ePrint Report
The ongoing CAESAR competition aims at finding authenticated encryption schemes that offer advantages over AES-GCM for several use-cases, including lightweight applications. ACORN and Ascon are the two finalists for this profile. Our paper compares these two candidates according to their resilience against differential power analysis and their ability to integrate countermeasures against such attacks. Especially, we focus on software implementations and provide benchmarks for several security levels on anARM Cortex-M3 embedded microprocessor.
Expand
Elette Boyle, Niv Gilboa, Yuval Ishai
ePrint Report ePrint Report
Function Secret Sharing (FSS), introduced by Boyle et al. (Eurocrypt 2015), provides a way for additively secret-sharing a function from a given function family $\mathcal F$. More concretely, an $m$-party FSS scheme splits a function $f:\{0,1\}^n\to \mathbb G$, for some abelian group $\mathbb G$, into functions $f_1,\ldots,f_m$, described by keys $k_1,\ldots,k_m$, such that $f=f_1+\ldots+f_m$ and every strict subset of the keys hides $f$. A Distributed Point Function (DPF) is a special case where $\mathcal F$ is the family of point functions, namely functions $f_{\alpha,\beta}$ that evaluate to $\beta$ on the input $\alpha$ and to 0 on all other inputs.

FSS schemes are useful for applications that involve privately reading from or writing to distributed databases while minimizing the amount of communication. These include different flavors of private information retrieval (PIR), as well as a recent application of DPF for large-scale anonymous messaging. We improve and extend previous results in several ways:

- Simplified FSS constructions. We introduce a tensoring operation for FSS which is used to obtain a conceptually simpler derivation of previous constructions and present our new constructions.

- Improved 2-party DPF. We reduce the key size of the PRG-based DPF scheme of Boyle et al. roughly by a factor of 4 and optimize its computational cost. The optimized DPF significantly improves the concrete costs of 2-server PIR and related primitives.

- FSS for new function families. We present an efficient PRG-based 2-party FSS scheme for the family of decision trees, leaking only the topology of the tree and the internal node labels. We apply this towards FSS for multi-dimensional intervals. We also present a general technique for obtaining more expressive FSS schemes by increasing the number of parties.

- Verifiable FSS. We present efficient protocols for verifying that keys $(k^*_1,\ldots,k^*_m)$, obtained from a potentially malicious user, are consistent with some $f\in\mathcal F$. Such a verification may be critical for applications that involve private writing or voting by many users.
Expand
Paul Bunn, Jonathan Katz, Eyal Kushilevitz, Rafail Ostrovsky
ePrint Report ePrint Report
Distributed Oblivious RAM (DORAM) protocols---in which parties obliviously access a shared location in a shared array---are a fundamental component of secure-computation protocols in the RAM model. We show here an efficient, 3-party DORAM protocol with semi-honest security for a single corrupted party. To the best of our knowledge, ours is the first protocol for this setting that runs in constant rounds, requires sublinear communication and linear work, and makes only black-box use of cryptographic primitives. We believe our protocol is also concretely more efficient than existing solutions.

As a building block of independent interest, we construct a 3-server distributed point function with security against two colluding servers that is simpler and has better concrete efficiency than prior work.
Expand
Russell W.F. Lai, Giulio Malavolta
ePrint Report ePrint Report
An argument of knowledge allows a prover to convince a verifier of the validity of certain statements. We construct succinct arguments of knowledge with an optimal communication complexity of $O(\lambda)$ bits in the standard model, thereby resolving an open problem posed by Kilian (CRYPTO' 95), assuming that the strong root problem is hard over groups of unknown order. Our protocol can be generically transformed into a zero-knowledge succinct non-interactive argument of knowledge (zk-SNARK) with proofs of size $O(\lambda)$ bits, with efficient trusted setup in the random oracle model. These results can be instantiated under the strong RSA assumption. For groups that admit a public-coin setup, the transformation yields a zk-SNARK without setup. A plausible candidate family of such groups is class groups of imaginary quadratic orders. Existing zk-SNARKs with optimal proof size require inefficient trusted setup and use bilinear maps. Our main technical tool is a generalization of vector commitments called subvector commitments. The latter allows one to open a commitment of a vector at a set of positions, where the opening size is independent of the size of the set. Apart from the new application in constructing succinct arguments, subvector commitments generally serve as a more efficient replacement of vector commitments in all applications where the prover needs to decommit at more than one position.
Expand
Hisham S. Galal, Amr M. Youssef
ePrint Report ePrint Report
The success of the Ethereum blockchain as a decentralized application platform with a distributed consensus protocol has made many organizations start to invest in running their business on top of it. Technically, the most impressive feature behind Ethereum's success is its support for a Turing complete language. On the other hand, the inherent transparency and, consequently, the lack of privacy pose a great challenge for many financial applications. In this paper, we tackle this challenge and present a smart contract for a verifiable sealed-bid auction on the Ethereum blockchain. In a nutshell, initially, the bidders submit homomorphic commitments to their sealed-bids on the contract. Subsequently, they reveal their commitments secretly to the auctioneer via a public key encryption scheme. Then, according to the auction rules, the auctioneer determines and claims the winner of the auction. Finally, we utilize interactive zero-knowledge proof protocols between the smart contract and the auctioneer to verify the correctness of such a claim. The underlying protocol of the proposed smart contract is partially privacy-preserving. To be precise, no information about the losing bids is leaked to the bidders. We provide an analysis of the proposed protocol and the smart contract design, in addition to the estimated gas costs associated with the different transactions.
Expand
Niek J. Bouman, Niels de Vreede
ePrint Report ePrint Report
Cramer and Damg\aa{}rd were the first to propose a constant-rounds protocol for securely solving a linear system of unknown rank over a finite field in multiparty computation (MPC). For $m$ linear equations and $n$ unknowns, and for the case $m\leq n$, the computational complexity of their protocol is $O(n^5)$. Follow-up work (by Cramer, Kiltz, and Padr\'{o}) proposes another constant-rounds protocol for solving this problem, which has complexity $O(m^4+n^2 m)$. For certain applications, such asymptotic complexities might be prohibitive. In this work, we improve the asymptotic computational complexity of solving a linear system over a finite field, thereby sacrificing the constant-rounds property. We propose two protocols: (1) a protocol based on pivoting-free Gaussian elimination with computational complexity $O(n^3)$ and linear round complexity, and (2) a protocol based on block-recursive matrix decomposition, having $O(n^2)$ computational complexity (assuming ``cheap'' secure inner products as in Shamir's secret-sharing scheme) and $O(n^{1.585})$ (super-linear) round complexity.
Expand
Ben Fisch
ePrint Report ePrint Report
We construct a concretely practical proof-of-space (PoS) with arbitrarily tight security based on stacked depth robust graphs and constant-degree expander graphs. A proof-of-space (PoS) is an interactive proof system where a prover demonstrates that it is persistently using space to store information. A PoS is arbitrarily tight if the honest prover uses exactly N space and for any $\epsilon > 0$ the construction can be tuned such that no adversary can pass verification using less than $1-\epsilon N$ space. Most notably, the degree of the graphs in our construction are independent of $\epsilon$, and the number of layers is only $O(\log(1/\epsilon))$. The proof size is $O(d/\epsilon)$. The degree $d$ depends on the depth robust graphs, which are only required to maintain $\Omega(N)$ depth in subgraphs on 80% of the nodes. Our tight PoS is also secure against parallel attacks.

Tight proofs of space are necessary for proof-of-replication (PoRep), which is a publicly verifiable proof that the prover is dedicating unique resources to storing one or more retrievable replicas of a file. Our main PoS construction can be used as a PoRep, but data extraction is as inefficient as replica generation. We present a second variant of our construction called ZigZag PoRep that has fast/parallelizable data extraction compared to replica generation and maintains the same space tightness while only increasing the number of levels by roughly a factor two.
Expand
Yen-Lung Lai
ePrint Report ePrint Report
Secure sketch produces public information of its input $w$ without revealing it, yet, allows the exact recovery of $w$ given another value $w'$ that is close to $w$. Therefore, it can be used to reliably reproduce any error-prone biometric data stored in a database, without jeopardizing the user privacy. In addition to this, secure sketch enables fuzzy extractor, by using a randomness extractor to convert the noisy reading $w'$ of its original value $w$ into the same uniform key $R$. Standard secure sketch should work on all type of available input sources. However, some sources have lower entropy compared to the error itself, formally called ``more error than entropy", a standard secure sketch cannot show its security promise perfectly to these kinds of sources. Besides, when same input is reused for multiple sketches generation, the complex error process of the input further results to security uncertainty, and offer no security guarantee. Fuller et al., (Asiacrypt 2016) defined the fuzzy min-entropy is necessary to show security for different kind of sources over different distributions.

This paper focuses on secure sketch. We propose a new technique to generate re-usable secure sketch. We show security to low entropy sources and enable error correction up to Shannon bound. Our security defined information theoretically with fuzzy min-entropy under distribution uncertain setting. In other words, our new technique offers security guarantee for all family of input distribution, as long as the sources possessing ``meaningful amount" of fuzzy min-entropy over some random distributions, parametrized by a chosen error correction code.
Expand
Hwajeong Seo, Zhe Liu, Patrick Longa, Zhi Hu
ePrint Report ePrint Report
We present high-speed implementations of the post-quantum supersingular isogeny Diffie-Hellman key exchange (SIDH) and the supersingular isogeny key encapsulation (SIKE) protocols for 32-bit ARMv7-A processors with NEON support. The high performance of our implementations is mainly due to carefully optimized multiprecision and modular arithmetic that finely integrates both ARM and NEON instructions in order to reduce the number of pipeline stalls and memory accesses, and a new Montgomery reduction technique that combines the use of the UMAAL instruction with a variant of the hybrid-scanning approach. In addition, we present efficient implementations of SIDH and SIKE for 64-bit ARMv8-A processors, based on a high-speed Montgomery multiplication that leverages the power of 64-bit instructions. Our experimental results consolidate the practicality of supersingular isogeny-based protocols for many real-world applications. For example, a full key-exchange execution of SIDHp503 is performed in about 176 million cycles on an ARM Cortex-A15 from the ARMv7-A family (i.e., 88 milliseconds @2.0GHz). On an ARM Cortex-A72 from the ARMv8-A family, the same operation can be carried out in about 90 million cycles (i.e., 45 milliseconds @1.992GHz). All our software is protected against timing and cache attacks. The techniques for modular multiplication presented in this work have broad applications to other cryptographic schemes.
Expand
Raghvendra Rohit, Guang Gong
ePrint Report ePrint Report
In this paper, we propose a novel cryptanalytic technique called correlated sequence attack on block ciphers. Our attack exploits the properties of given key dependent sequences of length $t$ to obtain other keyed sequences of same length with $\sigma$ ($0\le \sigma < t$) computations of the non-linear function. We call these sequences $(\sigma,t)$-correlated sequences, and utilize them in a meet-in-the-middle attack for $2t$ rounds. We apply this technique on Simon-32/64 and Simeck-32/64 block ciphers, construct $(1, 8)$-correlated sequences and present the first 25-round attack on both ciphers. Next, we analyze the 8-th element of these sequences by considering the key scheduling algorithms and differential properties, and show that the attack can be improved by two rounds with the same complexities as of the 25-round attack. Overall, our technique is used to attack up to 27 rounds of both Simon-32/64 and Simeck-32/64 with a time complexity less than that of average exhaustive search and data complexity of 3.

Our attack extends the number of previously attacked rounds by 4 and has a success probability 1. This reduces the security margin of both these ciphers to 16%. Up to our knowledge, this is currently the best attack on Simon-32/64 and Simeck-32/64.
Expand
Indian Statistical Institute, R. C. Bose Centre for Cryptology and Security, Kolkata
Job Posting Job Posting
Indian Statistical Institute invites applications from duly qualified Indian nationals, including Persons of Indian Origins (PIOs) and Overseas Citizens of India (OCIs), for full-time permanent faculty positions at the level of Assistant Professors and Associate Professors, to be placed at the R. C. Bose Centre for Cryptology and Security of the Institute, in Kolkata.

This is a rolling advertisement, and there is no last date. Interested applicants are encouraged to apply for the positions throughout the year. The recruitment committee(s) will meet regularly to consider the applications and arrange for seminars and/or interviews as the need arises.

For eligibility criteria, kindly visit the link below in \"More information\"

Interested candidates may send a copy of their current Curriculum Vitæ that clearly mentions the marks/grades/dissertations/honors at all academic levels (Grade 10, Grade 12, Bachelors, Masters, PhD), as applicable, and includes a complete list of peer-reviewed journal and conference publications in cryptology and security, to be considered for the positions.

The Curriculum Vitæ, as mentioned, should be sent to “Head, R. C. Bose Centre for Cryptology and Security, Indian Statistical Institute” at rcbose (at) isical.ac.in as a consolidated PDF file.

Closing date for applications: 31 December 2019

Contact: Head, R. C. Bose Centre for Cryptology and Security, Indian Statistical Institute

rcbose (at) isical.ac.in

More information: https://www.isical.ac.in/JobApplicationFiles/ASSOCIATE%20PROFESSOR%20and%20ASSISTANT%20PROFESSOR%20for%20R%20C%20Bose%20

Expand

31 July 2018

Paderborn University, Germany
Job Posting Job Posting
The IT Security Group of Paderborn University, Germany, is offering a postdoctoral researcher position.

The group has a strongly research-oriented focus and sufficient funds at disposal to buy necessary equipment, enable the attendance of scientific conferences, etc. The competitive salary is based on state tariff TV-L E13/14, 100% position, according to the current tariff in the German state North-Rhine Westphalia.

Applicants are expected to have a strong background and good publication record in modern cryptography, preferably in \"provable security\", a strong interest in theoretical foundations of real-world cryptography, and a strong motivation and ability to perform excellent research. The successful applicant is expected to actively contribute to the research agenda of an ERC-funded project on theoretically-sound real-world cryptography.

Knowledge of the German language is not mandatory. The language spoken within the group and large parts of the institute is English. All students and many people in the city speak good English, and the MSc study courses at the Institute of Computer Science are taught in English.

The position is initially offered for one year, with the option of an extension to two or more years. The starting date is November 1st or later. There is no closing date for applications, the position remains open until filled.

Applications should consist of a single pdf document, containing:

- Cover letter with a brief introduction of the applicant and a short personal statement on the applicant\'s interest in this particular position

- CV and a list of publications

- Optional: one or two letter(s) of recommendation

- Optional: further supporting material

Incomplete applications or obvious mass applications that do not specifically address the offered position can not be considered.

Please submit applications by e-mail to Tibor Jager (e-mail address below). If you need further information or have any questions, then please feel free to contact Tibor.

Closing date for applications: 31 December 2018

Contact: Tibor Jager, tibor.jager (at) upb.de

Expand
Singapore University of Technology and Design (SUTD), Singapore
Job Posting Job Posting
Singapore University of Technology and Design (SUTD) is a young university which was established in collaboration with MIT. iTrust is a Cyber Security Research Center with about 15 inter-disciplinary faculty members from SUTD.

I am looking for promising PhD students who are interested in working in the area of cyber security. The position is fully funded up to 4 years with very competitive scholarship. Candidates should have an excellent background (with Bachelor or Master degree and CGPA>80%) in mathematics or computer science/engineering and the ability to work on inter-disciplinary research projects. Acquaintance with cryptography and network/system security concepts as well as some programming skills will be considered as strong assets.

For the Jan 2019 intake, the application deadline is 30th September 2018. More information of the PhD program is available at https://istd.sutd.edu.sg/phd/phd-overview/.

Interested candidates please send your CV to Prof. Jianying Zhou.

Closing date for applications: 30 September 2018

Contact: Prof. Jianying Zhou

jianying_zhou (at) sutd.edu.sg

More information: http://jianying.space/

Expand
Montreal, Canada, 13 November - 15 November 2018
Event Calendar Event Calendar
Event date: 13 November to 15 November 2018
Submission deadline: 3 September 2018
Notification: 8 October 2018
Expand

29 July 2018

Irvine, USA, 17 September - 21 September 2018
Event Calendar Event Calendar
Event date: 17 September to 21 September 2018
Expand

27 July 2018

JP Morgan - ROAR Data
Job Posting Job Posting
Here’s something to ponder. Each of three people possess an integer modulo seven. They must determine the sum of their integers modulo seven without use of a trusted third party, and ensuring that the Bayesian posterior for all participants is precisely the prior conditioned on the new information only.

We’re guessing you know that one. If you enjoy privacy preserving computation and recognize the potential, you might want to join a team of top tier engineers, data scientists, mathematicians and cryptographers working on the ROAR platform. You will collaborate across engineering and business units to help build a next-generation prediction platform used by the bank, the bank’s clients, and eventually - we hope - the entire world.

You will:

• Design, implement and improve techniques for privacy preserving Machine Learning using whatever techniques are most appropriate (cryptographic, statistical and a combination of the two).

• Design, implement and improve partial structure preserving data obfuscation methodologies

• Design and analyze hypothetical statistical attacks, real and hypothetical

• Design and build into our contest framework new primitives, and combinations of the same, to expand the possibilities for crowd-sourcing data, predictions and models.

• Work with leading experts in secure multiparty computation.

• Collaborate with researchers and students as part of the JP Morgan/ ROAR partnership with MIT, which involves Sloan CIDL and MIT CSAIL.

• Adapt privacy methods to real-time data streams.

Closing date for applications: 25 July 2019

Contact: send CV to marc.gammon (at) jpmchase.com

Expand
Paderborn University
Job Posting Job Posting
Successful applicants should be well established in at least one specialisation of computer security and should bring new expertise to the department. Possible areas of expertise are:

- Security Engineering

- Security of Cyber-Physical Systems

- Securing Long Term & Long Lived Systems

- Computer Architecture Security

- Language-based Security

A successful applicant should demonstrate experience in the application and execution of third party funding projects, such as DFG Projects. Candidates must be ready and willing to participate in collaborative applications of interdisciplinary research projects, and to actively integrate into existing projects. Paderborn University offers several possibilities for crossdisciplinary research, such as the CRC 901 “On-the-fly Computing”, as well as institutions such as the Software Innovation Campus Project (SICP), the Paderborn Center for Parallel Computing (PC²) and the Heinz-Nixdorf Institute (HNI). Another vital criterion is the willingness to work with other professors in the department.

Please see the referenced .pdf document for further information.

Closing date for applications: 30 September 2018

Contact: Prof. Dr. Holger Karl (eim-i-prodekan@uni[at]uni-paderborn.de) and Prof. Dr.-Ing. Tibor Jager (tibor.jager[at]upb.de).

More information: https://www.uni-paderborn.de/fileadmin/zv/4-4/stellenangebote/Kennziffer3427Englisch.pdf

Expand
◄ Previous Next ►