International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.

Here you can see all recent updates to the IACR webpage. These updates are also available:

email icon
via email
RSS symbol icon
via RSS feed

11 May 2020

Award Award
The IACR Fellows Program recognizes outstanding IACR members for technical and professional contributions to the field of cryptology. Today we are pleased to announce five members that have been elevated to the rank of Fellow for 2020:
  • Yevgeniy Dodis, for fundamental contributions to cryptology, especially to cryptographic randomness and symmetric-key primitives, and for service to the IACR.
  • Rosario Gennaro, for essential contributions, including to threshold cryptography, delegated computation, and lower bounds, and for service to the IACR.
  • Xuejia Lai, for fundamental contributions to research in symmetric-key cryptography, and for service to the IACR.
  • Tal Malkin, for foundational contributions, including black-box separations, multiparty computation, and tamper resilience, and for service to the IACR.
  • David Naccache, for significant contributions to applied cryptography in industry and academia, and for the service to the IACR.
Congratulations to the new fellows! More information about the IACR Fellows Program can be found at https://iacr.org/fellows/.
Expand

10 May 2020

Philippe Camacho
ePrint Report ePrint Report
A cryptographic accumulator is a scheme where a set of elements is represented by a single short value. This value, along with another value called witness allows to prove membership into the set. In their survey on accumulators [FN02], Fazzio and Nicolisi noted that the Camenisch and Lysyanskaya's construction[CL02] was such that the time to update a witness after m changes to the accumulated value was proportional to m. They posed the question whether batch update was possible, namely if it was possible to build a cryptographic accumulator where the time to update witnesses is independent from the number of changes in the accumulated set. Recently, Wang et al. answered positively by giving a construction for an accumulator with batch update in [WWP07, WWP08]. In this work we show that the construction is not secure by exhibiting an attack. Moreover, we prove it cannot be fixed. If the accumulated value has been updated m times, then the time to update a witness must be at least (m) in the worst case.
Expand
Hugo Krawczyk
ePrint Report ePrint Report
In spite of the central role of key derivation functions (KDF) in applied cryptography, there has been little formal work addressing the design and analysis of general multi-purpose KDFs. In practice, most KDFs (including those widely standardized) follow ad-hoc approaches that treat cryptographic hash functions as perfectly random functions. In this paper we close some gaps between theory and practice by contributing to the study and engineering of KDFs in several ways. We provide detailed rationale for the design of KDFs based on the extract-then-expand approach; we present the first general and rigorous definition of KDFs and their security which we base on the notion of computational extractors; we specify a concrete fully practical KDF based on the HMAC construction; and we provide an analysis of this construction based on the extraction and pseudorandom properties of HMAC. The resultant KDF design can support a large variety of KDF applications under suitable assumptions on the underlying hash function; particular attention and effort is devoted to minimizing these assumptions as much as possible for each usage scenario.

Beyond the theoretical interest in modeling KDFs, this work is intended to address two important and timely needs of cryptographic applications: (i) providing a single hash-based KDF design that can be standardized for use in multiple and diverse applications, and (ii) providing a conservative, yet efficient, design that exercises much care in the way it utilizes a cryptographic hash function.

(The HMAC-based scheme presented here, named HKDF, is being standardized by the IETF.)
Expand
Benjamin Dowling, Britta Hale
ePrint Report ePrint Report
Modern messaging applications often rely on out-of-band communication to achieve entity authentication, with human users actively verifying and attesting to long-term public keys. This "user-mediated" authentication is done primarily to reduce reliance on trusted third parties by replacing that role with the user. Despite a great deal of research focusing on analyzing the confidentiality aspect of secure messaging, the authenticity aspect of it has been largely assumed away. Consequently, while many existing protocols provide some confidentiality guarantees after a compromise, such as post-compromise security (PCS), authenticity guarantees are generally lost. This leads directly to potential man-in-the-middle (MitM) attacks within the intended threat model. In this work, we address this gap by proposing a model to formally capture user-mediated entity authentication in ratcheted secure messaging protocols that can be composed with any ratcheted key exchange. Our threat model captures post-compromise entity authentication security. We demonstrate that the Signal application's user-mediated authentication protocol cannot be proven secure in this model and suggest a straightforward fix for Signal that allows the detection of an active adversary. Our results have direct implications for other existing and future ratcheted secure messaging applications.
Expand
Rosario Gennaro, Steven Goldfeder
ePrint Report ePrint Report
Threshold ECDSA signatures have received much attention in recent years due to the widespread use of ECDSA in cryptocurrencies. While various protocols now exist that admit efficient distributed key generation and signing, these protocols have two main drawbacks. Firstly, if a player misbehaves, the protocol will abort, but all current protocols give no way to detect which player is responsible for the abort. In distributed settings, this can be catastrophic as any player can cause the protocol to fail without any consequence. General techniques to realize dishonest-majority MPC with identifiable abort add a prohibitive overhead, but we show how to build a tailored protocol for threshold ECDSA with minimal overhead. Secondly, current threshold ECDSA protocols (that do not rely on generic MPC) have numerous rounds of interaction. We present a highly efficient protocol with a non-interactive online phase allowing for players to asynchronously participate in the protocol without the need to be online simultaneously. We benchmark our protocols and find that our protocol simultaneously reduces the rounds and computations of current protocols, while adding significant functionality: identifiable abort and noninteractivity.
Expand
Hao Chen, Lynn Chua, Kristin Lauter, Yongsoo Song
ePrint Report ePrint Report
Lattice-based cryptography is currently under consideration for standardization in the ongoing NIST PQC Post-Quantum Cryptography competition, and is used as the basis for Homomorphic Encryption schemes world-wide. Both applications rely specifically on the hardness of the Learning With Errors (LWE) problem. Most Homomorphic Encryption deployments use small secrets as an optimization, so it is important to understand the concrete security of LWE when sampling the secret from a non-uniform, small distribution. Although there are numerous heuristics used to estimate the running time and quality of lattice reduction algorithms such as BKZ2.0, more work is needed to validate and test these heuristics in practice to provide concrete security parameter recommendations, especially in the case of small secret. In this work, we introduce a new approach which uses concrete attacks on the LWE problem as a way to study the performance and quality of BKZ2.0 directly. We find that the security levels for certain values of the modulus q and dimension n are smaller than predicted by the online LWE Estimator, due to the fact that the attacks succeed on these uSVP lattices for blocksizes which are smaller than expected based on current estimates. We also find that many instances of the TU Darmstadt LWE challenges can be solved significantly faster when the secret is chosen from the binary or ternary distributions.
Expand

09 May 2020

CRYPTO CRYPTO
CRYPTO 2020 is the 40th Annual International Cryptology Conference and one of the three general conferences of the International Association for Cryptologic Research (IACR). It was originally scheduled to take place on the campus of University of California, Santa Barbara (UCSB), August 16-20. However, due to the COVID-19 pandemic, UCSB has cancelled all summer 2020 conferences.

As a result, CRYPTO 2020 has been converted into an all-digital event with slightly changed dates. It is now scheduled to take place online Monday-Friday, August 17-21. The conference proceedings will be published according to the original schedule.

Details about the new all-digital event, including its scientific program and registration process, will be communicated at a later time via the usual IACR channels and the conference website.

The board wishes safety and health to all our members during these challenging times.

Expand

08 May 2020

Polytechnic University hauts-De-France
Job Posting Job Posting
We are looking for a highly motivated candidate for one renewable year post-doctoral researcher interested in machine learning for secure Lab-on-Chip (LoC). The research will be conducted within a collaborative, international and highly stimulating environment. The working place will be the IEMN Lab (CNRS 5820) at Polytechnic University Hauts-de-France (UPHF) situated in Valenciennes, France. The research will also involve collaborations from George Mason University (Waschington, USA) and University of California Riverside. The aim of this project is to develop privacy and security-aware machine learning based techniques that are intended to be integrated in a LoC. Expected Qualifications: PhD in Computer Science, Electronics , or Applied Mathematics with strong expertise in machine learning High-quality publications Ability to work in a highly collaborative and interdisciplinary environment Experience with Machine Learning, Security of ML Familiarity with signal processing theory A background in cryptography, cybersecurity, side-channel attacks is a bonus Fluency in English, both written and spoken Job application: The position is expected to start in September 2020. For application, please send the following information in a single PDF file to Ihsen Alouani (ihsen.alouani@uphf.fr) with subject [Post_Doc_ML-LoC]: ·A letter of motivation ·A curriculum vitae, including a list of publications; ·The contact information of two references The research will be held at Polytechnic University Hauts-de-France (UPHF) in Valenciennes, France and more specifically at the IEMN Lab (Institut d’Electronique, Micro-electronique et Nanotechnologie, https://www.uphf.fr/DOAE/), Campus Mont-Houy Valenciennes in an international environment and a strategic geographical place (2h from Paris by train, 1h from Brussels by train, 2h from London by Eurostar). Polytechnic University Hauts-de-France (UPHF) provides an excellent research environment with recognized research teams in different areas. **** NB: ***** Because of Covid-19 crisis, we will NOT be able to accept candidates from outside Schengen Space

Closing date for applications:

Contact: Ihsen Alouani --email-- ihsen.alouani@uphf.fr

More information: https://www.hipeac.net/jobs/11457/postdoc-embedded-machine-learning-for-secure-lab-on-chip/

Expand
Beijing Genomics Institute, Shenzhen, China
Job Posting Job Posting
Responsibilities

1. Collaborate with other biological data scientists and responsible for health data (eg. genetic data) security and privacy protection research and development. Propose new solutions based on cutting-edge security technology to meet the needs of healthcare field.

2. Follow up research on the application of cutting-edge cryptography technology, cryptographic algorithm implementation and performance optimization, such as lattice cryptography, homomorphic encryption, and zero-knowledge proof in the field of blockchain or data storage.

Qualifications

1. Master degree or above (PhD prefered) in cryptography, computer science, mathematics or related fields

2. Excellent in security fundamentals, such as digest algorithm, symmetric encryption, asymmetric encryption and signature algorithm principles and their implementation

3. Familiar with cutting-edge cryptography technologies, including secure multi-party computing, homomorphic encryption, etc .

4. Interested in healthcare big data management and privacy protection

Closing date for applications:

Contact: Dr. Yuantong Ding, dingyuantong(at)genomics.cn

Expand
Osaka University, Graduate School of Engineering, Suita-city, Japan
Job Posting Job Posting
[Summary] Osaka University invites applications from outstanding individuals for a faculty position in the field of Cryptology and network security area in Graduate School of Engineering. [Explanation of institution (recruitment background, institution details, explanation of project, etc.)] cryptology, privacy in the field of Information Security, algebraic and number-theoretic algorithms, secure network or software [Job details (duties, subject responsible for, etc.)] Research and Education of information security [Address of work location and other information] 2-1 Yamadaoka, Suita, Osaka, Japan 565-0871 Suita Campus, Osaka University [Available positions (Job title, number of positions, etc.)] Specially Appointed Associate (full time) 1 person. English job title "Specially Appointed Associate" corresponds to the JREC-IN Portal job type "Assistant Professor level" at Osaka University. [Starting date] October 1st, 2020 (as soon as possible, negotiable)

Closing date for applications:

Contact: Atsuko Miyaji phone number: 06-6879-7715 E-Mail myj-comm-course@crypto-cybersec.comm.eng.osaka-u.ac.jp

More information: https://jrecin.jst.go.jp/seek/SeekJorDetail?fn=3&dt=1&id=D120030124&ln_jor=1

Expand
University of California Davis
Job Posting Job Posting
The University of California Davis ASEEC laboratory https://www.ece.ucdavis.edu/~hhomayou/ and National Science Foundation Center for Hardware Security (NSF CHEST) https://nsfchest.org/ is recruiting up to two talented postdoctoral researchers to expand its research activities in the area of applied machine learning and hardware security. In particular, we are looking for two experts with strong scientific background, good communication skills, and solid experience in one of the following areas:

1. Computer System Security
The successful candidate will perform research in the area of hardware security, computer architecture security, IoT security, and system cybersecurity.

2. Applied Machine Learning
The successful candidate will perform research in the area of applied machine learning. Some of the topics of interests are graph analytics, graph neural network, adversarial machine learning, and machine learning privacy, deep learning, reinforcement learning, and machine learning computational complexity.

Applicants should submit a curriculum vitae, and names/contact information of three references in a single PDF file to: hhomayoun@ucdavis.edu

Closing date for applications:

Contact: hhomayoun@ucdavis.edu

More information: https://ece.ucdavis.edu/news/current-opportunities-uc-davis-ece

Expand
Koç University, İstanbul, Turkey
Job Posting Job Posting
Cryptography, Security & Privacy Research Group at Koç University has multiple openings at every level. Accepted applicants may receive competitive scholarships including monthly stipend, tuition waiver, housing (accommodation) support, health insurance, computer, travel support, and lunch meal card.

Your duties include performing research on cryptography, security, and privacy in line with our research group's focus, assist teaching, and collaborate with other graduate and undergraduate students.

For applying online, and questions about the application-process for M.Sc. and Ph.D. positions, visit

https://gsse.ku.edu.tr/en/admissions/application-requirements

All applications must be completed online. Applications with missing documents will not be considered.

For more information about joining our group and projects, visit

https://crypto.ku.edu.tr/work-with-us/

Admission Requirements:
  1. CV
  2. Recommendation Letters (2 for MSc, 3 for Ph.D)
  3. TOEFL (for those whose native language is not English, Internet Based: Minimum Score 80)
  4. GRE scores (required from non-Turkish nationals)
  5. Official transcripts from all the universities attended
  6. Statement of Purpose
  7. Area of Interest Form filled online

Closing date for applications:

Contact: https://gsse.ku.edu.tr/en/admissions/how-to-apply/

More information: https://gsse.ku.edu.tr/en/admissions/application-requirements

Expand
University of Klagenfurt, Austria
Job Posting Job Posting

We are hiring a fixed term (4 year) lecturer in the area of Cybersecurity.

We invite applicants with a back ground (i.e. PhD) in either cybersecurity or statistics/AI/data science (assuming they are interested in a cybersecurity angle to their work).

The minimum monthly gross salary for this position amounts to € 3.889,50 (14 times per year) and can increase to € 4.309,30 (B1 lit. c) maximum in the case of consideration of previous occupational experience. The four-year fixed-term employment contract is expected to commence in August 2020 (but this is negotiable).

The position is within the newly established Cybersecurity group headed by Elisabeth Oswald. The group's research agenda evolves around data centric aspects of applied cryptography and more generally cybersecurity; this includes research around side channels, crypto (for privacy), and more generically the intersection between security/statistics/data science/AI.

The position holder is expected to contribute to teaching (4 contact hrs per week during term time, subject specific teaching only; the group leads on the newly established MSc on AI and Cybersecurity) and develop their own research agenda.

Closing date for applications:

Contact: Elisabeth Oswald (Elisabeth.Oswald @ aau.at)

More information: http://www.cybersecurityresearch.at

Expand
Tarragona, Catalonia, 23 September - 25 September 2020
Event Calendar Event Calendar
Event date: 23 September to 25 September 2020
Submission deadline: 1 June 2020
Notification: 26 June 2020
Expand
Seoul, South Korea, 2 December - 4 December 2020
Event Calendar Event Calendar
Event date: 2 December to 4 December 2020
Submission deadline: 26 August 2020
Notification: 26 October 2020
Expand
Aalborg University, Copenhagen Denmark
Job Posting Job Posting
At the Technical Faculty of IT and Design, Department of Electronic Systems, one or more positions as Assistant Professor in Cyber Security are open for appointment from September 1, 2020, or soon hereafter. The positions are available for a period of 4 years. The workplace is at Aalborg University Copenhagen.

JOB DESCRIPTION

We seek to appoint one or more Assistant Professors in Cyber Security. The selected candidate(s) will join a team of academics with a comprehensive research and teaching portfolio in the area of cyber security, and participate in the starting up of a new M.Sc. programme in Cybersecurity, which is taught in English.

The position(s) require internationally recognized research experience in one or more of the following areas:

  • Network security, Network Traffic Analysis and Anomaly Detection, including applied machine learning
  • DNS traffic analysis and detection of malicious domains, Honeypots and sandboxing
  • Security and privacy challenges in Internet of Things and Cloud solutions, Privacy enhancing technologies, Privacy by design, Secure Digital Identities, and Identity and Access management.

    The main tasks and responsibilities include:

  • Research, including publication of results and co-supervision of research students
  • Teaching and assessment of students
  • Acquiring research funding and coordinating profitable projects
  • Strengthening of our relationship with private industry partners within the field.

    For more information please see: https://www.stillinger.aau.dk/vis-stilling/?vacancy=1096542

    Closing date for applications:

    Contact: Jens Myrup Pedersen, email: jens@es.aau.dk.

    More information: https://www.stillinger.aau.dk/vis-stilling/?vacancy=1096542

  • Expand

    07 May 2020

    Liliya Kraleva, Tomer Ashur, Vincent Rijmen
    ePrint Report ePrint Report
    In this paper we analyse the algorithm Chaskey - a lightweight MAC algorithm for 32-bit micro controllers - with respect to rotational cryptanalysis. We perform a related-key attack over Chaskey and find a distinguisher by using rotational probabilities. Having a message $m$ we can forge and present a valid tag for some message under a related key with probability $2^{-57}$ for 8 rounds and $2^{-86}$ for all 12 rounds of the permutation for keys in a defined weak-key class. This attack can be extended to full key recovery with complexity $2^{120}$ for the full number of rounds. To our knowledge this is the first published attack targeting all 12 rounds of the algorithm. Additionally, we generalize the Markov theory with respect to a relation between two plaintexts and not their difference and apply it for rotational pairs.
    Expand
    Carsten Baum, Bernardo David, Rafael Dowsley, Jesper Buus Nielsen, Sabine Oechsner
    ePrint Report ePrint Report
    This work introduces an extension of the UC framework with an abstract notion of time that allows for modeling relative delays in communication and sequential computation without requiring parties to keep track of a clock. The potential uses of this extension are demonstrated by: (1) formalizing a functionality for (semi-)synchronous secure message transmission; (2) formalizing the notion of time-lock puzzles in the UC setting and showing how to realize it in the restricted programmable and observable global random oracle model; (3) showing that UC time-lock puzzles yield UC-secure fair coin flips; (4) showing that UC-secure two-party computation realizing a new notion of output-independent abort can be obtained leveraging composable time-lock puzzles. Finally, we show that a programmable random oracle is necessary to obtain UC-secure fair coin flip, secure two-party computation with output-independent abort or time-lock puzzles, which yields a new separation between programmable and non-programmable random oracles.
    Expand
    Carlos Cid, Lorenzo Grassi, Reinhard Lüftenegger, Christian Rechberger, Markus Schofnegger
    ePrint Report ePrint Report
    Higher-order differential attacks are among the most powerful attacks against low-degree ciphers and hash functions. Predicting the evolution of the algebraic degree of the cipher (as a function of the number of rounds) is the main obstacle in assessing the feasibility of these attacks. For an SPN cipher over a finite field $\mathbb F$ of characteristic 2 with round function of algebraic degree $\delta$, it is a common belief that the degree of the cipher grows almost exponentially with $\delta$. However, for an iterated Even--Mansour cipher whose round function can be described as an invertible low-degree polynomial over $\mathbb F_{2^n}$ it has recently been shown that the algebraic degree grows linearly with the number of rounds, and not exponentially.

    In this paper we generalise these results for SPN ciphers, showing that the growth of the algebraic degree is often linear for SPN ciphers with low-degree S-Boxes as well. We prove that the initial exponential growth of the degree turns into a linear growth after a certain number of rounds. Our analysis includes iterated Even--Mansour and MiMC-like ciphers as a special case, but most notably it also applies to SPN ciphers designed to be competitive for recent applications like MPC, FHE, SNARKs, and STARKs (e.g., HadesMiMC). Our findings have been practically verified on small-scale ciphers.
    Expand
    Geoffroy Couteau, Shuichi Katsumata, Bogdan Ursu
    ePrint Report ePrint Report
    We provide two new constructions of non-interactive zero-knowledge arguments (NIZKs) for NP from discrete-logarithm-style assumptions over cyclic groups, without relying on pairings. A previous construction from (Canetti et al., Eurocrypt'18) achieves such NIZKs under the assumption that no efficient adversary can break the key-dependent message (KDM) security of (additive) ElGamal with respect to all (even inefficient) functions over groups of size $2^\lambda$, with probability better than $\mathsf{poly}(\lambda)/2^{\lambda}$. This is an extremely strong, non-falsifiable assumption. In particular, even mild (polynomial) improvements over the current best-known attacks on the discrete logarithm problem would already contradict this assumption. (Canetti et al. STOC'19) describe how to improve the assumption to rely only on KDM security with respect to efficient functions while additionally assuming public-key encryption schemes, therefore obtaining an assumption that is (in spirit) falsifiable.

    Our first construction improves this state of affairs. We provide a construction of NIZKs for NP under the CDH assumption together with the assumption that no efficient adversary can break the key-dependent message one-wayness of ElGamal with respect to efficient functions over groups of size $2^\lambda$, with probability better than $\mathsf{poly}(\lambda)/2^{c\lambda}$ (denoted $2^{-c\lambda}$-OWKDM), for a constant $c = 3/4$. Unlike the previous assumption, our assumption leaves an exponential gap between the best-known attack and the required security guarantee.

    Our second construction is interested in the case where CDH does not hold. Namely, as a second contribution, we construct an infinitely often NIZK argument system for NP (where soundness and zero-knowledge are only guaranteed to hold for infinitely many security parameters), under the assumption that CDH is easy together with the $2^{-c\lambda}$-OWKDM security of ElGamal with $c = 28/29+o(1)$ and the existence of low-depth pseudorandom generators (PRG).

    Combining our two results, we obtain a construction of (infinitely-often) NIZKs for NP under the $2^{-c\lambda}$-OWKDM security of ElGamal with $c = 28/29+o(1)$ and the existence of low-depth PRG, independently of whether CDH holds. To our knowledge, since neither OWKDM security of ElGamal nor low-depth PRGs are known to imply public key encryption, this provides the first construction of NIZKs from concrete and falsifiable Minicrypt-style assumptions.
    Expand