Here you can see all recent updates to the IACR webpage. These updates are also available:
28 July 2022
Secure and Efficient Implicit Certificates: Improving the Performance for Host Identity Protocol in IoT
Zhaokang Lu, Jianzhu LuePrint Report
Douglas W. Jones, Sunoo Park, Ronald L. Rivest, Adam SealfonePrint Report
We present three rescan audit protocols and analyze their statistical guarantees. We first present a simple scheme illustrating our basic idea in a simplified two-candidate setting. We then extend this scheme to allow (1) more than two candidates; (2) processing of ballots in batches; and (3) tolerating imperfect scanners, as long as scanning errors are too infrequent to affect the election outcome. Finally, we propose and discuss an alternate scheme that reduces the trust assumptions placed on the shuffling mechanism at the expense of adding an additional scan. Our proposals require manual handling or inspection of 10–100 ballots per batch in a variety of settings, in contrast to existing techniques that require hand inspecting many more ballots in close elections. Unlike prior techniques that depend on the *relative* margin of victory, our protocols are to our knowledge the first to depend on the *absolute* margin, and give meaningful guarantees even for extremely close elections: e.g., absolute margins of tens or hundreds of votes.
Matilda Backendal, Miro Haller, Kenneth G. PatersonePrint Report
We provide a detailed analysis of MEGA’s use of cryptography in such a malicious server setting. We present five distinct attacks against MEGA, which together allow for a full compromise of the confidentiality of user files. Additionally, the integrity of user data is damaged to the extent that an attacker can insert malicious files of their choice which pass all authenticity checks of the client. We built proof-of-concept versions of all the attacks. Four of the five attacks are eminently practical. They have all been responsibly disclosed to MEGA and remediation is underway.
Taken together, our attacks highlight significant shortcomings in MEGA’s cryptographic architecture. We present immediately deployable countermeasures, as well as longer-term recommendations. We also provide a broader discussion of the challenges of cryptographic deployment at massive scale under strong threat models.
Oguzhan Ersoy, Pedro Moreno-Sanchez, Stefanie RoosePrint Report
We introduce Bailout, the first protocol that allows intermediary parties in a multi-hop payment to unlock their coins before the payment completes by re-routing the payment over an alternative path. We achieve this by creating a circular payment route starting from the intermediary party in the opposite direction of the original payment. Once the circular payment is locked, both payments are canceled for the intermediary party, which frees the coins of the corresponding channels. This way, we create an alternative route for the ongoing multi-hop payment without involving the sender or receiver. The parties on the alternative path are incentivized to participate through fees.
We prove the security of our protocol in the Universal Composability (UC) framework. Furthermore, we evaluate the utility of our protocol using a real-world Lightning Network snapshot. Bailouts may fail due to insufficient balance in alternative paths used for re-routing. We find that attempts of a node to bailout typically succeed with a probability of more than 94% if at least one alternative path exists.
Jim Posen, Assimakis A. KattisePrint Report
Junhao Huang, Jipeng Zhang, Haosong Zhao, Zhe Liu, Ray C. C. Cheung, Çetin Kaya Koç, Donglong ChenePrint Report
Andrea Caforio, Daniel Collins, Subhadeep Banik, Francesco RegazzoniePrint Report
In this paper, we fill this gap regarding efficient field arithmetic in bit- serial circuits, and propose a lightweight circuit for GIFT-COFB that occupies less than 1500 GE, making it the to-date most area-efficient implementation of this construction. In a second step, we demonstrate how the additional operations in the mode can be executed concurrently with GIFT itself so that the total latency is significantly reduced whilst incurring only a modest area increase. Finally, we propose a first-order threshold implementation of GIFT-COFB, which we experimentally verify resists first-order side-channel analysis.
Harishma Boyapally, Sikhar Patranabis, Debdeep MukhopadhyayePrint Report
24 July 2022
Kolkata, India, 11 December - 14 December 2022Event Calendar
Submission deadline: 1 September 2022
Notification: 15 October 2022
TU DarmstadtJob Posting
Topics of particular interest include (but are not limited to):
- Leakage/tamper resilient cryptography
- Cryptography for blockchains and cryptocurrencies
- Multiparty computation & threshold cryptography
- Completed Master's degree (or equivalent) with excellent grades in computer science, mathematics or a similar area.
- Strong mathematical and/or algorithmic/theoretical CS background
- Good knowledge of cryptography. Knowledge in concepts of provable security is a plus.
- Fluent written and verbal communication skills in English
Review of applications starts immediately until the position is filled. For further information please visit: https://www.informatik.tu-darmstadt.de/cac/cac/index.en.jsp
Closing date for applications:
Contact: Sebastian Faust (email@example.com)
Huawei German Research Center, MunichJob Posting
The ideal candidate would have background in probabilistic reasoning and logic or formal methods and understanding of security.
The position is connected to a new EU Project starting in September 2022 on Security and Trust in Connected, Cooperative, Automated Mobility (CCAM). The PhD candidate will be funded by the project and PhD topic will be connected directly to the research inside this project. Goal is to complete it in 3 years.
- Perform research and develop new solutions for Trust Management in the Next-Generation CCAM technologies.
- Contribute to new mechanisms for assessing dynamic trust relationship based on Zero Trust and Subjective Logic.
- Define a trust model and trust reasoning framework based on which involved entities can establish trust for cooperatively executing safety-critical functions.
- Contribute to the research and development of technologies in the upcoming domain of Connected, Cooperative and Automated Mobility (CCAM).
- Being involved in international initiatives including industry groups such as 5GAA, Gaia-X, DIF and Horizon Europe research projects.
- Completed master studies (or equivalent) in computer science, information technology, electrical engineering, or mathematics;
- Background in probabilistic reasoning and logic or formal methods
- Exposure and understanding of data protection and security development technologies;
- Good programming skill;
- Fluent in English;
Closing date for applications:
Contact: Ioannis Krontiris (firstname.lastname@example.org)
23 July 2022
Anubhab Baksi, Arghya Bhattacharjee, Jakub Breier, Takanori Isobe, Mridul NandiePrint Report
In this work, we revisit the work by Peyrin and Wang in a greater depth. We discuss the relevant aspects with more clarity, thereby addressing some of the important issues connected to a backdoor construction. The main contribution, however, comes as a new proof-of-concept block cipher with an innate backdoor, named ZUGZWANG. Unlike Malicious, which needs new/experimental concepts like partially non-linear layer; our cipher entirely relies on concepts which are well-established for decades (such as, using an one-way function as a Feistel cipher's state-update), and also offers quite a few advantages over Malicious (easy to visualise, succeeds with probability 1, and so on). Having known the secret backdoor entry, one can recover the secret key with only 1 plaintext query to our cipher; but it is secure otherwise. As the icing on the cake, we show the provable security claims for our cipher.
Michael Fahr Jr., Hunter Kippen, Andrew Kwong, Thinh Dang, Jacob Lichtinger, Dana Dachman-Soled, Daniel Genkin, Alexander Nelson, Ray Perlner, Arkady Yerukhimovich, Daniel AponePrint Report
Then, we perform a decryption failure attack, using a variety of publicly-accessible supercomputing resources running on the order of only 200,000 core-hours. We delicately attenuate the decryption failure rate to ensure that the adversary's attack succeeds practically, but so honest users cannot easily detect the manipulation.
Achieving this public key "poisoning" requires an extreme engineering effort, as FrodoKEM's KeyGen runs on the order of 8 milliseconds. (Prior Rowhammer-assisted attacks against cryptography require as long as 8 hours of persistent access.) In order to handle this real-world timing condition, we require a wide variety of prior and brand new, low-level engineering techniques, including e.g. memory massaging algorithms -- i.e. "Feng Shui" -- and a precisely-targeted performance degradation attack on the extendable output function SHAKE.
We explore the applicability of our techniques to other lattice-based KEMs in the NIST PQC Round 3 candidate-pool, e.g. Kyber, Saber, etc, as well as the difficulties that arise in the various settings. To conclude, we discuss various simple countermeasures to protect implementations against this, and similar, attacks.
Jiajun Du, Zhonghui Ge, Yu Long, Zhen Liu, Shifeng Sun, Xian Xu, Dawu GuePrint Report
In this paper, we propose MixCT, a generic protocol that provides the mixing service for confidential payment systems built from homomorphic commitment in the account-based model. We formally define the security goals including safety and availability, and prove that our generic construction satisfies them. Furthermore, we provide an efficient instantiation of MixCT by the Pedersen commitment and the one-out-of-many proof. The evaluation results show that MixCT introduces a small cost for its users while being highly compatible with the underlying confidential blockchain.