## IACR News

Updates on the COVID-19 situation are on the Announcement channel.

Here you can see all recent updates to the IACR webpage. These updates are also available:

#### 28 July 2022

###### Zhaokang Lu, Jianzhu Lu
ePrint Report
Implicit certificates own the shorter public key validation data. This property makes them appealing in resource-constrained IoT systems where public key validation is performed very often, which is common in Host Identity Protocol (HIP). However, it is still a critical challenge in IoT how to guarantee the security and efficiency of implicit certificates. This article presents a forgery attack for the Privacy-aware HIP (P-HIP), and then propose a Secure and Efficient Implicit Certificate (SEIC) scheme that can improve the security of the P-HIP and the efficiency of elliptic-curve point multiplications for IoT devices. For a fix-point multiplication, the proposed approach is about 1:5 times faster than the method in SIMPL scheme. Furthermore, we improve the performance of SEIC with the butterfly key expansion process, and then construct an improved P-HIP. Experimental results show that the improved P-HIP can achieve the performance gains.
###### Douglas W. Jones, Sunoo Park, Ronald L. Rivest, Adam Sealfon
ePrint Report
We introduce a new way to conduct post-election audits using untrusted scanners. Audits perform statistical hypothesis testing to confirm election outcomes. However, existing approaches are costly and laborious for close elections—often the most important cases to audit—requiring extensive hand inspection of ballots. We instead employ automated consistency checks, augmented by manual checks of only a small number of ballots. Our protocols scan each ballot twice, shuffling the ballots between the scans. This gives strong statistical guarantees even for close elections, as long as (1) the permutation accomplished by the shuffle is unknown to the scanners and (2) the scanners cannot reliably identify a particular ballot among others cast for the same candidate. In practice, ballots often have distinguishing features, of course; but we argue that reasonable measures can limit their detection by scanners under controlled conditions. Our techniques drastically reduce the time, expense, and labor of auditing close elections, which we hope will facilitate wider deployment.

We present three rescan audit protocols and analyze their statistical guarantees. We first present a simple scheme illustrating our basic idea in a simplified two-candidate setting. We then extend this scheme to allow (1) more than two candidates; (2) processing of ballots in batches; and (3) tolerating imperfect scanners, as long as scanning errors are too infrequent to affect the election outcome. Finally, we propose and discuss an alternate scheme that reduces the trust assumptions placed on the shuffling mechanism at the expense of adding an additional scan. Our proposals require manual handling or inspection of 10–100 ballots per batch in a variety of settings, in contrast to existing techniques that require hand inspecting many more ballots in close elections. Unlike prior techniques that depend on the *relative* margin of victory, our protocols are to our knowledge the first to depend on the *absolute* margin, and give meaningful guarantees even for extremely close elections: e.g., absolute margins of tens or hundreds of votes.
###### Matilda Backendal, Miro Haller, Kenneth G. Paterson
ePrint Report
MEGA is a leading cloud storage platform with more than 250 million users and 1000 Petabytes of stored data. MEGA claims to offer user-controlled, end-to-end security. This is achieved by having all data encryption and decryption operations done on MEGA clients, under the control of keys that are only available to those clients. This is intended to protect MEGA users from attacks by MEGA itself, or by adversaries who have taken control of MEGA’s infrastructure.

We provide a detailed analysis of MEGA’s use of cryptography in such a malicious server setting. We present five distinct attacks against MEGA, which together allow for a full compromise of the confidentiality of user files. Additionally, the integrity of user data is damaged to the extent that an attacker can insert malicious files of their choice which pass all authenticity checks of the client. We built proof-of-concept versions of all the attacks. Four of the five attacks are eminently practical. They have all been responsibly disclosed to MEGA and remediation is underway.

Taken together, our attacks highlight significant shortcomings in MEGA’s cryptographic architecture. We present immediately deployable countermeasures, as well as longer-term recommendations. We also provide a broader discussion of the challenges of cryptographic deployment at massive scale under strong threat models.
###### Oguzhan Ersoy, Pedro Moreno-Sanchez, Stefanie Roos
ePrint Report
The Lightning Network, a real-world payment channel network deployed over Bitcoin, provides almost-instant payments to its parties. In addition to direct payments, which require a shared account, parties can pay each other in the form of multi-hop payments via existing payment channels. Such multi-hop payments rely on a 2-phase commit protocol to achieve balance security; that is, no honest intermediary party loses her coins. Unfortunately, failures or attacks in this 2-phase commit protocol can lead to coins being committed (locked) in a payment for extended periods of time (in the order of days in the worst case). During these periods, parties cannot go offline without losing funds due to their existing commitments, even if they use watchtowers. Furthermore, they cannot use the locked funds for initiating or forwarding new payments, reducing their opportunities to use their coins and earn fees.

We introduce Bailout, the first protocol that allows intermediary parties in a multi-hop payment to unlock their coins before the payment completes by re-routing the payment over an alternative path. We achieve this by creating a circular payment route starting from the intermediary party in the opposite direction of the original payment. Once the circular payment is locked, both payments are canceled for the intermediary party, which frees the coins of the corresponding channels. This way, we create an alternative route for the ongoing multi-hop payment without involving the sender or receiver. The parties on the alternative path are incentivized to participate through fees.

We prove the security of our protocol in the Universal Composability (UC) framework. Furthermore, we evaluate the utility of our protocol using a real-world Lightning Network snapshot. Bailouts may fail due to insufficient balance in alternative paths used for re-routing. We find that attempts of a node to bailout typically succeed with a probability of more than 94% if at least one alternative path exists.
###### Jim Posen, Assimakis A. Kattis
ePrint Report
The recent work of Caulk introduces the security notion of position hiding linkability for vector commitment schemes, providing a zero-knowledge argument that a committed vector's elements comprise a subset of some other committed vector. The protocol has very low cost to the prover in the case where the size $m$ of the subset vector is much smaller than the size $n$ of the one containing it. The asymptotic prover complexity is $O(m^2 + m \log n)$, where the $\log n$ dependence comes from a subprotocol showing that the roots of a blinded polynomial are all $n$th roots of unity. In this work, we show how to simplify this argument, replacing the subprotocol with a polynomial divisibility check and thereby reducing the asymptotic prover complexity to $O(m^2)$, removing any dependence on $n$.
###### Junhao Huang, Jipeng Zhang, Haosong Zhao, Zhe Liu, Ray C. C. Cheung, Çetin Kaya Koç, Donglong Chen
ePrint Report
This paper presents an improved Plantard's modular arithmetic (Plantard arithmetic) tailored for Lattice-Based Cryptography (LBC). Based on the improved Plantard arithmetic, we present faster implementations of two LBC schemes, Kyber and NTTRU, running on Cortex-M4. The intrinsic advantage of Plantard arithmetic is that one multiplication can be saved from the modular multiplication of a constant. However, the original Plantard arithmetic is not very practical in LBC schemes because of the limitation on the unsigned input range. In this paper, we improve the Plantard arithmetic and customize it for the existing LBC schemes with theoretical proof. The improved Plantard arithmetic not only inherits its aforementioned advantage but also accepts signed inputs, produces signed output, and enlarges its input range compared with the original design. Moreover, compared with the state-of-the-art Montgomery arithmetic, the improved Plantard arithmetic has a larger input range and smaller output range, which allows better lazy reduction strategies during the NTT/INTT implementation in current LBC schemes. All these merits make it possible to replace the Montgomery arithmetic with the improved Plantard arithmetic in LBC schemes on some platforms. After applying this novel method to Kyber and NTTRU schemes using 16-bit NTT on Cortex-M4 devices, we show that the proposed design outperforms the known fastest implementation that uses Montgomery and Barrett arithmetic. Specifically, compared with the state-of-the-art Kyber implementation, applying the improved Plantard arithmetic in Kyber results in a speedup of 25.02% and 18.56% for NTT and INTT, respectively. Compared with the reference implementation of NTTRU, our NTT and INTT achieve speedup by 83.21% and 78.64%, respectively. As for the LBC KEM schemes, we set new speed records for Kyber and NTTRU running on Cortex-M4.
###### Andrea Caforio, Daniel Collins, Subhadeep Banik, Francesco Regazzoni
ePrint Report
GIFT-COFB is a lightweight AEAD scheme and a submission to the ongoing NIST lightweight cryptography standardization process where it currently competes as a finalist. The construction processes 128-bit blocks with a key and nonce of the same size and has a small register footprint, only requiring a single additional 64-bit register. Be- sides the block cipher, the mode of operation uses a bit permutation and finite field multiplication with different constants. It is a well-known fact that implementing a hardware block cipher in a bit-serial manner, which advances only one bit in the computation pipeline in each clock cycle, results in the smallest circuits. Nevertheless, an efficient bit-serial circuit for a mode of operation that utilizes finite field arithmetic with multiple constants has yet to be demonstrated in the literature.

In this paper, we fill this gap regarding efficient field arithmetic in bit- serial circuits, and propose a lightweight circuit for GIFT-COFB that occupies less than 1500 GE, making it the to-date most area-efficient implementation of this construction. In a second step, we demonstrate how the additional operations in the mode can be executed concurrently with GIFT itself so that the total latency is significantly reduced whilst incurring only a modest area increase. Finally, we propose a first-order threshold implementation of GIFT-COFB, which we experimentally verify resists first-order side-channel analysis.
###### Harishma Boyapally, Sikhar Patranabis, Debdeep Mukhopadhyay
ePrint Report
Physically related functions~(PReFs) are hardware primitives proposed to establish key-exchange between resource-constrained devices with no pre-established secrets. In this paper, we introduce XOR composition of PReFs to eliminate the requirement of revealing the complete functionality of the hardware primitive during the setup phase, which is a prerequisite to setup PReFs. We evaluate the quality of XOR\_PReF design by implementing them on Artix-7 FPGAs.

#### 24 July 2022

###### Kolkata, India, 11 December - 14 December 2022
Event Calendar
Event date: 11 December to 14 December 2022
Job Posting
The Applied Cryptography Group at Technical University of Darmstadt offers a fully funded position as PhD student in Cryptography. The positions is to be filled as soon as possible for 3 years with the possibility of extension. You will conduct research and publish/present the results at top venues for research in cryptography and IT Security.

Topics of particular interest include (but are not limited to):
• Leakage/tamper resilient cryptography
• Cryptography for blockchains and cryptocurrencies
• Multiparty computation & threshold cryptography
• Completed Master's degree (or equivalent) with excellent grades in computer science, mathematics or a similar area.
• Strong mathematical and/or algorithmic/theoretical CS background
• Good knowledge of cryptography. Knowledge in concepts of provable security is a plus.
• Fluent written and verbal communication skills in English
TU Darmstadt is a top research university for IT Security, Cryptography and Computer Science in Europe. We offer excellent working environment in the heart of the Frankfurt Metropolitan Area, which is internationally well-known for a high quality of life.

Review of applications starts immediately until the position is filled. For further information please visit: https://www.informatik.tu-darmstadt.de/cac/cac/index.en.jsp

Closing date for applications:

Contact: Sebastian Faust (office.cac@cysec.de)

###### Huawei German Research Center, Munich
Job Posting
Huawei German Research Center in Munich is looking for a PhD student on Security & Trust - Connected, Cooperative, Automated Mobility (m/f/d).

The ideal candidate would have background in probabilistic reasoning and logic or formal methods and understanding of security.

The position is connected to a new EU Project starting in September 2022 on Security and Trust in Connected, Cooperative, Automated Mobility (CCAM). The PhD candidate will be funded by the project and PhD topic will be connected directly to the research inside this project. Goal is to complete it in 3 years.

Research Topic
• Perform research and develop new solutions for Trust Management in the Next-Generation CCAM technologies.
• Contribute to new mechanisms for assessing dynamic trust relationship based on Zero Trust and Subjective Logic.
• Define a trust model and trust reasoning framework based on which involved entities can establish trust for cooperatively executing safety-critical functions.
Responsibilities
• Contribute to the research and development of technologies in the upcoming domain of Connected, Cooperative and Automated Mobility (CCAM).
• Being involved in international initiatives including industry groups such as 5GAA, Gaia-X, DIF and Horizon Europe research projects.
• Completed master studies (or equivalent) in computer science, information technology, electrical engineering, or mathematics;
• Background in probabilistic reasoning and logic or formal methods
• Exposure and understanding of data protection and security development technologies;
• Good programming skill;
• Fluent in English;

Closing date for applications:

Contact: Ioannis Krontiris (ioannis.krontiris@huawei.com)

#### 23 July 2022

###### Anubhab Baksi, Arghya Bhattacharjee, Jakub Breier, Takanori Isobe, Mridul Nandi
ePrint Report
With the advent of Malicious (Peyrin and Wang, Crypto'20), the question of a cipher with an intentional weakness which is only known to its designer has gained its momentum. In their work, the authors discuss how an otherwise secure cipher can be broken by its designer with the help of a secret backdoor (which is not known to the user/attacker). The contribution of Malicious is to propose a cipher-level construction with a backdoor, where it is computationally infeasible to retrieve the backdoor entry despite knowing how the mechanism works.

In this work, we revisit the work by Peyrin and Wang in a greater depth. We discuss the relevant aspects with more clarity, thereby addressing some of the important issues connected to a backdoor construction. The main contribution, however, comes as a new proof-of-concept block cipher with an innate backdoor, named ZUGZWANG. Unlike Malicious, which needs new/experimental concepts like partially non-linear layer; our cipher entirely relies on concepts which are well-established for decades (such as, using an one-way function as a Feistel cipher's state-update), and also offers quite a few advantages over Malicious (easy to visualise, succeeds with probability 1, and so on). Having known the secret backdoor entry, one can recover the secret key with only 1 plaintext query to our cipher; but it is secure otherwise. As the icing on the cake, we show the provable security claims for our cipher.
###### Michael Fahr Jr., Hunter Kippen, Andrew Kwong, Thinh Dang, Jacob Lichtinger, Dana Dachman-Soled, Daniel Genkin, Alexander Nelson, Ray Perlner, Arkady Yerukhimovich, Daniel Apon
ePrint Report
In this work, we recover the private key material of the FrodoKEM key exchange mechanism as submitted to the NIST Post Quantum Cryptography (PQC) standardization process. The new mechanism that allows for this is a Rowhammer-assisted \emph{poisoning} of the FrodoKEM Key Generation (KeyGen) process. The Rowhammer side-channel is a hardware-based security exploit that allows flipping bits in DRAM by “hammering” rows of memory adjacent to some target-victim memory location by repeated memory accesses. Using Rowhammer, we induce the FrodoKEM software to output a higher-error Public Key (PK), $(\mathbf{A}, \mathbf{B} = \mathbf{A}\mathbf{S}+\mathbf{\widetilde{E}}),$ where the error $\widetilde{\mathbf{E}}$ is modified by Rowhammer.

Then, we perform a decryption failure attack, using a variety of publicly-accessible supercomputing resources running on the order of only 200,000 core-hours. We delicately attenuate the decryption failure rate to ensure that the adversary's attack succeeds practically, but so honest users cannot easily detect the manipulation.

Achieving this public key "poisoning" requires an extreme engineering effort, as FrodoKEM's KeyGen runs on the order of 8 milliseconds. (Prior Rowhammer-assisted attacks against cryptography require as long as 8 hours of persistent access.) In order to handle this real-world timing condition, we require a wide variety of prior and brand new, low-level engineering techniques, including e.g. memory massaging algorithms -- i.e. "Feng Shui" -- and a precisely-targeted performance degradation attack on the extendable output function SHAKE.

We explore the applicability of our techniques to other lattice-based KEMs in the NIST PQC Round 3 candidate-pool, e.g. Kyber, Saber, etc, as well as the difficulties that arise in the various settings. To conclude, we discuss various simple countermeasures to protect implementations against this, and similar, attacks.
###### Jiajun Du, Zhonghui Ge, Yu Long, Zhen Liu, Shifeng Sun, Xian Xu, Dawu Gu
ePrint Report
Mixing protocols serve as a promising solution to the unlinkability in blockchains. They work by hiding one transaction among a set of transactions and enjoy the advantage of high compatibility with the underlying system. However, due to the inherently public nature of the blockchains built on the account-based model, the unlinkability is highly restricted to non-confidential transactions. In the account-based model, blockchains supporting confidential payments need to trade their compatibility for unlinkability.

In this paper, we propose MixCT, a generic protocol that provides the mixing service for confidential payment systems built from homomorphic commitment in the account-based model. We formally define the security goals including safety and availability, and prove that our generic construction satisfies them. Furthermore, we provide an efficient instantiation of MixCT by the Pedersen commitment and the one-out-of-many proof. The evaluation results show that MixCT introduces a small cost for its users while being highly compatible with the underlying confidential blockchain.
###### Birenjith Sasidharan, Emanuele Viterbo
ePrint Report
A transaction record in a sharded blockchain can be represented as a two-dimensional array of integers with row-index associated to an account, column-index to a shard and the entry to the transaction amount. In a blockchain-based cryptocurrency system with coded sharding, a transaction record of a given epoch of time is encoded using a block code considering the entries as finite-field symbols. Each column of the resultant coded array is then stored in a server. In the particular case of PolyShard scheme, the block code turns out to be a maximum-distance-separable code. In this paper, we propose a privacy-preserving multi-round protocol that allows a remote client to retrieve from a coded blockchain system the sum of transaction amounts belonging to two different epochs of time, but to the same account. At the core of the protocol lies an algorithm for a remote client to privately compute a non-linear function referred to as integer-addition of two finite-field symbols representing integer numbers, in the presence of curious-but-honest adversaries. Applying it to balance-checking in a cryptocurrency system, the protocol guarantees information-theoretic privacy on account number and shard number thereby ensuring perfect user anonymity, and also maintains confidentiality of half of the input bits on average. The protocol turns out to be a useful primitive for balance-checking in lightweight clients of a PolyShard-ed blockchain.
###### Alexandra Henzinger, Matthew M. Hong, Henry Corrigan-Gibbs, Sarah Meiklejohn, Vinod Vaikuntanathan
ePrint Report
We present SimplePIR, the fastest private information retrieval (PIR) scheme known to date. SimplePIR is a single-server PIR scheme, whose security holds under the learning-with-errors assumption. To answer a client’s PIR query, the SimplePIR server performs one 32-bit multiplication and one 32-bit addition per database byte. SimplePIR achieves 6.5 GB/s/core server throughput, which is 7% faster than the fastest two-server PIR schemes (that require non-colluding servers). SimplePIR has relatively large communication costs: to make queries to a 1 GB database, the client must download a 124 MB “hint” about the database contents; thereafter, the client may make an unbounded number of queries, each requiring 242 KB of communication. We present a second single-server scheme, DoublePIR, that shrinks the hint to 16 MB at the cost of slightly higher per-query communication (345 KB) and slightly lower throughput (5.2 GB/s/core). Finally, we apply our PIR schemes, together with a new data structure for approximate set membership, to the problem of private auditing in Certificate Transparency. We achieve a strictly stronger notion of privacy than Google Chrome’s current approach with a modest, 13× larger communication overhead.
###### Stephane Lemieux
ePrint Report
Grover famously showed that any unsorted list, of finite size $N$, can be searched in O($\sqrt{N})$ time via quantum computation. Bennett et. al. demonstrated that any algorithm general enough to search any finite unsorted list must take at least O($\sqrt{N})$ time via quantum computation. We demonstrate a quantum algorithm that can search a proper subclass of finite, unsorted lists, of size $N$, in a time that is polynomial in $log(N)$. We demonstrate how it can be used to search the keyspace of any block cipher that can be implemented on a quantum computer with the keyspace in superpositon. In particular we give a polynomial time attack on $AES-128$, $AES-192$ and $AES-256$.
###### Steven Lambregts, Huanhuan Chen, Jianting Ning, Kaitai Liang
ePrint Report
Searchable Encryption schemes provide secure search over encrypted databases while allowing admitted information leakages. Generally, the leakages can be categorized into access and volume pattern. In most existing SE schemes, these leakages are caused by practical designs but are considered an acceptable price to achieve high search efficiency. Recent attacks have shown that such leakages could be easily exploited to retrieve the underlying keywords for search queries. Under the umbrella of attacking SE, we design a new Volume and Access Pattern Leakage-Abuse Attack (VAL-Attack) that improves the matching technique of LEAP (CCS ’21) and exploits both the access and volume patterns. Our proposed attack only leverages leaked documents and the keywords present in those documents as auxiliary knowledge and can effectively retrieve document and keyword matches from leaked data. Furthermore, the recovery performs without false positives. We further compare VAL-Attack with two recent well-defined attacks on several real-world datasets to highlight the effectiveness of our attack and present the performance under popular countermeasures.
###### Tahoura Mosavirik, Patrick Schaumont, Shahin Tajik
ePrint Report
Physical attacks can compromise the security of cryptographic devices. Depending on the attack’s requirements, adversaries might need to (i) place probes in the proximity of the integrated circuits (ICs) package, (ii) create physical connections between their probes/wires and the system’s PCB, or (iii) physically tamper with the PCB’s components, chip’s package, or substitute the entire PCB to prepare the device for the attack. While tamper-proof enclosures prevent and detect physical access to the system, their high manufacturing cost and incompatibility with legacy systems make them unattractive for many low-cost scenarios. In this paper, inspired by methods known from the field of power integrity analysis, we demonstrate how the impedance characterization of the system’s power distribution network (PDN) using on-chip circuit-based network analyzers can detect various classes of tamper events. We explain how these embedded network analyzers, without any modifications to the system, can be deployed on FPGAs to extract the frequency response of the PDN. The analysis of these frequency responses reveals different classes of tamper events from board to chip level. To validate our claims, we run an embedded network analyzer on FPGAs of a family of commercial development kits and perform extensive measurements for various classes of PCB and IC package tampering required for conducting different side-channel or fault attacks. Using the Wasserstein Distance as a statistical metric, we further show that we can confidently detect tamper events. Our results, interestingly, show that even environment-level tampering activities, such as the proximity of contactless EM probes to the IC package or slightly polished IC package, can be detected using on-chip impedance sensing.
###### Marco Calderini, Riccardo Longo, Massimiliano Sala, Irene Villa
ePrint Report
The notion of public key encryption with keyword search (PEKS) was introduced to efficiently search over encrypted data. In this paper, we propose a PEKS scheme in which both the encrypted keyword and the trapdoor are randomized, so that the cloud server is not able to recognize identical queries. Our scheme is CI-secure in the single-user setting and TI-secure in the multi-user setting with multi-trapdoor.