IACR News
If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.
Here you can see all recent updates to the IACR webpage. These updates are also available:
30 March 2025
University of Tübingen, Department of Computer Science;Tübingen, Germany
About the Project
We are seeking a highly motivated PhD candidate to join our DFG-funded project on privacy-preserving rare disease analysis. This interdisciplinary research initiative focuses on developing secure and efficient methods for variant filtering, prioritization, and rare-variant association studies.
Responsibilities
- Conduct research on secure algorithms and protocols for privacy-preserving analysis of genomic and clinical data.
- Develop and integrate methods for variant filtering, prioritization, and rare-variant association studies in a federated environment.
- Implement and evaluate methods as part of an open-source software framework for privacy-preserving rare variant analyses.
- Present findings in peer-reviewed publications and international conferences.
Requirements
- Master’s degree (or equivalent) in Computer Science, Bioinformatics, Mathematics, or a related field.
- Background or interest in cryptography (e.g., secure multi-party computation), machine learning (e.g., federated learning, data privacy), or bioinformatics (e.g., variant analysis).
- Solid programming skills in at least one language commonly used in research (Python, C/C++, Java, etc.).
- Strong analytical and problem-solving capabilities.
- Excellent communication and teamwork skills.
How to Apply
Please email a single PDF to [Contact Email Address] with:
- Cover Letter (your motivation and relevant experience)
- CV (academic background, technical skills, publications)
- Transcript(s) (BSc, MSc or equivalent)
- References(contact details)
Application Deadline: [30.04.2025]
Closing date for applications:
Contact: Dr. Mete Akgün
More information: https://mdppml.github.io/downloads/PhD_Student_in_Privacy_Preserving_Rare_Disease_Analysis.pdf
28 March 2025
Subhadeep Banik, Hailun Yan
Lydia Garms, Michael Livesey
Linus Mainka, Kostas Papagiannopoulos
YoungBeom Kim, Seog Chung Seo
Zhengjun Cao, Lihua Liu
Dipayan Saha, Hasan Al Shaikh, Shams Tarek, Farimah Farahmandi
Abraham Basurto-Becerra, Azade Rezaeezade, Stjepan Picek
Yanning Ji, Elena Dubrova, Ruize Wang
Kien Tuong Truong, Simon-Philipp Merz, Matteo Scarlata, Felix Günther, Kenneth G. Paterson
Weihan Li, Zongyang Zhang, Yun Li, Pengfei Zhu, Cheng Hong, Jianwei Liu
We propose $\textsf{Soloist}$, an optimized distributed SNARK for R1CS. $\textsf{Soloist}$ achieves constant proof size, constant amortized communication complexity, and constant verifier complexity, relative to the R1CS size $n$. Utilized with $\ell$ sub-provers, its prover complexity is $O(n/\ell \cdot \log(n/\ell))$. The concrete prover time is~$\ell\times$ as fast as the R1CS-targeted Marlin (Eurocrypt '20). For zkRollups, $\textsf{Soloist}$ can prove more transactions, with $2.5 \times$ smaller memory costs, $2.8\times$ faster preprocessing, and $1.8\times$ faster proving than Pianist.
$\textsf{Soloist}$ leverages an improved inner product argument and a new batch bivariate polynomial commitment variant of KZG (Asiacrypt '10). To achieve constant verification, we propose a new preprocessing method with a lookup argument for unprescribed tables, which are usually assumed pre-committed in prior works. Notably, all these schemes are equipped with scalable distributed mechanisms.
Lena Heimberger, Christopher Patton, Bas Westerbaan
Changsong Jiang, Chunxiang Xu, Guomin Yang, Li Duan, Jing Wang
27 March 2025
Joseph Jaeger, Akshaya Kumar
Aritra Dasgupta, Sudipta Paria, Swarup Bhunia
Wei-Kai Lin, Ethan Mook, Daniel Wichs
We show that the black-box use of essentially all generic cryptographic primitives (e.g., key agreement, oblivious transfer, indistinguishability obfuscation, etc.), including idealized primitives (e.g., random oracles, generic multilinear groups, virtual black-box obfuscation, etc.) is essentially useless for constructing SK-DEPIR. In particular, in any such SK-DEPIR construction, we can replace all black-box use of these primitives with just a black-box use of one-way functions. While we conjecture that SK-DEPIR cannot be constructed using black-box one-way functions alone, we are unable to show this in its full generality. However, we do show this for 2-round schemes with a passive server that simply outputs requested locations in the preprocessed data structure, which is the format of all known schemes. Overall, this shows that the black-box use of essentially all crypto primitives is insufficient for constructing 2-round passive-server SK-DEPIR, and does not provide any benefit beyond black-box one-way functions for constructing general SK-DEPIR.
26 March 2025
Aniket Kate, Pratyay Mukherjee, Hamza Saleem, Pratik Sarkar, Bhaskar Roberts
We take an alternative approach of social recovery within a community, where each member already holds a secret key (with possibly an associated public key) and uses other community members as their guardians forming a mutual dependency among themselves. Potentially, each member acts as a guardian for upto $(n-1)$ other community members. Therefore, in this setting, using standard Shamir's sharing leads to a linear ($O(n)$) blow-up in the internal secret storage of the guardian for each key recovery. Our solution avoids this linear blowup in internal secret storage by relying on a novel secret-sharing scheme, leveraging the fact that each member already manages a secret key. In fact, our scheme does not require guardians to store anything beyond their own secret keys.
We propose the first formal definition of a social key recovery scheme for general access structures in the community setting. We prove that our scheme is secure against any malicious and adaptive adversary that may corrupt up to $t$ parties. As a main technical tool, we use a new notion of secret sharing, that enables $(t+1)$ out of $n$ sharing of a secret even when the shares are generated independently -- we formalize this as bottom-up secret sharing (BUSS), which may be of independent interest.
Finally, we provide an implementation benchmarking varying the number of guardians both in a regional, and geo-distributed setting. For instance, for 8 guardians, our backup protocol takes around 146-149 ms in a geo-distributed WAN setting, and 4.9-5.9 ms in the LAN setting; for recovery protocol, the timings are approximately the same for the WAN setting (as network latency dominates), and 1.2-1.4 ms for the LAN setting.
Alex Biryukov, Baptiste Lambin, Aleksei Udovenko
Our formula uncovers error in a recent work from 2022 proposing a formula for rotation amounts bigger than 1. Surprisingly, it also affects correctness of the more studied and used formula for the rotation amount equal to 1 (from TOSC 2016). Specifically, it uncovers rare cases where the assumptions of this formula do not hold. Correct formula for arbitrary rotations now opens up a larger search space where one can often find better trails.
For applications, we propose automated mixed integer linear programming (MILP) modeling techniques for searching optimal RX-trails based on our exact formula. They are consequently applied to several ARX designs, including Salsa, Alzette and a small-key variant of Speck, and yield many new RX-differential distinguishers, some of them based on provably optimal trails. In order to showcase the relevance of the RX-differential analysis, we also design Malzette, a 12-round Alzette-based permutation with maliciously chosen constants, which has a practical RX-differential distinguisher, while standard differential/linear security arguments suggest sufficient security.
Andrea Flamini, Silvio Ranise, Giada Sciarretta, Mario Scuro, Nicola Smaniotto, Alessandro Tomasi
Julien Devevey, Morgane Guerreau, Thomas Legavre, Ange Martinelli, Thomas Ricosset
We first exploit the multiplications involving its two main secret matrices, recovering approximately half of their entries through a non-profiled power analysis with a few hundred traces. Using these coefficients, we reduce the dimension of the underlying LWE problem, enabling full secret key recovery with calls to a small block-sized BKZ.
To mitigate this attack, we propose a countermeasure that replaces sensitive computations involving a secret matrix with equivalent operations derived solely from public elements, eliminating approximately half of the identified leakage and rendering the attack unfeasible.
Finally, we perform a non-profiled power analysis targeting HuFu's Gaussian sampling procedure, recovering around 75\% of the remaining secret matrix's entries in a few hundred traces. While full key recovery remains computationally intensive, we demonstrate that partial knowledge of the secret significantly improves the efficiency of signature forgery.