IACR News
If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.
Here you can see all recent updates to the IACR webpage. These updates are also available:
15 August 2018
Stefan Dziembowski, Lisa Eckey, Sebastian Faust
Mahdi Sajadieh, Mohammad Vaziri
Sanjit Chatterjee, R. Kabaleeshwaran
Tobias Pulls, Rasmus Dahlberg
Marina Blanton, Myoungin Jeong
Lijing Zhou, Licheng Wang, Yiru Sun, Tianyi Ai
George Teseleanu
13 August 2018
Darmstadt, Germany, 2 April - 4 April 2019
Submission deadline: 1 December 2018
Notification: 25 January 2019
09 August 2018
Stanislaw Jarecki, Hugo Krawczyk, Jason Resch
We apply these schemes to build Oblivious Key Management Systems (KMS) as a much more secure alternative to traditional wrapping-based KMS. The new system hides keys and object identifiers from the KMS, offers unconditional security for key transport, enables forward security, provides key verifiability, reduces storage, and more. Further, we show how to provide all these features in a distributed threshold implementation that additionally protects the service against server compromise. Finally, we extend the scheme to a threshold Oblivious KMS with updatable encryption so that upon the periodic change of OPRF keys by the server, an efficient update procedure allows a client of the KMS service to non-interactively update all its encrypted data to be decryptable only by the new key. Our techniques improve on the efficiency and security of several recent works on updatable encryption from Crypto and Eurocrypt. We report on an implementation of the above schemes and their performance, showing their practicality and readiness for use in real-world systems. In particular, our pOPRF constructions achieve speeds of over an order of magnitude relative to previous pOPRF schemes.
Avradip Mandal, John C. Mitchell, Hart Montgomery, Arnab Roy
Itai Dinur, Nathan Keller, Ohad Klein
Let $g$ be a generator of a multiplicative group $\mathbb{G}$. Given a random group element $g^{x}$ and an unknown integer $b \in [-M,M]$ for a small $M$, two parties $A$ and $B$ (that cannot communicate) successfully solve DDL if $A(g^{x}) - B(g^{x+b}) = b$. Otherwise, the parties err. In the DDL protocol of Boyle et al., $A$ and $B$ run in time $T$ and have error probability that is roughly linear in $M/T$. Since it has a significant impact on the HSS scheme's performance, a major open problem raised by Boyle et al. was to reduce the error probability as a function of $T$.
In this paper we devise a new DDL protocol that substantially reduces the error probability to $O(M \cdot T^{-2})$. Our new protocol improves the asymptotic evaluation time complexity of the HSS scheme by Boyle et al. on branching programs of size $S$ from $O(S^2)$ to $O(S^{3/2})$. We further show that our protocol is optimal up to a constant factor for all relevant cryptographic group families, unless one can solve the discrete logarithm problem in a \emph{short} interval of length $R$ in time $o(\sqrt{R})$.
Our DDL protocol is based on a new type of random walk that is composed of several iterations in which the expected step length gradually increases. We believe that this random walk is of independent interest and will find additional applications.
Atsushi Fujioka, Katsuyuki Takashima, Shintaro Terada, Kazuki Yoneyama
Thierry Simon, Lejla Batina, Joan Daemen, Vincent Grosso, Pedro Maat Costa Massolino, Kostas Papagiannopoulos, Francesco Regazzoni, Niels Samwel
Takeshi Okamoto, Raylin Tso, Michitomo Yamaguchi, Eiji Okamoto
Shashank Agrawal, Payman Mohassel, Pratyay Mukherjee, Peter Rindal
We put forth the first formal treatment for distributed symmetric-key encryption, proposing new notions of correctness, privacy and authenticity in presence of malicious attackers. We provide strong and intuitive game-based definitions that are easy to understand and yield efficient constructions.
We propose a generic construction of threshold authenticated encryption based on any distributed pseudorandom function (DPRF). When instantiated with the two different DPRF constructions proposed by Naor, Pinkas and Reingold (Eurocrypt 1999) and our enhanced versions, we obtain several efficient constructions meeting different security definitions. We implement these variants and provide extensive performance comparisons. Our most efficient instantiation uses only symmetric-key primitives and achieves a throughput of upto 1 million encryptions/decryptions per seconds, or alternatively a sub-millisecond latency with upto 18 participating parties.
Kai Hu, Tingting Cui, Chao Gao, Meiqin Wang
In this paper, we first construct a novel key-dependent integral distinguisher on 5-round AES with $2^{96}$ chosen plaintexts, which is much better than the previous key-dependent integral distinguisher that requires the full codebook proposed at Crypto'16. Secondly, we show that both distinguishers are valid under either chosen-plaintext setting or chosen-ciphertext setting, which is different from the claims of previous cryptanalysis. However, under different settings, complexities of key-dependent integral distinguishers are very different while those of the key-dependent ID distinguishers are almost the same. We analyze the reasons for it.
Sauvik Bhattacharya, Oscar Garcia-Morchon, Thijs Laarhoven, Ronald Rietman, Markku-Juhani O. Saarinen, Ludo Tolhuizen, Zhenfei Zhang
MCLEAN, United States, 6 May - 10 May 2019
Submission deadline: 15 February 2018
Limassol, Cyprus, 8 April - 12 April 2019
Submission deadline: 10 September 2018
Notification: 10 November 2018
Ruhr University Bochum
• Side-channel analysis attacks
• Fault-injection attacks
• Countermeasures against physical attacks
• Physically unclonable functions
• Symmetric cryptography, design and analysis
• Low-power design
The group offers excellent working environment as a part of Horst Görtz Institut for IT Security (HGI hgi.rub.de/en/home/ ) including more than 200 scientists active in several different aspects of IT security and cryptography.
The candidate should have an M.Sc. degree in IT-security, electrical engineering, computer engineering, computer science, or applied mathematics with excellent grades. Being familiar with cryptography concepts and low-level programming is a must. Knowing a hardware design language, e.g., VHDL/verilog, is a plus.
In order to apply, please send your resume, transcripts, and a list of at least two professional references in a single pdf file to
emsec+apply (at) rub.de
Review of applications starts immediately until the position is filled.
Closing date for applications: 31 December 2018
Contact: Amir Moradi
www.emsec.rub.de/moradi