IACR News
If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.
Here you can see all recent updates to the IACR webpage. These updates are also available:
24 October 2021
Aleksei Udovenko, Giuseppe Vitto
Fabian Hertel, Nicolas Huber, Jonas Kittelberger, Ralf Kuesters, Julian Liedtke, Daniel Rausch
In this paper, we propose and implement several new Ordinos instantiations in order to support Borda voting, the Hare-Niemeyer method for proportional representation, multiple Condorcet methods, and Instant-Runoff Voting. Our instantiations, which are based on suitable secure multi-party computation (MPC) components, offer the first tally-hiding implementations for these voting methods. To evaluate the practicality of our MPC components and the resulting e-voting systems, we provide extensive benchmarks for all our implementations.
Lucjan Hanzlik, Daniel Slamanig
In this paper we address this problem by introducing and formalizing the notion of core/helper anonymous credentials (CHAC). The model considers a constrained core device (e.g., a SIM card) and a powerful helper device (e.g., a smartphone). The key idea is that the core device performs operations that do not depend on the size of the credential or the number of attributes, but at the same time the helper device is unable to use the credential without its help. We present a provably secure generic construction of CHACs using a combination of signatures with flexible public keys (SFPK) and the novel notion of aggregatable attribute-based equivalence class signatures (AAEQ) along with a concrete instantiation. The key characteristics of our scheme are that the size of showing tokens is independent of the number of attributes in the credential(s) and that the core device only needs to compute a single elliptic curve scalar multiplication, regardless of the number of attributes. We confirm the practical efficiency of our CHACs with an implementation of our scheme on a Multos smart card as the core and an Android smartphone as the helper device. A credential showing requires less than 500 ms on the smart card and around 200 ms on the smartphone (even for a credential with 1000 attributes).
Qi Lei, Zijia Yang, Qin Wang, Yaoling Ding, Zhe Ma , An Wang
To bridge this gap, we propose a dimension reduction tool for high-dimensional traces by combining signal-to-noise ratio (SNR) analysis and autoencoder. With the designed asymmetric undercomplete autoencoder (UAE) architecture, we extract a small group of critical features from numerous time samples. The compression rate by using our UAE method reaches 40x on synchronized datasets and 30x on desynchronized datasets. This preprocessing step facilitates the profiled attacks by extracting potential leakage features. To demonstrate its effectiveness, we evaluate our proposed method on the raw ASCAD dataset with 100,000 samples in each trace. We also derive desynchronized datasets from the raw ASCAD dataset and validate our method under random delay effect. As current MLP and CNN structures cannot exploit the S-box leakage either before or after autoencoder preprocessed traces, here, we further propose a $2^n$-structure MLP network as the attack model. By applying UAE and $2^n$-structure MLP network on these traces, experimental results show that all correct subkeys on synchronized datasets (16 S-boxes) and desynchronized datasets are successfully revealed within hundreds of seconds. This shows that our autoencoder can significantly facilitate DL-based profiled attacks on high-dimensional datasets.
Koji Nuida
Ben Marshall, Dan Page
Aayush Jain, Alexis Korb, Paul Lou, Amit Sahai
In particular, we show that when $m\geq n$ and the sets of indices corresponding to the variables present in each monomial exhibit a weak expansion property with expansion factor greater than $1/2$ for unions of at most $4$ sets, then a non-trivial distinguisher exists.
Overwhelming Distinguishers: Next we consider the problem of amplifying the success probability of the distinguisher, to guarantee that it succeeds with probability $1-n^{-\omega(1)}$. We obtain such an overwhelming distinguisher for natural random classes of homogeneous multilinear constant degree $d$ polynomials, denoted by $\mathcal{Q}_{n,d,p}$, and natural input distributions $\mathcal{D}$ such as discrete Gaussians or uniform distributions over bounded intervals. The polynomials are chosen by independently sampling each coefficient to be $0$ with probability $p$ and uniformly from $\cD$ otherwise. For these polynomials, we show a surprisingly simple distinguisher that requires $p> n\log n/\binom{n}{d}$ and $m\geq \tilde{O}(n^{2})$ samples, independent of the degree $d$. This is in contrast with the setting for refutation, where we have sum-of-squares lower bounds against constant degree sum-of-squares algorithms (Grigoriev, TCS 01; Schoenebeck, FOCS 08) for this parameter regime for degree $d>6$.
Guilherme Perin, Lichao Wu, Stjepan Picek
Our results emphasize that deep neural networks as profiling models show successful key recovery independently of explored feature selection scenarios against first-order masked software implementations of AES 128. Concerning the number of features, we found three main observations: 1) scenarios with less carefully selected point-of-interest and larger attacked trace intervals are the ones with better attack performance in terms of the required number of traces during the attack phase; 2) optimizing and reducing the number of features does not necessarily improve the chances to find good models from the hyperparameter search; and 3) in all explored feature selection scenarios, the random hyperparameter search always indicate a successful model with a single hidden layer for MLPs and two hidden layers for CNNs, which questions the reason for using complex models for the considered datasets. Our results demonstrate the key recovery with a single attack trace for all datasets for at least one of the feature selection scenarios.
Caspar Schwarz-Schilling, Joachim Neu, Barnabé Monnot, Aditya Asgaonkar, Ertem Nusret Tas, David Tse
Hyesun Kwak, Dongwon Lee, Yongsoo Song, Sameer Wagh
In this work, we formalize a new variant of HE called Multi-Group Homomorphic Encryption (MGHE). Stated informally, an MGHE scheme provides a seamless integration between MPHE and MKHE, thereby enjoying the best of both worlds. In this framework, a group of parties generates a public key jointly which results in the compactness of ciphertexts and the efficiency of homomorphic operations similar to MPHE. However, unlike MPHE, it also supports computations on encrypted data under different keys similar to MKHE.
We provide the first construction of such an MGHE scheme from BFV and demonstrate experimental results. More importantly, the joint public key generation procedure of our scheme is fully non-interactive so that the set of computing parties does not have to be determined and no information about other parties is needed in advance of individual key generation. At the heart of our construction is a novel re-factoring of the relinearization key.
Long Meng, Liqun Chen
Bhaskar Roberts, Mark Zhandry
Ashrujit Ghoshal, Riddhi Ghosal, Joseph Jaeger, Stefano Tessaro
This paper introduces a new class of memory-tight reductions which leverage random strings in the interaction with the adversary to hide state information, thus shifting the memory costs to the adversary.
We exhibit this technique with several examples. We give memory-tight proofs for digital signatures allowing many forgery attempts when considering randomized message distributions or probabilistic RSA-FDH signatures specifically. We prove security of the authenticated encryption scheme Encrypt-then-PRF with a memory-tight reduction to the underlying encryption scheme. By considering specific schemes or restricted definitions we avoid generic impossibility results of Auerbach et al. (CRYPTO '17) and Ghoshal et al. (CRYPTO '20).
As a further case study, we consider the textbook equivalence of CCA-security for public-key encryption for one or multiple encryption queries. We show two qualitatively different memory-tight versions of this result, depending on the considered notion of CCA security.
Maikel Kerkhof, Lichao Wu, Guilherme Perin, Stjepan Picek
This paper analyzes the limitations of the existing loss functions and then proposes a novel side-channel analysis-optimized loss function: Focal Loss Ratio (FLR), to cope with the identified drawbacks observed in other loss functions. To validate our design, we 1) conduct a thorough experimental study considering various scenarios (datasets, leakage models, neural network architectures) and 2) compare with other loss functions commonly used in the deep learning-based side-channel analysis (both ``traditional'' one and those designed for side-channel analysis). Our results show that FLR loss outperforms other loss functions in various conditions while not having computation overheads compared to common loss functions like categorical cross-entropy.
Keitaro Hashimoto, Shuichi Katsumata, Eamonn Postlethwaite, Thomas Prest, Bas Westerbaan
We propose Chained CmPKE, a CGKA with an asymmetric bandwidth cost: in a group of $N$ members, a commit message costs $O(N)$ to upload and $O(1)$ to download, for a total bandwidth cost of $O(N)$. In contrast, TreeKEM [19, 24, 76] costs $\Omega(\log N)$ in both directions, for a total cost $\Omega(N\log N)$. Our protocol relies on generic primitives, and is therefore readily post-quantum.
We go one step further and propose post-quantum primitives that are tailored to Chained CmPKE, which allows us to cut the growth rate of uploaded commit messages by two or three orders of magnitude compared to naive instantiations. Finally, we realize a software implementation of Chained CmPKE. Our experiments show that even for groups with a size as large as $N = 2^{10}$, commit messages can be computed and processed in less than 100 ms.
Veronika Kuchta, Joseph K. Liu
Tianyu Zheng, Shang Gao, Bin Xiao, Yubo Song
We further use our proof scheme to implement both multiple ring signature schemes and RingCT protocols. For multiple ring signatures, we need to add a boundary constraint for the number $k$ to avoid the proof of an empty secret set. Thus, an improved version called bounded any-out-of-many proof is presented, which preserves all nice features of the original protocol such as high anonymity and logarithmic size. As for the RingCT, both the original and bounded proofs can be used safely. The result of the performance evaluation indicates that our RingCT protocol is more efficient and secure than others. We also believe our techniques are applicable in other privacy-preserving occasions.
23 October 2021
Visa Research, Palo Alto, CA
The Visa Research Advanced Cryptography team is seeking research interns in areas including Post-Quantum Cryptography, Multi-Party Computation and Zero-Knowledge Proofs. As an integral member of the extended Research team, interns will contact world-class research activities with fellow researchers, and work closely with product and technology teams to ensure the successful creation and application of disruptive and innovative security technologies.
To apply and for further details see https://smrtr.io/6zLhF
Closing date for applications:
Contact: Gaven Watson (gawatson@visa.com)
More information: https://smrtr.io/6zLhF
Zoom Video Communications
Zoom Security Engineering is hiring a Cryptography Intern for Summer 2022 to join the End-To-End-Encryption (E2EE) team. Come have a tangible impact on the security of a product used by millions of people, and help us design and deploy new cryptographic features across all of Zoom’s products!
In particular, we are developing and deploying new cryptographic protocols for privacy preserving and auditable data structures (such as transparency trees), e2ee communications and identity assertions.
Candidates should have a love for cryptography and security, an interest in bridging the gap between the academic literature and industry requirements/constraints, and an appreciation for simple and elegant solutions.
Job Responsibilities:
- Survey the academic literature for existing solutions to a problem, recommending the most suitable given Zoom’s constraints
- Develop new solutions to the problems above that are tailored to Zoom’s needs, analyze their security and submit academic papers to crypto/security conferences
- Write architecture and design documents describing the problem, solution and security tradeoffs. These will both be shared internally to guide the implementation, and externally for transparency and community feedback. See https://github.com/zoom/zoom-e2e-whitepaper/ for an example
- Occasionally review implementations for security vulnerabilities and compliance with the specifications above
Job requirements:
- Pursuing a PhD in Computer Science or related field, with a focus on Cryptography
- Experience with threat modelling, formalizing new cryptographic primitives/protocols, and formally proving/analyzing their security
- Ability to clearly and concisely communicate ideas about complex systems, both in written and spoken word
- (Preferred) Some experience writing Go and/or C++, with awareness of secure coding practices
Closing date for applications:
Contact: Antonio Marcedone
More information: https://zoom.wd5.myworkdayjobs.com/en-US/Zoom/job/Remote--NY---New-York-City/XMLNAME-2022-Summer-Cryptography--INTERN-_R6582
University of St. Gallen, Switzerland
- Development and implementation of concepts and research results, both individually and in collaboration with researchers and PhD students,
- Run of experiments and simulation of realistic conditions to test the performance of developed algorithms and protocols,
- Development, maintenance and organization of software,
- Support to BSc, MSc and PhD students, postdocs and researchers who use the lab,
- Responsibility for day routines in the lab, for example purchases, installations, bookings, inventory,
- Demonstrations and lab tours for external visitors,
- Producing media content for our group web page and social media platforms.
- The successful applicant is expected to hold or to be about to receive a M.Sc. degree in Computer Science, Electrical Engineering, Applied Mathematics or similar fields, preferably with a focus in Security and Privacy for Computer Science Systems.
- We are looking for a strongly motivated and self-driven person who is able to work and learn new things independently.
- Good command of English is required.
- You should have a good academic track record and well developed analytical and problem solving skills.
- Excellent programming skills and familiarity with cryptographic libraries.
- Previous experience in implementation projects with C++, Matlab/Simulink, Python is desired.
Apply onlinehttps://jobs.unisg.ch/offene-stellen/cryptography-engineer-m-w-d/634aea27-37d2-4f1f-ab25-2d3c0a622fc0
Closing date for applications:
Contact: Katerina Mitrokotsa
More information: https://jobs.unisg.ch/offene-stellen/cryptography-engineer-m-w-d/634aea27-37d2-4f1f-ab25-2d3c0a622fc0
