International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

Updates on the COVID-19 situation are on the Announcement channel.

Here you can see all recent updates to the IACR webpage. These updates are also available:

RSS symbol icon
via RSS feed
Twitter bird icon
via Twitter
Weibo icon
via Weibo
Facebook icon
via Facebook

26 September 2022

Harry Eldridge, Aarushi Goel, Matthew Green, Abhishek Jain, Maximilian Zinkus
ePrint Report ePrint Report
One-time programs, originally formulated by Goldwasser et al. [CRYPTO'08], are a powerful cryptographic primitive with compelling applications. Known solutions for one-time programs, however, require specialized secure hardware that is not widely available (or, alternatively, access to blockchains and very strong cryptographic tools).

In this work we investigate the possibility of realizing one-time programs from a recent and now more commonly available hardware functionality: the counter lockbox. A counter lockbox is a stateful functionality that protects an encryption key under a user-specified password, and enforces a limited number of incorrect guesses. Counter lockboxes have become widely available in consumer devices and cloud platforms.

We show that counter lockboxes can be used to realize one-time programs for general functionalities. We develop a number of techniques to reduce the number of counter lockboxes required for our constructions, that may be of independent interest.
Expand
Seonghak Kim, Minji Park, Jaehyung Kim, Taekyung Kim, Chohong Min
ePrint Report ePrint Report
Homomorphic encryption (HE) has opened an entirely new world up in the privacy-preserving use of sensitive data by conducting computations on encrypted data. Amongst many HE schemes targeting computation in various contexts, Cheon--Kim--Kim--Song (CKKS) scheme is distinguished since it allows computations for encrypted real number data, which have greater impact in real-world applications.

CKKS scheme is a levelled homomorphic encryption scheme, consuming one level for each homomorphic multiplication. When the level runs out, a special computational circuit called bootstrapping is required in order to conduct further multiplications. The algorithm proposed by Cheon et al. has been regarded as a standard way to do bootstrapping in the CKKS scheme, and it consists of the following four steps: ModRaise, CoeffToSlot, EvalMod and SlotToCoeff. However, the steps consume a number of levels themselves, and thus optimizing this extra consumption has been a major focus of the series of recent research.

Among the total levels consumed in the bootstrapping steps, about a half of them is spent in CoeffToSlot and SlotToCoeff steps to scale up the real number components of DFT matrices and round them to the nearest integers. Each scale-up factor is very large so that it takes up one level to rescale it down. Scale-up factors can be taken smaller to save levels, but the error of rounding would be transmitted to EvalMod and eventually corrupt the accuracy of bootstrapping.

EvalMod aims to get rid of the superfluous $qI$ term from a plaintext $pt + qI$ resulting from ModRaise, where $q$ is the bottom modulus and $I$ is a polynomial with small integer coefficients. EvalRound is referred to as its opposite, obtaining $qI$. We introduce a novel bootstrapping algorithm consisting of ModRaise, CoeffToSlot, EvalRound and SlotToCoeff, which yields taking smaller scale-up factors without the damage of rounding errors.
Expand
Aayush Gupta, Kobi Gurkan
ePrint Report ePrint Report
ZK-SNARKs (Zero Knowledge Succinct Noninteractive ARguments of Knowledge) are one of the most promising new applied cryptography tools: proofs allow anyone to prove a property about some data, without revealing that data. Largely spurred by the adoption of cryptographic primitives in blockchain systems, ZK-SNARKs are rapidly becoming computationally practical in real-world settings, shown by i.e. tornado.cash and rollups. These have enabled ideation for new identity applications based on anonymous proof-of-ownership. One of the primary technologies that would enable the jump from existing apps to such systems is the development of deterministic nullifiers.

Nullifiers are used as a public commitment to a specific anonymous account, to forbid actions like double spending, or allow a consistent identity between anonymous actions. We identify a new deterministic signature algorithm that both uniquely identifies the keypair, and keeps the account identity secret. In this work, we will define the full DDH-VRF construction, and prove uniqueness, secrecy, and existential unforgeability. We will also demonstrate a proof of concept of the nullifier.
Expand
Estuardo Alpirez Bock, Lukasz Chmielewski, Konstantina Miteloudi
ePrint Report ePrint Report
The Montgomery Ladder is widely used for implementing the scalar multiplication in elliptic curve cryptographic designs. This algorithm is efficient and provides a natural robustness against (simple) side-channel attacks. Previous works however showed that implementations of the Montgomery Ladder using Lopez-Dahab projective coordinates easily leak the value of the most significant bits of the secret scalar, which led to a full key recovery in an attack known as LadderLeak. In light of such leakage, we analyse further popular methods for implementing the Montgomery Ladder. We first consider open source software implementations of the X25519 protocol which implement the Montgomery Ladder based on the ladderstep algorithm from Düll et al. [15]. We confirm via power measurements that these implementations also easily leak the most significant scalar bits, even when implementing Z-coordinate ran- domisations. We thus propose simple modifications of the algorithm and its handling of the most significant bits and show the effectiveness of our modifications via experimental results. Particularly, our re-designs of the algorithm do not incurring significant efficiency penalties. As a second case study, we consider open source hardware implementations of the Montgomery Ladder based on the complete addition formulas for prime order elliptic curves, where we observe the exact same leakage. As we explain, the most significant bits in implementations of the complete addition formulas can be protected in an analogous way as we do for Curve25519 in our first case study.
Expand
Akinori Hosoyamada, Takanori Isobe, Yosuke Todo, Kan Yasuda
ePrint Report ePrint Report
Incompressibility is one of the most fundamental security goals in white-box cryptography. Given recent advances in the design of efficient and incompressible block ciphers such as SPACE, SPNbox and WhiteBlock, we demonstrate the feasibility of reducing incompressible AEAD modes to incompressible block ciphers. We first observe that several existing AEAD modes of operation, including CCM, GCM(-SIV), and OCB, would be all insecure against white-box adversaries even when used with an incompressble block cipher. This motivates us to revisit and formalize incompressibility-based security definitions for AEAD schemes and for block ciphers, so that we become able to design modes and reduce their security to that of the underlying ciphers. Our new security notion for AEAD, which we name whPRI, is an extension of the pseudo-random injection security in the black-box setting. Similar security notions are also defined for other cryptosystems such as privacy-only encryption schemes. We emphasize that whPRI ensures quite strong authenticity against white-box adversaries: existential unforgeability beyond leakage. This contrasts sharply with previous notions which have ensured either no authenticity or only universal unforgeability. For the underlying ciphers we introduce a new notion of whPRP, which extends that of PRP in the black-box setting. Interestingly, our incompressibility reductions follow from a variant of public indifferentiability. In particular, we show that a practical whPRI-secure AEAD mode can be built from a whPRP-secure block cipher: We present a SIV-like composition of the sponge construction (utilizing a block cipher as its underlying primitive) with the counter mode and prove that such a construction is (in the variant sense) public indifferentiable from a random injection. To instantiate such an AEAD scheme, we propose a 256-bit variant of SPACE, based on our conjecture that SPACE should be a whPRP-secure cipher.
Expand
Fuyuki Kitagawa, Ryo Nishimaki
ePrint Report ePrint Report
Secure software leasing is a quantum cryptographic primitive that enables us to lease software to a user by encoding it into a quantum state. Secure software leasing has a mechanism that verifies whether a returned software is valid or not. The security notion guarantees that once a user returns a software in a valid form, the user no longer uses the software.

In this work, we introduce the notion of secret-key functional encryption (SKFE) with secure key leasing, where a decryption key can be securely leased in the sense of secure software leasing. We also instantiate it with standard cryptographic assumptions. More specifically, our contribution is as follows.

- We define the syntax and security definitions for SKFE with secure key leasing. - We achieve a transformation from standard SKFE into SKFE with secure key leasing without using additional assumptions. Especially, we obtain bounded collusion-resistant SKFE for $\mathsf{P/poly}$ with secure key leasing based on post-quantum one-way functions since we can instantiate bounded collusion-resistant SKFE for $\mathsf{P/poly}$ with the assumption.

Some previous secure software leasing schemes capture only pirate software that runs on an honest evaluation algorithm (on a legitimate platform). However, our secure key leasing notion captures arbitrary attack strategies and does not have such a limitation.

As an additional contribution, we introduce the notion of single-decryptor FE (SDFE), where each functional decryption key is copy-protected. Since copy-protection is a stronger primitive than secure software leasing, this notion can be seen as a stronger cryptographic primitive than FE with secure key leasing. More specifically, our additional contribution is as follows.

- We define the syntax and security definitions for SDFE. - We achieve collusion-resistant single-decryptor PKFE for $\mathsf{P/poly}$ from post-quantum indistinguishability obfuscation and quantum hardness of the learning with errors problem.
Expand
Nan Wang, Sid Chi-Kin Chau
ePrint Report ePrint Report
We propose Flashproofs, a new type of efficient special honest verifier zero-knowledge arguments with a transparent setup in the discrete logarithm (DL) setting. First, we put forth gas-efficient range arguments that achieve $O(N^{\frac{2}{3}})$ communication cost, and involve $O(N^{\frac{2}{3}})$ group exponentiations for verification and a slightly sub-linear number of group exponentiations for proving with respect to the range $[0, 2^N-1]$, where $N$ is the bit length of the range. For typical confidential transactions on blockchain platforms supporting smart contracts, verifying our range arguments consumes only 237K and 318K gas for 32-bit and 64-bit ranges, which are comparable to 220K gas incurred by verifying the most efficient zkSNARK with a trusted setup (EUROCRYPT 16) at present. Besides, the aggregation of multiple arguments can yield further efficiency improvement. Second, we present polynomial evaluation arguments based on the techniques of Bayer & Groth (EUROCRYPT 13). We provide two zero-knowledge arguments, which are optimised for lower-degree ($D \in [3, 2^9]$) and higher-degree ($D > 2^9$) polynomials, where $D$ is the polynomial degree. Our arguments yield a non-trivial improvement in the overall efficiency. Notably, the number of group exponentiations for proving drops from $8\log D$ to $3(\log D+\sqrt{\log D})$. The communication cost and the number of group exponentiations for verification decrease from $7\log D$ to $(\log D + 3\sqrt{\log D})$. To the best of our knowledge, our arguments instantiate the most communication-efficient arguments of membership and non-membership in the DL setting among those not requiring trusted setups. More importantly, our techniques enable a significantly asymptotic improvement in the efficiency of communication and verification (group exponentiations) from $O(\log D)$ to $O(\sqrt{\log D})$ when multiple arguments satisfying different polynomials with the same degree and inputs are aggregated.
Expand
Yun Lu, Yu Wei, Malik Magdon-Ismail, Vassilis Zikas
ePrint Report ePrint Report
Differential Privacy (DP) is one of the gold standards of privacy. Nonetheless, when one is interested in mechanisms with theoretical guarantees, one has to either choose from a relatively small pallet of generic mechanisms, like Laplacian, Gaussian, and exponential, or develop a new, problem-specific mechanism and analyze its privacy. This makes it challenging for non-experts in security to utilize DP for preserving privacy in complex tasks in areas like machine learning, data science, and medicine, which are primary application domains of DP.

Our work aims to address the above limitation. In a nutshell we devise a methodology for domain experts with limited knowledge of security to estimate the (differential) privacy of an arbitrary mechanism. Our Eureka moment is the utilization of a link---which we prove---between the problems of DP parameter-estimation and Bayes optimal classifiers in machine learning, which we believe can be of independent interest. Our estimator methodology uses this link to achieve two desirable properties: (1) it is black-box, i.e., does not require knowledge of the underlying mechanism, and (2) it has a theoretically-proven accuracy, which depends on the underlying classifier used. This allows domain experts to design mechanisms that they conjecture offer certain (differential) privacy guarantees---but maybe cannot prove it---and apply our method to confirm (or disprove) their conjecture.

More concretely, we first prove a new impossibility result, stating that for the classical DP notion there is no black-box poly-time estimator of $(\epsilon,\delta)$-DP. This motivates a natural relaxation of DP, which we term relative DP. Relative DP preserves the desirable properties of DP---composition, robustness to post processing, and robustness to the discovery disclosure of new data---and applies in most practical settings where privacy is desired. We then devise a black-box poly-time $(\epsilon,\delta)$-relative DP estimator---the first to support mechanisms with large output spaces while having tight accuracy bounds. As a result of independent interest, we apply this theory to develop the first approximate estimator for the standard, i.e., non-relative, definition of Distributional Differential Privacy (DDP) -- aka noiseless privacy.

To demonstrate both our theory and its potential for practical impact, we devised a proof-of-concept implementation of our estimator and benchmarked it against well-studied DP mechanisms. We show that in reasonable execution time our estimator can reproduce the tight, analytically computed $\epsilon, \delta$ trade-off of Laplacian and Gaussian mechanisms---to our knowledge, the first black box estimator to do so, and for the Sparse Vector Technique, our outputs are comparable to that of a more specialized state-of-the-art $(\epsilon, \delta)$-DP estimator.
Expand
Julien Devevey, Omar Fawzi, Alain Passelègue, Damien Stehlé
ePrint Report ePrint Report
Lyubashevsky’s signatures are based on the Fiat-Shamir with aborts paradigm, whose central ingredient is the use of rejection sampling to transform secret-dependent signature samples into samples from (or close to) a secret-independent target distribution. Several choices for the underlying distributions and for the rejection sampling strategy can be considered. In this work, we study Lyubashevsky’s signatures through the lens of rejection sampling, and aim to minimize signature size given signing runtime requirements. Several of our results concern rejection sampling itself and could have other applications. We prove lower bounds for compactness of signatures given signing run- time requirements, and for expected runtime of perfect rejection sampling strategies. We also propose a Rényi-divergence-based analysis of Lyuba- shevsky’s signatures which allows for larger deviations from the target distribution, and show hyperball uniforms to be a good choice of distri- butions: they asymptotically reach our compactness lower bounds and offer interesting features for practical deployment. Finally, we propose a different rejection sampling strategy which circumvents the expected runtime lower bound and provides a worst-case runtime guarantee.
Expand
Yuval Ishai, Arpita Patra, Sikhar Patranabis, Divya Ravi, Akshayaram Srinivasan
ePrint Report ePrint Report
The task of achieving full security (with guaranteed output delivery) in secure multiparty computation (MPC) is a long-studied problem. Known impossibility results (Cleve, STOC 86) rule out general solutions in the dishonest majority setting. In this work, we consider solutions that use an external trusted party (TP) to bypass the impossibility results, and study the minimal requirements needed from this trusted party. In particular, we restrict ourselves to the extreme setting where the size of the TP is independent of the size of the functionality to be computed (called “small” TP) and this TP is invoked only once during the protocol execution. We present several positive and negative results for fully-secure MPC in this setting.

-- For a natural class of protocols, specifically, those with a universal output decoder, we show that the size of the TP must necessarily be exponential in the number of parties. This result holds irrespective of the computational assumptions used in the protocol. The class of protocols to which our lower bound applies is broad enough to capture prior results in the area, implying that the prior techniques necessitate the use of an exponential-sized TP. We additionally rule out the possibility of achieving information-theoretic full security (without the restriction of using a universal output decoder) using a “small” TP in the plain model (i.e., without any setup).

-- In order to get around the above negative result, we consider protocols without a universal output decoder. The main positive result in our work is a construction of such a fully-secure MPC protocol assuming the existence of a succinct Functional Encryption scheme. We also give evidence that such an assumption is likely to be necessary for fully-secure MPC in certain restricted settings.

-- Finally, we explore the possibility of achieving full-security with a semi-honest TP that could collude with other malicious parties (which form a dishonest majority). In this setting, we show that even fairness is impossible to achieve regardless of the “small TP” requirement.
Expand
Trevor Yap, Adrien Benamira, Shivam Bhasin, Thomas Peyrin
ePrint Report ePrint Report
Deep neural networks (DNN) have become a significant threat to the security of cryptographic implementations with regards to side-channel analysis (SCA), as they automatically combine the leakages without any preprocessing needed, leading to a more efficient attack. However, these DNNs for SCA remain mostly black-box algorithms that are very difficult to interpret. Benamira \textit{et al.} recently proposed an interpretable neural network called Truth Table Deep Convolutional Neural Network (TT-DCNN), which is both expressive and easier to interpret. In particular, a TT-DCNN has a transparent inner structure that can entirely be transformed into SAT equations after training. In this work, we analyze the SAT equations extracted from a TT-DCNN when applied in SCA context, eventually obtaining the rules and decisions that the neural networks learned when retrieving the secret key from the cryptographic primitive (i.e., exact formula). As a result, we can pinpoint the critical rules that the neural network uses to locate the exact Points of Interest (PoIs). We validate our approach first on simulated traces for higher-order masking. However, applying TT-DCNN on real traces is not straightforward. We propose a method to adapt TT-DCNN for application on real SCA traces containing thousands of sample points. Experimental validation is performed on software-based ASCADv1 and hardware-based AES\_HD\_ext datasets. In addition, TT-DCNN is shown to be able to learn the exact countermeasure in a best-case setting.
Expand
University of St.Gallen, Switzerland
Job Posting Job Posting
We are looking for a bright and motivated PhD student to work in the topics of information security and cryptography.

The student is expected to work on topics that include security and privacy issues in biometric authentication. More precisely, the student will be working on investigating efficient and privacy-preserving authentication that provides: i) provable security guarantees, and ii) rigorous privacy guarantees.

Key Responsibilities:
  • Perform exciting and challenging research in the domain of information security and cryptography.
  • Support and assist in teaching computer security and cryptography courses.
Profile:
  • The PhD student is expected to have a MSc degree or equivalent, and strong background in cryptography, network security and mathematics.
  • Experience in one or more domains such as cryptography, design of protocols, secure multi-party computation and differential privacy is beneficial.
  • Excellent programming skills.
  • Excellent written and verbal communication skills in English
The Chair of Cyber Security, https://cybersecurity.unisg.ch/, is a part of the Institute of Computer Science (ICS) at the University of St.Gallen. The chair was established in autumn semester 2020 and is led by Prof. Dr. Katerina Mitrokotsa. Our research interests are centered around information security and applied cryptography, with the larger goal of safeguarding communications and providing strong privacy guarantees. We are currently active in multiple areas including the design of provably secure cryptographic protocols and cryptographic primitives that can be employed for reliable authentication, outsourcing computations in cloud-assisted settings, network security problems as well as secure and privacy-preserving machine learning. As a doctoral student you will be a part of the Doctoral School of Computer Science (DCS), https://dcs.unisg.ch.

Please apply by 15th October 2022.

Closing date for applications:

Contact:
Eriane Breu, eriane.breu@unisg.ch (Administrative matters)
Prof. Katerina Mitrokotsa, katerina.mitrokotsa@unisg.ch (Research related questions)

Expand
IHUB NTIHAC FOUNDATION, IIT Kanpur, Kanpur-208016, U.P., INDIA
Job Posting Job Posting
Responsibilities:
  • Analyzing various crypto algorithms and protocols to detect vulnerabilities
  • Conduct analysis of cryptographic data
  • Investigate, research, and test new cryptology theories and applications
  • Any other tasks as assigned
  • Eligibility:
  • Undergraduate degree in mathematics/statistics/computer science
  • Strong understanding of cryptography
  • Desirable:
  • Proficiency in translating client requirements into technical problem statements
  • Strong programming skills, particularly in C/C++ and Python, with motivation to implement complex algorithms in code
  • Travel:
  • An employee must travel across the country for project execution, monitoring, and coordination with geographically distributed teams per the assigned responsibilities

    Closing date for applications:

    Contact: Submissions are accepted only through an email to Professor Manindra Agrawal (manindra@cse.iitk.ac.in), Director, C3iHub, IIT Kanpur.

    More information: https://www.linkedin.com/jobs/view/cryptanalyst-at-c3i-hub-3243352185/?originalSubdomain=in

  • Expand

    24 September 2022

    Okinawa Institute of Science and Technology Graduate University
    Job Posting Job Posting

    The Okinawa Institute of Science and Technology (OIST) is a dynamic and growing graduate university in Japan. We are inviting applications for tenure-track and tenured faculty positions in the areas of Quantum Information Science and Quantum Technology, Applied Cryptography and Cyber Security.

    Successful candidates will have an opportunity to join our vibrant, collaborative, interdisciplinary research community. They will:

    • establish and run an active independent Research Unit with generous internal funding, including funds for several research staff;
    • supervise and mentor PhD students, develop and teach graduate courses, and actively contribute to university services;
    • receive access to cutting-edge core research facilities, including imaging, sequencing, instrumentation, nanofabrication, and high-performance computing, with dedicated support staff;
    • enjoy a competitive remuneration package with additional benefits, such as housing allowance.

    OIST is actively seeking applications from women and underrepresented groups.

    Deadline for applications: 30 Nov 2022 at 12:59 PM JST.

    About OIST

    OIST is a dynamic and growing graduate university in Japan, offering a world-class research environment and opportunities for cross-disciplinary research. We have no departments, and we currently have 89 Research Units. English is the official language of the university, and the research community is fully international, with more than 50 countries represented. The campus is located on 85 hectares of protected forestland overlooking beautiful shorelines and coral reefs in subtropical Okinawa, Japan. To learn more about OIST, visit www.oist.jp

    Closing date for applications:

    Contact: Dr. Milind Purohit, Dean of Faculty Affairs (faculty-recruiting at oist.jp)

    More information: https://groups.oist.jp/facultypositions

    Expand
    National University of Singapore
    Job Posting Job Posting
    The Department of Computer Science at the National University of Singapore (NUS) invites applications for a tenure-track faculty position in cryptography, both applied and theoretical. The Department enjoys ample research funding, moderate teaching loads, excellent facilities, and extensive international collaborations. We have a full range of faculty covering all major research areas in computer science, as well as excellent centres in allied scientific areas such as in quantum computing. NUS Computing is home to a thriving PhD program that attracts the brightest students from the region and beyond. The CS department highlights can be found in the URL below. NUS is an equal opportunity employer that offers highly competitive salaries, and is situated in Singapore, an English-speaking cosmopolitan city that is a melting pot of many cultures, both the east and the west. Singapore offers high-quality education and healthcare at all levels, as well as very low tax rates. We seek tenure-track faculty candidates at all levels. Candidates for Assistant Professor positions should demonstrate excellent research potential and a strong commitment to teaching. Truly outstanding Assistant Professor applicants will also be considered for the Presidential Young Professorship. Candidates for tenured Associate Professor or full Professor should demonstrate excellent track records in research, teaching, and thought leadership. Application Details: • Submit the following documents (in a single PDF) online via: https://faces.comp.nus.edu.sg • A cover letter that indicates the position applied for and the main research interests • Curriculum Vitae • A teaching statement • A research statement Please reach out to the faculty search committee chair Prof. Joxan Jaffar (joxan@comp.nus.edu.sg) or to the head, Prof. Lee Wee Sun (leews@comp.nus.edu.sg). Provide the contact information of 3 referees when submitting your online application, or, arrange for at least 3 references to be sent directly to csrec@comp.nus.edu.sg. Job requirement: A PhD degree in Computer Science or related areas.

    Closing date for applications:

    Contact: Faculty search committee chair Prof. Joxan Jaffar (joxan@comp.nus.edu.sg) Head, Prof. Lee Wee Sun (leews@comp.nus.edu.sg)

    More information: https://www.comp.nus.edu.sg/images/resources/content/dept-compscience/20210923_DCS_Poster_v4.pdf

    Expand
    Lund University
    Job Posting Job Posting
    The development of computer security has come a long way but several hard challenges remains to be solved. There is an urgent need to research new robust systems which are able to withstand advanced network or hardware based attacks. The technology trends pointing at even more interconnected systems require new thinking regarding models and principles for data protection. At the same time the systems must offer good usability and performance. The research opportunities are rather broad within communication and computer security with respect to IoT systems. Especially, we welcome candidates interested in the combination of AI and security for these applications. The research project is developing a large demonstrator showing how the new security mechanisms work in practice

    Closing date for applications:

    Contact: Prof. Christian Gehrmann

    More information: https://lu.varbi.com/en/what:job/jobID:543355/type:job/where:4/apply:1

    Expand
    University of South Florida, The Department of Computer Science and Engineering, Tampa, FL, USA.
    Job Posting Job Posting
    We have (fully funded) multiple Ph.D. positions in the areas of network security and applied cryptography beginning from Fall 2023 (August 2023) or Spring 2023 (January 2023) at University of South Florida (USF). Students receive a yearly package worth approximately $60,000, which covers all the tuition, health insurance, fringe benefits, and a competitive monthly salary.

    USF is a Rank-1 Research University, and USF CSE is top 15% among Computer Science departments in public universities based on Academic Analytics data based on Scholarly Research Index (and top 8th for patents in the USA). USF offers an excellent working environment, all within proximity to high-tech industry and the beautiful beaches of sunny Florida. Tampa/Orlando area is in Florida High Technology Corridor and harbors major tech and research companies. The qualified candidate will have opportunities for research internships in lead-industrial companies. Topics include:

    Trustworthy Machine Learning (TML)
    • Privacy-Preserving Machine Learning
    • Secure multi-party computation for TML
    Trustworthy Blockchains
    • New cryptographic schemes for consensus and distributed transactions in Blockchains
    • Practical quantum-safe cryptographic deployments for Blockchains
    Secure Internet of Things and Systems (IoT) and Next Generation Wireless Networks
    • Lightweight cryptography for IoT
    • Efficient cryptography for vehicular and unmanned aerial systems
    Privacy-Enhancing Technologies
    • Searchable encryption, Oblivious RAM, and multi-party computation
    Requirements:
    • A BS degree in ECE/CS with a high-GPA
    • Very good programming skills (e.g., C, C++), familiarity with Linux
    • MS degree in ECE/CS/Math is a big plus. Publications will be regarded as a plus but not required.

      Closing date for applications:

      Contact: Associate Prof. Dr. Attila A. Yavuz
      Email: attilaayavuz@usf.edu
      Email: attila.yavuz@gmail.com
      Webpage : http://www.csee.usf.edu/~attilaayavuz/

      More information: https://cse.usf.edu/~attilaayavuz/Recruiting/[FallSpring2023]PositionDescrption_at_USF.pdf

    Expand
    Nation Towers, Tower A, United Arab Emirates, 13 November - 16 November 2022
    Event Calendar Event Calendar
    Event date: 13 November to 16 November 2022
    Expand

    23 September 2022

    Jie Chen, Yu Li, Jinming Wen, Jian Weng
    ePrint Report ePrint Report
    In this work, we propose the first identity-based matchmaking encryption (IB-ME) scheme under the standard assumptions in the standard model. This scheme is proven to be secure under the symmetric external Diffie-Hellman (SXDH) assumption in prime order bilinear pairing groups. In our IB-ME scheme, all parameters have constant number of group elements and are simpler than those of previous constructions. Previous works are either in the random oracle model or based on the q-type assumptions, while ours is built directly in the standard model and based on static assumptions, and does not rely on other crypto tools.

    More concretely, our IB-ME is constructed from a variant of two-level anonymous IBE. We observed that this two-level IBE with anonymity and unforgeability satisfies the same functionality of IB-ME, and its security properties cleverly meet the two requirements of IB-ME (Privacy and Authenticity). The privacy property of IB-ME relies on the anonymity of this two-level IBE, while the authenticity property is corresponding to the unforgeability in the 2nd level. This variant of two-level IBE is built from dual pairing vector spaces, and both security reductions rely on dual system encryption.
    Expand
    Lorenzo Grassi
    ePrint Report ePrint Report
    In this paper, we re-investigate the Lai-Massey scheme, originally proposed in the cipher IDEA. Due to the similarity with the Feistel schemes, and due to the existence of invariant subspace attacks as originally pointed out by Vaudenay at FSE 1999, the Lai-Massey scheme has received only little attention by the community. As first contribution, we propose new generalizations of such scheme that are not (affine) equivalent to any generalized Feistel scheme proposed in the literature so far. Then, inspired by the recent Horst construction, we propose the Amaryllises construction as a generalization of the Lai-Massey scheme, in which the linear combination in the Lai-Massey scheme is replaced by a non-linear one. Besides proposing concrete examples of the Amaryllises construction, we discuss its (possible) advantages and disadvantages with respect to other existing schemes/constructions published in the literature, with particular attention on the Lai-Massey one and on the Horst one.
    Expand
    ◄ Previous Next ►