International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2012-09-03
15:17 [Pub][ePrint]

Entangled cloud storage enables a set of clients {P_i} to \"entangle\" their files {f_i} into a single clew c to be stored by a (potentially malicious) cloud provider S. The entanglement makes it impossible to modify or delete significant part of the clew without affecting all files in c. A clew keeps the files in it private but still lets each client P_i recover his own data by interacting with S; no cooperation from other clients is needed. At the same time, the cloud provider is

discouraged from altering or overwriting any significant part of c as this will imply that none of the clients can recover their files.

We provide theoretical foundations for entangled cloud storage, introducing the notion of an entangled encoding scheme that guarantees strong security requirements capturing the properties above. We also give a concrete construction based on privacy-preserving polynomial interpolation, along with protocols for using the encoding scheme in practice.

Protocols for cloud storage find application in the cloud setting, where clients store their files on a remote server and need to be ensured that the cloud provider will not delete their data illegitimately. Current solutions, e.g., based on Provable Data Possession and Proof of Retrievability, catch a malicious server \"after-the-fact\", meaning that the server needs to be challenged regularly to provide evidence that the clients\' files are stored at a given time.

Entangled storage makes all clients equal and with the same rights: It makes it financially inconvenient for a cloud provider to alter specific files and exclude certain \"average\" customers, since doing so would undermine all customers in the system, even those considered \"important\" and, thus, profitable. Therefore, entangled storage schemes offer security \"before-the-fact\".

15:17 [Pub][ePrint]

We present a protocol for securely computing a Boolean circuit $C$ in presence of a dishonest and malicious majority. The protocol is unconditionally secure, assuming access to a preprocessing functionality that is not given the inputs to compute on. For a large number of players the work done by each player is the same as the work needed to compute the circuit in the clear, up to a constant factor. Our protocol is the first to obtain these properties for Boolean circuits. On the technical side, we develop new homomorphic authentication schemes based on asymptotically good codes with an additional multiplication property. We also show a new algorithm for verifying the product of Boolean matrices in quadratic time with exponentially small error probability, where previous methods would only give a constant error.

15:17 [Pub][ePrint]

We construct a perfectly binding string commitment scheme whose security is based on the learning parity with noise ($\\LPN$) assumption, or equivalently, the hardness of decoding random linear codes. Our scheme not only allows for a simple and efficient zero-knowledge proof of knowledge for committed values (essentially a $\\Sigma$-protocol), but also for such proofs showing any kind of relation amongst committed values, i.e. proving that messages $\\vm_0,\\ldots,\\vm_u$, are such that $\\vm_0=C(\\vm_1,\\ldots,\\vm_u)$ for any circuit $C$.

To get soundness which is exponentially small in a security parameter $t$, and when the zero-knowledge property relies on the LPN problem with secrets of length $\\ell$, our $3$ round protocol has communication complexity $\\bigO(t|C|\\ell\\log(\\ell))$ and computational complexity of $\\bigO(t|C|\\ell)$ bit operations. The hidden constants are small, and the computation consists mostly of computing inner products of bit-vectors.

2012-09-02
00:59 [Event][New]

Submission: 9 September 2012
From November 28 to November 30
Location: Seoul, Korea

2012-08-27
14:07 [Event][New]

From August 18 to August 22
Location: Santa Barbara, CA, USA

2012-08-26
10:36 [Job][New]

ESCRYPT is an ambitious company in the area of applied data security. Our clients include all global auto makers as well as leading global players in the area of machinery, automation, semiconductors and high-tech companies. ESCRYPT is a German company with offices in the US and Europe. ESCRYPT is leader in automotive data security and is expanding the US business. We are looking for highly motivated people who have great ideas and who want to realize those.

Your role will be developing customized software for our client projects and support our product development. You will potentially develop a Javabased enterprise security server, customized applications for JCOP-based smart-cards, and security applications for embedded devices in C. You will be located in our Ann Arbor office in Michigan, USA, and work in an international team and collaborate with our colleagues in the German offices.

REQUIREMENTS

We seek:

• Top graduates in the fields of computer science,

electrical engineering, or applied

mathematics

• Java Enterprise Edition experience

• Software development experience (C, C++,

Java)

• Industry experience is an advantage

We look for all-rounders willing to improve ESCRYPT every day. You should be able to work independently and be willing to take responsibility.

2012-08-24
23:03 [News]

There is now a BibTeX file available that contains all IACR publications in cryptodb.

2012-08-23
11:08 [Job][New]

The PhD candidate will contribute to the research in the project “Implementation-Level Analysis of E-Voting Systems”, which is funded by the German Research Foundation (DFG) and is part of the DFG priority programme “Reliably Secure Software Systems - RS3”. The goal of this project is to develop general methods and techniques for the security analysis of Java systems that use cryptography, with e-voting systems being one of the motivating examples. The project combines techniques from program analysis/verification with techniques from cryptography and cryptographic protocol analysis.

We offer a creative international environment and the possibility to participate in internationally visible research. The salary scale for the position is TV-L E13 (100%). Subject to the final decision of the DFG, the position will be available from October 1st, 2012. Contracts are initially offered for two years, with the perspective of an extension by another two years.

The successful candidate should have a Master’s degree (or should be very close to completion thereof) in Computer Science, Mathematics, Information Security, or a related field, with a strong background in Theoretical Computer Science. Knowledge in program analysis/verification, logic, or cryptography is an asset. Good English skills are expected; knowledge of German is not required.

Applications should include:

• Cover letter explaining your motivation
• Transcript of all courses and grades for your Bachelor and Master program
• A short description of your Master’s work (max 1 page)
• Contact details of (at least) one professor that can provide a recommendation for your application.

The deadline for applications is September 30th, 2012. However, late applications will be considered until the position is filled.

11:08 [Job][New]

Kanazawa University, Japan, invites applications for a tenure-track assistant professor position in advanced research area of information security, such as IT Security and Cryptography.

An appointee is expected on duty on December 1st, 2012 or at a possibly early time after that, and at latest by the end of March, 2013.

Research budget: Kanazawa University will provide funding support for the start-up of research: 10 million Yen for the first fiscal year and 5 million Yen for the second fiscal year.

11:08 [Job][New]

We seek excellent applicants from all areas of IT-security, privacy and accountability, in particular in the areas of

• Privacy Enhancing Technologies;

• Language-based Security;

• Information Trust and Accountability;

• Network-, System- and Web-Security.

The position is part of the recently established IT-security center CISPA, which was established as part of an initiative by the German government to create three distinguished research centers in IT-security. CISPA covers a broad area of research problems in IT-security, privacy, and accountability, ranging from fundamental research questions to the development of new technologies and prototypic systems for practical application. The close connection of the CISPA to the department of computer science, the Max-Planck-Institute (MPI) for Informatics, the MPI for Software Systems, the German Research Center for Artificial Intelligence (DFKI), the Cluster of Excellence on Multimodal Computing and Interaction (MMCI), the Saarbrücken Graduate School of Computer Science and the Intel Visual Computing Institute (IVCI) is crucial for the success of the location. All of these institutes are in close proximity on the campus.

Aside from the standard requirements by public sector employment law, necessary qualifications for hiring include outstanding scientific skills, management skills and excellent teaching skills. The scientific qualification should encompass a doctoral degree as well as publications in the leading international IT-security conferences. The teaching and working language is English. Participation towards establishing the CISPA center and the acquisition of projects is expected.

The employment is tenured and initially a private-law employment relationship. A change to civil servant status is planned for the next year, as soon as the requirements by the budget and the civil service law are fulfilled.