Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose, by Yan Huang and Jonathan Katz and Dave Evans
Beginning with the work of Lindell and Pinkas, researchers have proposed several protocols for secure two-party computation based on the cut-and-choose paradigm. In existing instantiations of this paradigm, one party generates $\\kappa$ garbled circuits; some fraction of those are ``checked\'\' by the other party, and the remaining fraction are evaluated.
We introduce here the idea of symmetric cut-and-choose protocols, in which each party generates $\\kappa$ circuits to be checked by the other party. The main advantage of our technique is that the number $\\kappa$ of garbled circuits can be reduced by a factor of 3 while attaining the same statistical security level as in prior work. Since the number of garbled circuits dominates the costs of the protocol, especially as larger circuits are evaluated, our protocol is expected to run up to 3 times faster than existing schemes. Preliminary experiments validate this claim.
Full-time Ph.D. or Postdoc Position, University of Trier, Germany
* The Chair for Information Security and Cryptography at University of Trier, Germany, offers a full-time PhD/Postdoc position.
* The position involves both research and teaching in the area of cryptography/information security. The successful candidate is expected to contribute to research in applied cryptography.
* The position is available immediately and is fully funded. The salary scale for the position is TV-L E13. The gross income depends on the candidate\\\'s experience level. At the lowest level it corresponds to approx. 40,000 EUR per year.
* Contracts are initially offered for two years. An extension to a total duration of up to six years is possible.
* He or she is given the possiblity to carry out a Ph.D. or, for Postdocs, a Habilitation.
* The successful candidate should have a Master\\\'s degree or a Ph.D. (or should be very close to completion thereof) in Computer Science, Mathematics, Information Security, or a related field, with a strong background in Theoretical Computer Science/Mathematics. Knowledge in cryptography is an asset. Since teaching is mostly done in German, sufficient knowledge of German is required.
* The deadline for applications is March 17th, 2013. However, late applications will be considered until the position is filled.
* See http://infsec.uni-trier.de/job-openings.html for the official job announcement (in German).
Symbolic Universal Composability, by Florian Böhl and Dominique Unruh
We introduce a variant of the Universal Composability framework (UC; Canetti, FOCS 2001) that uses symbolic cryptography. Two salient properties of the UC framework are secure composition and the possibility of easily defining security by giving an ideal functionality as specification. These advantages are now also available in a symbolic modeling of cryptography, allowing for a modular analysis of complex protocols.
We furthermore introduce a new technique for modular design of protocols that uses UC but avoids the need for powerful cryptographic primitives that often comes with UC protocols; this \"virtual primitives\" approach is unique to the symbolic setting and has no counterpart in the original computational UC framework.
A Verifiable 1-out-of-n Distributed Oblivious Transfer Protocol, by Christian L. F. Corniaux and Hossein Ghodosi
In the various 1-out-of-$n$ distributed oblivious transfer protocols (DOT) designed in an unconditionally secure environment, a receiver contacts $k$ out of $m$ servers to obtain one of the $n$ secrets held by a sender. After a protocol has been executed, the sender has no information on the choice of the receiver and the receiver has no information on the secrets she did not obtain. Likewise, a coalition of $k - 1$ servers is unable to infer any information, neither on the sender\'s secrets, nor on the receiver\'s choice.
These protocols are based on a semi-honest model: no mechanism prevents a group of malicious servers from disrupting the protocol such that the secret obtained by the receiver does not correspond to the chosen secret. Actually, to verify the information transmitted by the servers seems to require some properties difficult to reconcile: on one hand the receiver has to collect more information from the servers to discard the incorrect data generated by the malicious servers; on the other hand, if the receiver is allowed to gather more information from the servers, the sender\'s security may be compromised.
We study the first unconditionally secure DOT protocol in the presence of an active adversary who may corrupt up to $k - 1$ servers. In addition to the active adversary, we also assume that the sender may (passively) corrupt up to $k - 1$ servers to learn the choice of the receiver. Similarly, the receiver may (passively) corrupt up to $k - 1$ servers to learn more than the chosen secret. However, we assume that the sender, receiver, and active adversary do not collaborate with each other. Our DOT protocol allows the receiver to contact $4k - 3$ servers to obtain one secret, while the required security is maintained.