International Association for Cryptologic Research

# IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-08-07
16:59 [Job][New]

- Conception and definition of cryptographic algorithms (block ciphers, hash functions, asymmetric primitives, protocols)

- Implementation cryptographic primitives and protocols in C/C++/Python languages

- Definitions of related tests for validation

- Definition and implementation of dedicated tools to aid implementation and analysis of cryptographic algorithms

- Work closely with HW design and verification team

- Close collaboration with software teams for system validation

- Working closely with security architects and system architects for definition of requirements

- Follow-up of related academic literature and developments

- Deliver crypto specifications documents to internal teams

- Provide guidance and support to peers in tools and IP design

16:58 [Job][Update]

The Digital Security group at the Radboud University Nijmegen invites applications for PhD and PostDoc positions in applied cryptography and embedded security.

The research envisioned is on side-channel cryptanalysis, fault attacks and countermeasures and/or lightweight cryptography (protocols, crypto primitives and implementations).

The project has sufficient funds to support career development, conference visits, summer schools, and similar scientific activities.

Requirements

For PhD students:

Successful candidates must hold an M.Sc. degree (or equivalent) from the university study of Computer Science, Mathematics or Engineering. Applications from students that are expected to finish their master thesis within 1 year will also be considered. Prior background/experience in cryptography and/or computer security is an asset.

For PostDocs:

Applicants should have a Ph.D. and expertise in at least one of the following research areas:

- applied cryptography

- embedded security

- hardware design for cryptography/cryptanalysis

- side-channel analysis and countermeasures

- machine learning and data mining

We expect proven expertise in your area of research by publications at top conferences and journals, some experience with EU projects, student supervision etc.

Conditions of employment

PhD positions are for 4 years, PostDoc positions are for up to 2 years, the expected starting dates are flexible.

Candidates moving to the Netherlands from abroad may qualify for a tax incentive scheme, where 30% of your income is tax-free.

For additional information, see http://www.ru.nl/ds, and for the positions contact:

Lejla Batina (http://www.cs.ru.nl/~lejla/), lejlaATcs.ru.nl

16:58 [Job][New]

The Digital Security group at the Radboud University Nijmegen invites

applications for PhD and PostDoc positions in applied cryptography and embedded security.

The research envisioned is on side-channel cryptanalysis, fault attacks and countermeasures and/or lightweight cryptography (protocols, crypto primitives and implementations).

The project has sufficient funds to support career development, conference visits, summer schools, and similar scientific activities.

Requirements

For PhD students:

Successful candidates must hold an M.Sc. degree (or equivalent) from the university study of Computer Science, Mathematics or Engineering. Applications from students that are expected to finish their master thesis within 1 year will also be considered. Prior background/experience in cryptography and/or computer security is an asset.

For PostDocs:

Applicants should have a Ph.D. and expertise in at least one of the following research areas:

- applied cryptography

- embedded security

- hardware design for cryptography/cryptanalysis

- side-channel analysis and countermeasures

- machine learning and data mining

We expect proven expertise in your area of research by publications at top conferences and journals, some experience with EU projects, student supervision etc.

Conditions of employment

PhD positions are for 4 years, PostDoc positions are for up to 2 years, the expected starting dates are flexible.

Candidates moving to the Netherlands from abroad may qualify for a tax incentive scheme, where 30% of your income is tax-free.

For additional information, see http://www.ru.nl/ds, and for the positions contact:

Lejla Batina (http://www.cs.ru.nl/~lejla/), lejlaATcs.ru.nl

<

16:57 [Event][New]

Submission: 8 January 2015
From January 28 to January 30
Location: Dubai, UAE

2014-08-05
21:17 [Pub][ePrint]

Non-interactive zero-knowledge proofs of knowledge for general NP statements are a powerful cryptographic primitive, both in theory and in practical applications. Recently, much research has focused on achieving an additional property, succinctness, requiring the proof to be very short and easy to verify. Such proof systems are known as zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs), and are desired when communication is expensive, or the verifier is computationally weak.

Existing zk-SNARK implementations have severe scalability limitations, in terms of space complexity as a function of the size of the computation being proved (e.g., running time of the NP statement\'s decision program). First, the size of the proving key is quasilinear in the upper bound on the computation size. Second, producing a proof requires \"writing down\" all intermediate values of the entire computation, and then conducting global operations such as FFTs.

The bootstrapping technique of Bitansky et al. (STOC \'13), following Valiant (TCC \'08), offers an approach to scalability, by recursively composing proofs: proving statements about acceptance of the proof system\'s own verifier (and correctness of the program\'s latest step). Alas, recursive composition of known zk-SNARKs has never been realized in practice, due to enormous computational cost.

Using new elliptic-curve cryptographic techniques, and methods for exploiting the proof systems\' field structure and nondeterminism, we achieve the first zk-SNARK implementation that practically achieves recursive proof composition. Our zk-SNARK implementation runs random-access machine programs and produces proofs of their correct execution, on today\'s hardware, for any program running time. It takes constant time to generate the keys that support all computation sizes. Subsequently, the proving process only incurs a constant multiplicative overhead compared to the original computation\'s time, and an essentially-constant additive overhead in memory. Thus, our zk-SNARK implementation is the first to have a well-defined, albeit low, clock rate of \"verified instructions per second\".

21:17 [Pub][ePrint]

The increasing availability and use of biometric data for authentication and

other purposes leads to situations when sensitive biometric data is to be

handled or used in computation by entities who may not be fully trusted or

otherwise authorized to have full access to such data. This calls for

mechanisms of provably protecting biometric data while still allowing the

computation to take place. In this work, we treat the problem of

privacy-preserving matching of two fingerprints, which can be used for

secure fingerprint authentication and identification. We utilize traditional

minutia-based representation of fingerprints that leads to the most

discriminative (i.e., accurate) fingerprint comparisons. Unlike prior work,

we design a data-oblivious algorithm that results in the most accurate

outcome of fingerprint matching through a more complex minutia pairing

approach based on maximum flow in bipartite graphs. This algorithm then

leads to secure fingerprint matching solutions of high security standards.

The complexity of our solution is higher than those of some other available

protocols, but nevertheless we show that our techniques still efficiently

compare two fingerprints with provable security guarantees. That is, they

run in a similar amount of time to those with simpler matching mechanisms

which are not guaranteed to find the best matching.

21:17 [Pub][ePrint]

In this paper we revisit the notion of generalized universal composability (GUC)

introduced by Canetti, Dodis, Pass and Walfish in 2007. The GUC model was

intended to model a practical setting where setup parameters, like a PKI or a CRS,

are made public once and for all and then used by many different protocols.

We show that there exist protocols which can be proven secure in the GUC model,

but which are obviously insecure in practice, in the setting that the GUC model was

intended to capture. We then proceed to revise the GUC model to a version that

better models the intended practical setting. We call the new notion strong generalized

UC. We finally prove that the GUC protocols proposed by Canetti, Dodis, Pass and Walfish

are also strong GUC secure, i.e., whereas there is a problem with the model, the

protocols seem to be secure in the intended setting.

21:17 [Pub][ePrint]

In the last few years garbled circuits (GC) have been elevated from being merely a component in Yao\'s protocol for secure two-party computation, to a cryptographic primitive in its own right, following the growing number applications that use GCs.

Zero-Knowledge (ZK) protocols is one of these examples: In a recent paper Jawurek et al. [JKO13] showed that GCs can be used to construct efficient ZK for unstructured languages. In this work we show that due to the property of this particular scenario (i.e., one of the party knows all the secret input bits, and therefore all intermediate values in the computation), we can construct more efficient garbled schemes specifically tailored to this goal.

As a highlight of our result, in one of our constructions only one encryption per gate needs to be communicated, and XOR gates never require any cryptographic operation.

In addition to making a step forward towards more practical ZK, we believe that our contribution is also interesting from a conceptual point of view: in the terminology of Bellare et al. [BHR12] our garbling schemes achieve authenticity, but no privacy nor obliviousness, therefore representing the first natural separation between those notions.

21:17 [Pub][ePrint]

Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. We demonstrate the practicality of post-quantum key exchange by constructing ciphersuites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem; we accompany these ciphersuites with a rigorous proof of security. Our approach ties lattice-based key exchange together with traditional authentication using RSA or elliptic curve digital signatures: the post-quantum key exchange provides forward secrecy against future quantum attackers, while authentication can be provided using RSA keys that are issued by today\'s commercial certificate authorities, smoothing the path to adoption.

Our cryptographically secure implementation, aimed at the 128-bit security level, reveals that the performance price when switching from non-quantum-safe key exchange is not too high. With our R-LWE ciphersuites integrated into the OpenSSL library and using the Apache web server on a 2-core desktop computer, we could serve 506 RLWE-ECDSA-AES128-GCM-SHA256 HTTPS connections per second for a 10 KiB payload. Compared to elliptic curve Diffie--Hellman, this means an 8 KiB increased handshake size and a reduction in throughput of only 21%. This demonstrates that post-quantum key-exchange can already be considered practical.

2014-08-04
21:40 [Job][New]

A 4 year PhD student position is available at the Department of Informatics of the University of Bergen. Some of the possible research directions are coding theory, cryptography, Boolean functions, sequence design.

Information on application requirements and work conditions can be found at http://www.jobbnorge.no/ledige-stillinger/stilling/103925/stipendiat-i-informatikk

00:17 [Pub][ePrint]

A machine is said to be {\\em oblivious} if the sequences of memory accesses made by the machine for two inputs with the same running time are identically (or close to identically) distributed. Oblivious RAM (ORAM) compilers -- compilers that turn any RAM program $\\Pi$ into an oblivious RAM $\\Pi\'$, while incurring only a \"small\", polylogarithmic, slow-down -- have been extensively studied since the work of Goldreich and Ostrovsky (JACM 1996), and have numerous fundamental applications. These compilers, however, do not leverage parallelism: even if $\\Pi$ can be heavily parallelized, $\\Pi\'$ will be inherently sequential.

In this work, we present the first {\\em Oblivious Parallel RAM (OPRAM)} compiler, which compiles any PRAM into an oblivious PRAM while incurring only a polylogarithmic slowdown.