Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:
To receive your credentials via mail again, please click here.
You can also access the full news archive.
We then show that our proof technique directly yields tight ``Chernoff-type\'\' parallel-repetition theorems (where one considers a ``threshold\'\' verifier that accepts iff the prover manages to convince a certain fraction of the parallel verifiers, as opposed to all of them) for any public-coin interactive argument; previously, tight results were only known for either constant-round protocols, or when the gap between the threshold and the original error-probability is a constant.
Embedding a universal circuit for some class of functions allows us to produce constrained keys for functions in this class, which gives us the first standard-lattice-assumption-based constrained PRF (CPRF) for general bounded-description bounded-depth functions, for arbitrary polynomial bounds on the description size and the depth. (A constrained key w.r.t a circuit $C$ enables one to evaluate the PRF on all $x$ for which $C(x)=1$, but reveals nothing on the PRF values at other points.) We rely on the LWE assumption and on the one-dimensional SIS (Short Integer Solution) assumption, which are both related to the worst case hardness of general lattice problems. Previous constructions for similar function classes relied on such exotic assumptions as the existence of multilinear maps or secure program obfuscation. The main drawback of our construction is that it does not allow collusion (i.e. to provide more than a single constrained key to an adversary).
Similarly to the aforementioned previous works, our PRF family is also key homomorphic.
Interestingly, our constrained keys are very short. Their length does not depend directly either on the size of the constraint circuit or on the input length.
We are not aware of any prior construction achieving this property, even relying on strong assumptions such as indistinguishability obfuscation.
Topic Area 1) Applied cryptography, hardware security, implementation attacks
Topic Area 2) VLSI design, FPGA design, circuit design, embedded systems
Candidates for the post-doc position should have a strong publication record in the leading cryptography conferences (Topic Area 1) or leading computer engineering journals (Topic Area 2). Candidates for the Ph.D. position should have a BS&MS degree with excellent grades, relevant course work and some initial experience in one of the topic areas, either through MS-level research or industry.
The candidates should be open to work in an interdisciplinary fashion, i.e., to conduct high-quality research that bridges applied cryptography and modern hardware design. They will collaborate with Christof Paar (applied cryptography, on leave from the Univ. of Bochum) as well as Sandip Kundu and Russ Tessier (both computer engineering) at UMass Amherst. It is expected that the candidates also interact with researchers at the University of Bochum.
Sounds interesting? Please send your resume (CV, transcript of records) and names/email addresses of two people how can provide references.
The studentship is for three years and includes a stipend of £16,000 per year and tuition fees, and is available to students of UK/EU residency.
The successful candidate will participate in the Formal Methods and Security group (http://www.surrey.ac.uk/computing/research/fms/index.htm), will work in an exciting international environment and will have the opportunity to participate in the development of the recently launched Surrey Centre for Cyber Security (http://www.surrey.ac.uk/sccs/index.htm).
The main tasks of the Ph.D. student will be to develop state-of-the-art techniques for the security analysis of real world protocols. In particular, he/she will work in one of the following areas:
- Formal methods applied to security protocols;
- Applied Cryptography and Provable Security.
The position will remain open until a suitable candidate is found so there is no fixed closing date for applications.
In this paper, we show that this encryption scheme is not one-way: we present an attack that decrypts arbitrary ciphertext without the secret key, and is quite efficient: it amounts to applying the LLL algorithm twice on small matrices. Used against existing practical instantiations of PIR protocols, it allows the server to recover the
users\' access pattern in a matter of seconds.
We give a generic construction of ORKE protocols from general assumptions, with security in the standard model, and in a strong security model where the attacker is even allowed to learn the randomness or the long-term secret of either party in the target session. The only restriction is that the attacker must not learn both the randomness and the long-term secret of one party of the target session, since this would allow him to recompute all internal states of this party, including the session key.
This is the first such construction that does not rely on random oracles.
The construction is intuitive, relatively simple, and efficient. It uses only standard primitives, namely non-interactive key exchange, a digital signature scheme, and a pseudorandom function, with standard security properties, as building blocks.
Our construction achieves maximum versatility by allowing multiple authorities to control the key distribution for an exponential number of attributes. In addition, the ciphertext policies of our system are sufficiently expressive and overcome the restriction
that ``each attribute is used only once\'\' that constrained previous constructions. Besides versatility, another goal of our work is to increase efficiency and practicality. As a result,
we use the significantly faster prime order bilinear groups rather than composite order groups. The construction is non-adaptively secure in the random oracle model under a non-interactive q-type assumption, similar to one used in prior works. Our work
extends existing ``program-and-cancel\'\' techniques to prove security and introduces two new techniques of independent interest for other ABE constructions. We provide an implementation and some benchmarks of our construction in Charm, a programming framework developed for rapid prototyping of cryptographic primitives.