Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:
To receive your credentials via mail again, please click here.
You can also access the full news archive.
attribute values $x$ in addition to a plaintext $\\mu$, and a secret key is associated with a predicate $f$. Decryption returns plaintext
$\\mu$ if and only if $f(x) = 1$. Moreover, security of predicate
encryption guarantees that an adversary learns nothing about the attribute $x$ or the plaintext $\\mu$ from a ciphertext, given arbitrary many secret keys that are not authorized to decrypt the ciphertext individually.
We construct a leveled predicate encryption scheme for all circuits, assuming the hardness of the subexponential learning with errors (LWE) problem. That is, for any polynomial function $d = d(\\secp)$,
we construct a predicate encryption scheme for the class of all circuits with depth bounded by $d(\\secp)$, where $\\secp$ is the security parameter.
We then show that our proof technique directly yields tight ``Chernoff-type\'\' parallel-repetition theorems (where one considers a ``threshold\'\' verifier that accepts iff the prover manages to convince a certain fraction of the parallel verifiers, as opposed to all of them) for any public-coin interactive argument; previously, tight results were only known for either constant-round protocols, or when the gap between the threshold and the original error-probability is a constant.
Embedding a universal circuit for some class of functions allows us to produce constrained keys for functions in this class, which gives us the first standard-lattice-assumption-based constrained PRF (CPRF) for general bounded-description bounded-depth functions, for arbitrary polynomial bounds on the description size and the depth. (A constrained key w.r.t a circuit $C$ enables one to evaluate the PRF on all $x$ for which $C(x)=1$, but reveals nothing on the PRF values at other points.) We rely on the LWE assumption and on the one-dimensional SIS (Short Integer Solution) assumption, which are both related to the worst case hardness of general lattice problems. Previous constructions for similar function classes relied on such exotic assumptions as the existence of multilinear maps or secure program obfuscation. The main drawback of our construction is that it does not allow collusion (i.e. to provide more than a single constrained key to an adversary).
Similarly to the aforementioned previous works, our PRF family is also key homomorphic.
Interestingly, our constrained keys are very short. Their length does not depend directly either on the size of the constraint circuit or on the input length.
We are not aware of any prior construction achieving this property, even relying on strong assumptions such as indistinguishability obfuscation.
Topic Area 1) Applied cryptography, hardware security, implementation attacks
Topic Area 2) VLSI design, FPGA design, circuit design, embedded systems
Candidates for the post-doc position should have a strong publication record in the leading cryptography conferences (Topic Area 1) or leading computer engineering journals (Topic Area 2). Candidates for the Ph.D. position should have a BS&MS degree with excellent grades, relevant course work and some initial experience in one of the topic areas, either through MS-level research or industry.
The candidates should be open to work in an interdisciplinary fashion, i.e., to conduct high-quality research that bridges applied cryptography and modern hardware design. They will collaborate with Christof Paar (applied cryptography, on leave from the Univ. of Bochum) as well as Sandip Kundu and Russ Tessier (both computer engineering) at UMass Amherst. It is expected that the candidates also interact with researchers at the University of Bochum.
Sounds interesting? Please send your resume (CV, transcript of records) and names/email addresses of two people how can provide references.
The studentship is for three years and includes a stipend of £16,000 per year and tuition fees, and is available to students of UK/EU residency.
The successful candidate will participate in the Formal Methods and Security group (http://www.surrey.ac.uk/computing/research/fms/index.htm), will work in an exciting international environment and will have the opportunity to participate in the development of the recently launched Surrey Centre for Cyber Security (http://www.surrey.ac.uk/sccs/index.htm).
The main tasks of the Ph.D. student will be to develop state-of-the-art techniques for the security analysis of real world protocols. In particular, he/she will work in one of the following areas:
- Formal methods applied to security protocols;
- Applied Cryptography and Provable Security.
The position will remain open until a suitable candidate is found so there is no fixed closing date for applications.
In this paper, we show that this encryption scheme is not one-way: we present an attack that decrypts arbitrary ciphertext without the secret key, and is quite efficient: it amounts to applying the LLL algorithm twice on small matrices. Used against existing practical instantiations of PIR protocols, it allows the server to recover the
users\' access pattern in a matter of seconds.