Very-efficient simulatable flipping of many coins into a well, by Luís T. A. N. Brandão
Secure two-party parallel coin-flipping is a cryptographic functionality that allows two mutually distrustful parties to agree on a common random bit-string of a certain target length. In coin-flipping into-a-well, one party learns the bit-string and then decides whether to abort or to allow the other party to learn it. It is well known that this functionality can be securely achieved in the ideal/real simulation paradigm, using commitment schemes that are simultaneously extractable (X) and equivocable (Q).
This paper presents two new constant-round simulatable coin-flipping protocols, based explicitly on one or a few X-commitments of short seeds and a Q-commitment of a short hash, independently of the large target length. A pseudo-random generator and a collision-resistant hash function are used to combine the separate X and Q properties (associated with short bit-strings) into a unified X&Q property amplified to the target length, thus amortizing the cost of the base commitments. In this way, the new protocols are significantly more efficient than an obvious batching or extension of coin-flippings designed (in the same security setting) for short bit-strings and based on inefficient X&Q commitments.
The first protocol, simulatable with rewinding, deviates from the traditional coin-flipping template in order to improve simulatability in case of unknown adversarial probabilities of abort, without having to use a X&Q commitment scheme. The second protocol, one-pass simulatable, derives from a new construction of a universally composable X&Q commitment scheme for large bit-strings, achieving communication-rate asymptotically close to 1. Besides the base X and Q commitments, the new commitment scheme only requires corresponding collision-resistant hashing, pseudo-random generation and application of a threshold erasure code. Alternative constructions found in recent work with comparable communication complexity require explicit use of oblivious transfer and use different encodings of the committed value.
Short Accountable Ring Signatures Based on DDH, by Jonathan Bootle and Andrea Cerulli and Pyrros Chaidos and Essam Ghadafi and Jens Groth and Christophe Petit
Ring signatures and group signatures are prominent cryptographic primitives offering a combination of privacy and authentication. They enable individual users to anonymously sign messages on behalf of a group of users. In ring signatures, the group, i.e.\\ the ring, is chosen in an ad hoc manner by the signer. In group signatures, group membership is controlled by a group manager.
Group signatures additionally enforce accountability by providing the group manager with a secret tracing key that can be used to identify the otherwise anonymous signer when needed.
Accountable ring signatures, introduced by Xu and Yung (CARDIS 2004), bridge the gap between the two notions. They provide maximal flexibility in choosing the ring, and at the same time maintain accountability by supporting a designated opener that can identify signers when needed.
We revisit accountable ring signatures and offer a formal security model for the primitive. Our model offers strong security definitions incorporating protection against maliciously chosen keys and at the same time flexibility both in the choice of the ring and the opener.
We give a generic construction using standard tools.
We give a highly efficient instantiation of our generic construction in the random oracle model by meticulously combining Camenisch\'s group signature scheme (CRYPTO 1997) with a generalization of the one-out-of-many proofs of knowledge by Groth and Kohlweiss (EUROCRYPT 2015). Our instantiation yields signatures of logarithmic size (in the size of the ring) while relying solely on the well-studied decisional Diffie-Hellman assumption.
In the process, we offer a number of optimizations for the recent Groth and Kohlweiss one-out-of-many proofs, which may be useful for other applications.
Accountable ring signatures imply traditional ring and group signatures. We therefore also obtain highly efficient instantiations of those primitives with signatures shorter than all existing ring signatures as well as existing group signatures relying on standard assumptions.
Post.doc., Norwegian University of Science and Technology (NTNU), Trondheim, Norway
Malicious cryptography is about using cryptography for cyber attacks. We have already seen applications of malicious cryptography in so-called ransomware. Sophisticated attackers may want to use cryptography to hide an attack, the target of the attack, the source of the attack or to protect attack infrastructure (botnets).
The project goal is not to design sophisticated malware, but to understand the possible threats that we need to defend against.
Ph.D. scholarship, Institute of Computer Science, Polish Academy of Sciences, POLAND
We offer two, 3-year Ph.D. scholarships in area of design and cryptanalysis of authenticated encryption schemes.
Working place: Kielce, POLAND
In the second part of the scholarship timeline, it may be possible to continue research in Australia, under supervision of Josef Pieprzyk, QUT, Brisbane.
A Secure Oblivious Transfer Protocol from Indistinguishing Obfuscation, by Mei Wang, Zheng Yuan,Xiao Feng
We proposed a new secure oblivious transfer protocol from indistinguishability obfuscation in this paper. Our main technical tool
is the candidate indistinguishability obfuscation introduced in  and
a dual-mode cryptosystem proposed in . Following their steps, we
presents a new k-out-of-l oblivious transfer protocol, its realization from
DDH is described in this paper, in which we combined indistinguishability obfuscation with the dual-mode cryptosystem. The security of our
scheme mainly relies on the indistinguishability of the obf-branches ( corresponding to the two modes in dual-mode model). Our paper explores
a new way for the application of indistinguishability obfuscation.