International Association for Cryptologic Research

IACR News Central

Here you can see all recent updates to the IACR webpage. These updates are also available:

Now viewing news items related to:

9 May 2017
The O*NET Data Collection Program, which is sponsored by the U.S. Department of Labor Employment and Training Administration (, is seeking the input of expert Mathematicians and Cryptographers. As the nation’s most comprehensive source of occupational data, O*NET is a free resource for millions of job seekers, employers, veterans, educators, and students at O*NET particularly needs input from Cryptographers.

You have the opportunity to participate in this important initiative as it will help ensure that the complexities of your profession are described accurately in the O*NET Database for the American public for career exploration and job analysis.


Description: Conduct research in fundamental mathematics or in application of mathematical techniques to science, management, and other fields. Solve problems in various fields using mathematical methods.

You are considered an Occupation Expert if you meet the following criteria:
  • At least 5 years of experience with the occupation. Includes those who are now supervising, teaching, or training IF you have at least one year of practice during your career.
  • Currently active in the occupation (practicing, supervising, teaching and/or training) and based in the U.S.
If you meet these criteria and are interested in participating as an occupation expert, please email or call Tammy Belcher at the O*NET Operations Center at RTI International (the O*NET data collection contractor) 877-233-7348 ext. 119 or and provide the following:
  • Name/ # years of experience
  • Address with city and state
  • Daytime phone number
  • Email address
  • Do you have at least one year of practice in the occupation and are you still active?
Process and Participation Incentive: A random sample of experts responding to this request will be invited to complete a set of questionnaires (paper or online versions available). $40.00 in cash and a certificate of appreciation from the U.S. Department of Labor will be included with the questionnaires.

We encourage you to consider helping to keep information about your profession accurate and current for the benefit of our colleagues and the nation. Thank you very much for your support.

(Dr. Laurie Cluff of RTI, International is leading this program of data collection from occupation experts. If you have questions or concerns, she may be reached by phone, at (919) 541-6514, or by e-mail, at Thank you for your time and consideration.)
Event date: 10 August to 11 August 2017
Submission deadline: 26 May 2017
Notification: 19 June 2017
Job Posting Ph. D. student Commissariat à l\'Energie Atomique, LIST, Université Paris-Saclay
Over the last few years, a new breed of machines have appeared in the quantum computing landscape, the so-called analog quantum computers of which the machines presently sold by the Canadian company D-Wave are the first instances. From an abstract point of view, such a machine may be seen as an oracle specialized in the resolution of an NP-hard optimization problem (of the spin-glass type) with an algorithm analogous to the well-known simulated annealing but with a quantum speedup (the precise characterization of which still being an open question). If the theory of quantum annealing is now relatively well understood by the physics community, the extent to which D-Wave machines implements it properly is still the subject of some controversy within that community. Still, quantum annealing machines do exists today at a non-trivial scale (between 500 and 1000 bits of internal state) and their technological path towards larger scales is much clearer than for their digital cousins. Furthermore, it is presently considered that a quantum annealing machines with an internal state between 6 to 10 kbits would be competitive with the most powerful classical computers for solving optimization problems. In this context, the present thesis aims at investigating polynomial transformation paths from some NP problems (not necessarily NP-hard and which selection will be done as part of the thesis work) towards the reference problem of the annealing machine. Thus, the main objective of this thesis is to develop a better understanding of the theoretical performances of these machines, as well as a first return on experience if access to a D-Wave machine (via an institution owning such a machine) is possible. Depending on the candidate profile, the subject will bend more towards either physical aspects, computational complexity theory aspects or more applicative aspects (operations research, cryptanalysis notably).

Closing date for applications: 31 December 2017

Contact: Renaud Sirdey

More information:

Job Posting Research Fellow (Post-Doc), Research Associate, Research Asssitant, PhD student (several positions) Department of Computing, The Hong Kong Polytechnic University, Hong Kong
We are looking for Research Fellow (Post-Doc), Research Associate, Research Assistant, PhD student (several positions) to join our group.

Candidates for research fellow/associate should have completed (or close to completing) a PhD in computer science, mathematics, or a related discipline. Research assistant are expected to have an honours degree or an equivalent qualification. Applicants should have solid experience in any of the following areas:

1. public key cryptography and provable security.

2. system and network security

3. software engineering

Successful candidates are expected to contribute to one of the following topics:

- applications of blockchain technology

- lattice-based cryptography

- mobile security

- network security

The post has a flexible starting date. The initial appointment will be for 12 months, with a strong possibility for further appointment.

Applicants for PhD studentship should possess:

- a bachelor degree in computer science with good programming skills; or

- a bachelor degree in mathematics with strong interest in cryptography.

Review of applications will start immediately until the positions are filled.

Closing date for applications: 1 November 2017

Contact: Contact: Daniel Xiapu Luo ( (csxluo at comp dot polyu dot edu dot hk)

Man Ho Allen Au ( (csallen at comp dot polyu dot edu dot hk)

Job Posting PhD student (fully funded) Chalmers University of Technology - Sweden
We are looking for an excellent, motivated, self-driven doctoral student to work in the area of information security and cryptography. The position is for up to five years at the Department of Computer Science and Engineering, within the group of Prof. Katerina Mitrokotsa who is doing research in cryptographic protocols that guarantee reliable authentication, privacy-preservation and verifiable delegation of computation. The topic of this project is focusing on investigating security and privacy issues for resource-constrained devices (e.g., sensors) that rely on external untrusted servers in order to perform computations. More precisely, the student shall be working on investigating efficient authentication and verifiable delegation of computation mechanisms that provide: i) provable security guarantees, and ii) rigorous privacy guarantees. The overall aim of the PhD position will be to design and evaluate cryptographically reliable and privacy-preserving authentication and verifiable delegation of computation protocols. The research shall also consider the case where multiple clients outsource jointly computations to untrusted cloud servers. Experience in one or more domains such as cryptography, design of protocols, secure multi-party computation and differential privacy is beneficial. Mathematical maturity is essential.

The PhD student will be supervised by Prof. Katerina Mitrokotsa:

Full-time temporary employment. PhD student positions are limited to five years. Starting salary is 27,835 SEK a month before tax. The position is intended to start in Sept 2017.

Submit your applications here:

Attention! You need to select project C4 in your application.

Closing date for applications: 31 May 2017

Contact: Katerina Mitrokotsa, Associate Professor, Chalmers Univ. of Technology

More information:

Job Posting Automotive security researcher Onboard Security, Wilmington, MA, USA
Do you have a PhD degree in Computer Science with specialization in Network / Cybersecurity? Are you interested in breaking into the rapidly-growing automotive security market?

OnBoard Security, formerly the Embedded Security division of Security Innovation, is the leader in automotive cybersecurity and we are looking for a Researcher to work on exciting projects.

Position Overview

OnBoard Security delivers world-class research and consulting services in secure communications, network security architecture, PKI, and security for connected vehicles. You will support research projects on a variety of security and privacy topics relating to connected and automated vehicles. You will also help us out in our Connected Vehicle Security consulting business.

Required Qualifications

  • PhD degree in Computer Science (specialization in network security is a plus) or 5 years in industry, including work in a research-aligned environment

  • Publications in top-tier conferences (please attach your best publication to your application)

  • Experience with simulation tools (e.g. VEINS)

  • Good communication skills

About us

We can’t name all the customers we’ve worked with, but recent specific projects have included being technical editor of IEEE Std 1609.2, the standard for all communications security for connected vehicle; and serving as security lead for the New York City Connected Vehicle Pilot, shaping all aspects of application, communication and configuration security for an upcoming 8,000 vehicle deployment on the streets of New York. Our security middleware was selected by GM for inclusion in the MY 2017 Cadillac CTS, the first car to have DSRC installed for sale to the general public. On the research side, we are working on topics ranging from cryptography (e.g. Garbled Circuits) to network and system security (e.g. misbehavior detection) and privacy (e.g. pseudonym system).

OnBoard Security is an equal opportunity employer.

Closing date for applications: 1 August 2017

Contact: Jonathan Petit, Senior Director of Research

jobs (at)

More information:

Job Posting Blockchain Expert in IoT Environment Eciotify GmbH, Berlin & Flensburg

We are eciotify, a new venture supported by NBT AG. We envision a world whereby IoT devices are enabled to freely participate in an economy; buying, selling and trading their digital assets by our secure, low cost and inter-operable technologies.
As our Blockchain Expert you will be responsible for the developments of our Blockchain Technology.

Take an active role in decisions on designing new systems and architectures based on Blockchain technologies


  • Significant experience in blockchain technologies (e.g. Ethereum, Hyperledger)
  • In-depth knowledge in smart contract programming, ideally proven by some previous projects


People matter for us!
Our employees are the foundation of everything we accomplish.
The only way to realize our full potential is by providing an inspiring work environment, by enabling our employees to grow and provide them with everything they need to become thought leaders in their field.

Be in the driver seat of your personal and professional development
We offer you responsible and versatile tasks in a highly motivated international team. You will find minimal hierarchies, quick decision-making, a great work environment atmosphere. If you are a self motivated thinker and doer, we will provide you with astonishing opportunities to grow on a personal and professional level! In collaboration with Professor Gajek, eciotify is providing a great R&D environment for the most curious minds! We also offer the possibility to make your PhD and are able to connect you with the international research community.


To sum it all up in one sentence:

Build cool stuff with us!

Closing date for applications: 15 June 2017

Contact: Dennis Wegener

Head of HR

buildcoolstuff (at)

More information:

Job Posting PhD positions International Max Planck Research School for Computer Science, Saarbrücken, Germany

The International Max Planck Research School for Computer Science (IMPRS-CS) is a graduate program jointly run by the Max Planck Institute for Informatics, the Max Planck Institute for Software Systems and Saarland University.

The IMPRS-CS offers a PhD program upon successful completion of which students receive a Doctoral Degree in Computer Science from Saarland University. The program is open to students who hold or are about to receive a research-oriented Masters degree in Computer Science (or an equivalent degree). Successful candidates will typically have ranked at or near the top of their classes, have already engaged in research and published their results, and be highly proficient in written and spoken English.

Admitted students receive a support contract that covers all living expenses and tuition fees. They enjoy a research-oriented education with close supervision by world-renowned scientists in a competitive, yet collaborative, environment rich in interaction with other students, post-docs, and scientists.

Applications are accepted all year round; the current round closes on July 15th, 2017.

Further information, including instructions on how to apply, can be found here:


Closing date for applications: 15 July 2017

Contact: Jennifer Gerling, IMPRS-CS Coordinator

E-Mail: imprs (at)

Phone: +49 681 9325 1800

More information:

The Fiat-Shamir construction (Crypto 1986) is an efficient transformation in the random oracle model for creating non-interactive proof systems and signatures from sigma-protocols. In classical cryptography, Fiat-Shamir is a zero-knowledge proof of knowledge assuming that the underlying sigma-protocol has the zero-knowledge and special soundness properties. Unfortunately, Ambainis, Rosmanis, and Unruh (FOCS 2014) ruled out non-relativizing proofs under those conditions in the quantum setting.

In this paper, we show under which strengthened conditions the Fiat-Shamir proof system is still post-quantum secure. Namely, we show that if we require the sigma-protocol to have computational zero-knowledge and perfect special soundness, then Fiat-Shamir is a zero-knowledge simulation-sound proof system (but not a proof of knowledge!). Furthermore, we show that Fiat-Shamir leads to a post-quantum secure strongly unforgeable signature scheme when additionally assuming a "dual-mode hard instance generator" for generating key pairs.

Finally, we study the extractability (proof of knowledge) property of Fiat-Shamir. While we have no proof of the extractability itself, we show that if we can prove extractability, then other desired properties such as simulation-sound extractability (i.e., non-malleability), and strongly unforgeable signatures follow.
The design of an efficient code-based signature scheme is by all means still an open problem. In this paper, we propose a simple and efficient scheme following the framework detailed by Lyubashevsky to construct an identification scheme. The scheme is based on quasi-cyclic codes and, while security relies on the ring algebra that is associated with them, the proposal benefits from the quasi-cyclic structure in reducing key and signature sizes.
Machine learning is widely used in practice to produce predictive models for applications such as image processing, speech and text recognition. These models are more accurate when trained on large amount of data collected from different sources. However, the massive data collection raises privacy concerns.

In this paper, we present new and efficient protocols for privacy preserving machine learning for linear regression, logistic regression and neural network training using the stochastic gradient descent method. Our protocols fall in the two-server model where data owners distribute their private data among two non-colluding servers who train various models on the joint data using secure two-party computation (2PC). We develop new techniques to support secure arithmetic operations on shared decimal numbers, and propose MPC-friendly alternatives to nonlinear functions such as sigmoid and softmax that are superior to prior work.

We implement our system in C++. Our experiments validate that our protocols are several orders of magnitude faster than the state of the art implementations for privacy preserving linear and logistic regressions, and scale to millions of data samples with thousands of features. We also implement the first privacy preserving system for training neural networks.
ePrint Report Higher-Order Side-Channel Protected Implementations of Keccak Hannes Gross, David Schaffenrath, Stefan Mangard
The efficient protection of security critical devices against side-channel analysis attacks is a fundamental need in the age of Internet of Things and ubiquitous computing. In this work, we introduce a configurable hardware design of Keccak (SHA-3) which can be tailored to fulfill the needs of a wide range of different applications. Our Keccak design is therefore equipped with generic side-channel protection capabilities. The design can thus be synthesized for any desired protection level by just changing one design parameter. Regardless of its generic appearance, the introduced Keccak design yields the smallest (15.7 kGE) firstorder protected Keccak implementation published to this date. Furthermore, it is to the best of our knowledge the first higher-order side-channel resistant implementation of Keccak. In total, we state results for four different Keccak variants up to the ninth protection order.
ePrint Report Double-spending Prevention for Bitcoin zero-confirmation transactions Cristina Pérez-Solà, Sergi Delgado-Segura, Guillermo Navarro-Arribas, Jordi Herrera-Joancomartı́
Zero-confirmation transactions, i.e., transactions that have been broadcast but are still pending to be included in the blockchain, have gained attention in order to enable fast payments in Bitcoin, shortening the time for performing payments. Fast payments are desirable in certain scenarios, for instance, when buying in vending machines, fast food restaurants, or withdrawing from an ATM. Despite being fast propagated through the network, zero-confirmation transactions are not protected against double-spending attacks, since the double spending protection Bitcoin offers relays on the blockchain and, by definition, such transactions are not yet included in it. In this paper, we propose a double-spending prevention mechanism for Bitcoin zero-confirmation transactions. Our proposal is based on exploiting the flexibility of the Bitcoin scripting language together with a well known vulnerability of the ECDSA signature scheme to discourage attackers from performing such an attack.
ePrint Report Privacy-Preserving Interdomain Routing at Internet Scale Gilad Asharov, Daniel Demmler, Michael Schapira, Thomas Schneider, Gil Segev, Scott Shenker, Michael Zohner
The Border Gateway Protocol (BGP) computes routes between the organizational networks that make up today's Internet. Unfortunately, BGP suffers from deficiencies, including slow convergence, security problems, a lack of innovation, and the leakage of sensitive information about domains' routing preferences. To overcome some of these problems, we revisit the idea of centralizing and using secure multi-party computation (MPC) for interdomain routing which was proposed by Gupta et al. (ACM HotNets'12). We implement two algorithms for interdomain routing with state-of-the-art MPC protocols. On an empirically derived dataset that approximates the topology of today's Internet (55,809 nodes), our protocols take as little as 6 s of topology-independent precomputation and only 3s of online time. We show, moreover, that when our MPC approach is applied at country/region-level scale, runtimes can be as low as 0.17 s online time and 0.20 s pre-computation time. Our results motivate the MPC approach for interdomain routing and furthermore demonstrate that current MPC techniques are capable of efficiently tackling real-world problems at a large scale.
This paper is devoted to the study of the problem of running compression algorithms in the encrypted domain, using a (somewhat) Fully Homomorphic Encryption (FHE) scheme. We do so with a particular focus on conservative compression algorithms. Despite of the encrypted domain Turing-completeness which comes with the magic of FHE operators, we show that a number of subtleties crop up when it comes to running compression algorithms and, in particular, that guaranteed conservative compression is not possible to achieve in the FHE setting. To illustrate these points, we analyze the most elementary conservative compression algorithm of all, namely Run-Length Encoding (RLE). We first study the way to regularize this algorithm in order to make it (meaningfully) fit within the constraints of a FHE execution. Secondly, we analyze it from the angle of optimizing the resulting structure towards (as much as possible) FHE execution efficiency. The paper is concluded by concrete experimental results obtained using the Fan-Vercauteren cryptosystem as well as the Armadillo FHE compiler.
8 May 2017
Event date: 17 September to 19 September 2017
7 May 2017
Event date: 23 April to 24 April 2018
Submission deadline: 15 December 2017
Notification: 12 February 2018
Event date: 9 July to 16 July 2017
Submission deadline: 25 May 2017
Notification: 5 June 2017
Event date: 21 August 2017
Submission deadline: 21 May 2017
Notification: 7 July 2017
5 May 2017
This work studies the success probability of linear cryptanalysis. Complete expressions for the success probability are obtained using two different approaches, namely the order statistics and the hypothesis testing based approaches. We argue that the hypothesis testing based approach is theoretically more sound and does not require a number of assumptions and approximations which are inherent in the order statistics based approach. For analysing success probability, a unifying framework of general key randomisation hypotheses is introduced. The previously used standard key randomisation hypotheses and the adjusted wrong key randomisation hypothesis can be seen to special cases of the general framework. Derivations of expressions for the success probability are carried out under both the settings of the plaintexts being sampled with and without replacements. Finally, the complete picture of the dependence of the success probability on the data complexity is derived and it is argued that in most practical scenarios, the data complexity will be a monotone increasing function of the data complexity. We believe that compared to the extant literature, our work provides a deeper and more thorough understanding of the success probability of linear cryptanalysis.
We revisit the problem of whether the witness hiding property of classic 3-round public-coin proof systems for languages/distributions with unique witnesses are still witness hiding. Though strong black-box impossibility results are known for them, we provide some less unexpected positive results on the witness hiding security of classic protocols:

1. We develop an embedding technique and prove that the witness hiding property of the standalone Schnorr protocol based on a weaker version of one-more like discrete logarithm (DL) assumption asserting that, for an arbitrary constant $\ell$, it is infeasible for a PPT algorithm to solve $l$ DL instances with being restricted to query the DL oracle only once. Similar result holds for the Guillou-Quisquater protocol.

This improves over the positive result of Bellare and Palacio in that when applying their technique to the standalone setting, the underlying assumption is stronger and required to hold only for $\ell=2$.

2. Following the framework of Harnik and Naor, we introduce the notion of tailored instance compression to capture the essence of the known one-more like assumptions, which provides new insight into the hardness of one-more DL/RSA problems and allows us to reveal some strong consequences of breaking our weaker version of one-more like assumption,including zero knowledge protocols for the AND-DL and AND-RSA languages with extremely efficient communication and non-trivial hash combiner for hash functions based on DL problem.

These consequences can be viewed as positive evidences for the security of Schnorr and Guillou-Quisquater protocols.

3. We observe that the previously known impossibility results on the witness hiding of public-coin protocols for unique witness relation make certain restriction on the reduction. By introducing an input-distribution-switching technique, we bypass these known impossibility results and prove that, for any hard language $L$, if a distribution $(\mathbb{X}, \mathbb{W})$ over unique witness relation $R_{L}$ has an indistinguishable counterpart distribution over some multiple witnesses relation, then any witness indistinguishable protocols (including ZAPs and all known 3-round public-coin protocols, such as Blum protocol and GMW protocol) are indeed witness hiding for the distribution $(\mathbb{X}, \mathbb{W})$.

We also show a wide range of cryptographic problems with unique witnesses satisfy the ``if condition'' of this result, and thus admit constant-round public-coin witness hiding proof system.

This is the first positive result on the witness-hiding property of the classic protocols for non-trivial unique witness relations.
Job Posting Lecturer in Digital Security The University of Auckland, New Zealand
We are looking for a top early career academic to join our diverse and internationally renowned Department of Computer Science as a Lecturer in Digital Security. The position is part of an appealing environment of existing competencies within digital security which include undergraduate courses and a postgraduate programme and an internationally respected group of academics undertaking pure and applied research in this domain.

The successful appointee will have a PhD, demonstrated excellence in research, and a commitment to high quality research-informed teaching. The ideal candidate would have a research program that complements and builds on existing areas of strength within the department (

The scope of the search is digital security, broadly defined. We will be particularly interested in candidates who have developed techniques for digital forensics, security testing, or software obfuscation; or who have demonstrated expertise in security or privacy for mobile devices, cyber-physical systems (esp. Internet of Things), machine-to-machine systems, and big data systems.

The appointee will be expected to teach at undergraduate and postgraduate levels in their specialist area, at introductory levels more widely, and to engage in research and publication both personally and through the supervision of research students. The appointee would also be expected to seek research funding, to engage with the profession, and to contribute to departmental service.

This is a full time, permanent position based on the University of Auckland\'s city campus.


Please apply online at job code: 18586.

Applications close Thursday 25 May 2017.

Closing date for applications: 25 May 2017

Contact: Robert Amor

More information:

About Us

At Cloudflare, we have our eyes set on an ambitious goal: to help build a better Internet. Today, Cloudflare runs one of the world’s largest distributed networks that powers more than 1.5 trillion pageviews each month across 5 million Internet properties. More than 10 percent of all global Internet requests flow through Cloudflare’s network. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code.

About the Department

We are looking for a seasoned cryptography engineer for a development role in the Technology group. This role focuses on the implementation of cutting-edge cryptographic protocols for use at web scale in CloudFlare’s systems.

Candidates will have extensive experience in implementing real-world cryptographic protocols such as TLS. Substantial contributions to cryptographic software such as OpenSSL are preferred. Experience in Go, C, and assembly are required. Cryptography Engineers are expected to be familiar with the nuances of implementing public-key cryptography (PKI), side-channel attacks, padding oracles, constant-time implementations, and have deep domain knowledge.


B.S. or M.S. Computer Science or related field, or equivalent experience

Experience building security in a fast-paced, web-scale environment

Advance knowledge of networking protocols - TCP/IP, DNS, SMTP, BGP etc.

In-depth knowledge of authentication protocols, applied cryptography, PKI and SSL/TLS

Proficiency in these languages - Go, C, and x86/amd64 assembly

Knowledge of the latest attack trends, tools and the threat landscape

Proven track record of independently driving security projects in a fast-paced environment

Excellent communication skills on both technical and non-technical issues

Bonus Points

Substantial contributions to cryptography software such as OpenSSL

Experience with high throughput/low latency real-time systems and/or content delivery networks

Closing date for applications: 1 October 2017

Contact: Ed Burns

ed (at)

More information:

4 May 2017
Job Posting Lecturer in Digital Security University of Auckland, New Zealand
We are looking for a top early career academic to join our diverse and internationally renowned Department of Computer Science as a Lecturer in Digital Security. The position is part of an appealing environment of existing competencies within digital security which include undergraduate courses and a postgraduate programme and an internationally respected group of academics undertaking pure and applied research in this domain.

The successful appointee will have a PhD, demonstrated excellence in research, and a commitment to high quality research-informed teaching. The ideal candidate would have a research program that complements and builds on existing areas of strength within the department (

The scope of the search is digital security, broadly defined. We will be particularly interested in candidates who have developed techniques for digital forensics, security testing, or software obfuscation; or who have demonstrated expertise in security or privacy for mobile devices, cyber-physical systems (esp. Internet of Things), machine-to-machine systems, and big data systems.

Closing date for applications: 25 May 2017

Contact: Professor Robert Amor, Head of Department, trebor (at)

More information:

Job Posting Ph.D. and Post-Doc Positions Institute of Information Security, University of Stuttgart, Germany
The Institute of Information Security at University of Stuttgart offers several

Ph.D. and Postdoc Positions

in the fields

- System and Web Security,

- Services and Cloud Computing Security,

- Cryptography, e.g., in the context of electronic voting, and

- Formal Methods in Security.

The positions are available immediately and paid according to the German public salary scale TVL-E13 or TVL-E14, depending on the candidate’s qualification. Appointment periods follow the German Wissenschaftszeitvertragsgesetz (WissZeitVg).

The Institute for Information Security offers a creative international environment for top-level international and creative research in Germany’s high-tech region.

The successful candidate should have a Master’s degree or a Ph.D. (or should be very close to completion thereof) in Computer Science, Mathematics, Information Security, or a related field. We value strong analytical skills. Knowledge in one of the mentioned fields is an asset. Since some teaching is done in German, knowledge of German is required for positions that involve teaching.

The deadline for applications is

May 28th, 2017.

However, late applications will be considered until the positions are filled.

Closing date for applications: 28 May 2017

Contact: Prof. Ralf Küsters

ralf.kuesters (at)

More information:

Blacklistable anonymous credential systems provide service providers with a way to authenticate users according to their historical behaviors, while guaranteeing that all users can access services in an anonymous and unlinkable manner, thus are potentially useful in practice. Traditionally, to protect services from illegal access, the credential issuer, which completes the registration with users, must be trusted by the service provider. However, in practice, this trust assumption is usually unsatisfied. Besides, to better evaluate users, it is desired to use blacklists, which record historical behaviors of users, of other service providers, but currently, this will threaten the security unless a strong trust assumption is made. Another potential security issue in current blacklistable anonymous credential systems is the blacklist gaming attack, where the service provider attempt to compromise the privacy of users via generating blacklist maliciously.

In this paper, we solve these problems and present the decentralized blacklistable anonymous credential system with reputation, which inherits nearly all features of the BLACR system presented in Au (NDSS'12). However, in our new system, no trusted party is needed to register users. Moreover, blacklists from other service providers can be used safely in the new system assuming a minimal trust assumption holds. Besides, the new system is also partially resilient to the blacklist gaming attack. Technically, the main approach to solving these problems is a novel use of the blockchain technique, which serve as a public append-only ledger and are used to store credentials and blacklists. To simplify the construction, we also present a generic framework for constructing our new system. The general framework can be instantiated from three different types of cryptographic systems, including the RSA system, the classical DL system, and the pairing based system, and all these three types of instantiations can be supported simultaneously in the framework. To demonstrate the practicability of our system, we also give a proof of concept implementation for the instantiation under the RSA system. The experiment results indicate that when authenticating with blacklists of reasonable size, our implementation can fulfill practical efficiency demands, and when authenticating with empty blacklists, it is more efficient than that of Garman et al. (NDSS'14), which presents a decentralized anonymous credential system without considering revocation.
NewHope and NewHope-Simple are two recently proposed post-quantum key exchange protocols based on the hardness of the Ring-LWE problem. Due to their high security margins and performance, there have been already discussions and proposals for integrating them into Internet standards, like TLS, and anonymity network protocols, like Tor. In this work, we present time-constant and vector-optimized implementations of NewHope and NewHope-Simple for ARMv8-A 64-bit processors which target high-speed applications. This architecture is implemented in a growing number of smart phone and tablet processors, and features powerful 128-bit SIMD operations provided by the NEON engine. In particular, we propose the use of three alternative modular reduction methods, which allow to better exploit NEON parallelism by avoiding larger data types during the Number Theoretic Transform (NTT) and remove the need to transform input coefficients into Montgomery domain during pointwise multiplications. The NEON vectorized NTT uses a 16-bit unsigned integer representation and executes in only 18, 909 clock cycles on an ARM Cortex-A53 core. Our implementation improves previous assembly-optimized results on ARM NEON platforms by a factor of 3.4 and outperforms the C reference implementation on the same platform by a factor of 8.3. The total time spent on the key exchange was reduced by more than a factor of 3.5 for both protocols.
Fully homomorphic encryption allows cloud servers to evaluate any computable functions for clients without revealing any information. It attracts much attention from both of the scientific community and the industry since Gentry’s seminal scheme. Currently, the Brakerski- Gentry-Vaikuntanathan scheme with its optimizations is one of the most potentially practical schemes and has been implemented in a homomorphic encryption C++ library HElib. HElib supplies friendly interfaces for arithmetic operations of polynomials over finite fields. Based on HElib, Chen and Gong (2015) implemented arithmetic over encrypted integers. In this paper, we revisit the HElib-based implementation of homomorphically arithmetic operations on encrypted integers. Due to several optimizations and more suitable arithmetic circuits for homomorphic encryption evaluation, our implementation is able to homomorphically evaluate 64-bit addition/subtraction and 16-bit multiplication for encrypted integers without bootstrapping. Experiments show that our implementation outperforms Chen and Gong’s significantly.
ePrint Report Four Round Secure Computation without Setup Zvika Brakerski, Shai Halevi, Antigoni Polychroniadou
We construct a 4-round multi-party computation protocol for any functionality, which is secure against a malicious adversary. Our protocol relies on the sub-exponential hardness of the Learning with Errors (LWE) problem with polynomial noise ratio, and on the existence of adaptively secure commitments. Our round complexity matches a lower bound of Garg et al. (EUROCRYPT '16), and outperforms the state of the art of 6-rounds based on similar assumptions to ours, and 5-rounds relying on indistinguishability obfuscation.

Our construction takes after the multi-key FHE approach of Mukherjee-Wichs (EUROCRYPT '16) who constructed a 2-round semi-malicious protocol from LWE in the common random string (CRS) model. We show how to use a preliminary round of communication to replace the CRS, thus achieving 3-round semi-malicious security without setup. Adaptive commitments and zero-knowledge proofs are then used to compile the protocol into the fully malicious setting.
Yao's garbled circuit construction is a central cryptographic tool with numerous applications. In this tutorial, we study garbled circuits from a foundational point of view under the framework of randomized encoding (RE) of Functions. We review old and new constructions of REs, present some lower-bounds, and describe some applications. We will also discuss new directions and open problems in the foundations of REs.

This is a survey that appeared in a book of surveys in honor of Oded Goldreich's 60th birthday.

newer items   older items