Here you can see all recent updates to the IACR webpage. These updates are also available:
30 September 2020
Shoei Nashimoto, Daisuke Suzuki, Rei Ueno, Naofumi HommaePrint Report
Architecture Correlation Analysis (ACA): Identifying the Source of Side-channel Leakage at Gate-level
Yuan Yao, Tarun Kathuria, Baris Ege, Patrick SchaumontePrint Report
Mark ZhandryePrint Report
Cecilia Boschini, Jan Camenisch, Max Ovsiankin, Nicholas SpoonerePrint Report
Karim Baghery, Alonso González, Zaira Pindado, Carla RàfolsePrint Report
Navid Alamati, Luca De Feo, Hart Montgomery, Sikhar PatranabisePrint Report
In this work, we propose a new framework based on group actions that enables the easy usage of a variety of isogeny-based assumptions. Our framework generalizes the works of Brassard and Yung (Crypto90) and Couveignes (Eprint06). We provide new definitions for group actions endowed with natural hardness assumptions that model isogeny-based constructions amenable to group actions such as CSIDH and CSI-FiSh.
We demonstrate the utility of our new framework by leveraging it to construct several primitives that were not previously known from isogeny-based assumptions. These include smooth projective hashing, dual-mode PKE, two-message statistically sender-private OT, and Naor-Reingold style PRF. These primitives are useful building blocks for a wide range of cryptographic applications.
We introduce a new assumption over group actions called Linear Hidden Shift (LHS) assumption. We then present some discussions on the security of the LHS assumption and we show that it implies symmetric KDM-secure encryption, which in turn enables many other primitives that were not previously known from isogeny-based assumptions.
David Lanzenberger, Ueli MaurerePrint Report
Zvika Brakerski, Pedro Branco, Nico Döttling, Sanjam Garg, Giulio MalavoltaePrint Report
Zvika Brakerski, Nico DöttlingePrint Report
For standard LWE (not over rings) entropic results are known, using a ``lossiness approach'' but it was not known how to adapt this approach to the ring setting. In this work we present the first such results, where entropic security is established either under RLWE or under the Decisional Small Polynomial Ratio (DSPR) assumption which is a mild variant of the NTRU assumption.
In the context of general entropic distributions, our results in the ring setting essentially match the known lower bounds (Bolboceanu et al., Asiacrypt 2019; Brakerski and DÃ¶ttling, Eurocrypt 2020).
Robert RansomePrint Report
One class of signature protocols, based on the parallel composition of many runs of one or more interactive cut-and-choose protocols, can be modified to enable constant-time verification at low cost by fixing the multiset of challenges which will be chosen at the cut-and-choose step and randomizing only their order based on the hash of the input message. As a side benefit, this technique naturally makes the size and structure of signatures a fixed system parameter, even if the underlying cut-and-choose protocol has different response sizes for each possible challenge at the cut-and-choose step.
When applied to a 5-pass $q2$ interactive protocol, this technique requires essentially no extra rounds due to how fixed-weight binary vectors interact with the Kales--Zaverucha structural attack. Alternatively, when the data which must be transmitted for one of the two possible challenge values is significantly shorter than the other, or can be made so using standard and/or specialized compression techniques, a longer, lower-weight challenge vector can be used to obtain shorter signatures at the cost of more rounds of the underlying interactive protocol, with a much shallower computation-vs.-size tradeoff than the precomputation tree approach used in Picnic2, MUDFISH, and SUSHSYFISH.
As an example, these techniques reduce MQDSS signatures to under 15 kB and PKP-DSS signatures to under 14 kB with NIST Category 1 security against both secret key recovery and signature forgery. Further improvements in design and parameters allow PKP-DSS signatures under 10 kB with a security level and performance acceptable for almost all interactive authentication.
The asymptotic ROM proof of security published with MQDSS remains applicable to the optimized system, but the QROM proofs by Don et al. turn out to be invalid even for unmodified MQDSS.
Vadim Lyubashevsky, Ngoc Khanh Nguyen, Gregor SeilerePrint Report
Amos Beimel, Iftach Haitner, Kobbi Nissim, Uri StemmerePrint Report
Focusing on the round complexity of the shuffle model, we ask in this work what can be computed in the shuffle model of differential privacy with two rounds. Ishai et al. showed how to use one round of the shuffle to establish secret keys between every two parties. Using this primitive to simulate a general secure multi-party protocol increases its round complexity by one. We show how two parties can use one round of the shuffle to send secret messages without having to first establish a secret key, hence retaining round complexity. Combining this primitive with the two-round semi-honest protocol of Applebaum, Brakerski, and Tsabary [TCC 2018], we obtain that every randomized functionality can be computed in the shuffle model with an honest majority, in merely two rounds. This includes any differentially private computation.
We hence move to examine differentially private computations in the shuffle model that (i) do not require the assumption of an honest majority, or (ii) do not admit one-round protocols, even with an honest majority. For that, we introduce two computational tasks: common element, and nested common element with parameter $\alpha$. For the common element problem we show that for large enough input domains, no one-round differentially private shuffle protocol exists with constant message complexity and negligible $\delta$, whereas a two-round protocol exists where every party sends a single message in every round. For the nested common element we show that no one-round differentially private protocol exists for this problem with adversarial coalition size $\alpha n$. However, we show that it can be privately computed in two rounds against coalitions of size $cn$ for every $c < 1$. This yields a separation between one-round and two-round protocols. We further show a one-round protocol for the nested common element problem that is differentially private with coalitions of size smaller than $c n$ for all $0 < c < \alpha < 1 / 2$.
Siam Hussain, Baiyu Li, Farinaz Koushanfar, Rosario CammarotaePrint Report
Ricardo Moura, David R. Matos, Miguel Pardal, Miguel CorreiaePrint Report
Shweta Agrawal, Daniel Wichs, Shota YamadaePrint Report
Our construction combines three building blocks: a (computational) nearly linear secret sharing scheme with compact shares which we construct from LWE, an inner-product functional encryption scheme with special properties which is constructed from the bilinear Matrix Decision Diffie Hellman (MDDH) assumption, and a certain form of hyperplane obfuscation, which is constructed using the KOALA assumption. While similar to that of Agrawal and Yamada, our construction provides a new understanding of how to decompose the construction into simpler, modular building blocks with concrete and easy-to-understand security requirements for each one. We believe this sheds new light on the requirements for optimal broadcast encryption, which may lead to new constructions in the future.
Tomoki Kawashima, Katsuyuki Takashima, Yusuke Aikawa, Tsuyoshi TakagiePrint Report
Hao Guo, Siwei Sun, Danping Shi, Ling Sun, Yao Sun, Lei Hu, Meiqin WangePrint Report
27 September 2020
University of St. Gallen, SwitzerlandJob Posting
Research area: Research areas include but are not limited to:
- Verifiable computation
- Secure Multi Party Computation
- Privacy-preserving authentication
- Cryptographic primitives
- A MsC degree in Computer Science, Applied Mathematics or a relevant field;
- Strong mathematical and algorithmic CS background;
- Good skills in programming is beneficial;
- Excellent written and verbal communication skills in English
Starting date: Fall 2020 or by mutual agreement
Closing date for applications:
Contact: Katerina Mitrokotsa
IMDEA Software Institute, Madrid, SpainJob Posting
The IMDEA Software Institute invites applications for tenure-track (Assistant Professor) positions. We are primarily interested in excellent candidates in Systems, including Distributed Systems, Embedded Systems, etc.; Data Science, including machine learning; Security and Privacy; Software Engineering>; and Cyber-Physical Systems. Exceptional candidates in other topics within the research areas of the Institute will also be considered. Tenured-level (Associate and Full Professor) applications are also welcome.
The primary mission of the IMDEA Software Institute is to perform research of excellence at the highest international level in the area of software development technologies. It is one of the highest ranked institutions worldwide in its main topic areas.
All positions require a doctoral degree in CS or closely related area, earned by the expected start date. Candidates for tenure-track positions will have shown exceptional promise in research and ability to work independently as well as collaboratively. Candidates for tenured positions must have an outstanding research record, recognized international stature, and demonstrated leadership. Experience in graduate student supervision is also valued at this level.
For full consideration, complete applications must be received by December 1, 2020 but will continue to be accepted until the positions are filled.
The institute is located in the vibrant area of Madrid, Spain. It offers an ideal working environment, combining the best aspects of a research center and a university department. The institute offers institutional funding and also encourages participation in national and international research projects. The working language at the institute is English.
Salaries at the Institute are internationally competitive, established on an individual basis, and include social security provisions, and in particular access to an excellent public health care system.
COVID Note: The Institute continues working and hiring, while strictly adopting all recommended hea
Closing date for applications:
More information: https://software.imdea.org/open_positions/call_for_faculty.html
Information Security Group, Royal Holloway, University of London, UKJob Posting
The PDRA will work alongside Dr. Martin Albrecht, Dr. Rachel Player and other cryptographic researchers at Royal Holloway on topics in lattice-based cryptography. This post is part of the EU H2020 PROMETHEUS project (http://prometheuscrypt.gforge.inria.fr) for building privacy preserving systems from advanced lattice primitives. Our research focus within this project is on cryptanalysis and implementations, but applicants with a strong background in other areas such as protocol/primitive design are also encouraged to apply.
Closing date for applications:
Contact: Martin Albrecht