IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
02 October 2023
Joan Daemen, Silvia Mella, Gilles Van Assche
In this work, we present authenticated encryption schemes for which we provably reduce their confidentiality, integrity and commitment security to the security of an underlying sponge function. In particular, we instantiate them with SHAKE128 and SHAKE256, offering 128 and 256 bits of security strength and based on the security claim in the SHA-3 standard FIPS 202. Cryptanalysis of reduced-round versions of SHA-3 and SHAKE functions suggests that the number of rounds can be divided by two without noticeable security degeneration, and this had lead to the definition of TurboSHAKE128 and TurboSHAKE256; hence we also instantiate our scheme with these functions, offering the same security strength at twice the speed. The AE schemes we propose therefore have the unique advantages that 1) their security is based on a security claim that has received a large amount of public scrutiny and that 2) it makes use of the standard Keccak-p permutation that has dedicated hardware support on more and more CPUs.
In more details, we build two online AE modes on top of a sponge function, in multiple layers. At the bottom layer, we use a variant of the duplex construction, referred to as overwrite duplex or OD for short, that uses an overwrite operation leading to a smaller state footprint. Our first AE mode is nonce-based and built using a variant of the SpongeWrap mode on top of OD, and security-equivalent to it. Our second AE mode makes use of the Deck-BO mode published at Asiacrypt 2022, an online version of a Synthetic Initial Value (SIV) authenticated encryption scheme. It requires a deck function that we build on top of the OD, again security-equivalent to it.
Simon Brown
Jiayu Zhang
Pascal Bemmann, Sebastian Berndt, Rongmao Chen
Jiayu Zhang
Chon Kit Lao, Rui Jiang, Luyao Zhang, Fan Zhang, Ye Wang
Mingjie Chen, Antonin Leroux
To instantiate our SCALLOP-HD group action, we introduce a new technique to apply Kani's Lemma in dimension 2 with an isogeny diamond obtained from commuting endomorphisms. This method allows one to represent arbitrary endomorphisms with isogenies in dimension 2, and may be of independent interest.
Chenglian Liu, Sonia Chien-I Chen
Khovayko O., Schelkunov D.
Houda Ferradi, Antoine Houssais, David Naccache
Paulo L. Barreto, Devin D. Reich, Marcos A. Simplicio Jr., Gustavo H. M. Zanon
Willy Quach, LaKyah Tyner, Daniel Wichs
The work of [ACM22] presented a lower bound on anonymous transfer, ruling out constructions with strong anonymity guarantees (where the adversary's advantage in identifying the sender is negligible) against arbitrary polynomial-time adversaries. They also provided a (heuristic) upper bound, giving a scheme with weak anonymity guarantees (the adversary's advantage in identifying the sender is inverse in the number of rounds) against fine-grained adversaries whose run-time is bounded by some fixed polynomial that exceeds the run-time of the honest users. This leaves a large gap between the lower bound and the upper bound, raising the intriguing possibility that one may be able to achieve weak anonymity against arbitrary polynomial time adversaries, or strong anonymity against fine grained adversaries.
In this work, we present improved lower bounds on anonymous transfer, that rule out both of the above possibilities: - We rule out the existence of anonymous transfer with any non-trivial anonymity guarantees against general polynomial time adversaries. - Even if we restrict ourselves to fine-grained adversaries whose run-time is essentially equivalent to that of the honest parties, we cannot achieve strong anonymity, or even quantitatively improve over the inverse polynomial anonymity guarantees (heuristically) achieved by [ACM22].
Consequently, constructions of anonymous transfer can only provide security against fine-grained adversaries, and even in that case they achieve at most weak quantitative forms of anonymity.
Renas Bacho, Julian Loss, Stefano Tessaro, Benedikt Wagner, Chenzhi Zhu
In this work, we propose Twinkle, a new threshold signature scheme in the pairing-free setting which overcomes these limitations. Twinkle is the first pairing-free scheme to have a security proof under up to $t$ adaptive corruptions without relying on the algebraic group model. It is also the first such scheme with a security proof under adaptive corruptions from a well-studied non-interactive assumption, namely, the Decisional Diffie-Hellman (DDH) assumption.
We achieve our result in two steps. First, we design a generic scheme based on a linear function that satisfies several abstract properties and prove its adaptive security under a suitable one-more assumption related to this function. In the context of this proof, we also identify a gap in the security proof of Sparkle and develop new techniques to overcome this issue. Second, we give a suitable instantiation of the function for which the corresponding one-more assumption follows from DDH.
Daniel Smith-Tone
Worcester Polytechnic Institute, Worcester MA
Qualifications:
- A solid understanding of the hardware design flow, from system-level down to gate-level, is essential for this position.
- Previous experience in IC tape-out, cryptographic engineering, and implementation attacks is considered a strong advantage.
Inquiries are welcome. Formal applications should go to https://gradapp.wpi.edu/apply/
Closing date for applications:
Contact: Patrick Schaumont (pschaumont@wpi.edu)
Eindhoven University of Technology, Eindhoven, The Netherlands
We have an opening for a two-year (1+1) postdoc position in the applied and provable security (APS) group at Eindhoven University of Technology (TU/e). The APS group is working on provable security of cryptographic primitives and protocols considering quantum adversaries as well as the machine checking of such proofs. Recent works range from proposing new NIST standards (SPHINCS+) to new post-quantum secure communication protocols (PQWireGuard, PQNoise), and the formal verification of proofs for recent NIST standards and proposals (XMSS, Dilithium, Saber) in EasyCrypt. The group currently consists of two tenured professors and four PhD students.
The position is funded by a talent program grant of the Dutch Science Foundation (NWO). The successful candidate will carry out independent research in one of the research areas covered by the APS group under the supervision of Andreas Hülsing.
Applicants must hold a PhD and have a background in one of the topics related to the intended research area, including but not limited to: Cryptography, formal methods, or quantum information theory. This background should be demonstrated by relevant publications.
To apply, please visit https://jobs.tue.nl/en/vacancy/postdoc-applied-and-provable-security-1029137.htmlClosing date for applications:
Contact: Andreas Huelsing (email a.t.huelsing[at]tue.nl)
More information: https://jobs.tue.nl/en/vacancy/postdoc-applied-and-provable-security-1029137.html
30 September 2023
Abu Dhabi, Vereinigte Arabische Emirate, 5 March - 8 March 2024
Submission deadline: 15 November 2023
Notification: 22 December 2023