## IACR News

Here you can see all recent updates to the IACR webpage. These updates are also available:

#### 27 February 2020

###### Santa Barbara, USA, 15 August 2020

Event CalendarSubmission deadline: 10 May 2020

Notification: 1 July 2020

###### University of Canterbury, School of Mathematics and Statistics, Christchurch, New Zealand

Job Posting**Closing date for applications:**

**Contact:** Prof. Felipe Voloch

**More information:** http://www.math.canterbury.ac.nz/~f.voloch/prospective.html

#### 26 February 2020

###### Beijing Intitute of Mathematical Sciences and Aplications, Beijing, China

Job Posting**BIMSA**

Beijing Institute of Mathematical Sciences and Applications (BIMSA) is a new research institution to be established and lead by Professor Shing-Tung Yau, a Fields medalist of 1982. Its location is in the Yanqi Lake area of Beijing where APEC 2014 was hosted. It was expected to launch by the end of March 2020.

**Program**

Advanced Cryptography and Blockchain Program will be one of the many research groups of BIMSA. It will be focused on:

- zero knowledge proofs (zk-SNARKs etc.)
- fully homomorphic encryption
- secure multiparty computation
- other related cryptographic schemes
- blockchain

with a combination of theoretical studies and practical implementations.

**Positions**

We have 20 open positions on all levels, with competitive compensation packages:

- Distinguished Research Professor
- Research Professor
- Associate Research Professor
- Assistant Research Professor (tenure-track)
- Visiting Research Professor
- Research Fellowship (postdoc)

We intend to build a strong and highly international team, participating in the mainstream of academic studies and industrial innovations worldwide.

**Closing date for applications:**

**Contact:** Prof. Kevin Mo

**More information:** http://ymsc.tsinghua.edu.cn/en/content/show/91-275.html https://www.mathjobs.org/jobs/jobs/14633 https://www.linkedin.co

###### Taipei, Taiwan, 20 August - 21 August 2020

Event CalendarSubmission deadline: 24 April 2020

Notification: 29 May 2020

###### Granada, Spain, 25 May - 29 May 2020

Event Calendar###### Koç University, İstanbul, Turkey

Job Posting**multiple openings**for summer research interns.

For summer research opportunities (at both

**undergraduate and graduate level**), visit

http://kusrp.ku.edu.tr

All applications must be completed online. Deadline is 29 March 2020.

For more information about joining our group and projects, visit

https://crypto.ku.edu.tr/work-with-us/

Application Requirements:

- CV
- 2 Recommendation Letters
- Official transcripts from all the universities attended
- Statement of Purpose
- Application Form filled online

**Closing date for applications:**

**Contact:** http://kusrp.ku.edu.tr

**More information:** http://kusrp.ku.edu.tr

###### Jihoon Kwon, Byeonghak Lee, Jooyoung Lee, and Dukjae Moon

ePrint ReportWe also propose a concrete instantiation of $\mathsf{FPL}$, dubbed $\mathsf{FPL}_{\mathsf{AES}}$, using (round-reduced) $\mathsf{AES}$ for the underlying table and probe functions. Our implementation shows that $\mathsf{FPL}_{\mathsf{AES}}$ provides stronger security without significant loss of efficiency, compared to existing schemes including $\mathsf{SPACE}$, $\mathsf{WhiteBlock}$ and $\mathsf{WEM}$.

#### 25 February 2020

###### Christopher Leonardi

ePrint Report###### Matthieu Monteiro, Kumara Kahatapitiya, Hassan Jameel Asghar, Kanchana Thilakarathna, Thierry Rakotoarivelo, Dali Kaafar, Shujun Li, Ron Steinfeld, Josef Pieprzyk

ePrint Report###### Samuel Bouaziz-Ermann, Sébastien Canard, Gautier Eberhart, Guillaume Kaim, Adeline Roux-Langlois, Jacques Traoré

ePrint Report###### Divesh Aggarwal, Maciej Obremski, João Ribeiro, Mark Simkin, Luisa Siniscalchi

ePrint ReportGiven the result above in the information-theoretic setting, we turn to studying two-source non-malleable extractors in the computational setting, namely in the CRS model first considered in (Garg, Kalai, Khurana, Eurocrypt 2020). We enforce that both the sampling process for the input sources and the tampering functions must be efficient, but we do not necessarily put such a constraint on the adversary distinguishing the output of the extractor from uniform. We obtain results about two-source non-malleable extractors in the CRS model under different types of hardness assumptions:

- Under standard assumptions, we show that small improvements upon state-of-the-art statistical two-source non-malleable extractors also yield explicit low-error two-source non-malleable extractors in the CRS model for low min-entropy against computationally unbounded distinguishers. Remarkably, all previous results on computational extractors require much stronger assumptions; - Under a quasi-polynomial hardness assumption, we give explicit constructions of low-error two-source non-malleable extractors in the CRS model with much lower min-entropy requirements than their best statistical counterparts, against a computationally bounded distinguisher; - Assuming the existence of nearly optimal collision-resistant hash functions, we give a simple explicit construction of a low-error two-source non-malleable extractors in the CRS model for very low min-entropy, against a computationally unbounded distinguisher.

###### Zvika Brakerski, Venkata Koppula, Tamer Mour

ePrint Report###### Onur Gunlu, Rafael F. Schaefer, H. Vincent Poor

ePrint Report###### Alex Lombardi, Vinod Vaikuntanathan, Daniel Wichs

ePrint ReportKnown constructions of ZAPs from trapdoor permutations or bilinear maps are only computationally WI (and statistically sound). Two recent results of Badrinarayanan-Fernando-Jain-Khurana-Sahai and Goyal-Jain-Jin-Malavolta [EUROCRYPT '20] construct the first statistical ZAP arguments, which are statistically WI (and computationally sound), from the quasi-polynomial LWE assumption. Here, we construct statistical ZAPR arguments from the quasi-polynomial decision-linear (DLIN) assumption on groups with a bilinear map. Our construction relies on a combination of several tools, including the Groth-Ostrovsky-Sahai NIZK and NIWI [EUROCRYPT '06, CRYPTO '06, JACM '12], ``sometimes-binding statistically hiding commitments'' [Kalai-Khurana-Sahai, EUROCRYPT '18] and the ``MPC-in-the-head'' technique [Ishai-Kushilevitz-Ostrovsky-Sahai, STOC '07].

###### Takanori Machida, Dai Yamamoto, Yuki Unno, Hisashi Kojima

ePrint Report###### Sanjam Garg, Shafi Goldwasser, Prashant Nalini Vasudevan

ePrint Report###### Hemanta K. Maji, Mingyuan Wang

ePrint ReportIn a seminal result, Moran, Naor, and Segev (TCC--2009) constructed the first optimal fair coin-tossing protocol using oblivious transfer protocols. Whether the existence of oblivious transfer protocols is a necessary computational hardness assumption for optimal fair coin-tossing remains one of the most fundamental open problems in theoretical cryptography. Results of Impagliazzo and Luby (FOCS--1989) and Cleve and Impagliazzo (1993) together imply that the existence of one-way functions is necessary for optimal fair coin-tossing. However, the sufficiency of the existence of one-way functions is not known.

Towards this research endeavor, our work proves a black-box separation of optimal fair coin-tossing from the existence of one-way functions. That is, the black-box use of one-way functions is unlikely to enable optimal fair coin-tossing. Following the standard Impagliazzo and Rudich (STOC--1989) approach, our work considers any $r$-message fair coin-tossing protocol in the random oracle model where the parties have unbounded computational power. We demonstrate a fail-stop attack strategy for one of the parties to alter the output distribution of the honest party by $1/\sqrt{r}$. Our result, therefore, proves that the $r$-message coin-tossing protocol of Blum (COMPCON--1982) and Cleve (STOC--1986), which uses one-way functions in a black-box manner, is qualitatively the best possible protocol.

Several previous works, for example, Dachman--Soled, Lindell, Mahmoody, and Malkin (TCC--2011), Haitner, Omri, and Zarosim (TCC--2013), and Dachman--Soled, Mahmoody, and Malkin (TCC--2014), made partial progress on this research problem by proving this black-box separation assuming some restrictions on the coin-tossing protocol. Our work diverges significantly from these previous approaches to prove this black-box separation in its full generality. The starting point is the recently introduced potential-based inductive proof techniques for demonstrating large gaps in martingales in the information-theoretic plain model. Our technical contribution lies in identifying a global invariant that enables the extension of this technique to the random oracle model.

###### Hamidreza Amini Khorasgani, Hemanta K. Maji, Hai H. Nguyen

ePrint ReportTwo parties begin with multiple independent samples from a correlated randomness source. Next, our objective is to investigate what forms of joint distributions can Alice and Bob securely simulate without any further communication. This offline preprocessing step fits perfectly within the offline-online paradigm of secure computation, which enables general secure computation even against parties with unbounded computational power.

One may interpret this concept as imbuing the notion of non-interactive simulation of joint distributions, which initiated from the seminal works of G\'acs and K\"orner (1972), and Wyner (1975), in information theory with cryptographic security. This concept is stronger than merely a secure version of non-interactive correlation distillation as introduced by Mossel, O’Donnell, Regev, Steif, and Sudakov (2004) because secure private keys alone do not suffice to facilitate general secure computation. Alternatively, secure non-interactive simulation is a natural restriction of performing cryptography with one-way communication introduced by Garg, Ishai, Kushilevitz, Ostrovsky, and Sahai (2015), which also serves as a naturally arising base case for inductively building cryptographic primitives with minimum communication complexity.

In this work, we study samples from (1) $\mathsf{BSS}(\epsilon)$, that is the joint distribution $(X,Y)$, where $X$ is a uniform random bit and $Y$ is correlated bit such that $X\neq Y$ with probability $\epsilon\in(0,1/2)$, and (2) $\mathsf{BES}(\epsilon)$, that is the joint distribution $(X,Y)$, where $X$ is a uniform random bit, and $Y=X$ with probability $(1-\epsilon)$; otherwise $Y=\perp$, where $\epsilon\in(0,1)$.

Note that the reverse hypercontractivity and hardness of cryptography with one-way messages both rule out the possibility of realizing any $\mathsf{BES}$ sample from $\mathsf{BSS}$ samples. This impossibility result carries over to our secure non-interactive simulation as well. Furthermore, we prove that it is also impossible to securely and non-interactively simulate samples of $\mathsf{BSS}$ from $\mathsf{BES}$ samples as well. Note that this impossibility result both in the setting of non-interactive simulation and cryptography with one-way communication remains open.

Next, we prove that we can simulate a sample of $\mathsf{BES}(\epsilon')$ from multiple samples of $\mathsf{BES}(\epsilon)$ if and only if $(1-\epsilon')=(1-\epsilon)^k,$ for some $k\in\mathbb{N}$. We proceed by proving that all secure constructions must be linear, and, after that, the rate of the simulation is at most $1/k$.

Finally, we show the existence of securely and non-interactively simulating a sample of $\mathsf{BSS}(\epsilon')$ from $\mathsf{BSS}(\epsilon)$ if and only if $(1-2\epsilon')=(1-2\epsilon)^k,$ for some $k\in\mathbb{N}$. Interestingly, there are linear as well as (comparatively inefficient) non-linear constructions.