IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
07 March 2018
Yongge Wang, Qutaibah m. Malluhi
Rohit Sinha, Mihai Christodorescu
We present VeritasDB, a key-value store that guarantees data integrity to the client in the presence of exploits or implementation bugs in the database server. VeritasDB is implemented as a network proxy that mediates communication between the unmodified client(s) and the unmodified database server, which can be any off-the-shelf database engine (e.g., Redis, RocksDB, Apache Cassandra). The proxy transforms each client request before forwarding it to the server and checks the correctness of the server's response before forwarding it to the client.
To ensure the proxy is trusted, we use the protections of modern trusted hardware platforms, such as Intel SGX, to host the proxy's code and trusted state, thus completely eliminating trust on the cloud provider. To maintain high performance in VeritasDB while scaling to large databases, we design an authenticated Merkle B+-tree that leverages features of SGX (modest amount of protected RAM, direct access to large unprotected RAM, and CPU parallelism) to implement several novel optimizations based on caching, concurrency, and compression. On standard YCSB and Visa transaction workloads, we observe an average overhead of 2.8x in throughput and 2.5x in latency, compared to the (insecure) system with no integrity checks --- using CPU parallelism, we bring the throughput overhead down to 1.05x.
Xiong Fan, Qiang Tang
We then consider the problem of hosting services in the untrusted cloud. Boneh, Gupta, Mironov, and Sahai (Eurocrypt 2014) first studied such application and gave a construction based on indistinguishability obfuscation. Their construction had the restriction that the number of corrupted clients has to be bounded and known. They left an open problem how to remove such restriction. We resolve this problem by applying our function private (distributed) public key functional encryption to the setting of hosting service in multiple clouds. Furthermore, our construction provides a much simpler and more flexible paradigm which is of both conceptual and practical interests. Along the way, we strengthen and simplify the security notions of the underlying primitives, including function secret sharing.
Zhengjun Cao, Jeffrey Uhlmann, Lihua Liu
Peter Gazi, Aggelos Kiayias, Alexander Russell
With the present statistical profile of blockchain protocols, the attack can be launched given a few years of prior blockchain operation; hence it is within the realm of feasibility for PoS protocols. Most importantly, it demonstrates how closely transaction fees and rewards are coupled with the security properties of PoS protocols. More broadly, our attack must be reflected and countered in any future PoS design that avoids checkpointing, as well as any effort to remove checkpointing from existing protocols. We describe several mechanisms for protecting against the attack that include context-sensitivity of transactions and chain density statistics.
Thang Hoang, Muslum Ozgur Ozmen, Yeongjin Jang, Attila A. Yavuz
Chris Culnane, Olivier Pereira, Kim Ramchen, Vanessa Teague
Adi Akavia, Dan Feldman, Hayim Shaul
We present the first algorithm for secure search that is realized by a polynomial of logarithmic degree (log m)^c for a small constant c>0. We implemented our algorithm in an open source library based on HElib, and ran experiments on Amazon's EC2 cloud with up to 100 processors. Our experiments show that we can securely search to retrieve database records in a rate of searching in millions of database records in less than an hour on a single machine.
We achieve our result by: (1) Designing a novel sketch that returns the first strictly-positive entry in a (not necessarily sparse) array of non-negative real numbers; this sketch may be of independent interest. (2) Suggesting a multi-ring evaluation of FHE -- instead of a single ring as in prior works -- and leveraging this to achieve an exponential reduction in the degree.
University of Tartu
We are starting a project in which we will develop methods for the verification of proofs in quantum cryptography. Similar to what the EasyCrypt tool does in classical cryptography. The scope of the project covers everything from the logical foundations, through the development of tools, to the verification of real quantum protocols.
The ideal candidate would have experience in:
- Semantics
- Theorem proving
- Verification of classical cryptography
- Quantum cryptography
- Quantum computation / communication
Of course, expertise in all those areas is very rare, so candidates who are strong in some of those areas and are interested in the others are encouraged to apply!
Please contact Dominique Unruh if you have more questions about the project, the required background, Estonia, the position itself, or the application process.
The salary range is 30000-36000 Euro per year (depending on experience), which is highly competitive in Estonia due to low costs of living and low income tax rate (20%), pension contributions and health insurance are covered by the employer.
The position is for three years, as soon as possible till August 31, 2020. The starting date and duration can be negotiated (in both directions).
To apply, please send the following documents to unruh (at) ut.ee:
- Curriculum vitae (please explain your scientific background)
- List of publications
- Research plan (i.e., how do you think you could contribute to the topic)
- At least two letters of reference (please ask for the letters to be sent directly to us)
- Phd degree
Closing date for applications: 31 March 2018
Contact: Dominique Unruh (unruh (at) ut.ee)
More information: https://crypto.cs.ut.ee/index.php/Main/PostdocInVerificationOfQuantumCryptography
Norwegian University of Science and Technology NTNU, Trondheim
seek to host new ERCIM postdoctoral researchers that can contribute to our research activities. In particular, we are seeking candidates working within the area of real-world cryptographic protocol problems applied to wireless and mobile technologies, including interests for experimental open-source software-defined radio.
We refer you to the general Call for ERCIM Post-Doc Fellowship, with deadline 30 April 2018. You apply at the web site https://fellowship.ercim.eu/ and indicate NTNU as your preferred host institution. Contract extension opportunities with NTNU may be sought.
Closing date for applications: 30 April 2018
Contact: Professor Stig F. Mjølsnes, Dep.Information Security and Communications, for further inquiries. sfm(at)ntnu.no
More information: https://fellowship.ercim.eu/
Cryptography, Security, and Privacy Research Group, Koç University, ?stanbul, Turkey
- For applying online, and questions about the application-process for M.Sc. and Ph.D. positions, visit
https://gsse.ku.edu.tr/en/admissions/application-requirements/
All applications must be completed online. Deadline is 1 June 2018.
- For summer research opportunities (at both undergraduate and graduate level), visit
http://kusrp.ku.edu.tr
All applications must be completed online. Deadline is 30 March 2018.
- For postdoctoral researcher positions, contact Asst. Prof. Alptekin Küpçü directly, including full CV, sample publications, a research proposal, and 2-3 reference letters sent directly by the referees.
http://home.ku.edu.tr/~akupcu
Dates are flexible.
Applications with missing documents will not be considered.
Closing date for applications: 1 June 2018
Contact: gsse (at) ku.edu.tr
More information: https://crypto.ku.edu.tr/join
06 March 2018
Brisbane, Australia, 2 December - 6 December 2018
Submission deadline: 11 May 2018
Notification: 3 August 2018
05 March 2018
Shai Halevi, Victor Shoup
Our techniques also reduce the size of the large public evaluation key, often using 33%-50% less space than the previous HElib implementation. We also implemented a new tradeoff that enables a drastic reduction in size, maybe a 25x factor or more for some parameters, paying only a 2-4x factor in runtime (and giving up some parallelization opportunities).
Indra Deep Mastan, Souradyuti Paul
In this paper, we devise an efficient method to link the sessions of unreachable nodes, even if they connect to the Bitcoin network over the Tor. We achieve this using a new approach based on organizing the block-requests made by the nodes in a Bitcoin session graph. This attack also works against the modified Bitcoin client. We performed experiments on the Bitcoin main network, and were able to link consecutive sessions with a precision of 0.90 and a recall of 0.71. We also provide counter-measures to mitigate the attacks.
Sudhakar Kumawat, Souradyuti Paul
In this paper, we give a new construction for ARS having the following properties: signature is constant-sized, secure in the standard model, and based on indistinguishability obfuscation iO and one-way functions. To the best of our knowledge, this is the first iO-based ARS scheme. Independent of this, our work can be viewed as a new application of puncturable programming and hidden sparse trigger techniques introduced by Sahai and Waters (STOC 2014) to design iO-based deniable encryption.
Neha Narula, Willy Vasquez, Madars Virza
This paper presents zkLedger, the first system to protect ledger participants' privacy and provide fast, provably correct auditing. Banks create digital asset transactions that are visible only to the organizations party to the transaction, but are publicly verifiable. An auditor sends queries to banks, for example "What is the outstanding amount of a certain digital asset on your balance sheet?" and gets a response and cryptographic assurance that the response is correct.
zkLedger has two important benefits over previous work. First, zkLedger provides fast, rich auditing with a new proof scheme using Schnorr-type non-interactive zero-knowledge proofs. Unlike zkSNARKs, our techniques do not require trusted setup and only rely on widely-used cryptographic assumptions. Second, zkLedger provides *completeness*; it uses a columnar ledger construction so that banks cannot hide transactions from the auditor, and participants can use rolling caches to produce and verify answers quickly.
We implement a distributed version of zkLedger that can produce provably-correct answers to auditor queries on a ledger with a hundred thousand transactions in less than 10 milliseconds.
Ron D. Rothblum, Adam Sealfon, Katerina Sotiraki
Our main result is a reduction from constructing NIZK proof systems for all of NP based on LWE, to constructing a NIZK proof system for a particular computational problem on lattices, namely a decisional variant of the Bounded Distance Decoding (BDD) problem. That is, we show that assuming LWE, every language L in NP has a NIZK proof system if (and only if) the decisional BDD problem has a NIZK proof system. This (almost) confirms a conjecture of Peikert and Vaikuntanathan (CRYPTO, 2008).
To construct our NIZK proof system, we introduce a new notion that we call prover-assisted oblivious ciphertext sampling (POCS), which we believe to be of independent interest. This notion extends the idea of oblivious ciphertext sampling, which allows one to sample ciphertexts without knowing the underlying plaintext. Specifically, we augment the oblivious ciphertext sampler with access to an (untrusted) prover to help it accomplish this task. We show that the existence of encryption schemes with a POCS procedure, as well as some additional natural requirements, suffices for obtaining NIZK proofs for NP. We further show that such encryption schemes can be instantiated based on LWE, assuming the existence of a NIZK proof system for the decisional BDD problem.
Jiangshan Yu, David Kozhaya, Jeremie Decouchant, Paulo Esteves-Verissimo
This paper proposes RepuCoin, the first system to provide guarantees even when more than 50% of the system's computing power is temporarily dominated by an attacker. RepuCoin defines a miner's power by its reputation as a function integrated over the entire blockchain, rather than through its sheer computing power which can be obtained relatively quickly and temporarily. As an example, after a single year of operation, RepuCoin can tolerate attacks compromising 51% of the network's computing resources, even if such power stays maliciously seized for almost a whole year.
Moreover, RepuCoin provides better resilience to known attacks, compared to existing PoW systems, while achieving a high throughput of 10000 transactions per second.
Brett Hemenway Falk, Daniel Noble, Rafail Ostrovsky
If each player has $m$ elements, our scheme requires only $O(m \lambda)$ communication between the parties, where $\lambda$ is a security parameter. This is the first protocol that to achieve PSI using only asymptotically linear communication under standard cryptographic assumptions and without Random Oracles. Our protocol also provides 10-15\% reduction in communication costs under real-world parameter choices.
Our protocol builds on the hashing-based PSI protocol of Pinkas et al. (USENIX 2014, USENIX 2015), but we replace one of the sub-protocols (handling the cuckoo ``stash'') with a special-purpose PSI protocol that is optimized for comparing sets of unbalanced size. This brings the asymptotic communication complexity of the overall protocol down from $\omega(\lambda m)$ to $O(m\lambda)$, and provides concrete performance improvements over the most efficient existing PSI protocols.
Our protocol is simple, generic and benefits from the permutation-hashing optimizations of Pinkas et al. (USENIX 2015) and the Batched, Relaxed Oblivious Pseudo Random Functions of Kolesnikov (CCS 2016).
Julia Hesse, Dennis Hofheinz, Lisa Kohl
We offer two results: the first ``somewhat tight'' NIKE scheme (with a reduction loss of n/2) that circumvents the lower bound of Bader et al., but is of course still far from tightly secure. Second, we provide a generalization of Bader et al.'s lower bound to a larger class of NIKE schemes (that also covers our NIKE scheme), with an adapted lower bound of n/2 on the reduction loss. Hence, in that sense, the reduction for our NIKE scheme is optimal.