IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
03 August 2018
Paul Crowley , Eric Biggers
ePrint Report02 August 2018
University of Twente, Enschede, the Netherlands
Job PostingCybersecurity (broadly conceived) is by all means among the topics of interest!
The full announcement of these positions can be found here:
https://www.utwente.nl/en/organization/careers/vacancy/!/421417/6-assistantassociate-professors-and-lecturers-in-computer-science
Closing date for applications: 31 August 2018
More information: https://www.utwente.nl/en/organization/careers/vacancy/
University of Tartu, Estonia
Job PostingWe expect candidates to be able to develop and devote significant time to their own research agenda around the theme of the project. Successful candidates will help to design and evaluate privacy-enhancing cryptographic techniques for blockchains (e.g., SNARKs) and perform other research duties to help with the project, collaborate with partners and ensure the smooth administration of the project including the timely delivery of research output.
The EU H2020 project PRIViLEDGE requires travel to and collaboration with colleagues throughout the European Union. Full travel and equipment budget is available to support the activities of the project.
For any inquiries or to apply for the positions, submit a full research curriculum-vitae (cv), names of two references, and a research statement to Prof Helger Lipmaa (firstname.lastname (at) ut.ee) clearly indicating the position sought. This is crucial since we have several open positions.
The project started from January 1, 2018, and will last for three years. In the case of interest, the candidates may later seek further employment (the group has other projects, some of which have a later ending date) but this is not necessarily guaranteed. The position will stay open until we find a suitable candidate; please apply early.
Closing date for applications: 1 September 2018
Contact: Helger Lipmaa
More information: https://crypto.cs.ut.ee/index.php/Projects/PRIViLEDGE
Bogotá, Colombia, 5 June - 7 June 2019
Event CalendarSubmission deadline: 22 January 2019
Notification: 22 March 2019
01 August 2018
Evgenios M. Kornaropoulos, Charalampos Papamanthou, Roberto Tamassia
ePrint ReportAs a first step, we perform a theoretical feasibility study on exact reconstruction, i.e., recovery of the exact plaintext values of the encrypted database. For ordered responses, we show that exact reconstruction is feasible if the attacker has additional access to some auxiliary information that is normally not available in practice. For unordered responses, we prove that exact reconstruction is impossible due to the infinite number of valid reconstructions. As a next step, we propose practical and more realistic approximate reconstruction attacks so as to recover an approximation of the plaintext values. For ordered responses, we show that after observing enough query responses, the attacker can approximate the clients encrypted database with considerable accuracy. For unordered responses we characterize the set of valid reconstructions as a convex polytope in a k-dimensional space and present a rigorous attack that reconstructs the plaintext database with bounded approximation error.
As multidimensional spatial data can be efficiently processed by mapping it to one dimension via Hilbert curves, we demonstrate our approximate reconstruction attacks on privacy-sensitive geolocation data. Our experiments on real-world datasets show that our attacks reconstruct the plaintext values with relative error ranging from 2.9% to 0.003%.
Koji Nuida
ePrint Report- There are a secure and correct public key encryption (PKE) scheme (with negligible decryption error probability) and a secure PRG satisfying that, implementing the key generation algorithm by using the PRG makes the scheme incorrect. The reason of this phenomenon is that, the standard formulation of correctness of PKE schemes does in general not imply that erroneous keys (that yield non-negligible decryption error probability for some plaintext) are efficiently detectable.
- There are a secure and correct PKE scheme and a PRG secure against uniform distinguishers, satisfying that, implementing the encryption algorithm by using the PRG makes the scheme incorrect. The reason of this phenomenon is that, when a PKE scheme is incorrect, a plaintext that yields non-negligible decryption error probability is in general not efficiently samplable by a uniform algorithm; hence security of the PRG against non-uniform distinguishers is required. We also discuss a possibility to avoid the reliance on PRGs secure against non-uniform distinguishers.
Heiko Lohrke, Shahin Tajik, Thilo Krachenfels, Christian Boit, Jean-Pierre Seifert
ePrint ReportBenoît Libert, San Ling, Khoa Nguyen, Huaxiong Wang
ePrint ReportMohamed Ahmed Abdelraheem, Tobias Andersson, Christian Gehrmann, Cornelius Glackin
ePrint ReportJean-Charles Faugère, Eliane Koussa, Gilles Macario-Rat, Jacques Patarin, Ludovic Perret
ePrint ReportAnne Canteaut, Léo Perrin
ePrint ReportIn this paper, we characterize CCZ-equivalence as a property of the zeroes in the Walsh spectrum of a function $F : \mathbb{F}_2^{n} \to \mathbb{F}_2^{m}$ or, equivalently, of the zeroes in its Difference Distribution Table. We use this framework to show how to efficiently upper bound the number of distinct EA-equivalence classes in a given CCZ-equivalence class. More importantly, we prove that it is possible to go from a specific member of any EA-equivalence class to a specific member of another EA-equivalence class in the same CCZ-equivalence class using an operation called \emph{twisting}; so that CCZ-equivalence can be reduced to the association of EA-equivalence and twisting. Twisting a function is a simple process and its possibility is equivalent to the existence of a particular decomposition of the function considered. Using this knowledge, we revisit several results from the literature on CCZ-equivalence and show how they can be interpreted in light of our new framework.
Our results rely on a new concept, the ``thickness'' of a space (or linear permutation), which can be of independent interest.
Dan Boneh, Benedikt B\"unz, Ben Fisch
ePrint ReportKallepu Raju, Appala Naidu Tentuand, V. Ch. Venkaiah
ePrint ReportMegha Byali, Arun Joseph, Arpita Patra, Divya Ravi
ePrint ReportAssuming the minimal model of pairwise-private channels, we present two protocols that involve computation and communication of a single GC-- (a) a 4-round 3PC with fairness, (b) a 5-round 4PC with guaranteed output delivery. Empirically, our protocols are on par with the best known 3PC protocol of Mohassel et al. [CCS 2015] that only achieves security with selective abort, in terms of the computation time, LAN runtime, WAN runtime and communication cost. In fact, our 4PC outperforms the 3PC of Mohassel et al. significantly in terms of per-party computation and communication cost. With an extra GC, we improve the round complexity of our 4PC to four rounds. The only 4PC in our setting, given by Ishai et al. [CRYPTO 2015], involves 12 GCs.
Assuming an additional broadcast channel, we present a 5-round 3PC with guaranteed output delivery that involves computation and communication of a single GC. A broadcast channel is inevitable in this setting for achieving guaranteed output delivery, owing to an impossibility result in the literature. The overall broadcast communication of our protocol is nominal and most importantly, is independent of the circuit size. This protocol too induces a nominal overhead compared to the protocol of Mohassel et al.
Vanessa Vitse
ePrint ReportIn this article, we propose a new simple oblivious transfer (OT) protocol, based on the Diffie-Hellman key exchange, that only uses exponentiations; we also revisit the older Wu-Zhang-Wang scheme. Both protocols can be directly instantiated on fast Kummer varieties; more importantly, they can also be transposed in the post-quantum SIDH setting. The security of our proposals relies on the hardness of non-standard versions of the (supersingular) Diffie-Hellman problem, that are investigated within this article. To the best of our knowledge, these protocols are the simplest secure discrete-log based OT schemes using only exponentiations, and the first isogeny-based OT schemes.
Alexandre Adomnicai, Jacques J.A. Fournier, Laurent Masson
ePrint ReportElette Boyle, Niv Gilboa, Yuval Ishai
ePrint ReportFSS schemes are useful for applications that involve privately reading from or writing to distributed databases while minimizing the amount of communication. These include different flavors of private information retrieval (PIR), as well as a recent application of DPF for large-scale anonymous messaging. We improve and extend previous results in several ways:
- Simplified FSS constructions. We introduce a tensoring operation for FSS which is used to obtain a conceptually simpler derivation of previous constructions and present our new constructions.
- Improved 2-party DPF. We reduce the key size of the PRG-based DPF scheme of Boyle et al. roughly by a factor of 4 and optimize its computational cost. The optimized DPF significantly improves the concrete costs of 2-server PIR and related primitives.
- FSS for new function families. We present an efficient PRG-based 2-party FSS scheme for the family of decision trees, leaking only the topology of the tree and the internal node labels. We apply this towards FSS for multi-dimensional intervals. We also present a general technique for obtaining more expressive FSS schemes by increasing the number of parties.
- Verifiable FSS. We present efficient protocols for verifying that keys $(k^*_1,\ldots,k^*_m)$, obtained from a potentially malicious user, are consistent with some $f\in\mathcal F$. Such a verification may be critical for applications that involve private writing or voting by many users.
Paul Bunn, Jonathan Katz, Eyal Kushilevitz, Rafail Ostrovsky
ePrint ReportAs a building block of independent interest, we construct a 3-server distributed point function with security against two colluding servers that is simpler and has better concrete efficiency than prior work.