IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
31 August 2018
Vladimir Kolesnikov
Instead, we consider garbling that allows evaluating one of a given set S of circuits. We show how to evaluate one of the circuits in S at the communication cost comparable to that of evaluating the largest circuit in S. In other words, we show how to omit generating and sending inactive GC branches. Our main insight is that a garbled circuit is just a collection of garbled tables, and as such can be reused to emulate the throw-away computation of an inactive execution branch without revealing to the Evaluator whether it evaluates active or inactive branch.
This cannot be proven within the standard BHR garbled circuits framework because the function description is inseparable from the garbling by denition. We carefully extend BHR in a general way, introducing topology-decoupling circuit garbling. We preserve all existing constructions and proofs of the BHR framework, while allowing this and other future constructions which may treat garbled tables separately from function description.
Our construction is presented in the semi-honest model.
Marcos A. Simplicio Jr., Eduardo Lopes Cominetti, Harsh Kupwade Patil, Jefferson E. Ricardini, Leonardo T. D. Ferraz, Marcos Vinicius M. Silva
Hao Chen, Zhicong Huang, Kim Laine, Peter Rindal
Zhongxiang Zheng, Guangwu Xu, Chunhuan Zhao
1. \[ \eta_{\varepsilon}(\mathbb{Z}) \le \sqrt{\frac{\ln \big(\frac{\varepsilon}{44}+\frac{2}{\varepsilon}\big)}{\pi}}. \]
2. For a lattice ${\cal L}\subset \mathbb{R}^n$ of dimension $n$, \[ \eta_{\varepsilon}({\cal L}) \le \sqrt{\frac{\ln \big(n-1+\frac{2n}{\varepsilon}\big)}{\pi}}\tilde{bl}({\cal L}). \]
Carl Bootland, Wouter Castryck, Ilia Iliashenko, Frederik Vercauteren
ByeongHak Lee, Jooyoung Lee
Yu Long Chen, Bart Mennink, Mridul Nandi
Michael Meyer, Steffen Reith
Yu Chen, Yuyu Wang, Hong-sheng Zhou
We build leakage-resilient weak pseudorandom functions (PRFs) from weak puncturable PRFs and $\iO$, which readily imply leakage-resilient secret-key encryption.
We build leakage-resilient publicly evaluable pseudorandom functions (PEPRFs) from puncturable PEPRFs and $\iO$, which readily imply leakage-resilient key encapsulation mechanism and thus public-key encryption. As a building block of independent interest, we realize puncturable PEPRFs from either new puncturable objects including puncturable trapdoor functions and puncturable extractable hash proof systems or existing puncturable PRFs with $\iO$.
We construct the first leakage-resilient public-coin signature from selective puncturable PRFs, leakage-resilient one-way functions and $\iO$. This settles the open problem posed by Boyle, Segev and Wichs (Eurocrypt 2011).
By further assuming the existence of lossy functions, all the above constructions achieve optimal leakage rate of $1-o(1)$. Such a leakage rate is not known to be achievable for weak PRFs, PEPRFs and public-coin signatures before.
Rajani Singh, Ashutosh Dhar Dwivedi, Gautam Srivastava
Rafael del Pino, Vadim Lyubashevsky, Gregor Seiler
A key component of our construction is a new zero-knowledge proof system for proving that a committed value belongs to a particular set of small size. The sets for which our proofs are applicable are exactly those that contain elements that remain stable under Galois automorphisms of the underlying cyclotomic number field of our lattice-based protocol. We believe that these proofs will find applications in other settings as well.
The motivation of the new zero-knowledge proof in our construction is to allow the efficient use of the selectively-secure signature scheme (i.e. a signature scheme in which the adversary declares the forgery message before seeing the public key) of Agrawal et al. (Eurocrypt 2010) in constructions of lattice-based group signatures and other privacy protocols. For selectively-secure schemes to be meaningfully converted to standard signature schemes, it is crucial that the size of the message space is not too large. Using our zero-knowledge proofs, we can strategically pick small sets for which we can provide efficient zero-knowledge proofs of membership.
Katerina Sotiraki, Manolis Zampetakis, Giorgos Zirdelis
In order to give intuition behind our reduction for constrained-SIS, we identify another PPP-complete problem with a circuit in the input but closely related to lattice problems. We call this problem BLICHFELDT and it is the computational problem associated with Blichfeldt's fundamental theorem in the theory of lattices.
Building on the inherent connection of PPP with collision-resistant hash functions, we use our completeness result to construct the first natural hash function family that captures the hardness of all collision-resistant hash functions in a worst-case sense, i.e. it is natural and universal in the worst-case. The close resemblance of our hash function family with SIS, leads us to the first candidate collision-resistant hash function that is both natural and universal in an average-case sense.
Finally, our results enrich our understanding of the connections between PPP, lattice problems and other concrete cryptographic assumptions, such as the discrete logarithm problem over general groups.
Wei Yin, Qiaoyan Wen, Kaitai Liang, Zhenfei Zhang, Liqun Chen, Hanbing Yan, Hua Zhang
Shenzhen, China, 29 November - 1 December 2018
Submission deadline: 30 September 2018
Notification: 10 October 2018
IBM Research - Zurich
Candidates for both types of openings are required to have a Ph.D. in Computer Science, Mathematics, or a related area by the time of appointment and an outstanding research record, demonstrated in the form of publications at top cryptography or security conferences (Crypto, Eurocrypt, CCS, S&P, ...).
The ideal applicant for an RSM position is someone with demonstrated ability to perform top notch independent work, who is also keen on pursuing joint research directions with the current members of the group. The possibility of establishing one's own research team, including Ph.D. students and post-docs, would also be supported.
Particular topics of interest include (but are not limited to):
- Verifiable computing and zero-knowledge proofs
- Foundations & solutions for real-world cryptography
- Privacy-enhancing technologies
The cryptography and privacy group at IBM Research - Zurich offers an exciting research environment with the ability to cooperate with researchers working on various aspects of security and cryptography, including lattice-based cryptography, provably secure protocol design, blockchain, and system security.
Cooperation with other academic and industry researchers outside IBM, as well as acquisition of external research funding, e.g., European grants (including the ERC) is also possible and encouraged.
The positions offer a very competitive salary and the opportunity to live in the Zurich area, which is consistently ranked as one of the top 5 cities with the best quality of life.
Review of applications will begin mid-September and continue until the positions are filled. Ideally, the successful applicants would start in the beginning of 2019, but other possibilities can be negotiated.
Closing date for applications:
Contact: For informal enquiries please contact:
? Anja Lehmann (anj (at) zurich.ibm.com) and/or
? Vadim Lyubashevsky (vad (at) zurich.ibm.com).
To apply, please send your CV, including contact information for three references, to cryptojobs (at) zurich.ibm.com
29 August 2018
Information Security Group (ISG), Royal Holloway University of London
Applications are invited for the post of Lecturer (teaching focussed) in the Information Security Group at Royal Holloway, University of London. The post is for 12 months and covers a period of parental leave.
The post holder will contribute to the creation and/or revision, delivery and assessment of postgraduate (MSc) and undergraduate teaching modules across a wide range of topics in the field of information/cyber security.
Applicants should have a Ph.D. in a relevant subject or equivalent and have a sound knowledge of information/cyber security. Applicants should be able to demonstrate an enthusiasm for teaching and communicating with diverse audiences, as well as show an awareness of contemporary issues relating to cyber security. See the URL for more details. The URL has a link to the online application form.
Closing date for applications: 2 September 2018
Contact:
Peter Komisarczuk
Email peter.komisarczuk (at) rhul.ac.uk
More information: https://jobs.royalholloway.ac.uk/vacancy.aspx?ref=0818-321
27 August 2018
Yael Kalai, Omer Paneth, Lisa Yang
The soundness of our scheme relies on the assumption that there exists a group with a bilinear map, such that given group elements $g,h,h^t,h^{t^2},$ it is hard to output $g^a,g^b,g^c$ and $h^a,h^b,h^c$ such that $a \cdot t^2 + b \cdot t + c = 0$, but $a,b,c$ are not all zero.
Previously, such a result was only known under knowledge assumptions (or in the Random Oracle model), or under non-standard assumptions related to obfuscation or zero-testable homomorphic encryption.
We obtain our result by converting the interactive delegation scheme of Goldwasser, Kalai and Rothblum (J. ACM 2015) into a publicly verifiable non-interactive one. As a stepping stone, we give a publicly verifiable non-interactive version of the sum-check protocol of Lund, Fortnow, Karloff, Nisan (J. ACM 1992).
Matilda Backendal, Mihir Bellare, Jessica Sorrell, Jiahao Sun
Brandon Goodell, Sarang Noether
Muhammed F. Esgin, Ron Steinfeld, Amin Sakzad, Joseph K. Liu, Dongxi Liu
Our work resolves an open problem mentioned by Libert et al. (EUROCRYPT '16) of how to efficiently adapt the above discrete logarithm proof techniques to the lattice setting. To achieve our result, we introduce technical tools for design and analysis of algebraic lattice-based zero-knowledge proofs, which may be of independent interest.
Using our proof system as a building block, we design a short lattice-based ring signature scheme. Our scheme offers post-quantum security and practical usability in cryptocurrencies and e-voting systems. Even for a very large ring size such as 1 billion, our ring signature size is only 4.5 MB for 100-bit security level compared to 166 MB in the best existing lattice-based result by Libert et al. (EUROCRYPT '16).