IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
23 September 2018
Haibat Khan, Benjamin Dowling, Keith M. Martin
Varun Narayanan, Vinod M. Prabahakaran
Johannes Bl{\"o}mer, Fabian Eidens, Jakob Juhnke
To achieve this we rely on a general unforgeability and a simulation-based privacy definition that is stronger than standard indistinguishability-based privacy. Further, we show that two extant concrete ABS constructions satisfy this simulation-based privacy definition and are therefore UC secure. The two concrete constructions are the schemes by Sakai et al. (PKC'16) and by Maji et al. (CT-RSA'11). Additionally, we identify the common feature that allows these schemes to meet our privacy definition, giving us further insights into the security requirements of ABS.
Rouzbeh Behnia, Muslum Ozgur Ozmen, Attila A. Yavuz, Mike Rosulek
Sanjam Garg, Romain Gay, Mohammad Hajiabadi
-- The first construction of lossy TDFs based on the Decisional Diffie-Hellman (DDH) assumption with image size linear in input size, while retaining the lossiness rate of [Peikert-Waters STOC 2008].
-- The first construction of deterministic-encryption schemes for block-source inputs (both for the CPA and CCA cases) based on the Computational Diffie-Hellman (CDH) assumption. Moreover, by applying our efficiency-enhancing techniques, we obtain CDH-based schemes with ciphertext size linear in plaintext size.
Prior to our work, all DDH-based constructions of lossy TDFs had image size quadratic in input size. Moreover, all previous constructions of deterministic encryption based even on the stronger DDH assumption incurred a quadratic gap between the ciphertext and plaintext sizes. At a high level, we break the previous quadratic barriers by introducing novel techniques for encoding input bits via hardcore output bits with the use of erasure-resilient codes. All previous schemes used group elements for encoding input bits, resulting in quadratic blowup.
Si Gao, Elisabeth Oswald, Hua Chen, Wei Xi
George Teseleanu
Andrey Bogdanov, Matthieu Rivain, Philip S. Vejre, Junwei Wang
The $\textit{DCA adversary}$ is $\textit{passive}$, and so does not exploit the full power of the white-box setting, implying that many white-box schemes are insecure even in a weaker setting than the one they were designed for. An important problem is therefore how to develop implementations which are resistant to this attack. A natural approach is to apply standard side-channel countermeasures such as $\textit{masking}$ and $\textit{shuffling}$. In this paper, we study the security brought by this approach against the DCA adversary. We show that under some necessary conditions on the underlying randomness generation, these countermeasures provide resistance to standard (first-order) DCA. Furthermore, we introduce $\textit{higher-order DCA}$, and analyze the security of the countermeasures against this attack. This attack is enhanced by introducing a $\textit{multivariate}$ version based on the maximum likelihood approach. We derive analytic expressions for the complexity of the attacks which are backed up through extensive attack experiments. As a result, we can quantify the security level of a masked and shuffled implementation in the (higher-order) DCA setting. This enables a designer to choose appropriate implementation parameters in order to obtain the desired level of protection against passive DCA attacks.
22 September 2018
Information Security Group (ISG), Royal Holloway University of London
Applications are invited for the post of Lecturer in the Information Security Group (ISG) at Royal Holloway, University of London.
The post holder will contribute to the research and teaching of the ISG and will be expected to work as part of the Smart Card and IoT Security Centre (see https://scc.rhul.ac.uk). The applicant will have a research profile that fits the wide range of research undertaken within the ISG (https://www.royalholloway.ac.uk/research-and-teaching/departments-and-schools/information-security/research/our-research-areas/) but we are particularly interested in applicants who will be able to drive forward research related to the Internet of Things (IoT) and cyber physical system security. The applicant should ideally have experience in the creation and/or revision, delivery and assessment of postgraduate (MSc) and undergraduate teaching modules across a range of topics in information/cyber security.
Applicants should have a Ph.D. and research in the discipline and have a sound knowledge of information/cyber security. Applicants should be able to demonstrate an enthusiasm for research as well as teaching and communicating with diverse audiences, as well as a good awareness of contemporary issues relating to cyber security.
This is a full time permanent post, with a preferred start date as soon as possible, although there is some flexibility. This post is based in Egham, Surrey, where the College is situated in a beautiful, leafy campus near to Windsor Great Park and within commuting distance from London.
For an informal discussion about the post, please contact the head of department, Peter Komisarczuk peter.komisarczuk (at) rhul.ac.uk or the director of the Smart Card and IoT Centre, Kostas Markantonakis K.Markantonakis (at) rhul.ac.uk.
Closing date for applications: 30 September 2018
Contact:
Peter Komisarczuk, Head of Department, Information Security Group, School of Mathematics and Information Security, Royal Holloway University of London, Egham, Surrey, TW20 0EX, UK. Email: peter.komisarczuk (at) rhul.ac.uk Tel: +44 (0)784443089.
More information: https://jobs.royalholloway.ac.uk/vacancy.aspx?ref=0818-357
University of Texas at San Antonio
The Department of Computer Science at the University of Texas at San Antonio (UTSA) is seeking a dynamic Department Chair that can lead a department of preeminence in an extraordinary diverse University that is focused on a significant expansion of its research mission. The Department seeks exceptional candidates with (1) a record of high quality scholarship and competitive research with federal, state, and industry funding, (2) experience and leadership in institutions of higher education, industry, or professional organizations, (3) an understanding of pedagogies that will lead to student success and excellence in undergraduate and graduate teaching, (4) experience leading interdisciplinary teams, and (5) mentorship experience and a commitment to inclusion and diversity. The University of Texas at San Antonio is designated a National Center of Academic Excellence in Cyber Operations and has just been approved for $70 million in funding to construct two new facilities – A National Security Collaboration Center and a proposed School of Data Science. The Computer Science Department has 23 full-time faculty, 8 full-time lecturers, 1,300 undergraduate students, 70 M.S., and 60 Ph.D. students. The successful candidate must have a doctorate in computer science or closely related field, with outstanding research and teaching records that warrant an appointment at the rank of full professor with tenure. Tenure is contingent upon Board of Regents approval.
See http://apptrkr.com/1295217 for information on the Department and application instructions. Screening of applications will begin on November 15, 2018. The search will continue until the position is filled or the search is closed. The University of Texas at San Antonio is an Affirmative Action/Equal Opportunity Employer. Women, minorities, veterans, and individuals with disabilities are encouraged to apply.
Closing date for applications:
More information: http://apptrkr.com/1295217
Dea Saka Kurnia Putra, Mohamad Ali Sadikin, Susila Windarta
Liron David, Avishai Wool
Saikrishna Badrinarayanan, Rex Fernando, Venkata Koppula, Amit Sahai, Brent Waters
We then show interesting implications of the above result to basic feasibility questions in the areas of secure multiparty computation (MPC) and indistinguishability obfuscation (iO):
1. Compact MPC for Turing Machines in the Random Oracle Model: In the context of MPC, we consider the following basic feasibility question: does there exist a malicious-secure MPC protocol for Turing Machines whose communication complexity is independent of the running time and output length of the Turing Machine when executed on the combined inputs of all parties? We call such a protocol as a compact MPC protocol. Hubacek and Wichs [HW15] showed via an incompressibility argument, that, even for the restricted setting of circuits, it is impossible to construct a malicious secure two party computation protocol in the plain model where the communication complexity is independent of the output length. In this work, we show how to evade this impossibility by compiling any (non-compact) MPC protocol in the plain model to a compact MPC protocol for Turing Machines in the Random Oracle Model, assuming output-compressing randomized encodings in the shared randomness model.
2. Succinct iO for Turing Machines in the Shared Randomness Model: In all existing constructions of iO for Turing Machines, the size of the obfuscated program grows with a bound on the input length. In this work, we show how to construct an iO scheme for Turing Machines in the shared randomness model where the size of the obfuscated program is independent of a bound on the input length, assuming iO for circuits and any assumption in the set {LWE, DDH, Nth Residuosity}.
Lauren De Meyer, Oscar Reparaz, Begül Bilgin
Antonio Faonio, Dario Fiore
Back in 2002, Golle et al. proposed a new concept of mixing network, called optimistic mixing, that allows for fast mixing when all the parties execute the protocol honestly. If, on the other hand, one or more mix-servers cheat, then the attack is recognized and one can back up to a different, slow mix-net.
Unfortunately, Abe and Imai (ACISP'03) and independently Wikström (SAC'03) showed several major flaws in the optimistic protocol of Golle et al. In this work, we give another look at optimistic mixing networks. Our contribution is mainly threefold. First, we give formal definitions for optimistic mixing in the UC model. Second, we propose a compiler for obtaining a UC-secure mixing network by combining an optimistic mixing with a traditional mixing protocol as backup mixing. Third, we propose an efficient UC-secure realization of optimistic mixing based on the DDH assumption in the non-programmable random oracle model. As a key ingredient of our construction, we give a new randomizable replayable-CCA secure public key encryption (PKE) that outperforms in efficiency all previous schemes. We believe this result is of independent interest.
Avi Asayag, Gad Cohen, Ido Grayevsky, Maya Leshkowitz, Ori Rottenstreich, Ronen Tamari, David Yakira
Nils Wisiol, Marian Margraf
Justin Holmgren, Ron D. Rothblum
Assuming (sub-exponential) LWE, we construct a one-round argument-system for proving the correctness of any time $T$ and space $S$ RAM computation, in which both the verifier and prover are highly efficient. The verifier runs in time $n \cdot polylog(T)$ and space $polylog(T)$, where $n$ is the input length. Assuming $S \geq \max(n,polylog(T))$, the prover runs in time $\tilde{O}(T)$ and space $S + o(S)$, and in many natural cases even $S+polylog(T)$. Our solution uses somewhat homomorphic encryption but, surprisingly, only requires homomorphic evaluation of arithmetic circuits having multiplicative depth (which is a main bottleneck in homomorphic encryption) $\log_2\log(T)+O(1)$.
Prior works based on standard assumptions had a $T^c$ time prover, where $c \geq 3$ (at the very least). As for the space usage, we are unaware of any work, even based on non-standard assumptions, that has space usage $S+polylog(T)$.
Along the way to constructing our delegation scheme, we introduce several technical tools that we believe may be useful for future work.
Archita Agarwal, Maurice Herlihy, Seny Kamara, Tarik Moataz
We show how to design an EDB that supports private histogram queries. As a building block, we introduce a differentially-private encrypted counter based on the binary mechanism of Chan et al. (ICALP, 2010). We then carefully combine multiple instances of this counter with a standard encrypted database scheme to support differentially-private histogram queries.
Christian Rechberger, Hadi Soleimany, Tyge Tiessen
In this paper, we demonstrate that the attacks considered by the designers of LowMC in the version 2 of the round-formular were not sufficient to fend off all possible attacks. In the case of instantiations of LowMC with one of the most useful settings, namely with few applied S-boxes per round and only low allowable data complexities, efficient attacks based on difference enumeration techniques can be constructed. We show that it is most effective to consider tuples of differences instead of simple differences, both to increase the range of the distinguishers and to enable key recovery attacks. All applications for LowMC we are aware of, including signature schemes like Picnic and more recent (ring/group) signature schemes have used version 3 of the round formular for LowMC, which takes our attack already into account.