IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
14 October 2018
Alexander Chepurnoy, Charalampos Papamanthou, Yupeng Zhang
Laurent Grémy
Carl Bootland, Wouter Castryck, Frederik Vercauteren
Finally, we also show that optimizing module-LWE cryptosystems by introducing an extra ring structure as is common practice to optimize LWE, often results in a total breakdown of security.
Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, Kenny Paterson
Our main attack targets reconstruction of database counts and involves a novel graph-theoretic approach. It generally succeeds when $R$, the number of records, exceeds $N^2/2$, where $N$ is the number of possible values in the database. For a uniform query distribution, we show that it requires volume leakage from only $O(N^2 \log N)$ queries (cf.\ $O(N^4 \log N)$ in prior work).
We present two ancillary attacks. The first identifies the value of a new item added to a database using the volume leakage from fresh queries, in the setting where the adversary knows or has previously recovered the database counts. The second shows how to efficiently recover the ranges involved in queries in an online fashion, given an auxiliary distribution describing the database.
Our attacks are all backed with mathematical analyses and extensive simulations using real data.
Saud Al Musa, Guangwu Xu
Zhen Liu, Duncan S. Wong
In this paper, we propose a framework to transform existing and (possibly) future ABE schemes to their traceable counterparts in a generic manner. In particular, by specifying some requirements on the structure of the ABE constructions, we propose an ABE template, and show that any ABE scheme satisfying this template can be transformed to a fully collusion-resistant blackbox traceable ABE scheme in a generic manner, at the cost of sublinear overhead, while keeping the appealing properties, such as fine-grained access control on encrypted data, highly expressive access policy, short ciphertext, and so on. We prove the security in the framework all in the standard model, and we present a couple of existing ABE schemes with appealing properties as examples that do satisfy our ABE template.
Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, Howard Wu
We design, implement, and evaluate ZEXE, a ledger-based system where users can execute offline computations and subsequently produce transactions, attesting to the correctness of these computations, that satisfy two main properties. First, transactions hide all information about the offline computations. Second, transactions can be validated by anyone in constant time, regardless of the offline computation.
The core of ZEXE is a protocol for a new cryptographic primitive that we introduce, *decentralized private computation* (DPC). The security guarantees of DPC are concisely expressed via an ideal functionality, which our protocol provably achieves. In order to achieve an efficient implementation of our protocol, we leverage tools in the area of cryptographic proofs, including succinct zero knowledge proofs and recursive proof composition. Overall, transactions in ZEXE are 968 bytes *regardless of the offline computation*, and generating them takes less than 2 minutes plus a time that grows with the offline computation.
To facilitate real-world deployments, ZEXE also provides support for delegating the process of producing a transaction to an untrusted worker, and support for threshold transactions and blind transactions.
Shaofeng Zhu, Hua Chen, Limin Fan, Meihui Chen, Wei Xi, Dengguo Feng
Anne Broadbent, Sevag Gharibian, Hong-Sheng Zhou
Here, we propose a scheme for using quantum information, together with the assumption of stateless (i.e., reusable) hardware tokens, to build statistically secure OTMs. Via the semidefinite programming-based quantum games framework of Gutoski and Watrous [STOC 2007], we prove security for a malicious receiver, against a linear number of adaptive queries to the token, in the quantum universal composability framework. We prove stand-alone security against a malicious sender, but leave open the question of composable security against a malicious sender, as well as security against a malicious receiver making a polynomial number of adaptive queries. Compared to alternative schemes derived from the literature on quantum money, our scheme is technologically simple since it is of the prepare-and-measure type. We also show our scheme is tight according to two scenarios.
13 October 2018
IACR Youtube Channel
ETH Zurich
The successful candidate will build a leading research programme in the area of computing architectures that addresses security concerns (data integrity, user authentication, and privacy) from a hardware perspective. Topics of interest include, but are not limited to, the development of architectures designed with both performance and security in mind, such as specific hardware implementations for computing on encrypted data, efficient post-quantum cryptography and novel hardware solutions to prevent side-channel (power, timing) attacks. He or she is expected to collaborate and interact with colleagues in the department and at ETH Zurich, benefiting from strong activities on integrated circuits (e.g. the Microelectronic Design Center) and on security and privacy (e.g. the Zurich Information Security and Privacy Center).
Closing date for applications: 15 January 2019
Contact: Applications through online forms from the URL below:
More information: https://bit.ly/2CGCTXg
University of Washington, Tacoma
Network and Internet Security
Principles of Cybersecurity
Information Assurance, Risk Management and Security Strategies
Cybersecurity Management
Server-Side Web Programming
Database Systems Design & Administration
Network and System Administration
Course description can be found at: https://www.washington.edu/students/crscatt/tcsl.html, and
https://www.washington.edu/students/crscatt/tinfo.html
Screening of applications will begin on December 15, 2018, and will continue until the position is filled. Salary is competitive and will be commensurate with experience and qualifications. For additional information, please contact MCL/IT Lecturer Search Committee at mcl (at) uw.edu.
Required Education:
This position requires a minimum of an MS or foreign equivalent in Cybersecurity, Information Technology, or a related field at the time of appointment.
Required Work Experience:
This position requires at least 1 year of teaching experience in Cybersecurity/ Information Technology-related areas.
Application Instructions
Curriculum Vitae
A cover letter including:
A list of courses in which you feel qualified for teaching
Evidence of prior teaching success
Statement about demonstrated commitment to diversity in teaching, mentoring, and/or service
Contact information for three references
Closing date for applications: 31 March 2019
More information: http://apply.interfolio.com/53684
University of Duisburg-Essen
For the DFG Collaborative Research Center CRC 1119 CROSSING (Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments) the University Duisburg-Essen, Faculty of Business Administration and Economics, Department Computer Science, Working Group Computer Science with focus on Secure Software Systems at Campus Essen seeks to hire one Research Assistant / PhD Student (full position, salary based on E-13 TV-L, federal state salary rate)
Description of Position:
Conducting research in computer security, especially in the areas of Trusted Computing technologies (remote attestation), system and software security, mobile security, hardware security, IoT security. Opportunity for further qualification (doctoral dissertation) is given.
The desired qualifications include
- very good programming skills, especially in system-level programming (C, C++, Assembler)
- very good background in system and software security
- additional background in one of the following areas: hardware programming, side channel attacks, reverse-engineering
All candidates must have an excellent M.Sc./Diploma degree in computer science, computer security, or related fields, and must show high motivation and interest in creative conceptual and practical work.
More information on how to apply can be found at the website of the Secure Software Systems research group.
Closing date for applications: 30 November 2018
Contact: Prof. Lucas Davi
More information: https://www.syssec.wiwi.uni-due.de/en/team/open-positions/
KU Leuven, Belgium
We are looking for a Ph.D. student to work on the FWO research project ESCALATE (Efficient and Scalable Algorithms for Large Flow Detection) in cooperation with and coordinated by ETH Zurich. The project starts on February 1 and has a duration of 4 years. The objectives of the project are two-fold:
- To develop novel algorithms for efficient in-network large-flow detection. This is important for QoS (Quality of Service) schemes and DDoS (Distributed Denial of Service) defense mechanisms.
- To decrease the detection overhead through FPGA acceleration, and to enable dynamic adaptation to ?ow distribution at run-time.
The applicant will mainly work on objective 2 in collaboration with the Ph.D. student at ETH Zurich that will be working on objective 1.
Research group
This project will be carried out as a Ph.D. project within the group of Associate Professor dr. Nele Mentens. The applicant will be a member of the ES&S (Embedded Systems & Security) group on Campus Diepenbeek and the COSIC (Computer Security and Industrial Cryptography) group in Leuven. This is the perfect setting to benefit from the decades of experience in data security and hardware design in both groups.
Profile
Candidates must hold a master’s degree in electronics engineering or computer engineering, have good grades, experience in FPGA design and a keen interest in security. We prefer candidates who can demonstrate that they have developed their research skills during their master’s studies. Adequate English (written and verbal communication) for scientific interactions is required.
Closing date for applications: 9 November 2018
Contact: Nele Mentens, Associate Professor, nele.mentens (at) kuleuven.be
More information: https://www.kuleuven.be/personeel/jobsite/jobs/54883962?hl=en&lang=en
Simula UiB
Closing date for applications: 30 November 2018
Contact: Håvard Raddum
email: haavardr (at) simula.no
More information: https://www.simula.no/about/job/call-phd-students-cryptography-simula-uib
University of South Florida
Ph.D. in Mathematics or a closely-related field is required, with preference in disciplines related to Cryptography/Cybersecurity (e.g., Algebra, Number Theory, Algebraic Geometry, Combinatorics, etc.). Applications from individuals who are ABD will be accepted, but the degree must be conferred by appointment start date.
Closing date for applications: 15 November 2018
Contact: Denise Marks: denise (at) usf.edu
More information: http://www.math.usf.edu/about/18548/
Changhai Ou, Xinping Zhou, Siew-Kei Lam
12 October 2018
Iasi, Romania, 7 December - 8 December 2018
Submission deadline: 26 October 2018
Notification: 5 November 2018
Toronto, Canada, 4 June - 6 June 2019
Submission deadline: 10 February 2019
Notification: 8 April 2019
09 October 2018
Dennis Hofheinz
In this work, we construct the first public-key encryption scheme that is KDM-secure against active adversaries and has compact ciphertexts. As usual, we allow only circular key dependencies, meaning that encryptions of arbitrary *entire* secret keys under arbitrary public keys are considered in a multi-user setting.
Technically, we follow the approach of Boneh, Halevi, Hamburg, and Ostrovsky (Crypto 2008) to KDM security, which however only achieves security against passive adversaries. We explain an inherent problem in adapting their techniques to active security, and resolve this problem using a new technical tool called ``lossy algebraic filters'' (LAFs). We stress that we significantly deviate from the approach of Camenisch, Chandran, and Shoup to obtain KDM security against active adversaries. This allows us to develop a scheme with compact ciphertexts that consist only of a constant number of group elements.