IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
26 October 2018
Ittai Abraham, Srinivas Devadas, Danny Dolev, Kartik Nayak, Ling Ren
ePrint ReportDiana Maimut, George Teseleanu
ePrint ReportChitchanok Chuengsatiansup, Chloe Martindale
ePrint ReportYanan Bai, Jingwei Chen, Yong Feng, Wenyuan Wu
ePrint ReportSinisa Matetic, Karl Wüst, Moritz Schneider, Ian Miers, Kari Kostiainen, Srdjan Capkun
ePrint ReportJaehun Kim, Stjepan Picek, Annelie Heuser, Shivam Bhasin, Alan Hanjalic
ePrint ReportLiang Wang, Gilad Asharov, Rafael Pass, Thomas Ristenpart, abhi shelat
ePrint ReportTo do so, we first introduce secure channel injection (SCI) protocols. These allow one party (in our setting, the blind CA) to insert a private message into another party's encrypted communications. We construct an efficient SCI protocol for communications delivered over TLS, and use it to realize anonymous proofs of account ownership for SMTP servers. Combined with a zero-knowledge certificate signing protocol, we build the first blind CA that allows Alice to obtain a X.509 certificate binding her email address alice@domain.com to a public key of her choosing without ever revealing ``alice'' to the CA. We show experimentally that our system works with standard email server implementations as well as Gmail.
25 October 2018
CHES
24 October 2018
Centre for Secure Information Technologies (CSIT), Queen’s University Belfast, UK
Job PostingOur Centre is host to the UK Research Institute in Secure Hardware and Embedded Systems (RISE: www.ukrise.org) and is recognised by NCSC as an Academic Centre of Excellence (ACE) in Cyber Security Research.
We are after a passionate and motivated academic with leadership experience in the areas of Cloud/Network Security, Hardware/Software Security and/or Security Analytics. We are particularly interested if you have a credible track record of technology transfer and delivering impact from your research. In return, you will have access to outstanding teaching and research facilities and opportunities to work with vibrant engineering and commercial teams to translate your research into impact.
We are seeking candidates with research experience (commensurate with career stage) in one or more of the following areas:
• Cloud/Network Security: security and privacy of cloud computing, application layer DDoS detection/mitigation, Web Application Firewall (WAF), network/cloud intrusion detection/prevention, malware and security models for trusted execution on the cloud.
• Software Security: Security protocol and crypto algorithm implementation, instruction set extensions for crypto, software analysis, and/or software vulnerability detection.
• Hardware Security: Micro-architectural security, SCA, Hardware Trojans, or PUF.
• Security Analytics: AI for Cybersecurity intelligence automation and threat response automation (data-fusion); or AI technologies for cyber-social-physical security. Including deep learning, particularly adversarial, graph mining, and reasoning with uncertainty.
Closing date for applications: 22 November 2018
Contact: Professor Máire O\'Neill, Email: m.oneill (at) ecit.qub.ac.uk
More information: https://hrwebapp.qub.ac.uk/tlive_webrecruitment/wrd/run/ETREC107GF.open?VACANCY_ID=862841AHAI&WVID=6273090Lgx&LANG=USA
Centre for Secure Information Technologies (CSIT), Queen’s University Belfast, UK
Job PostingOur Centre is host to the UK Research Institute in Secure Hardware and Embedded Systems (RISE: www.ukrise.org) and is recognised by NCSC as an Academic Centre of Excellence (ACE) in Cyber Security Research.
We are looking for passionate and motivated academics with experience in Cloud/Network Security, Hardware/Software Security and/or Security Analytics. We seek candidates who are interested in delivering impact from their research and have a record of technology transfer appropriate to career stage. In return, you will have access to outstanding teaching and research facilities and opportunities to work with vibrant engineering and commercial teams to translate your research into impact.
More specifically, we are seeking candidates with research experience (commensurate with career stage) in one or more of the following areas:
• Cloud/Network Security: security and privacy of cloud computing, application layer DDoS detection/mitigation, Web Application Firewall (WAF), network/cloud intrusion detection/prevention, malware and security models for trusted execution on the cloud.
• Software Security: Security protocol and crypto algorithm implementation, instruction set extensions for crypto, software analysis, and/or software vulnerability detection.
• Hardware Security: Micro-architectural security, SCA, Hardware Trojans, or PUF.
• Security Analytics: AI for Cybersecurity intelligence automation and threat response automation (data-fusion); or AI technologies for cyber-social-physical security. Including deep learning, particularly adversarial, graph mining, and reasoning with uncertainty.
Closing date for applications: 22 November 2018
Contact: Professor Máire O\'Neill, Email:m.oneill (at) ecit.qub.ac.uk
More information: https://hrwebapp.qub.ac.uk/tlive_webrecruitment/wrd/run/ETREC107GF.open?VACANCY_ID=411772AHKd&WVID=6273090Lgx&LANG=USA
Centre for Secure Information Technologies (CSIT), Queen’s University Belfast, UK
Job Posting
Applicants must have at least a 2:1 Honours Degree in Electrical and Electronics Engineering, Computer Science, Mathematics or closely related discipline and a PhD, or expect, within 6 months, to obtain a PhD, in a relevant subject. At least 3 years relevant research experience in one or more of the following is essential: embedded systems design; FPGA or ASIC hardware design; integrated hardware/software design. Evidence of a strong publication record commensurate with career stage and experience is also essential.
Closing date for applications: 7 November 2018
Contact: Maire O\'Neill
More information: https://www.qub.ac.uk/sites/QUBJobVacancies/ResearchJobs/
University of Derby, Derby, UK
Job Posting
Closing date for applications: 18 November 2018
More information: https://www.derby.ac.uk/research/degrees/applicants/studentship-and-funding-opportunities/et-phd-studentship---iot-solut
Jérémy Chotard, Edouard Dufour Sans, Romain Gay, Duong Hieu Phan, David Pointcheval
ePrint ReportSaikrishna Badrinarayanan, Abhishek Jain, Rafail Ostrovsky, Ivan Visconti
ePrint ReportAll previous solutions to this problem necessarily rely upon OT (or specific number-theoretic assumptions) even in the common reference string model or the random oracle model or to achieve weaker notions of security such as super-polynomial-time simulation.
In this work, we construct a NISC protocol based on the minimal assumption of one way functions, in the stateless hardware token model. Our construction achieves UC security and requires a single token sent by the receiver to the sender.
Chloé Hébant, Duong Hieu Phan, David Pointcheval
ePrint ReportMatthias J. Kannwischer, Joost Rijneveld, Peter Schwabe
ePrint ReportGeorgios Fotiadis, Elisavet Konstantinou
ePrint ReportGerben Geltink
ePrint ReportMarshall Ball, Dana Dachman-Soled, Mukul Kulkarni, Huijia Lin, Tal Malkin
ePrint ReportWhile it is impossible to construct NMC secure against arbitrary polynomial-time tampering (Dziembowski, Pietrzak, Wichs, ICS '10), the existence of NMC secure against $O(n^c)$-time tampering functions (for any fixed $c$), was shown (Cheraghchi and Guruswami, ITCS '14) via a probabilistic construction. An explicit construction was given (Faust, Mukherjee, Venturi, Wichs, Eurocrypt '14) assuming an untamperable CRS with length longer than the runtime of the tampering function. In this work, we show that under computational assumptions, we can bypass these limitations. Specifically, under the assumptions listed above, we obtain non-malleable codes in the plain model against $O(n^c)$-time tampering functions (for any fixed $c$), with codeword length independent of the tampering time bound.
Our new construction of NMC draws a connection with non-interactive non-malleable commitments. In fact, we show that in the NMC setting, it suffices to have a much weaker notion called quasi non-malleable commitments---these are non-interactive, non-malleable commitments in the plain model, in which the adversary runs in $O(n^c)$-time, whereas the honest parties may run in longer (polynomial) time. We then construct a 4-tag quasi non-malleable commitment from any sub-exponential OWF and the assumption that $\mathbf{E}$ is hard for some exponential size $\mathbf{NP}$-circuits, and use tag amplification techniques to support an exponential number of tags.