International Association
for Cryptologic Research

A secret sharing scheme allows a dealer to share a secret among a set of $n$ parties such that any authorized subset of the parties can recover the secret, while any unauthorized subset of the parties learns no information about the secret. A local leakage-resilient secret sharing scheme (introduced in independent works by (Goyal and Kumar, STOC 18) and (Benhamouda, Degwekar, Ishai and Rabin, Crypto 18)) additionally requires the secrecy to hold against every unauthorized set of parties even if they obtain some bounded local leakage from every other share. The leakage is said to be local if it is computed independently for each share. So far, the only known constructions of local leakage resilient secret sharing schemes are for threshold access structures for very low ($O(1)$) or very high ($n -o(\log n)$) thresholds.

In this work, we give a compiler that takes a secret sharing scheme for any monotone access structure and produces a local leakage resilient secret sharing scheme for the same access structure, with only a constant-factor blow-up in the sizes of the shares. Furthermore, the resultant secret sharing scheme has optimal leakage-resilience rate i.e., the ratio between the leakage tolerated and the size of each share can be made arbitrarily close to $1$. Using this secret sharing scheme as the main building block, we obtain the following results:

1. Rate Preserving Non-Malleable Secret Sharing: We give a compiler that takes any secret sharing scheme for a 4-monotone access structure with rate $R$ and converts it into a non-malleable secret sharing scheme for the same access structure with rate $\Omega(R)$. The prior such non-zero rate construction (Badrinarayanan and Srinivasan, 18) only achieves a rate of $\Theta(R/{t_{\max}\log^2 n})$, where $t_{\max}$ is the maximum size of any minimal set in the access structure. As a special case, for any threshold $t \geq 4$ and an arbitrary $n \geq t$, we get the first constant rate construction of $t$-out-of-$n$ non-malleable secret sharing.

2. Leakage-Tolerant Multiparty Computation for General Interaction Pattern: For any function, we give a reduction from constructing leakage-tolerant secure multi-party computation protocols obeying any interaction pattern to constructing a secure (and not necessarily leakage-tolerant) protocol for a related function obeying the star interaction pattern. This improves upon the result of (Halevi et al., ITCS 2016), who constructed a protocol that is secure in a leak-free environment.

We explore a Byzantine Consensus protocol called Dfinity Consensus, recently published in a technical report. Dfinity Consensus solves synchronous state machine replication among $n = 2f + 1$ replicas with up to $f$ Byzantine faults. We provide a succinct explanation of the core mechanism of Dfinity Consensus to the best of our understanding. We prove the safety and liveness of the protocol specification we provide. Our complexity analysis of the protocol reveals the follows. The protocol achieves expected $O(f \times \Delta)$ latency against an adaptive adversary, (where \Delta is the synchronous bound on message delay), and expected $O(\Delta)$ latency against a mildly adaptive adversary. In either case, the communication complexity is unbounded. We then explain how the protocol can be modified to reduce the communication complexity to $O(n^3)$ in the former case, and to $O(n^2)$ in the latter.

P2P file sharing systems require proper incentive mechanisms to encourage active data sharing. However, traditional incentives based on reputation, credit or tit-for-tat are still challenged by free riding and whitewashing. We explore solutions based on blockchain, which is the new emerged decentralized trustful public ledger, and propose a blockchain-based file sharing incentive mechanism leveraged by cryptocurrency and smart contracts. In the proposed scheme, a file is sliced into pieces. A user who downloads data will request pieces with randomized order and directly pay for each piece. With the analysis in game theoretic models, rational players intend to cooperate in the procedure. We also evaluate the approach with simulations and experiments.

We envision that our solution is not only promising for P2P file sharing but also a stepping stone for general data sharing applications over the public blockchain.

In the Journal of Cryptology (25(1): 158-193. 2012), Shai Halevi and Yael Kalai proposed a general framework for constructing two-message oblivious transfer protocols using smooth projective hashing. The authors asserts that this framework gives a simulation-based security guarantee when the sender is corrupted. Later this work has been believed to be half-simulatable in literatures. In this paper, we show that the assertion is not true and present our ideas to construct a fully-simulatable oblivious transfer framework.

Formulating and designing unforgeable authentication of classical messages in the presence of quantum adversaries has been a challenge, as the familiar classical notions of unforgeability do not directly translate into meaningful notions in the quantum setting. A particular difficulty is how to fairly capture the notion of ``predicting an unqueried value'' when the adversary can query in quantum superposition. In this work, we uncover serious shortcomings in existing approaches, and propose a new definition. We then support its viability by a number of constructions and characterizations. Specifically, we demonstrate a function which is secure according to the existing definition by Boneh and Zhandry, but is clearly vulnerable to a quantum forgery attack, whereby a query supported only on inputs that start with $0$ divulges the value of the function on an input that starts with $1$. We then propose a new definition, which we call ``blind-unforgeability'' (or BU.) This notion matches ``intuitive unpredictability'' in all examples studied thus far. It defines a function to be predictable if there exists an adversary which can use ``partially blinded'' oracle access to predict values in the blinded region. Our definition (BU) coincides with standard unpredictability (EUF-CMA) in the classical-query setting. We show that quantum-secure pseudorandom functions are BU-secure MACs. In addition, we show that BU satisfies a composition property (Hash-and-MAC) using ``Bernoulli-preserving'' hash functions, a new notion which may be of independent interest. Finally, we show that BU is amenable to security reductions by giving a precise bound on the extent to which quantum algorithms can deviate from their usual behavior due to the blinding in the BU security experiment.

An important prerequisite for Side-channel Attack (SCA) is leakage sampling where the side-channel measurements (e.g. power traces) of the cryptographic device are collected for further analysis. However, as the operating frequency of cryptographic devices continues to increase due to advancing technology, leakage sampling will impose higher requirements on the sampling equipment. This paper undertakes the first study to show that effective leakage sampling can be achieved without relying on sophisticated equipments through Compressive Sensing (CS). In particular, CS can obtain low-dimensional samples from high-dimensional power traces by simply projecting the useful information onto the observation matrix. The leakage information can then be reconstructed in a workstation for further analysis. With this approach, the sampling rate to obtain the side-channel measurements is no longer limited by the operating frequency of the cryptographic device and Nyquist sampling theorem. Instead it depends on the sparsity of the leakage signal. Our study reveals that there is large amount of information redundancy in power traces obtained from the leaky device. As such, CS can employ a much lower sampling rate and yet obtain equivalent leakage sampling performance, which significantly lowers the requirement of sampling equipments. The feasibility of our approach is verified theoretically and through experiments.

In this paper we present an extension of Pseudonymous Signature introduced by the German Federal BSI authority as a part of technical recommendations for electronic identity documents. Without switching to pairing friendly groups we enhance the scheme so that: (a) the issuer does not know the private keys of the citizen (so it cannot impersonate the citizen), (b) a powerful adversary that breaks any number of ID cards created by the Issuer cannot forge new cards that could be proven as fake ones, (c) deanonymization of the pseudonyms used by a citizen is a multi-party protocol, where the consent of each authority is necessary to reveal the identity of a user. (d) we propose extended features concerning fully anonymous signatures and a pragmatic revocation approach. (e) we present an argument for unlinkability (cross-domain anonymity) of the presented schemes. In this way we make a step forwards to overcome the substantial weaknesses of the Pseudonymous Signature scheme. Moreover, the extension is on top of the original scheme with relatively small number of changes, following the strategy of reusing the previous schemes -- thereby reducing the costs of potential technology update.

In this work we present a collection of compilers that take secret sharing schemes for an arbitrary access structures as input and produce either leakage-resilient or non-malleable secret sharing schemes for the same access structure. A leakage-resilient secret sharing scheme hides the secret from an adversary, who has access to an unqualified set of shares, even if the adversary additionally obtains some size-bounded leakage from all other secret shares. A non-malleable secret sharing scheme guarantees that a secret that is reconstructed from a set of tampered shares is either equal to the original secret or completely unrelated. To the best of our knowledge we present the first generic compiler for leakage-resilient secret sharing for general access structures. In the case of non-malleable secret sharing, we strengthen previous definitions, provide separations between them, and construct a non-malleable secret sharing scheme for general access structures that fulfills the strongest definition with respect to independent share tampering functions. More precisely, our scheme is secure against concurrent tampering: The adversary is allowed to (non-adaptively) tamper the shares multiple times, and in each tampering attempt can freely choose the qualified set of shares to be used by the reconstruction algorithm to re-construct the tampered secret. This is a strong analogue of the multiple-tampering setting for split-state non-malleable codes and extractors.

We show how to use leakage-resilient and non-malleable secret sharing schemes to construct leakage-resilient and non-malleable threshold signatures. Classical threshold signatures allow to distribute the secret key of a signature scheme among a set of parties, such that certain qualified subsets can sign messages. We construct threshold signature schemes that remain secure even if an adversary leaks from or tampers with all secret shares.

This paper proposes Functional Analysis attacks on state of the art Logic Locking algorithms (abbreviated as FALL attacks). FALL attacks have two stages. The first stage identifies nodes involved in the locking functionality and analyzes functional properties of these nodes to shortlist a small number of candidate locking keys. In many cases, this shortlists exactly one locking key, so no further analysis is needed. However, if more than one key is shortlisted, the second stage introduces a SAT-based algorithm to identify the correct locking key from a list of alternatives using simulations on an unlocked circuit.

In comparison to past work, the FALL attack is more practical as it can often succeed (90% of successful attempts in our experiments) by only analyzing the locked netlist, without requiring oracle access to an unlocked circuit. Further, FALL attacks successfully defeat Secure Function Logic Locking (SFLL), the only locking algorithm that is resilient to known attacks on logic locking. Our experimental evaluation shows that FALL is able to defeat 65 out of 80 (81%) circuits locked using SFLL.

With the rapid development of information technology and the continuous evolution of personalized services, huge amounts of data are accumulated by the large Internet company in the process of serving users. Moreover, dynamic data interactions increase the intentional/unintentional privacy persistence in different information systems. However, the following problems such as the short board effect of privacy information preservation among different information systems and the difficulty of tracing the source of privacy violations are becoming more and more serious. Therefore, existing privacy preserving schemes cannot provide a systematic preservation. In this paper, we pay attention to the links of information lifecycle, such as information collection, storage, processing, distribution and destruction. Then we propose the theory of privacy computing and the key technology system, including privacy computing framework, formal definition of privacy computing, four principles that should be followed in privacy computing, algorithm design criteria, evaluation of privacy preserving effect, privacy computing language and so on. Finally, we employ four application scenarios to describe the universal application of privacy computing and prospect of the future research trends. It is expected to guide the theoretical research on user's privacy preservation under open environments.

A threshold secret sharing scheme (with threshold $t$) allows a dealer to share a secret among a set of parties such that any group of $t$ or more parties can recover the secret and no group of at most $t-1$ parties learn any information about the secret. A non-malleable threshold secret sharing scheme, introduced in the recent work of Goyal and Kumar (STOC'18), additionally protects a threshold secret sharing scheme when its shares are subject to tampering attacks. Specifically, it guarantees that the reconstructed secret from the tampered shares is either the original secret or something that is unrelated to the original secret.

In this work, we continue the study of threshold non-malleable secret sharing against the class of tampering functions that tamper each share independently. We focus on achieving greater efficiency and guaranteeing a stronger security property. We obtain the following results:

- Rate Improvement. We give the first construction of a threshold non-malleable secret sharing scheme that has rate $> 0$. Specifically, for every $n,t \geq 4$, we give a construction of a $t$-out-of-$n$ non-malleable secret sharing scheme with rate $\Theta(\frac{1}{t\log ^2 n})$. In the prior constructions, the rate was $\Theta(\frac{1}{n\log m})$ where $m$ is the length of the secret and thus, the rate tends to 0 as $m \rightarrow \infty$. Furthermore, we also optimize the parameters of our construction and give a concretely efficient scheme.

- Multiple Tampering. We give the first construction of a threshold non-malleable secret sharing scheme secure in the stronger setting of bounded tampering wherein the shares are tampered by multiple (but bounded in number) possibly different tampering functions. The rate of such a scheme is $\Theta(\frac{1}{k^3t\log^2 n})$ where $k$ is an apriori bound on the number of tamperings. We complement this positive result by proving that it is impossible to have a threshold non-malleable secret sharing scheme that is secure in the presence of an apriori unbounded number of tamperings.

- General Access Structures. We extend our results beyond threshold secret sharing and give constructions of rate-efficient, non-malleable secret sharing schemes for more general monotone access structures that are secure against multiple (bounded) tampering attacks.

Data Science Program Director

Yeshiva University’s Katz School seeks a dynamic director to serve as academic and administrative lead for its graduate initiatives in Data Science and related programs.

Position Responsibilities:

• Provide transformative direction and oversight in teaching, research and community

• Oversee curriculum development, academic policies, and assessment

• Ensure student academic and professional success

• Lead faculty recruitment, hiring, development, and evaluation

• Recruit highly qualified students, with an expectation of significant program growth

• Obtain relevant industry affiliations and designations

• Raise the visibility of the Katz School and University

• Establish partnerships with local, regional, national, and international organizations

• Develop grants, contracts, philanthropy, and research development

• Manage budgets and resources

Required Experience & Educational Background:

• Master’s degree in data science, computer science, or related field

• Professional experience in data science or related fields

To apply, visit: http://apptrkr.com/1336277

About Us:

Founded in 1886, Yeshiva University (YU) has a strong tradition of combining Jewish scholarship with academic excellence and achievement in the liberal arts, sciences, medicine, law, business, social work, Jewish studies, education, psychology, and more. We seek to attract and retain engaged and committed individuals who contribute to an exciting working environment, where there is a sense of community and belonging, balanced with a significant cross section of people from diverse backgrounds working and studying together.

Yeshiva University is an equal opportunity employer committed to hiring minorities, women, individuals with disabilities and protected veterans.

Closing date for applications:

More information: http://apptrkr.com/1336277

We are looking for a bright post-doctoral researcher focusing in theoretical cryptography and more precisely verifiable delegation of computation to work on a collaborative project on cloud-assisted computing.

The position is fully funded for 2 years and it would be extended under conditions for 2 more.

The post-doc will be hired at the department of Computer Science and Engineering at Chalmers and will be working under the supervision of Prof. Katerina Mitrokotsa.

The preferred starting date is in April 2019.

To apply send an email with subject: post-doc in cryptography and the following documents:

- CV, research statement, list of publications and names of at least two referees

Closing date for applications: 5 January 2019

Contact: Katerina Mitrokotsa

Associate Professor,

Chalmers University of Technology

Department of Computer Science and Engineering,

Gothenburg, Sweden

More information: http://www.cse.chalmers.se/~aikmitr/

Applications are invited for a post-doctoral fellow (PDF) and a doctoral (PhD) student in one or more of these areas: cryptographic engineering or applied cryptography as they relate to blockchain technologies, cryptocurrencies and digital payments. The successful candidates will be working in Professor Anwar Hasan’s research group in the Department of Electrical and Computer Engineering at the University of Waterloo.

PDF applicants with a recent PhD in Computer/Electrical Engineering or Computer Science and publications at premium venues are encouraged to send their CVs and cover letters via email to ahasan at uwaterloo.ca.

PhD student applicants with mathematical maturity and research experience in cryptographic engineering or applied cryptography, who meet the admission requirements for the PhD program in Electrical and Computer Engineering at the University of Waterloo, are encouraged to apply online following this link https://uwaterloo.ca/electrical-computer-engineering/future-graduate-students/programs

Closing date for applications: 11 January 2019

The Canadian Institute for Cybersecurity (CIC) is a comprehensive multidisciplinary training, research and development, and entrepreneurial unit that draws on the expertise of researchers in the social sciences, business, computer science, engineering, law and science.

Position Description:

We are currently looking for PhD and Post-doc researchers to fill various roles within our cyber security research and projects.

Required skills and experience:

- A computer science degree (Master for PhD candidates, PhD for Post-doc candidates) with expertise in network and information security, networking, and other relevant research area. (completed by the start of appointment)

- Strong communication and writing skills.

- Ability to do independent research, as well as to work collaboratively with other team members.

Helpful skills and experience:

- Application development using Java and Python

- Technical abilities in systems design, coding, testing, debugging, and maintenance.

- Demonstrated experience with the design and implementation of large networked and security systems.

Applications will be considered until the available positions are filled. To apply please include your curriculum vitae and the following:

- Research experience (projects, publications, etc.)

- Two representative publications (post-doc candidates)

- Proof of language proficiency (international applicants)

- Contact information (email, address, phone) of three references

Closing date for applications: 30 April 2019

Contact:

Arash Habibi Lashkari, PhD

Assistant Professor and Research Coordinator

Canadian Institute for Cybersecurity (CIC)

University of New Brunswick (UNB)

Fredericton, NB, Canada

A.habibi.l (at) unb.ca

More information: http://www.unb.ca/cic

We are looking for a postdoctoral researcher to work on isogeny-based cryptography.

Previous work in this field would be a plus but is not required. Generally, a strong background in algorithmic number theory, cryptographic protocols, cryptanalysis and/or applied cryptography is sought.

The position is for up to 30 months.

Informal inquiries are welcome.

Closing date for applications: 3 January 2019

Contact: Christophe Petit christophe.f.petit (at) gmail.com

More information: https://atsv7.wcn.co.uk/search_engine/jobs.cgi?SID=amNvZGU9MTc2OTA5NiZ2dF90ZW1wbGF0ZT03Njcmb3duZXI9NTAzMjUyMSZvd25lcnR5c

A PhD position is available to work on isogeny-based cryptography.

The ideal candidate will have a master in Mathematics, Computer Science or Electrical Engineering. Previous knowledge in cryptography and/or number theory is a plus.

Informal inquiries welcome.

Closing date for applications: 14 January 2019

Contact: Christophe Petit christophe.f.petit (at) gmail.com

More information: https://www.birmingham.ac.uk/postgraduate/courses/findaphd.aspx

The program for Real World Crypto 2019 is now published at https://rwc.iacr.org/2019/program.html.

RWC 2019 will be held January 9-11 in San Jose, California, USA.

We prove beyond-birthday-bound security for the well-known types of generalized Feistel networks, including: (1) unbalanced Feistel networks, where the $n$-bit to $m$-bit round functions may have $n\ne m$; (2) alternating Feistel networks, where the round functions alternate between contracting and expanding; (3) type-1, type-2, and type-3 Feistel networks, where $n$-bit to $n$-bit round functions are used to encipher $kn$-bit strings for some $k\ge2$; and (4) numeric variants of any of the above, where one enciphers numbers in some given range rather than strings of some given size. Using a unified analytic framework we show that, in any of these settings, for any $\varepsilon>0$, with enough rounds, the subject scheme can tolerate CCA attacks of up to $q\sim N^{1-\varepsilon}$ adversarial queries, where $N$ is the size of the round functions' domain (the size of the larger domain for alternating Feistel). This is asymptotically optimal. Prior analyses for generalized Feistel networks established security to only $q\sim N^{0.5}$ adversarial queries.

In this paper we are proposing a new member in the SNOW family of stream ciphers, called SNOW-V. The motivation is to meet an industry demand of very high speed encryption in a virtualized environment, something that can be expected to be relevant in a future 5G mobile communication system. We are revising the SNOW 3G architecture to be competitive in such a pure software environment, making use of both existing acceleration instructions for the AES encryption round function as well as the ability of modern CPUs to handle large vectors of integers (e.g. the Advanced Vector Extensions AVX from Intel). We have kept the general design from SNOW 3G, in terms of linear feedback shift register (LFSR) and Finite State Machine (FSM), but both entities are updated to better align with vectorized implementations. The LFSR part is new and operates 8 times the speed of the FSM. We have furthermore increased the total state size by using 128-bit registers in the FSM, we use the full AES encryption round function in the FSM update, and, finally, the initialization phase includes a masking with key bits at its end. The result is an algorithm generally much faster than AES-256 and with expected security not worse than AES-256.