IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
07 February 2019
Atlanta, USA, 25 August - 28 August 2019
Santiago, Chile, 2 October - 4 October 2019
Submission deadline: 4 May 2019
Notification: 22 June 2019
Aarhus, Denmark, 27 May - 29 May 2019
Geoffroy Couteau, Michael Reichle
In this work, we construct the first non-interactive keyed-verification anonymous credential (NIKVAC) system in the standard model, without pairings. Our scheme is efficient, attribute-based, supports multi-show unlinkability, and anonymity revocation. We achieve this by building upon a combination of algebraic \MAC with the recent designated-verifier non-interactive zero-knowledge (DVNIZK) proof of knowledge of (Couteau and Chaidos, Eurocrypt'18). Toward our goal of building NIKVAC, we revisit the security analysis of a MAC scheme introduced in (Chase et al., CCS'14), strengthening its guarantees, and we introduce the notion of oblivious non-interactive zero-knowledge proof system, where the prover can generate non-interactive proofs for statements that he cannot check by himself, having only a part of the corresponding witness, and where the proof can be checked efficiently given the missing part of the witness. We provide an efficient construction of an oblivious DVNIZK, building upon the specific properties of the DVNIZK proof system of (Couteau and Chaidos, Eurocrypt'18).
Hao Chen, Ilaria Chillotti, Yongsoo Song
All the prior works on MKHE were too inefficient to be used in practice. Our construction improved the performance in terms of both asymptotic and concrete complexity: the length of ciphertexts and the computational costs of a binary gate grow linearly and quadratically on the number of parties, respectively. Furthermore, our scheme is fully-dynamic so that no information about the involved parties needs to be known before the computation and the resulting ciphertext can be reused in further computation with newly joined parties.
To the best of our knowledge, this is the first work to implement an MKHE scheme. Our implementation takes about 0.15 (resp. 0.72) seconds to perform the gate bootstrapping when the number of involved parties is 2 (resp. 4).
Nir Bitansky, Iftach Haiter, Ilan Komargodski, Eylon Yogev
Assuming distributional collision resistant hash functions, we construct constant-round statistically hiding commitment scheme. Such commitments are not known based on one-way functions and are impossible to obtain from one-way functions in a black-box way. Our construction relies on the reduction from inaccessible entropy generators to statistically hiding commitments by Haitner et al. (STOC '09). In the converse direction, we show that two-message statistically hiding commitments imply distributional collision resistance, thereby establishing a loose equivalence between the two notions.
A corollary of the first result is that constant-round statistically hiding commitments are implied by average-case hardness in the class SZK (which is known to imply distributional collision resistance). This implication seems to be folklore, but to the best of our knowledge has not been proven explicitly. We provide yet another proof of this implication, which is arguably more direct than the one going through distributional collision resistance.
Rosario Gennaro, Steven Goldfeder
Ferucio Laurentiu Tiplea, Cristian Hristea
06 February 2019
Bjørn Greve, Øyvind Ytrehus, Håvard Raddum
Yin Li, Yu Zhang, Xingpo Ma, Chuanda Qi
05 February 2019
Suhri Kim, Kisoon Yoon, Young-Ho Park, Seokhie Hong
Ahmet Can Mert, Erdinc Ozturk, Erkay Savas
Navid Alamati, Hart Montgomery, Sikhar Patranabis, Arnab Roy
One-Way Function (OWF) Weak Unpredictable Function (wUF) Weak Pseudorandom Function (wPRF)
The algebraic structure that we consider is group homomorphism over the input/output spaces of these primitives. We also consider a bounded notion of homomorphism where the primitive only supports an a priori bounded number of homomorphic operations in order to capture lattice-based and other noisy assumptions. We show that these structured primitives can be used to construct many cryptographic protocols. In particular, we prove that:
(Bounded) Homomorphic OWFs (HOWFs) imply collision-resistant hash functions, Schnorr-style signatures, and chameleon hash functions. (Bounded) Input-Homomorphic weak UFs (IHwUFs) imply CPA-secure PKE, non-interactive key exchange, trapdoor functions, blind batch encryption (which implies anonymous IBE, KDM-secure and leakage-resilient PKE), CCA2 deterministic PKE, and hinting PRGs (which in turn imply transformation of CPA to CCA security for ABE/1-sided PE). (Bounded) Input-Homomorphic weak PRFs (IHwPRFs) imply PIR, lossy trapdoor functions, OT and MPC (in the plain model).
In addition, we show how to realize any CDH/DDH-based protocol with certain properties in a generic manner using IHwUFs/IHwPRFs, and how to instantiate such a protocol from many concrete assumptions. We also consider primitives with substantially richer structure, namely Ring IHwPRFs and L-composable IHwPRFs. In particular, we show the following:
Ring IHwPRFs with certain properties imply FHE. 2-composable IHwPRFs imply (black-box) IBE, and $L$-composable IHwPRFs imply non-interactive $(L + 1)$-party key exchange.
Our framework allows us to categorize many cryptographic protocols based on which structured Minicrypt primitive implies them. In addition, it potentially makes showing the existence of many cryptosystems from novel assumptions substantially easier in the future.
Shun Li, Siwei Sun, Chaoyun Li, Zihao Wei, Lei Hu
Hongbing Wang, Yunlei Zhao
In this work, we propose the first identity-based higncryption(IBHigncryption, for short). We present formal security model for IBHigncryption, under which security proof of the proposed scheme is conducted. The most impressive feature of IBHigncryption, besides other desirable properties it offers, is its simplicity and efficiency, which might be somewhat surprising in retrospect. Our IBHigncryption has a much simpler setup stage with smaller public parameters and particularly no need of computing master public key. It is essentially as efficient as (if not more than) the fundamental CCA-secure Boneh-Franklin identity-based encryption scheme, and has significant efficiency advantage over the IEEE 1363.3 standard of identity-based signcryption.
Antonio Faonio, Daniele Venturi
-) Continuous non-malleability: No computationally-bounded adversary tampering independently with all the shares can produce mauled shares that reconstruct to a value related to the original secret. This holds even in case the adversary can tamper *continuously*, for an *unbounded* polynomial number of times, with the same target secret sharing, where the next sequence of tampering functions, as well as the subset of shares used for reconstruction, can be chosen *adaptively* based on the outcome of previous reconstructions. -) Resilience to noisy leakage: Non-malleability holds even if the adversary can additionally leak information independently from all the shares. There is no bound on the length of leaked information, as long as the overall leakage does not decrease the min-entropy of each share by too much. -) Improved rate: The information rate of our final scheme, defined as the ratio between the size of the message and the maximal size of a share, asymptotically approaches 1 when the message length goes to infinity.
Previous constructions achieved information-theoretic security, sometimes even for arbitrary access structures, at the price of *at least one* of the following limitations: (i) Non-malleability only holds against one-time tampering attacks; (ii) Non-malleability holds against a bounded number of tampering attacks, but both the choice of the tampering functions and of the sets used for reconstruction is non-adaptive; (iii) Information rate asymptotically approaching zero; (iv) No security guarantee in the presence of leakage.
Naomi Farley, Robert Fitzpatrick, Duncan Jones
Threshold schemes offer a halfway house between traditional HSM-based key protection and native cloud-based usage. Threshold signature schemes allow a set of actors to share a common public key, generate fragments of the private key and to collaboratively sign messages, such that as long as a sufficient quorum of actors sign a message, the partial signatures can be combined into a valid signature.
However, threshold schemes, while being a mature idea, suffer from large protocol transcripts and complex communication-based requirements. This consequently makes it a more difficult task for a user to verify that a public key is, in fact, a genuine product of the protocol and that the protocol has been executed validly. In this work, we propose a solution to these auditability and verication problems, reporting on a prototype cloud-based implementation of a threshold RSA key generation and signing system tightly integrated with modern distributed ledger and consensus techniques.
Albany, USA, 4 June - 6 June 2019
Submission deadline: 15 February 2019
Notification: 15 March 2019
04 February 2019
Samuel Jaques, John M. Schanck
TU Wien, Security & Privacy Group
• systems security and privacy
• distributed systems
• malware and mobile app analysis
Research topics may cover (but are not limited to):
• detection and prevention of novel attacks against smartphones and users’ privacy
• large-scale static and dynamic analysis of mobile apps
For our previous research in this area see https://martina.lindorfer.in.
The employment is a full-time position (40 hrs/week) with an internationally competitive salary. The working language is English, knowledge of German is not required.
Interested candidates should provide:
• a motivation letter
• a transcript of records
• a curriculum vitae
• a publication list (if applicable)
• contact information for two referees
TU Wien offers an outstanding research environment and numerous professional development opportunities. The Faculty of Informatics is the largest of its kind in Austria and is consistently ranked among the best in Europe. The city of Vienna features a vibrant and excellence-driven research landscape. The candidate will have the opportunity to collaborate with several other leading research institutes (e.g., IST, AIT, SBA Research, ABC). Finally, Vienna has been consistently ranked by Mercer over the last years as the best city for quality of life worldwide.
Review of expressions of interest will start immediately and continue until the position is filled.
Closing date for applications: 31 March 2019
Contact: Martina Lindorfer (martina.lindorfer (at) tuwien.ac.at)
More information: https://secpriv.tuwien.ac.at/thesis_and_job_opportunities