IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
10 May 2019
Gaëtan Leurent, Thomas Peyrin
ePrint ReportIn this article, we propose new techniques to turn collision attacks into chosen-prefix collision attacks. Our strategy is composed of two phases: first, a birthday search that aims at taking the random chaining variable difference (due to the chosen-prefix model) to a set of pre-defined target differences. Then, using a multi-block approach, carefully analysing the clustering effect, we map this new chaining variable difference to a colliding pair of states using techniques developed for collision attacks.
We apply those techniques to MD5 and SHA1, and obtain improved attacks. In particular, we have a chosen-prefix collision attack against SHA1 with complexity between $2^{66.9}$ and $2^{69.4}$ (depending on assumptions about the cost of finding near-collision blocks), while the best-known attack has complexity $2^{77.1}$. This is within a small factor of the complexity of the classical collision attack on SHA1 (estimated as $2^{64.7}$). This represents yet another warning that industries and users have to move away from using SHA1 as soon as possible.
Lorenzo Grassi, Daniel Kales, Dmitry Khovratovich, Arnab Roy, Christian Rechberger, Markus Schofnegger
ePrint ReportIn this paper we present a modular framework and concrete instances of cryptographic hash functions which either work natively with GF(p) objects or on binary strings. Compared to competitors, our hash function Poseidon uses up to 8x fewer constraints per message bit compared to Pedersen Hash, whereas our STARK-friendly hash Starkad takes wins the factor of 4 over the hash function Friday by using a much smaller field.
Mustafa Khairallah
ePrint ReportPeifang Ni, Hongda Li, Xianning Meng, Dongxue Pan
ePrint ReportIn "UniqueChain", we propose a new form of two-chain structure that consists of two tightly linked chains named leader chain and transaction chain with two types of corresponding blocks named leader block and transaction block. To achieve the above guarantees, we formalize a secure bootstrapping mechanism for new parties in open setting and realize uniqueness of transaction chains held by honest parties. We prove that "UniqueChain" satisfies security properties as chain growth, chain quality, common prefix and soundness, and two additional properties as uniqueness and high efficiency.
João Otávio Massari Chervinski, Diego Kreutz, Jiangshan Yu
ePrint Report08 May 2019
Ryan Karl, Timothy Burchfield, Jonathan Takeshita, Taeho Jung
ePrint ReportLydia Garms, Elizabeth A. Quaglia
ePrint ReportSean Murphy, Rachel Player
ePrint ReportFrancesco Berti, Olivier Pereira, François-Xavier Standaert
ePrint ReportCONCRETE improves on a recent line of works aiming at leveled implementations, which mix a strongly protected and energy demanding implementation of a single component, and other weakly protected and much cheaper components. Here, these components all implement a tweakable block cipher TBC.
CONCRETE requires the use of the strongly protected TBC only once while supporting the leakage of the full state of the weakly protected components -- it achieves CIML2 security in the so-called unbounded leakage model.
All previous works need to use the strongly protected implementation at least twice. As a result, for short messages whose encryption and decryption energy costs are dominated by the strongly protected component, we halve the cost of a leakage-resilient implementation. CONCRETE additionally provides security when unverified plaintexts are released, and confidentiality in the presence of simulatable leakages in encryption and decryption.
Chenglu Jin, Zheng Yang, Sridhar Adepu, Jianying Zhou
ePrint ReportA remarkable security feature of HMAKE is bounded historical tag leakage resilience, which means that (informally speaking) if a small portion of the secret tags is leaked to an adversary, it will not affect the security of one HMAKE protocol with an overwhelming probability. Our first HMAKE protocol can provide static bounded leakage resilience, meaning that the secret tags are leaked at the beginning of the security game. To enhance its security, our second HMAKE protocol makes use of our first protocol as a compiler to transform any passively secure two-message key exchange protocol to an actively secure HMAKE protocol with perfect forward secrecy, and therefore it can be secure even if the historical tags are compromised adaptively by an attacker.
In addition to the strong security properties we achieved, our protocols can potentially have great impacts in practice: they are efficient in computation, and they are compatible with legacy devices in cyber-physical systems.
Marshall Ball, Dana Dachman-Soled, Mukul Kulkarni, Tal Malkin
ePrint ReportWe show that non-malleable codes are impossible to construct for three different tampering classes: 1. Functions that change $d/2$ symbols, where $d$ is the distance of the code; 2. Functions where each input symbol affects only a single output symbol; 3. Functions where each of the $n$ output symbols is a function of $n-\log n$ input symbols.
We additionally rule out constructions of non-malleable codes for certain classes $\mathcal{F}$ via reductions to the assumption that a distributional problem is hard for $\mathcal{F}$, that make black-box use of the tampering functions in the proof. In particular, this yields concrete obstacles for the construction of efficient codes for $\mathsf{NC}$, even assuming average-case variants of $P\not\subseteq\mathsf{NC}$.
Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai, Lisa Kohl, Peter Scholl
ePrint ReportHaibo Zhou, Zheng Li, Xiaoyang Dong, Willi Meier
ePrint ReportSanjit Chatterjee, Shravan Kumar Parshuram Puria, Akash Shah
ePrint ReportMuhammed F. Esgin, Ron Steinfeld, Joseph K. Liu, Dongxi Liu
ePrint ReportMoreover, we introduce two speedup techniques for lattice-based ZKPs: a CRT-packing technique supporting ``inter-slot'' operations, and ``NTT-friendly'' tools that permit the use of fully-splitting rings. The former technique comes at almost no cost to the proof length, and the latter one barely increases it, which can be compensated for by tweaking the rejection sampling parameters while still having faster computation overall.
To illustrate the utility of our techniques, we show how to use them to build efficient relaxed proofs for important relations, namely proof of commitment to bits, one-out-of-many proof, range proof and set membership proof. Despite their relaxed nature, we further show how our proof systems can be used as building blocks for advanced cryptographic tools such as ring signatures.
Our ring signature achieves a dramatic improvement in length over all the existing proposals from lattices at the same security level. The computational evaluation also shows that our construction is highly likely to outperform all the relevant works in running times. Being efficient in both aspects, our ring signature is particularly suitable for both small-scale and large-scale applications such as cryptocurrencies and e-voting systems. No trusted setup is required for any of our proposals.
Gildas Avoine, Sébastien Canard, Loïc Ferreira
ePrint ReportSergiu Bursuc, Steve Kremer
ePrint ReportOur focus is on a particular level of abstraction, where network messages are represented by a term algebra, protocol execution by state transition systems (e.g. multiset rewrite rules) and where the properties of interest can be analyzed with automated verification tools. We propose models for: (1) the rules guiding the ledger execution, taking the coin functionality of public ledgers such as Bitcoin as an example; (2) the security properties expected from ledger-based zero-knowledge contingent payment protocols; (3) two different security protocols that aim at achieving these properties relying on different ledger infrastructures; (4) reductions that allow simpler term algebras for homomorphic cryptographic schemes.
Altogether, these models allow us to derive a first automated verification for ledger-based zero-knowledge contingent payment using the Tamarin prover. Furthermore, our models help in clarifying certain underlying assumptions, security and efficiency tradeoffs that should be taken into account when deploying protocols on the blockchain.
06 May 2019
University of Twente, Netherlands
Job PostingIn the Security & Privacy domain, we are particularly looking for someone in the areas of \"Big Data and Security\" (which considers both \"Big Data for Security\" and \"Security for Big Data\") and \"Security and the Internet of Things\" (broadly conceived).
For more information, please check the link provided below.
Closing date for applications: 25 May 2019
More information: https://www.utwente.nl/en/organization/careers/!/121825/assistantassociatefull-professors-in-computer-science
Lund University, Sweden - Nanyang Technological University (NTU), Singapore
Job PostingSalaries are competitive and are determined according to the successful applicants accomplishments, experience and qualifications. Interested applicants should send their detailed CVs, cover letter and references to Prof. Thomas Johansson (thomas.johansson (at) eit.lth.se) and Prof. Thomas Peyrin (thomas.peyrin (at) ntu.edu.sg).
Review of applications starts immediately and will continue until positions are filled.
Closing date for applications: 15 October 2019
Contact: thomas.johansson (at) eit.lth.se and thomas.peyrin (at) ntu.edu.sg
Nanyang Technological University (NTU), Singapore
Job Posting1. Differential privacy with applications to deep learning, federated learning, or machine learning in general,
2. Local differential privacy,
3. Adversarial machine learning and security in AI systems,
4. Blockchains,
5. Other areas in AI security/privacy or IoT security/privacy.
Interested candidates can contact Jun Zhao via email at JunZhao (at) ntu.edu.sg?JunZhao (at) alumni.cmu.edu?via WeChat by scanning the QR code at http://www.ntu.edu.sg/home/JunZhao/wechat.png
via Skype at live:junzhaocmu, or by calling Singapore phone number +65 8648 3534 (the first two numbers 65 represent the area code of Singapore). Thanks.
Jun Zhao’s homepage: http://ntu.edu.sg/home/JunZhao/
Biography: Jun Zhao received a PhD degree in Electrical and Computer Engineering from Carnegie Mellon University (CMU) in the USA (advisors: Virgil Gligor, Osman Yagan), affiliating with CMU CyLab Security & Privacy Institute. He is currently an Assistant Professor at Nanyang Technological University (NTU) in Singapore. His research interests include blockchains, security, and privacy with applications to deep learning, the Internet of Things, and social networks.
Closing date for applications: 1 November 2019
Contact: Interested candidates can contact Jun Zhao via email at JunZhao (at) ntu.edu.sg?JunZhao (at) alumni.cmu.edu?via WeChat by scanning the QR code at http://www.ntu.edu.sg/home/JunZhao/wechat.png
via Skype at live:junzhaocmu, or by calling Singapore phone number +65 8648 3534 (the first two numbers 65 represent the area code of Singapore). Thanks.
More information: http://www.ntu.edu.sg/home/JunZhao/HirePostdoc.htm