IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
09 January 2020
Dan Boneh, Saba Eskandarian, Lucjan Hanzlik, Nicola Greco
ePrint ReportThis paper formally defines SSLE schemes and presents three constructions that provide varying security and performance properties. First, as an existence argument, we show how to realize an ideal SSLE using indistinguishability obfuscation. Next, we show how to build SSLE from low-depth threshold fully homomorphic encryption (TFHE) via a construction which can be instantiated with a circuit of multiplicative depth as low as 10, for realistically-sized secret leader elections. Finally, we show a practical scheme relying on DDH that achieves a slightly relaxed notion of security but which boasts extremely lightweight computational requirements.
Ethan Heilman, Sebastien Lipmann, Sharon Goldberg
ePrint ReportRiccardo Longo, Alessio Meneghetti, Massimiliano Sala
ePrint ReportZagreb, Croatia, 24 June - 26 June 2020
Event CalendarSubmission deadline: 10 April 2020
Notification: 30 April 2020
Daejeon, South Korea, 6 December - 10 December 2020
AsiacryptDaejeon, South Korea, 6 December - 10 December 2020
Asiacrypt08 January 2020
Stealth Software Technologies, Inc. Los Angeles CA and Boulder CO
Job PostingRequired Qualifications:
- Ph.D. in computer science, mathematics or a related field
- Active track record of relevant publications
- Proficiency in programming, especially C, C++ or Java
United States, US Citizen strongly preferred
Benefits:
- Salary commensurate with experience
- Flexible workspace (offices in West L.A. and Boulder, remote commuting available)
- Paid Vacation and Holidays
- Retirement plan (401K)
- Health, Dental, and Vision insurance reimbursement coverage
- Equity in the form of Stock Options
- Opportunity for growth and advancement
- Collaboration with world-class cryptographers with publication opportunities
To Apply:
Send a cover letter, Curriculum Vitae with at least two references to careers@stealthsoftwareinc.com
As part of a successful hiring process, the applicant agrees to submit to a background check.
Closing date for applications:
Contact:
Job Search Committee
careers@stealthsoftwareinc.com
More information: https://www.stealthsoftwareinc.com/
IT University of Copenhagen (ITU)
Job PostingThe Center for Information Security and Trust and the IT University of Copenhagen (ITU) is hiring one Postdoc and one PhD Student to work on cryptographic protocols for Multiparty Computation (MPC) and Blockchain Consensus/Applications. Both positions are fully funded by DFF (Danish funding agency) for a period of 3 years and start around April 2020. Successful candidates will be hired at ITU with standard wages according to union agreements in Denmark and access to public health/education.
Both the successful Postdoc and PhD student will work on projects related to theoretical aspects of MPC and blockchain protocols, as well as the interplay between these two fields. One line of work will focus on obtaining new theoretical insights and better constructions of MPC protocols with public verifiability, cheater identification and similar properties. Another line of work will focus on establishing foundations of protocols forauditable privacy preserving blockchain applications as well as employing MPC techniques to build such protocols.
The successful applicant to the PhD Student position should be motivated and enthusiastic about theoretical research in cryptography. The application should have a strong background in computer science or mathematics (with a focus on number theory, algebra and probability theory). Previous research experience in security and cryptography (specially in cryptographic protocols) is not necessary but most welcome.
The successful applicant to the Postdoc position should hold (or be about to complete) a PhD degree in Computer Science (and related areas) with a focus on cryptographic protocols. Applicants should have an excellent academic track record with publications in relevant venues (e.g. IACR conferences). Previous experience in all aspects of Multiparty Computation protocols and theoretical aspects of blockchain protocols (both consensus and applications) is an advantage.
Closing date for applications:
Contact: Associate Professor Bernardo David
More information: https://candidate.hr-manager.net/ApplicationInit.aspx?cid=119&ProjectId=181117&DepartmentId=3439&MediaId=5
NUS-Singtel Cyber Security R & D Lab
Job PostingClosing date for applications:
Contact: Dr. Geong-Sen Poh (pohgs@comp.nus.edu.sg)
More information: https://www.nus-singtel.nus.edu.sg/
07 January 2020
Kenneth Koon-Ho Wong, Harry Bartlett, Leonie Simpson, Ed Dawson
ePrint ReportDaniel Cervantes-Vázquez, Eduardo Ochoa-Jiménez, Francisco Rodríguez-Henríquez
ePrint ReportShangqi Lai, Xingliang Yuan, Shi-Feng Sun, Joseph K. Liu, Ron Steinfeld, Amin Sakzad, Dongxi Liu
ePrint ReportSuhyeon Lee, Seungjoo Kim
ePrint ReportSarang Noether, Brandon Goodell
ePrint ReportDaniel Gardham, Mark Manulis, Constantin Cătălin Drăgan
ePrint ReportJan Camenisch, Manu Drijvers, Anja Lehmann, Gregory Neven, Patrick Towa
ePrint ReportHao Chen, Wei Dai, Miran Kim, Yongsoo Song
ePrint ReportSHA-1 is a Shambles - First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust
Gaëtan Leurent, Thomas Peyrin
ePrint ReportIn this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collisions attack against SHA-1: on an Nvidia GTX 970, identical-prefix collisions can now be computed with a complexity of $2^{61.2}$ rather than $2^{64.7}$, and chosen-prefix collisions with a complexity of $2^{63.4}$ rather than $2^{67.1}$. When renting cheap GPUs, this translates to a cost of 11k US\$ for a collision, and 45k US\$ for a chosen-prefix collision, within the means of academic researchers. Our actual attack required two months of computations using 900 Nvidia GTX 1060 GPUs (we paid 75k US\$ because GPU prices were higher, and we wasted some time preparing the attack).
Therefore, the same attacks that have been practical on MD5 since 2009 are now practical on SHA-1. In particular, chosen-prefix collisions can break signature schemes and handshake security in secure channel protocols (TLS, SSH). We strongly advise to remove SHA-1 from those type of applications as soon as possible. We exemplify our cryptanalysis by creating a pair of PGP/GnuPG keys with different identities, but colliding SHA-1 certificates. A SHA-1 certification of the first key can therefore be transferred to the second key, leading to a forgery. This proves that SHA-1 signatures now offers virtually no security in practice. The legacy branch of GnuPG still uses SHA-1 by default for identity certifications, but after notifying the authors, the modern branch now rejects SHA-1 signatures (the issue is tracked as CVE-2019-14855).
06 January 2020
Nir Bitansky, Idan Gerichter
ePrint Report* Hardness of $\mathsf{PLS}$ based on a falsifiable assumption on bilinear groups introduced by Kalai, Paneth, and Yang (STOC 2019), and the Exponential Time Hypothesis for randomized algorithms. Previous standard model constructions relied on non-falsifiable and non-standard assumptions.
* Hardness of $\mathsf{PLS}$ relative to random oracles. The construction is essentially different than previous constructions, and in particular is unconditionally secure. The construction also demonstrates the hardness of parallelizing local search.
The core observation behind the results is that the unique proofs property of incrementally-verifiable computations previously used to demonstrate hardness in $\mathsf{PLS}$ can be traded with a simple incremental completeness property.