International Association
for Cryptologic Research

Dear IACR member,

Recent developments related to the outbreak of the novel coronavirus (COVID-19) and the increasing number of travel restrictions that have been put in place have forced us to make the following decisions regarding the schedule of forthcoming IACR conferences:

• FSE 2020, which was supposed to be held in Athens, Greece, during 22-26 March 2020, has been postponed to 8-12 November 2020;
• PKC 2020, which was supposed to be held in Edinburgh, Scotland, during 4-7 May 2020, has been postponed; and
• EUROCRYPT 2020, which was supposed to be held in Zagreb, Croatia, during 10-14 May 2020, has been postponed.

We are currently considering several rescheduling options for EUROCRYPT 2020 and PKC 2020 and we will be informing the membership and attendees about these changes as soon as possible via the IACR news system and other appropriate communication channels.

The publication schedule of these conferences has not been altered and authors will have the option to record a presentation that would go online on the website of these conferences. Registered attendees have been offered either a full refund or the option to transfer the registration fee to the postponed version.

No changes have been made at this time to the schedule of CRYPTO 2020, CHES 2020, TCC 2020, and ASIACRYPT 2020, but we will continue to closely monitor the situation and will inform members if changes are needed.

The FSE steering committee and the general chairs of FSE 2020, have decided to reschedule FSE 2020 to November 8-12 2020, at the same venue.

News and updates will be posted on the conference website https://fse.iacr.org/2020/

For any questions please contact the General Chairs at fse2020@iacr.org

Many blockchain researches focus on the privacy protection. However, criminals can leverage strong privacy protection of the blockchain to do illegal crimes (such as ransomware) without being punished. These crimes have caused huge losses to society and users. Implementing identity tracing is an important step in dealing with issues arising from privacy protection. In this paper, we propose a blockchain traceable scheme with oversight function (BTSOF). The design of BTSOF builds on SkyEye (Tianjun Ma et al., Cryptology ePrint Archive 2020). In BTSOF, the regulator must obtain the consent of the committee to enable tracing. Moreover, we construct a non-interactive verifiable multi-secret sharing scheme (VMSS scheme) and leverage the VMSS scheme to design a distributed multi-key generation (DMKG) protocol for the Cramer-Shoup public key encryption scheme. The DMKG protocol is used in the design of BTSOF. We provide the security definition and security proof of the VMSS scheme and DMKG protocol.

Recent works in side-channel analysis have been fully relying on training classification models to recover sensitive information from traces. However, the knowledge of an attacker or an evaluator is not taken into account and poorly capturedby solely training a classifier on signals. This paper proposes to inject prior information in preprocessing and classification in order to increase the performance of side-channel attacks (SCA). First wepropose to use the Wavelet Scattering Transform, recently proposed by Mallat, for mapping traces into a time-frequency space which is stable under small translation and diffeomorphism. That way, we address the issues of desynchronization and deformation generally present in signals for SCA. The second part of our paper extends the canonical attacks over byteand Hamming weight by introducing a more general attack. Classifiers are trained on different labelings of the sensitive variable and combined by minimizing a cross-entropy criterion so as to find the best labeling strategy. With these two key ideas, we successfully increase the performance of Template Attacks on artificially desynchronized traces and signals from a jitter-protected implementation.

Spook is one of the 32 candidates that has made it to the second round of the NIST Lightweight Cryptography Standardization process, and is particularly interesting since it proposes differential side channel resistance. In this paper, we present practical distinguishers of the full 6-step version of the underlying permutations of Spook, namely Shadow-512 and Shadow-384, solving challenges proposed by the designers on the permutation. We also propose practical forgeries with 4-step Shadow for the S1P mode of operation in the nonce misuse scenario, which is allowed by the CIML2 security game considered by the authors. All the results presented in this paper have been implemented.

We present our integration of post-quantum cryptography (PQC), more specifically of the post-quantum KEM scheme Kyber for key establishment and the post-quantum signature scheme SPHINCS$^+$, into the embedded TLS library mbed TLS. We measure the performance of these post-quantum primitives on four different embedded platforms with three different ARM processors and an Xtensa LX6 processor. Furthermore, we compare the performance of our experimental PQC cipher suite to a classical TLS variant using elliptic curve cryptography (ECC). Post-quantum key establishment and signature schemes have been either integrated into TLS or ported to embedded devices before. However, to the best of our knowledge, we are the first to combine TLS, post-quantum schemes, and embedded systems and to measure and evaluate the performance of post-quantum TLS on embedded platforms. Our results show that post-quantum key establishment with Kyber performs well in TLS on embedded devices compared to ECC variants. The use of SPHINCS$^+$ signatures comes with certain challenges in terms of signature size and signing time, which mainly affects the use of embedded systems as PQC-TLS server but does not necessarily prevent embedded systems to act as PQC-TLS clients.

We characterize the ANF and the univariate representation of any vectorial function as parts of the ANF and bivariate representation of the Boolean function equal to its graph indicator. We show how this provides, when $F$ is bijective, the expression of $F^{-1}$ and/or allows deriving properties of $F^{-1}$. We illustrate this with examples and with a tight upper bound on the algebraic degree of $F^{-1}$ by means of that of $F$. We characterize by the Fourier-Hadamard transform, by the ANF, and by the bivariate representation, that a given Boolean function is the graph indicator of a vectorial function. We also give characterizations of those Boolean functions that are affine equivalent to graph indicators. We express the graph indicators of the sum, product, composition and concatenation of vectorial functions by means of the graph indicators of the functions. We deduce from these results a characterization of the bijectivity of a generic $(n,n)$-function by the fact that some Boolean function, which appears as a part of the ANF (resp. the bivariate representation) of its graph indicator, is equal to constant function 1. We also address the injectivity of $(n,m)$-functions. Finally, we study the characterization of the almost perfect nonlinearity of vectorial functions by means of their graph indicators.

Generic vulnerability assessment of cipher implementations against fault attacks (FA) is a research area which is still largely unexplored. The security assessment for FA becomes especially interesting in the presence of countermeasures, as countermeasure structures are not very well-formalized so far, and on several occasions, they fail to fulfil their sole purpose of preventing FAs. In this paper, we propose a general, simulation-based, statistical yes/no test to assess information leakage in the context of FAs. The fascinating feature of the proposed test is that it is oblivious to the structure of the countermeasure/cipher under test, and detects fault-induced leakage solely by observing the ciphertext distributions. Unlike a recently proposed approach, which utilizes t-test and its higher-order variants for detecting leakage at different moments of ciphertext distributions, in this work we present a Deep Learning (DL) based leakage assessment method. Our DL-based method is not specific to moment-based leakages only and thus, can expose leakages in several cases where t-test based technique either fails or demands a prohibitively large number of ciphertexts. Experimental evaluation over a representative set of countermeasures establishes that the DL-based method mostly outperforms the t-test based leakage assessment in terms of the number of ciphertexts required. Further, we present a novel analysis technique to interpret the leakages from the DL models, which is highly desirable for a sound vulnerability assessment. In another vertical of this work, we enhance the leakage assessment test methodology for recently proposed Statistical-Ineffective-Fault-Analysis (SIFA) and establish the efficacy by verifying different countermeasures including a publicly available hardware implementation of a SIFA countermeasure. In the third vertical, we enhance the test for verifying FA-assisted leakages from so-called “non-cryptographic” parts of an implementation. As concrete proof of this, we validate a well-accepted automotive security module called Secure Hardware Extension (SHE) for which the test figured out non-trivial vulnerabilities.

While the digital technology spreads through the society, reliable personal authentication is becoming an urgent issue. As shown in digital taxation (e-Tax) and blockchain, etc., high reliable link between the private key of a public key and the owner who has it in card or smartphone etc. is required. This paper proposes 3 layer public key cryptosystem in which Individual Number (a.k.a. "My Number") and STR (Short Tandem Repeat) as personal identification data installed. "Individual Number" is a national identification number issued by government, like social security number in USA. STR is a kind of DNA data which does not contain any subtle personal information such as inherited character and has very accurate personal identification. The proposed system satisfies requirements of integrity, soundness and zero knowledge characteristics which analog biometrics such as face authentications cannot provide.

We propose and evaluate a secure-multiparty-computation (MPC) solution, in the semi-honest model with dishonest majority, based on multiparty homomorphic encryption (MHE). To support this solution, we introduce a multiparty version of the Brakerski-Fan-Vercauteren lattice-based homomorphic cryptosystem, implement it in an open-source library, and evaluate its performance. We show that such MHE-based MPC solutions have several advantages over current approaches: Their public transcripts and non-interactive circuit-evaluation capabilities enable a broad variety of computing paradigms, ranging from the traditional peer-to-peer setting to cloud-outsourcing and smart-contract technologies. Exploiting these properties, the communication complexity of MPC tasks can be reduced from quadratic to linear in the number of parties, thus enabling secure computation among thousands of parties. Additionally, MHE-based approaches can outperform the state-of-the-art even for a small number of parties. We demonstrate this for three circuits: component-wise vector multiplication with application to private-set intersection, private input selection with application to private-information retrieval, and multiplication triples generation. For the first circuit evaluated among eight parties, our approach is 8.6 times faster and requires 39.3 times less communication than the state-of-the-art approach. The input selection circuit over eight thousand parties completed in 61.7 seconds and required 1.31 MB of communication per party.

Payment channel networks have been introduced to mitigate the scalability issues inherent to permissionless decentralized cryptocurrencies such as Bitcoin. Launched in 2018, the Lightning Network (LN) has been gaining popularity and consists today of more than 5000 nodes and 30000 payment channels that jointly hold 895 bitcoins (7.6M USD as of February 2020). This adoption has motivated research from both academia and industry.

Payment channels suffer from security vulnerabilities, such as the wormhole attack, anonymity issues, and scalability limitations related to the upper bound on the number of concurrent payments per channel, which have been pointed out by the scientific community but never quantitatively analyzed.

In this work, we first analyze the proneness of the LN to the wormhole attack and attacks against anonymity. We observe that an adversary needs to control only 2% of LN nodes to learn sensitive payment information (e.g., sender, receiver and payment amount) or to carry out the wormhole attack. Second, we study the management of concurrent payments in the LN and quantify its negative effect on scalability. We observe that for micropayments, the forwarding capability of up to 50% of channels is restricted to a value smaller than the overall channel capacity. This phenomenon not only hinders scalability but also opens the door for DoS attacks: We estimate that a network-wide DoS attack costs within 1.5M USD, while isolating the biggest community from the rest of the network costs only 225k USD.

Our findings should prompt the LN community to consider the security, privacy and scalability issues of the network studied in this work when educating users about path selection algorithms, as well as to adopt multi-hop payment protocols that provide stronger security, privacy and scalability guarantees.

We present a stochastic method for breaking general periodic polyalphabetic substitution ciphers using only the ciphertext and without using any additional constraints that might come from the cipher’s structure. The method employs a hill-climbing algorithm for individual key alphabets, with occasional slipping down the hill. We implement the method with a computer and achieve reliable results for a sufficiently long ciphertext (150 characters per key alphabet). Because no constraints among the key alphabets are used, this method applies to any periodic polyalphabetic substitution cipher.

We present a toy cipher that has two novel features: Two plaintexts are concealed by the same ciphertext in different schemes, and the enumeration of the permutations of ciphertext symbols (not the permutations of plaintext symbols, as used in transposition ciphers) forms the basis of one of the schemes. The other scheme uses mixed-radix numbers as substitutes for plaintext symbols. Both schemes use the same symbols, but with different interpretations, and this allows two plaintexts to be encrypted in the same ciphertext.

Event date: 20 November to 22 November 2020
Submission deadline: 21 June 2020
Notification: 31 July 2020

The School of Cyber Science and Engineering (formerly known as the School of Information Security Engineering) of Shanghai Jiao Tong University was founded in October 2000. It was the first school-level training base for high-level information security professionals in China and was jointly established by the Ministry of Education of China, the Ministry of Science and Technology of China, and the Shanghai Municipal People’s Government. The undergraduate and postgraduate students of the school mainly come from the top 100 key high schools and 985/double first-class universities in China. The school is ranked among the best cyberspace security nationwide every year. The school has a solid foundation and strength in the field of academic research and technological innovation on cyberspace security. The school is committed to building a world-class academic research center, cultivating the talents of the country and society. The school is in great demand of a number of world renowned professors, outstanding young researchers, full-time research fellows and post-doctors. The school now has about 20 positions available at the rank of tenure-track Assistant Professors, tenure-track Associate Professors, or tenured Full Professors in theory and practice of cyberspace security. Applicants should have (a) a doctoral degree in Computer Science, Electronic Engineering, Communication, Mathematics or Statistics; (b) an established track record in research and scholarship; (c) expertise in the cryptographic and security research areas; and (d) a demonstrated commitment to excellence in teaching. The school will provide highly competitive remuneration packages and assist applicants to apply for various national, provincial and ministerial level talent programs such as “1000 Youth Talents Program”, Shanghai “Oriental Scholar Program”,etc. We will also assist on employment of spouses, schooling for children and medical care.

Closing date for applications:

Contact: Chaoping Xing, emial: xingcp@sjtu.edu.cn Linjie Li, email: lilinjie@sjtu.edu.cn

More information: http://english.seiee.sjtu.edu.cn/english/info/14810.htm

This is an exciting opportunity to join the University of Birmingham’s Centre for Cyber Security and Privacy on an exciting EPSRC funded project ‘SIPP - Secure IoT Processor Platform with Remote Attestation’. The proposed project brings together the core partners of the NCSC/EPSRC-funded Research Institute in Secure Hardware and Embedded Systems (RISE), that is, Queen's University Belfast and the Universities of Cambridge, Bristol and Birmingham, with the leading academics in the field of hardware security and security architecture design from the National University of Singapore and Nanyang Technological University, to develop a novel secure IoT processor platform with remote attestation implemented on the RISC-V architecture. To download the full job description and details of this position and submit an electronic application online please click on the Apply Online button below or visit our careers website; https://bham.taleo.net/careersection/external/jobsearch.ftl?lang=en&portal=101430233, please quote Job Ref 95352 in all enquiries.

Closing date for applications:

Contact: For informal inquiries please contact Mark Ryan; ryanmd@adf.bham.uk

More information: https://bham.taleo.net/careersection/external/jobdetail.ftl?job=190005S3&tz=GMT%2B00%3A00&tzname=Europe%2FLondon

NuCypher is a cryptography company that builds privacy-preserving infrastructure and protocols. We are backed by Y Combinator and Polychain Capital.

A successful candidate will lead engineering for the new open-source cryptographic product from the ground up. They will work on problems at the forefront of cryptography and have a leadership role in design decisions of the system. As such, competency in algorithms and low-level design is a must. An interest in compilers and/or optimization would be nice to have.

Given the nature of an early stage product, a successful candidate should work in a fast and iterative style when it comes to prototyping. They will be be motivated by solving tough open-ended problems. Additionally, they should be highly comfortable working in a system programming language such as C or Rust (whether through work experience or side projects).

We offer extremely competitive compensation and a highly flexible working environment (remote-first, headquartered in San Francisco).

Closing date for applications:

Contact: Ravital Solomon

Event date: 14 September to 18 September 2020
Submission deadline: 10 April 2020
Notification: 15 June 2020

Event date: 11 June to 12 June 2020

Protocols for secure multiparty computation (MPC) enable a set of parties to interact and compute a joint function of their private inputs while revealing nothing but the output. The potential applications for MPC are huge: privacy-preserving auctions, private DNA comparisons, private machine learning, threshold cryptography, and more. Due to this, MPC has been an intensive topic of research in academia ever since it was introduced in the 1980s by Yao for the two-party case (FOCS 1986), and by Goldreich, Micali and Wigderson for the multiparty case (STOC 1987). Recently, MPC has become efficient enough to be used in practice, and has made the transition from an object of theoretical study to a technology being used in industry. In this article, we will review what MPC is, what problems it solves, and how it is being currently used.

We note that the examples and references brought in this review article are far from comprehensive, and due to the lack of space many highly relevant works are not cited.