IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
04 May 2020
Hamidreza Amini Khorasgani, Hemanta K. Maji, Mingyuan Wang
ePrint ReportHistorically, the study of coin-tossing protocols, with the introduction of even the mildest of variations in its setting, tends to yield surprising and exciting outcomes. We know several optimal or asymptotically optimal protocols like tribes, baton passing, and threshold protocols. Incidentally, there are several variants of coin-tossing where the majority protocol (or, more generally, the threshold protocols) turn out to be asymptotically optimal. In this work, we consider coin-tossing protocols in two security models and study the susceptibility of the optimal coin-tossing protocols in those settings to adversarial attacks.
In the first model, there are $n$ processors and processor $i$ broadcasts her uniformly and independently random message $x_i\in\{0,1\}$. The processors apply a function $f_n\colon\{0,1\}^n\to\{0,1\}$ to the broadcast messages and agree on their common output $f_n(x_1,\dotsc,x_n)$. After all the processors broadcast their messages, the adversary may corrupt at most $t$ processors and change their messages arbitrarily. The optimal protocol minimizes the change in the expected output that this adversary causes. We reduce this problem to an isoperimetric inequality over the boolean hypercube and demonstrate that the threshold protocols are the optimal protocols.
In the second model, at time $i$, processor $i$ broadcasts her message $x_i$, and her message distribution possibly depends on the previously broadcast messages. We consider an adversary who can take control of one processor and change her message arbitrarily. In this case, we prove that the threshold protocols are asymptotically optimal.
Muhammed F. Esgin, Ngoc Khanh Nguyen, Gregor Seiler
ePrint ReportAt the core lies a technique that utilizes the module-homomorphic BDLOP commitment scheme (SCN 2018) over the fully splitting cyclotomic ring $\mathbb{Z}_q[X]/(X^d + 1)$ to prove scalar products with the NTT vector of a secret polynomial.
Thomas Attema, Vadim Lyubashevsky, Gregor Seiler
ePrint ReportMordechai Guri
ePrint ReportIn this paper, we introduce a technique that enable attackers leak data acoustically from air-gapped and audio-gapped systems.
Our developed malware can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary speaker with limited capabilities. The malicious code manipulates the internal \textit{switching frequency} of the power supply and hence controls the sound waveforms generated from its capacitors and transformers. Our technique enables producing audio tones in a frequency band of 0-24khz and playing audio streams (e.g., WAV) from a computer power supply without the need for audio hardware or speakers. Binary data (files, keylogging, encryption keys, etc.) can be modulated over the acoustic signals and sent to a nearby receiver (e.g., smartphone). We show that our technique works with various types of systems: PC workstations and servers, as well as embedded systems and IoT devices that have no audio hardware at all. We provide technical background and discuss implementation details such as signal generation and data modulation. We show that the POWER-SUPPLaY code can operate from an ordinary user-mode process and doesn't need any hardware access or special privileges. Our evaluation shows that using POWER-SUPPLaY, sensitive data can be exfiltrated from air-gapped and audio-gapped systems from a distance of five meters away at a maximal bit rates of 50 bit/sec.
Thomas Espitau, Antoine Joux, Natalia Kharchenko
ePrint ReportMichael Scott
ePrint ReportMyrto Arapinis, Nikolaos Lamprou, Lenka Marekova, Thomas Zacharias
ePrint ReportChandratop Chakraborty, Pranab Chakraborty, Subhamoy Maitra
ePrint ReportIurii Shyshatsky, Vinod Manoharan, Taras Emelyanenko, Lucas Leger
ePrint ReportNir Drucker, Shay Gueron, Dusan Kostic, Edoardo Persichetti
ePrint ReportIn this paper, we handle the necessary aspects in the definitions of the KEM to ensure the security claim is correct. In particular, we close the gap in the proof by defining the notion of a message-agnostic PKE for which decryption failures are independent of the encrypted message. We show that all the PKE underlying the BIKE versions are message-agnostic. This implies that BIKE with a decoder that has a sufficiently low DFR is also an IND-CCA KEM.
Avijit Dutta, Mridul Nandi
ePrint ReportYuan Yao, Michael Tunstall, Elke De Mulder, Anton Kochepasov, Patrick Schaumont
ePrint ReportVictoria Vysotskaya
ePrint ReportSonia Belaïd, Pierre-Evariste Dagand, Darius Mercadier, Matthieu Rivain, Raphaël Wintersdorff
ePrint Report02 May 2020
Eurocrypt
Due to the current novel coronavirus outbreak, EUROCRYPT 2020 has been converted into an all-digital event, which will be taking place online during 11-15 May 2020.
Registration. The registration site (https://eurocrypt.iacr.org/2020/registration.php) for EUROCRYPT 2020 virtual attendance is now open. There will be no cost for virtual attendance itself but you have to register. If you have not already paid your IACR membership fee (USD 50 for regular members or USD 25 for student members) by attending a previous IACR event in 2020, you will need to pay that fee as part of registering for EUROCRYPT 2020.
Program. The program for EUROCRYPT 2020 is already available online (https://eurocrypt.iacr.org/2020/program.php). Sessions will be conducted as panel discussions in which authors give a very brief overview (5 minutes) of their papers, and then take live questions from the panel moderators and audience. There will also be links to papers and videos of longer talks by authors on their papers.
More details about virtual participation can be found here: https://eurocrypt.iacr.org/2020/participation.php
Dubai, UAE, UAE, 20 June - 21 June 2020
Event CalendarSubmission deadline: 28 May 2020
Douthit Hills, USA, 5 May 2020
Event Calendar30 April 2020
Status
Job PostingClosing date for applications:
Contact: Ceri Power CA29 FB53 97E3 0232 106A 2DE6 9F07 1B10 A0D1 12EB
More information: https://grnh.se/c967211f1us
Security & Privacy Group ( Academic Centre of Excellence in Cyber Security) University of Birmingham
Job PostingOne funded PhD position (International/EU/UK) in hardware security with attractive travel grant for attending conferences.
Closing date: 8th May
We expect the PhD candidate to have a strong background in programming, digital circuit design, hardware/software implementation of algorithms, etc.
For more information on 'Why PhD with us?' see my website. https://www.cs.bham.ac.uk/~sinharos/
The PhD will be working with Dr. Sujoy Sinha Roy and will be based at the Security and Privacy group of the University of Birmingham's School of Computer Science. The National Cyber Security Centre (NCSC) and the Engineering and Physical Sciences Research Council (EPSRC) jointly recognise the research group as an Academic Centre of Excellence in Cyber Security Research (ACE-CSR).
If you are interested in the PhD position, please contact Dr. Sujoy Sinha Roy with a CV. For more information, please visit https://www.cs.bham.ac.uk/~sinharos/
Closing date for applications:
Contact: Dr. Sujoy Sinha Roy
Aalborg University (Copenhagen, Denmark)
Job PostingClosing date for applications:
Contact: Emmanouil Vasilomanolakis
More information: https://www.stillinger.aau.dk/vis-stilling/?vacancy=1098638