IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
18 July 2020
Lichao Wu, Leo Weissbart, Marina Krcek, Huimin Li, Guilherme Perin, Lejla Batina, Stjepan Picek
ePrint ReportIn this work, we investigate this problem of misleading conclusions from the entropy behavior, and we define two new concepts, simple and generalized guessing entropy. We demonstrate that the first one needs only a limited amount of attack traces but can lead to wrong interpretations about leakage detection. The second concept requires a large (sometimes unavailable) amount of attack traces, but it represents the optimal way of calculating guessing entropy. To quantify the profiled model's learnability, we first define a leakage distribution metric to estimate the underlying leakage model. This metric, together with the generalized guessing entropy results for all key candidates, can estimate the leakage learning or detection when a necessary amount of attack traces are available in the attack phase. By doing so, we provide a tight estimation of profiled side-channel analysis model learnability. We confirm our observations with a number of experimental results.
Halifax, Canada, 21 October - 23 October 2020
Event CalendarSubmission deadline: 11 August 2020
Notification: 17 September 2020
University of Luxembourg
Job PostingThe Applied Crypto Group of the University of Luxembourg has multiple post-doc positions, funded by the H2020 ERC programme.
Possible topics of interests are:- fully homomorphic encryption and multilinear maps
- public-key cryptanalysis
- side channel attacks and countermeasures
- white-box cryptography
- blockchain applications
Candidates must have a Ph.D. degree in cryptography or related field. The duration of the positions is 2.5 years. The post-docs will be members of the Security and Trust (SnT) research center from the University of Luxembourg (>200 researchers in all aspects of IT security). We offer a competitive salary (about 60,000 euro/year).
Deadline for application: September 15th, 2020.
Closing date for applications:
Contact: Jean-Sebastien Coron: jean-sebastien.coron@uni.lu
More information: http://www.crypto-uni.lu/vacancies.html
16 July 2020
Joppe W. Bos, Andreas Hülsing, Joost Renes, Christine van Vredendaal
ePrint ReportIn contrast to previous works, we provide a detailed security analysis of the resulting signature scheme under classical and quantum attacks that justifies our selection of parameters. On the way, we fill a gap in the security analysis of XMSS as described in RFC 8391 proving that the modified message hashing in the RFC does indeed mitigate multi-target attacks. This was not shown before and might be of independent interest.
Jan Richter-Brockmann, Tim Güneysu
ePrint ReportIn this work we investigate different strategies to efficiently implement the BIKE algorithm on FPGAs. To this extend, we improve already existing polynomial multipliers, propose efficient strategies to realize polynomial inversions, and implement the Black-Gray-Flip decoder for the first time. Additionally, our implementation is designed to be scalable and generic with the BIKE specific parameters. All together, the fastest designs achieve latencies of 2.69 ms for the key generation, 0.1 ms for the encapsulation, and 104.04 ms for the decapsulation considering the first security level.
Albert Spruyt, Alyssa Milburn, Lukasz Chmielewski
ePrint ReportTo demonstrate that our attacks are practical, we first show that SPA can be used to recover RSA private exponents using FI attacks. Subsequently, we show the generic nature of our attacks by performing DPA on AES after applying FI attacks to several different targets (with AVR, 32-bit ARM and RISC-V CPUs), using different software on each target, and do so with a low-cost (i.e., less than $50) power fault injection setup. We call this technique Fault Correlation Analysis (FCA), since we perform CPA on fault probability traces. To show that this technique is not limited to software, we also present FCA results against the hardware AES engine supported by one of our targets. Our results show that even without access to the ciphertext (e.g., where an FI redundancy countermeasure is in place, or where ciphertext is simply not exposed to an attacker in any circumstance) and in the presence of jitter, FCA attacks can successfully recover keys on each of these targets.
Joachim Zahnentferner
ePrint ReportGeorgios Tsimos, Julian Loss, Charalampos Papamanthou
ePrint ReportLucas Barthelemy
ePrint ReportSayandeep Saha, Arnab Bag, and Debdeep Mukhopadhyay
ePrint ReportGuilherme Perin, Lukasz Chmielewski, Lejla Batina, Stjepan Picek
ePrint ReportAein Rezaei Shahmirzadi, Amir Moradi
ePrint ReportJames Bartusek, Yuval Ishai, Aayush Jain, Fermi Ma, Amit Sahai, Mark Zhandry
ePrint ReportIn this work, we suggest ADPs as a new framework for building general-purpose obfuscation and witness encryption. We provide evidence to suggest that constructions following our ADP-based framework may one day yield secure, practically feasible obfuscation.
As a proof-of-concept, we give a candidate ADP-based construction of indistinguishability obfuscation (iO) for all circuits along with a simple witness encryption candidate. We provide cryptanalysis demonstrating that our schemes resist several potential attacks, and leave further cryptanalysis to future work. Lastly, we explore practically feasible applications of our witness encryption candidate, such as public-key encryption with near-optimal key generation.
Emanuele Strieder, Christoph Frisch, Michael Pehl
ePrint ReportMichele Ciampi, Nikos Karayannidis, Aggelos Kiayias, Dionysis Zindros
ePrint ReportKeita Emura, Atsushi Takayasu, Yohei Watanabe
ePrint ReportKlaus Kursawe
ePrint ReportLinru Zhang, Xiangning Wang, Yuechen Chen, Siu-Ming Yiu
ePrint ReportTechnically, we develop a new notion: Inner-product hash proof system (IP-HPS). IP-HPS is a variant of traditional hash proof systems. Its output of decapsulation is an inner-product value, instead of the encapsulated key. We propose an IP-HPS scheme under DDH-assumption. Then we show how to make an IP-HPS scheme to tolerate $l'$-bit leakage, and we can achieve arbitrary large $l'$ by only increasing the size of secret keys. Finally, we show how to build a leakage-resilient IPFE in the BRM with leakage bound $l=\frac{l'}{n}$ from our IP-HPS scheme.