IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
11 August 2020
Carlos Cid, Akinori Hosoyamada, Yunwen Liu, Siang Meng Sim
ePrint ReportMartin Hirt, Ard Kastrati, Chen-Da Liu-Zhang
ePrint ReportJohannes Tobisch, Anita Aghaie, Georg T. Becker
ePrint ReportKaushik Nath, Palash Sarkar
ePrint ReportZi-Yuan Liu, Yi-Fan Tseng, Raylin Tso, Masahiro Mambo
ePrint ReportMark Zhandry
ePrint ReportIn this work, we show that this intuition is false by building a tracing scheme from pairings with $O(\sqrt[3]{N})$-sized parameters. We additionally give schemes with a variety of parameter size trade-offs, including a scheme with constant-size ciphertexts and public keys (but linear-sized secret keys). All of our schemes make black-box use of the pairings. We obtain our schemes by developing a number of new traitor tracing techniques, giving the first significant parameter improvements in pairings-based traitor tracing in over a decade.
Emanuele Bellini, Matteo Rossi
ePrint ReportChristophe Genevey-Metat, Benoît Gérard, Annelie Heuser
ePrint ReportThe typical situation in side-channel is that the attacker has access to an unlabelled dataset of measurements from the target device (obtained with the key he actually wants to recover) and, depending on the context, he may also take profit of a labelled dataset (say profiling data) obtained on the same device (with known or chosen key(s)). In this paper, we extend the attacker models and investigate the situation where an attacker additionally has access to a neural network that has been pre-trained on some other dataset not fully corresponding to the attack one. The attacker can then either directly use the pre-trained network to attack, or if profiling data is available, train a new network, or adapt a pre-trained one using transfer learning.
We made many experiments to compare the attack metrics obtained in both cases on various setups (different probe positions, channels, devices, size of datasets). Our results show that in many cases, a lack of training data can be counterbalanced by additional "imperfect" data coming from another setup.
Aayush Jain, Alexis Korb, Nathan Manohar, Amit Sahai
ePrint Report1) For any constant epsilon in (0,1), we can amplify any FE scheme for P/poly which is epsilon-secure against all polynomial sized adversaries to a fully secure FE scheme for P/poly, unconditionally. 2) For any constant epsilon in (0,1), we can amplify any FE scheme for P/poly which is epsilon-secure against subexponential sized adversaries to a fully subexponentially secure FE scheme for P/poly, unconditionally.
Furthermore, both of our amplification results preserve compactness of the underlying FE scheme. Previously, amplification results for FE were only known assuming subexponentially secure LWE.
Along the way, we introduce a new form of homomorphic secret sharing called set homomorphic secret sharing that may be of independent interest. Additionally, we introduce a new technique, which allows one to argue security amplification of nested primitives, and prove a general theorem that can be used to analyze the security amplification of parallel repetitions.
Nathan Manohar, Abhishek Jain, Amit Sahai
ePrint ReportWe show that garbled encryption can be used to build a self-processing private sensor data system where after a one-time trusted setup phase, sensors deployed in the field can periodically broadcast encrypted readings of private data that can be computed upon by anyone holding function keys to learn processed output, without any interaction. Such a system can be used to periodically check, e.g., whether a cluster of servers are in an "alarm" state.
We implement our garbled encryption scheme and find that it performs quite well, with function evaluations in the microseconds. The performance of our scheme was tested on a standard commodity laptop.
10 August 2020
FACULTY POSITIONS AT DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING, NATIONAL SUN YAT-SEN UNIVERSITY
Job PostingClosing date for applications:
Contact: Email: srkuang@cse.nsysu.edu.tw TEL:+886-7-5252000 ext. 4340 FAX:+886-7-5254301
More information: https://cse.nsysu.edu.tw/index.php?Lang=en
University of Cologne, Department of Mathematics and Computer Science, Cologne, Germany
Job PostingThe successful candidate has a proven track record of high-quality scientific publications in one of, but not limited to, the following areas:
- Cryptography and its protocols
- Quantum and post-quantum cryptography
- Software security
- Security of embedded systems
- Security of the Internet of Things and of cyber physical systems
- Security of autonomous systems and related technologies
Please apply with the usual documents (curriculum vitae, list of publications and teaching activities, copies of certificates of academic examinations and appointments) via the University of Cologne’s Academic Job Portal (https://professorships.uni-koeln.de) no later than September 22, 2020. Your application should be addressed to the Dean of the Faculty of Mathematics and Natural Sciences.
For further details please find complete job announcement in the Academic Job Portal of the University.
Closing date for applications:
Contact: Dean of the Faculty of Mathematics and Natural Sciences, Prof. Dr. Paul H. M. van Loosdrecht (email: mnf-berufungen@uni-koeln.de)
More information: https://professorships.uni-koeln.de
Real World Crypto
RWC 2021 will be held Jan 11-13 in Amsterdam.
University of St. Gallen, Switzerland
Job PostingResearch area: Research areas include but are not limited to:
- Verifiable computation
- Secure Multi Party Computation
- Privacy-preserving authentication
- Cryptographic primitives
- Differential privacy
- A Ph.D. degree in Computer Science, Applied Mathematics or a relevant field
- Competitive research record in cryptography or information security
- Strong mathematical and algorithmic CS background
- Good skills in programming is beneficial
- Excellent written and verbal communication skills in English
Starting date: Fall 2020 or by mutual agreement
Closing date for applications:
Contact: Prof. Katerina Mitrokotsa
More information: http://direktlink.prospective.ch/?view=7716a2ff-927c-4fb5-aa35-90e310e2f4f3
National Cheng Kung University, Taiwan
Job PostingClosing date for applications:
Contact: Prof. Tony Q.S. Quek (email: tonyquek@sutd.edu.sg)
04 August 2020
TalTech, Centre for HW Security; Tallinn, Estonia
Job PostingRequirements for postdoctoral research position: Having a PhD degree is mandatory for this position but candidates close to the completion of a PhD are also highly encouraged to apply. The ideal candidate should have a track record in the topic or in a closely related field, as well as in-depth knowledge of digital IC design tools (genus, innovus, design compiler, ICC, etc.)
General conditions: Funding for this position is project-based and is already in place. Candidates with adequate backgrounds will be invited to interview over Skype. This position has an immediate start date (but a future start date can be arranged given the current situation w/ coronavirus). Salary is commensurate with experience.
How to apply: Please submit your CV to Prof. Pagliarini by email (samuel.pagliarini@taltech.ee) using the subject ‘PQC postdoc position’.
Closing date for applications:
Contact: Samuel Pagliarini (samuel.pagliarini@taltech.ee)
More information: https://ati.ttu.ee/~spagliar/
Nathan Manohar, Peter Manohar, Rajit Manohar
ePrint ReportWe present HABIT, a contact tracing system using a wearable hardware device designed specifically with the goals of public health officials in mind. Unlike current approaches, we use a dedicated hardware device instead of a phone app for proximity detection. Our use of a hardware device allows us to substantially improve the accuracy of proximity detection, achieve strong security and privacy guarantees that cannot be compromised by remote attackers, and have a more usable system, while only making our system minimally harder to deploy compared to a phone app in centralized organizations such as hospitals, universities, and companies.
The efficacy of our system is currently being evaluated in a pilot study at Yale University in collaboration with the Yale School of Public Health.
Eli Ben-Sasson, Lior Goldberg, David Gurevich
ePrint ReportWith an Appendix by Jean-Charles Faugere and Ludovic Perret of CryptoNext Security.
Vijaya Ramachandran, Elaine Shi
ePrint ReportIn this paper, we initiate the study of parallel data oblivious algorithms on realistic multicores, best captured by the binary fork-join model of computation. We first show that data-oblivious sorting can be accomplished by a binary fork-join algorithm with optimal total work and optimal (cache-oblivious) cache complexity, and in O(log n log log n) span (i.e., parallel time) that matches the best-known insecure algorithm. Using our sorting algorithm as a core primitive, we show how to data-obliviously simulate general PRAM algorithms in the binary fork-join model with non-trivial efficiency. We also present results for several applications including list ranking, Euler tour, tree contraction, connected components, and minimum spanning forest. For a subset of these applications, our data-oblivious algorithms asymptotically outperform the best known insecure algorithms. For other applications, we show data oblivious algorithms whose performance bounds match the best known insecure algorithms.
Complementing these asymptotically efficient results, we present a practical variant of our sorting algorithm that is self-contained and potentially implementable. It has optimal caching cost, and it is only a log log n factor off from optimal work and about a log n factor off in terms of span; moreover, it achieves small constant factors in its bounds.
Johannes Mittmann, Werner Schindler
ePrint ReportWe formulate and analyse a two-dimensional Markov process, from which we deduce relevant stochastic properties of Barretts multiplication algorithm within modular exponentiation algorithms. This allows to transfer the timing attacks and local timing attacks (where a second side-channel attack exhibits the execution times of the particular modular squarings and multiplications) on Montgomerys multiplication algorithm to attacks on Barretts algorithm. However, there are also differences. Barretts multiplication algorithm requires additional attack substeps, and the attack efficiency is much more sensitive to variations of the parameters. We treat timing attacks on RSA with CRT, on RSA without CRT, and on Diffie-Hellman, as well as local timing attacks against these algorithms in the presence of basis blinding. Experiments confirm our theoretical results.