IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
22 August 2020
Alessandro Budroni, Benjamin Chetioui, Ermes Franch
ePrint ReportJason LeGrow, Aaron Hutchinson
ePrint Report20 August 2020
Sydney, Australia, 3 May - 6 May 2021
Event CalendarSubmission deadline: 4 December 2020
Notification: 19 February 2021
19 August 2020
Jamshedpur, India, 5 November - 6 November 2020
Event CalendarSubmission deadline: 10 September 2020
Notification: 26 October 2020
Virtual, Virtual, 3 September - 4 September 2020
Event CalendarDFINITY Foundation
Job PostingDFINITY is looking for a full-time Cryptography Researcher, specialized in practical and provably secure cryptographic protocols for blockchains. The main task will be to design, develop, and prove secure, efficient cryptographic protocols for a distributed system and you will contribute in creating a high-performance blockchain computer. We offer a flexible work environment and an opportunity to collaborate with a dynamic and talented team of researchers and developers from around the world.
Requirements:Closing date for applications:
Contact: Jan Camenisch - please submit via https://dfinity.org/careers/
More information: https://dfinity.org/careers/
Fabio Campos, Matthias J. Kannwischer, Michael Meyer, Hiroshi Onuki, Marc Stöttinger
ePrint ReportNick Frymann, Daniel Gardham, Franziskus Kiefer, Emil Lundberg, Mark Manulis, Dain Nilsson
ePrint ReportWe examine Yubico's recent proposal for recovering from the loss of a WebAuthn authenticator by using a secondary backup authenticator. We analyse the cryptographic core of their proposal by modelling a new primitive, called Asynchronous Remote Key Generation (ARKG), which allows some primary authenticator to generate unlinkable public keys for which the backup authenticator may later recover corresponding private keys. Both processes occur asynchronously without the need for authenticators to export or share secrets, adhering to WebAuthn's attestation requirements. We prove that Yubico's proposal achieves our ARKG security properties under the discrete logarithm and PRF-ODH assumptions in the random oracle model. To prove that recovered private keys can be used securely by other cryptographic schemes, such as digital signatures or encryption schemes, we model compositional security of ARKG using composable games by Brzuska et al. (ACM CCS 2011), extended to the case of arbitrary public-key protocols.
As well as being more general, our results show that private keys generated by ARKG may be used securely to produce unforgeable signatures for challenge-response protocols, as used in WebAuthn. We conclude our analysis by discussing concrete instantiations behind Yubico's ARKG protocol, its integration with the WebAuthn standard, performance, and usability aspects.
Aayush Jain, Huijia Lin, Amit Sahai
ePrint Report- The SXDH assumption on asymmetric bilinear groups of a prime order $p = O(2^\lambda)$,
- The LWE assumption over $\mathbb{Z}_{p}$ with subexponential modulus-to-noise ratio $2^{k^\epsilon}$, where $k$ is the dimension of the LWE secret,
- The LPN assumption over $\mathbb{Z}_p$ with polynomially many LPN samples and error rate $1/\ell^\delta$, where $\ell$ is the dimension of the LPN secret,
- The existence of a Boolean PRG in $\mathsf{NC}^0$ with stretch $n^{1+\tau}$,
Then, (subexponentially secure) indistinguishability obfuscation for all polynomial-size circuits exists.
18 August 2020
Deevashwer Rathee, Mayank Rathee, Nishant Kumar, Nishanth Chandran, Divya Gupta, Aseem Rastogi, Rahul Sharma
ePrint ReportXunhua Wang, Ben Huson
ePrint ReportDue to the distributed nature of DiSE, a DiSE server that has been compromised by an adversary may return wrong partial results to the initiator. Worse, multiple DiSE servers compromised by the same adversary may collude to send back wrong partial results. In this article we developed a robust DiSE that allows an honest initiator to detect wrong partial results by an adversary. The robustness of our DiSE is built through redundant computation. Our robust DiSE can detect wrong partial results by an adversary who has compromised up to min(t-1, n-t) servers. Next, the honest-initiator assumption is removed by rotating the initiator role among active servers across multiple DiSE transactions. A scalable, industry-level implementation for the robust DiSE has been developed and two cases, (t=3, n=5) and (t=16, n=24), have been tested to show the feasibility of robust DiSE. Our robust DiSE can be used to build intrusion-tolerant applications, such as intrusion-tolerant database encryption.
Ioana Boureanu, Constantin Catalin Dragan, François Dupressoir, David Gerault, Pascal Lafourcade
ePrint ReportHai-Van Dang, Amjad Ullah, Alexandros Bakas, Antonis Michalas
ePrint ReportMaxim Jourenko, Mario Larangeira, Keisuke Tanaka
ePrint ReportBrett Hemenway Falk, Daniel Noble, Rafail Ostrovsky
ePrint ReportThe first Oblivious RAM protocols introduced the ``hierarchical solution,'' (STOC '90) where the servers store a series of hash tables of geometrically increasing capacities. Each ORAM query would read a small number of locations from each level of the hierarchy, and each level of the hierarchy would be reshuffled and rebuilt at geometrically increasing intervals to ensure that no single query was ever repeated twice at the same level. This yielded an ORAM protocol with polylogarithmic (amortized) overhead.
Future works extended and improved the hierarchical solution, replacing traditional hashing with cuckoo hashing (ICALP '11) and cuckoo hashing with a combined stash (Goodrich et al. SODA '12). In this work, we identify a subtle flaw in the protocol of Goodrich et al. (SODA '12) that uses cuckoo hashing with a stash in the hierarchical ORAM solution.
We give a concrete distinguishing attack against this type of hierarchical ORAM that uses cuckoo hashing with a \emph{combined} stash. This security flaw has propagated to at least 5 subsequent hierarchical ORAM protocols, including the recent optimal ORAM scheme, OptORAMa (Eurocrypt '20).
In addition to our attack, we identify a simple fix that does not increase the asymptotic complexity.
We note, however, that our attack only affects more recent \emph{hierarchical ORAMs}, but does not affect the early protocols that predate the use of cuckoo hashing, or other types of ORAM solutions (e.g. Path ORAM or Circuit ORAM).
Ueli Maurer, Christopher Portmann, Jiamin Zhu
ePrint ReportHilder Vitor Lima Pereira
ePrint ReportNaomi Ephraim, Cody Freitag, Ilan Komargodski, Rafael Pass
ePrint ReportOur main contribution is a generic construction of SPARKs from any succinct argument of knowledge where the provers parallel running time is T * polylog(T * p) when using p processors, assuming collision-resistant hash functions. When suitably instantiating our construction, we achieve a four-round SPARK for any parallel RAM computation assuming only collision resistance. Additionally assuming the existence of a succinct non-interactive argument of knowledge (SNARK), we construct a non-interactive SPARK that also preserves the space complexity of the underlying computation up to polylog(T * p) factors.
We also show the following applications of non-interactive SPARKs. First, they immediately imply delegation protocols with near optimal prover (parallel) running time. This, in turn, gives a way to construct verifiable delay functions (VDFs) from any sequential function. When the sequential function is also memory-hard, this yields the first construction of a memory-hard VDF.