IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
10 September 2020
Vancouver, Canada, 11 December 2020
Event CalendarSubmission deadline: 2 October 2020
Notification: 23 October 2020
NCC Group, North America
Job PostingClosing date for applications:
Contact: Danielle Owen
More information: https://nccgroup.wd3.myworkdayjobs.com/NCC_Group/job/USA-Remote---Eastern-Time/Senior-Cryptography-Researcher_R3223
AAU, Austria
Job PostingThe PhD post can be in any (fun) area of crypto; the candidate will be supervised by Elisabeth Oswald, and as co-supervisors A. Roy and E. Andreeva are potentially available.
The Post-Doc is related to ERC funding and therefore will work in the area of side channels; our areas of interest here are techniques for secure software development, and RISC-V.
Both posts are available immediately. The salary is around 32k per annum for the PhD student and 35k upwards (depending on prior experience) for the Post-Doc. Further information about the group is under www.cybersecurityresearch.at
Closing date for applications:
Contact: Elisabeth Oswald (firstname.lastname@aau.at)
More information: http://www.cybersecurityresearch.at
09 September 2020
Stefan Steinegger, Robert Primas
ePrint ReportIn this paper, we implement Ascon-p as an instruction extension for RISC-V that is tightly coupled to the processors register file and thus does not require any dedicated registers. This single instruction allows us to realize all cryptographic computations that typically occur on embedded devices with high performance. More concretely, with ISAP and Ascon's family of modes for AEAD and hashing, we can perform cryptographic computations with a performance of about 2 cycles/byte,or about 4 cycles/byte if protection against fault attacks and power analysis is desired.
As we show, our instruction extension requires only 4.7 kGE, or about half the area of dedicated Ascon co-processor designs, and is easy to integrate into low-end embedded devices like 32-bit ARM Cortex-M or RISC-V microprocessors. Finally, we analyze the provided implementation security of ISAP, when implemented using our instruction extension.
Bart Mennink
ePrint ReportOlivier Bernard, Adeline Roux-Langlois
ePrint ReportOur main contribution is to propose a new ``twisted'' version of the PHS (by Pellet-Mary, Hanrot and Stehlé 2019) algorithm, that we call Twisted-PHS. As a minor contribution, we also propose several improvements of the PHS algorithm. On the theoretical side, we prove that our Twisted-PHS algorithm performs at least as well as the original PHS algorithm. On the practical side though, we provide a full implementation of our algorithm which suggests that much better approximation factors are achieved, and that the given lattice bases are a lot more orthogonal than the ones used in PHS. This is the first time to our knowledge that this type of algorithm is completely implemented and tested for fields of degrees up to~$60$.
Rupeng Yang, Junzuo Lai, Zhengan Huang, Man Ho Au, Qiuliang Xu, Willy Susilo
ePrint ReportIn this work, we explore the possibility of achieving PKE schemes with receiver selective opening security in the multi-challenge setting. Our contributions are threefold. First, we demonstrate that PKE schemes with RSO security in the single-challenge setting are not necessarily RSO secure in the multi-challenge setting. Then, we show that it is impossible to achieve RSO security for PKE schemes if the number of challenge ciphertexts under each public key is a priori unbounded. In particular, we prove that no PKE scheme can be RSO secure in the k-challenge setting (i.e., the adversary can obtain k challenge ciphertexts for each public key) if its secret key contains less than k bits. On the positive side, we give a concrete construction of PKE scheme with RSO security in the k-challenge setting, where the ratio of the secret key length to k approaches the lower bound 1.
Rongmao Chen, Xinyi Huang, Moti Yung
ePrint ReportIn this work, we formulate a practical ASA on PKE encryption algorithm which, perhaps surprisingly, turns out to be much more efficient and robust than existing ones, showing that ASAs on PKE schemes are far more effective and dangerous than previously believed. We mainly target PKE of hybrid encryption which is the most prevalent way to employ PKE in the literature and in practice. The main strategy of our ASA is to subvert the underlying key encapsulation mechanism (KEM) so that the session key encapsulated could be efficiently extracted, which, in turn, breaks the data encapsulation mechanism (DEM) enabling us to learn the plaintext itself. Concretely, our non-black-box yet quite general attack enables recovering the plaintext from only two successive ciphertexts and minimally depends on a short state of previous internal randomness. A widely used class of KEMs is shown to be subvertible by our powerful attack.
Our attack relies on a novel identification and formalization of certain properties that yield practical ASAs on KEMs. More broadly, it points at and may shed some light on exploring structural weaknesses of other ``composed cryptographic primitives,'' which may make them susceptible to more dangerous ASAs with effectiveness that surpasses the known logarithmic upper bound (i.e., reviewing composition as an attack enabler).
Jodie Knapp, Elizabeth A. Quaglia
ePrint ReportMing-Xing Luo, Xiaojun Wang
ePrint ReportAvijit Dutta
ePrint Report\noindent is secure upto $2^{2n/3}$ adversarial queries. In this paper, we have shown that if we replace two independent permutations of \textsf{2-TEM} (Cogliati et al., CRYPTO 2015) with a single $n$-bit public permutation, then the resultant construction still guarrantees security upto $2^{2n/3}$ adversarial queries. Using the results derived therein, we also show that replacing the permutation $(\pi_4, \pi_3)$ with $(\pi_1, \pi_2)$ in Eqn.~\eqref{eq:abstract} preserves security upto $2^{2n/3}$ adversarial queries.
Pratik Soni, Stefano Tessaro
ePrint ReportBerman and Haitner (Journal of Cryptology, '15) gave a one-call construction which, however, is not hardness preserving -- to obtain a secure PRF (against polynomial-time distinguishers), they need to rely on a naPRF secure against superpolynomial-time distinguishers; in contrast, all known hardness-preserving constructions require $\omega(1)$ calls. This leaves open the question of whether a stronger superpolynomial-time assumption is necessary for one-call (or constant-call) approaches. Here, we show that a large class of one-call constructions (which in particular includes the one of Berman and Haitner) cannot be proved to be a secure PRF under a black-box reduction to the (polynomial-time) naPRF security of the underlying function.
Our result complements existing impossibility results (Myers, EUROCRYPT '04; Pietrzak, CRYPTO '05) ruling out natural specific approaches, such as parallel and sequential composition. Furthermore, we show that our techniques extend to rule out a natural class of constructions making parallel but arbitrary number of calls which in particular includes parallel composition and the two-call, cuckoo-hashing based construction of Berman et al.\ (Journal of Cryptology, '19).
Mihai-Zicu Mina, Emil Simion
ePrint ReportYusai Wu, Liqing Yu, Zhenfu Cao, Xiaolei Dong
ePrint ReportLiliya Kraleva, Raluca Posteuca, Vincent Rijmen
ePrint ReportJulia Kastner, Julian Loss, Michael Rosenberg, Jiayu Xu
ePrint ReportDmitrii Koshelev
ePrint ReportLunar: a Toolbox for More Efficient Universal and Updatable zkSNARKs and Commit-and-Prove Extensions
Matteo Campanelli, Antonio Faonio, Dario Fiore, Anaïs Querol, Hadrián Rodríguez
ePrint ReportWe achieve a collection of zkSNARKs with different tradeoffs. One of our constructions achieves the smallest proof size and proving time compared to the state of art for proofs for arithmetic circuits. The language supported by this scheme is a variant of R1CS, called R1CS-lite, introduced by this work. Another of our constructions supports directly standard R1CS and improves on previous work achieving the fastest proving time for this type of constraint systems.
We achieve this result via the combination of different contributions: (1) a new algebraically-flavored variant of IOPs that we call $\mathit{Polynomial}$ $\mathit{Holographic}$ $\mathit{IOPs}$ (PHPs), (2) a new compiler that combines our PHPs with $\mathit{commit}$-$\mathit{and}$-$\mathit{prove}$ $\mathit{\ zkSNARKs}$ for committed polynomials, (3) pairing-based realizations of these CP-SNARKs for polynomials, (4) constructions of PHPs for R1CS and R1CS-lite, (5) a variant of the compiler that yields a commit-and-prove universal zkSNARK.
Radhakrishna Bhat, N R Sunitha
ePrint Report08 September 2020
Research Group COSIC at University of Leuven, Belgium
Job PostingClosing date for applications:
Contact: jobs-cosic@esat.kuleuven.be
More information: https://www.esat.kuleuven.be/cosic/vacancies/