IACR News
Updates on the COVID-19 situation are on the
Announcement channel.
Here you can see all recent updates to the IACR webpage. These updates are also available:
06 October 2020
Davide Poggi, Philippe Maurine, Thomas Ordas, Alexandre Sarafianos, Jérémy Raoult
ePrint Report
For many years EM Side-Channel Attacks, which exploit the statistical link between the magnetic field radiated by secure ICs and the data they process, are a critical threat. Indeed, attackers need to find only one hotspot (position of the EM probe over the IC surface) where there is an exploitable leakage to compromise the security. As a result, designing secure ICs robust against these attacks is incredibly difficult because designers must warrant there is no hotspot over the whole IC surface. This task is all the more difficult as there is no CAD tool to compute the magnetic field radiated by ICs and hence no methodology to detect hotspots at the design stages. Within this context, this paper introduces a flow allowing predicting the EM radiations of ICs and two related methodologies. The first one aims at identifying and quantifying the dangerousness of EM hotspots at the surface of ICs, i.e. positions where to place an EM probe to capture a leakage. The second aims at locating leakage hotspots in ICs, i.e. areas in circuits from where these leakages originate.
Rachit Garg, Dakshita Khurana, George Lu, Brent Waters
ePrint Report
There has been recent exciting progress on building non-interactive non-malleable commitments from judicious assumptions. All proposed approaches proceed in two steps. First, obtain simple "base'' commitment schemes for very small tag/identity spaces based on a various sub-exponential hardness assumptions. Next, assuming sub-exponential non-interactive witness indistinguishable proofs (NIWIs), and variants of keyless collision resistant hash functions, construct non-interactive compilers that convert tag-based non-malleable commitments for a small tag space into tag-based non-malleable commitments for a larger tag space.
We propose the first black-box construction of non-interactive non-malleable commitments. Our key technical contribution is a novel way of implementing the non-interactive proof of consistency required by the tag amplification process. Prior to our work, the only known approach to tag amplification without setup and with black-box use of the base scheme (Goyal, Lee, Ostrovsky and Visconti, FOCS 2012) added multiple rounds of interaction.
Our construction satisfies the strongest known definition of non-malleability, i.e., CCA (chosen commitment attack) security. In addition to being black-box, our approach dispenses with the need for sub-exponential NIWIs, that was common to all prior work. Instead of NIWIs, we rely on sub-exponential hinting PRGs which can be obtained based on a broad set of assumptions such as sub-exponential CDH or LWE.
Arthur Van Der Merwe, David Paul, Jelena Schmalz, Timothy M. Schaerf
ePrint Report
We examine the security of the Australian card payment system by analysing existing cryptographic protocols in this analysis. We compare current Australian cryptographic methods with their international counterparts, such as the ANSI TR-31 methods. Then, finally, we formulate a formal difference between the two schemes using security proofs.
David Cash, Andrew Drucker, Alexander Hoover
ePrint Report
We initiate a fine-grained study of the round complexity of Oblivious RAM (ORAM). We prove that any one-round balls-in bins ORAM that does not duplicate balls must have either \Omega(\sqrt{N}) bandwidth or \Omega(\sqrt{N}) client memory, where N is the number of memory slots being simulated. This shows that such schemes are strictly weaker than general (multi-round) ORAMs or those with server computation, and in particular implies that a one-round version of the original square-root ORAM of Goldreich and Ostrovksy (J. ACM 1996) is optimal. We prove this bound via new techniques that differ from those of Goldreich and Ostrovksy, and of Larsen and Nielsen (CRYPTO 2018), which achieved an \Omega(\log N) bound for balls-in-bins and general multi-round ORAMs respectively. Finally we give a weaker extension of our bound that allows for limited duplication of balls, and also show that our bound extends to multiple-round ORAMs of a restricted form that include the best known constructions.
Andrea Coladangelo, Christian Majenz, Alexander Poremba
ePrint Report
Copy-protection allows a software distributor to encode a program in such a way that it can be evaluated on any input, yet it cannot be "pirated" - a notion that is impossible to achieve in a classical setting. Aaronson (CCC 2009) initiated the formal study of quantum copy-protection schemes, and speculated that quantum cryptography could offer a solution to the problem thanks to the quantum no-cloning theorem.
In this work, we introduce a quantum copy-protection scheme for a large class of evasive functions known as "compute-and-compare programs" - a more expressive generalization of point functions. A compute-and-compare program $\mathsf{CC}[f,y]$ is specified by a function $f$ and a string $y$ within its range: on input $x$, $\mathsf{CC}[f,y]$ outputs $1$, if $f(x) = y$, and $0$ otherwise. We prove that our scheme achieves non-trivial security against fully malicious adversaries in the quantum random oracle model (QROM), which makes it the first copy-protection scheme to enjoy any level of provable security in a standard cryptographic model. As a complementary result, we show that the same scheme fulfils a weaker notion of software protection, called "secure software leasing", introduced very recently by Ananth and La Placa (eprint 2020), with a standard security bound in the QROM, i.e. guaranteeing negligible adversarial advantage.
In this work, we introduce a quantum copy-protection scheme for a large class of evasive functions known as "compute-and-compare programs" - a more expressive generalization of point functions. A compute-and-compare program $\mathsf{CC}[f,y]$ is specified by a function $f$ and a string $y$ within its range: on input $x$, $\mathsf{CC}[f,y]$ outputs $1$, if $f(x) = y$, and $0$ otherwise. We prove that our scheme achieves non-trivial security against fully malicious adversaries in the quantum random oracle model (QROM), which makes it the first copy-protection scheme to enjoy any level of provable security in a standard cryptographic model. As a complementary result, we show that the same scheme fulfils a weaker notion of software protection, called "secure software leasing", introduced very recently by Ananth and La Placa (eprint 2020), with a standard security bound in the QROM, i.e. guaranteeing negligible adversarial advantage.
05 October 2020
Telecom Paris, Institut Polytechnique de Paris & Thalès Group
Job Posting
Context and funding: Chair C3S (Connected Cars and Cyber Security), https://chairec3s.wp.imt.fr/
Ph.D. positions in cryptography and security, with focus on distributed protocols, cryptology and Secure Multi-party Computation. Secure “multi-party computation” (MPC) is a type of cryptographic protocol that allows a set of parties to compute a function of each of their individual inputs, without having to reveal their inputs. It would be interesting to explore the use of this approach in the context of the autonomous connected vehicles to define protocols that preserve privacy and integrity, and ensure secure communications in a highly distributed context.
Position is available in the INFRES (Computer Science and Network) Department at Telecom Paris of the Institute of Polytechnique de Paris (IP Paris), France.
The expected Ph.D research takes part of research activities carried out in the Axis 2 of the Chair C3S and especially related to topic 2 – Protection of data and data flow in real time, cryptography and agility focusing on light and robust cryptography, real-time cryptography and crypto-agility. Candidates should have a strong background in computer science and cryptography. Demonstrated expertise in cryptography, distributed computing, or multi-party computation is a plus. Applicants must hold a master degree in the relevant research fields. Positions are available and come with a competitive salary. The selection process runs until suitable candidates are found. If you are interested, please apply by sending email with one single PDF file and subject line set to Application for Ph.D., addressed directly to Prof. Duong Hieu Phan and Prof. Houda Labiod from Infres Department, Institute Polytecnique de Paris and Dr. Aurélien Dupin from Thalès Group. Since we receive many applications, we encourage you to include necessary materials that demonstrate your motivation and strengths.
Ph.D. positions in cryptography and security, with focus on distributed protocols, cryptology and Secure Multi-party Computation. Secure “multi-party computation” (MPC) is a type of cryptographic protocol that allows a set of parties to compute a function of each of their individual inputs, without having to reveal their inputs. It would be interesting to explore the use of this approach in the context of the autonomous connected vehicles to define protocols that preserve privacy and integrity, and ensure secure communications in a highly distributed context.
Position is available in the INFRES (Computer Science and Network) Department at Telecom Paris of the Institute of Polytechnique de Paris (IP Paris), France.
The expected Ph.D research takes part of research activities carried out in the Axis 2 of the Chair C3S and especially related to topic 2 – Protection of data and data flow in real time, cryptography and agility focusing on light and robust cryptography, real-time cryptography and crypto-agility. Candidates should have a strong background in computer science and cryptography. Demonstrated expertise in cryptography, distributed computing, or multi-party computation is a plus. Applicants must hold a master degree in the relevant research fields. Positions are available and come with a competitive salary. The selection process runs until suitable candidates are found. If you are interested, please apply by sending email with one single PDF file and subject line set to Application for Ph.D., addressed directly to Prof. Duong Hieu Phan and Prof. Houda Labiod from Infres Department, Institute Polytecnique de Paris and Dr. Aurélien Dupin from Thalès Group. Since we receive many applications, we encourage you to include necessary materials that demonstrate your motivation and strengths.
Closing date for applications:
Contact: Hieu Phan (hieu.phan@telecom-paris.fr) and Houda Labiod (houda.labiod@telecom-paris.fr).
01 October 2020
Abu Dhabi, United Arab Emirates, 27 January - 28 January 2021
Event Calendar
Event date: 27 January to 28 January 2021
Submission deadline: 15 November 2020
Notification: 15 December 2020
Submission deadline: 15 November 2020
Notification: 15 December 2020
University of Florida, Gainesville, FL, USA
Job Posting
I am looking to hire a number of post-doctoral fellows and PhD students with expertise and interests in the area of hardware security, AI hardware security, homomorphic encryption, neuromorphic computing, physical design verification, digital twins, VLSI design, and more. Candidates with strong background on these areas should send me their CV at tehranipoor@ufl.edu .
Closing date for applications:
Contact: Prof. Mark Tehranipoor tehranipoor@ufl.edu
More information: http://tehranipoor.ece.ufl.edu/
Singapore University of Technology and Design (SUTD), Singapore
Job Posting
Look for a Postdoc / Research Fellow on blockchain security. Interested candidates please send your CV with a research statement to Prof. Jianying Zhou. Only short-listed candidates will be contacted for interview.
Closing date for applications:
Contact: Prof. Jianying Zhou (jianying_zhou@sutd.edu.sg)
More information: http://jianying.space/
Graz University of Technology, Graz, Austria
Job Posting
We are looking for a candidate with proven scientific expertise in the field of Security & Privacy. The following areas are of particular interest:
- Formal Methods and Security
- Privacy Technologies
- Systems Security
- Usable Security & Privacy
The professorship will be part of the Institute of Applied Information Processing and Communications, which is an internationally visible research environment with more than 60 researchers in information security. The institute collaborates closely with research groups and industry partners around the globe. It is a central part of the recently established Cybersecurity Campus Graz, which unites basic research, education, technology transfer, and industry partners in cybersecurity all under one roof.
The new professor will build an internationally visible group, and will be an engaged teacher in the Computer Science programs at the Bachelor’s, Master’s, and PhD level. At Graz University of Technology, undergraduate courses are taught in German or English and graduate courses are taught in English.
Closing date for applications:
Contact: For further question, please contact Stefan Mangard / stefan.mangard@iaik.tugraz.at
The application should be sent to the Dean of the Department of Computer Science and Biomedical Engineering at applications.csbme@tugraz.at until 26.11.2020 referencing to 7050/20/035
More information: https://www.tugraz.at/fakultaeten/csbme/news/jobs-grants-calls/tenure-track-professor-in-security-and-privacy/
Cryptology and Data Security Group, University of Bern, Bern, Switzerland
Job Posting
Ph.D. positions in cryptography and security, with focus on distributed protocols and blockchain Cryptology and Data Security Group, University of Bern Ph.D. positions are available in the Cryptology and Data Security research group at the Institute of Computer Science, University of Bern, led by Christian Cachin.
Our research addresses all aspects of security in distributed systems, especially cryptographic protocols, consistency, consensus, and cloud-computing security. We are particularly interested in blockchains, distributed ledger technology, cryptocurrencies, and their security and economics.
Candidates should have a strong background in computer science. They should like conceptual, rigorous thinking for working theoretically, or be interested in building innovative systems for working practically. Demonstrated expertise in cryptography, distributed computing, or blockchain technology is a plus. Applicants must hold a master degree in the relevant research fields.
Positions are available starting January 2021 and come with a competitive salary. The selection process runs until suitable candidates have been found. The University of Bern conducts excellent research and lives up its vision that “Knowledge generates value”. The city of Bern lies in the center of Switzerland and offers some of the highest quality of life worldwide.
If you are interested, please apply be sending email with one single PDF file and subject line set to Application for Ph.D., addressed directly to Prof. Christian Cachin at crypto (at) inf.unibe.ch.
Since we receive many applications, we encourage you to include material that demonstrates your interests and strengths and sets you apart from others.
For more information, please contact Christian Cachin (https://crypto.unibe.ch/cc/).
Closing date for applications:
Contact: Christian Cachin
More information: https://crypto.unibe.ch/jobs
30 September 2020
Shoei Nashimoto, Daisuke Suzuki, Rei Ueno, Naofumi Homma
ePrint Report
RISC-V is equipped with physical memory protection (PMP) to prevent malicious software from accessing protected memory regions. One of the main objectives of PMP is to provide a trusted execution environment (TEE) that isolates secure and insecure applications. In this study, we propose a fault injection attack to bypass the isolation based on PMP. The proposed attack scheme involves extracting successful glitch parameters for fault injection under the assumption of a black-box environment. We implement a proof-of-concept TEE compatible with PMP in RISC-V, and we verify the feasibility and effectiveness of the proposed attack through some experiments conducted in the TEE. The results show that an attacker can bypass the isolation of the TEE and read data from the protected memory region.
Yuan Yao, Tarun Kathuria, Baris Ege, Patrick Schaumont
ePrint Report
Power-based side-channel leakage is a known problem in the design of security-centric electronic systems. As the complexity of modern systems rapidly increases through the use of System-on-Chip (SoC) integration, it becomes difficult to determine the precise source of the side-channel leakage. Designers of secure SoC must therefore proactively apply expensive countermeasures to protect entire subsystems such as encryption modules, and this increases the design cost of the chip. We propose a methodology to determine, at design time, the source of side-channel leakage with much greater accuracy, at the granularity of a single cell. Our methodology, Architecture Correlation Analysis, uses a leakage model, well known from differential side-channel analysis techniques, to rank the cells within a netlist according to their contribution to the side-channel leakage. With this analysis result, the designer can selectively apply countermeasures where they are most effective. We demonstrate Architecture Correlation Analysis (ACA) on an AES coprocessor in an SoC design, and we determine the sources of side-channel leakage at the gate-level within the AES module as well as within the overall SoC. We validate ACA by demonstrating its use in an optimized hiding countermeasure.
Mark Zhandry
ePrint Report
We explore the problem of traitor tracing where the pirate decoder can contain a quantum state. Our main results include:
- We show how to overcome numerous definitional challenges to give a meaningful notion of tracing for quantum decoders
- We give negative results, demonstrating barriers to adapting classical tracing algorithms to the quantum decoder setting.
- On the other hand, we show how to trace quantum decoders in the setting of (public key) private linear broadcast encryption, capturing a common approach to traitor tracing.
Cecilia Boschini, Jan Camenisch, Max Ovsiankin, Nicholas Spooner
ePrint Report
In this paper we give efficient statistical zero-knowledge proofs (SNARKs) for Module/Ring LWE and Module/Ring SIS relations, providing the remaining ingredient for building efficient cryptographic protocols from lattice-based hardness assumptions.
We achieve our results by exploiting the linear-algebraic nature of the statements supported by the Aurora proof system (Ben-Sasson et al.), which allows us to easily and efficiently encode the linear-algebraic statements that arise in lattice schemes and to side-step the issue of "relaxed extractors", meaning extractors that only recover a witness for a larger relation than the one for which completeness is guaranteed.
We apply our approach to the example use case of partially dynamic group signatures and obtain a lattice-based group signature that protects users against corrupted issuers, and that produces signatures smaller than the state of the art, with signature sizes of less than 300 KB for the comparably secure version of the scheme.
To obtain our argument size estimates for proof of knowledge of RLWE secret, we implemented the NIZK using libiop.
Karim Baghery, Alonso González, Zaira Pindado, Carla Ràfols
ePrint Report
This paper constructs unbounded simulation sound proofs for boolean circuit satisfiability under standard assumptions with proof size O(n+d) bilinear group elements, where d is the depth and n is the input size of the circuit. Our technical contribution is to add unbounded simulation soundness to a recent NIZK of González and Ràfols (ASIACRYPT'19) with very small overhead. We give two different constructions: the first one is more efficient but not tight, and the second one is tight.
Our new scheme can be used to construct Signatures of Knowledge based on standard assumptions that also can be composed universally with other cryptographic protocols/primitives.
As an independent contribution we also detail a simple formula to encode Boolean circuits as Quadratic Arithmetic Programs.
Navid Alamati, Luca De Feo, Hart Montgomery, Sikhar Patranabis
ePrint Report
Isogeny-based assumptions have emerged as a viable option for quantum-secure cryptography. Recent works have
shown how to build efficient (public-key) primitives from isogeny-based assumptions such as CSIDH and CSI-FiSh.
However, in its present form, the landscape of isogenies does not seem very amenable to realizing new cryptographic
applications. Isogeny-based assumptions often have unique efficiency and security properties, which makes building
new cryptographic applications from them a potentially tedious and time-consuming task.
In this work, we propose a new framework based on group actions that enables the easy usage of a variety of isogeny-based assumptions. Our framework generalizes the works of Brassard and Yung (Crypto’90) and Couveignes (Eprint’06). We provide new definitions for group actions endowed with natural hardness assumptions that model isogeny-based constructions amenable to group actions such as CSIDH and CSI-FiSh.
We demonstrate the utility of our new framework by leveraging it to construct several primitives that were not previously known from isogeny-based assumptions. These include smooth projective hashing, dual-mode PKE, two-message statistically sender-private OT, and Naor-Reingold style PRF. These primitives are useful building blocks for a wide range of cryptographic applications.
We introduce a new assumption over group actions called Linear Hidden Shift (LHS) assumption. We then present some discussions on the security of the LHS assumption and we show that it implies symmetric KDM-secure encryption, which in turn enables many other primitives that were not previously known from isogeny-based assumptions.
In this work, we propose a new framework based on group actions that enables the easy usage of a variety of isogeny-based assumptions. Our framework generalizes the works of Brassard and Yung (Crypto’90) and Couveignes (Eprint’06). We provide new definitions for group actions endowed with natural hardness assumptions that model isogeny-based constructions amenable to group actions such as CSIDH and CSI-FiSh.
We demonstrate the utility of our new framework by leveraging it to construct several primitives that were not previously known from isogeny-based assumptions. These include smooth projective hashing, dual-mode PKE, two-message statistically sender-private OT, and Naor-Reingold style PRF. These primitives are useful building blocks for a wide range of cryptographic applications.
We introduce a new assumption over group actions called Linear Hidden Shift (LHS) assumption. We then present some discussions on the security of the LHS assumption and we show that it implies symmetric KDM-secure encryption, which in turn enables many other primitives that were not previously known from isogeny-based assumptions.
David Lanzenberger, Ueli Maurer
ePrint Report
This paper makes three contributions. First, we present a simple theory of
random systems. The main idea is to think of a probabilistic system as an
equivalence class of distributions over deterministic systems. Second, we
demonstrate how in this new theory, the optimal
information-theoretic distinguishing advantage between two systems can be
characterized merely in terms of the statistical distance of probability
distributions, providing a more elementary understanding of the distance of
systems. In particular, two systems that are $\epsilon$-close in terms of the
best distinguishing advantage can be understood as being equal with
probability 1-$\epsilon$, a property that holds statically, without even
considering a distinguisher, let alone its interaction with the systems.
Finally, we exploit this new characterization of the distinguishing advantage
to prove that any threshold combiner is an amplifier for indistinguishability
in the information-theoretic setting, generalizing and simplifying results
from Maurer, Pietrzak, and Renner (CRYPTO 2007).
Zvika Brakerski, Pedro Branco, Nico Döttling, Sanjam Garg, Giulio Malavolta
ePrint Report
Non-committing encryption (NCE) is a type of public key encryption which comes with the ability to equivocate ciphertexts to encryptions of arbitrary messages, i.e., it allows one to find coins for key generation and encryption which ``explain'' a given ciphertext as an encryption of any message. NCE is the cornerstone to construct adaptively secure multiparty computation [Canetti et al. STOC'96] and can be seen as the quintessential notion of security for public key encryption to realize ideal communication channels.
A large body of literature investigates what is the best message-to-ciphertext ratio (i.e., the rate) that one can hope to achieve for NCE. In this work we propose a near complete resolution to this question and we show how to construct NCE with constant rate in the plain model from a variety of assumptions, such as the hardness of the learning with errors (LWE), the decisional Diffie-Hellman (DDH), or the quadratic residuosity (QR) problem. Prior to our work, constructing NCE with constant rate required a trusted setup and indistinguishability obfuscation [Canetti et al. ASIACRYPT'17].
Zvika Brakerski, Nico Döttling
ePrint Report
The hardness of the Ring Learning with Errors problem (RLWE) is a central building block for efficiency-oriented lattice-based cryptography. Many applications use an ``entropic'' variant of the problem where the so-called ``secret'' is not distributed uniformly as prescribed but instead comes from some distribution with sufficient min-entropy. However, the hardness of the entropic variant has not been substantiated thus far.
For standard LWE (not over rings) entropic results are known, using a ``lossiness approach'' but it was not known how to adapt this approach to the ring setting. In this work we present the first such results, where entropic security is established either under RLWE or under the Decisional Small Polynomial Ratio (DSPR) assumption which is a mild variant of the NTRU assumption.
In the context of general entropic distributions, our results in the ring setting essentially match the known lower bounds (Bolboceanu et al., Asiacrypt 2019; Brakerski and Döttling, Eurocrypt 2020).
For standard LWE (not over rings) entropic results are known, using a ``lossiness approach'' but it was not known how to adapt this approach to the ring setting. In this work we present the first such results, where entropic security is established either under RLWE or under the Decisional Small Polynomial Ratio (DSPR) assumption which is a mild variant of the NTRU assumption.
In the context of general entropic distributions, our results in the ring setting essentially match the known lower bounds (Bolboceanu et al., Asiacrypt 2019; Brakerski and Döttling, Eurocrypt 2020).