IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
13 December 2020
Marco Holz, Benjamin Judkewitz, Helen Möllering, Benny Pinkas, Thomas Schneider
ePrint ReportHoward M. Heys
ePrint ReportRachit Rawat, Mahabir Prasad Jhanwar
ePrint ReportThe existing SSO systems built on distributed token generation techniques, including the PASTA framework, do not admit password-update functionality. In this work, we address this issue by proposing a password-update functionality into the PASTA framework. We call the modified framework PAS-TA-U.
As a concrete application, we instantiate PAS-TA-U to implement in Python a distributed SSH key manager for enterprise networks (ESKM) that also admits a password-update functionality for its clients. Our experiments show that the overhead of protecting secrets and credentials against breaches in our system compared to a traditional single server setup is low (average 119 ms in a 10-out-of-10 server setting on Internet with 80 ms round trip latency).
Deepraj Pandey, Nandini Agrawal, Mahabir Prasad Jhanwar
ePrint ReportWe present CovidBloc, a contact tracing system that implements the COVID 19 exposure database on Hyperledger Fabric Blockchain Network. Like most decentralized contact tracing application, the participants of the CovidBloc are: (1) a mobile application running on a bluetooth-equipped smartphone, (2) a web dashboard for health officials, and (3) a backend server acting as a repository for data being collected. We have implemented all components of CovidBloc to make it a fully functional contact tracing application. It is hosted at https://anonymous.4open.science/r/c6caad6d-62a4-463c-8301-472e421b931f/.
The mobile application for CovidBloc is developed for Android. The exposure notification system in our mobile application is implemented as per the recently released draft documentation by Google and Apple. The exposure notification API from Google and Apple is only available to a limited number of teams per country.
The backend server is an important component of any automated contact tracing system which acts as a repository for exposure data to be pushed by smartphones upon authorization by the health staff. Since adding or removing information on the server has privacy consequences, it is required that the server should not be trusted. The backend server for CovidBloc is implemented on Hyperledger Fabric Blockchain network.
Anubhab Baksi, Shivam Bhasin, Jakub Breier, Anupam Chattopadhyay, Vinay B. Y. Kumar
ePrint ReportAs cryptography is one of the cornerstones of secure communication among devices, the pertinence of fault attacks is becoming increasingly apparent in a setting where a device can be easily accessed in a physical manner. In particular, two recently proposed fault attacks, Statistical Ineffective Fault Attack (SIFA) and the Fault Template Attack (FTA) are shown to be formidable due to their capability to bypass the common duplication based countermeasures. Duplication based countermeasures, deployed to counter the Differential Fault Attack (DFA), work by duplicating the execution of the cipher followed by a comparison to sense the presence of any effective fault, followed by an appropriate recovery procedure. While a handful of countermeasures are proposed against SIFA, no such countermeasure is known to thwart FTA to date.
In this work, we propose a novel countermeasure based on duplication, which can protect against both SIFA and FTA. The proposal is also lightweight with only a marginally additional cost over simple duplication based countermeasures. Our countermeasure further protects against all known variants of DFA, including Selmke, Heyszl, Sigls attack from FDTC 2016. It does not inherently leak side-channel information and is easily adaptable for any symmetric key primitive. The validation of our countermeasure has been done through gate-level fault simulation.
Ziyuan Liang, Weiran Liu, Fan Zhang, Bingsheng Zhang, Jian Liu, Lei Zhang, Kui Ren
ePrint ReportMartin R. Albrecht, Nadia Heninger
ePrint ReportWe formalize lattice problems augmented with a predicate distinguishing a target vector and give algorithms for solving instances of these problems. We apply our techniques to lattice-based approaches for solving the Hidden Number Problem, a popular technique for recovering secret DSA or ECDSA keys in side-channel attacks, and demonstrate that our algorithms succeed in recovering the signing key for instances that were previously believed to be unsolvable using lattice approaches. We carried out extensive experiments using our estimation and solving framework, which we also make available with this work.
Marc Fischlin, Felix Günther, Philipp Muth
ePrint ReportWe discuss how to instantiate both future-secure and unconditionally-secure channels. To this end we first establish according confidentiality and integrity notions, then prove the well-known composition theorem to also hold in the information-theoretic setting: Chosen-plaintext security of the channel protocol, together with ciphertext integrity, implies the stronger chosen-ciphertext notion. We discuss how to build future-secure channel protocols by combining computational message authentication schemes like HMAC with one-time pad encryption. Chosen-ciphertext security follows easily from the generalized composition theorem. We also show that using one-time pad encryption with the unconditionally-secure Carter-Wegman MACs we obtain an unconditionally-secure channel protocol.
Timothy J. Hodges, Sergio Molina
ePrint ReportNizamud Din, Abdul Waheed, Nasir Saeed
ePrint ReportDan Boneh, Justin Drake, Ben Fisch, Ariel Gabizon
ePrint ReportPCS proof aggregation reduces the task of proving evaluations of multiple commitments at multiple independent points to the task of proving the evaluation of a single ``aggregate" commitment at a single point. We present two flavors of aggregation: private and public. In private aggregation the prover has a private witness consisting of openings of the input commitments. In public aggregation, the prover/verifier share the same inputs, which includes non-interactive evaluation proofs for each input commitment. Our public aggregation protocol applies to any additive succinct PCS. Our private aggregation protocol applies more broadly to any succinct PCS that supports an efficient $\textit{linear combination scheme}$: a protocol for verifiably aggregating commitments into a new commitment to their linear combination. This includes non-additive schemes such as the post-quantum FRI-based PCS.
We apply these results to the Halo proof carrying data (PCD) system. Halo was originally built using the Bulletproofs inner-product argument as the underlying PCS, and was recently generalized to work with the KZG PCS. We show that Halo can be instantiated with any PCS that supports efficient PCS aggregation, private or public. Thus, our results show that efficient (zero-knowledge) SNARKs and PCD can be constructed from any succinct PCS that has an efficient linear combination scheme, even if the PCS itself is inefficient. These results yield new Halo-like PCD systems from PCS constructions beyond Bulletproofs and KZG, including DARK, FRI, and Dory. The post-quantum Halo instantiation from FRI is particularly surprising as FRI is not additive.
Anna M. Johnston
ePrint ReportSeongHyuck Lim, JongHyeok Lee, Dong-Guk Han
ePrint Report11 December 2020
10 December - 15 June 2021
Event CalendarSubmission deadline: 15 June 2021
Lieusaint, France, 6 July - 8 July 2021
Event CalendarSubmission deadline: 16 February 2021
Notification: 15 April 2021
Hong Kong, Hong Kong, 7 July -
Event CalendarThe Centre for Doctoral Training in Cyber Security for the Everyday. Royal Holloway University,Egham
Job PostingClosing date for applications:
Contact: The studentship includes * Tuition fees: * Maintenance: £21,285 for each academic year. The CDT in Cyber Security for the Everyday can offer up to ten studentships per year, three of which can be awarded to international students (which includes EU and EEA.) contact Prof Martin Albrecht
Technische Universität Berlin, Faculty IV, Electrical Engineering and Computer Science, Germany
Job PostingClosing date for applications:
Contact: Ms. Anita Hummel
More information: https://stellenticket.de/86502/TUB/?lang=en
Axelar
Job PostingAxelar is building a decentralized network that connects dApp builders with blockchain ecosystems, applications and users for frictionless cross-chain communication. Our team consists of experienced engineers and researchers in distributed systems, cryptography, and consensus. We’re growing our team and looking for engineers who’re interested in building the new financial stack from the ground up.
- Understanding of public and secret key: encryption, signatures (Ed25519, ECDSA, etc.).
- Knowledge of networking technologies, specifically TCP/IP, RPC and the related protocols.
- Knowledge of operating systems, file systems, and memory on macOS and Linux.
- Experience with engineering security practices.
- Ability to find, exploit and fix bugs, security vulnerabilities in software.
- General knowledge of blockchain technologies.
- Experience with Go and/or Rust.
- Bonus: understanding of elliptic curve cryptography, multi-party computation and threshold schemes.
Closing date for applications:
Contact: Sergey Gorbunov: sergey [at] axelar [dot] network
More information: https://axelar.network
08 December 2020
Arizona State University - Tempe Campus
Job PostingMore details at https://apply.interfolio.com/81408. For further information or questions about this position please contact Professor Yan Shoshitaishvili at (yans@asu.edu)
Closing date for applications:
Contact: Yan Shoshitaishvili (yans@asu.edu); Ni Trieu (nitrieu@asu.edu)
More information: https://apply.interfolio.com/81408