International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

Here you can see all recent updates to the IACR webpage. These updates are also available:

email icon
via email
RSS symbol icon
via RSS feed

22 January 2021

Jorai Rijsdijk, Lichao Wu, Guilherme Perin, Stjepan Picek
ePrint Report ePrint Report
Deep learning represents a powerful set of techniques for profiling side-channel analysis. The results in the last few years show that neural network architectures like multilayer perceptron and convolutional neural networks give strong attack performance where it is possible to break targets protected with various countermeasures. Considering that deep learning techniques commonly have a plethora of hyperparameters to tune, it is clear that such top attack results can come with a high price in preparing the attack. This is especially problematic as the side-channel community commonly uses random search or grid search techniques to look for the best hyperparameters.

In this paper, we propose to use reinforcement learning to tune the convolutional neural network hyperparameters. In our framework, we investigate the Q-Learning paradigm and develop two reward functions that use side-channel metrics. We mount an investigation on three commonly used datasets and two leakage models where the results show that reinforcement learning can find convolutional neural networks exhibiting top performance while having small numbers of trainable parameters. We note that our approach is automated and can be easily adapted to different datasets. Finally, several of our newly developed architectures outperform the current state-of-the-art results.
Expand
Aysajan Abidin, Mohieddine El Soussi, Jac Romme, Pepijn Boer, Dave Singelée, Christian Bachmann
ePrint Report ePrint Report
Relay attacks pose a serious security threat to wireless systems, such as, contactless payment systems, keyless entry systems, or smart access control systems. Distance bounding protocols, which allow an entity to not only authenticate another entity but also determine whether it is physically close by, effectively mitigate relay attacks. However, secure implementation of distance bounding protocols, especially of the time critical challenge-response phase, has been a challenging task. In this paper, we design and implement a secure and accurate distance bounding protocol based on Narrow-Band signals, such as Bluetooth Low Energy (BLE), to particularly mitigate relay attacks. Narrow-Band ranging, specifically, phase-based ranging, enables accurate distance measurement, but it is vulnerable to phase rollover attacks. In our solution, we mitigate phase rollover attacks by also measuring time-of-flight (ToF) to detect the delay introduced by such attacks. Therefore, our protocol effectively combines the best of both worlds: phase-based ranging for accuracy and time-of-flight (ToF) measurement for security. To demonstrate the feasibility and practicality of our solution, we prototype it on NXP KW36 BLE chips and evaluate its performance and relay attack resistance. The obtained precision and accuracy of the presented ranging solution are 2.5 cm and 30 cm, respectively, in wireless measurements.
Expand
Amanda Resende, Davis Railsback, Rafael Dowsley, Anderson C. A. Nascimento, Diego F. Aranha
ePrint Report ePrint Report
We propose a privacy-preserving Naive Bayes classifier and apply it to the problem of private text classification. In this setting, a party (Alice) holds a text message, while another party (Bob) holds a classifier. At the end of the protocol, Alice will only learn the result of the classifier applied to her text input and Bob learns nothing. Our solution is based on Secure Multiparty Computation (SMC). Our Rust implementation provides a fast and secure solution for the classification of unstructured text. Applying our solution to the case of spam detection (the solution is generic, and can be used in any other scenario in which the Naive Bayes classifier can be employed), we can classify an SMS as spam or ham in less than 340ms in the case where the dictionary size of Bob's model includes all words ($n = 5200$) and Alice's SMS has at most $m = 160$ unigrams. In the case with $n = 369$ and $m = 8$ (the average of a spam SMS in the database), our solution takes only 21ms.
Expand
Carsten Baum, Cyprien Delpech de Saint Guilhem, Daniel Kales, Emmanuela Orsini, Peter Scholl, Greg Zaverucha
ePrint Report ePrint Report
In this work we introduce Banquet, a digital signature scheme with post-quantum security, constructed using only symmetric-key primitives. The design is based on the MPC-in-head paradigm also used by Picnic (CCS 2017) and BBQ (SAC 2019). Like BBQ, Banquet uses only standardized primitives, namely AES and SHA-3, but signatures are more than 50% shorter, making them competitive with Picnic (which uses a non-standard block cipher to improve performance). The MPC protocol in Banquet uses a new technique to verify correctness of the AES S-box computations, which is efficient because the cost is amortized with a batch verification strategy. Our implementation and benchmarks also show that both signing and verification can be done in under 10ms on a current x64 CPU. We also explore the parameter space to show the range of trade-offs that are possible with the Banquet design, and show that Banquet can nearly match the signature sizes possible with Picnic (albeit with slower, but still practical run times) or have speed within a factor of two of Picnic (at the cost of larger signatures).
Expand
Michiel Van Beirendonck, Jan-Pieter D'Anvers, Ingrid Verbauwhede
ePrint Report ePrint Report
Masking is a popular technique to protect cryptographic implementations against side-channel attacks and comes in several variants including Boolean and arithmetic masking. Some masked implementations require conversion between these two variants, which is increasingly the case for masking of post-quantum encryption and signature schemes. One way to perform Arithmetic to Boolean (A2B) mask conversion is a table-based approach first introduced by Coron and Tchulkine, and later corrected and adapted by Debraize in CHES 2012. In this work, we show both analytically and experimentally that the table-based A2B conversion algorithm proposed by Debraize does not achieve the claimed resistance against differential power analysis due to a non-uniform masking of an intermediate variable. This non-uniformity is hard to find analytically but leads to clear leakage in experimental validation. To address the non-uniform masking issue, we propose two new A2B conversions: one that maintains efficiency at the cost of additional memory and one that trades efficiency for a reduced memory footprint. We give analytical and experimental evidence for their security, and will make their implementations, which are shown to be free from side-channel leakage in 100.000 power traces collected on the ARM Cortex-M4, available online. We conclude that when designing side-channel protection mechanisms, it is of paramount importance to perform both a theoretical analysis and an experimental validation of the method.
Expand

20 January 2021

Technology Innovation Institute (TII) - Abu Dhabi, UAE
Job Posting Job Posting

Technology Innovation Institute - Cryptography Research Centre

In our connected digital world, secure and reliable cryptography is the foundation of digital information security and data integrity. We address the world’s most pressing cryptographic questions. Our work covers post-quantum cryptography, lightweight cryptography, cloud encryption schemes, secure protocols, quantum cryptographic technologies and cryptanalysis.

As a Vulnerability Researcher you will be in charge of:

  • conducting internal security evaluations of our cryptographic libraries and IP cores, writing proof-of-concepts, and supporting the corresponding SW/HW development teams to fix the vulnerabilities
  • continuously improving our tools and methodologies for security analysis/ pentesting/bug hunting/attack modeling
  • reviewing state-of-the-art publications and investigating new potential attack vectors/defenses for SW or HW implementations
  • putting your black hat on, figuring our how to break things, and assessing the design and development of fixes/countermeasures

    Must have:

  • BS/MS degree in computer science/computer engineering or 3+ years of relevant experience in the industry
  • Hands-on experience with common SW and HW attacks, measurement techniques, and security technologies
  • Deep understanding of modern cryptography and common SW/HW security issues (e.g., CWE list)
  • Experience with X86/ARM/RISC-V assembly, VHDL/Verilog, and (system-level) C/Rust software development
  • Ability to work collaboratively and remotely with others

    Nice to have:

  • PhD in embedded security (or closely related subject)
  • Proven expertise (CVEs, publications, tools) in SW/HW offensive security research

    Closing date for applications:

    Contact:
    Mehdi Messaoudi
    Talent Acquisition Manager
    mehdi.messaoudi@tii.ae

    More information: https://tii.ae/

  • Expand
    Technology Innovation Institute (TII) - Abu Dhabi, UAE
    Job Posting Job Posting

    Technology Innovation Institute - Cryptography Research Centre

    In our connected digital world, secure and reliable cryptography is the foundation of digital information security and data integrity. We address the world’s most pressing cryptographic questions. Our work covers post-quantum cryptography, lightweight cryptography, cloud encryption schemes, secure protocols, quantum cryptographic technologies and cryptanalysis.

    As a Lead Hardware Security Researcher you will be in charge of:

  • being responsible of multiple research projects and leading a team of security researchers
  • planning and conducting internal security evaluations of our cryptographic libraries and IP cores
  • keeping up-to-date with the best practices and advances in the industry/academia in order to guide the development of our tools and methodologies for security analysis/pentesting/bug hunting/attack modelling
  • providing a technical interface point and consultation on specific areas of security expertise
  • putting your black hat on, figuring our how to break things, and guiding the design and development of fixes/countermeasures

    Must have:

  • BS/MS degree in computer science/computer engineering or 7+ years of relevant experience in the industry
  • Hands-on experience with common SW and HW attacks, measurement techniques, and security technologies
  • Deep understanding of modern cryptography and common SW/HW security issues (e.g., CWE list)
  • Experience with X86/ARM/RISC-V assembly, VHDL/Verilog, and (system-level) C/Rust software development
  • Proven expertise (CVEs, publications, tools) in SW/HW security research
  • Ability to manage teams and to work independently without supervision
  • Have good communication skills and the ability to interact with a diverse range of colleagues and partners

    Closing date for applications:

    Contact:

    Mehdi Messaoudi
    Talent Acquisition Manager
    mehdi.messaoudi@tii.ae

    More information: https://tii.ae/

  • Expand
    University of Canterbury, School of Mathematics and Statistics, Christchurch, New Zealand
    Job Posting Job Posting
    Funded position for PhD in the Mathematics of Post-Quantum Cryptography, to work on theoretical questions. The research will be on some or all of the following: isogenies, algebraic geometry, codes, lattices. The ideal candidate will have a strong undergraduate mathematics knowledge including abstract algebra, number theory and geometry. An MSc is a plus. Experience with computer programming and cryptography is also desirable. This is part of a collaboration with the group of Prof. Steven Galbraith at the University of Auckland and interaction with this group is expected.

    Closing date for applications:

    Contact: Prof. Felipe Voloch

    More information: http://www.math.canterbury.ac.nz/~f.voloch/prospective.html

    Expand
    SPRING Lab, EPFL
    Job Posting Job Posting

    We have a postdoc opening in the area of privacy engineering to be hosted at the SPRING Lab @EPFL headed by Carmela Troncoso, working on the design, evaluation, and deployment of privacy-preserving systems.

    The postdoc will be collaborating on lab projects oriented to creating new privacy-preserving primitives and integrating them into end-to-end systems. The systems we develop at the lab aim to enable users to enjoy technological advances while minimizing the risks of abuse of the data in the system and the system’s impact on society. Our system design projects are typically in collaboration with a stakeholder with high stakes in protecting their users, such as NGOs, governments, or educational institutions. More information about our research: https://www.epfl.ch/labs/spring/
    The position is to be filled as soon as possible

    We are also looking for motivated PhD students to build privacy-preserving systems. If you are interested in this position please refer to our doctoral school: https://www.epfl.ch/education/phd/edic-computer-and-communication-sciences/
    Next application deadline: April 15 2021

    Closing date for applications:

    Contact: To apply please follow the instructions here: https://recruiting.epfl.ch/Vacancies/1612/Description/2
    For any question please contact Carmela Troncoso

    More information: https://recruiting.epfl.ch/Vacancies/1612/Description/2

    Expand

    19 January 2021

    Queen’s University Belfast
    Job Posting Job Posting
    Applications are invited for a 2 year Post-Doctoral Research Fellow position to conduct research into the application of advanced machine learning techniques for use in hardware Trojan detection, as part of the EPSRC-funded DeepSecurity project. This project is a core research project of the UK Research Institute in Secure Hardware and Embedded Systems (RISE). This post has a funding end date of 31 March 2023.

    Closing date for applications:

    Contact: You must clearly demonstrate how you meet the criteria when you submit your application. For further information please contact Resourcing Team, Queen's University Belfast, BT7 1NN. Telephone (028) 9097 3044 or email resourcing@qub.ac.uk.

    More information: https://hrwebapp.qub.ac.uk/tlive_webrecruitment/wrd/run/ETREC107GF.open?VACANCY_ID=867106E9Ng&WVID=6273090Lgx&LANG=USA

    Expand
    University of Lyon, Saint-Etienne, France
    Job Posting Job Posting
    The Hubert Curien laboratory is a joint research unit of the University of Lyon, Saint-Etienne, the National Research Centre "CNRS". Its Secure Embedded Systems & Hardware Architectures (SESAM) Group is one of the leading European research groups in the areas of hardware security. The SESAM group of the Hubert Curien Lab explores three main aspects of hardware security: - the random number generation and physical unclonable function implementation in logic devices, including design, characterization, test and security evaluation - the design of hardware architectures resistant to passive and active physical attacks, - the security of heterogenous systems on chip (microprocessors + FPGA) This group offers several post-doc research positions to work (for 12 or 24 months) on one of these three aspects of hardware security. We are looking for an excellent candidate with PhD and track record in hardware security.

    Closing date for applications:

    Contact: To apply please send your detailed CV (with publication list), motivation for applying (1 page) and names of at least two persons who can provide reference letters (e-mail). Contact: Prof. Lilian BOSSUET lilian.bossuet(at)univ-st-etienne.fr

    More information: https://laboratoirehubertcurien.univ-st-etienne.fr/en/teams/secure-embedded-systems-hardware-architectures.html.

    Expand
    Huawei International, Singapore
    Job Posting Job Posting
    We are looking for a researcher specializing in decentralized identity and data management, self-sovereign identity, authentication and authorization, applied cryptography or network security. The candidate should have solid knowledge in one or several of the following areas:
  • Decentralized Identities: Self-sovereign identity, Anonymous credentials, etc.
  • Decentralized data protection: Copyright protection, Trusted data transaction, etc.
  • Blockchain technologies: Consensus algorithms, Privacy protection protocols, etc.
  • Applied cryptography: Zero-knowledge proofs, Homomorphic encryption, etc.
  • Authentication protocols: OAuth, SAML, EAP-TLS, EAP-AKA, etc. The candidate should have passion on doing research, and should be able to conduct research on trust and identity management for various scenarios.


    Qualifications:

  • Ph.D. in Computer Science, Computer Engineering, Mathematics or related field.
  • Solid knowledge in network security, authentication protocols, cryptography or blockchain technologies.

    Closing date for applications:

    Contact: Dr. Cheng-Kang Chu (chu.cheng.kang@huawei.com)

    More information: https://www.dropbox.com/s/7theyk6o0gl8254/Security-Researcher.pdf?dl=0

  • Expand

    18 January 2021

    Mohamed Fadl Idris, Je Sen Teh, Jasy Liew Suet Yan, Wei-Zhu Yeoh
    ePrint Report ePrint Report
    Resistance against differential cryptanalysis is commonly assessed by counting the number of active substitution boxes (s-boxes) using search algorithms or mathematical solvers that incur high computational costs. In this paper, we propose an alternative approach using deep neural networks to predict the number of active s-boxes, trading off exactness for real-time efficiency as the bulk of computational work is brought over to pre-processing (training). Active s-box prediction is framed as a regression task whereby neural networks are trained using features such as input and output differences, number of rounds and permutation pattern. We first investigate the feasibility of the proposed approach by applying it on a reduced (4-branch) generalised Feistel structure (GFS) cipher. Apart from optimizing a neural network architecture for the task, we also explore the impact of each feature and its representation on prediction accuracy. We then extend the idea to 64-bit GFS ciphers by training deep learning models using data from five ciphers. These deep learning models were then used to predict the number of active s-boxes for TWINE, a lightweight block cipher. The best performing model achieved the lowest root mean square error of 1.62 and R$^2$ of 0.87, depicting the feasibility of the proposed approach.
    Expand
    Dorin-Marian Ionita, Emil Simion
    ePrint Report ePrint Report
    Cryptographic offloading to hardware is a hot research topic promising accelerated execution time and improved security compared to the software counterpart. However, hardware design and production is a lengthy process which enquires significant financial resources and technical expertise. Our research paper focuses on elliptic curve cryptography, specifically Diffie-Hellman, and on minimizing these deficiencies by highlighting solutions to map this class of algorithms to hardware description. The insights are not limitative and can be equally applied to other cryptographic primitives. The resulting design uses few hardware resources, has low power consumption, is easy to interface with the software and can be implemented on cheap FPGAs.

    Index Terms—elliptic curves, cryptography, diffie-hellman, FPGA, hardware security, high level synthesis
    Expand
    Peter Pessl, Lukas Prokop
    ePrint Report ePrint Report
    NIST's post-quantum standardization effort very recently entered its final round. This makes studying the implementation-security aspect of the remaining candidates an increasingly important task, as such analyses can aid in the final selection process and enable appropriately secure wider deployment after standardization. However, lattice-based key-encapsulation mechanisms (KEMs), which are prominently represented among the finalists, have thus far received little attention when it comes to fault attacks.

    Interestingly, many of these KEMs exhibit structural similarities. They can be seen as variants of the encryption scheme of Lyubashevsky, Peikert, and Rosen, and employ the Fujisaki-Okamoto transform (FO) to achieve CCA2 security. The latter involves re-encrypting a decrypted plaintext and testing the ciphertexts for equivalence. This corresponds to the classic countermeasure of computing the inverse operation and hence prevents many fault attacks.

    In this work, we show that despite this inherent protection, practical fault attacks are still possible. We present an attack that requires a single instruction-skipping fault in the decoding process, which is run as part of the decapsulation. After observing if this fault actually changed the outcome (effective fault) or if the correct result is still returned (ineffective fault), we can set up a linear inequality involving the key coefficients. After gathering enough of these inequalities by faulting many decapsulations, we can solve for the key using a bespoke statistical solving approach. As our attack only requires distinguishing effective from ineffective faults, various detection-based countermeasures, including many forms of double execution, can be bypassed.

    We apply this attack to Kyber and NewHope, both of which belong to the aforementioned class of schemes. Using fault simulations, we show that, e.g., 6,500 faulty decapsulations are required for full key recovery on Kyber512. To demonstrate practicality, we use clock glitches to attack Kyber running on a Cortex M4. As we argue that other schemes of this class, such as Saber, might also be susceptible, the presented attack clearly shows that one cannot rely on the FO transform's fault deterrence and that proper countermeasures are still needed.
    Expand
    Monir Azraoui, Solenn Brunet, Sébastien Canard, Aïda Diop, Lélia Eveillard, Alicia Filipiak, Adel Hamdi, Flavie Misarsky, Donald Nokam Kuate, Marie Paindavoine, Quentin Santos, Bastien Vialla
    ePrint Report ePrint Report
    Cryptography is used since the Antiquity to securely transmit messages. Thanks to a key that is shared between parties, the armies have been able to securely send commands and information to a distant unit. In the middle of the Twentieth Century, cryptography has experienced a drastic evolution and has become even more widespread, thanks to the development of computer science and the democratization of the digitization of the data transmitted between people. In particular, cryptologists Whitfield Diffie and Martin Hellman invented in 1976 the concept of public key cryptography, revolutionizing the way data can be protected, and paving the way to a new kind of cryptography that can be used for much more than data confidentiality.

    CYBERCRYPT is a collaborative and educational game that allows people to understand basic cryptographic mechanisms. It allows to discover from the oldest techniques (Scytale, Caesar and Vernam's encryption, Enigma machine) to most recent ones, currently implemented in our daily transactions (electronic signature, key exchange, etc.).

    CYBERCRYPT allows, through several rich and comprehensive workshops, to discover the different techniques used in cryptography, and also highlights the crucial importance of cryptography to protect our digital daily life.
    Expand
    Dominique Unruh
    ePrint Report ePrint Report
    We generalize Zhandry's compressed oracle technique to invertible random permutations. (That is, to a quantum random oracle where the adversary has access to a random permutation and its inverse.) This enables security proofs with lazy sampling, i.e., where oracle outputs are chosen only when needed.

    As an application of our technique, we show the collision-resistance of the sponge construction based on invertible permutations. In particular, this shows the collision-resistance of SHA3 (in the random oracle model).
    Expand
    Ştefan Maftei, Marius Supuran, Emil Simion
    ePrint Report ePrint Report
    Every user can be identified online by a unique string used for email or nickname on some of the many platforms out there. IBE systems propose a simple cryptosystem in which the public key system can be omitted by using the unique string as public identification. In this paper we present a minimal email application that uses Clifford Cocks’ proposed IBE scheme. We analyze the impact of using it inside our application and how it can be improved to better fit the need of nowadays applications.
    Expand
    Ran Canetti, Rosario Gennaro, Steven Goldfeder, Nikolaos Makriyannis, Udi Peled
    ePrint Report ePrint Report
    Building on the Gennaro & Goldfeder and Lindell & Nof protocols (CCS '18), we present threshold ECDSA protocols, for any number of signatories and any threshold, that improve as follows over the state of the art:

    * Only the last round of our protocols requires knowledge of the message, and the other rounds can take place in a preprocessing stage, lending to a non-interactive threshold ECDSA protocol.

    * Our protocols withstand adaptive corruption of signatories. Furthermore, they include a periodic refresh mechanism and offer full proactive security.

    * Our protocols realize an ideal threshold signature functionality within the UC framework, in the global random oracle model, assuming Strong RSA, DDH, semantic security of the Paillier encryption, and a somewhat enhanced variant of existential unforgeability of ECDSA.

    * Both protocols achieve accountability by identifying corrupted signatories in case of failure to generate a valid signature.

    The protocols provide a tradeoff between the number of rounds to generate a signature and the computational and communication overhead for the identification of corrupted signatories. Namely:

    * For one protocol, signature generation takes only 4 rounds (down from the current state of the art of 8 rounds), but the identification process requires computation and communication that is quadratic in the number of parties.

    * For the other protocol, the identification process requires computation and communication that is only linear in the number of parties, but signature generation takes 7 rounds.

    These properties (low latency, compatibility with cold-wallet architectures, proactive security, identifiable abort and composable security) make the two protocols ideal for threshold wallets for ECDSA-based cryptocurrencies.
    Expand
    Chethan Kamath, Karen Klein, Krzysztof Pietrzak, Michael Walter
    ePrint Report ePrint Report
    The security of cryptographic primitives and protocols against adversaries that are allowed to make adaptive choices (e.g., which parties to corrupt or which queries to make) is notoriously difficult to establish. A broad theoretical framework was introduced by Jafargholi et al. [Crypto'17] for this purpose. In this paper we initiate the study of lower bounds on loss in adaptive security for certain cryptographic protocols considered in the framework. We prove lower bounds that almost match the upper bounds (proven using the framework) for proxy re-encryption and generalized selective decryption, a security game that captures the security of certain group messaging and broadcast encryption schemes. The security games used to model these protocols involve an underlying graph that can be adaptively built by the adversary. Some of our lower bounds only apply to a certain class of black-box reductions, which we term ``oblivious''. (We do however show one lower bound on proxy re-encryption that applies to general fully black-box reductions.) The fact that our lower bounds crucially rely on ``obliviousness'' hints to the possibility that the existing upper bounds can be improved by using more sophisticated reductions. As the main technical contribution, we introduce a two-player multi-stage game called the Builder-Pebbler Game and then analyze strategies for this game to establish bounds on success probability of its players. Finally, using oracle separation techniques, we translate these bounds into cryptographic lower bounds.
    Expand
    ◄ Previous Next ►