International Association
for Cryptologic Research

The Classic McEliece cryptosystem is one of the most trusted quantum-resistant cryptographic schemes. Deploying it in practical applications, however, is challenging due to the size of its public key. In this work, we bridge this gap. We present an implementation of Classic McEliece on an ARM Cortex-M4 processor, optimized to overcome memory constraints. To this end, we present an algorithm to retrieve the public key ad-hoc. This reduces memory and storage requirements and enables the generation of larger key pairs on the device. To further improve the implementation, we perform the public key operation by streaming the key to avoid storing it as a whole. This additionally reduces the risk of denial of service attacks. Finally, we use these results to implement and run TLS on the embedded device.

Abstract—Cryptographic communication protocols provide confidentiality, integrity and authentication properties for end-to- end communication under strong corruption attacks, including, notably, post-compromise security (PCS). Most protocols are designed for one-to-one communication. Protocols for group communication are less common, less efficient, and tend to provide weaker security guarantees. This is because group communication poses unique challenges, such as coordinated key updates, changes to group membership and complex post- compromise recovery procedures.

We need to tackle this complex challenge as a community. Thus, the Internet Engineering Task Force (IETF) has created a working group with the goal of developing a sound standard for a continuous asynchronous key-exchange protocol for dynamic groups that is secure and remains efficient for large group sizes. The current version of the Messaging Layer Security (MLS) security protocol is in a feature freeze, i.e., no changes are made in order to provide a stable basis for cryptographic analysis. The key schedule and TreeKEM design are of particular concern since they are crucial to distribute and combine several keys to achieve PCS.

In this work, we provide a computational analysis of the MLS key schedule, TreeKEM and their composition, as specified in Draft 11 of the MLS RFC. The analysis is carried out using the State Separating Proofs methodology [9], and showcases the flexibility of the approach, enabling us to provide a full computational analysis shortly after Draft 11 was published.

We present an approach for designing fast public key encryption cryptosystems using random primitives and error permutation. An encryption speed of such systems allows to use them for “on-the-fly” public key encryption and makes them useful for real-time communications. A small error size allows to use this approach for designing digital signature schemes

Cramer, Damgård, and Schoenmakers (CDS) built a proof system to demonstrate the possession of subsets of witnesses for a given collection of statements that belong to a prescribed access structure P by composing so-called sigma-protocols for each atomic statement. Their verifier complexity is linear in the size of the monotone span program representation of P. We propose an alternative method for combining sigma-protocols into a single non-interactive system for a compound statement in the random oracle model. In contrast to CDS, our verifier complexity is linear in the size of the acyclicity program representation of P, a complete model of monotone computation introduced in this work. We show that the acyclicity program size of a predicate is never larger than its de Morgan formula size and it is polynomially incomparable to its monotone span program size. We additionally present an extension of our proof system, with verifier complexity linear in the monotone circuit size of P, in the common reference string model. Finally, considering the types of statement that naturally reduce to acyclicity programming, we discuss several applications of our new methods to protecting privacy in cryptocurrency and social networks.

In this work, we consider a recent application of coding theory in the context of post-quantum digital signature schemes, and their cryptanalysis. We indeed implement an attack on the recent attempt by Li, Xing and Yeo to produce a code-based signature scheme using the Schnorr-Lyubashevsky approach in the Hamming metric. Differently from other (unsuccessful) proposals, this new scheme exploits rejection sampling along with dense noise vectors to hide the secret key structure in produced signatures. We show that these measures, besides yielding very slow signing times and rather long signatures, do not succeed in protecting the secret key. We are indeed able to prove the existence of a strong correlation between produced signatures, which ultimately leaks information about the secret key. To support this claim, we use both theoretical arguments and numerical evidences. Finally, we employ such a weakness to mount a full key recovery attack, which is able to recover the secret key after the observation of a bunch of signatures.

Smart contract-enabled blockchains represent a powerful tool in supporting a large variety of applications. Despite their salient features of transparency, decentralization, and expressiveness, building privacy-preserving applications using these platforms remains an open question. Existing solutions fall short in achieving this goal since they support a limited operation set, only support private computation on inputs belonging to one user, or even ask the users themselves to perform the computations off-chain. In this paper, we propose smartFHE, a modular framework to support private smart contracts that utilizes fully homomorphic encryption (FHE). The smartFHE framework allows users to build arbitrary decentralized applications that preserve input/output privacy for inputs belonging to the same user or even different users. This is achieved by employing single and multi-key FHE to compute over private (encrypted) data and account balances, along with efficient zero-knowledge proof systems to prove well-formedness of private transactions. Crucially, our framework is "modular" since any FHE and ZKP scheme can be used so long as they satisfy certain minimal requirements with respect to correctness and security. Furthermore, smartFHE reduces the burden on the user, since miners translate smart contract code into public or private operations based on whether the accounts involved are public or private. In proposing smartFHE, we define notions for a privacy-preserving smart contract (PPSC) scheme along with its correctness and security. We provide a concrete instantiation of a PPSC using the smartFHE framework. Finally, we consider further extensions/optimizations.

Event date: to
Submission deadline: 23 November 2021

Event date: to
Submission deadline: 1 September 2021

Event date: to
Submission deadline: 1 June 2021

Event date: to
Submission deadline: 1 March 2021

Cybersecurity group at TU Delft opens a few positions for post-doc researchers and PhD on the topic of cryptographic protocols and implementation. The positions will be supported by H2020 projects. We are looking for candidates with: for PhD (i) strong math or computer science background, (ii) adequate programming ability, (iii) good communication skills, and sufficient English qualification, e.g., IELTS; as for post-doc: (i) strong cryptographic background, (ii) high-quality publications in cryptography, information security and privacy enhancing technology fields - conferences (e.g., NDSS, CCS, S&P, etc.) or/and journals; (iii) excellent communication skills; (iv) previous project experiences will be an extra bonus.

As one of the best engineering universities, TU Delft provides excellent future career training and opportunities, research environment and facilities to international and national academic researchers. Competitive salary, tax benefit and welfare package will be provided. Note the start date of the post-doc and PhD could be flexible but no later than the end of this year (2021).

Applicants should prepare and send their CVs, certificates, and transcripts to the following contact email.

Closing date for applications:

Contact: Dr. R. Wang

The Centre for Parallel Computing (CPC) at the University of Westminster is looking for a Research Associate in Cloud Security to carry out research mainly focusing on digital twins and smart factories security (as part of several EU research projects).

The successful candidate will carry out tasks in relation to the design and development of novel secure and privacy-preserving cloud/edge/fog orchestration solutions and is expected to contribute to writing project deliverables and research papers. We expect candidates to have a strong research background in network security and/or applied cryptography. Proven research in areas such as trusted computing, cloud security, safety verification, security verification, data privacy, cyber-physical and internet of things security and cloud or mobile security will be considered as a plus.

The Centre for Parallel Computing is one of the leading research centres in distributed and parallel computation technologies. In particular, the CPC is engaged in research in Distributed Computing Infrastructures such as edge-fog-cloud ecosystems, specifically concentrating on the secure and automated deployment, orchestration and scalability of a large variety of applications in such environments. The CPC has a well-established track record of securing research funding in large-scale collaborative research projects, leading and contributing to more than 15 projects in the last 10 years.

Salary: £35,743 to £40,646 per annum

Closing date for applications:

Contact: Tamas Kiss

More information: https://vacancies.westminster.ac.uk/hrvacancies/default.aspx?id=50052971

We are currently focused on building world-class research teams in three key areas: Security, Data Analytics, and Future of Payment, and we are looking for outstanding and innovative researchers at all levels of experience as part of the Advanced Cryptography Research team.

Working on Cryptography research at Visa is a unique opportunity at a time when the payments industry is undergoing a digital transformation, and with security technologies as the critical enabler for a growing number of emerging payment models and usage scenarios. We offer you the opportunity to be at the center of innovation in the payments industry and set the security direction for Visa and the future payment ecosystem.

As a Research Scientist you will work with a team to conduct world-class security research and contribute to the long-term research agenda for digital payments, as well as deliver innovative technologies and insights to Visa's strategic products and business. As an integral team member of the extended Research team, you will work on research and development activities with fellow researchers, and work closely with product and technology teams to ensure the successful creation and application of disruptive and innovative security technologies.

More information: https://usa.visa.com/careers/job-details.jobid.743999733735539.deptid.868588.html

Closing date for applications:

Contact: Apply online at: https://usa.visa.com/careers/job-details.jobid.743999733735539.deptid.868588.html

More information: https://usa.visa.com/careers/job-details.jobid.743999733735539.deptid.868588.html

Consider finite prime fields $\mathbb{F}_p$ for which $2$ is primitive element. In this short we propose a new algorithm to compute discrete log in such finite fields. Our algorithm is based on elementary properties of finite fields and is purely theoretical in nature. Further, complexity of the algorithm is exponential in nature and as such it is not being suggested for any computational purposes.

Existing work on privacy-preserving machine learning with Secure Multiparty Computation (MPC) is almost exclusively focused on model training and on inference with trained models, thereby overlooking the important data pre-processing stage. In this work, we propose the first MPC based protocol for private feature selection based on the filter method, which is independent of model training, and can be used in combination with any MPC protocol to rank features. We propose an efficient feature scoring protocol based on Gini impurity to this end. To demonstrate the feasibility of our approach for practical data science, we perform experiments with the proposed MPC protocols for feature selection in a commonly used machine-learning-as-a-service configuration where computations are outsourced to multiple servers, with semi-honest and with malicious adversaries. Regarding effectiveness, we show that secure feature selection with the proposed protocols improves the accuracy of classifiers on a variety of real-world data sets, without leaking information about the feature values or even which features were selected. Regarding efficiency, we document runtimes ranging from several seconds to an hour for our protocols to finish, depending on the size of the data set and the security settings.

Many video classification applications require access to personal data, thereby posing an invasive security risk to the users' privacy. We propose a privacy-preserving implementation of single-frame method based video classification with convolutional neural networks that allows a party to infer a label from a video without necessitating the video owner to disclose their video to other entities in an unencrypted manner. Similarly, our approach removes the requirement of the classifier owner from revealing their model parameters to outside entities in plaintext. To this end, we combine existing Secure Multi-Party Computation (MPC) protocols for private image classification with our novel MPC protocols for oblivious single-frame selection and secure label aggregation across frames. The result is an end-to-end privacy-preserving video classification pipeline. We evaluate our proposed solution in an application for private human emotion recognition. Our results across a variety of security settings, spanning honest and dishonest majority configurations of the computing parties, and for both passive and active adversaries, demonstrate that videos can be classified with state-of-the-art accuracy, and without leaking sensitive user information.

Event date: 14 August 2021
Submission deadline: 1 May 2021
Notification: 15 June 2021

Event date: 20 March to 25 March 2022

The crucial step in elliptic curve scalar multiplication based on scalar decompositions using efficient endomorphisms—such as GLV, GLS or GLV+GLS—is to produce a short basis of a lattice involving the eigenvalues of the endomorphisms, which usually is obtained by lattice basis reduction algorithms or even more specialized algorithms. Recently, lattice basis reduction is found to be unnecessary. Benjamin Smith (AMS 2015) was able to immediately write down a short basis of the lattice for the GLV, GLS, GLV+GLS of quadratic twists using elementary facts about quadratic rings. Certainly it is always more convenient to use a ready-made short basis than to compute a new one by some algorithm.

In this paper, we extend Smith's method on GLV+GLS for quadratic twists to quartic and sextic twists, and give ready-made short bases for $4$-dimensional decompositions on these high degree twisted curves. In particular, our method gives a unified short basis compared with Hu et. al's method (DCC 2012) for $4$-dimensional decompositions on sextic twisted curves.

This paper proposes a new lattice-based weak curve fault attack on ECDSA, which assumes that a continuous bits block of curve parameter $a$ is disturbed randomly by fault injection. Firstly, the faulty $a'$ can be deduced by a distinguisher of quadratic residue, from which a weak curve with order $n'$ is derived. Secondly, under the assumption that there exists a solvable smooth small factor $d$ in $n'$, we obtain some reduced information of the nonce by solving the ECDLP constructed in a small subgroup with order $d$. Finally, based on the reduced information, a model of lattice attack can be constructed to recover the signature private key by solving special instances of closest vector problem(CVP) in lattice.

Compared with the previous weak curve fault attacks, our attack increases the success rate of fault injection sharply, since it is not required that the constructed instance of ECDLP with order $n'$ is practically solvable. In addition, the application of lattice-based attack is further extended in our attack by relaxing the restriction on the information leakage of nonces in comparison with the traditional partially known information attacks. Moreover, when there is a general random scalar masking in ECDSA, our attack still works without the additional masked bits leakage. Finally, the experiments demonstrate that the practical rate of effective faulty $a'$ is up to $94.9\%$ when the bit length of $d$ is greater than $8$, and the corresponding lattice attack is also feasible practically.