IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
22 March 2021
Laia Amorós, Annamaria Iezzi, Kristin Lauter, Chloe Martindale, Jana Sotáková
Ahmet Sinak
Abhiram Kothapalli, Srinath Setty, Ioanna Tzialla
We then construct incrementally verifiable computation (IVC) from folding schemes by using a "verifier circuit" that at each recursive step folds an entire R1CS instance representing computation (including a copy of the verifier circuit) at its prior step into a running relaxed R1CS instance. A distinctive aspect of our approach to IVC is that it achieves the smallest verifier circuit (a key metric to minimize in IVC) in the literature: the circuit is constant-sized and its size is dominated by two group scalar multiplications. We then show that the running relaxed R1CS instance can be proven in zero-knowledge with a succinct proof using a variant of an existing zkSNARK.
Putting these together, we obtain Nova, a new zero-knowledge proof system for incremental computations, where for an $N$-sized computation with $C$-sized steps, the prover runs in $O_\lambda(N)$ time to produce $O_\lambda(\log{C})$-sized proofs that can be verified in $O_\lambda(C)$ time. Nova does not require a trusted setup nor performs FFTs, so it can be efficiently instantiated with any cycles of elliptic curves where DLOG is hard. Furthermore, at each step, the prover time is dominated by two $\approx$$C$-sized multiexponentiations. Finally, Nova can achieve $O_\lambda(\log{C})$ verification time at the cost of employing a pairing-friendly elliptic curve where SXDH is hard.
Shoichi Hirose
Aaron Hutchinson, Koray Karabina, Geovandro Pereira
Arnab Roy, Elena Andreeva, Jan Ferdinand Sauer
In this work we answer the open question posed in their work and show that low memory interpolation cryptanalysis can be extended to unbalanced Feistel networks (UFN) with low degree functions, and in particular to the GMiMC design. Our attack applies to UFNs with expanding and contracting round functions keyed either via identical (univariate) or distinct round keys (multivariate). Since interpolation attacks do not necessarily yield the best possible attacks over a binary extension field, we focus our analysis on prime fields GF(p).
Our next contribution is to develop an improved technique for a more efficient key recovery against UFNs with expanding round function. We show that the final key recovery step can be reduced not only to the gcd but also to the root finding problem. Despite its higher theoretical complexity, we show that our approach has a particularly interesting application on Sponge hash functions based on UFNs, such as GMiMCHash.
We illustrate for the first time how our root finding technique can be used to find collision, second preimage and preimage attacks on (reduced round) members of the GMiMCHash family. In addition, we support our theoretical analysis with small-scale experimental results.
Peter Scholl, Mark Simkin, Luisa Siniscalchi
We identify a subtle flaw in a protocol of Goyal, Mohassel, and Smith (Eurocrypt 2008) and show how to modify their original construction to obtain security against covert adversaries.
We present generic compilers that transform arbitrary passively secure preprocessing protocols, i.e. protocols where the parties have no private inputs, into protocols that are secure against covert adversaries and publicly verifiable. Using our compiler, we construct the first efficient variants of the BMR and the SPDZ protocols that are secure and publicly verifiable against a covert adversary that corrupts all but one party and also construct variants with covert security and identifiable abort.
We observe that an existing impossibility result by Ishai, Ostrovsky, and Seyalioglu (TCC 2012) can be used to show that there exist certain functionalities that cannot be realized by parties, that have oracle-access to broadcast and arbitrary two-party functionalities, with information-theoretic security against a covert adversary.
Valerio Cini, Sebastian Ramacher, Daniel Slamanig, Christoph Striecks, Erkan Tairi
Inspired by the rigorous study of updatable encryption by Lehmann and Tackmann (EC'18) and Boyd et al. (CRYPTO'20), we introduce a definitional framework for updatable signatures (USs) and message authentication codes (UMACs). We discuss several applications demonstrating that such primitives can be useful in practical applications, especially around key rotation in various domains, as well as serve as building blocks in other cryptographic schemes. We then turn to constructions and our focus there is on ones that are secure and practically efficient. In particular, we provide generic constructions from key-homomorphic primitives (signatures and PRFs) as well as direct constructions. This allows us to instantiate these primitives from various assumptions such as DDH or CDH (latter in bilinear groups), or the (R)LWE and the SIS assumptions. As an example, we obtain highly practical US schemes from BLS signatures or UMAC schemes from the Naor-Pinkas-Reingold PRF.
GAURAV BANSOD
Feedback by March 2021 is most welcome. Subsequent feedback will also be appreciated. It is expected that a followup draft version will later be posted for a new period of public comments.
21 March 2021
Virtual event, Anywhere on Earth, 9 April 2021
Submission deadline: 29 March 2021
Notification: 2 April 2021
Simula UiB, Bergen
The project “concrete cryptology” aims to provide concrete and meaningful security guarantees from low-level implementation to high-level deployment. Our focus here is on algorithmic aspects of side-channel attacks, as well as integrating security claims regarding side-channel resistance into the context of the larger cryptosystem. Our aim is to provide research that is practically relevant, for instance by exploiting access to Simula’s HPC resources to evaluate novel attacks.
The postdoc will have considerable freedom in selecting specific problems to work on within the larger scope of the project. We are looking for interested candidates who have completed, or are about to complete, a PhD degree in cryptology or a suitably related relevant field.
Simula UiB offers
• Excellent opportunities for performing high-quality research, as part of a highly competent and motivated team of international researchers and engineers;
• An informal and inclusive international working environment - where master students, PhDs, Postdocs and seniors work closely together;
• Generous support for travel and opportunities to build international networks, through established collaboration with industry, exchange programs and research visits with other universities, and funding to attend conferences.
• A competitive salary. Starting salary from NOK 535 200
• Numerous benefits: company cabin, BabyBonus, sponsored social events, generous equipment budgets, comprehensive travel/health insurance policy, etc.
• Relocation assistance: accommodation, visas, complimentary Norwegian language courses, etc.
• Wellness and work-life balance.
For more information and applying: https://www.simula.no/about/job/postdoc-concrete-cryptology
Closing date for applications:
Contact: Åsfrid Persson, Simula UiB AS
More information: https://www.simula.no/about/job/postdoc-concrete-cryptology
TU Wien, Austria
As part of the SecInt Doctoral College (SecInt-DK), TU Wien is offering four positions as university assistant (Pre-Doc) for 4 years. Expected start: 01.05.2021.
Tasks:
- Collaboration on current research projects
- Deepening scientific knowledge
- Collaboration in academic teaching
- Writing a dissertation and publications
- Participation in regular events organized by the SecInt Doctoral College
- Completion of an internship with one of our international research partners
- Presentation of research results and participation in scientific event
The Research Projects: The SecInt Doctoral college offers 4 interdisciplinary research projects from the areas of Formal Methods, Security and Privacy, and Machine Learning, that are each supervised by at least two professors from the corresponding research areas. Additional details on the individual projects can be found at https://secint.visp.wien/projects and https://jobs.tuwien.ac.at/Job/147334.
We offer:
- Diverse and exciting tasks, with lots of interdisciplinary collaboration
- Continuing personal and professional education and flexible working hours
- Central location with very good accessibility in a city regularly ranked first worldwide for life quality
- Possibility of an internship with one of our international research partners
- Very competitive salary
Your profile:
- Completion of a master or diploma curriculum in computer science, electrical engineering or another related field
- Experience in Mathematical Modeling, Computational Logic, Formal Methods, Security and Privacy, Robotics and/or Machine Learning
- Very good skills in English communication and writing.
- Readiness for interdisciplinary collaboration
- Team competences, problem-solving skills and innovative ability
A predoctoral researcher at TU Wien currently receives a minimum of EUR 2228/month gross, 14 times/year for 30 hours/week and EUR 2971/month for 40 hours/week.
We look forward to receiving your application until 11.04.2021
Closing date for applications:Contact: https://jobs.tuwien.ac.at/Job/147334
More information: https://secint.visp.wien/application/
18 March 2021
Wei Cheng, Sylvain Guilley, Claude Carlet, Jean-Luc Danger, Sihem Mesnager
Second, taking the connection between Reed-Solomon code and SSS (Shamir's Secret Sharing) scheme, the SSS-based masking is viewed as a special case of generalized code-based masking. Hence as a straightforward application, we evaluate the impact of public points on the side-channel security of SSS-based masking schemes, namely the polynomial masking, and enhance the SSS-based masking by choosing optimal public points for it. Interestingly, we show that given a specific security order, more shares in SSS-based masking leak more information on secrets in an information-theoretic sense. Finally, our approach provides a systematic method for optimizing the side-channel resistance of every code-based masking. More precisely, this approach enables us to select optimal linear codes (parameters) for the generalized code-based masking by choosing appropriate codes according to the two coding-theoretic parameters. Summing up, we provide a best-practice guideline for the application of code-based masking to protect cryptographic implementations.
Zezhou Hou, Jiongjiong Ren, Shaozhen Chen
Jiaxin Wang Fang-Wei Fu
Thuat Do
Zi-Yuan Liu, Yi-Fan Tseng, Raylin Tso
Alexander R. Block, Justin Holmgren, Alon Rosen, Ron D. Rothblum, Pratik Soni
Our proof builds on DARK (Bünz et al., Eurocrypt 2020), a recent succinct and efficiently verifiable polynomial commitment scheme. We show how to implement a variant of DARK in a time- and space-efficient way. Along the way we:
1. Identify a significant gap in the proof of security of DARK. 2. Give a non-trivial modification of the DARK scheme that overcomes the aforementioned gap. The modified version also relies on significantly weaker cryptographic assumptions than those in the original DARK scheme. Our proof utilizes ideas from the theory of integer lattices in a novel way. 3. Generalize Pietrzak's (ITCS 2019) proof of exponentiation ($\mathsf{PoE}$) protocol to work with general groups of unknown order (without relying on any cryptographic assumption).
In proving these results, we develop general-purpose techniques for working with (hidden order) groups, which may be of independent interest.
Guilherme Perin, Lichao Wu, Stjepan Picek
In this paper, we present AISY - a deep learning-based framework for profiling side-channel analysis. Our framework enables the users to run the analyses and report the results efficiently while maintaining the results' reproducible nature. The framework implements numerous features allowing state-of-the-art deep learning-based analysis. At the same time, the AISY framework allows easy add-ons of user-custom functionalities.