IACR News
If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.
Here you can see all recent updates to the IACR webpage. These updates are also available:
23 April 2021
Tianren Liu, Stefano Tessaro, Vinod Vaikuntanathan
- Our first result concerns substitution-permutation networks (SPNs) that model block ciphers such as AES. We prove the almost pairwise-independence of an SPN instantiated with a concrete S-box such as the patched inverse function $x \mapsto x^{-1}$ as well as an appropriate linear mixing layer, given sufficiently many rounds and independent sub-keys. Our proof relies on a characterization of S-box computation on input differences in terms of sampling output differences from certain sub-spaces, and a new randomness extraction lemma (which we prove with Fourier-analytic techniques) that establishes when such sampling yields uniformity. We use our techniques in particular to prove almost pairwise-independence for sufficiently many AES rounds, assuming independent sub-keys.
- Secondly, we show that instantiating a key-alternating cipher (which can be thought of as a degenerate case of SPNs) with most permutations gives us (almost) $t$-wise independence in $t + o(t)$ rounds. In order to do this, we use the probabilistic method to develop two new lemmas, an independence-amplification lemma and a distance amplification lemma, that allow us to reason about the evolution of key-alternating ciphers.
Robi Pedersen, Osmanbey Uzunkol
22 April 2021
IAI, TCG CREST
Research Area: Our current Research focus includes Cryptography, Quantum Computing, Cyber Security, Mathematics and its Applications, Machine Learning, and Artificial Intelligence.
Eligibility: All students passed or in their final semester pursuing M.Tech / M.E / M.Stat / M.Math / M.Sc or equivalent degree in Computer Science, Information Technology, Electronics, Mathematics, Data Science, Statistics or other areas of quantitative sciences may apply.
Fellowship: All successful candidates will be offered a TCG CREST fellowship of Rupees Sixty Thousand (60,000.00 INR) per month. Also, a contingency grant of up to Two Lacs (2,00,000.00 INR) will be awarded per annum.
Admission Process: The online application process for Ph.D. admission is open and will be valid up to 17th May 2021. Interested candidates are requested to apply online by filling up the application form provided on the admission page (the link is given below). All other necessary details are also available therein.
Admission Page: https://www.tcgcrest.org/announcements/iai-phd-programme-2021/
Closing date for applications:
Contact: Nilanjan Datta
More information: https://www.tcgcrest.org/announcements/iai-phd-programme-2021/
Joint Research Centre; Cyber and Digital Citizens' Security Unit; Ispra, Italy
A Contractual Agent position FG IV in Ispra, Italy. 36 months initial contract with possible renewals up to maximum 6 years. The successful candidate will contribute to the activities of the unit aiming at strengthening the citizen’ security and privacy by exploring innovative forensic technologies to support the fight against organised crimes.
He/she will conduct scientific and technical studies in the area of cybersecurity and fight against cyber-dependent crime domains to support the new strategic agenda 2019-2024 and its first priority: Protecting citizens and freedoms.
ELIGIBILITY:To be eligible for the position, the candidate must be on a valid EPSO reserve list for Function Group IV contract staff.
Candidates who are on a valid EPSO reserve list or have applied to an EPSO selection procedure can apply to this specific position through http://recruitment.jrc.ec.europa.eu/?type=AX.
WE LOOK FOR:The candidate shall have a PhD degree - or a minimum of 5 years of full-time research or working experience after the first University degree giving access to PhD studies in the field of applied mathematics, cryptography, computer science, or machine learning and deep learning techniques, or similar.
Solid knowledge and experience are required in:
- Mathematics and more particularly cryptography or multi-linear algebra;
- Machine learning and deep learning;
- Ability to work in a multilingual and multicultural environment;
- English language, at least C1 level both oral and written.
The following knowledge or experience are an asset:
- Experience with digital forensic techniques;
- Experience with High-Performance Computing platform;
- Good knowledge of programming languages such as C/C++/C#, Python, MATLAB;
- Knowledge of quantum programming and simulation;
- Knowledge of machine learning libraries such as OpenCV, libSVM, Tenfosorflow/Theano/Keras;
- Relevant publications in peer-reviewed journals and international security conferences;
Closing date for applications:
Contact:
How to apply to an EPSO selection procedure? Apply either to the permanent EPSO call https://epso.europa.eu/documents/2240_en or a specialised call for researchers https://ec.europa.eu/jrc/en/working-with-us/jobs/vacancies/function-group-IV-researchers
laurent.beslay@ec.europa.eu
More information: https://recruitment.jrc.ec.europa.eu/showprj.php?type=A&id=1961
LTCI, Télécom Paris, Institut polytechnique de Paris, France
Billions of connected devices are in use nowadays, including smartphones, media tablets, laptop and desktop computers, automotive electronic control units, smart sensors, smart cards, etc. To guarantee the confidentiality, the integrity and the authenticity of their sensitive data, various security mechanisms have been specified, and some of them mathematically proved to be secure, particularly against linear cryptanalysis and differential cryptanalysis. However, implementing them on a digital circuit without introducing vulnerability still remains a challenge.
The most exploited vulnerabilities are implementation bugs, as well as side channels, which leak information such as the execution time of a sensitive operation. The two vulnerability classes can also be combined: for instance, Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753) simultaneously exploit a hardware bug and a measure of the data cache access time.
Since 2016, artificial intelligence, and more precisely deep learning using neural networks, has been used to evaluate the resistance level of countermeasures against side-channel attack. Thus, an AES implementation protected by secret sharing based on Boolean masking has been shown insecure, as well as desynchronization, two countermeasures yet known to be very effective. Regarding public key cryptography, some vulnerabilities have also been identified in RSA implementations protected by blinding of the message, of the secret exponent and/or of the modulo.
Artificial intelligence is therefore a valuable aid in identifying vulnerabilities, the use of which has to be extended, to algorithms other than AES and RSA, but above all to other countermeasures such as register randomization, internal state randomization, modular operation re-randomization, etc. This is the first objective of the thesis. Additionally, although already very effective, it seems possible to further improve analyzes by neural networks, by using several intermediate values, and/or several side channels (time, electromagnetic radiation, etc.). This is the second objective of the thesis.
Closing date for applications:
Contact: Laurent Sauvage
More information: https://www.adum.fr/as/ed/voirproposition.pl?langue=&site=TelecomPT&matricule_prop=36276
The Hong Kong University of Science and Technology
Applicants’ profile
- MSc or BSc degree in Computer Science or related field.
- Excellent programming skills, preferably in C++.
- Very good understanding of CS fundamentals: algorithm analysis, data structures, etc.
- Good understanding of basic cryptographic primitives: hashing, encryption, commitments, etc.
- Strong enthusiasm about research.
Work environment
HKUST offers guaranteed funding for the PhD duration with competitive stipends. Our CSE department was ranked 17th in the world in 2020 by THE World University Rankings. Our graduates typically produce research output of the highest quality and consistently staff world-class institutions. The lab offers a creative work environment that is ideal for excellent research.
Closing date for applications:
Contact: Dimitrios Papadopoulos
Northwestern University
- Secure multi-party computation
- Zero-knowledge proof
- Post-quantum security
- Differential privacy
- Other related/non-related topics of mutual interests
Apply: please send your CV (and other material if available) to the PoC.
Closing date for applications:
Contact: Xiao Wang (wangxiao1254@gmail.com)
Seoul, South Korea, 14 November 2021
Submission deadline: 25 June 2021
Notification: 13 August 2021
8 November 2021
19 April 2021
Shweta Agrawal, Rajarshi Biswas, Ryo Nishimaki, Keita Xagawa, Xiang Xie, Shota Yamada
In this work, we show that the scheme is in fact insecure. To do so, we provide a polynomial-time attack that completely breaks the security of the scheme. We suggest a route to fix the security of the scheme, via the notion of admissible linear secret sharing schemes (LSSS) and instantiate these for the class of DNFs. Subsequent to our work, Datta, Komargodski and Waters (Eurocrypt 2021) provided a construction of admissible LSSS for NC1 and resurrected Boyen's claimed result.
Xiao-Juan Wang, Tian Tian, Wen-Feng Qi
Matthieu Rambaud, Antoine Urban
We remove all the previous limitations. Of independent interest, our novel computation framework revolves around players, denoted as ``kings'', which, in contrast to Podc'10, are now \emph{replaceable} after every elementary step of the computation.
Kwangsu Lee, Joon Sik Kim
Aritra Banerjee, Michael Clear, Hitesh Tewari
Gabrielle Beck, Aarushi Goel, Abhishek Jain, Gabriel Kaptchuk
We observe that the circuits used in many important applications of MPC such as training algorithms used to create machine learning models have a highly repetitive structure. We formalize this class of circuits and propose an MPC protocol that achieves O(|C|) total complexity for this class. We implement our protocol and show that it is practical and outperforms O(n|C|) protocols for modest numbers of players.
Kelong Cong, Karim Eldefrawy, Nigel P. Smart
Antonio Dimeo, Felix Gohla, Daniel Goßen, Niko Lockenvitz
Ileana Buhan, Lejla Batina, Yuval Yarom, Patrick Schaumont
In this SoK, we classify approaches to automated leakage detection based on the models source of truth. We classify the existing tools on two main parameters: whether the model includes measurements from a concrete device and the abstraction level of the device specification used for constructing the model. We survey the proposed tools to determine the current knowledge level across the domain and identify open problems. In particular, we highlight the absence of evaluation methodologies and metrics that would compare proposals effectiveness from across the domain. We believe that our results help practitioners who want to use automated leakage detection and researchers interested in advancing the knowledge and improving automated leakage detection.
