IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
17 May 2021
Sumit Kumar Debnath, Vikas Srivastava, Tapaswini Mohanty, Nibedita Kundu, Kouichi Sakurai
ePrint ReportTaiga Hiroka, Tomoyuki Morimae, Ryo Nishimaki, Takashi Yamakawa
ePrint ReportIn this work, we present various constructions of encryption with certified deletion.
- Quantum communication case: We achieve (reusable-key) public key encryption (PKE) and attribute-based encryption (ABE) with certified deletion. Our PKE scheme with certified deletion is constructed assuming the existence of IND-CPA secure PKE, and our ABE scheme with certified deletion is constructed assuming the existence of indistinguishability obfuscation and one-way function. These two schemes are privately verifiable.
- Classical communication case: We also achieve PKE with certified deletion that uses only classical communication. We give two schemes, a privately verifiable one and a publicly verifiable one. The former is constructed assuming the LWE assumption in the quantum random oracle model. The latter is constructed assuming the existence of one-shot signatures and extractable witness encryption.
Keitaro Hashimoto, Shuichi Katsumata, Kris Kwiatkowski, Thomas Prest
ePrint ReportIn this work, we cast the X3DH protocol as a specific type of authenticated key exchange (AKE) protocol, which we call a Signal-conforming AKE protocol, and formally define its security model based on the vast prior work on AKE protocols. We then provide the first efficient generic construction of a Signal-conforming AKE protocol based on standard cryptographic primitives such as key encapsulation mechanisms (KEM) and signature schemes. Specifically, this results in the first post-quantum secure replacement of the X3DH protocol on well-established assumptions. Similar to the X3DH protocol, our Signal-conforming AKE protocol offers a strong (or stronger) flavor of security, where the exchanged key remains secure even when all the non-trivial combinations of the long-term secrets and session-specific secrets are compromised. Moreover, our protocol has a weak flavor of deniability and we further show how to strengthen it using ring signatures. Finally, we provide a full-fledged, generic C implementation of our (weakly deniable) protocol. We instantiate it with several Round 3 candidates (finalists and alternates) to the NIST post-quantum standardization process and compare the resulting bandwidth and computation performances. Our implementation is publicly available.
Rafael Pass
ePrint ReportRafael Pass
ePrint ReportIn this work, we present barriers to provably-secure constructions beyond the ``information-theoretic barrier'': Assume the existence of collision-resistant hash functions. Then, no NP search problem with $(2^{n^{\epsilon}})$-bounded number of witnesses can be proven (even worst-case) hard in the presence of $O(n^{\epsilon})$ bits of computationally-efficient leakage of the witness, using a black-box reduction to any $O(1)$-round assumption. In particular, this implies that $O(n^{\epsilon})$-leakage resilient injective one-way functions, and more generally, one-way functions with at most $2^{n^{\epsilon}}$ pre-images, cannot be based on any ``standard'' complexity assumption using a black-box reduction.
Xiaojian Liang, Jian Weng, Anjia Yang, Lisha Yao, Zike Jiang, Zhenghao Wu
ePrint ReportBeyza Bozdemir, Sébastien Canard, Orhan Ermis, Helen Möllering, Melek Önen, Thomas Schneider
ePrint ReportFatih Balli, Andrea Caforio, Subhadeep Banik
ePrint ReportIn a second effort, we shift our attention to a masked implementation of AES, specifically the secAES proposal put forward by the French National Cybersecurity Agency (ANSSI) that concisely combines several side-channel countermeasure techniques. We show its insecurity in a novel side-channel-assisted statistical key-recovery attack that only necessitates a few hundreds of collected power traces.
Alexander Nilsson, Irina E. Bocharova, Boris D. Kudryashov, Thomas Johansson
ePrint ReportMichele Ciampi, Muhammad Ishaq, Malik Magdon-Ismail, Rafail Ostrovsky, Vassilis Zikas
ePrint ReportDaniel R. L. Brown
ePrint ReportDiversity is especially helpful in forward security because future attackers have more time to discover new attacks, making attack independence of diverse cryptography the major contribution to risk reduction. Post-quantum security is a part of forward security.
Estimates for highly sensitive data say that the security advantage of diverse layering is worth the extra usage cost, thus advising a decision to layer diverse cryptography.
Jiaxin Pan, Chen Qian, Magnus Ringerud
ePrint ReportCarmit Hazay, Muthuramakrishnan Venkitasubramaniam, Mor Weiss
ePrint ReportPrevious ZK-PCP constructions obtained an exponential gap between the query complexity $q$ of the honest verifier, and the bound $q^*$ on the queries of a malicious verifier (i.e., $q=polylog(q^*)$), but required either exponential-time simulation, or adaptive honest verification. This should be contrasted with standard PCPs, that can be verified non-adaptively (i.e., with a single round of queries to the proof). The problem of constructing such ZK-PCPs, even when $q^*=q$, has remained open since they were first introduced more than 2 decades ago. This question is also open for ZK-PCPPs, for which no construction with non-adaptive honest verification is known (not even with exponential-time simulation).
We resolve this question by constructing the first ZK-PCPs and ZK-PCPPs which simultaneously achieve efficient zero-knowledge simulation and non-adaptive honest verification. Our schemes have a square-root query gap, namely $q^*/q=O(sqrt(n))$ where $n$ is the input length.
Our constructions combine the "MPC-in-the-head" technique (Ishai et al., STOC `07) with leakage-resilient secret sharing. Specifically, we use the MPC-in-the-head technique to construct a ZK-PCP variant over a large alphabet, then employ leakage-resilient secret sharing to design a new alphabet reduction for ZK-PCPs which preserves zero-knowledge.
14 May 2021
Facebook AI Research, West Coast Labs
Job PostingClosing date for applications:
Contact: Dr. Kristin Lauter
More information: https://www.facebook.com/careers/v2/jobs/1973651836107576/
Technical University of Darmstadt
Job PostingWe are looking for an outstanding scientist who will represent the topic area of cybersecurity in research and teaching. Successful candidates should demonstrate an outstanding scientific profile, with high-impact research contributions in the area of cybersecurity. A research profile that focuses on emerging application areas (e.g., machine learning & data science, IoT, decentralized systems) or on core topics of cybersecurity (e.g., hardware and network security, privacy) is desired. Successful collaboration in international research teams, with industry, or across research disciplines is desirable.
The professorship is expected to strengthen the department’s research focus on cybersecurity and offers the opportunity to participate in joint research projects currently running at Technical University of Darmstadt. This in particular includes the DFG Collaborative Research Center “CROSSING”, the National Research Center for Applied Cybersecurity ATHENE, and the Hessian Center for Artificial Intelligence.
In addition to excellent scientific credentials, we seek a strong commitment to teaching and experience in attracting third-party funding as well as participation in academic governance. The Technical University of Darmstadt has a strong focus on engineering science and information and communication technology. The Department of Computer Science is one of the leaders in research and teaching and regularly ranked among the top German departments.
Please submit applications in English with the usual attachments (CV including research and teaching achievements, list of publications, copies of diplomas) as well as a research and teaching statement, quoting the code number 221, to the Chair of the Department of Computer Science, Prof. Dr. Felix Wolf (dekanat@informatik.tu-darmstadt.de).
Further information: https://www.tu-darmstadt.de/universitaet/karriere_an_der_tu/stellenangebote/aktuelle_stellenangebote/stellenausschreibungen_detailansichten_1_40864
Closing date for applications:
Contact: Sebastian Faust, sebastian.faust@cs.tu-darmstadt.de
More information: https://www.tu-darmstadt.de/universitaet/karriere_an_der_tu/stellenangebote/aktuelle_stellenangebote/stellenausschreibungen_detailansichten_1_408640.en.jsp
Mondragon Unibertsitatea (Arrasate-Mondragon, Euskadi, Spain)
Job PostingThe Cybersecurity and Data Analytics research group at the University of Mondragon is looking for qualified applicants for a PhD position in Post-Quantum Cryptography (PQC).
Currently standardized public key cryptography, upon which widely deployed secure internet protocols depend on, is vulnerable to Shor’s polynomial-time quantum algorithm for the factoring and discrete logarithm problems. Moreover, substantial advances in quantum computing in the past decade have re-assured the scientific community about the necessity to build quantum-resistant cryptosystems.
PQC has raised as the preferred solution to face the threat that quantum computers pose to secure communications systems. The ongoing standardization process run by the National Institute of Standards and Technology to define new standards for public-key encryption, digital signatures and key-exchange schemes has only augmented the attention towards PQC.
There exist several alternative problems to classical public key cryptography. Lattice-based cryptography, multivariate cryptography, hash-based cryptography schemes, isogeny-based cryptography and code-based cryptography can be used to design cryptosystems secure against both classical and quantum computers and are thus regarded as PQC algorithms.
There exist many paramount ingredients to take into account when considering the transition of secure internet protocols such as TLS, OpenVPN, or WireGuard to PQC. For instance, one of the main challenges that PQC raises is that, when compared to classical public key cryptography, its key sizes, ciphertext sizes or signature sizes, are often much larger. Also, the performance of PQC algorithms is generally worse than the one provided by present standards, and all these aspects vary depending on the specific PQC algorithm.
We are looking for students who are willing to conduct research on the impact of transitioning nowadays widely deployed secure internet protocols to post-quantum cryptography.
Closing date for applications:
Contact: Marc Manzano
AAU Klagenfurt (Austria)
Job PostingThere is a job opening for a senior scientist (i.e. a fixed-term, non-tenured assistant professor) at the Cybersecurity Research Group at AAU (Klagenfurt). AAU is a young university: in 2018 it was in the QS top 50 under 50 list; it ranked 6th of all Austrian Universities in 2020.
The lecturer position is fixed-term for 3.5 years. The successful applicant is expected to do a small amount of teaching (2-4 contact/lecture hours per week during term time, subject specific only i.e. no service teaching) whilst contributing to the wider research agenda of the Cybersecurity group.
The Cybersecurity group (www.cybersecurityresearch.at) was recently established by Prof. Elisabeth Oswald (ERC Cog, EPSRC Leadership fellow) after her move from Bristol (UK) to Austria. The group's core expertise is in applied aspects of cryptography, in particular with statistical techniques that deal with the detection and exploitation of information leakage. The group wants to expand its repertoire, e.g. towards data intensive aspects of cybersecurity more generally and therefore seeks to appoint somebody with a a background in statistics/data science/AI who has an interest in cybersecurity applications of their research; or towards other relevant areas of (applied) cryptography including embedded security.
The minimum monthly gross salary for this position amounts to € 3.9k (14 times per year) and can increase to € 4.5k (x14) maximum in the case of consideration of previous occupational experience. The fixed-term employment contract is expected to commence in August 2020 (but this is negotiable). All details can be found here: https://jobs.aau.at/en/job/senior-scientist-all-genders-welcome-2/.
Informal enquiries can be directly directed to Elisabeth . Oswald@aau.at Formal applications have to be made via the AAU jobs portal: https://jobs.aau.at/en/ AAU is an equal opportunities employer and therefor particularly encourages applications of female researcher and in general researchers from underrepresented groups.
Closing date for applications:
Contact: Elisabeth . Oswald @ aau . at
More information: https://jobs.aau.at/en/job/senior-scientist-all-genders-welcome-2/
University of Birmingham, UK
Job PostingCAP-TEE: Capability Architectures for Trusted Execution
Trusted Execution Environments (TEEs) shield computations using security-sensitive data (e.g. personal data, banking information, or encryption keys) inside a secure "enclave" from the rest of the untrusted operating system. A TEE protects its data and code even if an attacker has gained full root access to the untrusted parts of the system. In this project, we will use capability architectures (as e.g. developed by the CHERI project) to protect TEEs against such state-of-the-art attacks. We address a wide range of threats from software vulnerabilities such as buffer overflows to sophisticated hardware attacks like fault injection. CAP-TEE will provide a strong, open-source basis for the future generation of more secure TEEs: https://cap-tee.org/
The project is led by David Oswald. Our industrial project partners are also devoting time to the project, and the PhD student will have the opportunity to work with them.
The studentship covers a stipend and tuition fees based on UK home student rates (nb: the studentship does not cover the full tuition fees for overseas students.).
Candidates should have a good background in computer science. One focus will be on improving and evaluating the security of capabilty architectures; suitable candidates will hence need a strong background in system-level programming (e.g. using C or C++). We also expect a first-class UG or PG degree in a relevant subject (e.g. computer science or electrical engineering).
How to apply: There is no deadline for applying. The PhD candidate is expected to start in summer/autumn 2021. We will process applications as they arrive. To apply, please send your CV, a transcript with a list of courses and grades, and a description of your research interests to d.f.oswald (at) bham.ac.uk.
Closing date for applications:
Contact: Dr David Oswald
More information: https://www.cs.bham.ac.uk/~oswalddf/phd-projects.php
The University of Manchester, Department of Computer Science, Manchester, UK
Job PostingThis is an exceptional opportunity to join the University of Manchester’s developing work in Cyber Security.
The Department of Computer Science is investing for growth in the Computer Science aspects of Information and Cyber Security. You will contribute to our portfolio of research and teaching in cyber security, and be willing to engage across discipline boundaries to apply your work. This will include engaging with a variety of business stakeholders and national agencies and government departments.
You will be part of a pan-university community contributing to Digital Trust and Security, including – but not restricted to – privacy, trust, data protection (School of Social Sciences), cybercrime, criminals, victims (School of Law) and work place security (Alliance Manchester Business School).
The Department of Computer Science is a leading research institution, and values exceptional researchers. You will publish to the highest standards, secure external research funding, pursue real-world impact, and contribute to the PGR training programmes within the Department.
The Department values exceptional teachers. You will play a key role in maintaining our reputation as an institute of learning – designing and delivering innovative undergraduate (UG) and postgraduate (PG) topics, not only in Cyber Security, but also across the spectrum of Computer Science. Exceptional teachers are encouraged to demonstrate this in their application.
Closing date for applications:
Contact: Enquiries about the vacancy, shortlisting and interviews: Name: Professor Robert Stevens
Email: robert.stevens@manchester.ac.uk
More information: https://www.jobs.manchester.ac.uk/displayjob.aspx?isPreview=Yes&jobid=20096
Isfahan, Iran, 1 September - 2 September 2021
Event CalendarSubmission deadline: 12 June 2021
Notification: 24 July 2021