IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
05 August 2021
Join Research Centre - European Commission - Ispra, Italy
Job PostingClosing date for applications:
Contact: Laurent Beslay jrc-e3-secretariat@ec.europa.eu
More information: https://recruitment.jrc.ec.europa.eu/
KU Leuven
Job PostingWe are looking for an internationally orientated candidate with both educational competence and excellent research experience in computer science, and with extensive expertise in the field of secure and robust software systems and services. The new faculty member will become a member of the DistriNet unit, an internationally leading research group with recognized expertise in the areas of security, distributed systems and software engineering.
Candidates will be expected to develop an ambitious research programme that integrates well with the current research activities of the research group. Candidates should also be prepared to provide scientific services both within and outside the university, and to contribute to education at bachelor and master level.
DistrNet is the "sister" organization of COSIC, it deals with general security research whereas COSIC deals with cryptographic research. The two organizations are part of the CyberSecurity Flanders initiative, which supports their work.
Closing date for applications:
Contact: For more information please contact Prof. dr. ir. Wouter Joosen, tel.: +32 16 32 76 53, mail: wouter.joosen@kuleuven.be or Prof. dr. ir. Stefan Vandewalle, tel.: +32 16 32 76 54, mail: stefan.vandewalle@kuleuven.be.
More information: https://www.kuleuven.be/personeel/jobsite/jobs/60022535
Telecom Paris, Institut Polytechnique de Paris
Job PostingClosing date for applications:
Contact: Phan Duong Hieu (hieu.phan@telecom-paris.fr)
More information: https://institutminestelecom.recruitee.com/l/en/o/maitre-de-conferences-en-informatique-fh-a-telecom-paris-cdi
04 August 2021
Real World Crypto
Submission information can be found at: https://rwc.iacr.org/2022/contributed.php
03 August 2021
Jean-Sebastien Coron, Agnese Gini
ePrint ReportGilles Macario-Rat, Jacques Patarin
ePrint ReportArush Chhatrapati
ePrint ReportNils Wisiol
ePrint ReportLejla Batina, Łukasz Chmielewski, Björn Haase, Niels Samwel, Peter Schwabe
ePrint Report02 August 2021
San Francisco, USA, 7 February - 10 February 2022
Event CalendarSubmission deadline: 13 September 2021
Notification: 11 November 2021
30 July 2021
San Antonio, USA, 2 November - 3 November 2021
Event CalendarSubmission deadline: 7 August 2021
Notification: 1 October 2021
University of St. Gallen, Switzerland
Job PostingKey Responsibilities:
- Perform exciting and challenging research in the domain of information security and cryptography.
- Support and assist in teaching computer security and cryptography courses.
- The PhD student is expected to have a MSc degree or equivalent, and strong background in cryptography, network security and mathematics.
- Experience in one or more domains such as cryptography, design of protocols, secure multi-party computation and differential privacy is beneficial.
- Excellent programming skills.
Deadline: 5 August 2021.
Closing date for applications:
Contact: Katerina Mitrokotsa
More information: https://jobs.unisg.ch/offene-stellen/phd-position-in-applied-cryptography-and-information-security-m-w-d/09f75f22-649c-48a6-9aa4-659bbd686a84
University of St. Gallen, Switzerland
Job PostingResponsibilities As a research engineer in the Cyber Security chair you will establish and work in a state-of-the-art IoT (Internet of Things) lab with smart devices ranging from Raspberry Pi's, sensors, smart microphones, toy cars, RFID tags, RFID readers, smart phones, biometric sensors and you will work with world-leading researchers to implement, test, and showcase secure and privacy-preserving protocols and algorithms. Many projects are done in collaboration with other academic and industrial partners. More specifically, the job includes:
- Development and implementation of concepts and research results, both individually and in collaboration with researchers and PhD students,
- Run of experiments and simulation of realistic conditions to test the performance of developed algorithms and protocols,
- Development, maintenance and organization of software,
- Support to BSc, MSc and PhD students, postdocs and researchers who use the lab,
- Responsibility for day routines in the lab, for example purchases, installations, bookings, inventory.
- The successful applicant is expected to hold or to be about to receive a M.Sc. degree in Computer Science, Electrical Engineering, Applied Mathematics or similar fields
- Good command of English is required.
- You should have a good academic track record and well developed analytical and problem solving skills.
- Excellent programming skills and familiarity with cryptographic libraries.
- Previous experience in implementation projects with C++, Matlab/Simulink, Python is desired.
Deadline: 10 August
Closing date for applications:
Contact: Katerina Mitrokotsa
More information: https://jobs.unisg.ch/offene-stellen/cryptography-engineer-m-w-d/634aea27-37d2-4f1f-ab25-2d3c0a622fc0
28 July 2021
Yevgeniy Dodis, Siyao Guo, Noah Stephens-Davidowitz, Zhiye Xie
ePrint ReportAs our main result, we show that the state $\mathbf{S}$ converges to the uniform distribution for all input distributions $D$ with entropy $k > 0$ if and only if the matrix $A$ has no non-trivial invariant subspace (i.e., a non-zero subspace $V \subsetneq \mathbb{F}_2^n$ such that $AV \subseteq V$). In other words, a matrix $A$ yields an online linear extractor if and only if $A$ has no non-trivial invariant subspace. For example, the linear transformation corresponding to multiplication by a generator of the field $\mathbb{F}_{2^n}$ yields a good online linear extractor. Furthermore, for any such matrix convergence takes at most $\widetilde{O}(n^2(k+1)/k^2)$ steps.
We also study the more general notion of condensing---that is, we ask when this process converges to a distribution with entropy at least $\ell$, when the input distribution has entropy greater than $k$. (Extractors corresponding to the special case when $\ell = n$.) We show that a matrix gives a good condenser if there are relatively few vectors $\mathbf{w} \in \mathbb{F}_2^n$ such that $\mathbf{w}, A^T\mathbf{w}, \ldots, (A^T)^{n-k-1} \mathbf{w}$ are linearly dependent. As an application, we show that the very simple cyclic rotation transformation $A(x_1,\ldots, x_n) = (x_n,x_1,\ldots, x_{n-1})$ condenses to $\ell = n-1$ bits for any $k > 1$ if $n$ is a prime satisfying a certain simple number-theoretic condition.
Our proofs are Fourier-analytic and rely on a novel lemma, which gives a tight bound on the product of certain Fourier coefficients of any entropic distribution.
Nir Bitansky, Zvika Brakerski
ePrint ReportWe introduce a notion of classical binding for quantum commitments which provides guarantees analogous to the classical case. In our notion, the receiver performs a (partial) measurement of the quantum commitment string, and the outcome of this measurement determines a single value that the sender may open. We expect that our notion can replace classical commitments in various settings, leaving the security proof essentially unchanged. As an example we show a soundness proof for the GMW zero-knowledge proof system.
We construct a non-interactive quantum commitment scheme which is classically statistically-binding and has a classical opening, based on the existence of any post-quantum one-way function. Prior candidates had inherently quantum openings and were not classically binding. In contrast, we show that it is impossible to achieve classical binding for statistically hiding commitments, regardless of assumption or round complexity.
Our scheme is simply Naor's commitment scheme (which classically requires a common random string, CRS), but executed in superposition over all possible values of the CRS, and repeated several times. We hope that this technique for using quantum communication to remove a CRS may find other uses.
Masayuki Fukumitsu, Shingo Hasegawa
ePrint ReportLéo Ducas, Wessel van Woerden
ePrint ReportWith the NTRU scheme being a finalist to the NIST PQC competition it is important to understand ---both asymptotically and concretely--- where the fatigue point lies exactly, i.e. at which $q$ the overstretched regime begins. Unfortunately the analysis by Kirchner and Fouque is based on an impossibility argument, which only results in an asymptotic upper bound on the fatigue point. It also does not really {\em explain} how lattice reduction actually recovers secret-key information.
We propose a new analysis that asymptotically improves on that of Kirchner and Fouque, narrowing down the fatigue point for ternary NTRU from $q \leq n^{2.783+o(1)}$ to $q=n^{2.484+o(1)}$, and finally explaining the mechanism behind this phenomenon. We push this analysis further to a concrete one, settling the fatigue point at $q \approx 0.004 \cdot n^{2.484}$, and allowing precise hardness predictions in the overstretched regime. These predictions are backed by extensive experiments.
Hanno Becker, Jose Maria Bermudo Mera, Angshuman Karmakar, Joseph Yiu, Ingrid Verbauwhede
ePrint ReportAnnapurna Valiveti, Srinivas Vivek
ePrint ReportIn this work, we solve the above problem by implementing a higher-order lookup table-based scheme using an amount of RAM memory that is essentially independent of the masking order. More concretely, we reduce the amount of RAM memory needed for the table-based scheme of Coron et al. (TCHES 2018) approximately by a factor equal to the number of shares. Our technique is based upon the use of PRG to minimise the randomness complexity of ISW-based masking schemes proposed by Ishai et al. (ICALP 2013) and Coron et al. (Eurocrypt 2020). Hence we show that for lookup table-based masking schemes, the use of a PRG not only reduces the randomness complexity (now logarithmic in the size of the S-box) but also the memory complexity, and without any significant increase in the overall running time. We have implemented in software the higher-order table-based masking scheme of Coron et al. (TCHES 2018) at tenth order with full pre-processing of a single execution of all the AES S-boxes on a ARM Cortex-M4 device that has 256 KB RAM memory. Our technique requires only 41.2 KB of RAM memory, whereas the original scheme would have needed 440 KB. Moreover, our 8-bit implementation results demonstrate that the online execution time of our variant is about 1.5 times faster compared to the 8-bit bitsliced masked implementation of AES-128.