International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

Updates on the COVID-19 situation are on the Announcement channel.

Here you can see all recent updates to the IACR webpage. These updates are also available:

RSS symbol icon
via RSS feed
Twitter bird icon
via Twitter
Weibo icon
via Weibo
Facebook icon
via Facebook

15 October 2021

Tim Beyne, Siemen Dhooghe, Amir Moradi, Aein Rezaei Shahmirzadi
ePrint Report ePrint Report
This work introduces second-order masked implementations of LED, Midori, SKINNY, and PRINCE ciphers which do not require fresh masks to be updated at every clock cycle. The main idea lies on a combination of the constructions given by Shahmirzadi and Moradi at CHES~2021, and the theory presented by Beyne et al. at Asiacrypt~2020. The presented masked designs only use a minimal number of shares, i.e., three to achieve second-order security, and we make use of a trick to pair a couple of S-boxes to reduce their latency. The theoretical security analyses of our constructions are based on the linear-cryptanalytic properties of the underlying masked primitive as well as SILVER, the leakage verification tool presented at Asiacrypt~2020. To improve this cryptanalytic analysis, we use the \emph{noisy probing model} which allows for the inclusion of noise in the framework of Beyne et al. We further provide FPGA-based experimental security analysis confirming second-order protection of our masked implementations.
Expand

14 October 2021

Max Planck Institute for Security and Privacy, Bochum, Germany
Job Posting Job Posting
The Max Planck Institute for Security and Privacy (MPI-SP) is looking for motivated students to apply for a research internship on lattice-based cryptography. In particular, we are looking for students eager to build vector commitments and related primitives from lattices.

Topic: Lattice-based Vector Commitments

Requirements:
  • Have working knowledge in constructing and analysing public-key cryptographic primitives
  • Are familiar with mathematical proofs
  • Are fluent in spoken and written English
Greatly Valued but not Mandatory Attributes:
  • Have basic understanding of lattice-based cryptography
  • Have basic understanding of vector commitments
  • Have experience in prototyping cryptographic primitives
Funding: The position is funded as part of a project in collaboration with Protocol Labs (https://protocol.ai).

Start Date: As soon as possible

Duration: 3 to 6 months

Application Deadline: December 31, 2021, or when a suitable candidate has been found

To apply for the position, send an email to Giulio Malavolta (address below) including the following documents:
  • A curriculum vitae
  • A brief cover letter (half page at most), e.g. describing your research interests
If you have any question, don’t hesitate to get in touch.

Closing date for applications:

Contact: Giulio Malavolta (giulio.malavolta@mpi-sp.org)

Expand
ENS Lyon
Job Posting Job Posting

The ENS Lyon crypto group is opening several post-doc positions. Duration and starting dates are flexible. Salary takes seniority into account.

Topics of interest:
Applicants should have expertise in at least one of the following topics:
  • Cryptographic protocols
  • Lattice-based cryptography
  • Lattice algorithms or hardness of lattice problems (quantum/classical)
  • Foundational aspects of cryptography
  • Computing on encrypted data
  • Implementation of cryptographic primitives
Applicants are expected to have already published in top-tier venues in the relevant areas.

How to apply:

Interested applicants should provide a detailed resume and two references. Applications should be sent directly to {benoit.libert,alain.passelegue, damien.stehle}@ens-lyon.fr by Dec. 31, 2021.

Closing date for applications:

Contact: Benoît Libert, Alain Passelègue, and Damien Stehlé
{benoit.libert, alain.passelegue, damien.stehle}@ens-lyon.fr

More information: https://www.ens-lyon.fr/LIP/AriC/crypto

Expand
Heliax, Anoma
Job Posting Job Posting
Overview Blockchains are not private enough for safe use by citizens, corporations, or dissidents. Heliax is looking for a research cryptographer interested in fully-homomorphic encryption protocols and their application to distributed ledger technology to work with us to design, evaluate, and implement FHE constructions, then put this cryptography into practice in order to realise privacy and scalability capabilities required by the next generation of blockchain networks. This role offers the chance to work closely with a small team on compelling cross-disciplinary problems in theoretical computer science, cryptography, game theory, economics, and systems design, and enjoy a high degree of independence in working conditions and task prioritization. Responsibilities Evaluate and analyze existing FHE protocols for security, expressivity, and performance, monitor the state of the research field for compelling new theoretical advances, and conduct original exploratory research into new constructions Update & alter existing protocols and implementations (such as nuFHE), customize them for specific proof-of-concept and production use-cases Produce technical specifications for designs & instantiations of said protocols and assist with implementation in coordination with team members Qualifications Academic research background in mathematics, computer science, or cryptography Prior experience with fully-homomorphic encryption in a research context Self-motivated & self-organized Bonus Qualifications Experience with (fully) homomorphic encryption libraries (e.g. SEAL, HElib) Prior experience in low-level systems programming, ideally in Rust Prior experience with distributed ledger (blockchain) technology Misc Remote or local (Zürich/Zug, Berlin). When remote, preferred if mostly located within (+/- 7 hours) Central European time zones. North America is fine. Ideally someone who enjoys travel, nature and hiking. Often we find that protocols are best designed not in a meeting room but rather on a trail ????️.

Closing date for applications:

Contact: jobs@heliax.dev

More information: https://heliax.dev/

Expand

12 October 2021

University of Connecticut, Computer Science and Engineering Dept.
Job Posting Job Posting
Several PhD student openings in the domains of cryptography, computer security, privacy, and blockchain-based systems, are available at the University of Connecticut (UConn), CSE dept., led by Prof. Ghada Almashaqbeh. Start date can be as early as Spring 2022 or later for Fall 2022.

The positions provide a great opportunity for students with interest in interdisciplinary projects that combine knowledge from various fields towards the design of secure systems and protocols. We target real-world timely problems and aim to provide secure and practical solutions backed by rigorous foundations and efficient implementations/thorough performance testing. We are also interested in conceptual projects that contribute in bridging the gap between theory and practice of Cryptography.

For more information about our current and previous projects please check https://ghadaalmashaqbeh.github.io/research/. For interested students, please send your CV to ghada@uconn.edu and provide any relevant information about the topics you want to work on and the skills/related background you have.

Closing date for applications:

Contact: Ghada Almashaqbeh

More information: https://ghadaalmashaqbeh.github.io/

Expand
Campus George Charpak Provence, Mines Saint Etienne, Gardanne, France
Job Posting Job Posting
Job role: One year-Post-doctoral position as a product Security Engineer

Department:
R&D – Product Security Location / Working place Meyreuil, France
SAS Campus George Charpak Provence, Gardanne, France

Mission:
Participate in security certifications: hardware and software platforms
Porting post-quantum cryptographic libraries to Wisekey’s components
Implement side channel / deep learning attacks in Wisekey’s security lab
Maintain Wisekey’s attack benches

Main responsabilities:
Standardization follow-up on post-quantum algorithms
Implement an attack bench on component using post-quantum cryptographic libraries
Keep abreast of new attacks (conferences, fairs, scientific articles)

Requirements:
Educational background / diplomas: PhD
Skills: Cryptography, Safety of embedded systems, Security certifications (CC, EMVCo, FIPS), Development on embedded systems
Starting date: ASAP
To apply please send your CV, a cover letter, and contact information of 2 references

Closing date for applications:

Contact: Nadia EL Mrabet (EMSE Gardanne), nadia.el-mrabet@emse.fr
Jean-Pierre Enguent (VP-R&D Wisekey), jpenguent@WISEKEY.COM

Expand
CryptoLux Group, University of Luxembourg
Job Posting Job Posting
The University of Luxembourg invites applications from M.Sc. holders in the general area of applied cryptography. Cryptolux.org is a team of cryptographers and security researchers interested in applied cryptography, cryptanalysis, privacy, network security, cryptographic blockchains and is led by Prof. Alex Biryukov. We are affiliated to the Department of Computer Science (DCS) and to the interdisciplinary Security and Trust center (SnT).

Area (potential topics of the thesis)

  • Cryptanalysis and design of cryptographic primitives, ex. Lightweight block ciphers, hash functions, authenticated encryption schemes
  • Privacy Enhancing Technology (Tor-like networks, privacy for cryptocurrencies)
  • Cryptography for blockchains
  • White-box cryptography
The University offers a Ph.D. study program with an initial contract of 36 months, with a further possible 1-year extension if required. The University offers highly competitive salaries and is an equal opportunity employer. You will work in one of the most international universities in the world and will participate in the development of a large information security research center.

Starting date 1-Jan-2022 or later upon agreement. Early submission is encouraged; applications will be processed upon receipt.

Closing date for applications:

Contact: Prof. Alex Biryukov

More information: https://cryptolux.org

Expand
Thomas Attema, Serge Fehr, Michael Klooß
ePrint Report ePrint Report
The celebrated Fiat-Shamir transformation turns any public-coin interactive proof into an non-interactive one, which inherits the main security properties (in the random oracle model) of the interactive version. While originally considered in the context of 3-move public-coin interactive proofs, i.e., so-called $\Sigma$-protocols, it is now applied to multi-round protocols as well. Unfortunately, the security loss for a $(2\mu + 1)$-move protocol is, in general, $Q^\mu$, where $Q$ is the number of oracle queries performed by the attacker. In general, this is the best one can hope for, as it is easy to see that this loss applies to the $\mu$-fold sequential repetition of $\Sigma$-protocols, but it raises the question whether certain (natural) classes of interactive proofs feature a milder security loss.

In this work, we give positive and negative results on this question. On the positive side, we show that for $(k_1, \ldots, k_\mu)$-special-sound protocols (which cover a broad class of use cases), the knowledge error degrades linearly in $Q$ (instead of $Q^\mu$). On the negative side, we show that for $t$-fold parallel repetitions of typical $(k_1, \ldots, k_\mu)$-special-sound protocols, there is an attack which results in a security loss of about $(Q/\mu)^\mu \mu^{-t}$, assuming for simplicity that $t$ is an integer multiple of $\mu$.
Expand
Ivan Damgård, Daniel Escudero, Antigoni Polychroniadou
ePrint Report ePrint Report
We consider the task of designing secure computation protocols in an unstable network where honest parties can drop out at any time, according to a schedule provided by the adversary. This type of setting, where even honest parties are prone to failures, is more realistic than traditional models, and has therefore gained a lot of attention recently. Unlike previous works in the literature, we allow parties to return to the computation according to an adversarially chosen schedule and, moreover, we do not assume that these parties receive the messages that were sent to them while being offline. However, we do assume an upper bound on the number of rounds that an honest party can be off-line---otherwise protocols in this setting cannot guarantee termination within a bounded number of rounds.

We study the settings of perfect, statistical and computational security and design MPC protocols in each of these scenarios. We assume that the intersection of online-and-honest parties from one round to the next is at least $2t+1$, $t+1$ and $1$ respectively, where $t$ is the number of (actively) corrupt parties. We show the intersection requirements to be optimal. Our (positive) results are obtained in a way that may be of independent interest: we implement a traditional stable network on top of the unstable one, which allows us to plug in \textit{any} MPC protocol on top. This approach adds a necessary overhead to the round count of the protocols, which is related to the maximal number of rounds an honest party can be offline. We also present a novel, perfectly secure MPC protocol that avoids this overhead by following a more ``direct'' approach rather than building a stable network on top. We introduce our network model in the UC-framework and prove the security of our protocols within this setting.
Expand
Elizabeth Crites, Chelsea Komlo, Mary Maller
ePrint Report ePrint Report
In this paper, we present new techniques for proving the security of multi- and threshold signature schemes under discrete logarithm assumptions in the random oracle model. The purpose is to provide a simple framework for analyzing the relatively complex interactions of these schemes in a concurrent model, thereby reducing the risk of attacks. We make use of proofs of possession and prove that a Schnorr signature suffices as a proof of possession in the algebraic group model without any tightness loss. We introduce and prove the security of a simple, three-round multisignature $\mathsf{SimpleMuSig}$.

Using our new techniques, we prove the concurrent security of a variant of the $\mathsf{MuSig2}$ multisignature scheme that includes proofs of possession as well as the $\mathsf{FROST}$ threshold signature scheme. These are currently the most efficient schemes in the literature for generating Schnorr signatures in a multiparty setting. Our variant of $\mathsf{MuSig2}$, which we call $\mathsf{SpeedyMuSig}$, has faster key aggregation due to the proofs of possession.
Expand
Marcel Nageler, Christoph Dobraunig, Maria Eichlseder
ePrint Report ePrint Report
Differential fault analysis (DFA) is a very powerful attack vector on implementations of symmetric cryptography. Most countermeasures are applied at the implementation level. At ASIACRYPT 2021, Baksi et al. proposed a design strategy that aims to provide inherent cipher level resistance against DFA by using S-boxes with linear structures. They argue that in their instantiation, the block cipher DEFAULT, a DFA adversary can learn at most 64 of the 128 key bits, so the remaining brute-force complexity of $2^{64}$ is impractical.

In this paper, we show that a DFA adversary can combine information across rounds to recover the full key, invalidating their security claim. In particular, we observe that such ciphers exhibit large classes of equivalent keys that can be represented efficiently in normalized form using linear equations. We exploit this in combination with the specifics of DEFAULT's strong key schedule to recover the key using less than 100 faulty computation and negligible time complexity. Moreover, we show that even an idealized version of DEFAULT with independent round keys is vulnerable to our information-combining attacks based on normalized keys.
Expand
Iftach Haitner, Nikolaos Makriyannis, Samuel Ranellucci, Eliad Tsfadia
ePrint Report ePrint Report
We present a new OT-based two-party multiplication protocol that is almost as efficient as Gilboa's semi-honest protocol (Crypto '99), but has a high-level of security against malicious adversaries without further compilation. The achieved security suffices for many applications, and, assuming DDH, can be cheaply compiled into full security.
Expand
Eugene Frimpong, Reyhaneh Rabbaninejad, Antonis Michalas
ePrint Report ePrint Report
Drone-based applications continue to garner a lot of attention due to their significant potential in both commercial and non-commercial use. Owing to this increasing popularity, researchers have begun to pay attention to the communication security requirements involved in deploying drone-based applications and services on a large scale, with particular emphasis on group communication. The majority of existing works in this field focus on the use of symmetric key cryptographic schemes or group key agreement schemes. However, in this paper, we propose a pairing-free certificateless group authenticated key distribution protocol for drone-based applications which takes into consideration drones with varying computational resources. The proposed scheme ensures key freshness, group key secrecy, forward secrecy, and backward secrecy while ensuring that the scheme is lightweight enough to be implemented on very resource-constrained drones or smart devices. We extensively prove the security of our scheme and demonstrate its real-world applicability by evaluating its performance on three different kinds of drone boards (UP Xtreme i7 board, SamL11-Xpro board, and a Zolertia Re-mote Revb board).
Expand
Kyoichi Asano, Keita Emura, Atsushi Takayasu, Yohei Watanabe
ePrint Report ePrint Report
Attribute-based encryption with equality test ($\mathsf{ABEET}$) is an extension of the ordinary attribute-based encryption ($\mathsf{ABE}$), where trapdoors enable us to check whether two ciphertexts are encryptions of the same message. Thus far, several CCA-secure $\mathsf{ABEET}$ schemes have been proposed for monotone span programs satisfying selective security under $q$-type assumptions. In this paper, we propose a generic construction of CCA-secure $\mathsf{ABEET}$ from delegatable $\mathsf{ABE}$. Specifically, our construction is an attribute-based extension of Lee et al.'s generic construction of identity-based encryption with equality test from hierarchical identity-based encryption. Even as far as we know, there are various delegatable $\mathsf{ABE}$ schemes. Therefore, we obtain various $\mathsf{ABEET}$ schemes with new properties that have not been achieved before such as various predicates, adaptive security, standard assumptions, compact ciphertexts/secret keys, and lattice-based constructions.
Expand
Dimitris Mouris, Nektarios Georgios Tsoutsos
ePrint Report ePrint Report
In crowd-sourced data aggregation, participants share their data points with curators. However, the lack of privacy guarantees may discourage participation, which motivates the need for privacy-preserving aggregation protocols. Unfortunately, existing solutions do not support public auditing without revealing the participants' data. In real-world applications, there is a need for public verifiability (i.e., verifying the protocol correctness) while preserving the privacy of the participants' inputs since the participants do not always trust the data curator. Likewise, public distributed ledgers (e.g., blockchains) provide public auditing but may reveal sensitive information.

We present Masquerade, a novel protocol for computing private statistics, such as sum, average, and histograms without revealing anything about participants' data. We propose a tailored multiplicative commitment scheme to ensure the integrity of data aggregations and publish all the participants' commitments on a ledger to provide public verifiability. We complement our methodology with two zero-knowledge proof protocols that detect potentially untrusted participants who attempt to poison the aggregation results. Thus, Masquerade ensures the validity of shared data points before being aggregated, enabling a broad range of numerical and categorical. In our experiments, we evaluate our protocol's runtime and communication overhead using homomorphic ciphertexts and commitments for a variable number of participants.
Expand
Rami Elkhatib, Brian Koziel, Reza Azarderakhsh
ePrint Report ePrint Report
In the third round of the NIST PQC standardization process, the only isogeny-based candidate, SIKE, suffers from slow performance when compared to other contenders. The large-degree isogeny computation performs a series of isogenous mappings between curves, to account for about 80% of SIKE’s latency. Here, we propose, implement, and evaluate a new method for computing large-degree isogenies of an odd power. Our new strategy for this computation avoids expensive recomputation of temporary isogeny results.We modified open-source libraries targeting x86, ARM64, and ARM32 platforms. Across each of these implementations, our new method achieves 10% and 5% speedups in SIKE’s key encapsulation and decapsulation operations, respectively. Additionally, these implementations use 3% less stack space at only a 48 byte increase in code size. Given the benefit and simplicity of our approach, we recommend this method for current and emerging SIKE implementations.
Expand
Kai-Min Chung, Yao-Ching Hsieh, Mi-Ying Huang, Yu-Hsuan Huang, Tanja Lange, Bo-Yin Yang
ePrint Report ePrint Report
Group signatures are an important cryptographic primitive providing both anonymity and accountability to signatures. Accountable ring signatures combine features from both ring signatures and group signatures, and can be directly transformed to group signatures. While there exists extensive work on constructing group signatures from various post-quantum assumptions, there has not been any using isogeny-based assumptions. In this work, we propose the first construction of isogeny-based group signatures, which is a direct result of our isogeny-based accountable ring signature. This is also the first construction of accountable ring signatures based on post-quantum assumptions. Our schemes are based on the decisional CSIDH assumption (D-CSIDH) and are proven secure under the random oracle model (ROM).
Expand
Avinash Vijayarangan, K.R. Sekar, R. Srikanth
ePrint Report ePrint Report
With the fast-growing technology and emerging innovations in the research arena, privacy and preservation of data predominantly in the medical field are highly essential. At the same time, there is a need for minimized storage of voluminous data in the medical repository. The inspiration for this research work to formulate the hybrid methodologies using improved Steganography, wavelet transform, and lossless compression for privacy and preservation of medical big data images and patient information in the medical big data repositories. The novelty of the work focuses on the preservation of patient’s information using enhanced security and optimized big data image storage, which helps the pharmacology professionals to store double the amount of information in the same storage space of the medical big data repository. The secure storage, fast retrieval of image, and minimum computation are the basic ideology of the work. The research work adopts a fast and optimized approach of the Knight Tour algorithm for embedding the patient’s data in their medical image and a Discrete Wavelet Transform (DWT) for the safeguarding of the cover image. Furthermore, a lossless wavelet packet compression is applied to minimize the storage size and to maximize storage efficiency. The outcome of the work achieves a higher level of data security without loss in the quality of the image. In addition, the preservation of the reduced size image will be easy to accommodate and can store bountiful images in the repository. A proposed hybrid method of compression in order to get high resolution on spatial and frequency domains will provide an edge.
Expand
Ward Beullens, Samuel Dobson, Shuichi Katsumata, Yi-Fu Lai, Federico Pintore
ePrint Report ePrint Report
We construct an efficient dynamic group signature (or more generally an accountable ring signature) from isogeny and lattice assumptions. Our group signature is based on a simple generic construction that can be instantiated by cryptographically hard group actions such as the CSIDH group action or an MLWE-based group action. The signature is of size $O(\log N)$, where $N$ is the number of users in the group. Our idea builds on the recent efficient OR-proof by Beullens, Katsumata, and Pintore (Asiacrypt'20), where we efficiently add a proof of valid ciphertext to their OR-proof and further show that the resulting non-interactive zero-knowledge proof system is online extractable.

Our group signatures satisfy more ideal security properties compared to previously known constructions, while simultaneously having an attractive signature size. The signature size of our isogeny-based construction is an order of magnitude smaller than all previously known post-quantum group signatures (e.g., 6.6 KB for 64 members). In comparison, our lattice-based construction has a larger signature size (e.g., either 126 KB or 89 KB for 64 members depending on the satisfied security property). However, since the $O(\cdot)$-notation hides a very small constant factor, it remains small even for very large group sizes, say $2^{20}$.
Expand
Yi-Fu Lai, Samuel Dobson
ePrint Report ePrint Report
Both ring signatures and group signatures are useful privacy tools, allowing signers to hide their identities within a set of other public keys, while allowing their signatures to be validated with respect to the entire set. Group signature schemes and revocable ring signature schemes both provide the additional ability for certain authorized members to revoke the anonymity on a signature and reveal the true signer—allowing management of abuse in the scheme. This work consists of two parts. Firstly, we introduce a stronger security notion—collusion resistance—for revocable ring signatures and show how to derive a group signature scheme from it, which provides a new approach to obtaining group signatures. This improves on the existing weak security model (e.g. with selfless anonymity) which fails to guarantee anonymity of members whose keys are exposed. Our stronger notion requires that the scheme remains secure against full key exposure in the anonymity game, and allows collusion among arbitrary members in the revocability game. Secondly (and more concretely), we construct a practical collusion-resistant revocable ring signature scheme based on hard homogenous spaces (HHS), and thus obtain a group signature scheme based on isogenies. To the best of our knowledge, the schemes given in this work are the first efficient post-quantum (collusion-resistant) revocable ring signature scheme, and the first efficient isogeny-based group signature scheme in the literature.
Expand
◄ Previous Next ►