IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
22 November 2021
Esra Günsay, Cansu Betin Onur, Murat Cenk
ePrint ReportAndrea Caforio, Subhadeep Banik, Yosuke Todo, Willi Meier, Takanori Isobe, Fukang Liu, Bin Zhang
ePrint ReportIn this work, we devise the first heuristic energy model in the realm of stream ciphers that links the underlying algebraic topology of the state update function to the consumptive behaviour. The model is then used to derive a metric that exhibits a heavy negative correlation with the energy consumption of a broad range of stream cipher architectures, i.e., the families of Trivium-like, Grain-like and Subterranean-like constructions. We demonstrate that this correlation is especially pronounced for Trivium-like ciphers which leads us to establish a link between the energy consumption and the security guarantees that makes it possible to find several alternative energy- optimal versions of Trivium that meet the requirements but consume less energy. We present two such designs Trivium-LE(F) and Trivium-LE(S) that consume around 15% and 25% less energy respectively making them the to date most energy-efficient encryption primitives. They inherit the same security level as Trivium, i.e., 80-bit security. We further present Triad-LE as an energy-efficient variant satisfying a higher security level. The simplicity and wide applicability of our model has direct consequences for the conception of future hardware-targeted stream ciphers as for the first time it is possible to optimize for energy during the design phase. Moreover, we extend the reach of our model beyond plain encryption primitives and propose a novel energy-efficient message authentication code Trivium-LE-MAC.
Ittay Eyal
ePrint ReportThe security of individual keys was widely studied with practical solutions available, from mnemonic phrases to dedicated hardware. There are also techniques for securing funds by requiring combinations of multiple keys. However, to the best of our knowledge, a crucial question was never addressed: How is wallet security affected by the number of keys, their types, and how they are combined? This is the focus of this work.
We present a model where each key has certain probabilities for being safe, lost, leaked, or stolen (available only to an attacker). The number of possible wallets for a given number of keys is the Dedekind number, prohibiting an exhaustive search with many keys. Nonetheless, we bound optimal-wallet failure probabilities with an evolutionary algorithm.
We evaluate the security (complement of failure probability) of wallets based on the number and types of keys used. Our analysis covers a wide range of settings and reveals several surprises. The failure probability general trend drops exponentially with the number of keys, but has a strong dependency on its parity. In many cases, but not always, heterogeneous keys (not all with the same fault probabilities) allow for superior wallets than homogeneous keys. Nonetheless, in the case of 3 keys, the common practice of requiring any pair is optimal in many settings.
Our formulation of the problem and initial results reveal several open questions, from user studies of key fault probabilities to finding optimal wallets with very large numbers of keys. But they also have an immediate practical outcome, informing cryptocurrency users on optimal wallet design.
Nicolas Bruneau, Charles Christen, Jean-Luc Danger, Adrien Facon, Sylvain Guilley
ePrint ReportSeminal work has been initiated by Barthe et al. at EUROCRYPT 2015 for automated verification at higher orders on concrete implementations. In this paper, we build on this work to actually perform verification from within a compiler, so as to enable timely feedback to the developer. Precisely, our methodology enables to provide the actual security order of the code at the intermediate representation (IR) level, thereby identifying possible flaws (owing either to source code errors or to compiler optimizations). Second, our methodology allows for an exploitability analysis of the analysed IR code. In this respect, we formally handle all the symbolic expressions in the static single assignment (SSA) representation to build the optimal distinguisher function. This enables to evaluate the most powerful attack, which is not only function of the masking order $d$, but also on the number of leaking samples and of the expressions (e.g., linear vs non-linear leakages).
This scheme allows to evaluate the correctness of a masked cryptographic code, and also its actual security in terms of number of traces in a given deployment context (characterized by a leakage model of the target CPU and the signal-to-noise ratio of the platform).
Jean-Pierre Thibault, Colin O’Flynn, Alex Dewar
ePrint ReportAs many recent secure boot solutions are using ECDSA, efforts into building open-source artifacts to evaluate attacks on ECDSA are highly relevant to ongoing academic and industrial research programs. To demonstrate the value of this evaluation platform, we implement several countermeasures and show that evaluating leakage on hardware is critical to understand the effectiveness of a countermeasure.
20 November 2021
David Heath, Vladimir Kolesnikov, Rafail Ostrovsky
ePrint ReportWe present the first GRAM suitable for practice. For computational security parameter $\kappa$ and for a size-$n$ RAM that stores blocks of size $w = \Omega(\log^2 n)$ bits, our GRAM incurs amortized $O(w \cdot \log^2 n \cdot \kappa)$ communication and computation per access. We evaluate the concrete cost of our GRAM; our approach outperforms trivial linear-scan-based RAM for as few as $512$ $128$-bit elements.
Revisiting Mutual Information Analysis: Multidimensionality, Neural Estimation and Optimality Proofs
Valence Cristiani, Maxime Lecomte, Philippe Maurine
ePrint ReportWeikeng Chen, Katerina Sotiraki, Ian Chang, Murat Kantarcioglu, Raluca Ada Popa
ePrint ReportWe present HOLMES, a platform for expressing and performing statistical tests securely and efficiently. Using HOLMES, parties can perform well-known statistical tests or define new tests. For efficiency, instead of performing such tests naively in SMPC, HOLMES blends together zero-knowledge proofs (ZK) and SMPC protocols, based on the insight that most computation for statistical tests is local to the party who provides the data.
High-dimensional tests are critical for detecting malicious inputs but are prohibitively expensive in secure computation. To reduce this cost, HOLMES provides a new secure dimensionality reduction procedure tailored for high-dimensional statistical tests. This new procedure leverages recent development of algebraic pseudorandom functions.
Our evaluation shows that, for a variety of statistical tests, HOLMES is 18x to 40x more efficient than naively implementing the statistical tests in a generic SMPC framework.
Nai-Hui Chia, Kai-Min Chung, Xiao Liang, Takashi Yamakawa
ePrint ReportOur techniques also yield the following set of constant-round and black-box two-party protocols secure against QPT adversaries, only assuming black-box access to PQ-OWFs:
- extractable commitments for which the extractor is also an $\epsilon$-simulator;
- $\epsilon$-zero-knowledge commit-and-prove whose commit stage is extractable with $\epsilon$-simulation;
- $\epsilon$-simulatable coin-flipping;
- $\epsilon$-zero-knowledge arguments of knowledge for $NP$ for which the knowledge extractor is also an $\epsilon$-simulator;
- $\epsilon$-zero-knowledge arguments for $QMA$.
At the heart of the above results is a black-box extraction lemma showing how to efficiently extract secrets from QPT adversaries while disturbing their quantum state in a controllable manner, i.e., achieving $\epsilon$-simulatability of the after-extraction state of the adversary.
Ziaur Rahman, Ibrahim Khalil, Xun Yi, Mohammed Atiquzzaman
ePrint ReportSaba Eskandarian, Dan Boneh
ePrint ReportWe implement our shuffling protocol in a system called Clarion and find that it outperforms a mixnet made up of a sequence of verifiable (single-server) shuffles by $9.2\times$ for broadcasting small messages and outperforms the MCMix conversation protocol by $11.8\times$.
Gang Wang, Mark Nixon
ePrint ReportSmile Markovski, Vesna Dimitrova, Zlatka Trajcheska, Marija Petkovska, Mile Kostadinoski, Damjan Buhov
ePrint ReportFor now, we are considering only the quasigroups of order 4. Constructions with quasigroups of higher order and examination of the strengths and weaknesses of this design will be considered in next papers.
Mila Anastasova, Mojtaba Bisheh-Niasar, Reza Azarderakhsh, Mehran Mozaffari Kermani
ePrint ReportGideon Samid
ePrint Report18 November 2021
Leuven, Belgium, 12 April - 14 April 2022
Event CalendarSubmission deadline: 15 December 2021
Notification: 4 February 2022
Stevens Institute of Technology, Hoboken, NJ, USA
Job PostingApplicants should have earned a Ph.D. in computer science or a related discipline. Candidates are expected to demonstrate a commitment to teaching and mentorship at both the undergraduate and graduate levels, including working with students from underrepresented groups. Successful candidates will have the potential to develop an externally funded research program, supervise graduate students in research, and contribute to the highly interdisciplinary, collaborative, diverse, innovative, and entrepreneurial culture at Stevens. Candidates applying at the rank of Associate or Full should have a track record of success in scholarship, funded research, teaching, mentoring, and contributing to diversity, equity, and inclusion.
Closing date for applications:
Contact: Search Committee Chairs, Samantha Kleinberg (samantha.kleinberg@stevens.edu) and Yue Ning (yue.ning@stevens.edu)
More information: https://academicjobsonline.org/ajo/jobs/20329
Apple Inc, Santa Clara Valley, California, USA
Job PostingApply to join the team!
You can find details about the position and how to apply in the linked page.
Closing date for applications:
Contact: Yannick Sierra
More information: https://jobs.apple.com/en-us/details/200312812/cryptographic-engineer?team=SFTWR
University of Houston - Downtown, Houston, Texas
Job PostingClosing date for applications:
Contact: -
More information: https://uhs.taleo.net/careersection/ex3_uhdf/jobdetail.ftl?job=FAC002130&tz=GMT-05%3A00&tzname=America%2FChicago
University of Bergen
Job PostingClosing date for applications:
Contact: Prof. Lilya Budaghyan
More information: https://www.jobbnorge.no/en/available-jobs/job/215372/postdoctoral-research-fellow-position-in-informatics-cryptography