IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
02 March 2022
Zama, Paris, France
Job PostingWe believe this experience will train the candidate both on the research and the implementation side, since he/she/they will work with a team of cryptographers and will implement the results in an open source library that is used by the community.
Preferred experience. He / She / They should:
- already be a PhD student,
- have a solid background in cryptography, possibly with some knowledge in FHE,
- have some development experience, possibly with a background in Rust,
- be passionate about privacy, open source and willing to learn,
- have a problem-solving attitude,
- have good communication skills.
Closing date for applications:
Contact: To know more about the job offer and to apply, visit https://www.welcometothejungle.com/en/companies/zama/jobs/intern-research-and-concrete-lib-summer_paris?q=62533b0c4028334941d506e9b41b0004&o=918987&e=companies_jobs
Zama, Paris, France
Job Posting- discovering new cryptographic techniques to compute on encrypted data,
- working with the engineering and product teams to implement his/her/their research into our products,
- design robust tests and benchmarks to validate his/her/their research and its implementation,
- review the latest published research, and inform the team on potential new applications,
- work with the entire team to define the research and product roadmaps,
- publishing papers, filing patents and presenting his/her/their work at academic conferences.
Preferred experience. We are looking for different experience profiles for this position, from young researchers (right after the end of the PhD) to more senior ones. He/she/they should:
- have a PhD in cryptography or equivalent,
- have deep knowledge of homomorphic encryption,
- have (optionally) knowledge of LWE hardness and security,
- have (optionally) knowledge of machine learning,
- be passionate about privacy and open source software,
- have good written and oral communication skills.
Closing date for applications:
Contact: To know more about the job offer and to apply, visit https://www.welcometothejungle.com/en/companies/zama/jobs/senior-researcher-cryptography_paris?q=62533b0c4028334941d506e9b41b0004&o=341359&e=companies_jobs
More information: https://www.welcometothejungle.com/en/companies/zama/jobs/senior-researcher-cryptography_paris?q=62533b0c4028334941d506e9b41b0004&o=341359&e=companies_jobs
University College Cork, Ireland
Job PostingThe Insight SFI Research Centre for Data Analytics invites applications for a Post-Doctoral Researcher position in the area of Security/Privacy and Data Analytics. The successful candidate will work under the supervision of Dr Paolo Palmieri, Lecturer in Cyber Security, and Prof. Barry O’Sullivan, Professor of Computer Science, in the School of Computer Science & Information Technology, University College Cork, Ireland.
The Post-Doctoral Researcher will work primarily on an industry project with a leading industry partner in the area of privacy and security. The position is initially for an 18-month fixed-term period, and may subsequently lead to other research opportunities with industry/academic partners. Funding for conferences and equipment is available as part of the project.
The ideal applicant holds a PhD in Computer Science or related disciplines and has experience in cyber security and privacy research. He/She has a good track record in relevant conferences and journals and has research experience in one or more of the following research areas: differential privacy, anonymity, re-identification, secure composition and/or cryptography. Previous experience in working with industry partners is an asset.
This position is part of the Science Foundation Ireland newly launched Empower Spoke which is a new €10 million academic and industry research programme, designed to future proof EU data flows and drive innovations in data protection internationally.
Closing date for applications:
Contact: Informal inquiries can be made in confidence to Dr. Paolo Palmieri, at: p.palmieri@cs.ucc.ie
Applications should be submitted through the University portal at https://ore.ucc.ie/ (search for reference number: 054451)
Deadline: March 18, 2022 at 12:00 (noon) Irish time.
More information: http://security.ucc.ie/vacancies.html
Aldo Gunsing
ePrint ReportWe next demonstrate how the negative effects on the security bound of the construction by Daemen et al. can be resolved. Instead of only allowing a truncated output, we generalize the construction to allow for any finalization function and investigate the security of this for five different types of finalization. Our findings, among others, show that the security of the SHA-2 mode does not degrade if the feed-forward is dropped and that the modern BLAKE3 construction is secure in principle but that its use of the extendable output requires its counter used for random access to be public. Finally, we introduce the tree sponge, a generalization of the sequential sponge construction with parallel absorbing and squeezing.
Adi Akavia, Craig Gentry, Shai Halevi, Margarita Vald
ePrint ReportWe present a CPA-secure encryption scheme that is completely insecure in this setting. We define a new notion of security, called funcCPA, that we prove is sufficient. Additionally, we show:
- Homomorphic encryption schemes that have a certain type of circuit privacy -- for example, schemes in which ciphertexts can be ``sanitized''-- are funcCPA-secure.
- In particular, assuming certain existing HE schemes are CPA-secure, they are also funcCPA-secure.
- For certain encryption schemes, like Brakerski-Vaikuntanathan, that have a property that we call oblivious secret key extraction, funcCPA-security implies circular security -- i.e., that it is secure to provide an encryption of the secret key in a form usable for bootstrapping (to construct fully homomorphic encryption).
In summary, funcCPA-security lies strictly between CPA-security and CCA2-security (under reasonable assumptions), and has an interesting relationship with circular security, though it is not known to be equivalent.
Shafik Nassar, Ron D. Rothblum
ePrint Report\item Second, we give a barrier for obtaining succinct IOPs for more general NP relations. In particular, we show that if a language has a succinct IOP, then it can be decided in \textit{space} that is proportionate only to the witness length, after a bounded-time probabilistic preprocessing. We use this result to show that under a simple and plausible (but to the best of our knowledge, new) complexity-theoretic conjecture, there is no succinct IOP for CSAT. \end{itemize}
Jung Hee Cheon, Wootae Kim, Jai Hyun Park
ePrint ReportIn this work, we introduce domain extension polynomials (DEPs) that extend the domain interval of functions by a factor of $k$ while preserving the feature of the original function on its original domain interval. By repeatedly iterating the domain-extension process with DEPs, we can extend with $O(\log{K})$ multiplications the domain of given function by a factor of $K$ while the feature of the original function is preserved on its original domain interval.
By using DEPs, we can efficiently evaluate in encrypted state a function that converges at infinities. To uniformly approximate the function on $[-R,R]$, our method exploits $O(\log{R})$ multiplications and $O(1)$ memory. This is more efficient than the current best approach, the minimax approximation and Paterson-Stockmeyer algorithm, which uses $O(\sqrt{R})$ multiplications and $O(\sqrt{R})$ memory for the evaluation. As another application of DEPs, we also suggest a method to manage the risky outliers from a wide interval $[-R,R]$ by using $O(\log{R})$ additional multiplications.
As a real-world application, we exploit our uniform approximation of the logistic function on wide intervals to logistic regression. We trained the model on large public datasets in encrypted state using the polynomial approximation of the logistic function on $[-7683,7683]$.
Tron Omland, Pantelimon Stanica
ePrint ReportIftach Haitner, Noam Mazor, Jad Silbak
ePrint ReportWe advance towards a better understating of this notion, showing that a k-incompressible distribution has (k−2) bits of next-block pseudoentropy, a refinement of pseudoentropy introduced by Haitner, Reingold, and Vadhan [SICOMP ’13]. We deduce that a samplable distribution X that is (H(X) + 2)-incompressible, implies the existence of one-way functions.
Robin Salen, Vijaykumar Singh, Vladimir Soukharev
ePrint ReportKrijn Reijnders, Simona Samardjiska, Monika Trimoska
ePrint ReportNeal Koblitz, Subhabrata Samajder, Palash Sarkar, Subhadip Singha
ePrint ReportThomas Pornin
ePrint ReportAdi Akavia, Neta Oren, Boaz Sapir, Margarita Vald
ePrint Report1) *Compact storage* with zero overhead over storing AES ciphertexts, and $10\times$ to $10,000\times$ better than storing CKKS ciphertexts.
2) *Fast runtime performance* for storage and retrieval, only twice the time of directly storing and retrieving HE ciphertexts.
3) *Dynamic control during retrieval* of the HE parameters and the data items to be packed in each HE ciphertext.
4) *Plug-and-play compatibility* with any homomorphic computation.
We implemented our solution into a proof-of-concept system running on AWS EC2 instances with AWS S3 storage, empirically demonstrating its appealing performance. As a central tool we introduce the first perfect secret sharing scheme with fast homomorphic reconstruction over the reals; this may be of independent interest.
Shingo Sato, Junji Shikata
ePrint ReportAlexander May, Julian Nowakowski, Santanu Sarkar
ePrint ReportLet $ed_p = 1 + k(p-1)$ and $ed_q = 1 + \ell(q-1)$. On the technical side, we find the factorization of $N$ in a novel two-step approach. In a first step we recover $k$ and $\ell$ in polynomial time, in the MSB case completely elementary and in the LSB case using Coppersmith's lattice-based method. We then obtain the prime factorization of $N$ by computing the root of a univariate polynomial modulo $kp$ for our known $k$. This can be seen as an extension of Howgrave-Graham's {\em approximate divisor} algorithm to the case of {\em approximate divisor multiples} for some known multiple $k$ of an unknown divisor $p$ of $N$. The point of {\em approximate divisor multiples} is that the unknown that is recoverable in polynomial time grows linearly with the size of the multiple $k$.
Our resulting Partial Key Exposure attack with known MSBs is completely rigorous, whereas in the LSB case we rely on a standard Coppersmith-type heuristic. We experimentally verify our heuristic, thereby showing that in practice we reach our asymptotic bounds already using small lattice dimensions. Thus, our attack is highly efficient.