IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
14 June 2022
Yanxue Jia, Shi-Feng Sun, Hong-Sheng Zhou, Dawu Gu
ePrint ReportIn this work, to enable a better understanding of the security for PSU, we provide a systematic treatment of the typical PSU protocols, which may shed light on the design of practical and secure PSU protocols in the future. More specifically, we define different versions of PSU functionalities to properly capture the subtle security issues arising from protocols following the ``split-execute-assemble'' paradigm and using Oblivious Transfer as subroutines. Then, we survey the typical PSU protocols, and categorize these protocols into three design frameworks, and prove what PSU functionality the protocols under each framework can achieve at best, in the semi-honest setting.
Subhadeep Banik
ePrint ReportMarius A. Aardal, Diego F. Aranha
ePrint ReportMore Inputs Makes Difference: Implementations of Linear Layers Using Gates with More Than Two Inputs
Qun Liu, Weijia Wang, Ling Sun, Yanhong Fan, Lixuan Wu, Meiqin Wang
ePrint ReportWe improve the previous implementations of linear layers for many block ciphers according to the area with these search algorithms. For example, we achieve a better implementation with 4-input xor gates for AES MixColumns, which only requires 243 GE in the STM 130 nm library, while the previous public result is 258.9 GE. Besides, we obtain better implementations for all 5500 lightweight matrices proposed by Li et al. at FSE 2019, and the area for them is decreased by about 21% on average.
Gennaro Avitabile, Vincenzo Botta, Daniele Friolo, Ivan Visconti
ePrint ReportThe main contribution of our work is an efficient and modular transformation that starting from a large class of $\Sigma$-protocols and a corresponding threshold relation $\mathcal{R}_\mathsf{k,\ell}$, provides an efficient $\Sigma$-protocol for $\mathcal{R}_\mathsf{k,\ell}$ with improved communication complexity w.r.t. prior results. Moreover, our transformation preserves statistical/perfect honest-verifier zero knowledge.
Throwing Boomerangs into Feistel Structures: Application to CLEFIA, WARP, LBlock, LBlock-s and TWINE
Hosein Hadipour, Marcel Nageler, Maria Eichlseder
ePrint ReportZhimei Sui, Joseph K. Liu, Jiangshan Yu, Xianrui Qin
ePrint ReportDavid Mestel, Johannes Mueller, Pascal Reisert
ePrint ReportDespite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are.
We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion.
Our results demonstrate that replay attacks can be devastating for a voter's privacy even when an adversary's resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat.
Samed Düzlü, Juliane Krämer
ePrint ReportVincent Cheval, Charlie Jacomme, Steve Kremer, Robert Künnemann
ePrint Report13 June 2022
Technology Innovation Institute (TII) - Abu Dhabi, UAE
Job PostingTechnology Innovation Institute (TII) is a publicly funded research institute, based in Abu Dhabi, United Arab Emirates. It is home to a diverse community of leading scientists, engineers, mathematicians, and researchers from across the globe, transforming problems and roadblocks into pioneering research and technology prototypes that help move society ahead.
Cryptography Research Centre
In our connected digital world, secure and reliable cryptography is the foundation of digital information security and data integrity. We address the world’s most pressing cryptographic questions. Our work covers post-quantum cryptography, lightweight cryptography, cloud encryption schemes, secure protocols, quantum cryptographic technologies and cryptanalysis.
Position: Cryptography / Cybersecurity Engineer
Skills required for the job
Qualifications
Closing date for applications:
Contact:
Mehdi Messaoudi - Talent Acquisition Manager
Email: mehdi.messaoudi@tii.ae
More information: https://www.tii.ae/cryptography
Nanyang Technological University, Singapore
Job Posting- tool aided cryptanalysis, such as MILP, CP, STP, and SAT
- machine learning aided cryptanalysis and designs
- privacy-preserving friendly symmetric-key designs
- quantum cryptanalysis
- provable security
- cryptanalysis against SHA-2, SHA-3, and AES
- threshold cryptography
Closing date for applications:
Contact: Jian Guo, guojian@ntu.edu.sg, with subject [IACR-CATF]
More information: https://team.crypto.sg
University of Primorska
Job PostingClosing date for applications:
Contact: enes.pasalic@famnit.upr.si and nastja.cepak@iam.upr.si
More information: https://kripto.famnit.upr.si/post/yr2022/
Ruhr-University Bochum, Germany
Job Posting- Trustworthy Machine Learning for Privacy & Security
- FAccT (Fairness, Accountability, Transparency)
- Technology Policy, Privacy Law & Data Science
- Ethics & AI
- Human-AI Collaborative Decision Making.
Closing date for applications:
Contact: Prof. Christof Paar
More information: https://www.informatik.rub.de/en
Ruhr-University Bochum, Germany
Job Posting- Computational Social Science
- Social Computing and Computing Mediated Collaborative Work
- Economics & Incentives in Computing and Privacy
- Usable Security.
Closing date for applications:
Contact: Prof. Christof Paar
More information: https://www.informatik.rub.de/en
09 June 2022
University of Birmingham, UK
Job PostingThis is an exciting opportunity to join the University of Birmingham’s Centre for Cyber Security and Privacy on the EPSRC-funded project ‘CAP-TEE: Capability Architectures in Trusted Execution’.
In this project, we use capability architectures (as e.g. developed by the CHERI project) to protect TEEs against such state-of-the-art attacks. We address a wide range of threats from software vulnerabilities such as buffer overflows to sophisticated hardware attacks like fault injection. CAP-TEE will provide a strong, open-source basis for the future generation of more secure TEEs.
You'll be working on state-of-the-art hardware prototypes like the ARM Morello board.
We're looking for a candidate with a PhD or equivalent industry experience e.g. in cyber security, computer science, or electrical engineering. You should have strong experience in writing system level or low-level code in programming languages such as C, C++, or Rust. Experience in a relevant area such as embedded systems, automotive security, binary analysis, or fuzzing would be a strong asset.
For informal enquiries, contact Prof David Oswald (d.f.oswald@bham.ac.uk). To apply online until 30 June 2022, use the following URL:
https://bham.taleo.net/careersection/external/jobdetail.ftl?job=2200011F&tz=GMT%2B01%3A00&tzname=Europe%2FLondon
Closing date for applications:
Contact: Prof David Oswald
Email: d.f.oswald@bham.ac.uk
Twitter: @sublevado
More information: https://bham.taleo.net/careersection/external/jobdetail.ftl?job=2200011F&tz=GMT%2B01%3A00&tzname=Europe%2FLondon
Luxembourg Institute of Science and Technology, Luxembourg
Job PostingThe position is initially for one year and can be extended to more years, with a possibility to become a permanent one. More information is here: https://app.skeeled.com/offer/626f93074cdf6edb5e80e400?utm_id=60fed4c509c80d16d1bbe536&utm_medium=OFFERS_PORTAL&language=en&show_description=true
Closing date for applications:
Contact: Dr. Qiang Tang (qiang.tang@list.lu)
Karlsruhe Institute of Technology, SECUSO - Security, Usability, Society; Karlsruhe, Germany
Job PostingJob Description
The interdisciplinary research group SECUSO (Security - Usability - Society) is offering a research associate position. The research group is active in various areas of Human Factors in Security & Privacy. Awareness and training measures as well as usable tools and interfaces are designed, developed, and evaluated. To this end, various – primarily empirical – methods are used as part of the “Human Centered Security & Privacy by Design” approach. Current topics include cookie banners, authentication on AR/VR glasses, verifiable online voting systems, notification studies, security UI patterns, and explainability of security solutions and guarantees.
You will conduct research in the field of Human Factors in Security & Privacy. This includes, for example, the conducting interviews, focus groups, online/laboratory or field studies. The results of your research will then be published and presented at international conferences. In addition to research work, you will also be involved in teaching activities and scientific administration, which also includes the organization of events.
Personal Qualification
You have a degree (Master/Diploma (University)) in computer science, business informatics, media informatics, industrial engineering, mathematics, communication sciences, psychology, or related areas. You have attended lectures on security or usability and you are interested in the research area Human Factors in Security & Privacy and have already gained experience in interdisciplinary work. Furthermore, you convince with a high level of self-motivation and the ability to work in a team. Programming experience in the context of creating mockups and experience in conducting qualitative and quantitative studies is an advantage. Very good written and spoken German and English skills complete your profile.
Salary category 13, depending on the fulfillment of professional and personal requirements.
Closing date for applications:
Contact: Prof. Dr. Melanie Volkamer, phone: 0721 608-45045
More information: https://www.pse.kit.edu/english/karriere/joboffer.php?id=145583
Tokyo Institute of Technology, School of Computing, Tokyo, Japan
Job PostingJob Description: Research and education at Department of Mathematical and Computing Science. Assigned tasks on management of the department.
Closing date for applications:
Contact: Keisuke Tanaka, Professor, Associate Chair of Department of Mathematical and Computing Science, School of Computing (Email: keisuke@is.titech.ac.jp)
More information: https://jrecin.jst.go.jp/seek/SeekJorDetail?fn=3&dt=1&id=D122060173&ln_jor=1
Lawrence Roy, Stanislav Lyakhov, Yeongjin Jang, Mike Rosulek
ePrint ReportIn this work we introduce a new public-key authentication method for SSH that reveals essentially the minimum possible amount of information. With our new method, the server learns only whether the client knows the private key for some authorized public key. If multiple keys are authorized, the server does not learn which one the client used. The client cannot learn whether the server recognizes public keys belonging to other users. Unlike traditional SSH authentication, our method is fully deniable. Our new method also makes it harder for a malicious server to intercept first-use SSH connections on a large scale.
Our method supports existing SSH keypairs of all standard flavors — RSA, ECDSA, EdDSA. It does not require users to generate new key material. As in traditional SSH authentication, clients and servers can use a mixture of different key flavors in a single authentication session.
We integrated our new authentication method into OpenSSH, and found it to be practical and scalable. For a typical client and server with at most 10 ECDSA/EdDSA keys each, our protocol requires 9 kB of communication and 12.4 ms of latency. Even for a client with 20 keys and server with 100 keys, our protocol requires only 12 kB of communication and 26.7 ms of latency.