International Association
for Cryptologic Research

The Department of Computer Science and Engineering Technology at the University of Houston–Downtown (UHD) invites applications for multiple tenure-track faculty positions in Computer Science. Depending on the applicant's qualifications, the position can be at Assistant or Associate Professor level. We are looking for outstanding candidates with expertise in area of Artificial Intelligence (AI), Machine Learning or Cybersecurity. The appointment will start in January 2023. Candidates will be expected to teach at the undergraduate and graduate levels, establish an externally funded research program and provide service and leadership to the campus and the scientific community. UHD values diversity, equity and inclusion and is committed to hiring faculty who share these values. To be considered, candidates must describe their experience and future plans to promote equity and inclusion in teaching, mentoring and research. Financial and in-kind resources will be made available to faculty who promote equity and inclusion at UHD, and their work will be recognized as important university service during the faculty promotion process.

Closing date for applications:

Contact: jobs@uhd.edu

More information: https://uhs.taleo.net/careersection/ex3_uhdf/jobdetail.ftl?job=FAC002415&tz=GMT-05%3A00&tzname=America%2FChicago

Award for Excellence in the Field of Mathematics, Co-Sponsored by IACR

Each year, RSA Conference recognizes noteworthy work in cryptography and mathematics. Award recipients are determined by an esteemed judging committee who seek to recognize innovation and ongoing contributions to the industry. Dozens of nominated individuals from affiliated organizations, universities or research labs compete each year for this award.

Recipients of the RSA Conference 2022 Excellence in the Field of Mathematics award are:

Professors Cynthia Dwork and Moni Naor
Cynthia Dwork, a professor of Computer Science at the John A. Paulson School of Engineering and Applied Sciences at Harvard University and a Distinguished Scientist at Microsoft Research, is known for establishing the pillars on which every fault-tolerant system has been built atop for decades. Her innovations modernized cryptography to cope with the ungoverned interactions of the internet through the development of non-malleable cryptography, formed the basis of crypto currencies through proofs of work, placed privacy-preserving data analysis on a firm mathematical foundation, and ensures statistical validity in exploratory data analysis, through differential privacy.

"RSA Conference is an important venue for the exchange of ideas in the cybersecurity ecosystem. I am deeply honored to join the ranks of past recipients of this prestigious award that recognizes foundational research," said Dwork. "The threats to privacy have never been greater, and advancements in technology means more cybersecurity risk. My research, work, students, and university will continue to play a key role in helping innovation preserve these values."

Moni Naor is a professor of Computer Science at the Weizmann Institute of Science in Israel specializing in Cryptography and Complexity. He is well known for his work connecting cryptography and data structure in adversarial environments. In 1992, he collaborated with Cynthia Dwork on "Proofs of Work" to combat denial-of-service attacks and other service abuses, such as spam, which is now famous for its use with Bitcoin and blockchain technologies. He has proposed other fundamental concepts that are at the heart of today's cryptography, including non-malleability, broadcast encryption, tracing traitors, small bias probability, and the efficiency of falsifying assumptions.

"The RSA Conference Excellence in the Field of Mathematics Awards has a long list of impressive and impactful recipients dating back to 1998 with Shafi Goldwasser receiving it. I am honored to say that I am now part of the amazing group of cryptographers who have received it," said Naor. "I strongly believe advancements in the field of cryptography will continue to prove necessary as digital communication and usage accelerates. I remain dedicated to making a lasting impact in the field."

“The IACR is proud to join RSAC in co-sponsoring the Excellence in the Field of Mathematics Award. As the worldwide professional society for researchers in cryptography and cryptanalysis, we are dedicated to recognizing individuals who have excelled in our field and advancing awareness of the role cryptology plays in a modern, digitally connected life,” said Michel Abdalla, President, IACR. “This year we celebrate the work of Professors Dwork and Naor, and the impact they individually and collectively have had on the cryptography industry and cybersecurity at large.”

RSA Conference and IACR presented the Excellence Award in the Field of Mathematics Award on Tuesday, June 7, 2022.

We revisit the question of minimizing the randomness complexity of protocols for secure multiparty computation (MPC) in the setting of perfect information-theoretic security. Kushilevitz and Mansour (SIAM J. Discret. Math., 1997) studied the case of $n$-party semi-honest MPC for the XOR function with security threshold $t
We essentially close the question by proving an $\Omega(t^2)$ lower bound on the randomness complexity of XOR, matching the previous upper bound up to a logarithmic factor (or constant factor when $t=\Omega(n)$). We also obtain an explicit protocol that uses $O(t^2\cdot\log^2n)$ random bits, matching our lower bound up to a polylogarithmic factor. We extend these results from XOR to general symmetric Boolean functions and to addition over a finite Abelian group, showing how to amortize the randomness complexity over multiple additions.

Finally, combining our techniques with recent randomness-efficient constructions of private circuits, we obtain an explicit protocol for evaluating a general circuit $C$ using only $O(t^2\cdot\log |C|)$ random bits, by employing additional ``helper parties'' who do not contribute any inputs. This upper bound too matches our lower bound up to a logarithmic factor.

Garbled Circuit (GC) is the main practical 2PC technique, yet despite great interest in its performance, GC notoriously resists improvement. Essentially, we only know how to evaluate GC functions gate-by-gate using encrypted truth tables; given input labels, the GC evaluator decrypts the corresponding output label.

Interactive protocols enjoy more sophisticated techniques. For example, we can expose to a party a (masked) private value. The party can then perform useful local computation and feed the resulting cleartext value back into the MPC. Such techniques are not known to work for GC.

We show that it is, in fact, possible to improve GC efficiency, while keeping its round complexity, by exposing masked private values to the evaluator. Our improvements use garbled one-hot encodings of values. By using this encoding we improve a number of interesting functions, e.g., matrix multiplication, integer multiplication, field element multiplication, field inverses and AES S-Boxes, integer exponents, and more. We systematize our approach by providing a framework for designing such GC modules.

Our constructions are concretely efficient. E.g., we improve binary matrix multiplication inside GC by more than $6\times$ in terms of communication and by more than $4\times$ in terms of WAN wall-clock time.

Our improvement circumvents an important GC lower bound and may open GC to further improvement.

Arecentlineofwork, Stacked Garbled Circuit(SGC), showed that Garbled Circuit (GC) can be improved for functions that include conditional behavior. SGC relieves the communication bottleneck of 2PC by only sending enough garbled material for a single branch out of the b total branches. Hence, communication is sublinear in the circuit size. However, both the evaluator and the generator pay in computation and perform at least factor $\log b$ extra work as compared to standard GC.

We extend the sublinearity of SGC to also include the work performed by the GC evaluator E; thus we achieve a fully sublinear E, which is essential when optimizing for the online phase. We formalize our approach as a garbling scheme called GCWise: GC WIth Sublinear Evaluator.

We show one attractive and immediate application, Garbled PIR, a primitive that marries GC with Private Information Retrieval. Garbled PIR allows the GC to non-interactively and sublinearly access a privately indexed element from a publicly known database, and then use this element in continued GC evaluation.

Nakamoto's consensus protocol works in a permissionless model, where nodes can join and leave without notice. However, it guarantees agreement only probabilistically. Is this weaker guarantee a necessary concession to the severe demands of supporting a permissionless model? This paper shows that, at least in a benign failure model, it is not. It presents Sandglass, the first permissionless consensus algorithm that guarantees deterministic agreement and termination with probability 1 under general omission failures. Like Nakamoto, Sandglass adopts a hybrid synchronous communication model, where, at all times, a majority of nodes (though their number is unknown) are correct and synchronously connected, and allows nodes to join and leave at any time.

Katz et al., CCS 2018 (KKW) is a popular and efficient MPC-in-the-head non-interactive ZKP (NIZK) scheme, which is the technical core of the post-quantum signature scheme Picnic, currently considered for standardization by NIST. The KKW approach simultaneously is concretely efficient, even on commodity hardware, and does not rely on trusted setup. Importantly, the approach scales linearly in the circuit size with low constants with respect to proof generation time, proof verification time, proof size, and RAM consumption. However, KKW works with Boolean circuits only and hence incurs significant cost for circuits that include arithmetic operations.

In this work, we extend KKW with a suite of efficient arithmetic operations over arbitrary rings and Boolean conversions. Rings $\mathbb{Z}_{2^k}$ are important for NIZK as they naturally match the basic operations of modern programs and CPUs. In particular, we: * present a suitable ring representation consistent with KKW, * construct efficient conversion operators that translate between arith- metic and Boolean representations, and * demonstrate how to efficiently operate over the arithmetic representation, including a vector dot product of length-n vectors with cost equal to that of a single multiplication. These improvements substantially improve KKW for circuits with arithmetic. As one example, we can multiply 100 × 100 square matrices of 32-bit numbers using a 3200x smaller proof size than standard KKW (100x improvement from our dot product construction and 32x from moving to an arithmetic representation).

We discuss in detail proof size and resource consumption and argue the practicality of running large proofs on commodity hardware.

This article develops a novel method of generating ``independent'' points on an ordinary elliptic curve $E$ over a finite field. Such points are actively used in the Pedersen vector commitment scheme and its modifications. In particular, the new approach is relevant for Pasta curves (of $j$-invariant $0$), which are very popular in the given type of elliptic cryptography. These curves are defined over highly $2$-adic fields, hence successive generation of points via a hash function to $E$ is an expensive solution. Our method also satisfies the NUMS (Nothing Up My Sleeve) principle, but it works faster on average. More precisely, instead of finding each point separately in constant time, we suggest to sample several points at once with some probability.

Secure machine learning (ML) inference can provide meaningful privacy guarantees to both the client (holding sensitive input) and the server (holding sensitive weights of the ML model) while realizing inference-as-a-service. Although many specialized protocols exist for this task, including those in the preprocessing model (where a majority of the overheads are moved to an input independent offline phase), they all still suffer from large online complexity. Specifically, the protocol phase that executes once the parties know their inputs, has high communication, round complexity, and latency. Function Secret Sharing (FSS) based techniques offer an attractive solution to this in the trusted dealer model (where a dealer provides input independent correlated randomness to both parties), and 2PC protocols obtained based on these techniques have a very lightweight online phase. Unfortunately, current FSS-based 2PC works (AriaNN, PoPETS 2022; Boyle et al. Eurocrypt 2021; Boyle et al. TCC 2019) fall short of providing a complete solution to secure inference. First, they lack support for math functions (e.g., sigmoid, and reciprocal square root) and hence, are insufficient for a large class of inference algorithms (e.g. recurrent neural networks). Second, they restrict all values in the computation to be of the same bitwidth and this prevents them from benefitting from efficient float-to-fixed converters such as Tensorflow Lite that crucially use low bitwidth representations and mixed bitwidth arithmetic. In this work, we present LLAMA -- an end-to-end, FSS based, secure inference library supporting precise low bitwidth computations (required by converters) as well as provably precise math functions; thus, overcoming all the drawbacks listed above. We perform an extensive evaluation of LLAMA and show that when compared with non-FSS based libraries supporting mixed bitwidth arithmetic and math functions (SIRNN, IEEE S&P 2021), it has at least an order of magnitude lower communication, rounds, and runtimes. We integrate LLAMA with the EzPC framework (IEEE EuroS&P 2019) and demonstrate its robustness by evaluating it on large benchmarks (such as ResNet-50 on the ImageNet dataset) as well as on benchmarks considered in AriaNN -- here too LLAMA outperforms prior work.

As the most dominant authentication mechanism, password-based authentication suffers catastrophic offline password guessing attacks once the authentication server is compromised and the password database is leaked. Password hardening (PH) service, an external/third-party crypto service, has been recently proposed to strengthen password storage and reduce the damage of authentication server compromise. However, all existing schemes are unreliable because they overlook the important restorable property: PH service opt-out. In existing PH schemes, once the authentication server has subscribed to a PH service, it must adopt this service forever, even if it wants to stop the external/third-party PH service and restore its original password storage (or subscribe to another PH service).

To fill the gap, we propose a new PH service called PW-Hero that equips its PH service with an option to terminate its use (i.e., opt-out). In PW-Hero, password authentication is strengthened against offline attacks by adding external secret spices to password records. With the opt-out property, authentication servers can proactively request to end the PH service after successful authentications. Then password records can be securely migrated to their traditional salted hash state, ready for subscription to other PH services. Besides, PW-Hero achieves all existing desirable properties, such as comprehensive verifiability, rate limits against online attacks, and user privacy. We define PW-Hero as a suite of protocols that meet desirable properties and build a simple, secure, and efficient instance. Moreover, we develop a prototype implementation and evaluate its performance, which shows the practicality of our PW-Hero service.

It is well-known that in the presence of majority coalitions, strongly fair coin toss is impossible. A line of recent works have shown that by relaxing the fairness notion to game theoretic, we can overcome this classical lower bound. In particular, Chung et al. (CRYPTO'21) showed how to achieve approximately (game-theoretically) fair leader election in the presence of majority coalitions, with round complexity as small as $O(\log \log n)$ rounds.

In this paper, we revisit the round complexity of game-theoretically fair leader election. We construct $O(\log^* n)$ rounds leader election protocols that achieve $(1-o(1))$-approximate fairness in the presence of $(1-o(1)) n$-sized coalitions. Our protocols achieve the same round-fairness trade-offs as Chung et al.'s and have the advantage of being conceptually simpler. Finally, we also obtain game-theoretically fair protocols for committee election which might be of independent interest.