IACR News
If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.
Here you can see all recent updates to the IACR webpage. These updates are also available:
29 June 2022
CISPA Helmholtz Center for Information Security
Closing date for applications:
Contact: Julian Loss
More information: https://www.julianloss.com
University of Tübingen, Department of Computer Science; Tübingen, Germany
Research Topics: Development and analysis of provably secure solutions for real-world problems. Topics of interest include (but are not limited to): privacy-enhancing technologies, privacy-preserving machine learning, efficient operations on encrypted data, processing of encrypted data in outsourced and untrusted environments, and TEE security and development.
Requirements: Master’s degree in Computer Science, Mathematics, or a related area by the time of appointment. Knowledge or interest in the areas of cryptography and machine learning.
Closing date for applications:
Contact: Mete Akgün
CRAN, LORIA, Nancy, France
Closing date for applications:
Contact: To apply for the position or get further information, you must write to gilles.millerioux@univ-lorraine.fr and marine.minier@loria.fr with copies of your CV and motivation letter. Deadline for application: As Soon As Possible Start of contract: September 1st, 2022 (negotiable)
More information: https://www.univ-lorraine.fr/lue/les-projets-impact/digitrust/
James Bartusek, Yael Tauman Kalai, Alex Lombardi, Fermi Ma, Giulio Malavolta, Vinod Vaikuntanathan, Thomas Vidick, Lisa Yang
At a technical level, we revisit the framework for constructing classically verifiable quantum computation (Mahadev, FOCS '18). We give a self-contained, modular proof of security for Mahadev's protocol, which we believe is of independent interest. Our proof readily generalizes to a setting in which the verifier's first message (which consists of many public keys) is compressed. Next, we formalize this notion of compressed public keys; we view the object as a generalization of constrained/programmable PRFs and instantiate it based on indistinguishability obfuscation.
Finally, we compile the above protocol into a fully succinct argument using a (sufficiently composable) succinct argument of knowledge for NP. Using our framework, we achieve several additional results, including
- Succinct arguments for QMA (given multiple copies of the witness), - Succinct non-interactive arguments for BQP (or QMA) in the quantum random oracle model, and - Succinct batch arguments for BQP (or QMA) assuming post-quantum LWE (without iO).
Antonio Faonio, Luigi Russo
Hans Heum, Martijn Stam
Cecilia Boschini, Ivan Damgård, Claudio Orlandi
We answer positively by showing that it is possible to limit corrupted users to communicate only through insecure subliminal channels, under the necessary assumption that parties do not have pre-shared randomness. Moreover, we show that the bandwidth of such channels can be limited to be O(log(n)) by adding public ciphertext verifiability to the scheme under computational assumptions. In particular, we rely on a new security definition for obfuscation, Game Specific Obfuscation (GSO), which is a weaker definition than VBB, as it only requires the obfuscator to obfuscate programs in a specific family of programs, and limited to a fixed security game.
Thomas Groß
Ruize Wang, Kalle Ngo, Elena Dubrova
Chaya Ganesh, Hamidreza Khoshakhlagh, Roberto Parisella
Rabiah Alnashwan, Prosanta Gope, Benjamin Dowling
27 June 2022
Barbara Gigerl, Robert Primas, Stefan Mangard
In this work, we demonstrate the first formal verification approach for (any-order) Boolean and arithmetic masking which can be applied to both hardware and software, while considering side-effects such as glitches and transitions. First, we show how a formal verification approach for Boolean masking can be used in the context of arithmetic masking such that we can verify A2B/B2A conversions for arbitrary masking orders. We investigate various conversion algorithms in hardware and software, and point out several new findings such as glitch-based issues for straightforward implementations of [CGV14]-A2B in hardware, transition-based leakage in Goubin-A2B in software, and more general implementation pitfalls when utilizing common optimization techniques in PQC. We provide the first formal analysis of table-based A2Bs from a probing security perspective and point out that they might not be easy to implement securely on processors that use of memory buffers or caches.
Alexandros Bakas, Eugene Frimpong, Antonis Michalas
- Masayuki Abe, for influential contributions to practical cryptosystems, and for exemplary service to the IACR and the Asia-Pacific cryptography community.
- Christian Cachin, for far-reaching contributions in the fields of cryptography and distributed systems, and for outstanding service to the IACR.
- Claude Carlet, for fundamental contributions to the design and analysis of Boolean functions for cryptographic applications, and for sustained educational leadership.
- Benny Pinkas, for impactful research in the theory and practice of secure multi-party computation, sustained educational leadership, and service to the IACR.
- Yael Tauman Kalai, for foundational contributions in delegated computation and leakage-resilient cryptography, and service to the cryptographic community.
Antonio Sanso
Benoît Cogliati, Jérémy Jean, Thomas Peyrin, Yannick Seurin
First, we investigate the mu security of several TBC-based variants of the counter encryption mode (including CTRT, the encryption mode used within SCT-II) that differ by the way a nonce, a random value, and a counter are combined as tweak and plaintext inputs to the TBC to produce the keystream blocks that will mask the plaintext blocks. Then, we consider the authentication part of SCT-II and study the mu security of the nonce-based MAC Nonce-as-Tweak (NaT) built from a TBC and an almost universal (AU) hash function. We also observe that the standard construction of an AU hash function from a (T)BC can be proven secure under the assumption that the underlying TBC is unpredictable rather than pseudorandom, allowing much better conjectures on the concrete AU advantage. This allows us to derive the mu security of the family of nAE modes obtained by combining these encryption/MAC building blocks through the NSIV composition method.
Some of these modes require an underlying TBC with a larger tweak length than what is usually available for existing ones. We then show the practicality of our modes by instantiating them with two new TBC constructions, Deoxys-TBC-512 and Deoxys-TBC-640, which can be seen as natural extensions of the Deoxys-TBC family to larger tweak input sizes. Designing such TBCs with unusually large tweaks is prone to pitfalls: Indeed, we show that a large-tweak proposal for SKINNY published at EUROCRYPT 2020 presents an inherent construction flaw. We therefore provide a sound design strategy to construct large-tweak TBCs within the Superposition Tweakey (STK) framework, leading to new Deoxys-TBC and SKINNY variants. We provide software benchmarks indicating that while ensuring a very high security level, the performances of our proposals remain very competitive.
Jian Guo, Ling Song, Haoyang Wang
Yong-Jin Kim, Dok-Jun An, Kum-Sok Sin, Son-Gyong Kim
Martin R. Albrecht, Jianwei Li
Justin Holmgren, Minghao Liu, LaKyah Tyner, Daniel Wichs
The notion of (R)PPH was introduced by Boyle, LaVigne and Vaikuntanathan (ITCS '19), and further studied by Fleischhacker, Simkin (Eurocrypt '21) and Fleischhacker, Larsen, Simkin (Eurocrypt '22). In this work, we obtain improved constructions that are conceptually simpler, have nearly optimal parameters, and rely on more general assumptions than prior works. Our results are:
* We construct information-theoretic non-robust PPH for Hamming distance via syndrome list-decoding of linear error-correcting codes. We provide a lower bound showing that this construction is essentially optimal.
* We make the above construction robust with little additional overhead, by relying on homomorphic collision-resistant hash functions, which can be constructed from either the discrete-logarithm or the short-integer-solution assumptions. The resulting RPPH achieves improved compression compared to prior constructions, and is nearly optimal.
* We also show an alternate construction of RPPH for Hamming distance under the minimal assumption that standard collision-resistant hash functions exist. The compression is slightly worse than our optimized construction using homomorphic collision-resistance, but essentially matches the prior state of the art constructions from specific algebraic assumptions.
* Lastly, we study a new notion of randomized robust PPH (R2P2H) for Hamming distance, which relaxes RPPH by allowing the hashing algorithm itself to be randomized. We give an information-theoretic construction with optimal parameters.