IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
07 July 2022
Christoph Hagen, Christian Weinert, Christoph Sendner, Alexandra Dmitrienko, Thomas Schneider
ePrint ReportOur study of three popular messengers (WhatsApp, Signal, and Telegram) shows that large-scale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we queried 10% of US mobile phone numbers for WhatsApp and 100% for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service. We present interesting (cross-messenger) usage statistics, which also reveal that very few users change the default privacy settings.
Furthermore, we demonstrate that currently deployed hashing-based contact discovery protocols are severely broken by comparing three methods for efficient hash reversal. Most notably, we show that with the password cracking tool "JTR" we can iterate through the entire world-wide mobile phone number space in <150s on a consumer-grade GPU. We also propose a significantly improved rainbow table construction for non-uniformly distributed input domains that is of independent interest.
Regarding mitigations, we most notably propose two novel rate-limiting schemes: our incremental contact discovery for services without server-side contact storage strictly improves over Signal's current approach while being compatible with private set intersection, whereas our differential scheme allows even stricter rate limits at the overhead for service providers to store a small constant-size state that does not reveal any contact information.
Shanxiang Lyu, Ling Liu, Junzuo Lai, Cong Ling, Hao Chen
ePrint Report06 July 2022
(Old) Ottawa, Canada, 12 December - 14 December 2022
Event CalendarSubmission deadline: 23 August 2022
Notification: 28 October 2022
Technology Innovation Institute (TII) - Abu Dhabi, UAE
Job PostingTechnology Innovation Institute (TII) is a publicly funded research institute, based in Abu Dhabi, United Arab Emirates. It is home to a diverse community of leading scientists, engineers, mathematicians, and researchers from across the globe, transforming problems and roadblocks into pioneering research and technology prototypes that help move society ahead.
Cryptography Research Centre
In our connected digital world, secure and reliable cryptography is the foundation of digital information security and data integrity. We address the world’s most pressing cryptographic questions. Our work covers post-quantum cryptography, lightweight cryptography, cloud encryption schemes, secure protocols, quantum cryptographic technologies and cryptanalysis.
Position: Senior MPC Researcher
Skills required for the job
Closing date for applications:
Contact: Mehdi Messaoudi - Talent Acquisition Manager
Email: mehdi.messaoudi@tii.ae
University of Edinburgh
Job PostingClosing date for applications:
Contact: Markulf Kohlweiss (markulf.kohlweiss@ed.ac.uk)
04 July 2022
Clément Hoffmann, Benoît Libert, Charles Momin, Thomas Peters, François-Xavier Standaert
ePrint ReportAkash Madhusudan, Mahdi Sedaghat, Philipp Jovanovic, Bart Preneel
ePrint ReportIn this paper, we propose Nirvana, that can be combined with existing cryptocurrencies to provide instant, anonymous and unlinkable payment guarantees. Nirvana does not require any trusted third party. It conceals the identities of honest participants, thus ensuring customer anonymity within the system while only relying on efficient Groth-Sahai proof systems. We introduce a novel randomness-reusable threshold encryption that mitigates double-spending by revealing the identities of malicious users. We formally prove how our scheme provides customer anonymity, unlinkability of transactions and payment guarantees to merchants. Our experiments demonstrate that Nirvana allows for fast (zero-confirmation) global payments in a retail setting with a delay of less than $1.7$ seconds.
Shashank Agrawal
ePrint ReportPlot generation and farming involve the use of secret information, which makes plot transfer a non-trivial task in Chia. In this short note, we propose a way to transfer Chia plots in a secure manner with the help of zero-knowledge proofs.
Jesse Elliott, Aaron Hutchinson
ePrint ReportAlex Lombardi, Ethan Mook, Willy Quach, Daniel Wichs
ePrint ReportConcretely, our work provides (contrived) constructions of pseudorandom functions, CPA-secure symmetric-key encryption, message-authentication codes, signatures, and CCA-secure public-key encryption schemes, all of which are proven to be classically secure under LWE via black-box reductions, but demonstrably fail to be post-quantum secure. All of these cryptosystems are stateless and non-interactive, but their security is defined via an interactive game that allows the attacker to make oracle queries to the cryptosystem. The polynomial-time quantum attacker can break these schemes by only making a few classical queries to the cryptosystem, and in some cases, a single query suffices.
Previously, we only had examples of post-quantum insecurity under post-quantum assumptions for stateful/interactive protocols. Moreover, there appears to be a folklore belief that for stateless/non-interactive cryptosystems with black-box proofs of security, a quantum attack against the scheme should translate into a quantum attack on the assumption. This work shows otherwise. Our main technique is to carefully embed interactive protocols inside the interactive security games of the above primitives.
As a result of independent interest, we also show a 3-round quantum disclosure of secrets (QDS) protocol between a classical sender and a receiver, where a quantum receiver learns a secret message in the third round but, assuming LWE, a classical receiver does not.
Huimin Li, Nele Mentens, Stjepan Picek
ePrint ReportDiego F. Aranha, Felix Engelmann, Sebastian Kolby, Sophia Yakoubov
ePrint ReportAmit Agarwal, Stanislav Peceny, Mariana Raykova, Phillipp Schoppmann, Karn Seth
ePrint ReportAli Asghar Beigizad, Hadi Soleimany, Sara Zarei
ePrint ReportIn this paper we introduce a new fault analysis technique called ``linked fault analysis''(LFA) which can be interpreted as a more powerful variation of several well-known fault attacks against implementations of symmetric primitives in various scenarios particularly in software implementations. While in a traditional fault attack, the fault model is defined based on the relation between the correct value and the defective one produced by fault injection, the LFA leverages a model in which the fault involves more than one intermediate value, the target variable $X$, and a second variable $Y$. We demonstrate that LFA allows the attacker to perform fault attacks with significantly less data (relative to previously presented fault attacks in the same class) and without the input control need.
03 July 2022
Tokyo, Japan, 27 March - 29 March 2023
Real World CryptoSubmission deadline: 9 September 2022
Notification: 16 January 2023