## IACR News

Updates on the COVID-19 situation are on the Announcement channel.

Here you can see all recent updates to the IACR webpage. These updates are also available:

#### 03 August 2022

###### Manuel Hauke, Lukas Lamster, Reinhard Lüftenegger, Christian Rechberger
ePrint Report
Gröbner bases are an important tool in computational algebra and, especially in cryptography, often serve as a boilerplate for solving systems of polynomial equations. Research regarding (efficient) algorithms for computing Gröbner bases spans a large body of dedicated work that stretches over the last six decades. The pioneering work of Bruno Buchberger in 1965 can be considered as the blueprint for all subsequent Gröbner basis algorithms to date. Among the most efficient algorithms in this line of work are signature-based Gröbner basis algorithms, with the first of its kind published in the late 1990s by Jean-Charles Faugère under the name $\texttt{F5}$. In addition to signature-based approaches, Rusydi Makarim and Marc Stevens investigated a different direction to efficiently compute Gröbner bases, which they published in 2017 with their algorithm $\texttt{M4GB}$. The ideas behind $\texttt{M4GB}$ and signature-based approaches are conceptually orthogonal to each other because each approach addresses a different source of inefficiency in Buchberger's initial algorithm by different means.

We amalgamate those orthogonal ideas and devise a new Gröbner basis algorithm, called $\texttt{M5GB}$, that combines the concepts of both worlds. In that capacity, $\texttt{M5GB}$ merges strong signature-criteria to eliminate redundant S-pairs with concepts for fast polynomial reductions borrowed from $\texttt{M4GB}$. We provide proofs of termination and correctness and a proof-of-concept implementation in C++ by means of the Mathic library. The comparison with a state-of-the-art signature-based Gröbner basis algorithm (implemented via the same library) validates our expectations of an overall faster runtime for quadratic overdefined polynomial systems that have been used in comparisons before in the literature and are also part of cryptanalytic challenges.
###### Shuping Mao, Tingting Guo, Peng Wang, Lei Hu
ePrint Report
Aaram Yun et al. considered that Lai-Massey structure has the same security as Feistel structure. However, Luo et al. showed that 3-round Lai-Massey structure can resist quantum attacks of Simon's algorithm, which is different from Feistel structure. We give quantum attacks against a typical Lai-Massey structure. The result shows that there exists a quantum CPA distinguisher against 3-round Lai-Massey structure and a quantum CCA distinguisher against 4-round Lai-Massey Structure, which is the same as Feistel structure. We extend the attack on Lai-Massey structure to quasi-Feistel structure. We show that if the combiner of quasi-Feistel structure is linear, there exists a quantum CPA distinguisher against 3-round balanced quasi-Feistel structure and a quantum CCA distinguisher against 4-round balanced quasi-Feistel Structure.
###### Roy Rinberg, Nilaksh Agarwal
ePrint Report
Blockchain technologies rely on a public ledger, where typically all transactions are pseudoanonymous and fully traceable. This poses a major flaw in its large scale adoption of cryptocurrencies, the primary application of blockchain technologies, as most individuals do not want to disclose their finances to the pub- lic. Motivated by the explosive growth in private-Blockchain research, this Statement-of-Knowledge (SOK) explores the ways to obtain privacy in this public ledger ecosystem. The authors first look at the underly- ing technology underling all zero-knowledge applications on the blockchain: zk-SNARKs (zero-knowledge Succinct Non-interactive ARguments of Knowledge). We then explore the two largest privacy coins as of today, ZCash and Monero, as well as TornadoCash, a popular Ethereum Tumbler solution. Finally, we look at the opposing incentives behind privacy solutions and de-anonymization techniques, and the future of privacy on the blockchain.
###### Nidish Vashistha, Md Latifur Rahman, Md Saad Ul Haque, Azim Uddin, Md Sami Ul Islam Sami, Amit Mazumder Shuo, Paul Calzada, Farimah Farahmandi, Navid Asadizanjani, Fahim Rahman, Mark Tehranipoor
ePrint Report
The semiconductor industry is entering a new age in which device scaling and cost reduction will no longer follow the decades-long pattern. Packing more transistors on a monolithic IC at each node becomes more difficult and expensive. Companies in the semiconductor industry are increasingly seeking technological solutions to close the gap and enhance cost-performance while providing more functionality through integration. Putting all of the operations on a single chip (known as a system on a chip, or SoC) presents several issues, including increased prices and greater design complexity. Heterogeneous integration (HI), which uses advanced packaging technology to merge components that might be designed and manufactured independently using the best process technology, is an attractive alternative. However, although the industry is motivated to move towards HI, many design and security challenges must be addressed. This paper presents a three-tier security approach for secure heterogeneous integration by investigating supply chain security risks, threats, and vulnerabilities at the chiplet, interposer, and system-in-package levels. Furthermore, various possible trust validation methods and attack mitigation were proposed for every level of heterogeneous integration. Finally, we shared our vision as a roadmap toward developing security solutions for a secure heterogeneous integration.
###### Qian Guo, Erik Mårtensson
ePrint Report
Misuse resilience is an important security criterion in the evaluation of the NIST Post-quantum cryptography standardization process. In this paper, we propose new key mismatch attacks against Kyber and Saber, NIST's selected scheme for encryption and one of the finalists in the third round of the NIST competition, respectively. Our novel idea is to recover partial information of multiple secret entries in each mismatch oracle call. These multi-positional attacks greatly reduce the expected number of oracle calls needed to fully recover the secret key. They also have significance in side-channel analysis. From the perspective of lower bounds, our new attacks falsify the Huffman bounds proposed in [Qin et al. ASIACRYPT 2021], where a one- positional mismatch adversary is assumed. Our new attacks can be bounded by the Shannon lower bounds, i.e., the entropy of the distribution generating each secret coefficient times the number of secret entries. We call the new attacks "near-optimal" since their query complexities are close to the Shannon lower bounds.
###### Shai Halevi, Eyal Kushilevitz
ePrint Report
We study the notion of Random-index ORAM (RORAM), which is a weak form of ORAM where the Client is limited to asking for (and possibly modifying) random elements of the $N$-items memory, rather than specific ones. That is, whenever the client issues a request, it gets in return a pair $(r,x_r)$ where $r\in_R[N]$ is a random index and $x_r$ is the content of the $r$-th memory item. Then, the client can also modify the content to some new value $x'_r$.

We first argue that the limited functionality of RORAM still suffices for certain applications. These include various applications of sampling (or sub-sampling), and in particular the very-large-scale MPC application in the setting of~ Benhamouda et al. (TCC 2020). Clearly, RORAM can be implemented using any ORAM scheme (by the Client selecting the random $r$'s by himself), but the hope is that the limited functionality of RORAM can make it faster and easier to implement than ORAM. Indeed, our main contributions are several RORAM schemes (both of the hierarchical-type and the tree-type) of lighter complexity than that of ORAM.
ePrint Report
###### Chenyu Wang, Ding Wang, Yihe Duan, Xiaofeng Tao
ePrint Report
The cloud-aided Internet of Things (IoT) overcomes the resource-constrained nature of the traditional IoT and develops rapidly in such fields as smart grid and intelligent transportation. In a cloud-aided IoT system, users can remotely control the IoT devices or send specific instructions to them. When the user's identity is not verified and an adversary delivers malicious instructions to IoT devices, the system's security may be compromised. Besides, the real-time data stored in IoT devices can also be exposed to illegal users, causing security issues. Thus, the authentication mechanism is indispensable. Furthermore, with the exponential growth of interconnected devices, a gateway may connect to mass IoT devices. The efficiency of authentication schemes is easily affected by the computation power of the gateway. Although recent research has proposed many user authentication schemes for IoT, only a dozen schemes are designed for cloud-aided IoT. Therefore, we take a typical scheme (presented at IEEE TDSC 2020) as an example to capture user authentication schemes' common weaknesses and design challenges for cloud-aided IoT. Then, we propose a new secure user authentication scheme for cloud-aided IoT with lightweight computation on gateways. The proposed scheme provides secure access between the remote user and IoT devices with many ideal attributions, such as forward secrecy and multi-factor security. Meanwhile, the security of this scheme is proved under the random oracle model, heuristic analysis, the ProVerif tool and BAN logic. Finally, we compare the proposed scheme with eleven state-of-the-art schemes in security and performance. The results show that the proposed scheme achieves all listed twelve security requirements with minimum computation and storage costs on gateways.
###### Fuchun Lin
ePrint Report
We study a tamper-tolerant implementation security notion for general purpose Multi-Party Computation (MPC) protocols, as an analogue of the leakage-tolerant notion in the MPC literature. An MPC protocol is tamper-tolerant, or more specifically, non-malleable (with respect to a certain type of tampering) if the processing of the protocol under corruption of parties (and tampering of some ideal resource assumed by the protocol) can be simulated by an ideal world adversary who, after the trusted party spit out the output, further decides how the output for honest parties should be tampered with. Intuitively, we relax the correctness of secure computation in a privacy-preserving way, decoupling the two entangled properties that define secure computation. The rationale behind this relaxation is that even the strongest notion of correctness in MPC allows corrupt parties to substitute wrong inputs to the trusted party and the output is incorrect anyway, maybe the importance of insisting on that the adversary does not further tamper with the incorrect output is overrated, at least for some applications. Various weak privacy notions against malicious adversary play an important role in the study of two-party computation, where full security is hard to achieve efficiently.

We begin with the honest majority setting, where efficient constructions for general purpose MPC protocols with full security are well understood assuming secure point-to-point channels. We then focus on non-malleability with respect to tampered secure point-to-point channels. (1) We show achievability of non-malleable MPC against the bounded state tampering adversary in the joint tampering model through a naive compiler approach, exploiting a known construction of interactive non-malleable codes. The construction is currently not efficient and should be understood as showing feasibility in a rather strong tampering model. (2) We show efficient constructions of non-malleable MPC protocols against weaker variants of bounded state tampering adversary in the independent tampering model, where the protocol obtained have the same asymptotic communication complexity as best MPC protocols against honest-but-curious adversary. These are all information-theoretic results and are to be contrasted against impossibility of secure MPC when secure point-to-point channels are compromised.

Though general non-malleable MPC in no honest majority setting is beyond the scope of this work, we discuss interesting applications of honest majority non-malleable MPC in the celebrated MPC-in-the-head paradigm. Other than an abstract result concerning non-malleability, we also derive, in standard model where there is no tampering, that strong (ideal/real world) privacy against malicious adversary can be achieved in a conceptually very simple way.
###### Runsong Wang, Xuelian Li, Juntao Gao, Hui Li, Baocang Wang
ePrint Report
In this paper, we aim to present a quantum setting oriented preimage attack against 4-round Keccak-224. An important technique we called the allocating rotational cryptanalysis takes the preimage attack into the situation of 2-block preimage recovery. With the conditions on the middle state proposed by Li et al., we use the generic quantum preimage attack to deal with the finding of first preimage block. By using the newly explored propagation of rotational relations, we significantly increase the number of eigenpoints at the end of 4-round modified Keccak-f from 0 to 32, and therefore improving the accuracy of determining the rotational number for a certain rotational counterpart in the quantum setting by more than 10 orders of magnitude. On the basis of the above, we design an efficient unitary oracle operator with only twice calling of the 4-round modified Keccak-f, which costs half of previous results, to mark a rotational counterpart of the second preimage block in order that the second preimage block can be found indirectly from a quickly generated specified search space. As a result on the 4-round Keccak-224: In the classical setting, the preimage attack with the complexity decreased to 2^218 is better than the result based on the pioneered rotational cryptanalysis. In the quantum setting, the amplitude amplification driven preimage attack with a complexity of 2^110 is by far the best dedicated quantum preimage attack. Additionally, the SKW algorithm is applied to the dedicated quantum preimage attack against the 4-round Keccak-224 for the first time, which is exponentially easier to implement in quantum circuit than the former, with a complexity of 2^111.
###### Vanishree Rao
ePrint Report
Non-fungible tokens (NFTs) are a blockchain application that has recently witnessed significant success. However, NFT marketplaces are majorly built on popular blockchain platforms that do not provide privacy tools. As a result, NFTs are easily visible to everyone. This has naturally given rise to various issues, including stolen/duplicate NFTs and attacks like shill trading. Furthermore, this architecture fails to reflect the real-life privacy notion as it digitizes unique physical goods. In this project, we build Paras - a blockchain-agnostic protocol that offers privacy to NFTs. Specifically, one may hide the real NFTs and only display a reference to them on marketplaces, hide seller and bidder identities, hide bid values and user wallet balances.

Paras is based on cryptographic primitives, such as, threshold encryption and robust secret sharing. It does not rely on any trusted execution environments for security, unlike some existing protocols in this direction.
###### University of Wollongong, Australia
Job Posting
The School of Computing and Information Technology (SCIT) is one of six Schools within the Faculty of Engineering and Information Sciences at the University of Wollongong. The SCIT aims to be a world class Research School, and this position is expected to contribute towards this aim. The Senior Lecturer/Lecturer, Cryptography will provide development, teaching and research within the Bachelor of Computer Science (majoring Cybersecurity and Digital Systems Security). The candidate is expected to be research active in the area of cryptography and other relevant topics, and be equipped with sufficient experience for teaching undergraduate and postgraduate studies. The successful candidate will have a national reputation in cryptography and/or cyber security research, innovative teaching experience, an established research profile and a demonstrable commitment to positive change. The candidate should demonstrate research excellence and potential to become an effective teacher in the area of Computer Science and Information Technology. As women are underrepresented in this area, women are strongly encouraged for these positions. You will be prompted to respond to a selection criteria questionnaire as part of the application process.

Closing date for applications:

Contact: Prof Willy Susilo

###### Okinawa Institute of Science and Technology Graduate University
Job Posting
As a FHE Researcher, you will:

• Conduct research on state-of-the-art FHE schemes.
• Conduct Research on new Verifiable Computation (VC) schemes applied to FHE
• Design and implementation of new FHE and VC schemes.

Skills required for the job

• Knowledge of fully homomorphic encryption
• Deep understanding of lattice-based cryptography
• Knowledge on Verifiable Computation schemes is advisable
• Experience in C desired, C++, Rust or Go relevant as well
• Familiarity with hardware languages is a plus
• Solid engineering practices and processes, such as development and testing methodology and documentation
• Quick learner, geared towards implementation
• Eager to develop new skills and willing to take ownership of projects
Qualifications:

Ph.D. degree in Cryptography, Applied Cryptography, Cybersecurity, Mathematics, Computer Science or Engineering

Closing date for applications:

Contact: Dr. Najwa Aaraj, naaraj@alumni.princeton.edu

###### Okinawa Institute of Science and Technology Graduate University
Job Posting
As a MPC Researcher, you will:

• Conduct research on state-of-the-art secure Multi Party Computation.
• Work on MPC building blocks such as,
• Secret Sharing schemes
• FHE
• Garbled Circuits
• Design and implementation of building blocks to utilize privacy-preserving cryptographic techniques to cloud computing and machine learning applications.

Skills required for the job

• Knowledge on secure Multi Party Computation.
• Knowledge in some of the following is valuable:
• Secret Sharing schemes
• Garbled Circuits
• FHE schemes
• Zero-Knowledge proofs
• Experience in C desired, C++, Rust and Python relevant as well.
• Solid engineering practices and processes, such as development and testing methodology and documentation.
• Quick learner, geared towards implementation. Eager to develop new skills and willing to take ownership of projects.
• Knowledge on machine learning would be valuable.
Qualifications:

Ph.D. degree in Cryptography, Applied Cryptography, Cybersecurity, Mathematics or Computer Science or Engineering

Closing date for applications:

Contact: Dr. Najwa Aaraj, naaraj@alumni.princeton.edu

###### Okinawa Institute of Science and Technology Graduate University
Job Posting
As a Post-Quantum Protocol expert, you will
• Work on security protocols based on post-quantum primitives such as Public Key Encryption, Key Encapsulation Mechanism, Key Exchange, and Digital Signatures schemes
• Analyze existing and propose new protocol designs, with special focus on post-quantum IPSec, VPNs, SSL, TLS, etc.
• Focus on protocols for lightweight environment
• Test and benchmark optimized and secure implementations of different protocols and study the impact on real life applications
• Investigate security properties and performance-security trade-offs
• Conduct research on new and/or state-of-the-art attacks
• Design and implementation of hybrid (post quantum – classical) solutions
Skills required for the job
• Knowledge on cryptography and cybersecurity, in particular a solid background in network security, especially protocol design and evaluation
• Excellent with C, C++, Python, (JAVA and Rust will be valuable as well)
• Hard and organized worker, quick learner, geared towards implementation. Eager to develop new skills and willing to take ownership of projects
Qualifications
• Ph.D. degree in Cryptography, Applied Cryptography, Cybersecurity, Mathematics or Computer Science or Engineering

Closing date for applications:

Contact: Najwa Aaraj, naaraj@alumni.Princeton.edu

###### Okinawa Institute of Science and Technology Graduate University
Job Posting

As a Post-Quantum Cryptography expert, you will

• Work on all aspects of post-quantum primitives such as Public Key Encryption, Key Encapsulation Mechanism, Key Exchange, and Digital Signatures schemes
• Analyze existing designs
• Propose new designs
• Work on optimized and secure implementations in software and/or hardware platforms
• Investigate security properties and performance-security trade-offs
• Study the impact on lightweight environment
• Conduct research on new and/or state-of-the-art attacks
• Participate to the review and evaluation of post-quantum schemes that are under NIST scrutiny for standardization
• Design and implementation of hybrid (post-quantum – classical) solutions
• Contribute to the development of cryptographic libraries and security frameworks

Skills required for the job

• Knowledge on cryptography and cybersecurity, in particular at least one among
• Solid mathematical background on either lattices, codes, or multivariate systems
• Solid programming skills either in software or hardware
• Solid background in network security, especially protocol design and evaluation
• Excellent with C, C++, Python, (JAVA and Rust will be valuable as well)
• Hard and organized worker, quick learner, geared towards implementation. Eager to develop new skills and willing to take ownership of projects

Qualifications

• Ph.D. degree in Cryptography, Applied Cryptography, Cybersecurity, Mathematics or Computer Science or Engineering

Closing date for applications:

Contact: Najwa Aaraj, naaraj@alumni.princeton.edu

#### 01 August 2022

###### Sachendi, India, 16 December - 18 December 2022
Event Calendar
Event date: 16 December to 18 December 2022
###### Beijing, China, 11 December - 13 December 2022
Event Calendar
Event date: 11 December to 13 December 2022