## IACR News

Here you can see all recent updates to the IACR webpage. These updates are also available:

#### 21 November 2022

###### Jeff Burges, Oana Ciobotaru, Syed Lavasani, Alistair Stewart

ePrint Report###### Kohtaro Watanabe, Motonari Ohtsuka, Yuta Tsukie

ePrint Report###### Avijit Dutta, Jian Guo, Eik List

ePrint Report###### Scott Ames, Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam

ePrint ReportThis paper is an extended version of the paper published in CCS 2017 and features a tighter analysis, better implementation along with formal proofs. For large verification circuits, the Ligero prover remains competitive against subsequent works with respect to the prover’s running time, where our efficiency advantages become even bigger in an amortized setting, where several instances need to be proven simultaneously.

Our protocol is attractive not only for very large verification circuits but also for moderately large circuits that arise in applications. For instance, for verifying a SHA-256 preimage with $2^{-40}$ soundness error, the communication complexity is roughly 35KB.

The communication complexity of our protocol is independent of the circuit structure and depends only on the number of gates. For $2^{-40}$ soundness error, the communication becomes smaller than the circuit size for circuits containing roughly 3 million gates or more. With our refined analysis the Ligero system's proof lengths and prover's running times are better than subsequent post-quantum ZK-SNARKs for small to moderately large circuits.

###### Lawrence Roy, Jiayu Xu

ePrint Report###### Mike Graf, Ralf Küsters, Daniel Rausch

ePrint ReportUniversal composability (UC) models provide native support for modular analyses, including re-use and composition of security results. So far, accountability has mainly been modeled and analyzed in UC models for the special case of MPC protocols, with a general purpose accountability framework for UC still missing. That is, a framework that among others supports arbitrary protocols, a wide range of accountability properties, handling and mixing of accountable and non-accountable security properties, and modular analysis of accountable protocols.

To close this gap, we propose AUC, the first general purpose accountability framework for UC models, which supports all of the above, based on several new concepts. We exemplify AUC in three case studies not covered by existing works. In particular, AUC unifies existing UC accountability approaches within a single framework.

###### Lucjan Hanzlik, Julian Loss, Sri AravindaKrishnan Thyagarajan, Benedikt Wagner

ePrint ReportTo overcome these limitations, we introduce Sweep-UC (Read as Sweep Ur Coins), the first fair exchange protocol that simultaneously is efficient, minimizes scripting, and is compatible with a wide range of currencies (more than the state of the art). We build Sweep-UC from modular subprotocols and give a rigorous security analysis in the UC-framework. Many of our tools and security definitions can be used in standalone fashion and may serve as useful components for future constructions of fair exchange.

###### Seungjun Baek, Jongsung Kim

ePrint Report###### Pang Kok An, Shekh Faisal Abdul-Latip, Hazlin Abdul Rani

ePrint Report###### Chiara Marcolla, Victor Sucasas, Marc Manzano, Riccardo Bassoli, Frank H.P. Fitzek, Najwa Aaraj

ePrint Report###### Geng Wang, Wenwen Xia, Gongyu Shi, Ming Wan, Yuncong Zhang, Dawu Gu

ePrint Report###### Saikrishna Badrinarayanan, Sourav Das, Gayathri Garimella, Srinivasan Raghuraman, Peter Rindal

ePrint ReportWe present two join protocols, \ProtoUni and \ProtoDup. The first, \ProtoUni is optimized for the case where one table has a unique primary key while the second, \ProtoDup is for the more general setting where both tables contain duplicate keys. Both protocols require $O(n \log n)$ time and $O(\log n)$ rounds to join two tables of size $n$. Our framework for computing joins requires an efficient sorting protocol and generic secure computation for circuits. We concretely instantiate our protocols in the honest majority three-party setting.

Our join protocols are built around an efficient method to compute structured aggregations over a secret shared input vector $\V\in \mathbb{D}^n$. If the parties have another secret-shared vector of control bits $\B \in \{0, 1\}^n$ to partition $\V$ into sub-vectors (that semantically relates to the join operations). A structured aggregation computes a secret shared vector $\V'\in \mathbb{D}^n$ where every sub-vector $(\V_b,...,\V_e)$ (defined by the control bits) is aggregated as $\V_i'=\V_b\op...\op \V_i$ for $i\in \{b,...,e\}$ according to some user-defined operator $\op$. Critically, the $b,e$ indices that partition the vector are secret. It's trivial to compute aggregations by sequentially processing the input vector and control bits. This would require $O(n)$ rounds and would be very slow due to network latency.

We introduce Aggregation Trees as a general technique to compute aggregations in $O(\log n)$ rounds. For our purpose of computing joins, we instantiate $\op \in$ \textsf{\{copy previous value, add\}}, but we believe that this technique is quite powerful and can find applications in other useful settings.

###### Jiaxin Guan, Alexis Korb, Amit Sahai

ePrint ReportIn this work, we introduce the notion of sFE and show how to construct it from FE. In particular, we show how to achieve a secure sFE scheme for $\mathsf{P/Poly}$ from a compact, secure FE scheme for $\mathsf{P/Poly}$, where our security notion for sFE is similar to standard FE security except that we require all function queries to be made before the challenge ciphertext query. Furthermore, by combining our result with the FE construction of Jain, Lin, and Sahai (STOC, 2022), we show how to achieve a secure sFE scheme for $\mathsf{P/Poly}$ from the polynomial hardness of well-studied assumptions.

###### Mirza Ahad Baig, Suvradip Chakraborty, Stefan Dziembowski, Małgorzata Gałązka, Tomasz Lizurej, Krzysztof Pietrzak

ePrint ReportOur technical contribution is a compiler that transforms any circuit $C$ into a testable circuit $(\widehat{C}, \widehat{T})$ for which we can detect arbitrary tampering with all wires in $\widehat{C}$. The notion of a testable circuit is weaker or incomparable to existing notions of tamper-resilience, which aim to detect or even correct for errors introduced by tampering during every query, but our new notion is interesting in several settings, and we achieve security against much more general tampering classes -- like tampering with all wires -- with very modest overhead.

Concretely, starting from a circuit $C$ of size $n$ and depth $d$, for any $L$ (think of $L$ as a small constant, say $L=4$), we get a testable $(\widehat{C}, \widehat{T})$ where $\widehat{C}$ is of size $\approx 12n$ and depth $d+\log(n)+L\cdot n^{1/L}$. The test set $\widehat{T}$ is of size $4\cdot 2^L$. The number of extra input and output wires (i.e., pins) we need to add for the testing is $3+L$ and $2^L$, respectively.

###### Markus Dichtl

ePrint Report###### Nicolas Aragon, Victor Dyseryn, Philippe Gaborit, Pierre Loidreau, Julian Renner, Antonia Wachter-Zeh

ePrint ReportOur scheme is designed without using ideal structures. Considering cryptosystems without such an ideal structure, like the FrodoKEM cryptosystem, is important since structure allows to compress objects, but gives reductions to specific problems whose security may potentially be weaker than for unstructured problems. For 128 bits of security, we propose parameters with a public key size of 4,6KB and a ciphertext size of 1,1KB. To the best of our knowledge, our scheme is the smallest among all existing unstructured post-quantum lattice or code-based algorithms, when taking into account the sum of the public key size and the ciphertext size. In that sense, our scheme is for instance about 4 times shorter than FrodoKEM.

Our system relies on the hardness of the Rank Support Learning problem, a well-known variant of the Rank Syndrome Decoding problem, and on the problem of indistinguishability of distorted Gabidulin codes, i.e. Gabidulin codes multiplied by an homogeneous matrix of given rank. The latter problem was introduced by Loidreau in his paper.

#### 20 November 2022

###### Melbourne, Australia, 10 July - 14 July 2023

Event CalendarSubmission deadline: 26 January 2023

Notification: 10 April 2023

###### Xi'an Jiaotong-Liverpool University; Suzhou. China

Job PostingBlockchain Research Labs at Xi'an Jiaotong-Liverpool University is seeking two Ph.D. students to carry out research in funded projects on ** cryptography, blockchain applications, or privacy computing. **

Interested candidates will kindly include their full CV and transcripts in their applications and send to Dr. Jie Zhang Jie.Zhang01@xjtlu.edu.cn. **The deadline for applications is January 31st, 2023.** We encourage early applications and the review of applications will begin immediately. Only shortlisted applications will be notified.

**Closing date for applications:**

**Contact:** Jie.Zhang01@xjtlu.edu.cn

###### Microsoft Research, Redmond, USA

Job PostingAn internship position is available at the MSR Security and Cryptography group in Microsoft (https://careers.microsoft.com/us/en/job/1492332/Research-Intern-Security-and-Cryptography).

We are looking for a student with expertise in hardware design and side-channel analysis, and focus on lattice-based cryptography.

**Closing date for applications:**

**Contact:** Interested candidates should submit their applications through the link available at: https://careers.microsoft.com/us/en/job/1492332/Research-Intern-Security-and-Cryptography

###### Silence Laboratories, Singapore

Job Posting**Scope:**Responsible for driving ongoing developments, and designing our flagship authentication libraries to integrate with leading businesses.

- At least 3 years of experience in Rust
- Interest in security and cryptography
- Comfortable leading the team and taking ownership of the product
- A habit to write clean, well-documented code
- Ability to express yourself fluently in English, spoken and written.

Location: Remote

Contract: Full time

Visa Sponsorship: N/A

**Who are we?**Silence Laboratories is a cybersecurity company. We focus on the fusion of cryptography, sensing and design to support a seamless authentication experience. Silence Laboratories (SL) is on a mission to provide business-friendly solutions for distributed digital signing and authentication. We do that through a unique fusion of multi-party computation (MPC) based cryptographic algorithms with threshold signature schemes (TSS) and intelligent multi-modal signal processing. We aim to solve fundamental authentication and account recovery challenges faced by our B2B customers. Our libraries provide businesses with an easy-to-use, proof-based authentication ecosystem. Silence Laboratories is a cybersecurity company. We focus on the fusion of cryptography, sensing and design to support a seamless authentication experience. Silence Laboratories (SL) is on a mission to provide business-friendly solutions for distributed digital signing and authentication. We do that through a unique fusion of multi-party computation (MPC) based cryptographic algorithms with threshold signature schemes (TSS) and intelligent multi-modal signal processing. We aim to solve fundamental authentication and account recovery challenges faced by our B2B customers.

**Your Role:**Please connect at jay.prakash@silencelaboratories.com or dm at Telegram: @jayece09

**Closing date for applications:**

**Contact:** Jay Prakash