IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
27 November 2022
National University of Singapore, Singapore
Job PostingClosing date for applications:
Contact: prashant@comp.nus.edu.sg
More information: https://www.comp.nus.edu.sg/~prashant/ads.html
University of Surrey, UK
Job PostingWe’re looking for two PhD students in one the following research directions (but not limited to): e-voting, applied cryptography, postquantum cryptography, provable security, privacy-preserving technologies, and formal verification. The PhD will be under the supervision of Dr. Catalin Dragan. International candidates are welcomed to apply. Final Year BSc students can apply.
Position 1: Department of Computer Science Studentship. The application deadline is 6th January 2023, with a start date of October 2023. Applications are made via CS application page https://www.surrey.ac.uk/postgraduate/computer-science-phd.
Position 2: University of Surrey’s Breaking Barriers Studentship award. The application deadline is 16 December 2022, with a start date of October 2023. More information is available on https://www.surrey.ac.uk/fees-and-funding/studentships/breaking-barriers-studentship-award-2023.
The applications typically requiring CV, cover letter, transcripts, and references. However, we strongly encourage candidates to contact Catalin for an informal chat before applying (there is no need to submit any documents for this). The PhD studentships comes with a stipend of £17.5K – £19K per annum plus tuition fees covered for the duration of 3.5 years
Closing date for applications:
Contact: Dr. Cătălin Drăgan (c.dragan@surrey.ac.uk)
More information: https://www.surrey.ac.uk/postgraduate/computer-science-phd
Mid Sweden University
Job PostingClosing date for applications:
Contact: Professor Mikael Gidlund
More information: https://www.miun.se/en/work-at-the-university/career/jobs/vacancy/postdoc-in-trustworthy-edge-computing/
Aztec
Job PostingClosing date for applications:
Contact: travis@aztecprotocol.com
More information: https://boards.eu.greenhouse.io/aztec/jobs/4099676101
25 November 2022
Shresth Agrawal, Joachim Neu, Ertem Nusret Tas, Dionysis Zindros
ePrint ReportHuina Li, Guozhen Liu, Haochen Zhang, Kai Hu, Jian Guo, Weidong Qiu
ePrint ReportChristina Boura, Nicolas David, Patrick Derbez, Gregor Leander, María Naya-Plasencia
ePrint ReportAlexandre Augusto Giron, João Pedro Adami do Nascimento, Ricardo Custódio, Lucas Pandolfo Perin
ePrint ReportGeorge Teseleanu
ePrint ReportAayush Jain, Huijia Lin, Paul Lou, Amit Sahai
ePrint ReportIt is important to identify the simplest possible conjectures that yield post-quantum $i\mathcal{O}$ and can be understood through known cryptanalytic tools. In that spirit, and in light of the cryptanalysis of Hopkins et al., recently Devadas et al. gave an elegant construction of $i\mathcal{O}$ from a fully-specified and simple-to-state assumption along with a thorough initial cryptanalysis.
Our work gives a polynomial-time distinguisher on their "final assumption" for their scheme. Our algorithm is extremely simple to describe: Solve a carefully designed linear system arising out of the assumption. The argument of correctness of our algorithm, however, is nontrivial.
We also analyze the "T-sum" version of the same assumption described by Devadas et. al. and under a reasonable conjecture rule out the assumption for any value of $T$ that implies $i\mathcal{O}$.
Dan Boneh, Chelsea Komlo
ePrint ReportMichiel Van Beirendonck, Jan-Pieter D'Anvers, Ingrid Verbauwhede
ePrint ReportWe present FPT, a Fixed-Point FPGA accelerator for TFHE bootstrapping. FPT is the first hardware accelerator to heavily exploit the inherent noise present in FHE calculations. Instead of double or single-precision floating-point arithmetic, it implements TFHE bootstrapping entirely with approximate fixed-point arithmetic. Using an in-depth analysis of noise propagation in bootstrapping FFT computations, FPT is able to use noise-trimmed fixed-point representations that are up to 50% smaller than prior implementations using floating-point or integer FFTs.
FPT's microarchitecture is built as a streaming processor inspired by traditional streaming DSPs: it instantiates high-throughput computational stages that are directly cascaded, with simplified control logic and routing networks. We explore different throughput-balanced compositions of streaming kernels with a user-configurable streaming width in order to construct a full bootstrapping pipeline. FPT's streaming approach allows 100% utilization of arithmetic units and requires only small bootstrapping key caches, enabling an entirely compute-bound bootstrapping throughput of 1 BS / 35$\mu$s. This is in stark contrast to the established classical CPU approach to FHE bootstrapping acceleration, which tends to be heavily memory and bandwidth-constrained.
FPT is fully implemented and evaluated as a bootstrapping FPGA kernel for an Alveo U280 datacenter accelerator card. FPT achieves almost three orders of magnitude higher bootstrapping throughput than existing CPU-based implementations, and 2.5$\times$ higher throughput compared to recent ASIC emulation experiments.
Tianyu Zhaolu, Zhiguo Wan, Huaqun Wang
ePrint ReportAlexandre Belling, Azam Soleimanian
ePrint ReportSanjam Garg, Abhishek Jain, Pratyay Mukherjee, Rohit Sinha, Mingyuan Wang, Yinuo Zhang
ePrint ReportIn this work, we consider {\em weighted} cryptosystems where every party is assigned a certain weight and the trust assumption is that a certain fraction of the total weight is honest. This setting can be translated to the standard setting (where each party has a unit weight) via virtualization. However, this method is quite expensive, incurring a multiplicative overhead in the weight.
We present new weighted cryptosystems with significantly better efficiency. Specifically, our proposed schemes incur only an {\em additive} overhead in weights.
\begin{itemize} \item We first present a weighted ramp secret-sharing scheme where the size of the secret share is as short as $O(w)$ (where $w$ corresponds to the weight). In comparison, Shamir's secret sharing with virtualization requires secret shares of size $w\cdot\lambda$, where $\lambda=\log |\mathbb{F}|$ is the security parameter. \item Next, we use our weighted secret-sharing scheme to construct weighted versions of (semi-honest) secure multiparty computation (MPC), threshold encryption, and threshold signatures. All these schemes inherit the efficiency of our secret sharing scheme and incur only an additive overhead in the weights. \end{itemize}
Our weighted secret-sharing scheme is based on the Chinese remainder theorem. Interestingly, this secret-sharing scheme is {\em non-linear} and only achieves statistical privacy. These distinct features introduce several technical hurdles in applications to MPC and threshold cryptosystems. We resolve these challenges by developing several new ideas.
Charanjit S Jutla, Chengyu Lin
ePrint ReportWe now show that for any number field $\mathbb{Q}[X]/(f(X))$, for all prime integers $p$ such that the factorization of $f(X)$ modulo $p$ passes the Dedekind index theorem criterion, which is almost all $p$, we can base $p$-power RLWE in the polynomial ring $\mathbb{Z}[X]/(f(X))$ itself and its hardness on hardness of ideal lattices of this ring. This ring can potentially be a strict sub-ring of the ring of integers of the field, and hence not be a Dedekind domain. We also give natural examples, and prove that certain ideals require at least three generators, as opposed to two sufficient for Dedekind domains. Such rings also do not satisfy many other algebraic properties of Dedekind domains such as ideal invertibility. Our proof technique is novel as it builds an algebraic theory for general such rings that also include cyclotomic rings.
23 November 2022
Marcel Nageler, Felix Pallua, Maria Eichlseder
ePrint ReportIn this work, we present the first third-party analysis of Romulus-H. We propose a new framework for finding collisions in hash functions based on the Hirose DBL construction. This is in contrast to previous work that only focused on free-start collisions. Our framework is based on the idea of joint differential characteristics which capture the relationship between the two block cipher calls in the Hirose DBL construction. To identify good joint differential characteristics, we propose a combination of a MILP and CP model. Then, we use these characteristics in another CP model to find collisions. Finally, we apply this framework to Romulus-H and find practical collisions of the hash function for 10 out of 40 rounds and practical semi-free-start collisions up to 14 rounds.
Tong Cao, Xin Li
ePrint ReportIn this paper, we propose three temporary block withholding attacks to challenge Filecoin's expected consensus (EC). Specifically, we first deconstruct EC following old-fashioned methods (which have been widely developed since 2009) to analyze the advantages and disadvantages of EC's design. We then present three temporary block withholding schemes by leveraging the shortcomings of EC. We build Markov Decision Process (MDP) models for the three attacks to calculate the adversary's gains. We develop Monte Carlo simulators to mimic the mining strategies of the adversary and other miners and indicate the impacts of the three attacks on expectation. As a result, we show that our three attacks have significant impacts on Filecoin's mining fairness and transaction throughput. For instance, when honest miners who control more than half the global storage power assemble their tipsets after the default transmission cutoff time, an adversary with 1% of the global storage power is able to launch temporary block withholding attacks without a loss in revenue, which is rare in existing blockchains. Finally, we discuss the implications of our attacks and propose several countermeasures to mitigate them.