IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
26 May 2023
Fraunhofer Institute for Applied Information Technology FIT, Aachen/Sankt Augustin, Germany
Job PostingThe Fraunhofer-Gesellschaft (www.fraunhofer.com) currently operates 76 institutes and research institutions throughout Germany and is the world’s leading applied research organization. We at Fraunhofer FIT are an excellent partner for the human-centric design of our digital future. Some 350 scientists are working within interdisciplinary teams on innovative solutions for current challenges in the domains of Digital Energy, Health and Sustainability as well as Human-centered Engineering & Design, Data Science & AI, Business & Information Systems Engineering, Microsimulation, and Cooperation Systems like Blockchain.
Are you interested in research & practical projects around the topic Data Privacy and Data Spaces? Then take the chance and become part of our department Data Science and Artificial Intelligence in Aachen/Sankt Augustin in Germany!
Our research group, Data Protection and Sovereignty, is dedicated to developing cutting-edge solutions that ensure the security and privacy of sensitive data in real-world data-driven use-cases across various application domains. These include, but are not limited to, cybersecurity, data spaces, energy, supply chain, finance, and health. Data sovereignty, the ability of individuals or entities to have complete control over their data, requires advanced technologies beyond anonymization, such as homomorphic encryption (HE), secure multi-party computation (MPC), and differential privacy. As a part of this team, you will conduct research and develop secure solutions for real-world use-cases (e.g., data spaces, machine learning applications, secure data exchange, distributed systems) to enable data privacy and data sovereignty with partners from industry and research, in national and international projects.
Apply here: https://jobs.fraunhofer.de/job/Sankt-Augustin-Junior-Research-Group-LeaderPostdoc-%28mfd%29-in-the-area-of-Data-Privacy-and-Data-Sovereignty-53757/936608601/
Closing date for applications:
Contact: Dr. Avikarsha Mandal
More information: https://jobs.fraunhofer.de/job/Sankt-Augustin-Junior-Research-Group-LeaderPostdoc-%28mfd%29-in-the-area-of-Data-Privacy-and-Data-Sovereignty-53757/936608601/
Technical University of Denmark, Section for Cybersecurity Engineering
Job PostingThe goal of the PhD project is to improve the state of threshold post-quantum cryptography. You will join the growing cryptography team at DTU and be able to work with researchers in- and outside of the Copenhagen region and Denmark.
Closing date for applications:
Contact: Carsten Baum
More information: https://efzu.fa.em2.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1/job/1763/?utm_medium=jobshare
OpenZeppelin
Job PostingThe security services team at OpenZeppelin is responsible for the planning, execution, and delivery of Security Audits for the world’s leading web3 organizations and protocols.
What you'll be doing:
1. Review smart contracts for the top decentralized applications before they get launched and present findings and vulnerabilities that the protocol can have to the client.
2. Team up with one or two auditors and review code line by line and try to hack it.
3. Working on proposals to make code easier to understand and use in the future by sharing good practices
4. Conduct open-ended research around cutting edge blockchain technologies
5. Paid time to conduct research and contribute to OpenZeppelin’s projects and knowledge
Benefits
1. Unlimited holidays
2. Fully remote: your way of working
3. Paid parental leave & benefits for primary or second caregiver
4. Team events: onboarding tour & company retreats in different locations around the world
5. Work from home office equipment stipend of up to $500 USD
6. Monthly allowance for wellness activities
7. Coworking: access to a coworking space of your choice
8. Learning: technical training; spoken language lessons in any language of your choice (using Italki)
Closing date for applications:
Contact: David Bessin
More information: https://www.openzeppelin.com/jobs/opening?gh_jid=4254142003
OpenZeppelin
Job PostingClosing date for applications:
Contact: David Bessin
More information: https://www.openzeppelin.com/jobs/opening?gh_jid=5612131003
CISPA Helmholtz Center for Information Security; Saarbrücken, Germany
Job PostingWouter Lueks (https://wouterlueks.nl) has fully-funded PhD and post-doc positions available in the area of privacy-enhancing technologies at CISPA Helmholtz Center for Information Security. His research group is interested in designing of end-to-end privacy-friendly systems that solve real-world problems. His research covers three broad areas to achieve this goal: (1) applied cryptography; (2) systems building for anonymity; and (3) the evaluation of privacy-friendly systems.
Applicants for a PhD position should hold a bachelor or master’s degree in Computer Science, Mathematics, or related field, and have an interest in privacy, security and/or cryptography. Post-doc applications should hold a PhD in a related field, and have an proven publication record with publications in top venues (e.g., USENIX, S&P, NDSS, or CCS) or specific privacy venues (e.g., PETS).
For more information, including instructions for how to apply, see: https://wouterlueks.nl/positions/. If you have any questions, please don’t hesitate to reach out by email. Applications will be considered on a rolling basis.
Closing date for applications:
Contact: Wouter Lueks (lueks .at. cispa .dot. de)
More information: https://wouterlueks.nl/positions/
University of Wollongong, Australia
Job PostingClosing date for applications:
Contact: Prof. Willy Susilo
25 May 2023
Carlos Aguilar-Melchor, Andreas Hülsing, David Joseph, Christian Majenz, Eyal Ronen, Dongze Yue
ePrint ReportManuel Barbosa, Andreas Hülsing
ePrint ReportNir Bitansky, Chethan Kamath, Omer Paneth, Ron Rothblum, Prashant Nalina Vasudevan
ePrint Report1. Statistical Soundness: the existence of a statistically-sound batch proof for $L$ implies that $L$ has a statistically witness indistinguishable ($SWI$) proof, with inverse polynomial $SWI$ error, and a non-uniform honest prover. The implication is unconditional for public-coin protocols and relies on one-way functions in the private-coin case.
This poses a barrier for achieving batch proofs beyond $UP$ (where witness indistinguishability is trivial). In particular, assuming that $NP$ does not have $SWI$ proofs, batch proofs for all of $NP$ do not exist. This motivates further study of the complexity class $SWI$, which, in contrast to the related class $SZK$, has been largely left unexplored.
2. Computational Soundness: the existence of batch arguments ($BARG$s) for $NP$, together with one-way functions, implies the existence of statistical zero-knowledge ($SZK$) arguments for $NP$ with roughly the same number of rounds, an inverse polynomial zero-knowledge error, and non-uniform honest prover.
Thus, constant-round interactive $BARG$s from one-way functions would yield constant-round $SZK$ arguments from one-way functions. This would be surprising as $SZK$ arguments are currently only known assuming constant-round statistically-hiding commitments (which in turn are unlikely to follow from one-way functions).
3. Non-interactive: the existence of non-interactive $BARG$s for $NP$ and one-way functions, implies non-interactive statistical zero-knowledge arguments ($NISZKA$) for $NP$, with negligible soundness error, inverse polynomial zero-knowledge error, and non-uniform honest prover. Assuming also lossy public-key encryption, the statistical zero-knowledge error can be made negligible. We further show that $BARG$s satisfying a notion of honest somewhere extractability imply lossy public key encryption.
All of our results stem from a common framework showing how to transform a batch protocol for a language $L$ into an $SWI$ protocol for $L$.
Kaizhan Lin, Weize Wang, Zheng Xu, Chang-An Zhao
ePrint ReportDenis Firsov, Tiago Oliveira, Dominique Unruh
ePrint ReportIn order to do so, we show how leakage-freeness of Jasmin programs can be proven for probabilistic programs (that are not constant-time). We implement and verify algorithms for fast constant-time modular multiplication and exponentiation (using Barrett reduction and Montgomery ladder). We implement and verify the rejection sampling algorithm. And finally, we put it all together and show the security of the overall implementation (end-to-end verification) of the Schnorr protocol, by connecting our implementation to prior security analyses in EasyCrypt (Firsov, Unruh, CSF 2023).
Yuval Gelles, Ilan Komargodski
ePrint ReportIn light of this barrier, we propose a new framework for designing efficient agreement protocols. Specifically, we design $\tilde O(1)$-round protocols for all of the above tasks (assuming constant $<1/3$ fraction of static corruptions) with optimistic and pessimistic guarantees:
$\bullet$ $Optimistic$ $complexity$: In an honest execution, (honest) parties send only $\tilde O(1)$ bits.
$\bullet$ xxx$Pessimistic$ $complexity$: In any other case, (honest) parties send $\tilde O(\sqrt{n})$ bits.
Thus, all an adversary can gain from deviating from the honest execution is that honest parties will need to work harder (i.e., transmit more bits) to reach agreement and terminate. Besides the above agreement tasks, we also use our new framework to get a scalable secure multiparty computation (MPC) protocol with optimistic and pessimistic complexities.
Technically, we identify a relaxation of Byzantine Agreement (of independent interest) that allows us to fall-back to a pessimistic execution in a coordinated way by all parties. We implement this relaxation with $\tilde O(1)$ communication bits per party and within $\tilde O(1)$ rounds.
Anubhab Baksi, Jakub Breier, Anupam Chattopadhyay, Tomáš Gerlich, Sylvain Guilley, Naina Gupta, Kai Hu, Takanori Isobe, Arpan Jati, Petr Jedlicka, Hyunjun Kim, Fukang Liu, Zdeněk Martinásek, Kose ...
ePrint ReportThe crux of BAKSHEESH is to use a 4-bit SBox that has a non-trivial Linear Structure (LS). An SBox with one or more non-trivial LS has not been used in a cipher construction until DEFAULT (Asiacrypt'21). DEFAULT is pitched to have inherent protection against the Differential Fault Attack (DFA), thanks to its SBox having 3 non-trivial LS. BAKSHEESH, however, uses an SBox with only 1 non-trivial LS; and is a traditional cipher just like GIFT-128.
The SBox requires a low number of AND gates, making BAKSHEESH suitable for side-channel countermeasures (when compared to GIFT-128) and other niche applications. Indeed, our study on the cost of the threshold implementation shows that BAKSHEESH offers a few-fold advantage over other lightweight ciphers. The design is not much deviated from its predecessor (GIFT-128), thereby allowing for easy implementation (such as fix-slicing in software). However, BAKSHEESH opts for the full-round key XOR, compared to the half-round key XOR in GIFT.
Thus, when taking everything into account, we show how a cipher construction can benefit from the unique vantage point of using 1 LS SBox, by combining the state-of-the-art progress in classical cryptanalysis and protection against device-dependent attacks. We, therefore, create a new paradigm of lightweight ciphers, by adequate deliberation on the design choice, and solidify it with appropriate security analysis and ample implementation/benchmark.
Magnus Ringerud
ePrint ReportShiyao Chen, Chun Guo, Jian Guo, Li Liu, Meiqin Wang, Puwen Wei, Zeyu Xu
ePrint ReportAt CRYPTO 2015, Sun et al. established the links among impossible differential, zero-correlation linear, and integral cryptanalysis over $\mathbb{F}_2^{n}$ from the perspective of distinguishers. In this paper, following the definition of linear correlations over $\mathbb{F}_p$ by Baignéres, Stern and Vaudenay at SAC 2007, we successfully establish comprehensive links over $\mathbb{F}_p$, by reproducing the proofs and offering alternatives when necessary. Interesting and important differences between $\mathbb{F}_p$ and $\mathbb{F}_2^n$ are observed.
- Zero-correlation linear hulls can not lead to integral distinguishers for some cases over $\mathbb{F}_p$, while this is always possible over $\mathbb{F}_2^n$ proven by Sun et al..
- When the newly established links are applied to GMiMC, its impossible differential, zero-correlation linear hull and integral distinguishers can be increased by up to 3 rounds for most of the cases, and even to an arbitrary number of rounds for some special and limited cases, which only appeared in $\mathbb{F}_p$. It should be noted that all these distinguishers do not invalidate GMiMC's security claims.
The development of the theories over $\mathbb{F}_p$ behind these links, and properties identified (be it similar or different) will bring clearer and easier understanding of security of primitives in this emerging $\mathbb{F}_p$ field, which we believe will provide useful guides for future cryptanalysis and design.
Masahito Ishizaka
ePrint ReportMasahito Ishizaka, Kazuhide Fukushima
ePrint ReportWutichai Chongchitmate, Yuval Ishai, Steve Lu, Rafail Ostrovsky
ePrint ReportIn this work, we make two related contributions. First, we construct simple and efficient protocols for PSI and PSI-Payload from a ring version of oblivious linear function evaluation (ring-OLE) that can be efficiently realized using recent ring-LPN based protocols. A standard OLE over a field F allows a sender with $a,b \in \mathbb{F}$ to deliver $ax+b$ to a receiver who holds $x \in \mathbb{F}$. Ring-OLE generalizes this to a ring $\mathcal{R}$, in particular, a polynomial ring over $\mathbb{F}$. Our second contribution is an efficient general reduction of a variant of PSI-Sum to PSI-Payload and secure inner product.
Our protocols have better communication cost than state-of-the-art PSI protocols, especially when requiring security against malicious parties and when allowing input-independent preprocessing. Compared to previous maliciously secure PSI protocols that have a similar com- putational cost, our online communication is 2x better for small sets (28 − 212 elements) and 20% better for large sets (220 − 224). Our protocol is also simpler to describe and implement. We obtain even bigger improvements over the state of the art (4-5x better running time) for our variant of PSI-Sum.
Vasyl Ustimenko, Tymoteusz Chojecki, Michal Klisowski
ePrint ReportSherman S. M. Chow, Christoph Egger, Russell W. F. Lai, Viktoria Ronge, Ivy K. Y. Woo
ePrint ReportIn this work, we study the sustainability of ring-based anonymous systems, where a user performing an anonymous action is hidden within a set of decoy users, traditionally called a ``ring''.
On the positive side, we propose a general technique for ring-based anonymous systems to achieve sustainability. Along the way, we define a general model of decentralised anonymous systems (DAS) for arbitrary anonymous actions, and provide a generic construction which provably achieves sustainability. As a special case, we obtain the first construction of anonymous cryptocurrencies achieving sustainability without compromising availability. We also demonstrate the generality of our model by constructing sustainable decentralised anonymous social networks.
On the negative side, we show empirically that Monero, one of the most popular anonymous cryptocurrencies, is unlikely to be sustainable without altering its current ring sampling strategy. The main subroutine is a sub-quadratic-time algorithm for detecting used accounts in a ring-based anonymous system.