IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
06 June 2023
Sahiba Suryawanshi, Dhiman Saha
ePrint Report02 June 2023
Rockville, USA, 3 October - 4 October 2023
Event CalendarSubmission deadline: 1 July 2023
Notification: 30 June 2023
31 May 2023
Koç University, İstanbul, Turkey
Job PostingYour duties include performing research on cryptography, security, and privacy in line with our research group's focus, as well as directing graduate and undergraduate students in their research and teaching. The project funding is related to cryptography, game theory and mechanism design, adversarial machine learning, and blockchain technologies.
Applicants are expected to have already obtained their Ph.D. degrees in Computer Science or related discipline with a thesis topic related to the duties above.
For more information about joining our group and projects, visit
https://crypto.ku.edu.tr/work-with-us/
Submit your application via email including
- full CV,
- transcripts of all universities attended,
- 1-3 sample publications where you are the main author,
- a detailed research proposal,
- 2-3 reference letters sent directly by the referees.
Closing date for applications:
Contact: Assoc. Prof. Alptekin Küpçü
https://member.acm.org/~kupcu
More information: https://crypto.ku.edu.tr/work-with-us/
Koç University, İstanbul, Turkey
Job PostingYour duties include performing research on cryptography, cyber security, and privacy in line with our research group's focus, including blockchains and adversarial machine learning, assist teaching, as well as collaborating with other graduate and undergraduate students. Computer Science, Mathematics, Cryptography, or related background is necessary.
For applying online, and questions about the application-process for M.Sc. and Ph.D. positions, visit
https://gsse.ku.edu.tr/en/admissions/application-requirements
All applications must be completed online. Applications with missing documents will not be considered. Applications via e-mail will not be considered. Application Requirements:
- CV
- Recommendation Letters (2 for MSc, 3 for PhD)
- TOEFL (for everyone whose native language is not English, Internet Based: Minimum Score 80)
- GRE score
- Official transcripts from all the universities attended
- Statement of Purpose
- Area of Interest Form filled online
We also have a non-thesis paid Cyber Security M.Sc. program:
https://cybersecurity.ku.edu.tr/
For more information about joining our group and projects, visit
https://crypto.ku.edu.tr/work-with-us/
Closing date for applications:
Contact: https://gsse.ku.edu.tr/en/admissions/how-to-apply/
More information: https://gsse.ku.edu.tr/en/admissions/how-to-apply/
Paderborn University, Institute of Computer Science/Codes and Cryptography Group; Paderborn, Germany
Job PostingThe Faculty of Electrical Engineering, Computer Science and Mathematics - Institute of Computer Science / Codes and Cryptography Group - has a vacancy (100% of the regular working time) at the earliest opportunity:
Research Assistant (f/m/d) (salary is according to 13 TV-L)
This is a qualification position within the meaning of the Wissenschaftszeitvertragsgesetz (WissZeitVG - German Act on Scientific Temporary Contracts), which serves to promote a doctoral procedure or an early postdoc phase in the field of "Codes and Cryptography". The position is to be filled for a limited period, depending on the qualification achieved to date, but generally for a period of 3 years. An extension is possible within the time limits of the WissZeitVG if applicable.
Your duties and responsibilities
Research in one of the following areas:
- Cryptography and quantum cryptography
- Algorithmic number theory and complexity theory
- Quantum algorithms and quantum complexity
- Teaching on the order of 4 teaching hours (SWS) per week
Hiring requirement: Scientific Master degree in computer science, mathematics of physics
Since Paderborn University seeks to increase the number of female scientists, applications of women are especially welcome. In case of equal qualification and scientific achievements, they will receive preferential treatment according to the North Rhine-Westphalian Equal Opportunities Policy (LGG), unless there are cogent reasons to give preference to another applicant. Part-time employment is possible. Likewise, applications of disabled people with appropriate qualification are explicitly requested. This also applies to people with equal status according to the German social law SGB IX.
Closing date for applications:
Contact: Please send your application including a CV (preferably in a single pdf file) using the Ref. No. 5963 by 30 June 2023 to: bloemer@upb.de.
Prof. Dr. Johannes Blömer
Faculty of Computer Science, Electrical Engineering and Mathematics
Paderborn University
Warburger Str. 100
33098 Paderborn
More information: https://cs.uni-paderborn.de/en/cuk/research
Abu Dhabi, United Arab Emirates, 5 March - 8 March 2024
Event CalendarSubmission deadline: 20 July 2023
Notification: 12 September 2023
Darmstadt, Germany, 3 June - 6 June 2024
Event Calendar30 May 2023
Steve Thakur
ePrint ReportThe proof size is constant \( (10\; \mathbb{G}_1\), \(20\;\mathbb{F}_p)\), as is the verification runtime, which is dominated by a single pairing check (i.e. two pairings). The Prover time is dominated by the \(10\) multi-scalar multiplications in \(\mathbb{G}_1\) - with a combined MSM length of $22\cdot |\mathrm{Circuit}|$ - and, to a lesser extent, the computation of a single sum of polynomial products over the scalar field.
The scheme supports succinct lookup arguments for subsets as well as subsequences. Our construction relies on homomorphic table commitments, which makes them amenable to vector lookups. The Prover algorithm runs in runtime $O(M\cdot \log(M))$, where $M = \max \{|\text{Circuit}| , \;|\text{Table}|\}.$
When the scalar field has low $2$-adicity - as is inevitably the case with any outer curve to Ed25519, secp256k1 or BN254 - we use the Schonhage-Strassen algorithm or the multimodular FFT algorithm to compute the sum of polynomial products that occurs in one of the steps of the proof generation. Despite the small (but discernible) slowdown compared to polynomial products in FFT-friendly fields, we empirically found that the MSMs dominate the proof generation time. To that end, we have included some benchmarks for polynomial products in FFT-unfriendly fields.
Furthermore, the scheme supports custom gates, albeit at the cost of a larger proof size. As an application of the techniques in this paper, we describe a protocol that supports multiple \( \mathbf{univariate}\) custom gates $\mathcal{G}_i$ of high degree that are sparsely distributed, in the sense that \[ \sum_{i} \deg(\mathcal{G}_i)\cdot \#(\mathcal{G}_i\;\text{gates}) \; = \; O(|\text{Circuit}|). \] This comes at the cost of three additional $\mathbb{G}_1$ elements and does not blow up the proof generation time, i.e. it does not entail MSMs or FFTs of length larger than the circuit size.
At the moment, Panther Protocol's Rust implementation in a 576-bit pairing-friendly outer curve to Ed25519 has a (not yet optimized) Prover time of 45 seconds for a million gate circuit on a 64 vCPU AWS machine.
Chenghong Wang, David Pujo, Kartik Nayak, Ashwin Machanavajjhala
ePrint ReportZhipeng Wang, Xihan Xiong, William J. Knottenbelt
ePrint ReportIn this work, we analyze the efficiency and possible security implications of censorship on the different steps during the life cycle of a blockchain transaction, i.e., generation, propagation, and validation. We reveal that fine-grained censorship will reduce the security of block validators and centralized transaction propagation services, and can potentially cause Denial of Service (DoS) attacks. We also find that DeFi platforms adopt centralized third-party services to censor user addresses at the frontend level, which blockchain users could easily bypass. Moreover, we present a tainting attack whereby an adversary can prevent users from interacting normally with DeFi platforms by sending TC-related transactions.
Dmitrii Koshelev
ePrint ReportAlessio Meneghetti, Edoardo Signorini
ePrint ReportAndrea Di Giusto, Chiara Marcolla
ePrint ReportIn this work, we explore the non-power-of-two instantiations of BGV. Although our theoretical research encompasses results applicable to any cyclotomic ring, our main investigation is focused on the case of $m=2^s 3^t$, i.e., cyclotomic polynomials with degree $n=2^s 3^{t-1}$. We provide a thorough analysis of the noise growth in this new setting using the canonical norm and compare our results with the power-of-two case considering practical aspects like NTT algorithms. We find that in many instances, the parameter estimation process yields better results for the non-power-of-two setting.
Fukang Liu, Lorenzo Grassi, Clémence Bouvier, Willi Meier, Takanori Isobe
ePrint Report1. can the algebraic degree increase exponentially when $w=1$?
2. what is the influence of $w$, $d$ and $(h_1,\ldots,h_w)$ on the growth of the algebraic degree?
Based on this, we show (i) how to efficiently find $(h_1,\ldots,h_w)$ to achieve the exponential growth of the algebraic degree and (ii) how to efficiently compute the upper bound of the algebraic degree for arbitrary $(h_1,\ldots,h_w)$. Therefore, we expect that these results can further advance the understanding of the design and analysis of such primitives.
Amit Singh Bhati, Antonin Dufka, Elena Andreeva, Arnab Roy, Bart Preneel
ePrint ReportAlia Umrani, Apurva K Vangujar, Paolo Palmieri
ePrint ReportMingjie Chen, Muhammad Imran, Gábor Ivanyos, Péter Kutas, Antonin Leroux, Christophe Petit
ePrint ReportIn this paper, we introduce a new quantum polynomial-time algorithm to solve IsERP for isogenies whose degrees are odd and have $O(\log\log p)$ many prime factors. As main technical tools, our algorithm uses a quantum algorithm for computing hidden Borel subgroups, a group action on supersingular isogenies from EUROCRYPT 2021, various algorithms for the Deuring correspondence and a new algorithm to lift arbitrary quaternion order elements modulo an odd integer $N$ with $O(\log\log p)$ many prime factors to powersmooth elements.
As a main consequence for cryptography, we obtain a quantum polynomial-time key recovery attack on pSIDH. The technical tools we use may also be of independent interest.
Alex Ozdemir, Riad S. Wahby, Fraser Brown, Clark Barrett
ePrint ReportAlexander May, Julian Nowakowski
ePrint ReportAt Crypto`20, Dachman-Soled, Ducas, Gong and Rossi (DDGR) defined among other so-called perfect hints and modular hints. The trailblazing DDGR framework allows to integrate and combine hints successively into lattices, and estimates the resulting LWE security loss.
We introduce a new methodology to integrate and combine an arbitrary number of perfect and modular in a single stroke. As opposed to DDGR, our methodology is significantly more efficient in constructing lattice bases, and thus easily allows for a large number of hints up to cryptographic dimensions, a regime that is impractical in DDGR. The efficiency of our method defines a large LWE parameter regime, in which we can fully carry out attacks faster than DDGR can solely estimate them. A key component of our new method is dimension reduction of $\mathbf s$, which significantly reduces LWE security.
The benefits of our approach allow us to practically determine which number of hints is sufficient to efficiently break LWE-based lattice schemes in practice. For mod-$q$ hints, i.e., modular hints defined over $\mathbb{Z}_q$, we reconstruct Kyber-512 secret keys via LLL reduction (only!) with an amount of $449$ hints. For Falcon-512, NTRU-HRSS-701, Kyber-768 and Dilithium-1024 we need $452$, $622$, $702$ and $876$ modular hints, respectively. Our results for perfect hints significantly improve over these numbers, requiring for LWE dimension $n$ roughly $n/2$ perfect hints. Namely, we reconstruct via LLL reduction Kyber-512 keys with merely $234$ perfect hints. For secret keys of Falcon-512, NTRU-HRSS-701, Kyber-768 and Dilithium-1024 we require $233$, $332$, $390$ and $463$ perfect hints, respectively. We find such a small amount of perfect hints quite remarkable. If we resort to stronger lattice reduction techniques like BKZ, we need even fewer hints.
For mod-$q$ hints our method is extremely efficient, taking total time for constructing our lattice bases and secret key recovery via LLL of around 20 mins for dimension 512, 40 mins for dimensions 701 and 768, and less than 10 hours for dimension 1024. For perfect hints we require around 3 hours (dim 512), 11 hours (dim 701), 1 day (dim 768), and one week (dim 1024).
Our results demonstrate that especially perfect hints are powerful in practice, and stress the necessity to properly protect lattice schemes against leakage.