IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
06 June 2023
Bart Mennink, Charlotte Lefevre
ePrint ReportShun Watanabe, Kenji Yasunaga
ePrint ReportTakanori Isobe, Ryoma Ito, Fukang Liu, Kazuhiko Minematsu, Motoki Nakahashi, Kosei Sakamoto, Rentaro Shiba
ePrint ReportFabio Campos, Jorge Chavez-Saab, Jesús-Javier Chi-Domínguez, Michael Meyer, Krijn Reijnders, Francisco Rodríguez-Henríquez, Peter Schwabe, Thom Wiggers
ePrint ReportWe fill this gap by providing two CSIDH instantiations: A deterministic and dummy-free instantiation based on SQALE, aiming at high security against physical attacks, and a speed-optimized constant-time instantiation that adapts CTIDH to larger parameter sizes. We provide implementations of both variants, including efficient field arithmetic for fields of such size, and high-level optimizations. Our deterministic and dummy-free version, dCSIDH, is almost twice as fast as SQALE, and, dropping determinism, CTIDH at these parameters is thrice as fast as dCSIDH. We investigate their use in real-world scenarios through benchmarks of TLS using our software.
Although our instantiations of CSIDH have smaller communication requirements than post-quantum KEM and signature schemes, both implementations still result in too-large handshake latency (tens of seconds), which hinder further consideration of using CSIDH in practice for conservative parameter set instantiations.
Jiangxia Ge, Tianshu Shan, Rui Xue
ePrint ReportIn the post-quantum setting, the ROM is extended to the quantum random oracle model (QROM), and the \textsf{IND-CCA} security of \textsf{FO} transformation and its KEM variants in the QROM has been extensively analyzed. Grubbs et al. (EUROCRYPTO 2021) and Xagawa (EUROCRYPTO 2022) then focused on security properties other than \textsf{IND-CCA} security, such as the anonymity aganist chosen-ciphertext attacks (\textsf{ANO-CCA}) of \textsf{FO} transformation in the QROM.
Beyond the post-quantum setting, Boneh and Zhandry (CRYPTO 2013) considered quantum adversaries that can perform the quantum chosen-ciphertext attacks (\textsf{qCCA}). However, to the best of our knowledge, there are few results on the \textsf{IND-qCCA} or \textsf{ANO-qCCA} security of \textsf{FO} transformation and its KEM variants in the QROM.
In this paper, we define a class of security games called the oracle-hiding game, and provide a lifting theorem for it. This theorem lifts the security reduction of oracle-hiding games in the ROM to that in the QROM. With this theorem, we prove the \textsf{IND-qCCA} and \textsf{ANO-qCCA} security of transformation $\textsf{FO}^{\slashed{\bot}}$, $\textsf{FO}^{\bot}$, $\textsf{FO}_m^{\slashed{\bot}}$ and $\textsf{FO}_m^\bot$, which are KEM variants of \textsf{FO}, in the QROM.
Moreover, we prove the \textsf{ANO-qCCA} security of the hybrid PKE schemes built via the KEM-DEM paradigm, where the underlying KEM schemes are obtained by $\textsf{FO}^{\slashed{\bot}}$, $\textsf{FO}^{\bot}$, $\textsf{FO}_m^{\slashed{\bot}}$ and $\textsf{FO}_m^\bot$. Notably, for those hybrid PKE schemes, our security reduction shows that their anonymity is independent of the security of their underlying DEM schemes. Hence, our result simplifies the anonymity analysis of the hybrid PKE schemes that obtained from the \textsf{FO} transformation.
Andrea Basso, Tako Boris Fouotsa
ePrint ReportIn this work, we propose a new countermeasure technique that leads to significantly more efficient and compact protocols. To do so, we introduce the concept of artificially oriented curves, which are curves with an associated pair of subgroups. We show that this information is sufficient to build parallel isogenies and thus obtain an SIDH-like key exchange, while also revealing significantly less information compared to previous constructions.
After introducing artificially oriented curves, we formalize several related computational problems and thoroughly assess their presumed hardness. We then translate the SIDH key exchange to the artificially oriented setting, obtaining the key-exchange protocols binSIDH, or binary SIDH, and terSIDH, or ternary SIDH, which respectively rely on fixed-degree and variable-degree isogenies.
Lastly, we also provide a proof-of-concept implementation of the proposed protocols. Despite being implemented in a high-level, terSIDH has very competitive running times, which suggests that terSIDH might be the most efficient isogeny-based encryption protocol.
Yaobin Shen, François-Xavier Standaert
ePrint ReportWe begin with how to design a tweakable block cipher with $2n$-bit tweak and $n$-bit security from two block cipher calls. For this purpose, we do an exhaustive search for tweakable block ciphers with $2n$-bit tweaks from two block cipher calls, and show that all of them suffer from birthday-bound attacks. Next, we investigate the possibility to design a tweakable block cipher with $2n$-bit tweak and $n$-bit security from three block cipher calls. We start with some conditions to build a such tweakable block cipher and propose a natural construction, called G1, that likely meets them. After inspection, we find a weakness on G1 which leads to a birthday-bound attack. Based on G1, we then propose another construction, called G2, that can avoid this weakness. We finally prove that G2 can achieve $n$-bit security with $2n$-bit tweak.
Sahiba Suryawanshi, Dhiman Saha
ePrint Report02 June 2023
Rockville, USA, 3 October - 4 October 2023
Event CalendarSubmission deadline: 1 July 2023
Notification: 30 June 2023
31 May 2023
Koç University, İstanbul, Turkey
Job PostingYour duties include performing research on cryptography, security, and privacy in line with our research group's focus, as well as directing graduate and undergraduate students in their research and teaching. The project funding is related to cryptography, game theory and mechanism design, adversarial machine learning, and blockchain technologies.
Applicants are expected to have already obtained their Ph.D. degrees in Computer Science or related discipline with a thesis topic related to the duties above.
For more information about joining our group and projects, visit
https://crypto.ku.edu.tr/work-with-us/
Submit your application via email including
- full CV,
- transcripts of all universities attended,
- 1-3 sample publications where you are the main author,
- a detailed research proposal,
- 2-3 reference letters sent directly by the referees.
Closing date for applications:
Contact: Assoc. Prof. Alptekin Küpçü
https://member.acm.org/~kupcu
More information: https://crypto.ku.edu.tr/work-with-us/
Koç University, İstanbul, Turkey
Job PostingYour duties include performing research on cryptography, cyber security, and privacy in line with our research group's focus, including blockchains and adversarial machine learning, assist teaching, as well as collaborating with other graduate and undergraduate students. Computer Science, Mathematics, Cryptography, or related background is necessary.
For applying online, and questions about the application-process for M.Sc. and Ph.D. positions, visit
https://gsse.ku.edu.tr/en/admissions/application-requirements
All applications must be completed online. Applications with missing documents will not be considered. Applications via e-mail will not be considered. Application Requirements:
- CV
- Recommendation Letters (2 for MSc, 3 for PhD)
- TOEFL (for everyone whose native language is not English, Internet Based: Minimum Score 80)
- GRE score
- Official transcripts from all the universities attended
- Statement of Purpose
- Area of Interest Form filled online
We also have a non-thesis paid Cyber Security M.Sc. program:
https://cybersecurity.ku.edu.tr/
For more information about joining our group and projects, visit
https://crypto.ku.edu.tr/work-with-us/
Closing date for applications:
Contact: https://gsse.ku.edu.tr/en/admissions/how-to-apply/
More information: https://gsse.ku.edu.tr/en/admissions/how-to-apply/
Paderborn University, Institute of Computer Science/Codes and Cryptography Group; Paderborn, Germany
Job PostingThe Faculty of Electrical Engineering, Computer Science and Mathematics - Institute of Computer Science / Codes and Cryptography Group - has a vacancy (100% of the regular working time) at the earliest opportunity:
Research Assistant (f/m/d) (salary is according to 13 TV-L)
This is a qualification position within the meaning of the Wissenschaftszeitvertragsgesetz (WissZeitVG - German Act on Scientific Temporary Contracts), which serves to promote a doctoral procedure or an early postdoc phase in the field of "Codes and Cryptography". The position is to be filled for a limited period, depending on the qualification achieved to date, but generally for a period of 3 years. An extension is possible within the time limits of the WissZeitVG if applicable.
Your duties and responsibilities
Research in one of the following areas:
- Cryptography and quantum cryptography
- Algorithmic number theory and complexity theory
- Quantum algorithms and quantum complexity
- Teaching on the order of 4 teaching hours (SWS) per week
Hiring requirement: Scientific Master degree in computer science, mathematics of physics
Since Paderborn University seeks to increase the number of female scientists, applications of women are especially welcome. In case of equal qualification and scientific achievements, they will receive preferential treatment according to the North Rhine-Westphalian Equal Opportunities Policy (LGG), unless there are cogent reasons to give preference to another applicant. Part-time employment is possible. Likewise, applications of disabled people with appropriate qualification are explicitly requested. This also applies to people with equal status according to the German social law SGB IX.
Closing date for applications:
Contact: Please send your application including a CV (preferably in a single pdf file) using the Ref. No. 5963 by 30 June 2023 to: bloemer@upb.de.
Prof. Dr. Johannes Blömer
Faculty of Computer Science, Electrical Engineering and Mathematics
Paderborn University
Warburger Str. 100
33098 Paderborn
More information: https://cs.uni-paderborn.de/en/cuk/research
Abu Dhabi, United Arab Emirates, 5 March - 8 March 2024
Event CalendarSubmission deadline: 20 July 2023
Notification: 12 September 2023
Darmstadt, Germany, 3 June - 6 June 2024
Event Calendar30 May 2023
Steve Thakur
ePrint ReportThe proof size is constant \( (10\; \mathbb{G}_1\), \(20\;\mathbb{F}_p)\), as is the verification runtime, which is dominated by a single pairing check (i.e. two pairings). The Prover time is dominated by the \(10\) multi-scalar multiplications in \(\mathbb{G}_1\) - with a combined MSM length of $22\cdot |\mathrm{Circuit}|$ - and, to a lesser extent, the computation of a single sum of polynomial products over the scalar field.
The scheme supports succinct lookup arguments for subsets as well as subsequences. Our construction relies on homomorphic table commitments, which makes them amenable to vector lookups. The Prover algorithm runs in runtime $O(M\cdot \log(M))$, where $M = \max \{|\text{Circuit}| , \;|\text{Table}|\}.$
When the scalar field has low $2$-adicity - as is inevitably the case with any outer curve to Ed25519, secp256k1 or BN254 - we use the Schonhage-Strassen algorithm or the multimodular FFT algorithm to compute the sum of polynomial products that occurs in one of the steps of the proof generation. Despite the small (but discernible) slowdown compared to polynomial products in FFT-friendly fields, we empirically found that the MSMs dominate the proof generation time. To that end, we have included some benchmarks for polynomial products in FFT-unfriendly fields.
Furthermore, the scheme supports custom gates, albeit at the cost of a larger proof size. As an application of the techniques in this paper, we describe a protocol that supports multiple \( \mathbf{univariate}\) custom gates $\mathcal{G}_i$ of high degree that are sparsely distributed, in the sense that \[ \sum_{i} \deg(\mathcal{G}_i)\cdot \#(\mathcal{G}_i\;\text{gates}) \; = \; O(|\text{Circuit}|). \] This comes at the cost of three additional $\mathbb{G}_1$ elements and does not blow up the proof generation time, i.e. it does not entail MSMs or FFTs of length larger than the circuit size.
At the moment, Panther Protocol's Rust implementation in a 576-bit pairing-friendly outer curve to Ed25519 has a (not yet optimized) Prover time of 45 seconds for a million gate circuit on a 64 vCPU AWS machine.
Chenghong Wang, David Pujo, Kartik Nayak, Ashwin Machanavajjhala
ePrint ReportZhipeng Wang, Xihan Xiong, William J. Knottenbelt
ePrint ReportIn this work, we analyze the efficiency and possible security implications of censorship on the different steps during the life cycle of a blockchain transaction, i.e., generation, propagation, and validation. We reveal that fine-grained censorship will reduce the security of block validators and centralized transaction propagation services, and can potentially cause Denial of Service (DoS) attacks. We also find that DeFi platforms adopt centralized third-party services to censor user addresses at the frontend level, which blockchain users could easily bypass. Moreover, we present a tainting attack whereby an adversary can prevent users from interacting normally with DeFi platforms by sending TC-related transactions.
Dmitrii Koshelev
ePrint ReportAlessio Meneghetti, Edoardo Signorini
ePrint ReportAndrea Di Giusto, Chiara Marcolla
ePrint ReportIn this work, we explore the non-power-of-two instantiations of BGV. Although our theoretical research encompasses results applicable to any cyclotomic ring, our main investigation is focused on the case of $m=2^s 3^t$, i.e., cyclotomic polynomials with degree $n=2^s 3^{t-1}$. We provide a thorough analysis of the noise growth in this new setting using the canonical norm and compare our results with the power-of-two case considering practical aspects like NTT algorithms. We find that in many instances, the parameter estimation process yields better results for the non-power-of-two setting.