IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
16 July 2023
Tomoki Moriya
ePrint ReportIn this paper, we provide an adaptive attack for a possible PKE scheme based on FESTA trapdoor functions. Our attack reveals the secret key of the function. Our attack may be used if the recipient of the PKE scheme does not check whether the hidden matrix corresponding to the ciphertext is correct. In other words, the recipient can prevent our attack by checking the correctness of the matrix.
Chris Brzuska, Geoffroy Couteau, Pihla Karanko, Felix Rohrbach
ePrint ReportIn this work, we explore necessary features of constructions which achieve short input length by proving the following: for any direct product construction of a strong OWF $g$ from a weak OWF $f$, which can be inverted with probability $1-\tfrac{1}{p(n)}$, the input size of $g$ must grow as $\Omega(p(n))$. Here, direct product refers to the following structure: the construction $g$ executes some arbitrary pre-processing function (independent of $f$) on its input $s$, obtaining a vector $(x_1, \cdots, x_l)$, and outputs $f(x_1), \cdots, f(x_l)$. When setting the pre-processing to be the identity, one recovers thus Yao's construction.
Our result generalizes to functions $g$ with post-processing, as long as the post-processing function is not too lossy. Thus, in essence, any weak-to-strong OWF hardness amplification must either (1) be very far from security-preserving, (2) use adaptivity, or (3) must be very far from a direct-product structure (in the sense that post-processing of the outputs of $f$ is very lossy).
On a technical level, we use ideas from lower bounds for secret-sharing to prove the impossibility of derandomizing Yao in a black-box way. Our results are in line with Goldreich, Impagliazzo, Levin, Venkatesan, and Zuckerman (FOCS 1990) who derandomize Yao's construction for regular weak OWFs by evaluating the OWF along a random walk on an expander graph – the construction is adaptive, since it alternates steps on the expander graph with evaluations of the weak OWF.
Michael Brand, Benoit Poletti
ePrint ReportWe present a protocol extending the standard Bulletproof protocol, which introduces a second layer of interactivity to the protocol, by allowing the Verifier to choose the set of equations after the Prover has already committed to portions of the solution.
We show that such Verifier-chosen (or stochastically-chosen) equation sets can be used to design smaller equation sets with less variables that have the same proving-power as their larger, deterministic counterparts but are, in practice, orders of magnitude faster both in proof generation and in proof verification, and even reduce the size of the resulting proofs. We demonstrate this with an example from a real-world application.
Our method maintains all the classical benefits of the Bulletproof approach: efficient proof generation, efficient proof checking, extremely short proofs, and the ability to use Fiat-Shamir challenges in order to turn an interactive proof into a non-interactive proof.
Shichen Wu, Puwen Wei, Ren Zhang, Bowen Jiang
ePrint ReportWe address these challenges by analyzing DAG-based protocols via a congestible blockchain model (CBM), a general model that allows case-by-case upper bounds on the block propagation delay, rather than a uniform upper bound as in most previous analyses. CBM allows us to capture two key phenomena of high-throughput settings: (1) simultaneous blocks increase each other's propagation delay, and (2) a block can be processed only after receiving all the blocks it refers to. We further devise a reasonable adversarial block propagation strategy in CBM, called the late-predecessor attack, which exploits block dependencies to delay the processing of honest blocks. We then evaluate the security and performance of Prism and OHIE, two DAG-based protocols that aim to break the security-performance tradeoff, in the presence of an attacker capable of launching the late predecessor attack. Our results show that these protocols suffer from reduced security and extended latency in high-throughput settings similar to their chain-based predecessors.
Riddhi Ghosal, Amit Sahai
ePrint ReportShichang Wang, Meicheng Liu, Shiqi Hou, Dongdai Lin
ePrint ReportYanyi Liu, Rafael Pass
ePrint ReportIn this work, we present the first ``OWF-complete'' promise problem---a promise problem whose worst-case hardness w.r.t. $\BPP$ (resp. $\Ppoly$) is \emph{equivalent} to the existence of OWFs secure against $\PPT$ (resp. $\nuPPT$) algorithms. The problem is a variant of the Minimum Time-bounded Kolmogorov Complexity problem ($\mktp[s]$ with a threshold $s$), where we condition on instances having small ``computational depth''.
We furthermore show that depending on the choice of the threshold $s$, this problem characterizes either ``standard'' (polynomially-hard) OWFs, or quasi polynomially- or subexponentially-hard OWFs. Additionally, when the threshold is sufficiently small (e.g., $2^{O(\sqrt{n})}$ or $\poly\log n$) then \emph{sublinear} hardness of this problem suffices to characterize quasi-polynomial/sub-exponential OWFs.
While our constructions are black-box, our analysis is \emph{non- black box}; we additionally demonstrate that fully black-box constructions of OWF from the worst-case hardness of this problem are impossible. We finally show that, under Rudich's conjecture, and standard derandomization assumptions, our problem is not inside $\coAM$; as such, it yields the first candidate problem believed to be outside of $\AM \cap \coAM$, or even ${\bf SZK}$, whose worst case hardness implies the existence of OWFs.
Zehui Tang, Shengke Zeng, Tao Li, Shuai Cheng, Haoyu Zheng
ePrint ReportYanning Ji, Elena Dubrova
ePrint ReportFerdinand Sibleyras, Yosuke Todo
ePrint ReportErik Rybakken, Leona Hioki, Mario Yaksetig
ePrint ReportLilya Budaghyan, Mohit Pal
ePrint ReportRoy S Wikramaratna
ePrint ReportThe Additive Congruential Random Number (ACORN) generator is straightforward to implement; it has been demonstrated in previous papers to give rise to sequences with long period which can be proven from theoretical considerations to approximate to being uniform in up to k dimensions (for any given k).
The ACORN-QRE algorithm is a straightforward modification of ACORN which effectively avoids the linearity of the original algorithm, while preserving the uniformity of the modified sequence. It provides a new method for generating one-time pads that are resistant to attack either by current computers or by future computing developments, including quantum computers. The pads can use any alphabet (including both binary and alphanumeric) and can be used with a Vernam-type cypher to securely encrypt both files and communications.
This report explains how the ACORN-QRE algorithm works and provides evidence for the claim that the resulting one-time pads are inherently not susceptible to cryptanalysis and that they will remain secure against foreseeable developments in computing, including the potential development of quantum computers.
The ACORN-QRE algorithm is patented in the UK under Patent No. GB2591467; patent applied for in the US under Application No. 17/795632. The patents are owned by REAMC Limited, 4 Nuthatch Close, Poole, Dorset BH17 7XR, United Kingdom
Mathias Hall-Andersen, Mark Simkin, Benedikt Wagner
ePrint ReportIn this work, we initiate a cryptographic study of data availability sampling. To this end, we define data availability sampling precisely as a clean cryptographic primitive. Then, we show how data availability sampling relates to erasure codes. We do so by defining a new type of commitment schemes which naturally generalizes vector commitments and polynomial commitments. Using our framework, we analyze existing constructions and prove them secure. In addition, we give new constructions which are based on weaker assumptions, computationally more efficient, and do not rely on a trusted setup, at the cost of slightly larger communication complexity. Finally, we evaluate the trade-offs of the different constructions.
Vincent Giraud, David Naccache
ePrint ReportSebastian Kolby, Ran Canetti, Divya Ravi, Eduardo Soria-Vazquez, Sophia Yakoubov
ePrint ReportThe YOSO model separates the protocol design, specifying the short-lived responsibilities, from the mechanisms assigning these responsibilities to machines participating in the computation. These protocol designs must then be translated to run directly on the machines, while preserving security guarantees. We provide a versatile and modular framework for analyzing the security of YOSO-style protocols, and show how to use it to compile any protocol design that is secure against static corruptions of $t$ out of $c$ parties, into protocols that withstand adaptive corruption of $T$ out of $N$ machines (where $T/N$ is closely related to $t/c$, specifically when $t/c<0.5$, we tolerate $T/N \leq 0.29$) at overall communication cost that is comparable to that of the traditional protocol even when $c << N$.
Furthermore, we demonstrate how to minimize the use of costly non-committing encryption, thereby keeping the computational and communication overhead manageable even in practical terms, while still providing end to end security analysis. Combined with existing approaches for transforming stateful protocols into stateless ones while preserving static security (e.g. Gentry et al. 21, Kolby et al. 22), we obtain end to end security.
Sebastian Faust, Carmit Hazay, David Kretzler, Benjamin Schlosser
ePrint ReportIn this work, we present a threshold BBS+ protocol in the preprocessing model. Our protocol supports an arbitrary $t$-out-of-$n$ threshold and achieves non-interactive signing in the online phase. It relies on a new pseudorandom correlation-based offline protocol producing preprocessing material with sublinear communication complexity in the number of signatures. Both our offline and online protocols are actively secure under the Universal Composability framework. Finally, we estimate the concrete efficiency of our protocol, including an implementation of the online phase. The online protocol without network latency takes less than $15 ms$ for $t \leq 30$ and credentials sizes up to $10$. Further, our results indicate that the influence of $t$ on the online signing is insignificant, $< 6 \%$ for $t \leq 30$, and the overhead of the thresholdization occurs almost exclusively in the offline phase.
TU Wien Informatics, Vienna, Austria
Job PostingYour profile:
- Master degree in computer science or equivalent (degree completion by employment start)
- Background in security/blockchain is a plus
- Excellent English, communication, and teamwork skills
- Conducting world-class research in the design and analysis of scaling protocols for blockchains
- Engaging in research collaborations
- Contributing to teaching blockchain technologies on Masters-level
- The Security and Privacy group is internationally renowned, regularly publishes in top security venues, and consists of an international, diverse team with expertise in cryptography, security, privacy, and game theory
- An international English-speaking environment (German not required)
- Personal/professional development, flexible hours
- Central workplace location (U1/U2/U4 Karlsplatz)
- Creative environment in a top-ranked city in livability
- A competitive salary
The application material should include:
- Motivation letter
- Bachelor/Master’s transcripts
- Publication list (if available)
- Curriculum vitae
- Contact information for two referees
Closing date for applications:
Contact: Interested candidates should send the application material to Matteo Maffei (matteo.maffei@tuwien.ac.at) and Georgia Avarikioti (georgia.avarikioti@tuwien.ac.at). Applications received by August 15th will receive full consideration, but applications will be accepted until the position is filled.
Mysten Labs
Job PostingMysten is looking for a Software Engineer who is interested in cryptographic protocols and their application to blockchain. This person would work with us to design, check and implement mission-critical algorithms on range of topics including; cryptographic primitives such as pairing-based cryptography, distributed cryptographic protocols such as signature aggregation and distributed key generation, and zero-knowledge building blocks such as vector commitments and accumulators. They would then put this cryptography into practice in order to realize the scalability required by the next generation of blockchain networks.
What You'll Have:
Closing date for applications:
Contact: Please navigate to our job posting if you wish to apply: https://jobs.ashbyhq.com/mystenlabs/a3d0da5b-b3cb-45db-9aa8-dc89ba0cee5e
More information: https://jobs.ashbyhq.com/mystenlabs/a3d0da5b-b3cb-45db-9aa8-dc89ba0cee5e
12 July 2023
University of Birmingham, UK
Job PostingThe University of Birmingham's School of Computer Science continues to thrive during a period of sustained growth. We are inviting applications for full professorial positions [1]. If you are a leader with a passion for computer science (and in particular Cyber Security), this is an extraordinary opportunity to shape the future of our academic community.
Areas of interest include (but are not limited to) systems security, artificial intelligence, network/web security, as well as formal methods and cryptography.
As part of the University of Birmingham, you will have access to state-of-the-art facilities, world-class research centres (in particular the Centre for Cyber Security and Privacy [2]), and a growing network of academic and industry collaborations. Our commitment to diversity and inclusion ensures an inclusive and welcoming environment for all.
The deadline for applications is 30 July 2023. Please note that we reserve the right to close this vacancy early once a sufficient number of applications have been received.
[1] https://www.jobs.ac.uk/job/DBD093/chair-in-computer-science-school-of-computing-science-4-positions-102099
[2] https://www.birmingham.ac.uk/research/centre-for-cyber-security-and-privacy/index.aspx
Closing date for applications:
Contact: For further information, please contact Aad van Moorsel, a.vanmoorsel@bham.ac.uk. For informal enquiries regarding the Centre for Cyber Security and Privacy, please contact David Oswald (d.f.oswald@bham.ac.uk) and Mark Ryan (m.d.ryan@bham.ac.uk).
More information: https://www.jobs.ac.uk/job/DBD093/chair-in-computer-science-school-of-computing-science-4-positions-102099