IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
24 July 2023
Haruka Hirata, Daiki Miyahara, Victor Arribas, Yang Li, Noriyuki Miura, Svetla Nikova, Kazuo Sakiyama
ePrint ReportThen, we propose a countermeasure that prevents these attacks. We extend M&M with a fine-grained detection-based feature capable of detecting the zero-value glitch attacks. In this effort, we also solve the problem of a combined attack on the ciphertext output check of M&M scheme by using Kronecker's delta function. We deploy the countermeasure on FPGA and verify its security against both fault and side-channel analysis with practical experiments.
Furkan Aydin, Aydin Aysu
ePrint ReportCayle Sharrock, Schalk van Heerden
ePrint ReportNavid Alamati, Varun Maram, Daniel Masny
ePrint ReportWe introduce a substantially weaker variant of the random oracle model in the post-quantum setting, which we call "non-observable quantum random oracle model" (NO QROM). Our model uses weaker heuristics than the quantum random oracle model by Boneh, Dagdelen, Fischlin, Lehmann, Schaffner, and Zhandry (ASIACRYPT 2011), or the non-observable random oracle model proposed by Ananth and Bhaskar (ProvSec 2013). At the same time, we show that our model is a viable option for establishing the post-quantum security of many cryptographic schemes by proving the security of important primitives such as extractable non-malleable commitments, digital signatures, and chosen-ciphertext secure public-key encryption in the NO QROM.
Léo Ducas, Thomas Espitau, Eamonn W. Postlethwaite
ePrint ReportWe apply this cryptanalysis to examples from the literature where taking such small moduli has been suggested. A recent work [Espitau–Tibouchi–Wallet–Yu, CRYPTO 2022] suggests small \(q\) versions of the lattice signature scheme FALCON and its variant MITAKA.
For one small \(q\) parametrisation of FALCON we reduce the estimated security against signature forgery by approximately 26 bits. For one small \(q\) parametrisation of MITAKA we successfully forge a signature in $15$ seconds.
Robert Christian Subroto
ePrint ReportBenedikt Auerbach, Miguel Cueto Noval, Guillermo Pascual-Perez, Krzysztof Pietrzak
ePrint ReportThe recently proposed protocol CoCoA [Alwen et al. Eurocrypt'22], however, shows that this overhead can be reduced if PCS requirements are relaxed, and only a logarithmic number of rounds is required. The natural question, thus, is whether CoCoA is optimal in this setting.
In this work we answer this question, providing a lower bound on the cost (concretely, the amount of data to be uploaded to the server) for CGKA protocols that heal in an arbitrary $k$ number of rounds, that shows that CoCoA is very close to optimal. Additionally, we extend CoCoA to heal in an arbitrary number of rounds, and propose a modification of it, with a reduced communication cost for certain $k$.
We prove our bound in a combinatorial setting where the state of the protocol progresses in rounds, and the state of the protocol in each round is captured by a set system, each set specifying a set of users who share a secret key. We show this combinatorial model is equivalent to a symbolic model capturing building blocks including PRFs and public-key encryption, related to the one used by Bienstock et al.
Our lower bound is of order $k\cdot n^{1+1/(k-1)}/\log(k)$, where $2\le k\le \log(n)$ is the number of updates per user the protocol requires to heal. This generalizes the $n^2$ bound for $k=2$ from Bienstock et al. This bound almost matches the $k\cdot n^{1+2/(k-1)}$ or $k^2\cdot n^{1+1/(k-1)}$ efficiency we get for the variants of the CoCoA protocol also introduced in this paper.
Xinle Cao, Jian Liu, Yongsheng Shen, Xiaohua Ye, Kui Ren
ePrint ReportUnfortunately, there are still vulnerabilities in all existing FH-OPE schemes. In this work, we revisit the security of all existing FH-OPE schemes. We are the first to demonstrate that plaintext frequency hidden by them is recoverable. We present three ciphertext-only attacks named frequency-revealing attacks to recover plaintext frequency. We evaluate our attacks in three real-world datasets. They recover over 90% of plaintext frequency hidden by any existing FH-OPE scheme. With frequency revealed, we also show the potentiality to apply inference attacks on existing FH-OPE schemes.
Our findings highlight the limitations of current FH-OPE schemes. Our attacks demonstrate that achieving frequency-hiding requires addressing the leakages of both non-uniform ciphertext distribution and insertion orders of ciphertexts, even though the leakage of insertion orders is always ignored in OPE.
Alireza Kavousi, Zhipeng Wang, Philipp Jovanovic
ePrint ReportMuhammad Faisal, Jerry Zhang, John Liagouris, Vasiliki Kalavri, Mayank Varia
ePrint Report23 July 2023
Hasso-Plattner-Institut, Potsdam/Berlin, Germany
Job PostingWe have several open positions for PhD students and Postdocs to join our group at the Hasso-Plattner-Institute (HPI) in the area of cryptography and privacy. The HPI is academically structured as the independent Faculty of Digital Engineering at the University of Potsdam, and unites excellent research and teaching with the advantages of a privately financed institute.
Your tasks- Development and analysis of provably secure cryptographic protocols for real-world problems. Topics of interest include (but are not limited to):
- Privacy-preserving protocols
- Hardware-based cryptography
- User- and privacy-friendly identity management
- Foundations for real-world protocols
- Publish and present results at top-tier international conferences
- Participate in teaching activities
- Master's degree (or PhD for postdoctoral position) in Computer Science, Mathematics, or a related area by the time of appointment
- Strong algorithmic or mathematical background and good knowledge in the area of cryptography (for postdoctoral candidates proven in the form of publications)
- Fluent in English
We look forward to your application including a CV and motivation letter. Applications for the PhD position should also include a list of attended Master courses and grades, whereas applications for the Postdoc position should include contact information for two references.
Closing date for applications:
Contact: Anja Lehmann; anja.lehmann [at] hpi.de
More information: https://hpi.de/lehmann/home.html
University College Cork, Ireland
Job PostingThe candidate should hold a PhD degree in cryptography or related area, with a good track record of publications. Ideally, they will have experience in homomorphic encryption, or related areas such as lattice-based or other post-quantum cryptography, secure multiparty computation etc. Candidates with a background in other areas of cryptography, but with a strong interest in homomorphic encryption will also be considered. A strong mathematical background is expected, complemented with programming skills. Experience with relevant libraries such as SEAL, HElib etc. is an asset.
The position is for 2 years, with a possibility of extension subject to availability of funding. The successful candidate will be appointed at Post-Doctoral or Senior Post-Doctoral level depending on their experience and qualifications. A budget for travel, equipment, publications and other research expenses is available as part of the project.
The Cryptography Research Group is led by Dr. Paolo Palmieri and consists of 8 researchers at doctoral and post-doctoral level. The hired researcher will be encouraged to collaborate with other members of the group, and to take a mentoring role with some of the more junior researchers. There will also be ample opportunities to work with other partners in the SECURED project (including some of the top research groups in cryptography, both in industry and academia), as well as with the group’s extensive network of international collaborations.
Closing date for applications:
Contact: Informal inquiries can be made by e-mail to Paolo Palmieri at p.palmieri@cs.ucc.ie but applications must be made online at http://ore.ucc.ie/ (reference number 069532) before 12:00 (noon), August 10, 2023.
More information: https://security.ucc.ie/vacancies.html
University of Amsterdam, The Netherlands
Job PostingWhat are you going to do?
What do you have to offer?
Closing date for applications:
Contact: Francesco Regazzoni
More information: https://vacatures.uva.nl/UvA/job/PhD-Position-on-Efficient-Privacy-preserving-Techniques-for-Data-Analysis-and-Machine-Learning/760571702/
20 July 2023
Announcement
Please submit nominations via this form by July 31: https://forms.gle/wwvx4SkAoooX5SEA9
18 July 2023
Keita Emura, Kaisei Kajita, Go Ohtake
ePrint ReportRobertas Maleckas, Kenneth G. Paterson, Martin R. Albrecht
ePrint ReportWe present an in-depth analysis of the design of Jitsi and its use of cryptography. Based on our analysis, we demonstrate two practical attacks that compromised server components can mount against the E2EE layer: we show how the bridge can break integrity by injecting inauthentic media into E2EE conferences, whilst the signaling server can defeat the encryption entirely. On top of its susceptibility to these attacks, the E2EE feature does not apply to text-based communications. This is not made apparent to users and would be a reasonable expectation given how Jitsi is marketed. Further, we identify critical issues with Jitsi's poll feature, which allow any meeting participant to arbitrarily manipulate voting results. Our findings are backed by proof-of-concept implementations and were verified to be exploitable in practice.
We communicated our findings to Jitsi via a coordinated disclosure process. Jitsi has addressed the vulnerabilities via a mix of technical improvements and documentation changes.
Markku-Juhani O. Saarinen, Mélissa Rossi
ePrint ReportIn this work, we introduce mask compression. This conceptually simple technique is based on standard, non-masked symmetric cryptography. Mask compression allows an implementation to dynamically replace individual shares of large arithmetic objects (such as polynomial rings) with $\kappa$-bit cryptographic seeds (or temporary keys) when they are not in computational use. Since $\kappa$ does not need to be larger than the security parameter (e.g., $\kappa=256$ bits) and each polynomial share may be several kilobytes in size, this radically reduces the memory requirement of high-order masking. Overall provable security properties can be maintained by using appropriate gadgets to manage the compressed shares. We describe gadgets with Non-Inteference (NI) and composable Strong-Non Interference (SNI) security arguments.
Mask compression can be applied in various settings, including symmetric cryptography, code-based cryptography, and lattice-based cryptography. It is especially useful for cryptographic primitives that allow quasilinear-complexity masking and hence are practically capable of very high masking orders. We illustrate this with a $d=32$ (Order-31) implementation of the recently introduced lattice-based signature scheme Raccoon on an FPGA platform with limited memory resources.
Yonatan Zilpa
ePrint ReportYibin Yang, David Heath
ePrint ReportWe implemented our memory in the context of ZK proofs based on vector oblivious linear evaluation (VOLE), and we further optimize based on techniques available in the VOLE setting. Our experiments show that (1) our total runtime improves over that of the prior best VOLE-ZK RAM (Franzese et al., CCS’21) by up to 20× and (2) on a typical hardware setup, we can achieve ≈ 600K RAM accesses per second.
We also develop improved read-only memory and set ZK data structures. These are used internally in our read/write memory and improve over prior work.