IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
04 September 2023
Debajyoti Das, Claudia Diaz, Aggelos Kiayias, Thomas Zacharias
We are the first to close that gap and provide a formal analysis. We provide two indistinguishability based definitions (of sender anonymity), namely pairwise unlinkability and user unlinkability, tuned specifically for continuous stop-and-go mixnets. We derive the adversarial advantage as a function of the protocol parameters for the two definitions. We show that there is a fundamental lower bound on the adversarial advantage $\delta$ for pairwise unlinkability; however, strong user unlinkability (negligible adversarial advantage) can be achieved if the users message rate ($\lambda_u$) is proportional to message processing rate ($\lambda$) on the nodes.
Animesh Singh, Smita Das, Anirban Chakraborty, Rajat Sadhukhan, Ayantika Chatterjee, Debdeep Mukhopadhyay
02 September 2023
Anes Abdennebi, Erkay Savaş
In this work, we provide GPU-based algorithms for accelerating KP-ABE encryption and homomorphic evaluation functions seamlessly integrated into the open-source library with minor additional build changes needed to run the GPU kernels. Using GPU algorithms, we perform both homomorphic encryption and homomorphic evaluation operations 2.1× and 13.2× faster than the CPU implementations reported in the literature on an Intel i9, respectively. Furthermore, our implementation supports up to 128 attributes for encryption and homomorphic evaluation with fixed and changing access policies. Unlike the reported GPU-based homomorphic operations in the literature, which support only up to 32 attributes and give estimations for a higher number of attributes. We also propose a GPU-based KP-ABE scheme for publish/subscribe messaging applications, in which end-to-end security of the messages is guaranteed. Here, while the exchanged messages are encrypted with as many as 128 attributes by publishers, fewer attributes are needed for homomorphic evaluation. Our fast and memory-efficient GPU implementations of KP-ABE encryption and homomorphic evaluation operations demonstrate that the KP-ABE scheme can be used for practicable publish/subscribe messaging applications.
Chris Orsini, Alessandra Scafuro, Tanner Verber
In recent years, some digital assets are managed solely through the knowledge of cryptographic secrets (e.g., cryptocurrency, encrypted datasets), whose loss results in the permanent loss of the digital asset. Since the security of such systems relies on the assumption that the cryptographic key remains secret, a secret owner Alice cannot simply store a backup copy of such secret on the cloud, since this corresponds to giving away her ownership over the digital assets. Thus Alice must rely on her personal machines to maintain these secrets.
Is it possible to obtain the best of the two worlds, where Alice benefits from the convenience of storing a backup copy of her cryptographic secrets on the cloud such that she can recover them even when she loses her devices and forgets all credentials, while at the same time retaining full ownership of her secrets?
In this paper, we show that this is indeed possible, by revisiting and expanding the concept of Break-glass Encryption pioneered by Scafuro [PKC19].
We provide a secret-recovery mechanism where confidentiality is always guaranteed when Alice has not lost her credentials, even in the presence of a malicious cloud and users ([PKC19] only guarantees that a violation of confidentiality will be {\em detected}, not prevented). Recoverability is achieved in most circumstances.
We design and prove security of a credential-less authentication mechanism, that enables Alice to access her secret, without remembering any credentials. This tool was assumed in [PKC19] but not implemented. We redesign the storage mechanism on the cloud side so that the cloud needs to perform no operations during the storage phase. This is in contrast with [PKC19] where the cloud must re-encrypt the stored file continuously with the help of a secure enclave (regardless of whether a recovery procedure will happen).
Our protocols are proved secure in the Universal Composition framework.
Nan Cheng, Naman Gupta, Aikaterini Mitrokotsa, Hiraku Morita, Kazunari Tozawa
Ma et al. (NDSS 2021) presented a lightweight PDTE protocol with sublinear communication cost with linear round complexity in the size of the input data. This protocol works well in the low latency network such as LAN while its total execution time is unfavourably increased in the WAN setting. In contrast, Tsuchida et al. (ProvSec 2020) constructed a constant round PDTE protocol at the cost of communication complexity, which works well in the WAN setting. Although their construction still requires 25 rounds, it showed a possible direction on how to make constant round PDTE protocols. Ji et al. (IEEE Transactions on Dependable and Secure Computing) presented a simplified PDTE with constant rounds using the function secret sharing (FSS) at the cost of communication complexity.
Our proposed protocol only requires five rounds among the employed three servers executing secret sharing schemes, which is comparable to previously proposed protocols that are based on garbled circuits and homomorphic encryption. To further demonstrate the efficiency of our protocol, we evaluated it using real-world classification datasets. The evaluation results indicate that our protocol provides better concrete performance in the WAN setting that has a large network delay.
Xavier Bonnetain, André Schrottenloher
Typically these attacks use the structure of the mode (stream cipher, MAC or authenticated encryption scheme) to embed a period-finding problem, which can be solved with a dedicated quantum algorithm. The hidden period can be recovered with a few superposition queries (e.g., $O(n)$ for Simon's algorithm), leading to state or key-recovery attacks. However, this strategy breaks down if the period changes at each query, e.g., if it depends on a nonce.
In this paper, we focus on this case and give dedicated state-recovery attacks on the authenticated encryption schemes Rocca, Rocca-S, Tiaoxin-346 and AEGIS-128L. These attacks rely on a procedure to find a Boolean hidden shift with a single superposition query, which overcomes the change of nonce at each query. As they crucially depend on such queries, we stress that they do not break any security claim of the authors, and do not threaten the schemes if the adversary only makes classical queries.
Vitaly Kiryukhin
We carefully detail the resources of the adversary in the related key settings, revisit the proof, and obtain tight security bounds. Let $n$ be the bit length of the hash function state. If the amount of processed data is less than about $2^{n-k}$ blocks, then for HMAC-Streebog-512 and Streebog-K, the only effective method of forgery (or distinguishing) is guessing the $k$-bit secret key or the tag if it is shorter than the key. So, we can speak about ``$k$-bit security'' without specifying the amount of material, if the key length is no longer than half of a state. The bound for HMAC-Streebog-256 is worse and equal to $2^{\frac{n}{2}-k}$ blocks.
Hiroki Okada, Rachel Player, Simon Pohmann
We investigate how to apply our improved polynomial evaluation to the bootstrapping procedure for BFV, and show that we are able to significantly improve its performance. We demonstrate this by providing an implementation of our improved BFV bootstrapping using the Microsoft SEAL library. More concretely, we obtain a $1.6\times$ speed up compared to the prior implementation given by Chen and Han (Eurocrypt 2018). The techniques are independent of, and can be combined with, the more recent optimisations presented by Geelen \textit{et al}. (Eurocrypt 2023).
As an additional contribution, we show how the bootstrapping approach used in schemes such as FHEW and TFHE can be applied in the BFV context. In particular, we demonstrate that programmable bootstrapping can be achieved for BFV. Moreover, we show how this bootstrapping approach can be improved in the BFV context to make better use of the Galois structure. However, we estimate that its complexity is around three orders of magnitude slower than the classical approach to BFV bootstrapping.
Vitaly Kiryukhin
Ling Song, Qianqian Yang, Huimin Liu
Joachim Neu, Ertem Nusret Tas, David Tse
Martin R. Albrecht, Benjamin Dowling, Daniel Jones
Utilising our new formalism, we determine that Matrix achieves the basic security notions of confidentiality and authentication, provided it introduces authenticated group membership. On the other hand, while the state sharing functionality in Matrix conflicts with advanced security notions in the literature – forward and post-compromise security – it enables features such as history sharing and account recovery, provoking broader questions about how such security notions should be conceptualised.
Maher Boudabra, Abderrahmane Nitaj
Jiang Zhang, Dengguo Feng, Di Yan
Concretely, we can use $q = 769$ to obtain public keys and ciphertexts of 615 bytes with decryption failure $\leq 2^{-138}$ at NIST level 1 security, and 1229 bytes with decryption failure $\leq 2^{-152}$ at NIST level 5 security. By applying the Fujisaki-Okamoto transformation in a standard way, we obtain an IND-CCA secure KEM from our basic PKE scheme. Compared to NTRU and Kyber in the NIST Round 3 finalists at the same security levels, our KEM is 33-48% more compact and 5.03-29.94X faster than NTRU in the round-trip time of ephemeral key exchange, and is 21% more compact and 1.42-1.74X faster than Kyber.
We also give an optimized encryption scheme NEV' with better noise tolerance (and slightly better efficiency) based on a variant of the RLWE problem, called Subset-Sum Parity RLWE problem, which we show is polynomially equivalent to the standard decisional RLWE problem (with different parameters), and maybe of independent interest.
Daniel Nager
Zhengjun Cao, Lihua Liu
Yuqing Zhao, Chun Guo, Weijia Wang
Gowri R Chandran, Raine Nieminen, Thomas Schneider, Ajith Suresh
We propose PrivMail, a novel approach to secure emails using secret sharing methods. Our framework utilizes Secure Multi-Party Computation techniques to relay emails through multiple service providers, thereby preventing any of them from accessing the content in plaintext. Additionally, PrivMail supports private server-side email processing similar to IMAP SEARCH, and eliminates the need for cryptographic certificates, resulting in better usability than public-key based solutions. An important aspect of our framework is its capability to enable third-party searches on user emails while maintaining the privacy of both the email and the query used to conduct the search.
We integrate PrivMail into the current email infrastructure and provide a Thunderbird plugin to enhance user-friendliness. To evaluate our solution, we benchmarked transfer and search operations using the Enron Email Dataset and demonstrate that PrivMail is an effective solution for enhancing email security.
María Isabel González Vasco, Delaram Kahrobaei, Eilidh McKemmie
01 September 2023
MAYA-ZK, Prague
About MAYA-ZK:
MAYA-ZK is a venture-backed company aiming to revolutionize the field of zero-knowledge proofs through hardware acceleration. We are a close-knit team comprising hardware engineers, software developers, and research scientists.
Research Aims:
Our focus is primarily on accelerating zero-knowledge proofs, specifically ZK-SNARKs, through innovative hardware solutions.
Position Description:
Senior FPGA Researcher/Developer
We're seeking an experienced FPGA researcher/developer with a specialized focus on cryptography and ZK. This is a senior-level position that will play a critical role in the development and acceleration of cryptographic algorithms.
Requirements:
- PhD or Master’s degree with extensive experience in FPGA and hardware design.
- Expertise in cryptographic algorithms, particularly zero-knowledge proofs and ZK-SNARKs.
- Strong background in HW/SW co-design
- Familiarity with Linux kernel driver development is a plus but not mandatory.
- Excellent communication skills and ability to work in a multidisciplinary environment.
Key Responsibilities:
- Lead the research and development efforts to accelerate ZK-SNARKs on FPGAs.
- Develop and optimize hardware-accelerated solutions.
- Collaborate with our research team to integrate new cryptographic primitives.
- Conduct system-level performance evaluations and resolve any hardware or software issues.
How to Apply:
If you are interested in being at the forefront of cryptographic research and hardware acceleration, please send your CV and cover letter to contact@maya-zk.com.
Closing date for applications:
Contact: Tibor Tribus (tibor.tribus@maya-zk.com)
More information: https://www.maya-zk.com/