IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
18 September 2023
David Balbás, Daniel Collins, Phillip Gajland
ePrint ReportWhat can be proven about the security of the Sender Keys protocol, and how can we practically mitigate its shortcomings?
In addressing this question, we first introduce a novel security model to suit protocols like Sender Keys, deviating from conventional group key agreement-based abstractions. Our framework allows for a natural integration of two-party messaging within group messaging sessions that may be of independent interest. Leveraging this framework, we conduct the first formal analysis of the Sender Keys protocol, and prove it satisfies a weak notion of security. Towards improving security, we propose a series of efficient modifications to Sender Keys without imposing significant performance overhead. We combine these refinements into a new protocol that we call Sender Keys+, which may be of interest both in theory and practice.
Dmitrii Koshelev
ePrint ReportZiqi Zhu, Kai Zhang, Junqing Gong, Haifeng Qian
ePrint Report- the first Reg-ABE scheme for span program in the prime-order group; prior work uses composite-order group;
- the first Reg-ABE scheme for zero inner-product predicate from $k$-Lin assumption; prior work relies on generic group model (GGM);
- the first Reg-ABE scheme for arithmetic branching program (ABP) which has not been achieved previously.
Technically, we follow the blueprint of Hohenberger et al. [EUROCRYPT'23] but start from the prime-order dual-system ABE by Chen et al. [EUROCRYPT'15], which transforms a predicate encoding into an ABE. The proof follows the dual-system method in the context of Reg-ABE: we conceptually consider helper keys as secret keys; furthermore, malicious public keys are handled via pairing-based quasi-adaptive non-interactive zero-knowledge argument by Kiltz and Wee [EUROCRYPT'15].
Charles Gouert, Dimitris Mouris, Nektarios Georgios Tsoutsos
ePrint ReportJack Doerner, Yashvanth Kondi, Leah Namisa Rosenbloom
ePrint ReportWhen the adversary is restricted to corrupt only a constant fraction of parties, we give a positive result by means of a tailored construction, which demonstrates that our impossibility does not extend to weaker corruptions models in general.
Jiaxin Pan, Benedikt Wagner, Runzhi Zeng
ePrint ReportOur main enabler is a new variant of lossy encryption which we call parameter lossy encryption. In this variant, there are not only lossy public keys but also lossy system parameters. This allows us to embed a computational assumption into the system parameters, and the lossy public keys are statistically close to the normal public keys. Combining with the Fujisaki-Okamoto transformation, we obtain the first tightly IND-CCA secure KEM in the QROM in a multi-user (without corruption), multi-challenge setting.
Finally, we show that a multi-user, multi-challenge KEM implies a square-root-tight and session-tight AKE protocol in the QROM. By implementing the parameter lossy encryption tightly from lattices, we obtain the first square-root-tight and session-tight AKE from lattices in the QROM.
Nanyang Technological University, Singapore
Job PostingThe Symmetric Key and Lightweight Cryptography Lab (SyLLab) at NTU Singapore is looking for candidates for several Research Fellow/Post-Doc (from fresh Post-Docs to Senior Research Fellows, flexible contract duration) as well as PhD student positions on various topics:
- symmetric-key cryptography (cryptanalysis, design),
- machine learning,
- side-channels attacks,
- fully homomorphic encryption.
Postdoc candidates are expected to have a proven record of publications in top cryptography/security venues.
The positions will be funded by the 5-year National Research Foundation (NRF) Investigatorship grant from Singapore. Salaries are competitive and are determined according to the successful applicant's accomplishments, experience and qualifications. We offer an excellent research environment with a highly international team, with flexible working conditions, budget for conferences/equipment, etc.
Interested applicants should send their detailed CVs and references to Prof. Thomas Peyrin (thomas.peyrin@ntu.edu.sg). The review of applications starts immediately and will continue until positions are filled.
Closing date for applications:
Contact: Thomas Peyrin (thomas.peyrin@ntu.edu.sg)
16 September 2023
eShard
Job PostingClosing date for applications:
Contact: Pierre-Yvan Liardet
More information: https://cms.eshard.com/uploads/sujet_cifre_eshard_lirmm_5d622a4c95.pdf
15 September 2023
Peter Campbell
ePrint ReportWe present GLEVIAN and VIGORNIAN: two AEAD modes with proofs of beyond-birthday security, security against nonce misuse, and against the release of unverified plaintext – both of the latter in strong notions of these security properties. We discuss our hierarchy of requirements for AEAD modes, and the rationale for the design choices made.
GLEVIAN and VIGORNIAN demonstrate we can achieve significantly improved robustness over GCM for use cases where some performance degradation is acceptable. We are not aware of other designs offering exactly the security properties of GLEVIAN and VIGORNIAN, and are publishing our designs to support the research that will inform the recently announced effort by NIST to standardise new modes of operation. We believe our work could be of interest to those with use cases similar to ours, and we offer suggestions for future research that might build on the work in this paper.
Benny Applebaum, Oded Nir
ePrint ReportIn this note, we relate all these questions to the classical topic of query/space trade-offs, lifted to the setting of interactive proof systems. Specifically, we consider the following Advisor-Verifier-Prover (AVP) game: First, a function $f$ is given to the advisor who computes an advice $a$. Next, an input $x$ is given to the verifier and to the prover who claims that $f(x)=1$. The verifier should check this claim via a single round of interaction based on the private advice $a$ and without having any additional information on $f$. We focus on the case where the prover is laconic and communicates only a constant number of bits, and, mostly restrict the attention to the simplest, purely information-theoretic setting, where all parties are allowed to be computationally unbounded. The goal is to minimize the total communication complexity which is dominated by the length of the advice plus the length of the verifier's query.
As our main result, we show that a super-polynomial lower bound for AVPs implies a super-polynomial lower bound for a wide range of information-theoretic cryptographic tasks. In particular, we present a communication-efficient transformation from any of the above primitives into an AVP protocol. Interestingly, each primitive induces some additional property over the resulting protocol. Thus AVP games form a new common yardstick that highlights the differences between all the above primitives.
Equipped with this view, we revisit the existing (somewhat weak) lower bounds for the above primitives, and show that many of these lower bounds can be unified by proving a single counting-based lower bound on the communication of AVPs, whereas some techniques are inherently limited to specific domains. The latter is shown by proving the first polynomial separations between the complexity of secret-sharing schemes and conditional disclosure of secrets and between the complexity of randomized encodings and conditional disclosure of secrets.
Jan Lauinger, Jens Ernstberger, Andreas Finkenzeller, Sebastian Steinhorst
ePrint ReportNir bitansky, Tomer Solomon
ePrint ReportWe prove a new bootstrapping theorem relying on functional encryption, which is known based on standard polynomial hardness assumptions. As a result we obtain the first fully homomorphic encryption scheme that avoids both circular security assumptions and super-polynomial hardness assumptions. The construction is secure against uniform adversaries, and can be made non-uniformly secure, under a widely-believed worst-case complexity assumption (essentially that non-uniformity does not allow arbitrary polynomial speedup).
At the heart of the construction is a new proof technique based on cryptographic puzzles. Unlike most cryptographic reductions, our security reduction does not fully treat the adversary as a black box, but rather makes explicit use of its running time (or circuit size).
Karim M. Abdellatif, Olivier Hériveaux
ePrint ReportKoji Nuida, Tomoko Adachi
ePrint ReportGiuseppe Manzoni
ePrint ReportThe existing proofs of the expansion work by first compiling the gadgets multiple times, and then by compiling the circuit with the resulting gadgets while assuming the worst from the original circuit. Instead, we reframe the expansion as a security reduction from the compiled circuit to the original one. Additionally, we extend it to support a broader range of encodings, and arbitrary probabilistic gates with an arbitrary number of inputs and outputs.
This allows us to obtain two concrete results: (i) At the cost of an additional size factor $\mathcal{O}(\log(d)^3)$, any $d$-probing secure compiler can be used to produce stateless circuits with security $2^{-d}$ against any adversary that sees all wires with a constant SD-noise of $2^{-7.41}/p$, where $p$ is the characteristic of the circuit's field. (ii) Any $n$-shares compiler with $(t,f)$-RPE gadgets needs $t+1$ (which in practice is $\lceil\frac{n}{2}\rceil$) randoms in the random gadget instead of $n$.
Gideon Samid
ePrint ReportMinki Hhan, Aaram Yun
ePrint ReportJoël Felderhoff, Alice Pellet-Mary, Damien Stehlé, Benjamin Wesolowski
ePrint ReportIn this work, we show that Ideal-SVP for the uniform distribution over inverses of small-norm prime ideals reduces to Ideal-SVP for the uniform distribution over small-norm prime ideals. Combined with Gentry's reduction, this leads to a worst-case to average-case reduction for the uniform distribution over the set of \emph{small-norm prime ideals}. Using the reduction from Pellet-Mary and Stehl\'e [ASIACRYPT'21], this notably leads to the first distribution over NTRU instances with a polynomial modulus whose hardness is supported by a worst-case lattice problem.
Hongqing Liu, Chaoping Xing, Yanjiang Yang, Chen Yuan
ePrint ReportIn this paper, we propose the ramp hyper-invertible matrix which can be seen as the generalization of hyper-invertible matrix. Our ramp hyper-invertible matrix can be defined over constant-size field regardless of the size of this matrix. Similar to the arithmetic secret sharing scheme, to apply our ramp hyper-invertible matrix to perfectly secure MPC protocol, the maximum number of corruptions has to be compromised to $\frac{(1-\epsilon)n}{3}$. As a consequence, we present the first perfectly secure MPC protocol in the presence of $\frac{(1-\epsilon)n}{3}$ malicious corruptions with constant communication complexity. Besides presenting the variant of hyper-invertible matrix, we overcome several obstacles in the construction of this MPC protocol. Our arithmetic secret sharing scheme over constant-size field is compatible with the player elimination technique, i.e., it supports the dynamic changes of party number and corrupted party number. Moreover, we rewrite the public reconstruction protocol to support the sharings over constant-size field. Putting these together leads to the constant-size field variant of celebrated MPC protocol in [5].
We note that although it was widely acknowledged that there exists an MPC protocol with constant communication complexity by replacing Shamir secret sharing scheme with arithmetic secret sharing scheme, there is no reference seriously describing such protocol in detail. Our work fills the missing detail by providing MPC primitive for any applications relying on MPC protocol of constant communication complexity. As an application of our perfectly secure MPC protocol which implies perfect robustness in the MPC-in-the-Head framework, we present the constant-rate zero-knowledge proof with $3$ communication rounds. The previous work achieves constant-rate with $5$ communication rounds [32] due to the statistical robustness of their MPC protocol. Another application of our ramp hyper-invertible matrix is the information-theoretic multi-verifier zero-knowledge for circuit satisfiability[43]. We manage to remove the dependence of the size of circuit and security parameter from the share size.
University of Surrey
Job Posting
The role will be based in the Surrey Centre for Cyber Security (SCCS) within the School of Computer Science and Electronic Engineering at the University of Surrey and we offer the opportunity for hybrid working – some time on campus and some from home. We welcome applicants who wish to pursue the role through flexible working patterns.
You will have the opportunity to conduct research within the context of the Defence Data Research Centre, funded by DSTL, in which SCCS is a partner, alongside the Universities of Exeter and Liverpool, and the Digital Catapult. The Centre is focusing on problems related to the use of data for Artificial Intelligence applications, particularly around the challenges of bringing raw data to the state where it can be used. We consider these problems within a defence context, such as logistics support, object tracking and data wrangling. SCCS is focused on the area of data resilience, security and privacy, considering problems such as the trustworthiness of data and issues around anonymisation. The successful candidate will work under the direction of Professor Steve Schneider together with the support of other colleagues at Surrey and DDRC. The post holder will have exposure to the Centre’s broader research agenda in the areas of trusted computing, data privacy, privacy preserving security, applied cryptography, and a range of cyber security topics and as such provides an excellent opportunity to influence research directions during the course of the appointment.
Closing date for applications:
Contact: Professor Steve Schneider
More information: https://jobs.surrey.ac.uk/Vacancy.aspx?id=13521