IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
16 February 2024
John Preuß Mattsson
ePrint ReportPierre Pébereau
ePrint ReportWe give new attacks for UOV$^{\hat +}$ and VOX targeting singular points of the public key equations. Our attacks lower the security of the schemes, both asymptotically and in number of gates, showing in particular that the parameters sets proposed for these schemes do not meet the NIST security requirements. More precisely, we show that the security of UOV$^{\hat +}$ was overestimated by factors $2^{22}, 2^{36}, 2^{59}$ for security levels $I, III, V$ respectively. We conclude the attack on VOX by showing that an attacker can perform a full key recovery from one vector obtained in the previous attacks.
Mustafa Khairallah, Srinivasan Yadhunathan, Shivam Bhasin
ePrint ReportDavid Du Pont, Jonas Bertels, Furkan Turan, Michiel Van Beirendonck, Ingrid Verbauwhede
ePrint ReportWe present a hardware architecture for the NTT targeting generalized cyclotomics within the context of the BGV FHE scheme. We explore different non-power-of-two NTT algorithms, including the Prime-Factor, Rader, and Bluestein NTTs. Our most efficient architecture targets the 21845-th cyclotomic polynomial --- a practical parameter for BGV --- with ideal properties for use with a combination of the Prime-Factor and Rader algorithms. The design achieves high throughput with optimized resource utilization, by leveraging parallel processing, pipelining, and reusing processing elements. Compared to Wu et al.'s VLSI architecture of the Bluestein NTT, our approach showcases 2$\times$ to 5$\times$ improved throughput and area efficiency. Simulation and implementation results on an AMD Alveo U250 FPGA demonstrate the feasibility of the proposed hardware design for FHE.
Pedro Branco, Nico Döttling, Akshayaram Srinivasan, Riccardo Zanotto
ePrint ReportDevadas, Goyal, Kalai, and Vaikuntanathan (FOCS 2022) introduced a variant of somewhere extractable hashing called rate-1 fully local SE hash functions. The rate-1 requirement states that the size of the digest is $m + \mathsf{poly}(\lambda)$ (where $\lambda$ is the security parameter). The fully local property requires that for any index $i$, there is a "very short" opening showing that $i$-th bit of the hashed input is equal to $b$ for some $b \in \{0,1\}$. The size of this opening is required to be independent of $m$ and in particular, this means that its size is independent of the size of the digest. Devadas et al. gave such a construction from Learning with Errors (LWE).
In this work, we give a construction of a rate-1 fully local somewhere extractable hash function from Decisional Diffie-Hellman (DDH) and BARGs. Under the same assumptions, we give constructions of rate-1 BARG and RAM SNARG with partial input soundness whose proof sizes are only matched by prior constructions based on LWE.
Alexander Bienstock, Sarvar Patel, Joon Young Seo, Kevin Yeo
ePrint ReportUsing our compression schemes, we obtain state-of-the-art schemes for batch private information retrieval (PIR) where a client wishes to privately retrieve multiple entries from a server-held database in one query. We show that our compression schemes may be used to reduce communication by up to 30% for batch PIR in both the single- and two-server settings.
Additionally, we study labeled private set intersection (PSI) in the unbalanced setting where one party's set is significantly smaller than the other party's set and each entry has associated data. By utilizing our novel compression algorithm, we present a protocol with 65-88% reduction in communication with comparable computation compared to prior works.
Michele Battagliola, Andrea Flamini
ePrint ReportSince its introduction, the Fiat-Shamir Transform has been the most popular way to design standard digital signature schemes. In this work, we translate the Fiat-Shamir Transform into a multi-party setting, building a framework that seeks to be an alternative, easier, way to design threshold digital signatures. We do that by introducing the concept of threshold identification scheme and threshold sigma protocol, and showing necessary and sufficient conditions to prove the security of the threshold signature schemes derived from them.
Lastly, we show a practical application of our framework providing an alternative security proof for Sparkle, a recent threshold Schnorr signature. In particular, we consider the threshold identification scheme underlying Sparkle and prove the security of the signature derived from it.
We show that using our framework the effort required to prove the security of threshold signatures might be drastically lowered. In fact, instead of reducing explicitly its security to the security of a hard problem, it is enough to prove some properties of the underlying threshold sigma protocol and threshold identification scheme. Then, by applying the results that we prove in this paper it is guaranteed that the derived threshold signature is secure.
Charlotte Lefevre
ePrint ReportElijah Pelofske
ePrint ReportTao Zhang, Shang Shi, Md Habibur Rahman, Nitin Varshney, Akshay Kulkarni, Farimah Farahmandi, Mark Tehranipoor
ePrint Report13 February 2024
Warszawa, Polska, 20 June - 21 June 2024
Event CalendarSubmission deadline: 8 April 2024
Notification: 6 May 2024
IFT | Logos | Vac
Job PostingThis role is within the Vac Nescience unit, which develops Nescience A zkVM leveraging hiding properties.
The role
In this role, you will be responsible implementing and analysing components of zero knowledge argument systems and architectures for private computation. The ideal candidate should be well-versed in zero-knowledge circuits written in Rust, with the ability to adapt to evolving research needs.
Your responsibilities will include implementing zero-knowledge circuits and writing comprehensive specifications. Additionally, your role will involve measuring the performance of circuits, while also possessing the skills to debug and optimize as needed.
Join us in pushing the boundaries of private computation technology and contribute to groundbreaking advancements in the field of zkVMs.
Closing date for applications:
Contact: Maya
More information: https://grnh.se/0ee4300f1us
SandboxAQ
Job PostingWe have postdoc and PhD residency positions available at SandboxAQ [1]. We seek people interested in doing research in the areas of post-quantum cryptography, privacy, and machine learning applied to cybersecurity. The positions are remote, but allow for travel to collaborate with team members. The postdoc residencies are initially for two years, but with the option to extend it to up to three years, on mutual agreement. PhD residencies are up to one year.
We are open to strong candidates that reinforce existing expertise of the team as well as candidates extending our expertise. We are committed to creating an inclusive culture where we have zero tolerance for discrimination. We invest in our employees' personal and professional growth. Learn more about what we’ve been doing so far by checking out our publications page [2] or the individual DBLP pages of our permanent researchers listed below for each of the teams associated with these residencies. [1] www.sandboxaq.com [2] pub.sandboxaq.com Rolling deadline. More information: https://www.sandboxaq.com/careers. PQC members’ information:- Carlos Aguilar Melchor: https://dblp.org/pid/71/4606.html
- Martin Albrecht: https://dblp.org/pid/92/7397.html
- Nina Bindel: https://dblp.org/pid/167/3021.html
- James Howe: https://dblp.org/pid/163/8680.html
- Andreas Hülsing: https://dblp.org/pid/27/1744.html
- Nicolas Gama: https://dblp.org/pid/49/4575.html
- Sandra Guasch Castelló: https://dblp.org/pid/86/8292.html
- Raphael Labaca-Castro: raphael.labaca@sandboxaq.com
- Parth Mishra: parth.mishra@sandboxaq.com
Closing date for applications:
Contact:
- PQC: martin.albrecht@sandboxaq.com and james.howe@sandboxaq.com
- Privacy: nicolas.gama@sandboxaq.com and sandra.guasch@sandboxaq.com
- ML: raphael.labaca@sandboxaq.com and parth.mishra@sandboxaq.com
More information: https://www.sandboxaq.com/careers
University of Wollongong, Australia
Job PostingClosing date for applications:
Contact: Dr Yannan Li (first_name@uow.edu.au)
University of Wollongong, Australia
Job PostingClosing date for applications:
Contact: Dr Yannan Li (first_name@uow.edu.au)
12 February 2024
Dionysis Zindros, Apostolos Tzinas, David Tse
ePrint ReportKonstantinos Brazitikos, Vassilis Zikas
ePrint ReportSamuel Lavery
ePrint ReportPrabhanjan Ananth, Gilad Asharov, Vipul Goyal, Hadar Kaner, Pratik Soni, Brent Waters
ePrint Report- We consider a new notion of NIZK called subversion advice-ZK NIZK that strengthens the notion of zero-knowledge with malicious authority security considered by Ananth, Asharov, Dahari and Goyal (EUROCRYPT'21), and present a construction of a subversion advice-ZK NIZK from the sub-exponential hardness of learning with errors.
- We introduce a new notion that strengthens the traditional definition of soundness, called accountable soundness, and present generic compilers that lift any NIZK for interesting languages in NP to additionally achieve accountable soundness.
- Finally, we combine our results for both subversion advice-ZK and accountable soundness to achieve a subversion advice-ZK NIZK that also satisfies accountable soundness. This results in the first NIZK construction that satisfies meaningful notions of both soundness and zero-knowledge even for maliciously chosen CRS.
Andi Liu, Yizhong Liu, Zhuocheng Pan, Yinuo Li, Jianwei Liu, Yuan Lu
ePrint ReportIn this paper, we present Kronos, a generic and efficient sharding blockchain consensus ensuring robust security. At the core of Kronos, we introduce a ''buffer'' mechanism for atomic cross-shard transaction processing. Shard members collectively maintain a buffer to manage cross-shard inputs, ensuring that a transaction is committed only if all inputs are available, and no fund is transferred for invalid requests. While ensuring security including atomicity, Kronos processes transactions with optimal intra-shard communication overhead. A valid cross-shard transaction, involving $x$ input shards and $y$ output shards, is processed with a minimal intra-shard communication overhead factor of $x+y$. Additionally, we propose a reduction for transaction invalidity proof generation to simple and fast multicasting, leading to atomic rejection without executing full-fledged Byzantine fault tolerance (BFT) protocol in optimistic scenarios. Moreover, Kronos adopts a newly designed ''batch'' mechanism, reducing inter-shard message complexity for cross-shard transactions from $\mathcal{O}(\lambda)$ to $\mathcal{O}((m \text{log} m/b)\lambda)$ without sacrificing responsiveness (where $m$ denotes number of shards, $b$ denotes the batch size of intra-shard consensus, and $\lambda$ is security parameter).
Kronos operates without dependence on any time or client honesty assumption, serving as a plug-in sharding blockchain consensus supporting applications in diverse network environments including asynchronous ones. We implement Kronos using two prominent BFT protocols: asynchronous Speeding Dumbo (NDSS'22) and partial synchronous HotStuff (PODC'19). Extensive experiments (over up to $1000$ AWS EC2 nodes across 4 AWS regions) demonstrate Kronos achieving a substantial throughput of $68.6$ktx/sec with $1.7$sec latency. Compared with state-of-the-art solutions, Kronos outperforms in all cases, achieving up to a $42 \times$ improvement in throughput and a $50\%$ reduction in latency when cross-shard transactions dominate the workload.