IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
06 May 2024
Nicolas Alhaddad, Leonid Reyzin, Mayank Varia
ePrint ReportIn this work, we contribute a new AVID construction that achieves optimal storage and guaranteed output delivery, without sacrificing on communication complexity during dispersal or retrieval. First, we introduce a technique that bootstraps from dispersal of a message with sub-optimal storage to one with optimal storage. Second, we define and construct an AVID protocol that is robust, meaning that all server replicas are guaranteed at dispersal time that their fragments will contribute toward retrieval of a valid message. Third, we add the new possibility that some server replicas may lose their fragment in between dispersal and retrieval (as is likely in the long-term archiving scenario). This allows us to rely on fewer available replicas for retrieval than are required for dispersal.
Lucien K. L. Ng, Panagiotis Chatzigiannis, Duc V. Le, Mohsen Minaei, Ranjit Kumaresan, Mahdi Zamani
ePrint ReportZhengjun Cao, Lihua Liu
ePrint ReportWutichai Chongchitmate, Steve Lu, Rafail Ostrovsky
ePrint ReportAloni Cohen, David Bruce Cousins, Nicholas Genise, Erik Kline, Yuriy Polyakov, Saraswathy RV
ePrint ReportWe implement our PRE scheme in the OpenFHE software library and apply it to a problem of secure multi-hop data distribution in the context of 5G virtual network slices. We also experimentally evaluate the performance of our scheme, demonstrating that the implementation is practical.
In addition, we compare our PRE method with other lattice-based PRE schemes and approaches to achieve HRA security. These achieve HRA security, but not in a tight, practical scheme such as our work. Further, we present an attack on the PRE scheme proposed in Davidson et al.'s (ACISP'19), which was claimed to achieve HRA security without noise flooding.
Ojaswi Acharya, Foteini Baldimtsi, Samuel Dov Gordon, Daniel McVicker, Aayush Yadav
ePrint ReportMartin Feussner, Igor Semaev
ePrint ReportDouglas Stebila, Spencer Wilson
ePrint ReportWebAuthn's reliance on proof-of-possession leads to a usability issue, however: a user who loses access to their authenticator device either loses access to their accounts or is required to fall back on a weaker authentication mechanism. To solve this problem, Yubico has proposed a protocol which allows a user to link two tokens in such a way that one (the primary authenticator) can generate public keys on behalf of the other (the backup authenticator). With this solution, users authenticate with a single token, only relying on their backup token if necessary for account recovery. However, Yubico's protocol relies on the hardness of the discrete logarithm problem for its security and hence is vulnerable to an attacker with a powerful enough quantum computer.
We present a WebAuthn recovery protocol which can be instantiated with quantum-safe primitives. We also critique the security model used in previous analysis of Yubico's protocol and propose a new framework which we use to evaluate the security of both the group-based and the quantum-safe protocol. This leads us to uncover a weakness in Yubico's proposal which escaped detection in prior work but was revealed by our model. In our security analysis, we require the cryptographic primitives underlying the protocols to satisfy a number of novel security properties such as KEM unlinkability, which we formalize. We prove that well-known quantum-safe algorithms, including CRYSTALS-Kyber, satisfy the properties required for analysis of our quantum-safe protocol.
Sourav Das, Sisi Duan, Shengqi Liu, Atsuki Momose, Ling Ren, Victor Shoup
ePrint Report03 May 2024
Karim Eldefrawy, Benjamin Terner, Moti Yung
ePrint ReportThis paper presents a new complexity theoretic based framework and new structural theorems to analyze timed primitives with full generality and in composition (which is the central modular protocol design tool). The framework includes a model of security based on fine-grained circuit complexity which we call residual complexity, which accounts for possible leakage on timed primitives as they expire. Our definitions for multi-party computation protocols generalize the literature standards by accounting for fine-grained polynomial circuit depth to model computational hardness which expires in feasible time. Our composition theorems incur degradation of (fine-grained) security as items are composed. In our framework, simulators are given a polynomial “budget” for how much time they spend, and in composition these polynomials interact.
Finally, we demonstrate via a prototypical auction application how to apply our framework and theorems. For the first time, we show that it is possible to prove – in a way that is fully consistent, with falsifiable assumptions – properties of multi-party applications based on leaky, temporarily secure components.
Scott Griffy, Markulf Kohlweiss, Anna Lysyanskaya, Meghna Sengupta
ePrint ReportWyatt Benno
ePrint ReportPierre-Emmanuel Clet, Aymen Boudguiga, Renaud Sirdey
ePrint ReportShanuja Sasi, Onur Gunlu
ePrint ReportYulian Sun, Li Duan, Ricardo Mendes, Derui Zhu, Yue Xia, Yong Li, Asja Fischer
ePrint ReportRaja Adhithan Radhakrishnan
ePrint Report02 May 2024
Changzhou, China, 18 October - 19 October 2024
Event CalendarSubmission deadline: 15 July 2024
Notification: 15 August 2024
Xiamen University Malaysia, Sepang, Malaysia
Job PostingXiamen University Malaysia is now seeking highly motivated, committed and qualified individuals for academic teaching positions in computer science and cyber security.
Candidates in computer science and cyber security are welcome to apply. The ideal candidate is expected to be able to support general computing subjects, as well as cyber security specialization subjects. Applicants must possess a PhD degree in a related discipline.
Applicants with specific teaching and research interests in TWO OR MORE of the following areas are encouraged to apply:
- Digital Forensics and Investigation
- Network Traffic Monitoring and Analysis
- Advanced Network Attack and Defence Technology
- Malware Analysis
- Cryptanalysis
- Biometrics
- Blockchain Technology
HOW TO APPLY
Applicants are invited to submit a digital application packet to: recruit_academic@xmu.edu.my and iftekhar.salam@xmu.edu.my
The subject line of your email must include: your name, relevant academic discipline, and the specific position for which you are applying for. All application packets must include the following attachments:
- Your detailed and current CV with publication (*Asterisk to indicate corresponding author, include Indexing & Quartile);
- Cover letter;
- List of courses from the above that the candidate can support;
- Evidence of academic qualifications (Bachelor, Master & PhD Certificate; Bachelor, Master & PhD Transcripts and Professional Certificates);
- 3-5 Full-Text publications (if applicable);
- Teaching evaluation (if applicable);
- Two academic references (at least one of them is the applicant’s current/most recent employer).
Closing date for applications:
Contact: iftekhar.salam@xmu.edu.my
Cyberjaya, Malaysia, 24 September - 26 September 2024
Event CalendarSubmission deadline: 15 May 2024
Notification: 30 June 2024