International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

Updates on the COVID-19 situation are on the Announcement channel.

Here you can see all recent updates to the IACR webpage. These updates are also available:

RSS symbol icon
via RSS feed
Twitter bird icon
via Twitter
Weibo icon
via Weibo
Facebook icon
via Facebook

08 July 2024

Ron D. Rothblum
ePrint Report ePrint Report
The multilinear extension of an $m$-variate function $f : \{0,1\}^m \to \mathbb{F}$, relative to a finite field $\mathbb{F}$, is the unique multilinear polynomial $\hat{f} : \mathbb{F}^m \to \mathbb{F}$ that agrees with $f$ on inputs in $\{0,1\}^m$. In this note we show how, given oracle access to $f : \{0,1\}^m \to \mathbb{F}$ and a point $z \in \mathbb{F}^m$, to compute $\hat{f}(z)$ using $O(2^m)$ field operations and only $O(m)$ space. This improves on a previous algorithm due to Vu et al. (SP, 2013), which similarly uses $O(2^m)$ field operations but requires $O(2^m)$ space. Furthermore, the number of field additions in our algorithm is about half of that in Vu et al.'s algorithm, whereas the number of multiplications is the same up to small additive terms.
Expand
Lihua Liu
ePrint Report ePrint Report
We show that the scalar product protocol [IEEE Trans. Parallel Distrib. Syst. 2023, 1060-1066] is insecure against semi-honest server attack, not as claimed. Besides, its complexity increases exponentially with the number $n$, which cannot be put into practice.
Expand
Any Muanalifah, Zahari Mahad, Nurwan, Rosalio G Artes
ePrint Report ePrint Report
In this paper we introduce new concept of tropical increasing matrices and then prove that two tropical increasing matrices are commute. Using this property, we modified Stickel’s protocol. This idea similar to [5] where modified Stickel’s protocol using commuting matrices (Linde De La Puente Matrices).
Expand
Franklin Harding, Jiayu Xu
ePrint Report ePrint Report
A Blind Signature Scheme (BSS) is a cryptographic primitive that enables a user to obtain a digital signature on a message from a signer without revealing the message itself. The standard security notion against malicious users for a BSS is One-More Unforgeability (OMUF). One of the earliest and most well-studied blind signature schemes is the Schnorr BSS, although recent results show it does not satisfy OMUF. On the other hand, the Schnorr BSS does satisfy the weaker notion of sequential OMUF --- which restricts adversaries to opening signing sessions one at a time --- in the Algebraic Group Model (AGM) + Random Oracle Model (ROM). In light of this result, a natural question arises: does the Schnorr BSS satisfy OMUF with regard to adversaries that open no more than a small number of signing sessions concurrently?

This paper serves as a first step towards characterizing the security of the Schnorr BSS in the limited concurrency setting. Specifically, we demonstrate that the Schnorr BSS satisfies OMUF when at most two signing sessions can be open concurrently (in the AGM+ROM). Our argument suggests that it is plausible that the Schnorr BSS satisfies OMUF for up to polylogarithmically many concurrent signing sessions.
Expand
Lars Wolfgang Folkerts, Nektarios Georgios Tsoutsos
ePrint Report ePrint Report
With concerns about data privacy growing in a connected world, cryptography researchers have focused on fully homomorphic encryption (FHE) for promising machine learning as a service solutions. Recent advancements have lowered the computational cost by several orders of magnitude, but the latency of fully homomorphic neural networks remains a barrier to adoption. This work proposes using multi-exit neural networks (MENNs) to accelerate the FHE inference. MENNs are network architectures that provide several exit points along the depth of the network. This approach allows users to employ results from any exit and terminate the computation early, saving both time and power. First, this work weighs the latency, communication, accuracy, and computational resource benefits of running FHE-based MENN inference. Then, we present the TorMENNt attack that can exploit the user's early termination decision to launch a concrete side-channel on MENNs. We demonstrate that the TorMENNt attack can predict the private image classification output of an image set for both FHE and plaintext threat models. We discuss possible countermeasures to mitigate the attack and examine their effectiveness. Finally, we tie the privacy risks with a cost-benefit analysis to obtain a practical roadmap for FHE-based MENN adoption.
Expand

05 July 2024

Dario Catalano, Emanuele Giunta, Francesco Migliaro
ePrint Report ePrint Report
(Receiver) Anamorphic encryption, introduced by Persiano $ \textit{et al.}$ at Eurocrypt 2022, considers the question of achieving private communication in a world where secret decryption keys are under the control of a dictator. The challenge here is to be able to establish a secret communication channel to exchange covert (i.e. anamorphic) messages on top of some already deployed public key encryption scheme.

Over the last few years several works addressed this challenge by showing new constructions, refined notions and extensions. Most of these constructions, however, are either ad hoc, in the sense that they build upon specific properties of the underlying PKE, or impose severe restrictions on the size of the underlying anamorphic message space.

In this paper we consider the question of whether it is possible to have realizations of the primitive that are both generic and allow for large anamorphic message spaces. We give strong indications that, unfortunately, this is not the case.

Our first result shows that $ \textit{any black-box realization} $ of the primitive, i.e. any realization that accesses the underlying PKE only via oracle calls, $ \textit{must} $ have an anamorphic message space of size at most $poly(\lambda)$ ($\lambda$ security parameter).

Even worse, if one aims at stronger variants of the primitive (and, specifically, the notion of asymmetric anamorphic encryption, recently proposed by Catalano $ \textit{et al.} $) we show that such black-box realizations are plainly impossible, i.e. no matter how small the anamorphic message space is.

Finally, we show that our impossibility results are rather tight: indeed, by making more specific assumptions on the underlying PKE, it becomes possible to build generic AE where the anamorphic message space is of size $\Omega(2^\lambda)$.
Expand
Michael Anastos, Benedikt Auerbach, Mirza Ahad Baig, Miguel Cueto Noval, Matthew Kwan, Guillermo Pascual-Perez, Krzysztof Pietrzak
ePrint Report ePrint Report
In this work we prove lower bounds on the (communication) cost of maintaining a shared key among a dynamic group of users. Being "dynamic'' means one can add and remove users from the group. This captures important protocols like multicast encryption (ME) and continuous group-key agreement (CGKA), which is the primitive underlying many group messaging applications.

We prove our bounds in a combinatorial setting where the state of the protocol progresses in rounds. The state of the protocol in each round is captured by a set system, with each of its elements specifying a set of users who share a secret key. We show this combinatorial model implies bounds in symbolic models for ME and CGKA that capture, as building blocks, PRGs, PRFs, dual PRFs, secret sharing, and symmetric encryption in the setting of ME, and PRGs, PRFs, dual PRFs, secret sharing, public-key encryption, and key-updatable public-key encryption in the setting of CGKA. The models are related to the ones used by Micciancio and Panjwani (Eurocrypt'04) and Bienstock et al. (TCC'20) to analyze ME and CGKA, respectively.

We prove - using the Bollobás' Set Pairs Inequality - that the cost (number of uploaded ciphertexts) for replacing a set of $d$ users in a group of size $n$ is $\Omega(d\ln(n/d))$. Our lower bound is asymptotically tight and both improves on a bound of $\Omega(d)$ by Bienstock et al. (TCC'20), and generalizes a result by Micciancio and Panjwani (Eurocrypt'04), who proved a lower bound of $\Omega(\log(n))$ for $d=1$.
Expand
Marcel Tiepelt, Christian Martin, Nils Maeurer
ePrint Report ePrint Report
Transitioning from classically to quantum secure key agreement protocols may require to exchange fundamental components, for example, exchanging Diffie-Hellman-like key exchange with a key encapsulation mechanism (KEM). Accordingly, the corresponding security proof can no longer rely on the Diffie-Hellman assumption, thus invalidating the security guarantees. As a consequence, the security properties have to be re-proven under a KEM-based security notion. We initiate the study of the LDACS key agreement protocol (Edition 01.01.00 from 25.04.2023), which is soon-to-be-standardized by the International Civil Aviation Organization. The protocol's cipher suite features Diffie-Hellman as well as a KEM-based key agreement protocol to provide post-quantum security. While the former results in an instantiation of an ISO key agreement inheriting all security properties, the security achieved by the latter is ambiguous. We formalize the computational security using the systematic notions of de Saint Guilhem, Fischlin and Warinshi (CSF '20), and prove the exact security that the KEM-based variant achieves in this model; primarily entity authentication, key secrecy and key authentication. To further strengthen our ``pen-and-paper'' findings, we model the protocol and its security guarantees using Tamarin, providing an automated proof of the security against a Dolev-Yao attacker.
Expand
Debasmita Chakraborty, Mridul Nandi
ePrint Report ePrint Report
The collision-resistant hash function is an early cryptographic primitive that finds extensive use in various applications. Remarkably, the Merkle-Damgård and Merkle tree hash structures possess the collision-resistance preserving property, meaning the hash function remains collision-resistant when the underlying compression function is collision-resistant. This raises the intriguing question of whether reducing the number of underlying compression function calls with the collision-resistance preserving property is possible. In pursuit of addressing these inquiries, we prove that for an ℓn-to-sn-bit collision-resistance preserving hash function designed using r tn-to-n-bit compression function calls, we must have r ≥ ⌈(ℓ−s)/(t−1)⌉. Throughout the paper, all operations other than the compression function are assumed to be linear (which we call linear hash mode).
Expand
Bucharest, Romania, 21 November - 22 November 2024
Event Calendar Event Calendar
Event date: 21 November to 22 November 2024
Submission deadline: 18 September 2024
Notification: 30 October 2024
Expand
Auckland, New Zealand, 16 December - 18 December 2024
Event Calendar Event Calendar
Event date: 16 December to 18 December 2024
Expand
Halifax, Canada, 4 September 2024
Event Calendar Event Calendar
Event date: 4 September 2024
Submission deadline: 10 July 2024
Notification: 19 July 2024
Expand
Kunming, China, 14 December - 16 December 2024
Event Calendar Event Calendar
Event date: 14 December to 16 December 2024
Submission deadline: 15 August 2024
Notification: 10 November 2024
Expand
University of Wollongong, Australia
Job Posting Job Posting
We are seeking an Associate Research Fellow to join our team through support from the Australian Research Council Linkage Project, focusing on "Cryptographic Group Actions". This research-only opportunity requires proficiency in cryptography research, particularly in post-quantum cryptography, group actions, and security proofs. The Institute of Cybersecurity and Cryptology is a premier research institute that conducts research in cybersecurity and cryptology. The institute was awarded the Excellence of Research Assessment with score 5 for cryptography research. Please apply online only (not via email). Selection criteria is available online via the link below.

Closing date for applications:

Contact: Prof Willy Susilo

More information: https://www.uow.edu.au/about/jobs/jobs-available/#en/sites/CX_1/job/4604/?utm_medium=jobshare

Expand
NXP
Job Posting Job Posting
Key Responsibilities: • Design and implementation of secure web services for key and data distribution • Design and implementation of unit and integration tests for automated test execution in CI/CD pipelines, including quality aspects • Contributing to architectural and security concepts to ensure end-to-end protection of sensitive key material and data Your Profile: • University degree in computer science, software engineering, security, telematics, mathematics, or equivalent • Experience in software engineering, seasoned Java developer, 3+ years • Familiar with Java Spring Boot • Experience in (embedded) C development • Familiar with security and cryptography • Interested in implementing and testing reliable, high-secure, high-throughput services • Familiar with SQL and NoSQL databases (nice to have) • Familiar with containerization including orchestration (Kubernetes and Docker) (nice to have) • Familiar with Maven Build System and Jenkins Build Automation (nice to have) • Structured approach towards complex software challenges • Self-organized and team-oriented • Solid English communication skills (oral and written) • Open-minded and communicative Ready to create a smarter world? Join the future of Innovation. Join NXP. Apply online!

Closing date for applications:

Contact: Kerstin Krauss

More information: https://nxp.wd3.myworkdayjobs.com/careers/job/Gratkorn/Senior-Web-Service-Java-Software-Engineer-for-Trust-Provisioning--m-f-d-_R-10053960-1

Expand
TU Wien
Job Posting Job Posting
TU Wien is Austria's largest institution of research and higher education in the fields of technology and natural sciences. With over 26,000 students and more than 4000 scientists, research, teaching, and learning dedicated to the advancement of science and technology have been conducted here for more than 200 years, guided by the motto "Technology for People". As a driver of innovation, TU Wien fosters close collaboration with business and industry and contributes to the prosperity of society.

At the Institute of Logic and Computation, in the Research Unit of Security and Privacy (in the upcoming Research Unit Privacy Enhanced Technologies) at TU Wien is offering two 40hours/week positions as university assistant (prae-doc) limited to expected 4 years. Expected start: September 2024

Tasks:
- Research in the area of privacy enhancing technologies, cryptocurrencies, and (applied) cryptography
- Teaching tasks (exercises and exams), student guidance
- Teaching in German and English is expected
- Assistance with thesis supervision
- Scientific publishing (journal and conference papers, dissertation) - Participation in scientific events
- Assistance with organizational and administrative tasks


Your profile: - Completion of a master or diploma curriculum in one of these fields: computer Science, math, or smilar fields
- Knowledge of privacy-enhancing technologies, such as cryptography, differential privacy, and related areas.
- Very good skills in German and English communication and writing Interest in academic research and teaching
- Advanced problem solving skills and scientific curiosity
- Team player with very good communication skills


We offer: A highly visible and connected international research group A broad range of opportunities in a thriving research area Hybrid working style with home office option A range of attractive social benefits (see Fringe-Benefit Catalogue of TU Wien) Internal and external training opportunities, various career options Central location of workplace as well as good accessibility (U1/U4 Karlsplatz)

Closing date for applications:

Contact: Univ.-Prof. Dr. Dominique Schröder dominique.schroeder@tuwien.ac.at

More information: https://jobs.tuwien.ac.at/Job/235902

Expand
Aalto University, Finland
Job Posting Job Posting

We are looking for postdocs interested in working with us (Chris Brzuska and Russell W. F. Lai) on topics including but not limited to:

  • Lattice-based cryptography, with special focus on the design, application, and analysis of non-standard lattice assumptions
  • Succinct and/or zero-knowledge proof and argument systems
  • Advanced (e.g. homomorphic, attribute-based, functional, laconic) encryption and (e.g. ring, group, threshold, blind) signature schemes
  • Fine-grained cryptography (e.g. against bounded-space-time adversaries)
  • Lower bounds and impossibility results

For questions about the topics, feel free to drop us an email to discuss.

For more details about the position, and for the instructions of how to apply, please refer to https://www.hiit.fi/ict-community-postdoctoral-researcher-positions/.

Closing date for applications:

Contact:

  • For the position: Chris Brzuska, Russell W. F. Lai
  • For the recruiting system: HIIT coordinator (see link above)

More information: https://www.hiit.fi/ict-community-postdoctoral-researcher-positions/

Expand
University of Surrey
Job Posting Job Posting
Fixed Term Contract until 30/06/2025 (with a possible extension) Salary: £36,024 to £41,732 per annum depending on experience

Applications are invited for a Postdoctoral Research Fellow, to start as soon as possible, to work on the EPSRC-funded project “PKC-Sec: Security Analysis of Classical and Post-Quantum Public Key Cryptography Assumptions”. Based within the Computer Science Research Centre, and the highly regarded Surrey Centre for Cyber Security (SCCS), the post-holder will be responsible for conducting research into three areas mentioned below, working alongside Dr Granger, and in collaboration with the official project partners, the Ethereum Foundation, PQShield and K.U. Leuven.

The aim of the project is to research and develop algorithms for solving computational problems that are foundational to the security of public key cryptography, both now and in the future. In particular, it will study:

- The discrete logarithm problem in finite fields of fixed characteristic, for which an efficient classical algorithm is potentially on the horizon;
- The security of the Legendre pseudo-random function, which is extremely well suited for multi-party computation and is used in the proof of custody construction within Ethereum, but is not so well-studied;
- The security of supersingular isogeny-based post-quantum cryptography, which although a relatively young field offers many very promising applications.

Due to their nature, any cryptographic assumptions based on mathematical constructions are potentially weaker than currently believed, and the project will deepen our understanding and assess the hardness of these natural and fundamental problems.

The successful applicant is expected to have a PhD (gained or near completion), or equivalent professional experience in computer science or a related subject in the technical areas relevant to the envisioned research.

For informal inquiries about the position, please contact Dr. Robert Granger.

Closing date for applications:

Contact: r.granger@surrey.ac.uk

More information: https://jobs.surrey.ac.uk/vacancy.aspx?ref=021224-R

Expand
University of Amsterdam, The Netherlands
Job Posting Job Posting
Have you always thrived in a classroom, being close to students? Do you want to be part of a Top Security and Network Engineering master program? Are you interested in developing laboratories in CyberSecurity and Computer Network courses? Do you want to work closely with word-class researchers and support them in connecting to our students? The University of Amsterdam is looking for an Education Officer to support the coordination and infrastructure of our security and network engineering studies.

Closing date for applications:

Contact: Kostas Papagiannopoulos - k.papagiannopoulos@uva.nl

More information: https://vacatures.uva.nl/UvA/job/Security-and-Network-Engineering-Education-Technical-Coordinator/798272902/

Expand
IRIF, Université de Paris Cité; Paris, France
Job Posting Job Posting
The Algorithms & Complexity team at IRIF is inviting applications for several fully-funded postdoctoral positions (1-2 years) to work on cryptography. Areas of interest include but are not limited to, zero-knowledge proofs, secure computation, post-quantum cryptography, foundations of cryptography, connections with complexity theory, confidential transactions, and anonymous credentials. The candidate will work alongside Geoffroy Couteau and Michele Orrù.

Required qualifications: The ideal candidate for the postdoc position will hold a PhD (or be close to completion) in cryptography and be an expert in any of the areas of interest.
Salary: €3080 to €4291 gross monthly salary depending on the experience of the candidate
Dates: The starting date is flexible, starting October 2024.

Closing date for applications:

Contact: algocomp-apply@irif.fr

More information: https://www.irif.fr/postes/postdoc

Expand
◄ Previous Next ►