International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

Here you can see all recent updates to the IACR webpage. These updates are also available:

email icon
via email
RSS symbol icon
via RSS feed

30 August 2024

Hua-Lei Yin
ePrint Report ePrint Report
One-way functions are fundamental to classical cryptography and their existence remains a longstanding problem in computational complexity theory. Recently, a provable quantum one-way function has been identified, which maintains its one-wayness even with unlimited computational resources. Here, we extend the mathematical definition of functions to construct a generalized one-way function by virtually measuring the qubit of provable quantum one-way function and randomly assigning the corresponding measurement outcomes with identical probability. Remarkably, using this generalized one-way function, we have developed an unconditionally secure key distribution protocol based solely on classical data processing, which can then utilized for secure encryption and signature. Our work highlights the importance of information in characterizing quantum systems and the physical significance of the density matrix. We demonstrate that probability theory and randomness are effective tools for countering adversaries with unlimited computational capabilities.
Expand
Hua-Lei Yin
ePrint Report ePrint Report
Key distribution plays a fundamental role in cryptography. Currently, the quantum scheme stands as the only known method for achieving unconditionally secure key distribution. This method has been demonstrated over distances of 508 and 1002 kilometers in the measurement-device-independent and twin-field configurations, respectively. However, quantum key distribution faces transmission distance issues and numerous side channel attacks since the basic physical picture requires the use of quantum channels between users. Even when quantum repeater and quantum constellation are used, commercializing quantum cryptography on a large scale remains unattainable due to the considerable expense and significant technical hurdles associated with establishing a global quantum network and facilitating mobile quantum communication. Here, by discovering the provable quantum one-way function, we propose another key distribution scheme with unconditional security, named probability key distribution, that promises users between any two distances to generate a fixed and high secret key rate. There are no quantum channels for exchanging quantum signals between two legitimate users. Non-local entangled states can be generated, identified and measured in the equivalent virtual protocol and can be used to extract secret keys. We anticipate that this discovery presents a paradigm shift in achieving unconditionally secure cryptography, thereby facilitating its widespread application on a global scale.
Expand
Pascal Hammer, Veronika Krause, Tobias Probst, Jürgen Mottok
ePrint Report ePrint Report
In times of digitalization, the encryption and signing of sensitive data is becoming increasingly important. These cryptographic processes require large quantities of high-quality random numbers. Which is why a high-performance random number generator (RNG) is to be developed. For this purpose, existing concepts of RNGs and application standards are first analyzed. The proposed approach is to design a physical true random number generator (PTRNG) with a high output of random numbers. Based on this, the development begins with the analog part of the RNG, the noise signal source and a suitable amplifier for the analog noise signal. Therefore, a special noise diode from Noisecom and an amplifier from NXP were chosen and analyzed in different measurements. From the results of the measurements, it can be concluded that both components are suitable for use in the RNG.
Expand
Cong Zhang, Yu Chen, Weiran Liu, Liqiang Peng, Meng Hao, Anyu Wang, Xiaoyun Wang
ePrint Report ePrint Report
Private set union (PSU) is a cryptographic protocol that allows two parties to compute the union of their sets without revealing anything else. Despite some efficient PSU protocols that have been proposed, they mainly focus on the balanced setting, where the sets held by the parties are of similar size. Recently, Tu et al. (CCS 2023) proposed the first unbalanced PSU protocol which achieves sublinear communication complexity in the size of the larger set.

In this paper, we are interested in improving the efficiency of the unbalanced PSU protocol. We find that oblivious key-value store (OKVS) data structure plays an essential role in the most recently proposed PSU constructions and formalize unbalanced PSU as an OKVS decoding process with sublinear communication. Our key insight lies in when OKVS satisfies sparsity property, obtaining the necessary decoding information precisely aligns with the batch private information retrieval (BatchPIR) problem. We give two concrete constructions of unbalanced PSU protocols based on different OKVS encoding strategies. The first is based on oblivious PRF (OPRF) and a newly introduced cryptographic protocol called permuted private equality test, while the second is based on re-randomizable public key encryption. Both our two constructions achieve sublinear communication complexity in the size of the larger set.

We implement our two unbalanced PSU protocols and compare them with the state-of-the-art unbalanced PSU of Tu et al. Experiments show that our protocols achieve a $1.3-5.6\times $ speedup in running time and $2.1-11.8\times$ shrinking in communication cost, depending on set sizes and network environments.
Expand
Akiko Inoue, Tetsu Iwata, Kazuhiko Minematsu
ePrint Report ePrint Report
Clarifying the robustness of authenticated encryption (AE) schemes, such as security under nonce misuse or Release of Unverified Plaintext (RUP), is critically important due to the extensive use of AEs in real-world applications. We present a comprehensive analysis of the robustness of well-known standards, namely GCM, CCM, and OCB3. Despite many existing studies, we uncovered several robustness properties for them that were not known in the literature. In particular, we show that both GCM and CCM maintain authenticity under RUP. Moreover, CCM keeps this feature even if a nonce is misused. Together with existing analysis, our work gives a complete picture of the robustness of these standards for the first time. Our results also imply several new robust AE schemes based on GCM and CCM.
Expand
Anqi Tian, Peifang Ni, Yingzi Gao, Jing Xu
ePrint Report ePrint Report
Payment Channel Networks (PCNs) have been highlighted as viable solutions to address the scalability issues in current permissionless blockchains. They facilitate off-chain transactions, significantly reducing the load on the blockchain. However, the extensive reuse of multi-hop routes in the same direction poses a risk of channel depletion, resulting in involved channels becoming unidirectional or even closing, thereby compromising the sustainability and scalability of PCNs. Even more concerning, existing rebalancing protocol solutions heavily rely on trust assumptions and scripting languages, resulting in compromised universality and reliability.

In this paper, we present Horcrux, a universal and efficient multi-party virtual channel protocol without relying on extra trust assumptions, scripting languages, or the perpetual online requirement. Horcrux fundamentally addresses the channel depletion problem using a novel approach termed flow neutrality, which minimizes the impact on channel balance allocations during multi-hop payments (MHPs). Additionally, we formalize the security properties of Horcrux by modeling it within the Global Universal Composability framework and provide a formal security proof.

We implement Horcrux on a real Lightning Network dataset, comprising 10,529 nodes and 38,910 channels, and compare it to the state-of-the-art rebalancing schemes such as Shaduf [NDSS'22], Thora [CCS'22], and Revive [CCS'17]. The experimental results demonstrate that (1) the entire process of Horcrux costs less than 1 USD, significantly lower than Shaduf; (2) Horcrux achieves a $12\%$-$30\%$ increase in payment success ratio and reduces user deposits required for channels by $70\%$-$91\%$; (3) the performance of Horcrux improves by $1.2x$-$1.5x$ under long-term operation; and (4) Horcrux maintains a nearly zero channel depletion rate, whereas both Revive and Shaduf result in thousands of depleted channels.
Expand
Juan Carlos Ku-Cauich, Javier Diaz-Vargas
ePrint Report ePrint Report
We are using the extended Maiorana-McFarland construction to create new bent functions. When we start with a bent function of dimension s-r, we can produce a new function of dimension s+r while ensuring that its balance is limited to the set of vectors with an even Hamming weight in its domain. We also compare this approach with the case where r=1 and apply it multiple times. Finally, we provide an algorithm as an example, focusing on the case where r=2 and another algorithm using r=1 two times.
Expand
Debrup Chakraborty, Sebati Ghosh, Cuauhtemoc Mancillas Lopez, Palash Sarkar
ePrint Report ePrint Report
A fixed length tweakable enciphering scheme (TES) is the appropriate cryptographic functionality for low level disk encryption. Research on TES over the last two decades have led to a number of proposals many of which have already been implemented using FPGAs. This paper considers the FPGA implementations of two more recent and promising TESs, namely AEZ and FAST. The relevant architectures are described and simulation results on the Xilinx Virtex 5 and Virtex 7 FPGAs are presented. For comparison, two IEEE standard schemes, XCB and EME2 are considered. The results indicate that FAST outperforms the other schemes making it a serious candidate for future incorporation by disk manufacturers and standardisation bodies.
Expand
Kai Hu, Trevor Yap
ePrint Report ePrint Report
Modular addition is often the most complex component of typical Addition-Rotation-XOR (ARX) ciphers, and the division property is the most effective tool for detecting integral distinguishers. Thus, having a precise division property model for modular addition is crucial in the search for integral distinguishers in ARX ciphers.

Current division property models for modular addition either (a) express the operation as a Boolean circuit and apply standard propagation rules for basic operations (COPY, XOR, AND), or (b) treat it as a sequence of smaller functions with carry bits, modeling each function individually. Both approaches were originally proposed for the two-subset bit-based division property (2BDP), which is theoretically imprecise and may overlook some balanced bits.

Recently, more precise versions of the division property, such as parity sets, three-subset bit-based division property without unknown subsets (3BDPwoU) or monomial prediction (MP), and algebraic transition matrices have been proposed. However, little attention has been given to modular addition within these precise models.

The propagation rule for the precise division property of a vectorial Boolean function $\boldsymbol{f}$ requires that $\boldsymbol{u}$ can propagate to $\boldsymbol{v}$ if and only if the monomial $\pi_{\boldsymbol{u}}({\boldsymbol{x}})$ appears in $\pi_{\boldsymbol{v}}( \boldsymbol{f} )$. Braeken and Semaev (FSE 2005) studied the algebraic structure of modular addition and showed that for $\boldsymbol{x} \boxplus \boldsymbol{y} = \boldsymbol{z}$, the monomial $\pi_{\boldsymbol{u}}(\boldsymbol{x})\pi_{\boldsymbol{v}}(\boldsymbol{v})$ appears in $\pi_{\boldsymbol{w}}(\boldsymbol{w})$ if and only if $\boldsymbol{u} + \boldsymbol{v} = \boldsymbol{w}$. Their theorem directly leads to a precise division property model for modular addition. Surprisingly, this model has not been applied in division property searches, to the best of our knowledge.

In this paper, we apply Braeken and Semaev's theorem to search for integral distinguishers in ARX ciphers, leading to several new results. First, we improve the state-of-the-art integral distinguishers for all variants of the Speck family, significantly enhancing search efficiency for Speck-32/48/64/96 and detecting new integral distinguishers for Speck-48/64/96/128. Second, we determine the exact degrees of output bits for $7$-round Speck-$32$ and all/16/2 output bits for $2/3/4$-round Alzette for the first time. Third, we revisit the choice of rotation parameters in Speck instances, providing a criterion that enhances resistance against integral distinguishers. Additionally, we offer a simpler proof for Braeken and Semaev's theorem using monomial prediction, demonstrating the potential of division property methods in the study of Boolean functions.

We hope that the proposed methods will be valuable in the future design of ARX ciphers.
Expand
George Teseleanu
ePrint Report ePrint Report
In 2023, Mfungo et al. presented an image encryption scheme that relies on a series of diffusion techniques and uses a chaotic map to generate three secret keys. Note that two out of three keys are dynamically generated based on the size of the original image, while the remaining key is static. The authors claim that their proposal offers $149$ bits of security. Unfortunately, we found a chosen plaintext attack that requires $2$ oracle queries and has a worse case complexity of $\mathcal O(2^{32})$. If the attacker has access to $1$ encryption oracle query and $1$ decryption oracle query, we can lower the complexity to $\mathcal O(2^{18.58})$. Encrypting an image with Mfungo et al.'s scheme has a worst case complexity of $\mathcal O(2^{33})$. Therefore, both our attacks are faster than encrypting an image. Our attacks are feasible because the dynamic keys remain unchanged for different plaintext images of the same size, and the static key remains the same for all images.
Expand
Yan Jiang, Youwen Zhu, Jian Wang, Yudi Zhang
ePrint Report ePrint Report
Identity-based threshold signature (IDTS) enables the generation of valid signatures without revealing cryptographic keys in the signing process. While current protocols have achieved much progress in their efficiency, many schemes easily suffer from denial-of-service attacks in which misbehaving parties could keep from generating signatures without being caught. The identifiable abort property is designed to withstand such an attack in some recent IDTS protocols. However, all these schemes require many rounds of interaction for the resulting signature or utilize cryptographic techniques, which have a high complexity. In this study, we put forward a novel IDTS protocol that can achieve identifiable abort and resist arbitrary collusion attacks. Precisely, this ensures that corrupted parties are responsible in case of failure and cannot jointly obtain the input of honest parties. Moreover, we present the ideal IDTS functionality and provide the provable security of the proposed protocol with the global random oracle model. Our scheme has non-interactive signing, compatibility with the offline/online settings, and practical efficiency for the online phase. Finally, we give theoretical analyses and experimental results of our solution, showing that the signing time is less than two milliseconds and that the scheme is suitable for resource-constrained settings.
Expand
Thomas Decru, Tako Boris Fouotsa, Paul Frixons, Valerie Gilchrist, Christophe Petit
ePrint Report ePrint Report
Recently, Geraud-Stewart and Naccache proposed two trapdoors based on matrix products. In this paper, we answer the call for cryptanalysis. We explore how using the trace and determinant of a matrix can be used to attack their constructions. We fully break their first construction in a polynomial-time attack. We show an information leak in the second construction using characteristic polynomials, and provide an attack using traces that decreases the bit security by about half.
Expand

28 August 2024

Hong Kong University of Science and Technology
Job Posting Job Posting
We are looking for motivated, bright, and hard-working student that wish to pursue a PhD in Cryptography. The candidate will work on cryptographic research topics such as:

  • zero-knowledge proofs & SNARKs
  • polynomial/vector commitments & lookup arguments
  • searchable encryption
  • encrypted database query evaluation
  • TEE-assisted cryptography
Other areas are possible, the specific research topic will be determined based on the common interests of the candidate and the supervisor.

Applicant's profile
  • MSc or BSc degree in Computer Science or related field.
  • Excellent programming skills.
  • Very good understanding of CS fundamentals: algorithm analysis, data structures, etc.
  • Good understanding of cryptographic primitives: hashing, encryption, commitments, etc.
  • Strong enthusiasm for research.
Ideal candidates have prior knowledge in implementing cryptographic primitives or a relevant project. Solid background in theoretical computer science (complexity analysis, reduction proofs, etc.), or experience in programming for trusted-hardware environments (Intel SGX, ARM TrustZone, etc.) is also a big plus.

Work environment

HKUST offers guaranteed funding for the PhD duration with competitive stipends. Our CSE department consistently ranks very high in global Computer Science and Engineering rankings. Our graduates typically produce research output of the highest quality and consistently staff world-class institutions. The lab offers a creative work environment that is ideal for excellent research.

Interested applicants, please send your CV and a short research statement to Prof. Dimitrios Papadopoulos.

Closing date for applications:

Contact: dipapado (at) cse.ust.hk

Expand

27 August 2024

The University of Sheffield
Job Posting Job Posting
This PhD studentship offers an exciting opportunity to delve into the rapidly evolving fields of Cybersecurity and Artificial Intelligence (AI). As AI technologies become increasingly integrated into enterprise systems, the need to secure these systems against sophisticated cyber threats has never been more critical. This research project at the University of Sheffield is focused on addressing these challenges by developing advanced methods to protect AI systems from cyber attacks, ensuring their reliability, integrity, and resilience in real-world environments. As a PhD candidate, you will join the Security of Advanced Systems Research Group, working on cutting-edge research that bridges the gap between AI innovation and cybersecurity. Your work will involve identifying and analyzing vulnerabilities in AI systems, creating robust models capable of withstanding adversarial attacks, and implementing state-of-the-art security measures to safeguard AI infrastructures. Additionally, you will have the opportunity to collaborate with industry leaders, contributing to the development of new cybersecurity standards for AI. This studentship is ideal for individuals passionate about AI and cybersecurity who are eager to contribute to the protection of critical technologies. The position is open to candidates worldwide, offering a unique chance to make a significant impact in a high-demand field. Research Themes Include: Analyzing vulnerabilities in AI systems Developing robust AI models resistant to adversarial attacks Implementing advanced security measures within AI infrastructures Collaborating with industry leaders to set new cybersecurity standards for AI Position Details: Starting Date: Flexible, with preferred start dates in September 2024 or January 2025. Location: Department of Computer Science, University of Sheffield, UK. Duration: 3 years Additional Note: International candidates are encouraged to apply. Please note that supplementary funding may be required to cover the tuition fee differential.

Closing date for applications:

Contact: To apply, please send your CV, a letter of motivation, and academic transcripts to aryan.pasikhani@sheffield.ac.uk. Be sure to include [PhD-CyberAI] in the subject line of your email.

Expand
The Institute of Science and Technology Austria (ISTA)
Job Posting Job Posting

The Institute of Science and Technology Austria (ISTA) invites for faculty applications in all areas of computer science including security, cryptography and privacy, candidates working in systems and more applied topics are especially encouraged to apply.

Interdisciplinary applications bridging between areas are particularly encouraged to apply.

Assistant professors start with independent group leader positions for six years, progressing to tenured positions after a positive evaluation by international peers.

Tenured positions welcome distinguished scientists with proven leadership in research.

At ISTA, we promote a diverse and inclusive working environment and are committed to the principle of equal employment opportunities for all applicants, free of discrimination. We strongly encourage individuals from underrepresented groups to apply.

ISTA is an interdisciplinary research institution that combines basic science research with graduate education in theoretical and experimental research in Mathematical and Physical Sciences, Life Sciences, and Information and System Sciences.

Why ISTA

• Impactful research in a vibrant, international, and interdisciplinary research environment.

• Advanced facilities and comprehensive scientific support.

• Attractive salaries and generous resources.

• Guaranteed annual funding, including support for PhD students and postdocs.

• Graduate school with highly selective admissions.

• Professional development opportunities and employee support services.

• On-campus childcare facilities.

• Inclusive working environment.

• Proximity to Vienna, consistently ranked among the most livable cities worldwide.

The closing date for applications is November 28, 2024.

Closing date for applications:

Contact: For more information on the application process please go to https://www.ista.ac.at/en/jobs/faculty/

More information: https://www.ista.ac.at/en/jobs/faculty/

Expand

26 August 2024

Kunming, China, 16 December - 17 December 2024
Event Calendar Event Calendar
Event date: 16 December to 17 December 2024
Submission deadline: 15 September 2024
Notification: 30 October 2024
Expand
Tsinghua University, China and Nanyang Technological University, Singapore
Job Posting Job Posting
Tsinghua University in China and Nanyang Technological University in Singapore are jointly seeking for candidates to fill several post-doctoral research fellow positions on symmetric-key cryptography with a tentative duration of 2 years. Topics include but are not limited to the following sub-areas:
  • tool aided cryptanalysis, such as MILP, CP, STP, and SAT
  • machine learning aided cryptanalysis and designs
  • privacy-preserving friendly symmetric-key designs
  • quantum cryptanalysis
  • provable security
  • cryptanalysis against SHA-2, SHA-3, and AES
  • threshold cryptography
Candidates will have the chance to spend half of the time with Assoc Prof Xiaoyang Dong at Tsinghua University, China, and the other half with Assoc Prof Jian Guo at Nanyang Technological University in Singapore. Candidates with strong record of publications in IACR conferences (Asiacrypt, Crypto, Eurocrypt, FSE) are encouraged to apply. These positions are available immediately until filled.

Closing date for applications:

Contact: Assoc Prof Xiaoyang Dong, xiaoyangdong@tsinghua.edu.cn

Expand
University College Cork, Ireland
Job Posting Job Posting
The Cryptography Research Group at University College Cork (UCC) is looking for a highly motivated Post-Doctoral or Senior Post-Doctoral Researcher in differential privacy and related privacy preservation techinques. The researchers will be employed on an industry-funded research project sponsored by a major Internet company. The successful candidate will work under the supervision of Dr Paolo Palmieri, Senior Lecturer in Cyber Securit, and Prof. Barry O’Sullivan, Professor of Computer Science, in the School of Computer Science & Information Technology, University College Cork, Ireland.

Candidates should hold a PhD degree in cryptography, cyber security or related areas, with a good track record of publications. Ideally, they will have experience in one or more of the following areas: differential privacy, anonymity, re-identification and/or cryptography-based privacy enhancing technologies. Candidates with a background in other areas of cryptography/privacy/security, but with a strong interest in differential privacy will also be considered. A strong mathematical background is expected, complemented with programming skills. Experience with relevant libraries such as IBM Diffprivlib, Opacus, SecretFlow etc. is an asset.

The position is until December 2025, with a possibility of extension subject to availability of funding. The successful candidates will be appointed at Post-Doctoral or Senior Post-Doctoral level depending on their experience and qualifications. A budget for travel, equipment, publications and other research expenses is available as part of the project.

The Cryptography Research Group is led by Dr Paolo Palmieri and consists of 8 researchers at doctoral and post-doctoral level. The hired researcher will be encouraged to collaborate with other members of the group, and to take a mentoring role with some of the more junior researchers. There will also be ample opportunities to work with the group’s extensive network of international collaborations. The role will be based in Insight - SFI Research Centre for Data Analytics, as part of the SFI Empower Spoke.

Closing date for applications:

Contact: Informal inquiries can be made in confidence to Dr. Paolo Palmieri, at: p.palmieri@cs.ucc.ie

Applications should be submitted through the University portal at https://ore.ucc.ie/ (search for reference number: 078931). E-mail applications cannot be considered.

More information: https://security.ucc.ie/vacancies.html

Expand
Yansong Feng, Zhen Liu, Abderrahmane Nitaj, Yanbin Pan
ePrint Report ePrint Report
It is well known that the best small private exponent attack against RSA is that when the private exponent $d < N^{0.292}$, one can factor the RSA modulus $N = pq$. However, the bound $N^{0.292}$ is very difficult to achieve directly since we need to deal with some lattice with very high dimension, which seems infeasible by now. Recently, Li et al. proposed a practical attack that can solve cases when $d$ approaches $N^{0.292}$ within a month for $1024$ bit $N$. In this paper, we propose an improved practical small private exponent attack by enumerating the most significant bits of $p + q$. Together with some skills in implementations, we can also achieve the bound $N^{0.292}$, but with significantly less time compared to previous work.
Expand
Yansong Feng, Abderrahmane Nitaj, Yanbin Pan
ePrint Report ePrint Report
Coppersmith's method, combined with the Jochemsz-May strategy, is widely used to find the small roots of multivariate polynomials for cryptanalysis. At Asiacrypt'23, Meers and Nowakowski improved the Jochemsz-May strategy from a single polynomial equation to a system of polynomial equations and proposed a new method, called Automated Coppersmith. Note that it is typically a tedious and non-trivial task to determine asymptotic upper bounds for Coppersmith’s method and manual analysis has to be performed anew when a new set of polynomials is considered. By making certain heuristic assumption, Meers and Nowakowski showed that the bound can be obtained using Lagrange interpolation with the computer, but it is still time-consuming. Moreover, we find that sometimes the interpolation method may get stuck in local convergence, which will result in an incorrect bound when a natural termination strategy is employed in the method.

In this paper, we revisit the Jochemsz-May strategy as well as the work of Meers and Nowakowski and point out that the bound can be obtained by calculating the leading coefficient of some Hilbert function, which is exactly the volume of the corresponding Newton polytope. To this end, we introduce the concept of Sumsets theory and propose a series of related results and algorithms. Compared with the Automated Coppersmith, we overcome the issue of getting stuck in local convergence and directly eliminate the time-consuming calculation for $f^m$ in Automated Coppersmith when $m$ is large, which brings a 1000x$\sim$1200x improvement in running time for some polynomials in our experiment.

Additionally, our new method offers a new perspective on understanding Automated Coppersmith, thus providing proof of Meers and Nowakowski's Heuristic 2 for the system of a single polynomial.
Expand
◄ Previous Next ►