IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
04 November 2024
Tianren Liu, Angelos Pelecanos, Stefano Tessaro, Vinod Vaikuntanathan
ePrint ReportWe show both lower and upper bounds on the number of rounds it takes for this process to approximate a random permutation over $\mathbb{F}$. We show that $r$ rounds of the inverse walk over the field of size $n$ with $$r = \Theta\left(n\log^2 n + n\log n\log \frac{1}{\epsilon}\right)$$ rounds generates a permutation that is $\epsilon$-close (in variation distance) to a uniformly random even permutation (i.e. a permutation from the alternating group $A_{n}$). This is tight, up to logarithmic factors.
Our result answers an open question from the work of Liu, Pelecanos, Tessaro and Vaikuntanathan (CRYPTO 2023) by providing a missing piece in their proof of $t$-wise independence of (a variant of) AES. It also constitutes a significant improvement on a result of Carlitz (Proc. American Mathematical Society, 1953) who showed a reachability result: namely, that every even permutation can be generated eventually by composing $\operatorname{INV}$ and $\operatorname{ARK}$. We show a tight convergence result, namely a tight quantitative bound on the number of rounds to reach a random (even) permutation.
Joseph Bonneau, Benedikt Bünz, Miranda Christ, Yuval Efron
ePrint ReportVasyl Ustimenko, Tymoteusz Chojecki, Aneta Wróblewska
ePrint ReportIscha Stork, Vipul Arora, Łukasz Chmielewski, Ileana Buhan
ePrint ReportAmaury Pouly, Yixin Shen
ePrint ReportYu Dai, Debiao He, Dmitrii Koshelev, Cong Peng, Zhijian Yang
ePrint ReportAlberto Maria Mongardini, Daniele Friolo, Giuseppe Ateniese
ePrint ReportYuxuan Sun, Yuncong Hu, Yu Yu
ePrint ReportSushmita Sarkar, Vikas Srivastava, Tapaswini Mohanty, Nibedita Kundu, Sumit Kumar Debnath
ePrint ReportHamza Abusalah, Gennaro Avitabile
ePrint ReportIn this work, we give a black-box construction of TCs from any time-lock puzzle (TLP) by additionally relying on one-way permutations and collision-resistant hashing.
Currently, TLPs are known from (a) the specific repeated squaring assumption, (b) the general (necessary) assumption on the existence of worst-case non-parallelizing languages and indistinguishability obfuscation, and (c) any iteratively sequential function and the hardness of the circular small-secret LWE problem. The latter admits a plausibly post-quantum secure instantiation.
Hence, thanks to the generality of our transform, we get i) the first TC whose timed security is based on the the existence of non-parallelizing languages and ii) the first TC that is plausibly post-quantum secure.
We first define quasi publicly-verifiable TLPs (QPV-TLPs) and construct them from any standard TLP in a black-box manner without relying on any additional assumptions. Then, we devise a black-box commit-and-prove system to transform any QPV-TLPs into a TC.
John Bostanci, Barak Nehoran, Mark Zhandry
ePrint ReportBuilding on our duality principle, we present the following applications:
* Quantum money, which captures quantum states that are verifiable but unclonable, and its stronger variant, quantum lightning, have long resisted constructions based on concrete cryptographic assumptions. While (public-key) quantum money has been constructed from indistinguishability obfuscation (iO)—an assumption widely considered too strong—quantum lightning has not been constructed from any such assumptions, with previous attempts based on assumptions that were later broken. We present the first construction of quantum lightning with a rigorous security proof, grounded in a plausible and well-founded cryptographic assumption. We extend Zhandry's construction from Abelian group actions [Zhandry, 2024] to non-Abelian group actions, and eliminate Zhandry's reliance on a black-box model for justifying security. Instead, we prove a direct reduction to a computational assumption—the pre-action security of cryptographic group actions. We show how these group actions can be realized with various instantiations, including with the group actions of the symmetric group implicit in the McEliece cryptosystem.
* We provide an alternative quantum money and lightning construction from one-way homomorphisms, showing that security holds under specific conditions on the homomorphism. Notably, our scheme exhibits the remarkable property that four distinct security notions—quantum lightning security, security against both worst-case cloning and average-case cloning, and security against preparing a specific canonical state—are all equivalent.
* Quantum fire captures the notion of a samplable distribution on quantum states that are efficiently clonable, but not efficiently telegraphable, meaning they cannot be efficiently encoded as classical information. These states can be spread like fire, provided they are kept alive quantumly and do not decohere. The only previously known construction relied on a unitary quantum oracle, whereas we present the first candidate construction of quantum fire in the plain model.
Yuyu Wang, Chuanjie Su, Jiaxin Pan
ePrint ReportYang Yang, Robert H. Deng, Guomin Yang, Yingjiu Li, HweeHwa Pang, Minming Huang, Rui Shi, Jian Weng
ePrint ReportLiron David, Avinatan Hassidim, Yossi Matias, Moti Yung
ePrint ReportWe consider a new natural privacy notion for BLE broadcasting beacons which we call ``Timed-sequence- indistinguishability'' of beacons. This new privacy definition is stronger than the well-known indistinguishability, since it considers not just the advertisements' content, but also the advertisements' broadcasting times which are observable in the physical world.
We then prove that beacons with periodically changing pseudorandom identities do not achieve timed-sequence- indistinguishability. We do this by presenting a novel privacy attack against BLE beacons, which we call the ``Battery Insertion Attack.'' This new time-based privacy attack can be executed by merely inserting or reinserting the beacon's battery at the adversary's chosen time. We performed this attack against an actually deployed beacon.
To mitigate the ``Battery Insertion Attack'' and other attacks associated with periodic signaling, we propose a new countermeasure involving quasi-periodic randomized scheduling of identity changes. We prove that our countermeasure ensures timed-sequence indistinguishability for beacons, thereby enhancing the beacon's privacy. Additionally, we show how to integrate this countermeasure in the attacked system while essentially preserving its feasibility and utility, which is crucial for practical industrial adoption.
Tamar Ben David, Varun Narayanan, Olga Nissenbaum, Anat Paskin-Cherniavsky
ePrint Report02 November 2024
Virtual event, Anywhere on Earth, 25 February - 26 February 2025
Event CalendarIndian Institute of Technology Bhilai
Job PostingTitle of the Project FinTeQ - Quantum-Safe Financial Transaction Framework
For other details about the research group please visit - http://de.ci.phe.red and http://dhimans.in
Name of the position: Project Manager
Number of Positions: 1
Essential qualifications: PhD or ME/ MTech with a minimum of 4 years of relevant work experience, or BE/ BTech with a minimum of 7 years of relevant work experience UG/PG degrees should be in Computer Science/IT/ECE or other relevant disciplines.
Desirable: The candidate should have adequate knowledge and experience in mobile software development, particularly Android and iOS development, familiarity with concepts of Cryptography and secure software design, strong team management and leadership skills, experience in coordinating cross-functional teams, ability to work under tight deadlines and manage multiple projects simultaneously.
Age limit: 50 years
Monthly Salary: INR 80,000/- (Indian Rupees Eighty Thousand)
Duration: 5 Months (Extendable based on performance)
Closing date for applications:
Contact: Principal Investigator:
Dr. Dhiman Saha
Assistant Professor
Department of Computer Science and Engineering
IIT Bhilai, Chhattisgarh, INDIA - 491002
Email - dhiman@iitbhilai.ac.in
More information: https://iitbhilai.ac.in/index.php?pid=adv_oct24_30_1
Brandenburg University of Technology, Chair of IT Security; Cottbus, Germany
Job Posting- AI-based Network Attack Detection and Simulation.
- AI-enabled Penetration Testing.
- Privacy-Enhancing Technologies in Cyber-Physical Systems.
Closing date for applications:
Contact: Ivan Pryvalov (ivan.pryvalov@b-tu.de)
The University of Sheffield
Job PostingPhD Studentship in Security for Smart Manufacturing and Digital Twin
(University of Sheffield, UK)
Are you ready to explore the forefront of securing smart manufacturing systems and digital twins? Join the University of Sheffield's research team through a 3.5-year PhD studentship focused on enhancing security within advanced manufacturing environments, specifically in applications involving digital twins and robotic arms.
Project Overview:
This project addresses critical security challenges within smart manufacturing environments, focusing on the protection and resilience of digital twin frameworks. The research aims to fortify systems against cyber threats to ensure safe, secure, and efficient operation in industrial settings. Key areas of study include vulnerability analysis, digital twin security, and developing defence mechanisms to protect interconnected manufacturing components, including robotic arms.
Research Themes Include:
- Identifying and analysing vulnerabilities in digital twins and robotic arm systems
- Designing robust digital twin models with enhanced resistance to cyber threats
- Implementing advanced security protocols for smart manufacturing infrastructure
- Collaborating with industry partners to establish new security standards for digital twin and robotic systems
Position Details:
- Starting Date: Flexible, with preferred start dates in January 2025 or September 2025.
- Location: Department of Computer Science, University of Sheffield, UK.
- Duration: 3 years and 6 months
Candidate Requirements:
The ideal candidate should have an excellent academic track record at both Bachelor’s and Master’s levels and a strong background in research, demonstrated by relevant publications. This opportunity is available for UK home students only.
Note: Only UK-based candidates are eligible to apply.
Closing date for applications:
Contact:
Application Process:
To apply, please send your CV, research statement, letter of motivation, and academic transcripts to aryan.pasikhani@sheffield.ac.uk. Be sure to include [PhD-SmartMfgSec] in the subject line
More information: https://www.linkedin.com/posts/aryanphd_phdopportunity-smartmanufacturing-digitaltwin-activity-7257849433168470016-AsDw?utm_source=share&utm_medium=member_desktop
University of Birmingham, UK
Job PostingAt the Centre for Cyber Security and Privacy at the University of Birmingham, we are looking for a PhD student in low-level security topics, for example confidential computing, embedded & firmware security, GPU security, side channels, and/or mobile network security.
Studentship: The studentship covers a stipend and tuition fees based on home student rates. The stipend provides an annual maintenance allowance of £19,237. The allowance is paid as a (usually) tax-free stipend and its rate is usually incremented on 1 October each following year.
We provide personal laptops and travel funding to attend conferences (subject to prior approval) and one summer school (or equivalent). Students will also be given the chance to participate in teaching activities, including creating and grading exercises as well as conducting laboratory and tutorial sessions, which are compensated separately.
Eligibility: Candidates from most countries are welcome to apply. Candidates should have a good background in system-level programming (e.g. using C, C++, Assembly, and/or Rust) and/or embedded systems/hardware. We also expect a first-class UG or PG degree in a relevant subject (e.g. computer science or electrical engineering).
Apply: Applications are accepted until 5 Dec 2024, see https://www.birmingham.ac.uk/schools/computer-science/postgraduate-research/applying-for-phd-in-computer-science.
Closing date for applications:
Contact: Feel free to informally discuss with David Oswald (d.f.oswald (at) bham.ac.uk) and Marius Münch (m.muench (at) bham.ac.uk) before putting in a full application.
More information: https://www.birmingham.ac.uk/schools/computer-science/postgraduate-research/applying-for-phd-in-computer-science