IACR News
If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.
Here you can see all recent updates to the IACR webpage. These updates are also available:
12 December 2024
Kyoohyung Han, Seongkwang Kim, Byeonghak Lee, Yongha Son
In this work, we identify a flaw in an existing security proof, and present practical attacks in the malicious model, which results in additional PRF evaluations than the previous works' claim. In particular, the attack for malicious model is related to the concept of OKVS overfitting, whose hardness is conjectured in previous works. Our attack is the first one to discuss the concrete hardness of OKVS overfitting problem.
As another flavour of contribution, we generalize OKVS-based OPRF constructions, suggesting new instantiations using a VOLE protocol with only Minicrypt assumptions. Our generalized construction shows improved performance in high-speed network environments, narrowing the efficiency gap between the OPRF constructions over Cryptomania and Minicrypt.
Hanlin Liu, Xiao Wang, Kang Yang, Yu Yu
Donggeun Kwon, Seokhie Hong
Yujin Oh, Kyungbae Jang, Hwajeong Seo
Dimitri Koshelev, Antonio Sanso
Additionally, the new results are relevant to one of the "classical" curves (with \( D = -619 \)) from the Russian ECC standard. This curve was likely found using the CM method (with overwhelming probability), though this is not explicitly stated in the standard. Its developers seemingly sought to avoid curves with small \( D \) values, aiming to mitigate potential DLP attacks on such curves, and hoped these attacks would not extend effectively to \( D = -619 \). One goal of the present article is to address the perceived disparity between the \( D = -3 \) curves and the Russian curve. Specifically, the Russian curve should either be excluded from the standard for potential security reasons or local software should begin leveraging the advantages of the GLV decomposition.
Alain Passelègue, Damien Stehlé
Jaehwan Park, Hyeonbum Lee, Junbeom Hur, Jae Hong Seo, Doowon Kim
Siyi Wang, Kyungbae Jang, Anubhab Baksi, Sumanta Chakraborty, Bryan Lee, Anupam Chattopadhyay, Hwajeong Seo
This paper proposes an optimized quantum circuit for LED, minimizing the required number of qubits, quantum gates, and circuit depth. Furthermore, we conduct Grover's attack and Search with Two Oracles (STO) attack on the proposed LED cipher, estimating the quantum resources required for the corresponding attack oracles. The STO attack outperforms the usual Grover's search when the state size is less than the key size. Beyond analyzing the cipher itself (i.e., the ECB mode), this work also evaluates the effectiveness of quantum attacks on LED across different modes of operation.
Stefan Dziembowski, Sebastian Faust, Jannik Luhn
Amit Singh Bhati, Elena Andreeva, Simon Müller, Damian Vizar
A significant number of existing message authentication codes (MACs) are based on block ciphers (BCs) and tweakable block ciphers (TBCs). These MACs offer various trade-offs in properties, such as data processing rate per primitive call, use of single or multiple keys, security levels, pre- or post-processing, parallelizability, state size, and optimization for short/long queries.
In this work, we propose the $\mathsf{Sonikku}$ family of expanding primitive based MACs, consisting of three instances: $\mathsf{BabySonic}$, $\mathsf{DarkSonic}$, and $\mathsf{SuperSonic}$. The $\mathsf{Sonikku}$ MACs are -- 1) faster than the state-of-the-art TBC-based MACs; 2) secure beyond the birthday bound in the input block size; 3) smaller in state size compared to state-of-the-art MACs; and 4) optimized with diverse trade-offs such as pre/post-processing-free execution, parallelization, small footprint, and suitability for both short and long queries. These attributes make them favorable for common applications as well as ``IoT'' and embedded devices where processing power is limited.
On a Cortex-M4 32-bit microcontroller, $\mathsf{BabySonic}$ with $\mathsf{ForkSkinny}$ achieves a speed-up of at least 2.11x (up to 4.36x) compared to state-of-the-art ZMAC with $\mathsf{SKINNY}$ for 128-bit block sizes and queries of 95B or smaller. $\mathsf{DarkSonic}$ and $\mathsf{SuperSonic}$ with $\mathsf{ForkSkinny}$ achieve a speed-up of at least 1.93x for small queries of 95B or smaller and 1.48x for large queries up to 64KB, respectively, against ZMAC with $\mathsf{SKINNY}$ for both 64- and 128-bit block sizes.
Similar to ZMAC and PMAC2x, we then demonstrate the potential of our MAC family by using $\mathsf{SuperSonic}$ to construct a highly efficient, beyond-birthday secure, stateless, and deterministic authenticated encryption scheme, which we call SonicAE.
Mingyao Shao, Yuejun Liu, Yongbin Zhou, Yan Shao
This work focuses on Kyber to evaluate its security under both distributions. Compared with the CBD, the uniform distribution over the same range enhances the LWE hardness but also increases the decryption failure probability, amplifying the risk of decryption failure attacks. We introduce a majority-voting-based key recovery method, and carry out a practical decryption failure attack on Kyber512 in this scenario with a complexity of $2^{37}$.
Building on this analysis, we propose uKyber, a variant of Kyber that employs the uniform distribution and parameter adjustments under the asymmetric module-LWE assumption. Compared with Kyber, uKyber maintains comparable hardness and decryption failure probability while reducing ciphertext sizes. Furthermore, we propose a multi-value sampling technique to enhance the efficiency of rejection sampling under the uniform distribution. These properties make uKyber a practical and efficient alternative to Kyber for a wide range of cryptographic applications.
Upasana Mandal, Shubhi Shukla, Ayushi Rastogi, Sarani Bhattacharya, Debdeep Mukhopadhyay
For fine-tuning µLAM, we utilize a comprehensive dataset that includes system configurations, mitigations already in place for different generations of systems, dynamic HPC values, and both vulnerable and non-vulnerable source codes. This rich dataset enables µLAM to harness its advanced LLM natural language processing capabilities to understand and interpret complex code patterns and system behaviors, learning continuously from new data to improve its predictive accuracy and respond effectively in real time to both known and novel threats, making it an indispensable tool against microarchitectural threats. In this paper, we demonstrate the capabilities of µLAM by fine-tuning and testing it on code utilizing well-known cryptographic libraries such as OpenSSL, Libgcrypt, and NaCl, thereby illustrating its effectiveness in securing critical and complex software environments.
Shingo Sato, Junji Shikata
Fuyuan Chen, Jiankuo Dong, Xiaoyu Hu, Zhenjiang Dong, Wangchen Dai, Jingqiang Lin, Fu Xiao
Alessio Caminata, Ryann Cartor, Alessio Meneghetti, Rocco Mora, Alex Pellegrini
Shengzhe Meng, Xiaodong Wang, Zijie Lu, Bei Liang
To compute the intersection between 16 parties with a set size of $2^{20}$ each, our PSI-CA protocol only takes 5.84 seconds and 326.6 MiB of total communication, which yields a reduction in communication by a factor of up to 2.4× compared to the state-of-the-art multi-party PSI-CA protocol of Gao et al. (PoPETs 2024). We prove that our protocol is secure in the presence of a semi-honest adversary who may passively corrupt any $(t-2)$-out-of-$t$ parties once two specific participants are non-colluding.
Hongyuan Cai, Xiaodong Wang, Zijie Lu, Bei Liang
We present two new protocols that achieve the functionality. The first protocol is based on Oblivious Pseudorandom Function (OPRF), additively homomorphic encryption and symmetric-key encryption, while the second one is based on Decisional Diffie-Hellman (DDH) assumption, additively homomorphic encryption and symmetric-key encryption. Both protocols are proven to be secure against semi-honest adversaries. Compared with the original protocol proposed by Beauregard et al. (abbreviated as the FOCI protocol), which requires all weights in the input sets to be polynomial in magnitude, our protocols remove this restriction.
We compare the performance of our protocols with the FOCI protocol both theoretically and empirically. We find out that the performance of FOCI protocol is primarily affected by the size of the intersection and the values of elements’ weights in intersection when fixing set size, while the performance of ours is independent of these two factors. In particular, in the LAN setting, when the set sizes are $n=10000$, intersection size of $\frac{n}{2}$, the weights of the elements are uniformly distributed as integers from $\left[0, n-1\right]$, our DDH-based protocol has a similar run-time to the FOCI protocol. However, when the weights of the elements belonging to $\left[0, 10n-1\right]$ and $\left[0, 100n-1\right]$, our DDH-based protocol is between a factor $2\times$ and $5\times$ faster than the FOCI protocol.
11 December 2024
Télécom Paris, France
The internship may be followed by a PhD position.
For more information, please visit https://tinyurl.com/2smd2665
Closing date for applications:
Contact: victor[dot]dyseryn[at]telecom-paris[dot]fr
More information: https://victordyseryn.github.io/files/2025_M2_internship_Telecom_Paris_Threshold_Signature_Codes.pdf
Heriot-Watt University
Digital predistortion (DPD) is a crucial signal processing technique employed to mitigate the nonlinear distortions introduced by power amplifiers (PAs) in wireless communication systems. These distortions lead to signal degradation, spectral regrowth, and reduced energy efficiency, which are particularly problematic in modern communication systems such as 5G and emerging 6G networks, where stringent linearity requirements coexist with the demand for higher data rates and power efficiency. Traditional DPD algorithms rely on mathematical models and optimization techniques that can struggle to adapt to the increasing complexity of modern communication environments, such as wideband signals, high carrier frequencies, and dynamic operational conditions. Machine learning (ML) offers a transformative approach to DPD by enabling adaptive, efficient, and robust solutions that outperform conventional methods in real-world scenarios.
This project aims to develop AI-optimized digital predistortion algorithms and architectures tailored for modern and future communication systems. The research will focus on designing robust, real-time, and computationally efficient ML-based DPD solutions that adapt to diverse PA characteristics and operational conditions.
Candidate description and eligibility
- A highly motivated candidate with an MEng (or M.Tech)/BEng (or B.Tech) degree or equivalent in electronics and/or electrical engineering, with a strong passion for VLSI for Machine Learning/AI, Communication and Signal Processing is sought herewith.
- Desirable: In addition to above qualifications, expertise and interest in FPGA/ASIC and EDA tools would be advantageous.
Closing date for applications:
Contact: Dr. Mohd. Tasleem Khan
More information: https://microwaves.site.hw.ac.uk/vacancies/
09 December 2024
Microsoft Research, Redmond
For more information and to apply, go to https://jobs.careers.microsoft.com/global/en/job/1791134.
Closing date for applications:
Contact: Karen Easterbrook (keaster@microsoft.com) or Kim Laine (kim.laine@microsoft.com)