IACR News
If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.
Here you can see all recent updates to the IACR webpage. These updates are also available:
28 March 2025
YoungBeom Kim, Seog Chung Seo
Zhengjun Cao, Lihua Liu
Dipayan Saha, Hasan Al Shaikh, Shams Tarek, Farimah Farahmandi
Abraham Basurto-Becerra, Azade Rezaeezade, Stjepan Picek
Yanning Ji, Elena Dubrova, Ruize Wang
Kien Tuong Truong, Simon-Philipp Merz, Matteo Scarlata, Felix Günther, Kenneth G. Paterson
Weihan Li, Zongyang Zhang, Yun Li, Pengfei Zhu, Cheng Hong, Jianwei Liu
We propose $\textsf{Soloist}$, an optimized distributed SNARK for R1CS. $\textsf{Soloist}$ achieves constant proof size, constant amortized communication complexity, and constant verifier complexity, relative to the R1CS size $n$. Utilized with $\ell$ sub-provers, its prover complexity is $O(n/\ell \cdot \log(n/\ell))$. The concrete prover time is~$\ell\times$ as fast as the R1CS-targeted Marlin (Eurocrypt '20). For zkRollups, $\textsf{Soloist}$ can prove more transactions, with $2.5 \times$ smaller memory costs, $2.8\times$ faster preprocessing, and $1.8\times$ faster proving than Pianist.
$\textsf{Soloist}$ leverages an improved inner product argument and a new batch bivariate polynomial commitment variant of KZG (Asiacrypt '10). To achieve constant verification, we propose a new preprocessing method with a lookup argument for unprescribed tables, which are usually assumed pre-committed in prior works. Notably, all these schemes are equipped with scalable distributed mechanisms.
Lena Heimberger, Christopher Patton, Bas Westerbaan
Changsong Jiang, Chunxiang Xu, Guomin Yang, Li Duan, Jing Wang
27 March 2025
Joseph Jaeger, Akshaya Kumar
Aritra Dasgupta, Sudipta Paria, Swarup Bhunia
Wei-Kai Lin, Ethan Mook, Daniel Wichs
We show that the black-box use of essentially all generic cryptographic primitives (e.g., key agreement, oblivious transfer, indistinguishability obfuscation, etc.), including idealized primitives (e.g., random oracles, generic multilinear groups, virtual black-box obfuscation, etc.) is essentially useless for constructing SK-DEPIR. In particular, in any such SK-DEPIR construction, we can replace all black-box use of these primitives with just a black-box use of one-way functions. While we conjecture that SK-DEPIR cannot be constructed using black-box one-way functions alone, we are unable to show this in its full generality. However, we do show this for 2-round schemes with a passive server that simply outputs requested locations in the preprocessed data structure, which is the format of all known schemes. Overall, this shows that the black-box use of essentially all crypto primitives is insufficient for constructing 2-round passive-server SK-DEPIR, and does not provide any benefit beyond black-box one-way functions for constructing general SK-DEPIR.
26 March 2025
Aniket Kate, Pratyay Mukherjee, Hamza Saleem, Pratik Sarkar, Bhaskar Roberts
We take an alternative approach of social recovery within a community, where each member already holds a secret key (with possibly an associated public key) and uses other community members as their guardians forming a mutual dependency among themselves. Potentially, each member acts as a guardian for upto $(n-1)$ other community members. Therefore, in this setting, using standard Shamir's sharing leads to a linear ($O(n)$) blow-up in the internal secret storage of the guardian for each key recovery. Our solution avoids this linear blowup in internal secret storage by relying on a novel secret-sharing scheme, leveraging the fact that each member already manages a secret key. In fact, our scheme does not require guardians to store anything beyond their own secret keys.
We propose the first formal definition of a social key recovery scheme for general access structures in the community setting. We prove that our scheme is secure against any malicious and adaptive adversary that may corrupt up to $t$ parties. As a main technical tool, we use a new notion of secret sharing, that enables $(t+1)$ out of $n$ sharing of a secret even when the shares are generated independently -- we formalize this as bottom-up secret sharing (BUSS), which may be of independent interest.
Finally, we provide an implementation benchmarking varying the number of guardians both in a regional, and geo-distributed setting. For instance, for 8 guardians, our backup protocol takes around 146-149 ms in a geo-distributed WAN setting, and 4.9-5.9 ms in the LAN setting; for recovery protocol, the timings are approximately the same for the WAN setting (as network latency dominates), and 1.2-1.4 ms for the LAN setting.
Alex Biryukov, Baptiste Lambin, Aleksei Udovenko
Our formula uncovers error in a recent work from 2022 proposing a formula for rotation amounts bigger than 1. Surprisingly, it also affects correctness of the more studied and used formula for the rotation amount equal to 1 (from TOSC 2016). Specifically, it uncovers rare cases where the assumptions of this formula do not hold. Correct formula for arbitrary rotations now opens up a larger search space where one can often find better trails.
For applications, we propose automated mixed integer linear programming (MILP) modeling techniques for searching optimal RX-trails based on our exact formula. They are consequently applied to several ARX designs, including Salsa, Alzette and a small-key variant of Speck, and yield many new RX-differential distinguishers, some of them based on provably optimal trails. In order to showcase the relevance of the RX-differential analysis, we also design Malzette, a 12-round Alzette-based permutation with maliciously chosen constants, which has a practical RX-differential distinguisher, while standard differential/linear security arguments suggest sufficient security.
Andrea Flamini, Silvio Ranise, Giada Sciarretta, Mario Scuro, Nicola Smaniotto, Alessandro Tomasi
Julien Devevey, Morgane Guerreau, Thomas Legavre, Ange Martinelli, Thomas Ricosset
We first exploit the multiplications involving its two main secret matrices, recovering approximately half of their entries through a non-profiled power analysis with a few hundred traces. Using these coefficients, we reduce the dimension of the underlying LWE problem, enabling full secret key recovery with calls to a small block-sized BKZ.
To mitigate this attack, we propose a countermeasure that replaces sensitive computations involving a secret matrix with equivalent operations derived solely from public elements, eliminating approximately half of the identified leakage and rendering the attack unfeasible.
Finally, we perform a non-profiled power analysis targeting HuFu's Gaussian sampling procedure, recovering around 75\% of the remaining secret matrix's entries in a few hundred traces. While full key recovery remains computationally intensive, we demonstrate that partial knowledge of the secret significantly improves the efficiency of signature forgery.
25 March 2025
Input Output Group
Who you are:
The internship is ideally intended for senior undergraduate/master students, PhD candidates, or early postdocs in one of the fields with relevance to blockchain systems, such as computer science, applied mathematics, cryptography, or economics. It is a perfect opportunity for an early-stage researcher to gain valuable research experience by collaborating with members of the IOG Research team on current challenges in blockchain technologies.
What the role involves:
The intern will work on an Internship Project that will be defined prior to the commencement of the internship, taking into account the intern’s scientific background and skillset, as well as the research priorities within IOG.
The work will be done under the guidance of a supervisor, who will be one of the members of IOG Research. Supervisors will contribute to defining the scope of the Internship Project, track the intern’s progress, provide guidance, and ensure that the work done is aligned with the broader research carried out at IOG Research.
The duration of the internship is up to 3 months and is primarily intended to take place during summer 2025, although other time periods may be considered.
Closing date for applications:
Contact: Sandro Coretti-Drayton
More information: https://apply.workable.com/io-global/j/0BC29938F1/
EPITA, EPITA Research Laboratory (LRE); Paris, Rennes or Toulouse, France
The LRE, https://www.lre.epita.fr, is attached to the "EDITE doctoral school" in Paris (Sorbonne University). It was evaluated by Hcéres in 2017-2018, and is currently being evaluated (wave 2024-2025). We are recruiting to strengthen the five LRE teams, in particular the Security and Systems team (https://www.lre.epita.fr/systems/), for the Paris, Rennes and Toulouse sites in the following areas:
- For the Paris site :
- Cryptography
- Post-quantum standards, protocols and primitives
- Automatic analysis
- Blockchain
- Learning detection and security
- Attack detection and analysis
- Security of learning models
- Software and hardware security
- Virology and malware analysis
- Reverse engineering at assembler and hardware level
- Systems
- Operating systems and kernels
- Cloud computing and virtualisation
- Embedded systems
- For the Rennes site:
- Static and dynamic analysis of malicious software
- Instrumentation and tools for analysis and monitoring
- For the Toulouse site:
- The dedicated job description for an HDR or ‘almost HDR’ profile is here: https://tinyurl.com/PosteEpitaToulouseHDR2025
Closing date for applications:
Contact: pierre.parrend@epita.fr; thierry.gerault@epita.fr
More information: https://tinyurl.com/PostesEpitaSECUSYST2025
University of Southern Queensland, Australia - work can be done remotely within Australia.
Expectations: to produce top-tier journal paper/s in the field of Privacy-preserving Machine Learning.
Position 2 : A casual developer with the following skill set required, for a few hundred hours (the exact number of hours is negotiable and depends on the availability of the candidate):
1. Swift (for a task specifically for iOS), and
2. Java (for Android app development), and
3. TensorFlow.js (for a specific task), and
4. Java or PHP or C# (for web page development), and
5. HTML and CSS and JavaScript (for UI design).
Expectations : to continue with some existing development work by polishing and finalizing the mobile app development.
Note : The successful candidates for both the positions above must be physically based in Australia with working rights in Australia when the work is being done.
Closing date for applications:
Contact: Dr. Zhaohui (Linda) Tang at:
Zhaohui.Tang@unisq.edu.au
University of Tartu
The postdoctoral researcher should have a strong track record in areas related to the design and analysis of efficient zero-knowledge proofs. We expect the candidate to have published a few papers at IACR conferences or venues of equivalent renown. The Ph.D student must have an MSc or equivalent by this spring, a strong mathematics and/or theoretical computer science background, and an existing cryptography background. We welcome all exceptional candidates. We especially welcome candidates with a background in PQ zk-SNARKs (hash-based or lattice-based) or applications like zkML; in the case of the Ph.D student, we interpret it as a background either in coding theory, lattice-based cryptography, or machine learning.
T apply for the positions, submit a letter of motivation (clearly stating why this project and the applicant are a good match), a full research CV, names of two references, and a research statement (obligatory for the postdoctoral researcher), clearly indicating the sought position (postdoc or Ph.D student).
The postdoc position starts on August 1, 2025, or later and lasts 2-4 years, depending on the candidate and negotiations. The Ph.D. position starts on September 1, 2025, and lasts four years. The candidates may later seek further employment, but this is not guaranteed in advance. Application deadline: 25.04.2025.
Closing date for applications:
Contact: Helger Lipmaa Professor of Cryptography, Head of Chair
https://kodu.ut.ee/~lipmaa/
helger dot lipmaa at ut dot ee
More information: https://crypto.cs.ut.ee/Main/OpenPositions
