IACR News
If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.
Here you can see all recent updates to the IACR webpage. These updates are also available:
03 March 2016
Guoyan Zhang, Meicheng Liu
In this paper, we generalize their method and present a generic distinguisher on a kind of permutations called \texttt{PRESENT}-like permutations. This generic distinguisher is divided into two phases. The first phase is a truncated differential distinguisher with strong bias, which describes the unbalancedness of the output collision on some fixed bits, given the fixed input in some bits, and we take advantage of the strong relation between truncated differential probability and capacity of multidimensional linear approximation to derive the best differential distinguishers. The second phase is the meet-in-the-middle layer, which is pre-added to the truncated differential to propagate the differential properties as far as possible. Different with Blondeau \textit{et al.}'s work, we extend the MitM layers on a 64-bit internal state to states with any size, and we also give a concrete bound to estimate the attacked rounds of the MitM layer.
As an illustration, we apply our technique to all versions of \texttt{SPONGENT} permutations. In the truncated differential phase, as a result we reach one, two or three rounds more than the results shown by the designers. In the meet-in-the-middle phase, we get up to 11 rounds to pre-add to the differential distinguishers. Totally, we improve the previous distinguishers on all versions of \texttt{SPONGENT} permutations by up to 13 rounds.
Takahiro Matsuda, Goichiro Hanaoka
The main result in this work is to show that the strength of plaintext awareness required in the Dachman-Soled construction can be somehow "traded" with the strength of a "simulatability" property of other building blocks. Furthermore, we also show that we can "separate" the assumption that a single PKE scheme needs to be both weakly simulatable and plaintext aware in her construction. Specifically, in this paper we show two new constructions of CCA secure key encapsulation mechanisms (KEMs): Our first scheme is based on a KEM which is chosen plaintext (CPA) secure and plaintext aware only under the $2$ keys setting, and a PKE scheme satisfying a "slightly stronger" simulatability than weak simulatability, called \emph{trapdoor simulatability} (introduced by Choi et al. ASIACRYPT 2009). Our second scheme is based on a KEM which is $1$-bounded CCA secure (Cramer et al. ASIACRYPT 2007) and plaintext aware only in the \emph{single} key setting, and a trapdoor simulatable PKE scheme. Our results add new recipes for constructing CCA secure PKE/KEM from general assumptions (that are incomparable to those used by Dachman-Soled), and in particular show interesting trade-offs among building blocks with those used in Dachman-Soled's construction.
Raphael Bost, Olivier Sanders
In this work we focus on OTR's way to instantiate a TBC and show that it does not achieve such a property for a large amount of parameters. We indeed describe collisions between the input masks derived from the tweaks and explain how they result in practical attacks against this scheme, breaking privacy, authenticity, or both, using a single encryption query, with advantage at least 1/4.
We stress however that our results do not invalidate the OTR construction as a whole but simply prove that the TBC's input masks should be designed differently.
Charanjit Jutla, Arnab Roy
This has the remarkable consequence that in the Gennaro-Lindell paradigm of designing universally-composable password-authenticated key-exchange (UC-PAKE) protocols, if one replaces the traditionally employed SPHFs with the novel smooth QA-NIZK, one gets highly efficient UC-PAKE protocols that are secure even under dynamic corruption. The new notion can be seen as capturing the essence of the recent UC-PAKE protocol of Jutla and Roy (AsiaCrypt 2015) which is secure under dynamic corruption but uses intricate dual-system arguments.
This simpler and modular design methodology allows us to give the first single-round asymmetric UC-PAKE protocol, which is also secure under dynamic corruption in the erasure model. Previously, all asymmetric UC-PAKE protocols required at least two rounds. In fact, our protocol just requires each party to send a single message asynchronously. In addition, the protocol has short messages, with each party sending only four group elements. Moreover, the server password file needs to store only one group element per client. The protocol employs asymmetric bilinear pairing groups and is proven secure in the random oracle model and under the standard bilinear pairing assumption SXDH.
Sungwook Kim, Jinsu Kim, Dongyoung Koo, Yuna Kim, Hyunsoo Yoon, Junbum Shin
İzmir, Turkey, 5 September - 7 September 2016
University of Bergen, Norway
Closing date for applications: 31 March 2016
Contact: Professor Tor Helleseth, phone (+47) 55584160, email: Tor.Helleseth (at) uib.no
More information: https://www.jobbnorge.no/en/available-jobs/job/122732/postdoctoral-fellow-within-cryptology
Hong Kong Applied Science and Technology Research Institute Company Limited
- Conduct research on advanced ethical hacking, penetration testing, reverse engineering.
- Conduct assessment on network infrastructure, web and mobile security.
- Assisting in IT security enforcement and enhancement.
- Design secure application testing approaches, integrate quality assurance testings with security functionalities.
- Candidate with strong programming background will also be involved in security tool/signature development.
- Design and implement preventive security controls, application code review and analysis, code scanning and testing tools, web application scanning and penetration tests.
- Manage vendor and service provider on security tools and technologies project engagement and delivery.
- Bachelor’s degree or above in Computer Science, Electrical Engineering or other relevant disciplines with a minimum of 5 years of experience in security assessment. Candidates with less experience will also be considered for the Engineer level.
- Experience in financial industry is preferred but not mandatory.
- Demonstrate wide working knowledge of application security.
- Experience in application development life cycle, application testing and code scanning, with exposure in penetration test, finding exploits, vulnerabilities, unauthorized access, or other malicious activities in computer systems.
- Proficient in English, spoken and written.
- High integrity and professional work practice.
- Appreciation of people and cultures of different countries.
Closing date for applications: 15 March 2016
Contact: charlenechoo (at) astri.org
More information: http://www.astri.org/careers/work-at-astri/jobs/senior-engineerengineer-cyber-security-assessment-multiple-openings-4
02 March 2016
McLean, Virginia, 3 May - 5 May 2016
Université Libre de Bruxelles
Status: Two years Marie Curie postdoc grant
Expected starting date: September 2016
Location: University of Brussels (ULB), Belgium
Interested applicants should:
- Hold a Ph.D. degree or equivalent in Computer Science or Computer Engineering or a closely related area
- Have solid background on real-time systems
- Have good programming skills (in C)
- Have a good publication record
- Demonstrate an excellent level of spoken and written English. Knowledge of French is a plus.
Closing date for applications: 15 March 2016
Contact: Applications should be sent latest by March 15, 2016 to joel.goossens (at) ulb.ac.be
Pierre Belgarric, Pierre-Alain Fouque, Gilles Macario-Rat, Mehdi Tibouchi
Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer, Yuval Yarom
01 March 2016
Reza Azarderakhsh, David Jao, Kassem Kalach, Brian Koziel, Christopher Leonardi
Serguei Popov
Jean-Michel Cioranesco\inst{1} \and Houda Ferradi\inst{2} \and \\ R\'emi G\'eraud\inst{2} \and David Naccache
As programs, no matter how many layers of indirection in place, are really being run, they consume resources. Should this resource usage be precisely monitored, malicious programs might be able to communicate in spite of software protections.
We demonstrate the existence of such a covert channel bypassing isolations techniques and IPC policies. This covert channel that works over all major consumer OSes (Windows, Linux, MacOS) and relies on exploitation of the process table. We measure the bandwidth of this channel and suggest countermeasures.
Zvika Brakerski, Christina Brzuska, Nils Fleischhacker
We show that saiO does not exist, even for a minimal correctness requirement, if $\mathcal{NP} \not\subseteq \mathcal{AM}\cap\mathbf{co}\mathcal{AM}$, and if one-way functions exist. A simple complementary observation shows that if one-way functions do not exist, then average-case saiO exists. Technically, previous approaches utilized the behavior of the obfuscator on evasive functions, for which saiO always exists. We overcome this barrier by using a PRF as a ``baseline'' for the obfuscated program.
We broaden our study and consider relaxed notions of security for iO. We introduce the notion of correlation obfuscation, where the obfuscations of equivalent circuits only need to be mildly correlated (rather than statistically indistinguishable). Perhaps surprisingly, we show that correlation obfuscators exist via a trivial construction for some parameter regimes, whereas our impossibility result extends to other regimes. Interestingly, within the gap between the parameters regimes that we show possible and impossible, there is a small fraction of parameters that still allow to build public-key encryption from one-way functions and thus deserve further investigation.
Qian Guo, Thomas Johansson
Yuval Yarom, Daniel Genkin, Nadia Heninger
Their work laid the foundation for the vibrant research field of public-key cryptography, established cryptology as a discipline of its own, and protects the daily communication and businesses of billions of people today.
We are proud of their achievement and thrilled to stand on their shoulders.
The International Association for Cryptologic Research
Christian Cachin, President