IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
15 March 2016
Gunnar Hartung
ePrint ReportOscar Reparaz
ePrint ReportIn this paper, we report on a method to verify the soundness of a masking scheme before implementing it on a device. We show that by instrumenting a high-level implementation of the masking scheme and by applying leakage detection techniques, a system designer can quickly assess at design time whether the masking scheme is flawed or not, and to what extent. Our method requires not more than working high-level source code and is based on simulation. Thus, our method can be used already in the very early stages of design. We validate our approach by spotting in an automated fashion first-, second- and third-order flaws in recently published state-of-the-art schemes in a matter of seconds with limited computational resources. We also present a new second-order flaw on a table recomputation scheme, and show that the approach is useful when designing a hardware masked implementation.
14 March 2016
CloudFlare, Inc. / San Francisco
Job PostingCandidates will have extensive experience in implementing real-world cryptographic protocols such as TLS. Substantial contributions to cryptographic software such as OpenSSL are preferred. Experience in Go, C, and assembly are required. Cryptography Engineers are expected to be familiar with the nuances of implementing public-key cryptography (PKI), side-channel attacks, padding oracles, constant-time implementations, and have deep domain knowledge.
Requirements
- B.S. or M.S. Computer Science or related field, or equivalent experience
- Experience building security in a fast-paced, web-scale environment
- Advance knowledge of networking protocols - TCP/IP, DNS, SMTP, BGP etc.
- In-depth knowledge of authentication protocols, applied cryptography, PKI and SSL/TLS
- Proficiency in these languages - Go, C, and x86/amd64 assembly
- Knowledge of the latest attack trends, tools and the threat landscape
- Proven track record of independently driving security projects in a fast-paced environment
- Excellent communication skills on both technical and non-technical issues
- Substantial contributions to cryptography software such as OpenSSL
- Experience with high throughput/low latency real-time systems and/or content delivery networks
Closing date for applications: 15 June 2016
Contact: https://careers.jobscore.com/careers/cloudflare/jobs/cryptography-engineer-c0wW9i590r5BqSeMg-44q7
More information: https://careers.jobscore.com/careers/cloudflare/jobs/cryptography-engineer-c0wW9i590r5BqSeMg-44q7
Karlstad, Sweden, 21 August - 26 August 2016
Event CalendarSubmission deadline: 22 April 2016
Notification: 6 May 2016
Prabhanjan Ananth, Aayush Jain, Moni Naor, Amit Sahai, Eylon Yogev
ePrint ReportA {\em combiner} for a cryptographic primitive takes several candidate constructions of the primitive and outputs one construction that is as good as any of the input constructions. Furthermore, this combiner must be efficient: the resulting construction should remain polynomial-time even when combining polynomially many candidate. Combiners are especially important for a primitive where there are several competing constructions whose security is hard to evaluate, as is the case for indistinguishability obfuscation (IO) and witness encryption (WE).
One place where the need for combiners appears is in design of a {\em universal construction}, where one wishes to find ``one construction to rule them all": an explicit construction that is secure if {\em any} construction of the primitive exists.
In a recent paper, Goldwasser and Kalai posed as a challenge finding universal constructions for indistinguishability obfuscation and witness encryption. In this work we resolve this issue: we construct universal schemes for IO, and for witness encryption, and also resolve the existence of combiners for these primitives along the way. For IO, our universal construction and combiners can be built based on \emph{either} assuming DDH, or assuming LWE, with security against subexponential adversaries. For witness encryption, we need only one-way functions secure against polynomial time adversaries.
Pedro Maat C. Massolino, Lejla Batina, Ricardo Chaves, Nele Mentens
ePrint ReportHamza Abusalah, Georg Fuchsbauer
ePrint ReportAbusalah et al. recently constructed the first constrained PRF for inputs of arbitrary length whose sets $S$ are decided by Turing machines. They use their CPRF to build broadcast encryption and the first ID-based non-interactive key exchange for an unbounded number of users. Their constrained keys are obfuscated circuits and are therefore large.
In this work we drastically reduce the key size and define a constrained key for a Turing machine $M$ as a short signature on $M$. For this, we introduce a new signature primitive with constrained signing keys that let one only sign certain messages, while forging a signature on others is hard even when knowing the coins for key generation.
Xiong Fan, Feng-Hao Liu
ePrint ReportIn this work, we first point out a subtle but serious mistake in the security proof of the work by Kirshanova. This reopens the direction of lattice-based CCA-secure constructions, even in the single-hop setting. Then we propose a new LWE-based single-hop CCA-secure PRE scheme. Finally, we extend the construction to support multi-hop re-encryptions for different levels of security under different settings.
Xi-Jun Lin, Haipeng Qu, Xiaoshuai Zhang
ePrint ReportMarkku-Juhani O. Saarinen
ePrint Report12 March 2016
PARIS, FRANCE, 5 July - 7 July 2016
Event CalendarSubmission deadline: 17 April 2016
Notification: 27 May 2016
11 March 2016
Vienna, Austria, 29 August - 30 August 2016
Event CalendarSubmission deadline: 9 May 2016
Notification: 17 June 2016
Karlsruhe Institute of Technology
Job PostingQualification:
- Very good university degree (Master or equivalent) in Computer Science or Mathematics.
- Solid background in provable security, e.g., demonstrated by excellent grades in corresponding postgraduate courses or by publications.
- Self-motivation, team spirit, and willingness to work in interdisciplinary projects.
KIT is an equal opportunity employer. Women are especially encouraged to apply. Applicants with disabilities will be preferentially considered if equally qualified.
Closing date for applications: 15 April 2016
Contact: Andy Rupp, Karlsruhe Institute of Technology, Institute of Theoretical Informatics, email: andy.rupp (at) kit.edu, phone: +49 721/608-41862.
More information: https://www.pse.kit.edu/downloads/stellenangebote/PhD_Student-ITI-CyPhyCrypt_V2-16-04-15.pdf
Eindhoven University of Technology. The Netherlands.
Job PostingA critical question now becomes how to hide secret data and algorithms in software that is running on a fully open platform. The challenge here is that an attacker should be assumed to have full access to and full control over the execution environment. This question is particular relevant for cryptographic keys. For hardware implementations, the protection of keys is a well-studied topic, and evaluation labs are well able to judge the security level of an implementation. For software, however, the evaluation of such solutions, called white-box implementations, is still in its infancy and evaluation labs are not yet able to rate their security level.
This project aims to improve our knowledge of white-box cryptography and white-box attacks to the point where certification of software security becomes meaningful.
We are looking for a candidate who meets the following requirements:
- Master degree in Computer Science, Mathematics, or another closely related discipline;
- an interest in computer security and cryptography
- knowledge of side-channel attacks on protected hardware (e.g. DPA, Fault injection) is a plus
- ability to work in a team, cooperate with industrial partners
- fluent in spoken and written English
Closing date for applications: 17 April 2016
Contact: prof.dr.ir. W.P.A.J. Michiels , email: w.p.a.j.michiels (at) tue.nl
More information: http://jobs.tue.nl/nl/vacature/phd-student-for-the-cowbois-project-256116.html
Bin Zhang, Lin Jiao, Mingsheng Wang
ePrint Report10 March 2016
University of Luxembourg
Job PostingRef: R-STR-5014-00B
Fixed Term Contract 3 year (CDD) full-time (40 hrs/week)
Probation: 6 months
Number of positions: 2
Your Role: The successful candidate will participate in the activities of the APSIA research group (http://apsia.uni.lu/) led by Prof. P. Y. A. Ryan. The group specializes in the mathematical foundations of information assurance.
Research Context: The positions are within a national partnership project about the design and the analysis of security of communication protocols for the encrypted exchange and storage of information. Such activities are meant to make it possible to assess rigorously the security of the protocols developed as components of a \'Privacy by Default\' product, and to instil security in the engineering processes from the design of the communication logic down to the implementation of the running code obtained by automatic translation. The analysis can be extended to ensure security to upper layers, including those interacting with the users.
Duties: Under the direction of a senior scientist research and a professor, the candidates will carry research, write scientific papers, present research results at conferences, collaborate with research partners, and write and defend a Ph.D. thesis.
Closing date for applications: 31 March 2016
Contact: Gabriele Lenzini, Peter Y A Ryan
More information: http://emea3.mrted.ly/z3hn
Simone Bossi, Andrea Visconti
ePrint ReportAndrea Visconti, Simone Bossi, Hany Ragab, Alexandro Calò
ePrint ReportYevgeniy Dodis, Shai Halevi, Ron D. Rothblum, Daniel Wichs
ePrint ReportMotivated by applications to delegating computations, Dwork, Langberg, Naor, Nissim and Reingold (unpublished manuscript, 2004) showed that a semantically secure scheme disallows signaling in this setting, meaning that $y_i$ cannot depend on $x_j$ for $j \neq i$ . On the other hand if the scheme is homomorphic then any local (component-wise) relationship is achievable, meaning that each $y_i$ can be an arbitrary function of $x_i$. However, there are also relationships which are neither signaling nor local. Dwork et al. asked if it is possible to have encryption schemes that support such ``spooky'' relationships. Answering this question is the focus of our work.
Our first result shows that, under the LWE assumption, there exist encryption schemes supporting a large class of ``spooky'' relationships, which we call additive function sharing (AFS) spooky. In particular, for any polynomial-time function $f$, Alice can ensure that $y_1,\ldots,y_n$ are random subject to $\sum_{i=1}^n y_i = f(x_1,\ldots,x_n)$. For this result, the public keys all depend on common public randomness. Our second result shows that, assuming sub-exponentially hard indistinguishability obfuscation (iO) (and additional more standard assumptions), we can remove the common randomness and choose the public keys completely independently. Furthermore, in the case of $n=2$ inputs, we get a scheme that supports an even larger class of spooky relationships.
We discuss several implications of AFS-spooky encryption. Firstly, it gives a strong counter-example to a method proposed by Aiello et al. (ICALP, 2000) for building arguments for NP from homomorphic encryption. Secondly, it gives a simple 2-round multi-party computation protocol where, at the end of the first round, the parties can locally compute an additive secret sharing of the output. Lastly, it immediately yields a function secret sharing (FSS) scheme for all functions.
We also define a notion of spooky-free encryption, which ensures that no spooky relationship is achievable. We show that any non-malleable encryption scheme is spooky-free. Furthermore, we can construct spooky-free homomorphic encryption schemes from SNARKs, and it remains an open problem whether it is possible to do so from falsifiable assumptions.