IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
01 May 2016
Michel Abdalla, Mariana Raykova, Hoeteck Wee
Gorjan Alagic, Anne Broadbent, Bill Fefferman, Tommaso Gagliardoni, Christian Schaffner, Michael St. Jules
In this direction, we establish quantum versions of several fundamental classical results. First, we develop natural definitions for private-key and public-key encryption schemes for quantum data. We then define notions of semantic security and indistinguishability, and, in analogy with the classical work of Goldwasser and Micali, show that these notions are equivalent. Finally, we construct secure quantum encryption schemes from basic primitives. In particular, we show that quantum-secure one-way functions imply IND-CCA1-secure symmetric-key quantum encryption, and that quantum-secure trapdoor one-way permutations imply semantically-secure public-key quantum encryption.
Pooya Farshim, Arno Mittelbach
We show both negative and positive feasibility results for ICEs. On the negative side, we demonstrate ICE attacks on the HMAC and NMAC constructions. On the positive side we show that: 1) ROs are indeed ICE secure, thereby confirming the structural soundness of our definition and enabling a finer layered approach to protocol design in the RO model; and 2) a modified version of Liskov's Zipper Hash is ICE secure with respect to an underlying fixed- input-length RO, for appropriately restricted classes of adversaries. This brings the first result closer to practice by moving away from variable-input- length ROs. Our security proofs employ techniques from indifferentiability in multi-stage settings.
Sumanta Sarkar, Siang Meng Sim
Jung Hee Cheon, Andrey Kim, Miran Kim, Yongsoo Song
Santos Merino Del Pozo, François-Xavier Standaert
Yi LU, Yvo DESMEDT
Zvika Brakerski, Or Dagmi
However, the security properties of the current candidate graded encoding schemes are not well understood, and new attacks frequently introduced. It is therefore important to assume as little as possible about the security of the graded encoding scheme, and use as conservative security models as possible. This often comes at a cost of reducing the efficiency or the functionality of the obfuscator.
In this work, we present a candidate obfuscator, based on composite-order graded encoding schemes, which obfuscates circuits directly a la Zimmerman (Eurocrypt 2015) and Applebaum-Brakerski (TCC 2015). Our construction requires a graded encoding scheme with only $3$ ``plaintext slots'' (= sub-rings of the underlying ring), which is directly related to the size and complexity of the obfuscated program. We prove that our obfuscator is superior to previous works in two different security models.
1. We prove that our obfuscator is indistinguishability-secure (iO) in the \emph{Unique Representation Generic Graded Encoding} model. Previous works either required a composite-order scheme with polynomially many slots, or were provable in a milder security model. This immediately translates to a polynomial improvement in efficiency, and shows that improved security does not come at the cost of efficiency in this case.
2. Following Badrinarayanan et al.\ (Eurocrypt 2016), we consider a model where finding any ``non-trivial'' encoding of zero breaks the security of the encoding scheme. We show that, perhaps surprisingly, secure obfuscation is possible in this model even for some classes of \emph{non-evasive functions} (for example, any class of conjunctions). We define the property required of the function class, formulate an appropriate (generic) security model, and prove that our aforementioned obfuscator is virtual-black-box (VBB) secure in this model.
Lisa Kohl
R\'emi Bazin, Alexander Schaub, Omar Hasan, Lionel Brunie
28 April 2016
Nina Bindel, Johannes Buchmann, Juliane Krämer
Li Lin, Wenling Wu, Yafei Zheng
Craig Costello, Patrick Longa, Michael Naehrig
Chen-Mou Cheng, Tung Chou, Ruben Niederhagen, Bo-Yin Yang
Under reasonable assumptions, the best way to solve generic MQ systems is the XL algorithm implemented with a sparse matrix solver such as Wiedemann's algorithm. Knowing how much time an implementation of this attack requires gives us a good idea of how future cryptosystems related to MQ can be broken, similar to how implementations of the General Number Field Sieve that factors smaller RSA numbers give us more insight into the security of actual RSA-based cryptosystems.
This paper describes such an implementation of XL using the block Wiedemann algorithm. In 5 days we are able to solve a system with 32 variables and 64 equations over $\mathbb{F}_{16}$ (a computation of about $2^{60.3}$ bit operations) on a small cluster of 8 nodes, with 8 CPU cores and 36 GB of RAM in each node. We do not expect system solvers of the F$_4$/F$_5$ family to accomplish this due to their much higher memory demand. Our software also offers implementations for $\mathbb{F}_{2}$ and $\mathbb{F}_{31}$ and can be easily adapted to other small fields. More importantly, it scales nicely for small clusters, NUMA machines, and a combination of both.
Eric Verheul, Bart Jacobs, Carlo Meijer, Mireille Hildebrandt, Joeri de Ruiter
Polymorphic encryption is a new cryptographic technique that solves these problems. Together with the associated technique of polymorphic pseudonymisation new security and privacy guarantees can be given which are essential in areas such as (personalised) healthcare, medical data collection via self-measurement apps, and more generally in privacy-friendly identity management and data analytics.
The key ideas of polymorphic encryption are: 1. Directly after generation, data can be encrypted in a `polymorphic' manner and stored at a (cloud) storage facility in such a way that the storage provider cannot get access. Crucially, there is no need to a priori fix who gets to see the data, so that the data can immediately be protected.
For instance a PEP-enabled self-measurement device will store all its measurement data in polymorphically encrypted form in a back-end data base.
2. Later on it can be decided who can decrypt the data. This decision will be made on the basis of a policy, in which the data subject should play a key role.
The user of the PEP-enabled device can, for instance, decide that doctors $X,Y,Z$ may at some stage decrypt to use the data in their diagnosis, or medical researcher groups $A, B, C$ may use it for their investigations, or third parties $U,V,W$ may use it for additional services, etc.
3. This `tweaking' of the encrypted data to make it decryptable by a specific party can be done in a blind manner. It will have to be done by a trusted party who knows how to tweak the ciphertext for whom.
This PEP technology can provide the necessary security and privacy infrastructure for big data analytics. People can entrust their data in polymorphically encrypted form, and each time decide later to make (parts of) it available (decryptable) for specific parties, for specific analysis purposes. In this way users remain in control, and can monitor which of their data is used where by whom for which purposes.
The polymorphic encryption infrastructure can be supplemented with a pseudonymisation infrastructure which is also polymorphic, and guarantees that each individual will automatically have different pseudonyms at different parties and can only be de-pseudonymised by participants (like medical doctors) who know the original identity.
This white paper provides an introduction to Polymorphic Encryption and Pseudonymisation (PEP), at different levels of abstraction, focusing on health care as application area. It contains a general description of PEP, explaining the basic functionality for laymen, supplemented by a clarification of the legal framework provided by the upcoming General Data Protection Regulation (GDPR) of the European Union. The paper also contains a more advanced, mathematically oriented description of PEP, including the underlying cryptographic primitives, key and pseudonym managment, interaction protocols, etc. This second part is aimed at readers with a background in computer security and cryptography. The cryptographic basis for PEP is ElGamal public key encryption, which is well-known since the mid 1980s. It is the way in which this encryption is used --- with re-randomisation, re-keying and re-shuffling --- that is new.
The PEP framework is currently elaborated into an open design and open source (prototype) implementation at Radboud University in Nijmegen, The Netherlands. The technology will be used and tested in a real-life medical research project at the Radboud University Medical Center.
26 April 2016
AET Europe, Netherlands
You will be working on software for mobile platforms, mobile devices like iOS, Android, Windows and connected devices. Your projects are designing and implementing cryptography in our software solutions that are resilient against real world attacks. This will include the analysis of cryptographic implementations embedded in AET’s solutions under evaluation. You will also provide technical expertise in applied cryptography.
What you bring
We’re looking for an Applied Cryptographer / PKI developer who is passionate (like us) about software development and not afraid to pioneer new approaches, techniques and technologies. The ideal candidate will have a passion for implementing solutions to complex security problems with a keen understanding of information security challenges and an up-to-date awareness of information security threats.
You will need to have the following qualifications and experience:
- Has a Bachelor or Master degree in IT, Math or other related degree,
- Deep knowledge of applied cryptography and PKI,
- Ability to combine market and technology topics to find technical solutions in complex environments.
Other areas of knowledge and experience that would be considered key assets:
- Programming languages: C/C++, Java,
- An understanding of modern computer architectures and information technology architectures including cloud computing,
- Platforms like iOS, Android, Windows or Linux,
- Smart cards, sims and/or HSMs,
If you are interested in this opportunity and feel that you have the relevant skills, qualifications and experience as a Applied Cryptographer / PKI developer please send your resume to hrm (at) aeteurope.com
Closing date for applications: 31 December 2017
Contact: We can understand you want to know more about the job, your colleagues or the company of AET. Don’t hesitate to give us a call at +31 26 365 3350. Ask for Bert Smit, Development Manager.
We are looking forward to getting to know you!
More information: https://www.aeteurope.com
25 April 2016
AIT Austrian Institute of Technology, Vienna, Austria
We are looking for a research scientist or post-doc in cryptography to work on novel cryptographic concepts for emerging ICT domains (e.g. cloud computing or cyber physical systems). Ideally you have experience in fields like modern public-key cryptography, distributed cryptography, privacy enhancing technologies, or multi-party computation. You will be involved in EU research projects and advance/improve cryptography for secure and privacy preserving cloud based systems. Ideally you have also experience in software development and prototyping.
Further infos:
- Direct job posting: http://www.ait.ac.at/fileadmin/inserate/Jobs/Science/Scientist_for_Applied_Crypthography.pdf
- AIT Digital Safety & Security Department: http://www.ait.ac.at/departments/digital-safety-security
Closing date for applications: 30 June 2016
Contact:
- Thomas Loruenser, Department Digital Safety & Security, AIT Austrian Institute of Technology, or
- Maria Leonhard-Maurer, Head of Human Resources, E-Mail: maria.leonhard-maurer (at) ait.ac.at
More information: http://www.ait.ac.at/fileadmin/inserate/Jobs/Science/Scientist_for_Applied_Crypthography.pdf