IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
09 September 2016
University of Edinburgh
Job PostingApplications for the post of a postdoctoral research associate are sought in applied cryptography and computer security with emphasis on blockchain technology and cryptocurrencies.
The post is full time and is available from March 1st, 2017, or a mutually agreed start date, for a 24 month fixed contract. An earlier start might be available.
The position is funded by EPSRC project OXCHAIN. The OXCHAIN project seeks to use distributed ledger technology to provide a secure platform for the emerging circular economy and demonstrate it through addressing specific challenges in the operation of the UK-based charity Oxfam.
The position to be filled will be a critical one in the project and will be tasked with the design, analysis and implementation of a novel blockchain system with suitable characteristics to support the development of an internal token economy. The researcher will also maintain a strong connection with other OXCHAIN team members that focus on design aspects and are tasked with the user experience dimension of the project.
Essential qualifications include a Ph.D. in Computer Science and a good understanding of both theoretical and applied concepts in computer security, cryptography, software engineering, distributed systems, peer to peer networks. Desired qualifications include familiarity with cryptocurrencies.
Closing date for applications: 1 March 2017
Contact: Aggelos Kiayias, Chair in Cyber Security and Privacy University of Edinburgh Informatics Forum, Office 5.16, 10 Crichton St, Edinburgh Midlothian EH8 9AB, United Kingdom Tel. +44 (0) 131 6505129, akiayias (at) inf.ed.ac.uk
(please put OXCHAIN position in the e-mail subject)
Hong Kong Applied Science and Technology Research Institute Company Limited
Job PostingJob Responsibilities:
•To design and develop cryptographic protocols and schemes
•To design, analyze and implement cryptographic systems and related systems such as blockchain
•To study the latest cryptographic algorithms and protocols
Requirements:
•Master degree in computer science, electronic engineering or other relevant disciplines with 3+ years experience; less experience for PhD holders.
•Experience on cryptographic system design and cryptanalysis
•Deep knowledge on number theory and security proofs
•Hands-on experience with C/C++ and Java
•Preferably having experiences on using cryptographic libraries such as OpenSSL, MIRACL, PBC, etc.
•Experience on developing cloud computing systems an advantage, but not a must
•Strong interpersonal and communications skills
•Good command of both written and spoken English and Chinese
Closing date for applications: 15 September 2016
Contact: charlenechoo (at) astri.org
More information: http://www.astri.org/careers/work-at-astri/jobs/software-engineer-applied-cryptography/
Worcester Polytechnic Institute, USA
Job PostingSpecific topics include:
* Cache-based side-channel attacks; analysis and countermeasures
* Physical fault and side channel analysis and countermeasures
* Secure embedded system design
Candidates should have a strong background in electronics, computer science or applied mathematics with interest in algorithms, computer architecture, and signal processing. Prior experience in software or hardware development, code analysis and code generation and/or signal processing is an asset.
We offer a competitive salary and an international cutting-edge research program in an attractive working environment. WPI is a highly-ranked research university in the Boston area, and offers the opportunity to collaborate with world-class faculty and students in a collegial environment. We maintain close connections with surrounding universities and companies.
Candidates can start as early as January.
Closing date for applications: 1 October 2016
Contact: Thomas Eisenbarth
teisenbarth (at) wpi.edu
More information: http://v.wpi.edu/positions/
08 September 2016
Steven D. Galbraith, Christophe Petit, Barak Shani, Yan Bo Ti
ePrint ReportOur paper therefore provides an improved understanding of the security of these cryptosystems. We stress that our work does not imply that these systems are insecure, or that they should not be used. However, it highlights that implementations of these schemes will need to take account of the risks associated with various active and side-channel attacks.
Qian Guo, Thomas Johansson, Paul Stankovski
ePrint ReportIn this work we present a very efficient key recovery attack on the QC-MDPC scheme using the fact that decryption uses an iterative decoding step and this can fail with some small probability. We identify a dependence between the secret key and the failure in decoding. This can be used to build what we refer to as a distance spectrum for the secret key, which is the set of all distances between any two ones in the secret key. In a reconstruction step we then determine the secret key from the distance spectrum. The attack has been implemented and tested on a proposed instance of QC-MDPC for 80 bit security. It successfully recovers the secret key in minutes.
A slightly modified version of the attack can be applied on proposed versions of the QC-MDPC scheme that provides IND-CCA security. The attack is a bit more complex in this case, but still very much below the security level. The reason why we can break schemes with proved CCA security is that the model for these proofs typically does not include the decoding error possibility.
Zejun Xiang, Wentao Zhang, Zhenzhen Bao, Dongdai Lin
ePrint ReportFirstly, we study how to model division property propagations of three basic operations (copy, bitwise AND, XOR) and an Sbox operation by linear inequalities, based on which we are able to construct a linear inequality system which can accurately describe the division property propagations of a block cipher given an initial division property. Secondly, by choosing an appropriate objective function, we convert a search algorithm under Todo's framework into an MILP problem, and we use this MILP problem appropriately to search integral distinguishers. As an application of our technique, we have searched integral distinguishers for SIMON, SIMECK, PRESENT, RECTANGLE, LBlock and TWINE. Our results show that we can find 14-, 16-, 18-, 22- and 26-round integral distinguishers for SIMON32, 48, 64, 96 and 128 respectively. Moreover, for two SP-network lightweight block ciphers PRESENT and RECTANGLE, we found 9-round integral distinguishers for both ciphers which are two more rounds than the best integral distinguishers in the literature. For LBlock and TWINE, our results are consistent with the best known ones with respect to the longest distinguishers.
07 September 2016
Ronald L. Rivest, Jacob C. N. Schuldt
ePrint ReportOur work leverages the considerable cryptanalytic work done on the original RC4 and its proposed variants. It also uses simulations extensively to search for biases and to guide the selection of intermediate expressions.
We estimate that Spritz can produce output with about 24 cycles/byte of computation. Furthermore, our statistical tests suggest that about $2^{81}$ bytes of output are needed before one can reasonably distinguish Spritz output from random output; this is a marked improvement over RC4. [Footnote: However, see Appendix F for references to more recent work that suggest that our estimates of the work required to break Spritz may be optimistic.] In addition, we formulate Spritz as a ``sponge (or sponge-like) function,'' (see Bertoni et al.), which can ``Absorb'' new data at any time, and from which one can ``Squeeze'' pseudorandom output sequences of arbitrary length. Spritz can thus be easily adapted for use as a cryptographic hash function, an encryption algorithm, or a message-authentication code generator. (However, in hash-function mode, Spritz is rather slow.)
Douglas R. Stinson, Ruizhong Wei
ePrint ReportMatthias Hiller, Michael Pehl, Gerhard Kramer, Georg Sigl
ePrint ReportTetsu Iwata, Kazuhiko Minematsu
ePrint ReportArnold Neumaier, Damien Stehle
ePrint ReportIvica Nikolic, Yu Sasaki
ePrint ReportConor Patrick, Bilgiday Yuce, Nahid Farhady Ghalaty, Patrick Schaumont
ePrint ReportKartik Nayak, Ling Ren, Ittai Abraham, Benny Pinkas
ePrint ReportLinfeng Zhou
ePrint ReportIn this work, we show a generic transformation from weakly selective secure functional encryption to selectively secure functional encryption and this transformation preserves the compactness of the \(\mathsf{FE}\) scheme. This result is given by reusing techniques in (Ananth et al., CRYPTO 2015) through a modified approach. Furthermore, combining recent results, we remark that this result gives an alternative approach of recent work by Garg and Srinivasan (ePrint 2016/524). Namely, a single-key weakly selective secure functional encryption scheme, whose ciphertext size is _sublinear_ in the size of the function for which the functional key is issued, implies all other notions of functional encryption generically.
Jianwei Li
ePrint ReportTo the best of our knowledge, this is the first sound study of SRP. Our work provides a new perspective on both the quality limits of lattice reduction algorithms and complexity estimates of enumeration algorithms.
Onur Demir, Wenjie Xiong, Faisal Zaghloul, Jakub Szefer
ePrint Report06 September 2016
Felix Heuer, Bertram Poettering
ePrint ReportKamalesh Acharya, Ratna Dutta
ePrint ReportShuichi Katsumata, Shota Yamada
ePrint Report- Our first scheme is proven secure under the ring learning with errors (RLWE) assumption and achieves the best asymptotic space efficiency among existing schemes from the same assumption. The main technical contribution is in our new security proof that exploits the ring structure in a crucial way. Our technique allows us to greatly weaken the underlying hardness assumption (e.g., we assume the hardness of RLWE with a fixed polynomial approximation factor whereas Yamada's scheme requires a super-polynomial approximation factor) while improving the overall efficiency.
- Our second IBE scheme is constructed on bilinear maps and is secure under the $3$-computational bilinear Diffie-Hellman exponent assumption. This is the first IBE scheme based on the hardness of a computational/search problem, rather than a decisional problem such as DDH and DLIN on bilinear maps with sub-linear public parameter size.