IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
27 July 2017
Rotem Tsabary
In this work we start by showing that these two notions are in fact equivalent. The first implication of this equivalence is a new lattice-based ABS scheme for polynomial-depth circuits, based on the HS construction of Gorbunov, Vaikuntanathan and Wichs (GVW; STOC 2015).
We then construct a new ABS candidate from a worst case lattice assumption (SIS), with different parameters. Using our equivalence again, now in the opposite direction, our new ABS implies a new lattice-based HS scheme with different parameter trade-off, compared to the aforementioned GVW.
Helger Lipmaa, Kateryna Pavlyk
Donghoon Chang, Sweta Mishra, Somitra Kumar Sanadhya, Ajit Pratap Singh
Bailey Kacsmar, Sarah Plosker, Ryan Henry
Jacqueline Brendel, Denise Demirel
Ahmad Akmal Aminuddin Mohd Kamal, Keiichi Iwamura
Hassan Qahur Al Mahri, Leonie Simpson, Harry Bartlett, Ed Dawson, Kenneth Koon-Ho Wong
Huang Zhang, Fangguo Zhang, Haibo Tian, Man Ho Au
Le Trieu Phong, Yoshinori Aono, Takuya Hayashi, Lihua Wang, Shiho Moriai
Our system is a bridge between deep learning and cryptography: we utilise stochastic gradient descent (SGD) applied to neural networks, in combination with additively homomorphic encryption. We show that our usage of encryption adds tolerable overhead to the ordinary deep learning system.
Shafi Goldwasser, Saleet Klein, Daniel Wichs
Encryption with invisible edits is an encryption scheme with two tiers of users: "privileged" and "unprivileged". Privileged users know a key pair $(pk, sk)$ and "unprivileged" users know a key pair $(pk_e, sk_e)$ which is associated with an underlying edit $e$ to be applied to messages encrypted. Each key pair on its own works exactly as in standard public-key encryption, but when an unprivileged user attempts to decrypt a ciphertext generated by a privileged user of an underlying plaintext $m$, it will be decrypted to an edited $m' = Edit(m,e)$. Here, $Edit$ is some supported edit function and $e$ is a description of the particular edit to be applied. For example, we might want the edit to overwrite several sensitive blocks of data, replace all occurrences of one word with a different word, airbrush an encrypted image, etc. A user shouldn't be able to tell whether he's an unprivileged or a privileged user.
An encryption with deniable edits is an encryption scheme which allows a user who owns a ciphertext $c$ encrypting a large corpus of data $m$ under a secret key $sk$, to generate an alternative but legitimate looking secret key $sk_{e,c}$ that decrypts $c$ to an "edited" version of the data $m'=Edit(m,e)$. This generalizes classical receiver deniable encryption, which can be viewed as a special case of deniable edits where the edit function performs a complete replacement of the original data. The new flexibility allows us to design solutions with much smaller key sizes than required in classical receiver deniable encryption, and in particular allows the key size to only scale with the description size of the edit $e$ which can be much smaller than the size of the plaintext data $m$.
We construct encryption schemes with deniable and invisible edits for any polynomial-time computable edit function under minimal assumptions: in the public-key setting we only require the existence of standard public-key encryption and in the symmetric-key setting we only require the existence of one-way functions.
The solutions to both problems use common ideas, however there is a significant conceptual difference between deniable edits and invisible edits. Whereas encryption with deniable edits enables a user to modify the meaning of a single ciphertext in hindsight, the goal of encryption with invisible edits is to enable ongoing modifications of multiple ciphertexts.
Paul Rösler, Christian Mainka, Jörg Schwenk
In this paper, we investigate group communication security mechanisms of three main SIM applications: Signal, WhatsApp, and Threema. We first provide a comprehensive and realistic attacker model for analyzing group SIM protocols regarding security and reliability. We then describe and analyze the group protocols used in Signal, WhatsApp, and Threema. By applying our model, we reveal multiple weaknesses, and propose generic countermeasures to enhance the protocols regarding the required security and reliability goals. Our systematic analysis reveals that (1) the communications integrity represented by the integrity of all exchanged messages and (2) the groups closeness represented by the members ability of managing the group are not end-to-end protected.
We additionally show that strong security properties, such as Future Secrecy which is a core part of the one-to-one communication in the Signal protocol, do not hold for its group communication.
Vasyl Ustimenko
26 July 2017
Haifa, Israel, 10 September - 14 September 2017
25 July 2017
Intelligent Voice Ltd, London City, UK
The cloud offers an ideal opportunity for storing large volumes of data. However, the storage of sensitive data such as speech in plain text format on the cloud is not permitted in many industry sectors such as finance, health care etc. Hence speech data should be encrypted before storage on the cloud, and because it contains biometric identifiers it must remain encrypted. The challenge then is to search over large amounts of encrypted speech and return encrypted search results that can be decrypted by the user only. Intelligent Voice are providers of the world\'s fastest speech to text engine, and we are looking for a talented researcher in semantic security and searchable encryption to join our research team. This post builds on existing research within Intelligent Voice on Searchable and Homomorphic cryptographic protocols for speech processing.
Applicants should have already completed, or be close to completing, a PhD in computer science, mathematics, or a related discipline. Applicants should have an excellent research track record demonstrated by publications at major cryptography/security venues, and should have significant experience in the design and deployment of cryptographic protocols.
To apply please send your CV (with publication list), a 1-page cover letter, and the names of at least two people who can provide reference letters (e-mail).
Closing date for applications: 31 August 2017
Contact: Gérard Chollet, Head of Research, Intelligent Voice Ltd
St Clare House, 30-33 Minories, London EC3N 1BP
gerard.chollet(at)intelligentvoice.com
Phone: +44 20 3627 2670
More information: http://www.intelligentvoice.com/
Xi'an, China, 3 November - 5 November 2017
Notification: 15 September 2017
Sebastian Faust, Vincent Grosso, Santos Merino Del Pozo, Clara Paglialonga, François-Xavier Standaert
Abhinav Aggarwal, Varsha Dani, Thomas P. Hayes, Jared Saia
We show that this is possible, even when $L$, the number of bits sent in $\pi$, and $T$, the number of bits flipped by the adversary are not known in advance. In particular, we show how to create a robust version of $\pi$ that 1) fails with probability at most $\delta$, for any $\delta > 0$; and 2) sends $\tilde{O}(L+T)$ bits, where the $\tilde{O}$ notation hides a $\log(nL/\delta)$ term multiplying $L$.
Additionally, we show how to improve this result when the average message size $\alpha$ is not constant. In particular, we give an algorithm that sends $O(L(1 + (1/\alpha) \log(nL/\delta) + T )$ bits. This algorithm is adaptive in that it does not require a priori knowledge of $\alpha$. We note that if $\alpha$ is $\Omega (log(nL/\delta))$, then this improved algorithm sends only $O(L + T)$ bits, and is therefore within a constant factor of optimal.