IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
18 April 2018
Jheyne N. Ortiz, Robson R. de Araujo, Ricardo Dahab, Diego F. Aranha, Sueli I. R. Costa
Leon Groot Bruinderink, Peter Pessl
Using linear algebra and lattice-basis reduction techniques, an attacker can extract one of the secret key elements after a successful fault injection. Some other parts of the key cannot be recovered, but we show that a tweaked signature algorithm can still successfully sign any message. We provide experimental verification of our attacks by performing clock glitching on an ARM Cortex-M4 microcontroller. In particular, we show that up to 65.2% of the execution time of Dilithium is vulnerable to an unprofiled attack, where a random fault is injected anywhere during the signing procedure and still leads to a successful key-recovery.
Nicola Tuveri, Billy B. Brumley
In this paper, focusing on OpenSSL as a de-facto standard, we analyze these limits, their impact on the security of modern systems, and their significance for researchers.
We propose the OpenSSL ENGINE API as a tool in a framework to overcome these limits, describing how it fits in the OpenSSL architecture, its features, and a technical review of its internals.
We evaluate our methodology by instantiating libsuola, a new ENGINE providing support for emerging cryptographic standards such as X25519 and Ed25519 for currently deployed versions of OpenSSL, performing benchmarks to demonstrate the viability and benefits.
The results confirm that the ENGINE API offers (1) an ideal architecture to address wide-ranging security concerns; (2) a valuable tool to enhance future research by easing testing and facilitating the dissemination of novel results in real-world systems; and (3) a means to bridge the gaps between research results and currently deployed systems.
Xin Li
In this paper, we introduce a set of new techniques to further push the frontier in the above questions. Our techniques lead to improvements in all of the above questions, and in several cases partially optimal constructions. This is in contrast to all previous work, which only obtain close to optimal constructions. Specifically, we obtain:
1. A seeded non-malleable extractor with seed length $O(\log n)+\log^{1+o(1)}(1/\epsilon)$ and entropy requirement $O(\log \log n+\log(1/\epsilon))$, where the entropy requirement is asymptotically optimal by a recent result of Gur and Shinkar [GurS17];
2. A two-round privacy amplification protocol with optimal entropy loss for security parameter up to $\Omega(k)$, which solves the privacy amplification problem completely;
3. A two-source extractor for entropy $O(\frac{\log n \log \log n}{\log \log \log n})$, which also gives an explicit Ramsey graph on $N$ vertices with no clique or independent set of size $(\log N)^{O(\frac{\log \log \log N}{\log \log \log \log N})}$; and
4. The first explicit non-malleable code in the $2$-split state model with constant rate, which has been a major goal in the study of non-malleable codes for quite some time. One small caveat is that the error of this code is only (an arbitrarily small) constant, but we can also achieve negligible error with rate $\Omega(\log \log \log n/\log \log n)$, which already improves the rate in [Li17] exponentially.
We believe our new techniques can help to eventually obtain completely optimal constructions in the above questions, and may have applications in other settings.
Kai-Min Chung, Marios Georgiou, Ching-Yi Lai, Vassilis Zikas
In this work we introduce the concept of {\em dispensable cryptographic backdoors} which can be used only once and become useless after that. These exotic primitives are impossible in the classical digital world without stateful and secure trusted hardware support, but, as we show, are feasible assuming quantum computation and access to classical stateless hardware tokens.
Concretely, we construct a dispensable (single-use) version of message authentication codes, and use them to derive a black-box construction of stateful hardware tokens in the above setting with quantum computation and classical stateless hardware tokens. This can be viewed as a generic transformation from stateful to stateless tokens and enables, among other things, one-time programs and memories.
We then use the latter primitives to propose a resolution to the most prominent recent legislative push in favor of backdooring cryptography: the conflict between Apple and FBI last year. We show that it is possible for Apple to create a one-time backdoor which unlocks any single device, and no more than one, i.e., the backdoor becomes useless after it is used. We further describe how to use our ideas to derive a version of CCA-secure public key encryption, which is accompanied with a dispensable (i.e, single-use, as in the above scenario) backdoor.
Miloslav Homer
Phuong Ha Nguyen, Durga Prasad Sahoo, Chenglu Jin, Kaleel Mahmood, Ulrich Rührmair, Marten van Dijk
Joanne Woodage, Dan Shumow
Dimaz Ankaa Wijaya, Joseph Liu, Ron Steinfeld, Dongxi Liu
17 April 2018
University of Edinburgh
Worried about surveillance? Imagining a world in which all data is encrypted? Concerned about mistakes in security proofs and bugs in software? Curious about what blockchain technology will look like after the crypto-currency bubble?
At the University of Edinburgh we design distributed cryptographic techniques to protect user\'s online privacy, based on scientific principles using mathematical proofs. A core enabling component is IOHK‘s Cardano blockchain.
Join as a Postdoc or PhD to work on privacy and anonymity, zero-knowledge and multi-party computation. Multiple positions are available. To apply, send your CV with a cover letter and two letters of recommendation. The positions are available until filled.
Contact: Markulf Kohlweiss, mkohlwei (at) ed.ac.uk, https://homepages.inf.ed.ac.uk/mkohlwei/
More Information:
* University of Edinburgh: http://web.inf.ed.ac.uk/security-privacy
* IOHK: https://iohk.io/
Closing date for applications: 31 May 2018
16 April 2018
Stanislaw Jarecki, Boyang Wei
In this paper we bridge the gap between MPC ORAM and client-server ORAM by showing a specialized 3PC ORAM protocol, i.e. MPC ORAM for 3 parties tolerating 1 fault, which uses only symmetric ciphers and asymptotically matches client-server Path-ORAM in round complexity and for large records also in bandwidth.
Our 3PC ORAM also allows for fast pipelined processing: With post- poned clean-up it processes b=O(log n) accesses in O(b+log n) rounds with O(D+poly(log n)) bandwidth per item, where D is record size.
Rishab Goyal, Venkata Koppula, Brent Waters
Mamunur Rashid Akand, Reihaneh Safavi-Naini
Andrea Cerulli, Emiliano De Cristofaro, Claudio Soriente
In a first step to address this problem, this paper presents and studies the concept of Reactive PSI (RePSI). We model PSI as a reactive functionality, whereby the output depends on previous instances, and use it to limit the effectiveness of oracle attacks. We introduce a general security model for RePSI in the (augmented) semi-honest model and a construction which enables the server to control how many inputs have been used by the client across several executions. In the process, we also present the first construction of a Size-Hiding PSI (SHI-PSI) protocol in the standard model, which may be of independent interest.
Duc Viet Le, Mahimna Kelkar, Aniket Kate
We see this work as the first step towards realizing flexible-security cryptographic primitives. Beyond flexible signatures, our flexible-security conceptualization offers an interesting opportunity to build similar primitives in the asymmetric as well as symmetric cryptographic domains. Apart from being theoretically interesting, these flexible security primitives can be of particular interest to real-time systems as well as the Internet of things: rigid all-or-nothing guarantees offered by the traditional cryptographic primitives have been particularly unattractive to these unpredictably resource-constrained
Ralph Ankele, Florian Böhl, Simon Friedberger
William Diehl, Abubakr Abdulgadir, Farnoud Farahmand, Jens-Peter Kaps, Kris Gaj
Johannes Bl\"{o}mer, Jan Bobolz
Thomas Debris-Alazard , Jean-Pierre Tillich
15 April 2018
Intuit Inc., Mountain View, CA and Hod Hasharon, Israel
Responsibilities:
- Participate in driving internal key management and encryption services, providing the business units with the best cryptography while keeping a complex and widespread system secure
- Use the latest research and conduct original research to allow operations over encrypted data, where the data is highly sensitive and solutions need to scale to a very high volume of concurrent transactions
- Validate newly developed cryptographic protocols using both manual proofs and automated formal verification
- Publish regularly as an active participant in the academic cryptographic community, and ensure Intuit is up to date on the latest cryptographic research
- Cooperate with engineering teams to ensure quality implementation of cryptographic protocols
- Work across a diverse and geographically distributed team, maintaining excellent communication and trust
Qualifications
- PhD from a credible institution with a focus on cryptography
- At least 3 years of experience working with industry in the cryptography domain
- At least 2 years of experience designing and developing software
- Proven experience with security issues outside of cryptography is highly desired
- Candidates should possess strong written and oral communication skills
- Demonstrated experience with developing partnerships to influence across organizational boundaries
The preferred location for this position is either Hod Hasharon, Israel or Mountain View, CA, however we are willing to consider other locations.
Closing date for applications: 15 August 2018
Contact: Yaron Sheffer, Director, Security Technologies Product Development, yaron_sheffer at intuit.com.
More information: https://careers.intuit.com/job-category/1/software-engineering/job/00132574/principal-cryptography-researcher