IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
14 May 2018
Handan Kılınç, Serge Vaudenay
ePrint ReportSonia Bela{\"i}d, Dahmun Goudarzi, Matthieu Rivain
ePrint ReportGaëtan Cassiers, François-Xavier Standaert
ePrint ReportBen Berger, Zvika Brakerski
ePrint ReportThe goal of this work is to initiate a study of Search Zero-Knowledge (search-ZK), the class of search problems for which such systems exist. This class trivially contains search problems where the validity of a solution can be efficiently verified (using a single message proof containing only the solution). A slightly less obvious, but still straightforward, way to obtain zero-knowledge proofs for search problems is to let the prover send a solution and prove in zero-knowledge that the instance-solution pair is valid. However, there may be other ways to obtain such zero-knowledge proofs, and they may be more advantageous.
In fact, we prove that there are search problems for which the aforementioned approach fails, but still search zero-knowledge protocols exist. On the other hand, we show sufficient conditions for search problems under which some form of zero-knowledge can be obtained using the straightforward way.
Ashish Choudhury, Gayathri Garimella, Arpita Patra, Divya Ravi, Pratik Sarkar
ePrint ReportBingsheng Zhang, Roman Oliynykov, Hamed Balogun
ePrint ReportBart Mennink
ePrint ReportGuowen Xu, Hongwei Li
ePrint ReportXavier Bonnetain, María Naya-Plasencia
ePrint ReportFirst, we have developped new algorithms that improve and generalize Kuperbergs algorithm for the hidden shift problem, which is the algorithm that applies instead of Simon when considering modular additions.
Thanks to our improved algorithm, we have been able to build a quantum attack in the superposition model on Poly1305, proposed at FSE 2005,largely used and claimed to be quantumly secure. We also answer an open problem by analyzing the effect of the tweak to the FX construction.
We have also generalized the algorithm. We propose for the first time a quantum algorithm for solving the problem with parallel modular additions, with a complexity that matches both Simon and Kuperberg in its extremes. We also propose a generic algorithm to solve the hidden shift problem in non-abelian groups.
In order to verify the theoretical analysis we performed, and to get concrete estimates of the cost of the algorithms, we have simulated them, and were able to validate our estimated complexities.
Finally, we analyze the security of some classical symmetric constructions with concrete parameters, to evaluate the impact and practicality of the proposed tweak, concluding that it does not seem to be efficient.
Osaka, Japan, 19 November - 21 November 2018
Event CalendarCalgary, Canada, 13 August - 14 August 2018
Event CalendarUniversity of Rome La Sapienza
Job PostingProfile
Candidates will hold a PhD from a leading research university, three years of research experience after PhD, and an appropriate record of publications in highly ranked international conferences and journals. Teaching experience is also positively considered.
Position
Successful candidates will be engaged in first-class research in the area of Cyber Security, will supervise Master Thesis and PhD students in their fields, will teach in the Master degree in Cyber Security at Sapienza University of Rome and in the degree of Computer Science Engineering, will be involved in collaborations with industry and public bodies, and will take an important role at the Inter-Departmental Research Center of Cyber Intelligence and Information Security (CIS) at Sapienza University of Rome. Appointments are full-time. The salary is competitive. We especially welcome expression of interests from female scholars.
Expression of Interest
People who are interested in this position should send the following to recruitment (at) diag.uniroma1.it:
1. Curriculum vitae
2. 3-page (max) research statement including the research program that the candidate intends to pursue while at Sapienza.
Expressions of interest should preferably be sent before the end of May 2018. For further information, please consult recruitment (at) diag.uniroma1.it
Closing date for applications: 31 May 2018
Technische Universität Darmstadt, Germany
Job PostingThe Department of Computer Science and the profile area CYSEC-Cybersecurity at TU Darmstadt seek a Lead for an independent junior research group in the field of cybersecurity and privacy research, to be the recipient of a
Claude Shannon Fellowship
The Claude Shannon Fellowship is part of the Department of Computer Science at TU Darmstadt and simultaneously anchored in the cybersecurity profile area (CYSEC) of TU Darmstadt. The position is initially limited to three years with a possible maximum of six years.
Fellows are given the opportunity to teach and to conduct independent research, and receive additional resources to establish a research group with 1-2 PhD students. The Claude-Shannon Fellowship program is based upon the DFG\'s Emmy Noether program and provides competitive personal compensation and access to resources comparable to those at the W1/W2 assistant professorship level. TU Darmstadt offers excellent working conditions in a vibrant scientific community, embedded in the outstanding living and research environment of the Rhine-Main metropolitan region.
For more information about the application procedure please consult the link below.
The Technische Universität Darmstadt intends to increase the number of female employees and encourages female candidates to apply. In case of equal qualifications applicants with a degree of disability of at least 50 or equal will be given preference. Wages and salaries are according to the collective agreements on salary scales, which apply to the Technische Universität Darmstadt (TV-TU Darmstadt). Part-time employment is generally possible.
Contact
Please send your application in a single pdf file to: Melanie Schöyen, Management Assistant CYSEC, E-mail: personal (at) cysec.de
Code. No. 184
Application deadline: May 20, 2018
Closing date for applications: 20 May 2018
Contact: Melanie Schöyen, Management Assistant CYSEC, E-mail: personal (at) cysec.de
More information: https://www.tu-darmstadt.de/karriere_planen/allgemeineausschreibung/stellen_details_267904.en.jsp
11 May 2018
31 October - 31 July 2019
Event CalendarSubmission deadline: 31 October 2018
Notification: 31 January 2019
Anubhab Baksi, Vikramkumar Pudi, Swagata Mandal, Anupam Chattopadhyay
ePrint ReportFaruk G\"{o}lo\u{g}lu, Antoine Joux
ePrint ReportIgnacio Cascudo, Ronald Cramer, Chaoping Xing, Chen Yuan
ePrint ReportIn this paper we propose a novel paradigm for amortized MPC that offers a different trade-off, namely with the size of the field of the circuit which is securely computed, instead of the adversary threshold. Thus, unlike the Franklin-Yung paradigm, this leaves the adversary threshold unchanged. Therefore, for instance, this paradigm may yield constructions enjoying the maximal adversary threshold $\lfloor (n-1)/3 \rfloor$ in the BGW-model (secure channels, perfect security, active adversary, synchronous communication).
Our idea is to compile an MPC for a circuit over an extension field to a parallel MPC of the same circuit but with inputs defined over its base field and with the same adversary threshold. Key technical handles are our notion of reverse multiplication-friendly embeddings (RMFE) and our proof, by algebraic-geometric means, that these are constant-rate, as well as efficient auxiliary protocols for creating ``subspace-randomness'' with good amortized complexity. In the BGW-model, we show that the latter can be constructed by combining our tensored-up linear secret sharing with protocols based on hyperinvertible matrices a la Beerliova-Hirt (or variations thereof).
As a demonstration of the merits of the novel paradigm, we show that, in the BGW-model and with an optimal adversary threshold $\lfloor (n-1)/3 \rfloor$, it is possible to securely compute a binary circuit with amortized complexity $O(n)$ of bits per gate per instance. Known results would give $n \log n$ bits instead. By combining our result with the Franklin-Yung paradigm, and assuming a sub-optimal adversary (i.e., an arbitrarily small $\epsilon>0$ fraction below 1/3), this is improved to $O(1)$ bits instead of $O(n)$.
Shobhit Sinha, Sandip Karmakar
ePrint Report10 May 2018
Ilia Lebedev, Kyle Hogan, Srinivas Devadas
ePrint ReportUsing the RISC-V Rocket chip architecture as a base, we design, document, and implement an attested execution processor that does not require secure non-volatile memory, nor a private key explicitly assigned by the manufacturer. Instead, the processor derives its cryptographic identity from manufacturing variation measured by a Physical Unclonable Function (PUF). Software executed by a bootloader built into the processor transforms the PUF output into an elliptic curve key pair. The (re)generated private key is used to sign trusted portions of the boot image, and is immediately destroyed. The platform can therefore provide attestations about its state to remote clients. Reliability and security of PUF keys are ensured through the use of a trapdoor computational fuzzy extractor.
We present detailed evaluation results for secure boot and attestation by a client of a Rocket chip implementation on a Xilinx Zynq 7000 FPGA.
Georg Fucshbauer, Chethan Kamath, Karen Klein, Krzysztof Pietrzak
ePrint ReportAll existing security proofs for PRE only show selective security, where the adversary must first declare the users it wants to corrupt. This can be lifted to more meaningful adaptive security by guessing the set of corrupted users among the n users, which loses a factor exponential in n, rendering the result meaningless already for moderate n.
Jafargholi et al. (CRYPTO17) proposed a framework that in some cases allows to give adaptive security proofs for schemes which were previously only known to be selectively secure, while avoiding the exponential loss that results from guessing the adaptive choices made by an adversary. We apply their framework to PREs that satisfy some natural additional properties. Concretely, we give a more fine-grained reduction for several unidirectional PREs, proving adaptive security at a much smaller loss. The loss depends on the graph of users whose edges represent the re- encryption keys queried by the adversary. For trees and chains the loss is quasi-polynomial in the size and for general graphs it is exponential in their depth and indegree (instead of their size as for previous reductions). Fortunately, trees and low-depth graphs cover many, if not most, interesting applications.
Our results apply e.g. to the bilinear-map based PRE schemes by Ate- niese et al. (NDSS05 and CT-RSA09), Gentrys FHE-based scheme (STOC09) and the LWE-based scheme by Chandran et al. (PKC14).