IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
12 June 2018
Ahmad Al Badawi, Yuriy Polyakov, Khin Mi Mi Aung, Bharadwaj Veeravalli, Kurt Rohloff
ePrint ReportGuilherme Borges, Henrique Domingos, Bernardo Ferreira, João Leitão, Tiago Oliveira, Bernardo Portela
ePrint ReportIn this paper we tackle this tension by proposing BISEN, a new provably-secure boolean searchable symmetric encryption scheme that improves these three complementary dimensions by exploring the design space of isolation guarantees offered by novel commodity hardware such as Intel SGX, abstracted as Isolated Execution Environments (IEEs). BISEN is the first scheme to enable highly expressive and arbitrarily complex boolean queries, with minimal leakage of information regarding performed queries and accessed data. Furthermore, by exploiting trusted hardware and the IEE abstraction, BISEN reduces communication costs between the client and the cloud, boosting query execution performance. Experimental validation and comparison with the state of art shows that BISEN provides better performance with enriched search semantics and security
Tapas Pal, Ratna Dutta
ePrint ReportIn this work, we give constructions of the following cryptographic primitives without using multilinear maps and instantiating obfuscation from randomized encoding: We construct witness PRFs using a puncturable pseudorandom function and sub-exponentially secure randomized encoding scheme in common reference string (CRS) model. A sub-exponentially secure randomized encoding scheme in CRS model can be achieved from a sub-exponentially secure public key functional encryption scheme and learning with error assumptions with sub-exponential hardness. We turn our witness PRF into a multi-relation witness PRF where one can use the scheme with a class of relations related to an NP language. Furthermore, we construct an offline witness encryption scheme using our proposed witness PRF. The offline witness encryption scheme of Abusalah et al. [AFP16] was built from a plain public-key encryption, a statistical simulation-sound non-interactive zero knowledge (SSS-NIZK) proof system and obfuscation. In their scheme, a(n) SSS-NIZK proof is needed for the encryption whose efficiency depends on the underlying public key encryption. We replace SSS-NIZK by our witness PRF and construct an offline witness encryption scheme. More precisely, our scheme is based on a public-key encryption, a witness PRF and employs a sub-exponentially secure randomized encoding scheme in CRS model instantiating obfuscation. Our offline witness encryption can be turned into an offline functional witness encryption scheme where decryption releases a function of a message and witness as output.
Yoshinori Aono, Phong Q. Nguyen, Takanobu Seito, Junji Shikata
ePrint ReportJung Hee Cheon, Seungwan Hong, Changmin Lee, Yongha Son
ePrint ReportOur main idea is to generically combine two abstract encryption schemes that satisfies some special properties. We also gives an instantiation of our scheme by combining ElGamal scheme and Ring-LWE based homomorphic encryption scheme, whose ciphertext length is exactly $2\ell+1,$ for any degree $d.$
Mugurel Barcau, Vicentiu Pasol
ePrint ReportMugurel Barcau, Vicentiu Pasol
ePrint Report11 June 2018
PQShield Ltd., Oxford, UK.
Job PostingWe invite experts in PQ cryptography to join our team as (Senior) Cryptographic Researchers. Candidates are expected to have a PhD degree in any PQ cryptography field or the equivalent in industrial experience with a solid publication record.
The company is offering competitive packages in addition to the chance to be affiliated with the Mathematical Institute at the University of Oxford.
Closing date for applications: 15 August 2018
Contact: Interested candidates, please send your CVs to Ali El Kaafarani on elkaafarani (at) pqshield.com or elkaafarani (at) maths.ox.ac.uk
09 June 2018
National University of Singapore
Job PostingResearch Fellow
National University of Singapore
Description:
“NUS-Singtel Cyber Security R&D Lab” (http://nus-singtel.nus.edu.sg/) is a 5 years joint project with about SGD 43 mil (approximately USD 31 mil) of funds contributed by Singapore Telecommunications Limited (SingTel), National University of Singapore (NUS), and National Research Foundation (NRF) of Singapore. The R&D Lab will conduct research in four broad areas of cyber security having strategic relevance to Singtel’s business: (1) Predictive Security Analytics; (2) Network, Data and Cloud Security; (3) Internet-of-Things and Industrial Control Systems; (4) Future-Ready Cyber Security Systems.
NUS-SingTel Lab currently has one research fellow position with competitive pay. It is available to (fresh) PhD graduates in computer science/engineering from Singapore or overseas.
The Research Fellow will be responsible for working closely with the Principal Investigator and lab members on a new 3-year research project which just starts in June 2018. He/she should possess experience or interest in at least some of the following research areas:
• Key management, Authentication, Authorization and Access control
• Trusted computing (e.g. TPM, Intel SGX)
• Post-quantum cryptography
Job requirements:
• A PhD degree in a relevant area (Computer Science/Engineer, mathematics, etc);
• Good publication record in cyber security and crypto area
o Publication in Rank 1 Cyber Security or Crypto Conference, or AsiaCrypt, ESORICS, ACSAC, TCC, Euro S&P, etc;
• Good communication skills (English), self-motivated and good team players;
• Some experience in programming is a plus;
• Willing to perform practical research which may eventually lead to products
To apply for the above position, please send a copy of your recent CV to comxj (at) nus.edu.sg with an email subject “Application for RF”.
Closing date for applications: 31 December 2018
Contact: Dr Xu (comxj (at) nus.edu.sg)
More information: https://www.nus-singtel.nus.edu.sg/
07 June 2018
University of Birmingham, UK
Job PostingCandidates should have a background including cyber security (e.g. good grades in cyber security modules, a strong cyber security final project, or being on a dedicated cyber security course). Given the focus of all three studentships on hardware and attacks, candidates should additionally have a demonstrable interest in and familiarity with hardware security, pentesting, embedded systems and/or side-channel attacks.
The available projects (with supervisors and stipends) are:
- Cyber Security for the Vehicles of Tomorrow (Flavio Garcia) £14,553 for 3 years
- User-controlled Hardware Security Anchors: Evaluation and Design (Mark Ryan, Flavio Garcia, David Oswald) £14,553 for 3 years
- BioLeak: Side-Channel Analysis of Fingerprint Matching Algorithms (David Oswald, Flavio Garcia) £22,000 for 3 years
- FaultFinder: from Faulty Output to Fault Model – an Automated Approach (David Oswald, Flavio Garcia) £22,000 for 3 years
For more information please contact the relevant supervisors or our centre administrator. Please note that for BioLeak and FaultFinder candidates must be UK citizens.
Closing date for applications: 25 June 2018
Contact: Garfield Benjamin (administrator) g.r.benjamin (at) cs.bham.ac.uk
Mark Ryan (Professor) m.d.ryan (at) cs.bham.ac.uk
Flavio Garcia (Professor) f.garcia (at) cs.bham.ac.uk
David Oswald (Lecturer) d.f.oswald (at) cs.bham.ac.uk
More information: https://sec.cs.bham.ac.uk/
Deparment of Computer Science, TU Darmstadt, Germany
Job PostingWe are offering three positions for Ph.D. candidates and Postdocs in the following areas:
- information-flow analysis techniques for object-oriented programs at the level of source code and bytecode based on compositional and precise verification techniques
- experimental analysis of side-channel vulnerabilities in cryptographic implementations and generation of attacks exploiting such vulnerabilities
- program analysis techniques for detecting side-channel vulnerabilities in cryptographic implementations and for assessing the seriousness of such vulnerabilities
The overall goal of our research at MAIS is to make software-based systems more trustworthy (i.e. secure, safe, and correct) than they are today. As software engineering is a complex and error-prone task,
we employ formal methods in combination with experiments for reasoning about software and critical system properties. We investigate software systems on the level of source code, bytecode, and machine code as well as on the level of more abstract system specifications. This allows us to provide support for security at different stages of software
development. At MAIS we are offering a productive and collaborative research environment in which you can discuss ideas with other team members working on related topics.
The positions are available immediately and applications will be considered until the positions are taken. These are positions with regular salary and social benefits based on TV-TUD. For more information and how to apply, see http://www.mais.informatik.tu-darmstadt.de/Positions.html.
Closing date for applications:
Valletta, Malta, 22 October - 26 October 2018
Event CalendarSubmission deadline: 3 July 2018
Notification: 2 August 2018
06 June 2018
Patrick McCorry, Surya Bakshi, Iddo Bentov, Andrew Miller, Sarah Meiklejohn
ePrint ReportPatrick McCorry, Alexander Hicks, Sarah Meiklejohn
ePrint ReportSaikrishna Badrinarayanan, Aayush Jain, Nathan Manohar, Amit Sahai
ePrint ReportUsing the techniques from above, we also achieve independently interesting consequences in the traditional MPC model. We construct the first round-optimal (three rounds) MPC protocol in the plain model (without a CRS) that achieves guaranteed output delivery (GOD) and is malicious-secure in the presence of an honest majority of parties. Previously, Gordon et al. [CRYPTO' 15] constructed a three-round protocol that achieves GOD in the honest majority setting, but required a CRS. They also showed that it is impossible to construct two-round protocols for the same even in the presence of a CRS. Thus, our result is the first 3-round GOD protocol that does not require any trusted setup, and it is optimal in terms of round complexity.
Furthermore, all our above protocols have communication complexity proportional only to the depth of the circuit being evaluated.
The key technical tool in our above protocols is a primitive called threshold multi-key fully homomorphic encryption which we define and construct assuming just learning with errors (LWE). We believe this primitive may be of independent interest.
Daniel Demmler, Peter Rindal, Mike Rosulek, Ni Trieu
ePrint ReportIn this work, we present a system for private contact discovery, in which the client learns only the intersection of its own contact list and a server's user database, and the server learns only the (approximate) size of the client's list. The protocol is specifically tailored to the case of a small client set and large user database. Our protocol has provable security guarantees and combines new ideas with state-of-the-art techniques from private information retrieval and private set intersection.
We report on a highly optimized prototype implementation of our system, which is practical on real-world set sizes. For example, contact discovery between a client with 1024 contacts and a server with 67 million user entries takes 1.36 sec (when using server multi-threading) and uses only 4.28 MiB of communication.
Jonathan Katz, Samuel Ranellucci, Mike Rosulek, Xiao Wang
ePrint Report- We show how to make the authenticated garbling at the heart of their protocol compatible with the half-gate optimization of Zahur et al. (Eurocrypt 2015). We also show how to avoid sending an information-theoretic MAC for each garbled row. These two optimizations give up to a 2.6x improvement in communication, and make the communication of the online phase essentially equivalent to that of state-of-the-art semi-honest secure computation.
- We show various optimizations to their protocol for generating AND triples that, overall, result in a 1.5x improvement in the communication and a 2x improvement in the computation for that step.
Tore Kasper Frederiksen, Yehuda Lindell, Valery Osheter, Benny Pinkas
ePrint ReportFor our maliciously secure protocol our most significant improvement comes from executing most of the protocol in a ``strong'' semi-honest manner and then doing a single, light, zero-knowledge argument of correct execution. We introduce other significant improvements as well. One such improvement arrives in showing that certain, limited leakage does not compromise security, which allows us to use lightweight subprotocols. Another improvement, which may be of independent interest, comes in our approach for multiplying two large integers using OT, in the malicious setting, without being susceptible to a selective-failure attack. Finally, we implement our malicious protocol and show that its performance is an order of magnitude better than the best previous protocol, which provided only semi-honest security.
Pooya Farshim, Georg Fuchsbauer, Alain Passelègue
ePrint ReportItai Dinur
ePrint ReportIn this paper, we make progress in both directions. First, we improve the best know GBP time-memory tradeoff curve (published by independently by Nikoli\'{c} and Sasaki and also by Biryukov and Khovratovich) for all $K \geq 8$ from $T^2M^{\lfloor \log K \rfloor -1} = N$ to $T^{\lceil (\log K)/2 \rceil + 1 }M^{\lfloor (\log K)/2 \rfloor} = N$, applicable for a large range of parameters. For example, for $K = 8$ we improve the best previous tradeoff from $T^2M^2 = N$ to $T^3M = N$ and for $K = 32$ the improvement is from $T^2M^4 = N$ to $T^4M^2 = N$.
Next, we consider values of $K$ which are not powers of 2 and show that in many cases even more efficient time-memory tradeoff curves can be obtained. Most interestingly, for $K \in \{6,7,14,15\}$ we present algorithms with the same time complexities as the K-tree algorithm, but with significantly reduced memory complexities. In particular, for $K=6$ the K-tree algorithm achieves $T=M=N^{1/3}$, whereas we obtain $T=N^{1/3}$ and $M=N^{1/6}$. For $K=14$, Wagner's algorithm achieves $T=M=N^{1/4}$, while we obtain $T=N^{1/4}$ and $M=N^{1/8}$. This gives the first significant improvement over the K-tree algorithm for small $K$.
Finally, we optimize our techniques for several concrete GBP instances and show how to solve some of them with improved time and memory complexities compared to the state-of-the-art.
Our results are obtained using a framework that combines several algorithmic techniques such as variants of the Schroeppel-Shamir algorithm for solving knapsack problems (devised in works by Howgrave-Graham and Joux and by Becker, Coron and Joux) and dissection algorithms (published by Dinur, Dunkelman, Keller and Shamir). It then builds on these techniques to develop new GBP algorithms.