IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
18 October 2018
Ignacio Cascudo, Ivan Damgård, Bernardo David, Nico Döttling, Rafael Dowsley, Irene Giacomelli
ePrint ReportAlex Davidson, Shuichi Katsumata, Ryo Nishimaki, Shota Yamada
ePrint ReportIn this work, we give the first construction of a CPRF that can issue a constant number of constrained keys for bit-fixing predicates, only requiring the existence of one-way functions (OWFs). This is a much weaker assumption compared with all previous constructions. In addition, we prove that the new scheme satisfies \(1\)-key privacy (otherwise known as constraint-hiding), and that it also achieves fully adaptive security. This is the only construction to achieve adaptive security outside of the random oracle model, and without sub-exponential security losses. Our technique represents a noted departure from existing CPRF constructions. We hope that it may lead to future constructions that can expose a greater number of keys, or consider more expressive predicates (such as bounded-depth circuit constraints).
T-H. Hubert Chan, Rafael Pass, Elaine Shi
ePrint ReportT-H. Hubert Chan, Rafael Pass, Elaine Shi
ePrint ReportCarlos Andres Lara-Nino, Arturo Diaz-Perez, Miguel Morales-Sandoval
ePrint ReportQED-it Systems Ltd
Job PostingQED-it, a funded Tel-Aviv based startup, is looking for experienced software engineers to join its core team. We are tackling the hardest and most interesting problems in the Blockchain space - solving the consensus/privacy paradox, using zero-knowledge-proofs. ZKP is a new technology, that up until recently was solely explored in academia.
We are funded by smart money from top tier angels, and have assembled a team of experts in cryptography, computer science, security and distributed systems.
QED-it is building a unique product combining cutting-edge technology, design and implementation of cryptographic protocols and user/developer-facing APIs. We’re looking to expand our team with more great individuals!
As a Software Engineer working on Protocol, you will:
- Apply zkSNARKs and design protocols in a variety of use-cases
- Collaborate with research scientists to implement cutting-edge cryptography efficiently
- Develop tools to make cryptographic constructions deployable in a multitude of environments
About you
- You have a few years of work experience in software engineering roles, preferably with some experience in using experimental technologies, cutting-edge environments, languages and algorithms
- Have a strong sense of long-term/delivery trade-off
- Looking to be a part of a product bridging multiple levels of complexity in its first stages
- Good communication skills and able to quickly adapt to new challenges when needed
- You enjoy work in a fluctuating environment, dealing with (some) uncertainty
- Without using Google, you know what Q.E.D. means, possibly even 2 different meanings
What you get
- Competitive full-time compensation
- A driver seat at an expanding, global technology company in an exciting, emerging industry
- Sharp, motivated peers who can’t wait to meet you :)
Closing date for applications: 31 December 2018
Contact: Emilie NOEL
Head of recruiting
emilie (at) spike.partners
+33668285589
More information: https://qed-it.breezy.hr/p/cc072d5f4fda-software-engineer-cryptography
DTU Compute’s Section for Cyber Security
Job PostingThe aim of the new position is to expand the Section’s research in symmetric cryptology and align it with potential novel threats.
The research field of this new Postdoc position is within post-quantum security for symmetric cryptographic algorithms, both basic primitives and modes of operation. We aim to hire two postdocs with complementary skill sets: one with more focus on symmetric cryptography and cryptanalysis as well as one with more emphasis on quantum computing and algorithms
Responsibilities and tasks
The main tasks of these postdoc positions are to analyze existing symmetric cryptographic primitives with respect to post-quantum challenges as well as to design and evaluate new primitives to address these challenges. In this position, you will actively engage in our ongoing and prospective research activities on analysis and design of block ciphers, hash functions, authentication schemes and authentication encryption schemes from the point of view of post-quantum security.
External stays are planned at our research partners in Europe
Application procedure
To apply, please read the full job advertisement at www.career.dtu.dk
Application deadline: 1 December 2018
DTU is a technical university providing internationally leading research, education, innovation and scientific advice. Our staff of 6,000 advance science and technology to create innovative solutions that meet the demands of society, and our 11,200 students are being educated to address the technological challenges of the future. DTU is an independent academic university collaborating globally with business, industry, government and public agencies.
Closing date for applications: 1 December 2018
Contact: Further information can be obtained from Assoc. Prof. Andrey Bogdanov, anbog (at) dtu.dk.
More information: http://www.dtu.dk/english/about/job-and-career/vacant-positions/job?id=2d6700e5-dc27-4904-8651-31db7a1d607c
Worcester Polytechnic Institute
Job PostingThe successful candidate will have a strong background in the broad area of Cybersecurity and privacy, with expertise subdomains including Blockchains and decentralized trust, secure computation, hardware security and side-channel analysis, adversarial learning, and security in the cloud and IoT devices.
Candidates must have a Ph.D. degree in Electrical Engineering, Computer Engineering or related areas with outstanding academic credentials that clearly demonstrate their ability to conduct independent and successful research in their areas of expertise and to build cross-disciplinary research programs. Applicants must show potential for an innovative and sustainable research and teaching career. WPI expects faculty to be involved in a balance of research, teaching and service activities, including mentoring student project and thesis work at the undergraduate, master’s and doctoral levels.
Applications should include curriculum vitae, statements of teaching and research interests, and a list of five professional references. This search will remain open until the position is filled.
Closing date for applications: 1 July 2019
Contact: Berk Sunar, Professor.
Electrical & Computer Engineering Dept.
Worcester Polytechnic Institute
sunar\'at\'wpi.edu
More information: https://bit.ly/2NOUIEE
16 October 2018
Oregon State University, School of EECS
Job PostingApply online at https://jobs.oregonstate.edu/postings/67888 (posting #P02523UF) with the following documents: A letter of interest; vita; a two-page statement of research interests; a one-page statement of teaching interests; a one-page statement on efforts towards equity and inclusion; and names and contact information for at least three references. To be assured full consideration, applications must be received by December 1, 2018.
Closing date for applications: 1 December 2018
Contact: Mike Rosulek: rosulekm (at) eecs.oregonstate.edu
More information: https://jobs.oregonstate.edu/postings/67888
15 October 2018
Voting is possible through Nov 15
ElectionYou may vote as often as you wish now through November 15th 23:00 UTC using the Helios (https://heliosvoting.org/) cryptographically-verifiable election system, but only your last vote will be counted.
Please see https://www.iacr.org/elections/eVoting/about-helios.html for a brief overview of how the Helios system works and https://www.iacr.org/elections/eVoting/ for information on the IACR decision to adopt Helios.
2018 members of the IACR (generally people who attended an IACR conference or workshop in 2017) should shortly receive voting credentials from system@heliosvoting.org sent to their email address of record with the IACR. Questions about this election may be sent to elections@iacr.org.
Information about the candidates can be found below and also at https://www.iacr.org/elections/2018/.
The IACR Election Committee
Masayuki Abe (Chair)
Shai Halevi
Tancrède Lepoint (Returning Officer)
Candidates for election:
Michel Abdalla
Statement: After two three-year terms as director, I seek again the opportunity to continue serving the community as an IACR director. If reelected, I'll continue to help improve existing services provided by IACR, offer new services, and promote worldwide dissemination of cryptologic research.
Longer Statement: https://www.di.ens.fr/~mabdalla/IACR.html
Personal Webpage: https://www.di.ens.fr/~mabdalla/
Anna Lysyanskaya
Statement: I felt very honored to be elected six years ago, and I hope to continue to serve the cryptographic community. My priorities are (1) high quality research and its effective dissemination, (2) listening and responding to IACR membersâ needs, (3) mentoring, (4) dialogue with related research, industry and other communities.
Longer Statement: https://cs.brown.edu/~alysyans/iacr-election-2018.html
Personal Webpage: https://cs.brown.edu/~alysyans/
Nadia Heninger
Statement: I would be pleased to give back to the community by serving as an IACR director. I would like to promote diversity among the research areas and members of the cryptographic community and strengthen ties and exchange of ideas with the security and privacy communities.
Personal Webpage: https://www.cis.upenn.edu/~nadiah/
Satya Lokam
Statement: If elected, I wish to increase the impact and outreach of IACR in the Asia-Pacific region. Being in the cryptology community in this region for over a decade (Asiacrypt: GC, Steering Committee, Indocrypt: GC, Asia-CCS blockchain workshops), I can represent their unique perspectives and challenges to BoD.
Longer Statement: https://www.microsoft.com/en-us/research/people/satya/
Personal Webpage: https://www.microsoft.com/en-us/research/people/satya/
Maria Naya Plasencia
Statement: I am an active IACR member and was the first co-editor-in-chief of the IACR Transactions on Symmetric Cryptology journal, contributing to open access transition. I feel I owe the community some time: promoting diversity (including scientific), interdisciplinary research and maintaining our ideal scientific environment with respect and dialogue.
Longer Statement: http://naya.plasencia.free.fr/Maria/index.php?lg=en&pg=index
Personal Webpage: http://naya.plasencia.free.fr/Maria/index.php?lg=en&pg=index
Josh Benaloh
Statement: I have had the privilege of serving on the IACR Board for 17 years - as an officer, a conference chair, and a director. We have grown and addressed many challenges in those years, and we have many new challenges today. I seek the opportunity to continue working for the community.
Longer Statement: https://www.microsoft.com/en-us/research/people/benaloh/#iacr
Personal Webpage: https://www.microsoft.com/en-us/research/people/benaloh/
Ran Canetti
Statement: My goal: Help facilitate and preserve quality cryptographic research, done anywhere. This includes:
- Preserving transparency, integrity and quality of scientific review processes.
- Facilitating the publication process for scientific work.
- Assisting in the recognition of excellent researchers, in all levels of seniority and environments.
- Promoting gender equality and culture of acceptance.
Seny Kamara, Tarik Moataz
ePrint ReportWe achieve these results by leveraging computational assumptions. Not just for encryption but, more interestingly, to hide the volumes themselves. Our first construction achieves this using a pseudo-random function whereas our second construction achieves this by relying on the conjectured hardness of the planted densest subgraph problem which is a planted variant of the well-studied densest subgraph problem. This assumption was previously used to design public-key encryptions schemes (Applebaum et al., STOC '10) and to study the computational complexity of financial products (Arora et al., ICS '10).
Devriş İşler, Alptekin Küpçü
ePrint ReportDevriş İşler, Alptekin Küpçü
ePrint ReportIn this work, we introduce a framework for distributed single password protocols (DiSPP) that analyzes existing protocols, improves upon them regarding novel constructions and distributed schemes, and allows exploiting alternative cryptographic primitives to obtain secure distributed single password protocols with various trade-offs. Previous single password solutions can be instantiated as part of our framework. We further introduce a secure DiSPP instantiation derived from our framework enforcing the adversary to corrupt several cloud and mobile storage devices in addition to the login server in order to perform a successful offline dictionary attack. We also provide a comparative analysis of different solutions derived from our framework.
Devriş İşler, Alptekin Küpçü, Aykut Coskun
ePrint ReportIn this paper, we implement two very different SPA systems and assess their usability with the following two comparative experiments: one comparing the state-of-the-art cloud-based browser-extension SPA solution against traditional password-based authentication (where in both cases the user experience is simply entering a username and password), and another comparing the first mobile-application-based SPA solution against two-factor authentication (where, in both cases, in addition to the password, the user needs access to her mobile device). We obtain that the cloud-based SPA system is easier to use than the traditional approach, making it suitable for daily use deployment, and the mobile-based SPA system is as easy as, but less intimidating and more secure than two-factor authentication, making it a better alternative for online banking type deployments. Hence, SPA systems overall constitute a usable alternative to the existing solutions, while providing offline dictionary attack protection.
Fuyuki Kitagawa, Ryo Nishimaki, Keisuke Tanaka, Takashi Yamakawa
ePrint ReportIn this study, we propose adaptively secure, collusion-resistant, and succinct (we call ``fully-equipped'') PKFE schemes for circuits. More specifically, we propose a generic transformation from weakly-selectively secure, single-key, and sublinearly-succinct PKFE for circuits into fully-equipped PKFE for circuits. We assume only the existence of weakly-selectively secure, single-key, and sublinearly-succinct PKFE for circuits. That is, our transformation relies on \emph{neither} concrete assumptions such as learning with errors \emph{nor} indistinguishability obfuscation. This is the first generic construction of fully-equipped PKFE that does not rely on indistinguishability obfuscation.
As side-benefits of our results, we obtain the following primitives from weakly-selectively, single-key, and sublinearly-succinct PKFE for circuits: (1) laconic oblivious transfer (2) succinct garbling scheme for Turing machines (3) selectively secure, collusion-resistant, and succinct PKFE for Turing machines (4) low-overhead adaptively secure traitor tracing (5) key-dependent-message secure and leakage-resilient public-key encryption. We also obtain a semi-generic transformation from simulation-based adaptively secure garbling schemes into adaptively indistinguishable garbling schemes whose online complexity does not depend on the output length.
Aayush Jain, Amit Sahai
ePrint ReportA $D=(d+2)$-restricted FE scheme is a secret key FE scheme that allows an encryptor to efficiently encrypt a message of the form $M=(\vec{x},\vec{y},\vec{z})$. Here, $\vec{x}\in \F_{\prm}^{d\times n}$ and $\vec{y},\vec{z}\in \F_{\prm}^n$. Function keys can be issued for a function $f=\Sigma_{\vec{I}= (i_1,..,i_d,j,k)}\ c_{\vec{I}}\cdot \vec{x}[1,i_1] \cdots \vec{x}[d,i_d] \cdot \vec{y}[j]\cdot \vec{z}[k]$ where the coefficients $c_{\vec{I}}\in \F_{\prm}$. Knowing the function key and the ciphertext, one can learn $f(\vec{x},\vec{y},\vec{z})$, if this value is bounded in absolute value by some polynomial in the security parameter and $n$. The security requirement is that the ciphertext hides $\vec{y}$ and $\vec{z}$, although it is not required to hide $\vec{x}$. Thus $\vec{x}$ can be seen as a public attribute.
$D$-restricted FE allows for useful evaluation of constant-degree polynomials, while only requiring the SXDH assumption over bilinear groups. As such, it is a powerful tool for leveraging hardness that exists in constant-degree expanding families of polynomials over $\mathbb{R}$. In particular, we build upon the work of Ananth et al. to show how to build indistinguishability obfuscation (iO) assuming only SXDH over bilinear groups, LWE, and assumptions relating to weak pseudorandom properties of constant-degree expanding polynomials over $\mathbb{R}$.
Yonglin Hao, Lin Jiao, Chaoyun Li, Willi Meier, Yosuke Todo, Qingju Wang
ePrint ReportIn this paper, we theoretically analyze the dynamic cube attack method given by Fu \etal using the division property and MILP modeling technique.
Firstly, we draw links between the division property and Fu \etal's dynamic cube attack so that their method can be described as a theoretically well founded and computationally economic MILP-aided division-property-based cube attack. With the MILP model drawn according to the division property, we analyzed the 721-round TRIVIUM in detail and find some interesting results: \begin{enumerate} \item The degree evaluation using our MILP method is more accurate than that of Fu \etal's. Fu \etal prove that the degree of pure $z^{721}$ is 40 while our method gives 29. We practically proved the correctness of our method by trying thousands of random keys, random 30-dimensional cubes and random assignments to non-cube IVs finding that the summations are constantly 0. \item For the transformed output bit $(1+s_1^{290})\cdot z^{721}$, we proved the same degree 31 as Fu \etal and we also find 32-dimensional cubes have zero-sum property for correct key guesses. But since the degree of pure $z^{721}$ is only 29, the 721-round practical attack on TRIVIUM is violating the principle of Fu \etal's work: after the transformation in the output bit, when the key guesses are correct, the degree of the transformed output bit has not dropped but risen. \item Now that the degree theoretic foundation of the 721-round attack has been violated, we also find out that the key-recovery attack cannot be carried out either. We theoretically proved and practically verified that no matter the key guesses are correct or incorrect, the summation over 32-dimensional cube are always 0. So, no key bit can be recovered at all. \end{enumerate} All these analysis on 721-round TRIVIUM can be verified practically and we open our C++ source code for implementation as well.
Secondly, we revisit their 855-round result. Our MILP model reveal that the 855-round result suffers from the same problems with its 721-round counterpart. We provide theoretic evidence that, after their transformation, the degree of the output bit is more likely to rise rather than drop. Furthermore, since Fu \etal's degree evaluation is written in an unclear manner and no complexity analysis is given, we rewrite the algorithm according to their main ideas and supplement a detailed complexity analysis. Our analysis indicates that a precise evaluation to the degree requires complexities far beyond practical reach. We also demonstrate that further abbreviation to our rewritten algorithm can result in wrong evaluation. This might be the reason why Fu \etal give such a degree evaluation. This is also an additional argument against Fu \etal's dynamic cube attack method.
Thirdly, the selection of Fu \etal's cube dimension is also questionable. According to our experiments and existing theoretic results, there is high risk that the correct key guesses and wrong ones share the same zero-sum property using Fu \etal's cube testers. As a remedy, we suggest that concrete cubes satisfying particular conditions should be identified rather than relying on the IV-degree drop hypothesis.
To conclude, Fu \etal's dynamic cube attack on 855-round TRIVIUM is questionable. 855-round as well as 840-and-up-round TRIVIUM should still be open for further convincible cryptanalysis.