IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
04 February 2019
Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany
Job PostingClosing date for applications: 28 February 2019
Contact: Dr. Patrick Schulte
RUHR-UNIVERSITÄT BOCHUM
Exzellenzcluster CASA / Horst Görtz Institut für IT-Sicherheit
Geschäftsführer / General Manager
ID 2 / 142
Universitätsstr. 150
44780 Bochum, Germany
Tel: +49-(0)234-32-27722
Email: patrick.schulte (at) rub.de
More information: https://twitter.com/HGI_Bochum/status/1087703387343331329
Brandenburg University of Technology, Cottbus, Germany
Job PostingClosing date for applications: 14 February 2019
Contact: Professor Dr.-Ing. Andriy Panchenko
Tel.: +49 355 69 2236
itsec-jobs.informatik@lists.b-tu.de
More information: https://www.informatik.tu-cottbus.de/~andriy/phd-ad-btu_en.pdf
Norwegian University of Science and Technology (NTNU)
Job Posting
Closing date for applications: 1 March 2019
Contact: Colin Boyd: colin.boyd (at) ntnu.no or Danilo Gligoroski: danilo.gligoroski (at) ntnu.no or Stig Frode Mjølsnes: stig.mjolsnes (at) ntnu.no
More information: https://www.jobbnorge.no/en/available-jobs/job/163765/
31 January 2019
Dakar, Senegal, 5 December - 7 December 2019
Event CalendarSubmission deadline: 1 May 2019
Notification: 31 July 2019
Bucharest, Romania, 16 September - 18 September 2019
Event CalendarSubmission deadline: 28 June 2019
Notification: 31 July 2019
Hisham S. Galal, Amr M. Youssef
ePrint ReportSergiu Carpov, Nicolas Gama, Mariya Georgieva, Juan Ramon Troncoso-Pastoriza
ePrint ReportMethods The HE Track of iDash 2018 competition focused on solving an important problem in practical machine learning scenarios, where a data analyst that has trained a regression model (both linear and logistic) with a certain set of features, attempts to find all features in an encrypted database that will improve the quality of the model. Our solution is based on the hybrid framework Chimera that allows for switching between different families of fully homomorphic schemes, namely TFHE and HEAAN.
Results Our solution is one of the finalist of Track 2 of iDash 2018 competition. Among the submitted solutions, ours is the only bootstrapped approach that can be applied for different sets of parameters without re-encrypting the genomic database, making it practical for real-world applications.
Conclusions This is the first step towards the more general feature selection problem across large encrypted databases.
Wei-Lun Huang, Jiun-Peng Chen, Bo-Yin Yang
ePrint ReportMary Maller, Sean Bowe, Markulf Kohlweiss, Sarah Meiklejohn
ePrint ReportHere we describe a zero-knowledge SNARK, Sonic, which supports a universal and continually updateable structured reference string that scales linearly in size. Sonic proofs are constant size, and in the batch verification context the marginal cost of verification is comparable with the most efficient SNARKs in the literature. We also describe a generally useful technique in which untrusted ``helpers'' can compute advice which allows batches of proofs to be verified more efficiently.
Pedro Branco
ePrint ReportPatrick Derbez, Pierre-Alain Fouque, Baptiste Lambin
ePrint ReportPatrick Derbez, Pierre-Alain Fouque, Baptiste Lambin, Brice Minaud
ePrint ReportThese attacks, however, were generally ad-hoc and did not enjoy a wide applicability. As our main contribution, we propose a generic and efficient algorithm to recover affine encodings, for any Substitution-Permutation-Network (SPN) cipher, such as AES, and any form of affine encoding. For AES parameters, namely 128-bit blocks split into 16 parallel 8-bit S-boxes, affine encodings are recovered with a time complexity estimated at $2^{32}$ basic operations, independently of how the encodings are built.
This algorithm is directly applicable to a large class of schemes. We illustrate this on a recent proposal due to Baek, Cheon and Hong, which was not previously analyzed. While Baek et al. evaluate the security of their scheme to 110 bits, a direct application of our generic algorithm is able to break the scheme with an estimated time complexity of only $2^{35}$ basic operations.
As a second contribution, we show a different approach to cryptanalyzing the Baek et al. scheme, which reduces the analysis to a standalone combinatorial problem, ultimately achieving key recovery in time complexity $2^{31}$. We also provide an implementation of the attack, which is able to recover the secret key in about 12 seconds on a standard desktop computer.
Patrick Derbez, Pierre-Alain Fouque, Jérémy Jean, Baptiste Lambin
ePrint ReportIn this work, we search how one could design a key schedule to maximize the number of active S-boxes in the related-key model. However, we also want this key schedule to be efficient, and therefore choose to only consider permutations. Our target is AES, and along with a few generic results about the best reachable bounds, we found a permutation to replace the original key schedule that reaches a minimal number of active S-boxes of 20 over 6 rounds, while no differential characteristic with a probability larger than $2^{-128}$ exists. We also describe an algorithm which helped us to show that there is no permutation that can reach 18 or more active S-boxes in 5 rounds. Finally, we give several pairs $(P_s, P_k)$, replacing respectively the ShiftRows operation and the key schedule of the AES, reaching a minimum of 21 active S-boxes over 6 rounds, while again, there is no differential characteristic with a probability larger than $2^{-128}$.
Aron Gohr, Sven Jacob, Werner Schindler
ePrint ReportWe can solve the more difficult of the two challenges with $2$ to $5$ power traces, which is much less than was available in the contest.
Our attack combines techniques from machine learning with classical techniques. The attack was superior to all classical and deep learning based attacks which we have tried. Moreover, it provides some insights on the implementation.
Muhammad Rezal Kamel Ariffin, Abderrahmane Nitaj, Yanbin Pan, Nur Azman Abu
ePrint Report30 January 2019
Canterbury, United Kingdom, 26 August - 29 August 2019
Event CalendarSubmission deadline: 15 March 2019
Notification: 24 May 2019
Bagota, Colombia, 5 June - 7 June 2019
Event CalendarSubmission deadline: 30 March 2019
Notification: 30 April 2019
29 January 2019
Léo Perrin
ePrint ReportWe revisit their results and identify a third decomposition of $\pi$. It is an instance of a fairly small family of permutations operating on $2m$ bits which we call TKlog and which is closely related to finite field logarithms. Its simplicity and the small number of components it uses lead us to claim that it has to be the structure intentionally used by the designers of Streebog and Kuznyechik.
The $2m$-bit permutations of this type have a very strong algebraic structure: they map multiplicative cosets of the subfield $\mathbb{F}_{2^{m}}^{*}$ to additive cosets of $\mathbb{F}_{2^{m}}^{*}$. Furthermore, the function relating each multiplicative coset to the corresponding additive coset is always essentially the same. To the best of our knowledge, we are the first to expose this very strong algebraic structure.
We also investigate other properties of the TKlog and show in particular that it can always be decomposed in a fashion similar to the first decomposition of Biryukov et al., thus explaining the relation between the two previous decompositions. It also means that it is always possible to implement a TKlog efficiently in hardware and that it always exhibits a visual pattern in its LAT similar to the one present in $\pi$.
While we could not find attacks based on these new results, we discuss the impact of our work on the security of Streebog and Kuznyechik. To this end, we provide a new simpler representation of the linear layer of Streebog as a matrix multiplication in the exact same field as the one used to define $\pi$. We deduce that this matrix interacts in a non-trivial way with the partitions preserved by $\pi$.
Li Hongda, Pan Dongxue, Ni Peifang
ePrint Report28 January 2019
Early registration deadline is Feb 26
FSEThe early registration deadline is February 26, 2019. After that date, registration prices will increase!
FSE 2019 will take place in Paris, France during March 25-28, 2019. For more information on the conference please visit https://fse.iacr.org/2019.