IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
17 February 2020
21 March - 25 March 2021
Event CalendarSubmission deadline: 2 March 2020
Notification: 1 May 2020
Award
Nominations for the 2020 award (for papers published in 1999-2001) are welcomed by the selection committee. Deadline for nomination is May 3, 2020 23:59 AoE.
The proceedings of the relevant conferences can be found here:
CHES 1999
CHES 2000
CHES 2001
In order to nominate please send an email to the chair of selection committee with the following contents:
- email subject line: ches test of time award nomination
- mention: paper title and publication year
- provide short justification why the paper should receive the award by providing number of citations, describing influence in industry, etc. in a max. 2 pages document or text in the email body
The 2020 Selection Committee:
- Benedikt Gierlichs (chair)
- Helena Handschuh
- Marc Joye
- Christof Paar
- Pankaj Rohatgi
Zagreb, Croatia, 10 May 2020
Event CalendarSubmission deadline: 6 March 2020
Notification: 16 March 2020
Paderborn University
Job PostingOur group provides a relaxed and inspiring working atmosphere allowing you to address challenging research problems or to develop new cool attacks on well-used cryptographic implementations.
Your profile:
- Academic degree in Informatics, Mathematics, or a related area; ideally (but not mandatory) with a specialization in the area of IT security or cryptography
- High interest in research in IT security or applied cryptography
- Solid know-how in at least one of these areas:
- Applied cryptography (e. g., protocols like TLS or SSH)
- System security (e. g., fuzzing, reverse engineering or microarchitectural attacks)
- Web security
Deadline: 2nd March 2020. More information at: https://www.uni-paderborn.de/fileadmin/zv/4-4/stellenangebote/Kennziffer4190Englisch.pdf
Closing date for applications:
Contact: For further details about the position, you can contact Juraj Somorovsky.
More information: https://www.uni-paderborn.de/fileadmin/zv/4-4/stellenangebote/Kennziffer4190Englisch.pdf
Singapore University of Technology and Design (SUTD), Singapore
Job PostingI am looking for postdocs & research fellows with expertise on cyber-physical system security. The candidates should have track record of strong R&D capability, be a good team player, and also have good written/oral communication skills. The positions are available immediately, and will provide an excellent opportunity to perform both basic and translational research in close collaboration with industry. Successful candidates will be offered internationally competitive remuneration, and enjoy high-quality living and low tax rates in Singapore.
Interested candidates please send your CV with a research statement to Prof. Jianying Zhou. Only short-listed candidates will be contacted for interview.
Closing date for applications:
Contact: Prof. Jianying Zhou (jianying_zhou@sutd.edu.sg)
More information: http://jianying.space/
Télécom Paris, Institut Polytechnique de Paris
Job PostingTélécom Paris, one of the top four engineering schools in France for training general engineers and PhDs, invites application for a tenured position of Professor in Cryptography. The successful candidate will join the Computer Science and Networks department of the school and will be at the center of a unique innovation ecosystem on the Paris-Saclay Campus.
Details about this job offer can be found on :
- https://www.telecom-paris.fr/job-offer-professor-cryptography
The closing date for applications is April 12, 2020.
Informal enquiries may be made to Bertrand Meyer (bertrand.meyer@telecom-paris.fr)
Closing date for applications:
Contact: Bertrand Meyer bertrand.meyer@telecom-paris.fr
More information: https://www.telecom-paris.fr/job-offer-professor-cryptography
14 February 2020
Trondheim, Norway, 25 April - 30 April 2021
EurocryptKohei Nakagawa, Hiroshi Onuki, Atsushi Takayasu, Tsuyoshi Takagi
ePrint ReportPrabhanjan Ananth, Abhishek Jain, ZhengZhong Jin, Giulio Malavolta
ePrint ReportNathan Keller, Asaf Rosemarin
ePrint ReportIn this paper we show that the choice of the MDS matrix significantly affects the security level provided by HADES designs. If the MDS is chosen properly, then the security level of the scheme against differential and linear attacks is significantly higher than claimed by the designers. On the other hand, weaker choices of the MDS allow for extremely large invariant subspaces that pass the entire middle layer without activating any non-linear operation (a.k.a. S-box).
We showcase our results on the Starkad and Poseidon instantiations of HADES. For Poseidon, we significantly improve the lower bounds on the number of active S-boxes with respect to both differential and linear cryptanalysis provided by the designers -- for example, from 28 to 60 active S-boxes for the t=6 variant. For Starkad, we show that the t=24 variant proposed by the designers admits an invariant subspace of a huge size of $2^{1134}$ that passes any number of PSPN rounds without activating any S-box. Furthermore, we show that the problem can be fixed easily by replacing t with any value that is not divisible by four.
Santosh Ghosh, Luis S Kida, Soham Jayesh Desai, Reshma Lal
ePrint ReportChristian Badertscher, Ueli Maurer, Christopher Portmann, Guilherme Rito
ePrint ReportCCA-2 security is apparently the strongest notion, but because it is arguably too strong, Canetti, Krawczyk, and Nielsen (Crypto 2003) proposed the relaxed notions of Replayable CCA security (RCCA) as perhaps the weakest meaningful definition, and they investigated the space between CCA and RCCA security by proposing two versions of Detectable RCCA (d-RCCA) security which are meant to ensure that replays of ciphertexts are either publicly or secretly detectable (and hence preventable).
The contributions of this paper are three-fold. First, following the work of Coretti, Maurer, and Tackmann (Asiacrypt 2013), we formalize the three benchmark applications of PKE that serve as the natural motivation for security notions, namely the construction of certain types of (possibly replay-protected) confidential channels (from an insecure and an authenticated communication channel). Second, we prove that RCCA does not achieve the confidentiality benchmark and, contrary to previous belief, that the proposed d-RCCA notions are not even relaxations of CCA-2 security. Third, we propose the natural security notions corresponding to the three benchmarks: an appropriately strengthened version of RCCA to ensure confidentiality, as well as two notions for capturing public and secret replay detectability.
Eugene Frimpong, Alexandros Bakas, Hai-Van Dang, Antonis Michalas
ePrint ReportStefan Dziembowski, Grzegorz Fabiański, Sebastian Faust, Siavash Riahi
ePrint ReportIn this work we initiate the study of the inherent limitations of off-chain protocols. Concretely, we investigate the so-called \emph{Plasma} systems (also called ``commit chains''), and show that malicious parties can always launch an attack that forces the honest parties to communicate large amounts of data to the blockchain. More concretely: the adversary can always (a) either force the honest parties to communicate a lot with the blockchain, even though they did not intend to (this is traditionally called \emph{mass exit}); or (b) an honest party that wants to leave the system needs to quickly communicate large amounts of data to the blockchain. What makes these attacks particularly hard to handle in real life (and also making our result stronger) is that these attacks do not have so-called \emph{uniquely attributable faults}, i.e.~the smart contract cannot determine which party is malicious, and hence cannot force it to pay the fees for the blockchain interaction.
An important implication of our result is that the benefits of two of the most prominent Plasma types, called \emph{Plasma Cash} and \emph{Fungible Plasma}, cannot be achieved simultaneously. Our results apply to every Plasma system, and cannot be circumvent by introducing additional cryptographic assumptions.
Mohammad Zaheri, Adam O'Neill
ePrint ReportDimitris Karakostas, Aggelos Kiayias
ePrint ReportDaan Leermakers, Boris Skoric
ePrint ReportWe provide security proofs for both our schemes, based on the diamond norm distance, taking noise into account.
Martine De Cock, Rafael Dowsley, Anderson C. A. Nascimento, Davis Railsback, Jianwei Shen, Ariel Todoki
ePrint ReportSaikrishna Badrinarayanan, James Bartusek, Sanjam Garg, Daniel Masny, Pratyay Muhkerjee
ePrint ReportIn our construction, if the underlying two-round MPC protocol is secure against semi-honest adversaries (in the plain model) then so is our reusable two-round MPC protocol. Similarly, if the underlying two-round MPC protocol is secure against malicious adversaries (in the common random/reference string model) then so is our reusable two-round MPC protocol. Previously, such reusable two-round MPC protocols were only known under assumptions on lattices.
At a technical level, we show how to upgrade any two-round MPC protocol to a first message succinct two-round MPC protocol, where the first message of the protocol is generated independently of the computed circuit (though it is not reusable). This step uses homomorphic secret sharing (HSS) and low-depth pseudorandom functions. Next, we show a generic transformation that upgrades any first message succinct two-round MPC to allow for reusability of its first message.
Prabhanjan Ananth, Abhishek Jain, Zhengzhong Jin
ePrint ReportTMK-FHE with one-round threshold decryption, first constructed by Mukherjee and Wichs [Eurocrypt'16], has found several powerful applications in cryptography over the past few years. However, an important drawback of all such TMK-FHE schemes is that they require a common setup which results in applications in the common random string model.
To address this concern, we propose a notion of multiparty homomorphic encryption (MHE) that retains the communication efficiency property of TMK-FHE, but sacrifices on the efficiency of final decryption. Specifically, MHE is defined in a similar manner as TMK-FHE, except that the final output computation process performed locally by each party is ``non-compact'' in that we allow its computational complexity to depend on the size of the circuit. We observe that this relaxation does not have a significant bearing in many important applications of TMK-FHE.
Our main contribution is a construction of MHE from the learning with errors assumption in the plain model. Our scheme can be used to remove the setup in many applications of TMK-FHE. For example, it yields the first construction of low-communication reusable non-interactive MPC in the plain model. To obtain our result, we devise a recursive self-synthesis procedure to transform any ``delayed-function'' two-round MPC protocol into an MHE scheme.