International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

Here you can see all recent updates to the IACR webpage. These updates are also available:

email icon
via email
RSS symbol icon
via RSS feed

08 May 2020

Beijing Genomics Institute, Shenzhen, China
Job Posting Job Posting
Responsibilities

1. Collaborate with other biological data scientists and responsible for health data (eg. genetic data) security and privacy protection research and development. Propose new solutions based on cutting-edge security technology to meet the needs of healthcare field.

2. Follow up research on the application of cutting-edge cryptography technology, cryptographic algorithm implementation and performance optimization, such as lattice cryptography, homomorphic encryption, and zero-knowledge proof in the field of blockchain or data storage.

Qualifications

1. Master degree or above (PhD prefered) in cryptography, computer science, mathematics or related fields

2. Excellent in security fundamentals, such as digest algorithm, symmetric encryption, asymmetric encryption and signature algorithm principles and their implementation

3. Familiar with cutting-edge cryptography technologies, including secure multi-party computing, homomorphic encryption, etc .

4. Interested in healthcare big data management and privacy protection

Closing date for applications:

Contact: Dr. Yuantong Ding, dingyuantong(at)genomics.cn

Expand
Osaka University, Graduate School of Engineering, Suita-city, Japan
Job Posting Job Posting
[Summary] Osaka University invites applications from outstanding individuals for a faculty position in the field of Cryptology and network security area in Graduate School of Engineering. [Explanation of institution (recruitment background, institution details, explanation of project, etc.)] cryptology, privacy in the field of Information Security, algebraic and number-theoretic algorithms, secure network or software [Job details (duties, subject responsible for, etc.)] Research and Education of information security [Address of work location and other information] 2-1 Yamadaoka, Suita, Osaka, Japan 565-0871 Suita Campus, Osaka University [Available positions (Job title, number of positions, etc.)] Specially Appointed Associate (full time) 1 person. English job title "Specially Appointed Associate" corresponds to the JREC-IN Portal job type "Assistant Professor level" at Osaka University. [Starting date] October 1st, 2020 (as soon as possible, negotiable)

Closing date for applications:

Contact: Atsuko Miyaji phone number: 06-6879-7715 E-Mail myj-comm-course@crypto-cybersec.comm.eng.osaka-u.ac.jp

More information: https://jrecin.jst.go.jp/seek/SeekJorDetail?fn=3&dt=1&id=D120030124&ln_jor=1

Expand
University of California Davis
Job Posting Job Posting
The University of California Davis ASEEC laboratory https://www.ece.ucdavis.edu/~hhomayou/ and National Science Foundation Center for Hardware Security (NSF CHEST) https://nsfchest.org/ is recruiting up to two talented postdoctoral researchers to expand its research activities in the area of applied machine learning and hardware security. In particular, we are looking for two experts with strong scientific background, good communication skills, and solid experience in one of the following areas:

1. Computer System Security
The successful candidate will perform research in the area of hardware security, computer architecture security, IoT security, and system cybersecurity.

2. Applied Machine Learning
The successful candidate will perform research in the area of applied machine learning. Some of the topics of interests are graph analytics, graph neural network, adversarial machine learning, and machine learning privacy, deep learning, reinforcement learning, and machine learning computational complexity.

Applicants should submit a curriculum vitae, and names/contact information of three references in a single PDF file to: hhomayoun@ucdavis.edu

Closing date for applications:

Contact: hhomayoun@ucdavis.edu

More information: https://ece.ucdavis.edu/news/current-opportunities-uc-davis-ece

Expand
Koç University, İstanbul, Turkey
Job Posting Job Posting
Cryptography, Security & Privacy Research Group at Koç University has multiple openings at every level. Accepted applicants may receive competitive scholarships including monthly stipend, tuition waiver, housing (accommodation) support, health insurance, computer, travel support, and lunch meal card.

Your duties include performing research on cryptography, security, and privacy in line with our research group's focus, assist teaching, and collaborate with other graduate and undergraduate students.

For applying online, and questions about the application-process for M.Sc. and Ph.D. positions, visit

https://gsse.ku.edu.tr/en/admissions/application-requirements

All applications must be completed online. Applications with missing documents will not be considered.

For more information about joining our group and projects, visit

https://crypto.ku.edu.tr/work-with-us/

Admission Requirements:
  1. CV
  2. Recommendation Letters (2 for MSc, 3 for Ph.D)
  3. TOEFL (for those whose native language is not English, Internet Based: Minimum Score 80)
  4. GRE scores (required from non-Turkish nationals)
  5. Official transcripts from all the universities attended
  6. Statement of Purpose
  7. Area of Interest Form filled online

Closing date for applications:

Contact: https://gsse.ku.edu.tr/en/admissions/how-to-apply/

More information: https://gsse.ku.edu.tr/en/admissions/application-requirements

Expand
University of Klagenfurt, Austria
Job Posting Job Posting

We are hiring a fixed term (4 year) lecturer in the area of Cybersecurity.

We invite applicants with a back ground (i.e. PhD) in either cybersecurity or statistics/AI/data science (assuming they are interested in a cybersecurity angle to their work).

The minimum monthly gross salary for this position amounts to € 3.889,50 (14 times per year) and can increase to € 4.309,30 (B1 lit. c) maximum in the case of consideration of previous occupational experience. The four-year fixed-term employment contract is expected to commence in August 2020 (but this is negotiable).

The position is within the newly established Cybersecurity group headed by Elisabeth Oswald. The group's research agenda evolves around data centric aspects of applied cryptography and more generally cybersecurity; this includes research around side channels, crypto (for privacy), and more generically the intersection between security/statistics/data science/AI.

The position holder is expected to contribute to teaching (4 contact hrs per week during term time, subject specific teaching only; the group leads on the newly established MSc on AI and Cybersecurity) and develop their own research agenda.

Closing date for applications:

Contact: Elisabeth Oswald (Elisabeth.Oswald @ aau.at)

More information: http://www.cybersecurityresearch.at

Expand
Tarragona, Catalonia, 23 September - 25 September 2020
Event Calendar Event Calendar
Event date: 23 September to 25 September 2020
Submission deadline: 1 June 2020
Notification: 26 June 2020
Expand
Seoul, South Korea, 2 December - 4 December 2020
Event Calendar Event Calendar
Event date: 2 December to 4 December 2020
Submission deadline: 26 August 2020
Notification: 26 October 2020
Expand
Aalborg University, Copenhagen Denmark
Job Posting Job Posting
At the Technical Faculty of IT and Design, Department of Electronic Systems, one or more positions as Assistant Professor in Cyber Security are open for appointment from September 1, 2020, or soon hereafter. The positions are available for a period of 4 years. The workplace is at Aalborg University Copenhagen.

JOB DESCRIPTION

We seek to appoint one or more Assistant Professors in Cyber Security. The selected candidate(s) will join a team of academics with a comprehensive research and teaching portfolio in the area of cyber security, and participate in the starting up of a new M.Sc. programme in Cybersecurity, which is taught in English.

The position(s) require internationally recognized research experience in one or more of the following areas:

  • Network security, Network Traffic Analysis and Anomaly Detection, including applied machine learning
  • DNS traffic analysis and detection of malicious domains, Honeypots and sandboxing
  • Security and privacy challenges in Internet of Things and Cloud solutions, Privacy enhancing technologies, Privacy by design, Secure Digital Identities, and Identity and Access management.

    The main tasks and responsibilities include:

  • Research, including publication of results and co-supervision of research students
  • Teaching and assessment of students
  • Acquiring research funding and coordinating profitable projects
  • Strengthening of our relationship with private industry partners within the field.

    For more information please see: https://www.stillinger.aau.dk/vis-stilling/?vacancy=1096542

    Closing date for applications:

    Contact: Jens Myrup Pedersen, email: jens@es.aau.dk.

    More information: https://www.stillinger.aau.dk/vis-stilling/?vacancy=1096542

  • Expand

    07 May 2020

    Liliya Kraleva, Tomer Ashur, Vincent Rijmen
    ePrint Report ePrint Report
    In this paper we analyse the algorithm Chaskey - a lightweight MAC algorithm for 32-bit micro controllers - with respect to rotational cryptanalysis. We perform a related-key attack over Chaskey and find a distinguisher by using rotational probabilities. Having a message $m$ we can forge and present a valid tag for some message under a related key with probability $2^{-57}$ for 8 rounds and $2^{-86}$ for all 12 rounds of the permutation for keys in a defined weak-key class. This attack can be extended to full key recovery with complexity $2^{120}$ for the full number of rounds. To our knowledge this is the first published attack targeting all 12 rounds of the algorithm. Additionally, we generalize the Markov theory with respect to a relation between two plaintexts and not their difference and apply it for rotational pairs.
    Expand
    Carsten Baum, Bernardo David, Rafael Dowsley, Jesper Buus Nielsen, Sabine Oechsner
    ePrint Report ePrint Report
    This work introduces an extension of the UC framework with an abstract notion of time that allows for modeling relative delays in communication and sequential computation without requiring parties to keep track of a clock. The potential uses of this extension are demonstrated by: (1) formalizing a functionality for (semi-)synchronous secure message transmission; (2) formalizing the notion of time-lock puzzles in the UC setting and showing how to realize it in the restricted programmable and observable global random oracle model; (3) showing that UC time-lock puzzles yield UC-secure fair coin flips; (4) showing that UC-secure two-party computation realizing a new notion of output-independent abort can be obtained leveraging composable time-lock puzzles. Finally, we show that a programmable random oracle is necessary to obtain UC-secure fair coin flip, secure two-party computation with output-independent abort or time-lock puzzles, which yields a new separation between programmable and non-programmable random oracles.
    Expand
    Carlos Cid, Lorenzo Grassi, Reinhard Lüftenegger, Christian Rechberger, Markus Schofnegger
    ePrint Report ePrint Report
    Higher-order differential attacks are among the most powerful attacks against low-degree ciphers and hash functions. Predicting the evolution of the algebraic degree of the cipher (as a function of the number of rounds) is the main obstacle in assessing the feasibility of these attacks. For an SPN cipher over a finite field $\mathbb F$ of characteristic 2 with round function of algebraic degree $\delta$, it is a common belief that the degree of the cipher grows almost exponentially with $\delta$. However, for an iterated Even--Mansour cipher whose round function can be described as an invertible low-degree polynomial over $\mathbb F_{2^n}$ it has recently been shown that the algebraic degree grows linearly with the number of rounds, and not exponentially.

    In this paper we generalise these results for SPN ciphers, showing that the growth of the algebraic degree is often linear for SPN ciphers with low-degree S-Boxes as well. We prove that the initial exponential growth of the degree turns into a linear growth after a certain number of rounds. Our analysis includes iterated Even--Mansour and MiMC-like ciphers as a special case, but most notably it also applies to SPN ciphers designed to be competitive for recent applications like MPC, FHE, SNARKs, and STARKs (e.g., HadesMiMC). Our findings have been practically verified on small-scale ciphers.
    Expand
    Geoffroy Couteau, Shuichi Katsumata, Bogdan Ursu
    ePrint Report ePrint Report
    We provide two new constructions of non-interactive zero-knowledge arguments (NIZKs) for NP from discrete-logarithm-style assumptions over cyclic groups, without relying on pairings. A previous construction from (Canetti et al., Eurocrypt'18) achieves such NIZKs under the assumption that no efficient adversary can break the key-dependent message (KDM) security of (additive) ElGamal with respect to all (even inefficient) functions over groups of size $2^\lambda$, with probability better than $\mathsf{poly}(\lambda)/2^{\lambda}$. This is an extremely strong, non-falsifiable assumption. In particular, even mild (polynomial) improvements over the current best-known attacks on the discrete logarithm problem would already contradict this assumption. (Canetti et al. STOC'19) describe how to improve the assumption to rely only on KDM security with respect to efficient functions while additionally assuming public-key encryption schemes, therefore obtaining an assumption that is (in spirit) falsifiable.

    Our first construction improves this state of affairs. We provide a construction of NIZKs for NP under the CDH assumption together with the assumption that no efficient adversary can break the key-dependent message one-wayness of ElGamal with respect to efficient functions over groups of size $2^\lambda$, with probability better than $\mathsf{poly}(\lambda)/2^{c\lambda}$ (denoted $2^{-c\lambda}$-OWKDM), for a constant $c = 3/4$. Unlike the previous assumption, our assumption leaves an exponential gap between the best-known attack and the required security guarantee.

    Our second construction is interested in the case where CDH does not hold. Namely, as a second contribution, we construct an infinitely often NIZK argument system for NP (where soundness and zero-knowledge are only guaranteed to hold for infinitely many security parameters), under the assumption that CDH is easy together with the $2^{-c\lambda}$-OWKDM security of ElGamal with $c = 28/29+o(1)$ and the existence of low-depth pseudorandom generators (PRG).

    Combining our two results, we obtain a construction of (infinitely-often) NIZKs for NP under the $2^{-c\lambda}$-OWKDM security of ElGamal with $c = 28/29+o(1)$ and the existence of low-depth PRG, independently of whether CDH holds. To our knowledge, since neither OWKDM security of ElGamal nor low-depth PRGs are known to imply public key encryption, this provides the first construction of NIZKs from concrete and falsifiable Minicrypt-style assumptions.
    Expand
    Peter Schwabe, Douglas Stebila, Thom Wiggers
    ePrint Report ePrint Report
    We present KEMTLS, an alternative to the TLS 1.3 handshake that uses key-encapsulation mechanisms (KEMs) instead of signatures for server authentication. Among existing post-quantum candidates, signature schemes generally have larger public key/signature sizes compared to the public key/ciphertext sizes of KEMs: by using an IND-CCA-secure KEM for server authentication in post-quantum TLS, we obtain multiple benefits. A size-optimized post-quantum instantiation of KEMTLS requires less than half the bandwidth of a size-optimized post-quantum instantiation of TLS 1.3. In a speed-optimized instantiation, KEMTLS reduces the amount of server CPU cycles by almost 90% compared to TLS 1.3, while at the same time reducing communication size, reducing the time until the client can start sending encrypted application data, and eliminating code for signatures from the server's trusted code base.
    Expand
    Foteini Baldimtsi, Varun Madathil, Alessandra Scafuro, Linfeng Zhou
    ePrint Report ePrint Report
    When Proof-of-Stake (PoS) underlies a consensus protocol, parties who are eligible to participate in the protocol are selected via a public selection function that depends on the stake they own. Identity and stake of the selected parties must then be disclosed in order to allow verification of their eligibility, and this can raise privacy concerns. In this paper, we present a modular approach for addressing the identity leaks of selection functions, decoupling the problem of implementing an anonymous selection of the participants, from the problem of implementing others task, e.g. consensus. We present an ideal functionality for anonymous selection that can be more easily composed with other protocols. We then show an instantiation of our anonymous selection functionality based on the selection function of Algorand.
    Expand
    Dominik Harz, Lewis Gudgeon, Rami Khalil, Alexei Zamyatin
    ePrint Report ePrint Report
    Collateral employed in cryptoeconomic protocols protects against the misbehavior of economically rational agents, compensating honest users for damages and punishing misbehaving parties. The introduction of collateral, however, carries three disadvantages: (i) requiring agents to lock up a substantial amount of collateral can be an entry barrier, limiting the set of candidates to wealthy agents; (ii) affected agents incur ongoing opportunity costs as the collateral cannot be utilized elsewhere; and (iii) users wishing to interact with an agent on a frequent basis (e.g., with a service provider to facilitate second-layer payments), have to ensure the correctness of each interaction individually instead of subscribing to a service period in which interactions are secured by the underlying collateral.

    We present Promise, a subscription mechanism to decrease the initial capital requirements of economically rational service providers in cryptoeconomic protocols. The mechanism leverages future income (such as service fees) prepaid by users to reduce the collateral actively locked up by service providers, while sustaining secure operation of the protocol. Promise is applicable in the context of multiple service providers competing for users. We provide a model for evaluating its effectiveness and argue its security. Demonstrating Promise's applicability, we discuss how Promise can be integrated into a cross-chain interoperability protocol, XCLAIM, and a second-layer scaling protocol, NOCUST. Last, we present an implementation of the protocol on Ethereum showing that all functions of the protocol can be implemented in constant time complexity and Promise only adds USD 0.05 for a setup per user and service provider and USD 0.01 per service delivery during the subscription period.
    Expand
    Serge Vaudenay
    ePrint Report ePrint Report
    The COVID-19 pandemic created a noticeable challenge to the cryptographic community with the development of contact tracing applications. The media reported a dispute between designers proposing a centralized or a decentralized solution (namely, the PEPP-PT and the DP3T projects). Perhaps, the time constraints to develop and deploy efficient solutions led to non-optimal (in terms of privacy) solutions. Moreover, arguments have been severely biased and the scientific debate did not really happen until recently. In this paper, we show the vulnerabilities and the advantages of both solutions systematically. We believe that none offers any sufficient level of privacy protection and the decision to use one or another is as hard as using automated contact tracing at the first place. A third way could be explored. We list here a few possible directions.
    Expand

    06 May 2020

    Mathias Soeken
    ePrint Report ePrint Report
    We present a constructive SAT-based algorithm to determine the multiplicative complexity of a Boolean function, i.e., the smallest number of AND gates in any logic network that consists of 2-input AND gates, 2-input XOR gates, and inverters. In order to speed-up solving time, we make use of several symmetry breaking constraints; these exploit properties of XAGs that may be useful beyond the proposed SAT-based algorithm. We further propose a heuristic post-optimization algorithm to reduce the number of XOR gates once the optimum number of AND gates has been obtained, which also makes use of SAT solvers. Our algorithm is capable to find all optimum XAGs for representatives of all 5-input affine-equivalent classes, and for a set of frequently occurring 6-input functions.
    Expand
    Moni Naor, Shahar Paz, Eyal Ronen
    ePrint Report ePrint Report
    Password Authenticated Key Exchange (PAKE) protocols allow parties to establish a shared key based only on the knowledge of a password, without leaking any information about it. In this work, we propose a novel notion called ``Identity-based PAKE'' (iPAKE) that is resilient to the compromise of one or more parties. iPAKE protocols protect all parties in a symmetric setting, whereas in Asymmetric PAKE (aPAKE) only one party (a server) is protected. Binding each party to its identity prevents impersonation between devices with different roles and allows the revocation of compromised parties.

    We further strengthen the notion by introducing ``Strong iPAKE'' (siPAKE), similar to ``Strong aPAKE'' (saPAKE), which is additionally immune to pre-computation. To mount an (inevitable) offline dictionary attack, an adversary must first compromise a device and only then start an exhaustive search over the entire password dictionary. Rather than storing its password in the clear, each party derives a password file using its identity and a secret random salt (``salted hash''). Although the random salts are independently selected, any pair of parties is able to establish a cryptographically secure shared key from these files.

    We formalize iPAKE and siPAKE notions in the Universally Composable (UC) framework and propose a compiler from PAKE to iPAKE using Identity-Based Key-Agreement. We then present CRISP: a construction of siPAKE from any PAKE using bilinear groups with ``Hash2Curve''. We prove CRISP's UC-security in the Generic Group Model (GGM) and show that each offline password guess requires at least one pairing operation.
    Expand
    Joseph K. Liu, Man Ho Au, Tsz Hon Yuen, Cong Zuo, Jiawei Wang, Amin Sakzad, Xiapu Luo, Li Li
    ePrint Report ePrint Report
    In this paper, we propose a privacy-preserving contact tracing app for COVID-19. The app allows users to be notified, if they have been a close contact with a confirmed patient. Our protocol is the most comprehensive and balanced privacy-preserving contact tracing solution to date.

    Our protocol strikes a balance between security, privacy and scalability. In terms of privacy, it allows all users to hide his past location and contact history with respect to the Government. Yet, all users can check whether he had a close contact with a confirmed patient without learning the identity of the patient. We use a zero-knowledge protocol to ensure that user privacy is protected. In terms of security, no user can send fake message to the system to launch a false positive attack. We give a formal security model and give a security proof for our protocol. In terms of scalability, we have implemented our protocol into Android smartphone and our evaluation result shows its practicality.
    Expand

    05 May 2020

    Alin Tomescu, Ittai Abraham, Vitalik Buterin, Justin Drake, Dankrad Feist, Dmitry Khovratovich
    ePrint Report ePrint Report
    An aggregatable subvector commitment (aSVC) scheme is a vector commitment (VC) scheme that can aggregate multiple proofs into a single, small subvector proof. In this paper, we formalize aSVCs, give an efficient construction in prime-order groups from constant-sized polynomial commitments and use it to bootstrap a highly-efficient stateless cryptocurrency.

    Our aSVC supports (1) computing all $n$ $O(1)$-sized proofs in $O(n\log{n})$ time, (2) updating a proof in $O(1)$ time and (3) aggregating $b$ proofs into an $O(1)$-sized subvector proof in $O(b\log^2{b})$ time. Importantly, our scheme has an $O(n)$-sized proving key, an $O(1)$-sized verification key and $O(1)$-sized update keys. In contrast, previous schemes with constant-sized proofs in prime-order groups either (1) require $O(n^2)$ time to compute all proofs, (2) require $O(n)$-sized update keys to update proofs in $O(1)$ time, or (3) do not support aggregating proofs. Furthermore, schemes based on hidden-order groups either (1) have larger concrete proof size and computation time, or (2) do not support proof updates.

    We use our aSVC to obtain a stateless cryptocurrency with very low communication and computation overheads. Specifically, our constant-sized, aggregatable proofs reduce each block's proof overhead to just one group element, which is optimal. In contrast, previous work required $O(b\log{n})$ group elements, where $b$ is the number of transactions per block. Furthermore, our smaller proofs reduce the block verification time from $O(b\log{n})$ pairings to just two pairings and an $O(b)$-sized multi-exponentiation. Lastly, our aSVC's smaller update keys only take up $O(b)$ block space, compared to $O(b\log{n})$ in previous work. Also, their zverifiability reduces miner storage from $O(n)$ to $O(1)$. The end result is a stateless cryptocurrency that concretely and asymptotically outperforms the state of the art
    Expand