IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
03 June 2020
Mariya Bessonov, Dima Grigoriev, Vladimir Shpilrain
ePrint ReportMarek Wójtowicz
ePrint Report02 June 2020
Award
The IACR and PKC Steering Committee are pleased to announce the 2020 Test-of-Time award for papers published PKC.
PKC is the International Conference on Practice and Theory in Public Key Cryptography, which was founded in 1998 and became an official IACR event in 2003. The Test-of-Time award recognizes outstanding papers, published in PKC about 15 years ago, making a significant contribution to the theory and practice of public key cryptography, preferably with influence either on foundations or on the practice of the field.
The 2020 award will be given on Wednesday June 3rd at PKC in a virtual Award Ceremony, for papers published in the conference's initial years of early 2000s and late 1990s. In the first few years a number of papers from a few different initial years of PKC can be recognized. Thereafter, the award will typically recognize one year at a time with one or two papers.
The recipients of the 2020 award are:
- On the Security of ElGamal Based Encryption , by Yiannis Tsiounis, and Moti Yung, PKC 1998.
- A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System, by Ivan Damgård, and Mads Jurik, PKC 2001.
- Threshold Signatures , Multisignatures and Blind Signatures based on the Gap-Diffie-Hellman-Group Signature Scheme, by Alexandra Boldyreva, PKC 2003.
Congratulations to these authors for their impactful work! More information about the award can be found at https://iacr.org/meetings/pkc/test_of_time_award/
30 May 2020
Hvar, Croatia, 17 September - 19 September 2020
Event CalendarSubmission deadline: 10 June 2020
Santa Barbara, USA, -
Event CalendarSubmission deadline: 1 June 2021
Notification: 1 July 2021
Cryptanalysis Taskforce @ Nanyang Technological University, Singapore
Job Posting(Yes ! We are still hiring despite COVID-19)
The Cryptanalysis Taskforce at Nanyang Technological University in Singapore led by Prof. Jian Guo is seeking for candidates to fill 3 postdoctoral research fellow positions on symmetric-key cryptography, including but not limited to the following sub-areas:- privacy-preserving friendly symmetric-key designs
- tool aided cryptanalysis, such as MILP, CP, STP, and SAT
- machine learning aided cryptanalysis and designs
- quantum cryptanalysis
- cryptanalysis against SHA-3 and AES
Closing date for applications:
Contact: Asst Prof. Jian Guo, guojian@ntu.edu.sg
Carnegie Mellon University
Job PostingClosing date for applications:
Contact: Vipul Goyal (vipul at cmu.edu)
More information: http://www.cs.cmu.edu/~goyal/
CryptoLux Group, University of Luxembourg
Job PostingThe CryptoLux group of the University of Luxembourg has a vacancy for a post-doctoral researcher in the area of symmetric cryptography. The successful candidate will contribute to a research project entitled "Analysis and Protection of Lightweight Cryptographic Algorithms (APLICA)", which is funded by the Luxembourgish Fonds National de la Recherche and the German Research Foundation. Starting in Fall 2020, APLICA will run over a period of 3 years as a joint research project between the CryptoLux group and the Workgroup for Symmetric Cryptography of Ruhr-University Bochum. The mission of the APLICA project is to develop new cryptanalytic techniques for lightweight authenticated encryption algorithms and hash functions, and to design and implement new countermeasures against side-channel attacks that are suitable for constrained devices.
Candidates must have a Ph.D. degree in symmetric cryptography or a closely related field. Preference will be given to candidates with a strong publication record that includes at least one paper at an IACR-sponsored conference/workshop or one of the top-4 security conferences. Experience in software development for embedded systems or mounting side-channel attacks is a plus. Candidates with an interest to conduct research in one of the following areas are particularly encouraged to apply:
- Cryptanalysis of authenticated encryption algorithms or hash functions
- Leakage resilience or leakage reduction by design (e.g. modes of operation)
- Security evaluation of leakage-resilient primitives or constructions
The position is available from Sept. 2020 on basis of a fixed-term contract for 3 years, which includes a probation period of 6 months. The University of Luxembourg offers excellent working conditions and a highly competitive salary. Interested candidates are invited to send their application by email to Alex Biryukov before June 15, 2020. The application material should contain a cover letter explaining the candidate's research interests, a detailed CV (including photo), a list of publications, scans of diploma certificates, and the names and contact details of 3 referenc
Closing date for applications:
Contact: Prof. Alex Biryukov (alex.biryukov@uni.lu)
More information: https://www.fnr.lu/projects/analysis-and-protection-of-lightweight-cryptographic-algorithms/
28 May 2020
Jason H. M. Ying, Shuwei Cao, Geong Sen Poh, Jia Xu, Hoon Wei Lim
ePrint ReportYao Jiang
ePrint ReportThis paper solves two open problems in updatable encryption, that of uni-directional vs. bi-directional updates, and post-quantum security.
The main result in this paper is to analyze the security notions based on uni- and bi-directional updates. Surprisingly, we prove that uni- and bi-directional variants of each security notion are equivalent.
The second result in this paper is to provide a new and highly efficient updatable encryption scheme based on the Decisional Learning with Error assumption. This gives us post-quantum security. Our scheme is bi-directional, but because of our main result, this is sufficient.
27 May 2020
University of Stuttgart, Germany
Job PostingClosing date for applications:
Contact: Ilia Polian
More information: https://spp-nanosecurity.uni-stuttgart.de/projects/
26 May 2020
Junbin Fang, Dominique Unruh, Jian Weng, Jun Yan, Dehua Zhou
ePrint ReportAs the first step towards studying the possible application of quantum bit commitment in quantum cryptography, in this work we consider replacing the classical bit commitment used in some well-known constructions with a perfectly/statistically-binding quantum bit commitment. We show that (quantum) security can still be fulfilled in particular with respect to zero-knowledge, oblivious transfer, and proofs-of-knowledge. In spite of this, we stress that the corresponding security analyses are by no means a trivial adaptation of their classical counterparts. New techniques are needed to handle possible superposition attacks by the cheating sender of the quantum bit commitments.
Since non-interactive quantum bit commitment schemes can be constructed from general quantum-secure one-way functions, we hope to use quantum bit commitment (rather than the classical one that is still quantum-secure) in cryptographic construction to reduce the round complexity and weaken the complexity assumption simultaneously.
Ben Kreuter, Sarvar Patel, Ben Terner
ePrint ReportViet Tung Hoang, Yaobin Shen
ePrint ReportIvan Damgård, Sophia Yakoubov
ePrint ReportIn this paper, we set out to determine whether we can get ATE with short ciphertexts from standard primitives. We therefore work in a model where we limit reliance on computational assumptions. We do this by demanding information theoretic security given black-box access to limited cryptographic tools such as non-interactive key exchange and pseudorandom generators.
We show that, with access only to idealized two-party key exchange, any secure ATE scheme must produce ciphertexts of size at least (n-t-1)l (where l is the length of the message). If access is additionally given to an idealized PRG, the lower bound on ciphertext size becomes k(n-t)/2 + l (where k is the length of the input to the PRG).
If idealized q-party key exchange for q > 2 is availabe, then we can achieve a constant-size ciphertext, at the cost of invoking the key exchange an exponential number of times. We also prove that, if the size of the ciphertext is optimal (that is, equal to the size of the message), the exponential overhead is unavoidable. Finally, we give some alternative constructions demonstrating that the overhead can be reduced at the cost of slightly larger ciphertext size.
Rachit Garg, George Lu, Brent Waters
ePrint ReportDamg{\aa}rd, Ganesh, and Orlandi (CRYPTO' 19) proposed a novel notion that we will call proof of replication with client setup. Here, a client first operates with secret coins to generate the replicas for a file. Such systems do not inherently have to require fine-grained timing assumptions. At the core of their solution to building proofs of replication with client setup is an abstraction called replica encodings. Briefly, these comprise a private coin scheme where a client algorithm given a file $m$ can produce an encoding $\sigma$. The encodings have the property that, given any encoding $\sigma$, one can decode and retrieve the original file $m$. Secondly, if a server has significantly less than $n \cdot |m|$ bit of storage, it cannot reproduce $n$ encodings. The authors give a construction of encodings from ideal permutations and trapdoor functions.
In this work, we make three central contributions: 1) Our first contribution is that we discover and demonstrate that the security argument put forth by DGO19 is fundamentally flawed. Briefly, the security argument makes assumptions on the attacker's storage behavior that does not capture general attacker strategies. We demonstrate this issue by constructing a trapdoor permutation which is secure assuming indistinguishability obfuscation, serves as a counterexample to their claim (for the parameterization stated). 2) In our second contribution we show that the DGO19 construction is actually secure in the ideal permutation model from any trapdoor permutation when parameterized correctly. In particular, when the number of rounds in the construction is equal to $\lambda \cdot n \cdot b$ where $\lambda$ is the security parameter, $n$ is the number of replicas and $b$ is the number of blocks. To do so we build up a proof approach from the ground up that accounts for general attacker storage behavior where we create an analysis technique that we call ``sequence-then-switch''. 3) Finally, we show a new construction that is provably secure in the random oracle (or random function) model. Thus requiring less structure on the ideal function.
25 May 2020
Sanjam Garg, Romain Gay, Mohammad Hajiabadi
ePrint ReportDiego F. Aranha, Felipe Rodrigues Novaes, Akira Takahashi, Mehdi Tibouchi, Yuval Yarom
ePrint ReportIn this paper, we uncover LadderLeak, a novel class of side-channel vulnerabilities in implementations of the Montgomery ladder used in ECDSA scalar multiplication. The vulnerability is in particular present in several recent versions of OpenSSL. However, it leaks less than $1$ bit of information about the nonce, in the sense that it reveals the most significant bit of the nonce, but with probability $<1$. Exploiting such a mild leakage would be intractable using techniques present in the literature so far. However, we present a number of theoretical improvements of the Fourier analysis approach to solving the HNP (an approach originally due to Bleichenbacher), and this lets us practically break LadderLeak-vulnerable ECDSA implementations instantiated over the sect163r1 and NIST P-192 elliptic curves. In so doing, we achieve several significant computational records in practical attacks against the HNP.
Amit Deo, Benoit Libert, Khoa Nguyen, Olivier Sanders
ePrint ReportTomoki Moriya, Hiroshi Onuki, Tsuyoshi Takagi
ePrint ReportNext, we propose a Naor-Reingold type pseudo random function based on SiGamal. If the P-CSSDDH assumption and the CSSDDH$^*$ assumption, which guarantees the security of CSIDH that uses a prime $p$ in the setting of SiGamal, hold, then our proposed function is a pseudo random function. Moreover, we estimate computational costs of group actions to compute our proposed PRF are about $\sqrt{\frac{8T}{3\pi}}$ times than that of the group action in CSIDH, where $T$ is the Hamming weight of input of the PRF.
Finally, we experimented group actions in SiGamal and C-SiGamal. In our experimentation, the computational costs of group actions in SiGamal-512 with a $256$-bit plaintext message space are about $2.62$ times that of a group action in CSIDH-512.