IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
06 July 2020
Luka Music, Céline Chevalier, Elham Kashefi
ePrint ReportHowever, the reality is much more complex. Security models dealing with superposition attacks only consider unconditional security. Conversely, security models considering computational security assume that all supposedly classical messages are measured, which forbids by construction the analysis of superposition attacks. Boneh and Zhandry have started to study the quantum computational security for classical primitives in their seminal work at Crypto'13, but only in the single-party setting. To the best of our knowledge, an equivalent model in the multiparty setting is still missing.
In this work, we propose the first computational security model considering superposition attacks for multiparty protocols. We show that our new security model is satisfiable by proving the security of the well-known One-Time-Pad protocol and give an attack on a variant of the equally reputable Yao Protocol for Secure Two-Party Computations. The post-mortem of this attack reveals the precise points of failure, yielding highly counter-intuitive results: Adding extra classical communication, which is harmless for classical security, can make the protocol become subject to superposition attacks. We use this newly imparted knowledge to construct the first concrete protocol for Secure Two-Party Computation that is resistant to superposition attacks. Our results show that there is no straightforward answer to provide for either the vulnerabilities of classical protocols to superposition attacks or the adapted countermeasures.
Marc Abboud, Thomas Prest
ePrint ReportTal Moran, Daniel Wichs
ePrint ReportThe recent work of Damg\aa{}rd, Ganesh and Orlandi (CRYPTO '19) defined a variant of incompressible encodings as a building block for ``proofs of replicated storage''. They constructed incompressible encodings in an ideal permutation model, but it was left open if they can be constructed under standard assumptions, or even in the more basic random-oracle model. In this work, we undertake the comprehensive study of incompressible encodings as a primitive of independent interest and give new constructions, negative results and applications:
* We construct incompressible encodings in the common random string (CRS) model under either Decisional Composite Residuosity (DCR) or Learning with Errors (LWE). However, the construction has several drawbacks: (1) it is not composable, (2) it only achieves selective security, and (3) the CRS is as long as the data $m$. * We leverage the above construction to also get a scheme in the random-oracle model, under the same assumptions, that avoids all of the above drawbacks. Furthermore, it is significantly more efficient than the prior ideal-model construction. * We give black-box separations, showing that incompressible encodings in the plain model cannot be proven secure under any standard hardness assumption, and incompressible encodings in the CRS model must inherently suffer from all of the drawbacks above. * We give a new application to ``big-key cryptography in the bounded-retrieval model'', where secret keys are made intentionally huge to make them hard to exfiltrate. Using incompressible encodings, we can get all the security benefits of a big key without wasting storage space, by having the key to encode useful data.
Luca Frittoli, Matteo Bocchi, Silvia Mella, Diego Carrera, Beatrice Rossi, Pasqualina Fragneto, Ruggero Susella, Giacomo Boracchi
ePrint Report03 July 2020
KU Leuven, Belgium
Job PostingThe Innovation Manager will identify opportunities for bilateral projects and research platforms, technology transfer, and potentially spin-off companies, including the definition of licenses, patents or other forms of valorization. All these tasks are executed in coordination with KU Leuven Research and Development. In particular, the Innovation Manager will assist in defining and maintaining a strategic research agenda to create a continuum between fundamental research, strategic research and applied research.
The lndustrial Research Fund (lOF) of KU Leuven forms a bridge between strategic basic research, technological innovations and industrial collaborations. Based on cooperations with KU Leuven research groups and different stakeholders from industry and society, we aim to broaden our valorization portfolio and to increase the transfer of knowledge. We have a team of more than 40 experienced innovation managers involved in the development of practical and innovative technological solutions based on the expertise and infrastructure of the research groups within KU Leuven.
Profile
- PhD or equivalent research expertise in applied cryptography
- Preferably industrial experience
- At least a high level understanding or parts of MPC, FHE, PQC, TEE
- Experience in valorization of research results
- Creative, enthusiastic, with a strong commitment to research valorization
- Proactive, entrepreneurial mindset
- Strong communication skills, including international and intercultural
- Willing to travel globally
Closing date for applications:
Contact: Nigel Smart (nigel.smart@kuleuven.be) Ingrid Verbauwhede (ingrid.verbauwhede@kuleuven.be) Frederik Vercauteren (frederik.vercauteren@kuleuven.be)
More information: https://www.kuleuven.be/personeel/jobsite/jobs/55715055
01 July 2020
London, United Kingdom, 30 November - 1 December 2020
Event CalendarSubmission deadline: 24 August 2020
Notification: 1 October 2020
Aizuwakamatsu, Japan, 30 January - 2 February 2020
Event CalendarSubmission deadline: 20 July 2020
Notification: 15 September 2020
30 June 2020
Fujitsu Laboratories of America
Job PostingProfile Description:
- Proven experience in production quality software development.
- Previous experience and code contributions to open source projects is a plus.
- Experience in implementation of cryptographic libraries.
- Graduate level knowledge of crypto theory. Familiarity with threshold cryptosystems and multiparty protocols (MPC). Academic publications in Crypto/Security is a plus.
- Experience in design and implementation of large software systems and writing secure code in C/C++/Rust/Golang.
- Familiarity with blockchain systems such as Hyperledger Fabric and/or Ethereum.
- Ability to meet deliverables and deadlines with minimal supervision.
- Fluent in written and spoken english.
Deadline for Application: Open until the position is filled.
Start Date: Immediate, but flexible.
Salary: Very attractive, depends on experience.
Closing date for applications:
Contact: Avradip Mandal, Researcher. amandal@fujitsu.com
Max Planck Institute for Security and Privacy
Job PostingThe Max Planck Institute (MPI) for Security and Privacy is looking for motivated students to apply for a Ph.D. program. The research will be conducted on the theory of cryptography and computer security and more specifically in one of the following topics:
The ideal candidate shall satisfy the following requirements:
The MPI for Security and Privacy is co-located with the Ruhr University of Bochum (Germany) and offers a vibrant atmosphere for research that spans across all aspects of computer security. The Ph.D. program is entirely in English and the knowledge of German is not required for a successful career at MPI.
The position is fully funded (100%) and paid according to the E-13 pay category. The starting date if flexible but ideally somewhere in fall 2020. To apply for the position, send an email to Giulio Malavolta (address below) including the following documents:If you have any question, don’t hesitate to get in touch.
Closing date for applications:
Contact: Giulio Malavolta (giulio.malavolta@berkeley.edu)
More information: https://www.mpi-sp.org/
Huawei Technologies Duesseldorf Gmbh (Munich Research Center, Germany)
Job Posting• Identifying weaknesses in existing 3GPP radio access network technologies including 4G and 5G (NR). • Develop and promote proposals to mitigate the security/privacy issues identified. • Cooperate with universities and other eco-system partners on security research and analysis • Help shape the industry with new innovation via standardization bodies e.g. 3GPP, ETSI, etc. • Engage with customers and regulators in order to help shape a secure ICT world. • Work with the world leading researchers across the world on the most advanced technologies including AI, IoT under the scope of 5G. • Help steer our 5G products and solutions security. • Provide analysis and insight of industry trends. • Generate product security roadmap recommendations.
Our requirements:• PhD in computer science or advanced PhD with focus on telecommunication security (preferably radio access technologies, the 3GPP air-interface protocol stack). • Several years of experience in network security research, specifically in the domains of protocol analysis, vulnerability detection, protocol correctness, protocol verification, etc. • Several years of experience researching and developing tools/demos/PoCs which demonstrate the impact of such security issues (vulnerabilities) on the network. • Several years of experience researching and implementing mitigation solutions (PoC/Demo level) for protocol vulnerabilities including algorithms development, performance/cost and impact analysis of algorithms implementation. • Openness to work in a diversified work environment with unique work cultures. • Experience in presenting technical information to both technical and non-technical audience. • Fluent in English (written and spoken).
Must be eligible to work in the EU to be considered for this position.
By applying to this position, you agree with our PRIVACY STATEMENT. You can read in full our privacy policy via the link below.
https://career.huawei.com/reccampportal/portal5/grcprivacy.html For further information on the requirements please click on the link below: https://apply.workaClosing date for applications:
Contact: Viet-Duc Benedikt Lai duc.lai.ext@huawei.com
More information: https://apply.workable.com/j/64698ECA7B
Indian Institute of Technology Delhi (Workplace: IIT Bhilai, Raipur)
Job PostingFunding Agency: Ministry of Communication and Information Technology
Tentative Duration: Upto:31/03/2021Qualifications: B. Tech. (with GATE qualification) / MSc. (with NET/SET qualification) / M.C.A. (with GATE* qualification) 1st class or equivalent in the appropriate discipline.
Desirables: Basic knowledge of cryptography or some experience with using RFID tags or experience on some Raspberry based project or using Trusted Platform Modules (TPMs)
Note: The requirement of qualifying NET/SET/GATE qualification may be relaxed by the Committee in case of highly meritorious candidates.
Closing date for applications:
Contact:
Dr. Dhiman Saha,
Department of Electrical Engineering and Computer Science,
Indian Institute of Technology Bhilai.
email: dhiman [at] iitbhilai [dot] ac [dot] in
For more info about the research group and other opportunities visit: http://de.ci.phe.red
More information: http://ird.iitd.ac.in/sites/default/files/jobs/project/IITD-IRD-100-2020.pdf
Lior Rotem, Gil Segev
ePrint ReportWe prove sharp thresholds on the sequentiality of all generic-ring delay functions relative to an RSA modulus based on the hardness of factoring in the standard model. In particular, we show that generically speeding-up repeated squaring (even with a preprocessing stage and any polynomial number parallel processors) is equivalent to factoring.
More generally, based on the (essential) hardness of factoring, we prove that any generic-ring function is in fact a delay function, admitting a sharp sequentiality threshold that is determined by our notion of sequentiality depth. Moreover, we show that generic-ring functions admit not only sharp sequentiality thresholds, but also sharp pseudorandomness thresholds.
Mikhail Volkhov, Markulf Kohlweiss
ePrint ReportShuyang Tang
ePrint ReportMichael Klooß
ePrint ReportMichel Abdalla
ePrint ReportBrett Hemenway Falk, Rafail Ostrovsky
ePrint ReportIn this work, we show that advances in secure multiparty shuffling algorithms can be used to increase the efficiency of several key cryptographic tools.
The key observation is that many secure computation protocols rely heavily on secure shuffles. The best data-oblivious shuffling algorithms require $O(n \log n)$, operations, but in the two-party or multiparty setting, secure shuffling can be achieved with only $O(n)$ communication.
Leveraging the efficiency of secure multiparty shuffling, we give novel algorithms that improve the efficiency of securely sorting sparse lists, secure stable compaction, and securely merging two sorted lists.
Securely sorting private lists is a key component of many larger secure computation protocols. The best data-oblivious sorting algorithms for sorting a list of $n$ elements require $O(n \log n)$ comparisons. Using black-box access to a linear-communication secure shuffle, we give a secure algorithm for sorting a list of length $n$ with $t \ll n$ nonzero elements with communication $O(t \log^2 n + n)$, which beats the best oblivious algorithms when the number of nonzero elements, $t$, satisfies $t < n/\log^2 n$.
Secure compaction is the problem of removing dummy elements from a list, and is essentially equivalent to sorting on 1-bit keys. The best oblivious compaction algorithms run in $O(n)$-time, but they are unstable, i.e., the order of the remaining elements is not preserved. Using black-box access to a linear-communication secure shuffle, we give a stable compaction algorithm with only $O(n)$ communication.
Our main result is a novel secure merge protocol. The best previous algorithms for securely merging two sorted lists into a sorted whole required $O(n \log n)$ secure operations. Using black-box access to an $O(n)$-communication secure shuffle, we give the first secure merge algorithm that requires only $O(n \log \log n)$ communication. Our algorithm takes as input $n$ secret-shared values, and outputs a secret-sharing of the sorted list.
All our algorithms are generic, i.e., they can be implemented using generic secure computations techniques and make black-box access to a secure shuffle.
Our techniques extend naturally to the multiparty situation (with a constant number of parties) as well as to handle malicious adversaries without changing the asymptotic efficiency.
These algorithm have applications to securely computing database joins and order statistics on private data as well as multiparty Oblivious RAM protocols.