IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
01 October 2020
Abu Dhabi, United Arab Emirates, 27 January - 28 January 2021
Event CalendarSubmission deadline: 15 November 2020
Notification: 15 December 2020
University of Florida, Gainesville, FL, USA
Job PostingClosing date for applications:
Contact: Prof. Mark Tehranipoor tehranipoor@ufl.edu
More information: http://tehranipoor.ece.ufl.edu/
Singapore University of Technology and Design (SUTD), Singapore
Job PostingClosing date for applications:
Contact: Prof. Jianying Zhou (jianying_zhou@sutd.edu.sg)
More information: http://jianying.space/
Graz University of Technology, Graz, Austria
Job Posting- Formal Methods and Security
- Privacy Technologies
- Systems Security
- Usable Security & Privacy
The professorship will be part of the Institute of Applied Information Processing and Communications, which is an internationally visible research environment with more than 60 researchers in information security. The institute collaborates closely with research groups and industry partners around the globe. It is a central part of the recently established Cybersecurity Campus Graz, which unites basic research, education, technology transfer, and industry partners in cybersecurity all under one roof.
The new professor will build an internationally visible group, and will be an engaged teacher in the Computer Science programs at the Bachelor’s, Master’s, and PhD level. At Graz University of Technology, undergraduate courses are taught in German or English and graduate courses are taught in English.
Closing date for applications:
Contact: For further question, please contact Stefan Mangard / stefan.mangard@iaik.tugraz.at
The application should be sent to the Dean of the Department of Computer Science and Biomedical Engineering at applications.csbme@tugraz.at until 26.11.2020 referencing to 7050/20/035
More information: https://www.tugraz.at/fakultaeten/csbme/news/jobs-grants-calls/tenure-track-professor-in-security-and-privacy/
Cryptology and Data Security Group, University of Bern, Bern, Switzerland
Job PostingPh.D. positions in cryptography and security, with focus on distributed protocols and blockchain Cryptology and Data Security Group, University of Bern Ph.D. positions are available in the Cryptology and Data Security research group at the Institute of Computer Science, University of Bern, led by Christian Cachin.
Our research addresses all aspects of security in distributed systems, especially cryptographic protocols, consistency, consensus, and cloud-computing security. We are particularly interested in blockchains, distributed ledger technology, cryptocurrencies, and their security and economics.
Candidates should have a strong background in computer science. They should like conceptual, rigorous thinking for working theoretically, or be interested in building innovative systems for working practically. Demonstrated expertise in cryptography, distributed computing, or blockchain technology is a plus. Applicants must hold a master degree in the relevant research fields.
Positions are available starting January 2021 and come with a competitive salary. The selection process runs until suitable candidates have been found. The University of Bern conducts excellent research and lives up its vision that “Knowledge generates value”. The city of Bern lies in the center of Switzerland and offers some of the highest quality of life worldwide.
If you are interested, please apply be sending email with one single PDF file and subject line set to Application for Ph.D., addressed directly to Prof. Christian Cachin at crypto (at) inf.unibe.ch.
Since we receive many applications, we encourage you to include material that demonstrates your interests and strengths and sets you apart from others.
For more information, please contact Christian Cachin (https://crypto.unibe.ch/cc/).
Closing date for applications:
Contact: Christian Cachin
More information: https://crypto.unibe.ch/jobs
30 September 2020
Shoei Nashimoto, Daisuke Suzuki, Rei Ueno, Naofumi Homma
ePrint ReportYuan Yao, Tarun Kathuria, Baris Ege, Patrick Schaumont
ePrint ReportMark Zhandry
ePrint ReportCecilia Boschini, Jan Camenisch, Max Ovsiankin, Nicholas Spooner
ePrint ReportKarim Baghery, Alonso González, Zaira Pindado, Carla Ràfols
ePrint ReportNavid Alamati, Luca De Feo, Hart Montgomery, Sikhar Patranabis
ePrint ReportIn this work, we propose a new framework based on group actions that enables the easy usage of a variety of isogeny-based assumptions. Our framework generalizes the works of Brassard and Yung (Crypto90) and Couveignes (Eprint06). We provide new definitions for group actions endowed with natural hardness assumptions that model isogeny-based constructions amenable to group actions such as CSIDH and CSI-FiSh.
We demonstrate the utility of our new framework by leveraging it to construct several primitives that were not previously known from isogeny-based assumptions. These include smooth projective hashing, dual-mode PKE, two-message statistically sender-private OT, and Naor-Reingold style PRF. These primitives are useful building blocks for a wide range of cryptographic applications.
We introduce a new assumption over group actions called Linear Hidden Shift (LHS) assumption. We then present some discussions on the security of the LHS assumption and we show that it implies symmetric KDM-secure encryption, which in turn enables many other primitives that were not previously known from isogeny-based assumptions.
David Lanzenberger, Ueli Maurer
ePrint ReportZvika Brakerski, Pedro Branco, Nico Döttling, Sanjam Garg, Giulio Malavolta
ePrint ReportZvika Brakerski, Nico Döttling
ePrint ReportFor standard LWE (not over rings) entropic results are known, using a ``lossiness approach'' but it was not known how to adapt this approach to the ring setting. In this work we present the first such results, where entropic security is established either under RLWE or under the Decisional Small Polynomial Ratio (DSPR) assumption which is a mild variant of the NTRU assumption.
In the context of general entropic distributions, our results in the ring setting essentially match the known lower bounds (Bolboceanu et al., Asiacrypt 2019; Brakerski and Döttling, Eurocrypt 2020).
Robert Ransom
ePrint ReportOne class of signature protocols, based on the parallel composition of many runs of one or more interactive cut-and-choose protocols, can be modified to enable constant-time verification at low cost by fixing the multiset of challenges which will be chosen at the cut-and-choose step and randomizing only their order based on the hash of the input message. As a side benefit, this technique naturally makes the size and structure of signatures a fixed system parameter, even if the underlying cut-and-choose protocol has different response sizes for each possible challenge at the cut-and-choose step.
When applied to a 5-pass $q2$ interactive protocol, this technique requires essentially no extra rounds due to how fixed-weight binary vectors interact with the Kales--Zaverucha structural attack. Alternatively, when the data which must be transmitted for one of the two possible challenge values is significantly shorter than the other, or can be made so using standard and/or specialized compression techniques, a longer, lower-weight challenge vector can be used to obtain shorter signatures at the cost of more rounds of the underlying interactive protocol, with a much shallower computation-vs.-size tradeoff than the precomputation tree approach used in Picnic2, MUDFISH, and SUSHSYFISH.
As an example, these techniques reduce MQDSS signatures to under 15 kB and PKP-DSS signatures to under 14 kB with NIST Category 1 security against both secret key recovery and signature forgery. Further improvements in design and parameters allow PKP-DSS signatures under 10 kB with a security level and performance acceptable for almost all interactive authentication.
The asymptotic ROM proof of security published with MQDSS remains applicable to the optimized system, but the QROM proofs by Don et al. turn out to be invalid even for unmodified MQDSS.
Vadim Lyubashevsky, Ngoc Khanh Nguyen, Gregor Seiler
ePrint ReportAmos Beimel, Iftach Haitner, Kobbi Nissim, Uri Stemmer
ePrint ReportFocusing on the round complexity of the shuffle model, we ask in this work what can be computed in the shuffle model of differential privacy with two rounds. Ishai et al. showed how to use one round of the shuffle to establish secret keys between every two parties. Using this primitive to simulate a general secure multi-party protocol increases its round complexity by one. We show how two parties can use one round of the shuffle to send secret messages without having to first establish a secret key, hence retaining round complexity. Combining this primitive with the two-round semi-honest protocol of Applebaum, Brakerski, and Tsabary [TCC 2018], we obtain that every randomized functionality can be computed in the shuffle model with an honest majority, in merely two rounds. This includes any differentially private computation.
We hence move to examine differentially private computations in the shuffle model that (i) do not require the assumption of an honest majority, or (ii) do not admit one-round protocols, even with an honest majority. For that, we introduce two computational tasks: common element, and nested common element with parameter $\alpha$. For the common element problem we show that for large enough input domains, no one-round differentially private shuffle protocol exists with constant message complexity and negligible $\delta$, whereas a two-round protocol exists where every party sends a single message in every round. For the nested common element we show that no one-round differentially private protocol exists for this problem with adversarial coalition size $\alpha n$. However, we show that it can be privately computed in two rounds against coalitions of size $cn$ for every $c < 1$. This yields a separation between one-round and two-round protocols. We further show a one-round protocol for the nested common element problem that is differentially private with coalitions of size smaller than $c n$ for all $0 < c < \alpha < 1 / 2$.
Siam Hussain, Baiyu Li, Farinaz Koushanfar, Rosario Cammarota
ePrint ReportRicardo Moura, David R. Matos, Miguel Pardal, Miguel Correia
ePrint ReportShweta Agrawal, Daniel Wichs, Shota Yamada
ePrint ReportOur construction combines three building blocks: a (computational) nearly linear secret sharing scheme with compact shares which we construct from LWE, an inner-product functional encryption scheme with special properties which is constructed from the bilinear Matrix Decision Diffie Hellman (MDDH) assumption, and a certain form of hyperplane obfuscation, which is constructed using the KOALA assumption. While similar to that of Agrawal and Yamada, our construction provides a new understanding of how to decompose the construction into simpler, modular building blocks with concrete and easy-to-understand security requirements for each one. We believe this sheds new light on the requirements for optimal broadcast encryption, which may lead to new constructions in the future.