IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
27 December 2020
Daniel J. Bernstein
ePrint ReportShumo Chu, Qiudong Xia, Zhenfei Zhang
ePrint ReportWen-jie Lu, Zhicong Huang, Cheng Hong, Yiping Ma, Hunter Qu
ePrint ReportAlexander R. Block, Simina Branzei, Hemanta K. Maji, Himanshi Mehta, Tamalika Mukherjee, Hai H. Nguyen
ePrint ReportOur work encodes joint probability distributions and Boolean functions as equivalent bipartite graphs and studies the $P_4$-free partition and cover numbers of these graphs. Leveraging this connection, we present representative applications of these graph properties and their estimates to information-theory and circuit complexity. For applications in information theory, we consider a system where a setup samples from a joint distribution and gives the participants, Alice and Bob, their portion from this joint sample. The objective of Alice and Bob is to non-interactively establish a shared key and extract the left-over entropy from their portion of the samples as independent private randomness. A genie, who observes the joint sample, provides an appropriate assistance to help Alice and Bob with their objective. Lower bounds to the minimum size of the genie's assistance translates into communication and cryptographic lower bounds. We show that (the $\log_2$ of) the $P_4$-free partition number of a graph encoding the joint distribution that the setup uses is equivalent to the size of the genie's assistance. Consequently, the joint distributions corresponding to the bipartite graphs constructed above with high $P_4$-free partition number correspond to joint distributions requiring more assistance from the genie.
As a representative application in communication complexity, we study communication complexity of non-deterministic protocols augmented by access to the equality oracle at the output. We show that (the $\log_2$ of) the $P_4$-free cover number of the bipartite graph encoding a Boolean function $f$ is equivalent to the minimum size of the non-deterministic input required by the parties (referred to as the communication complexity of $f$ in this model). Consequently, the functions corresponding to the bipartite graphs with high $P_4$-free cover number have high communication complexity. Furthermore, there are functions with communication complexity close to the \naive protocol where the non-deterministic input reveals the input of a party. Finally, the access to the equality oracle reduces the communication complexity of computing set intersection and disjointness by a constant factor in contrast to the model where parties do not have access to the equality oracle. In the case of computing the inequality function, we show an exponential reduction in the communication complexity.
Andrei Lapets, Wyatt Howe, Ben Getchell, Frederick Jansen
ePrint ReportTakashi Nishide
ePrint ReportAurélien Greuet, Simon Montoya, Guénaël Renault
ePrint ReportRami Khalil, Naranker Dulay
ePrint ReportUnai Rioja, Lejla Batina, Jose Luis Flores, Igor Armendariz
ePrint ReportThe goal of this paper is to ease one of the most crucial and tedious steps of profiling attacks i.e. the points of interest (POI) selection and hence assist the SCA evaluation process. To this end, we introduce the usage of Estimation of Distribution Algorithms (EDAs) in the SCA field in order to automatically tune the point of interest selection. We showcase our approach on several experimental use cases, including attacks on unprotected and protected AES implementations over distinct copies of the same device, dismissing in this way the portability issue.
24 December 2020
Samuel Dittmer, Yuval Ishai, Steve Lu, Rafail Ostrovsky, Mohamed Elsabagh, Nikolaos Kiourtis, Brian Schulte, Angelos Stavrou
ePrint ReportManoj Kumar, Tarun Yadav
ePrint ReportAbderrahmane Nitaj, Willy Susilo, Joseph Tonien
ePrint ReportKinan Dak Albab, Rawane Issa, Mayank Varia, Kalman Graffi
ePrint ReportIn this work, we present an efficient PIR protocol that combines all of the above techniques to achieve constant amortized communication and computation complexity in the size of the database, and is the first to scale to more than $10^5$ queries per second deployed on an AWS micro instance. Our protocol also builds upon a new secret sharing scheme that is both incremental and non-malleable, which may be of interest to a wider audience. We leverage differentially private leakage in order to provide better trade-offs between privacy and efficiency. Our protocol provides security up to abort against malicious adversaries that can corrupt all but one party.
Tingting Guo, Peng Wang, Lei Hu, Dingfeng Ye
ePrint ReportHyungChul Kang, Joon-Woo Lee, Yongwoo Lee, Young-Sik Kim, Jong-Seon No
ePrint ReportEdward Eaton, David Jao, and Chelsea Komlo
ePrint ReportWe begin by formalizing two UPKE variants presented in the literature as Symmetric and Asymmetric UPKE. At a fundamental level, these variants differ in how encryption and decryption keys are updated, and consequently impact the design and security model for quantum-safe constructions.
We demonstrate that Asymmetric UPKE cannot be instantiated using existing isogeny-based constructions. We then describe a SIDH-based Symmetric UPKE construction that is possible in theory but requires improving existing mathematical limitations before a practical implementation is possible. Finally, we present a CSIDH-based Symmetric UPKE construction that can be instantiated using a parameter set in which the class group structure is fully known to ensure efficient uniform sampling and canonical representation to prevent leakage of secret keys. We discuss several open problems which are applicable to any cryptosystem with similar requirements for continuous operations over elements in the secret domain.
Elaine Shi, Waqar Aqeel, Balakrishnan Chandrasekaran, Bruce Maggs
ePrint ReportSeveral recent works have shown, however, that by introducing a one-time, per-client, off-line preprocessing phase, an \emph{unbounded} number of client queries can be subsequently served with sublinear on-line computation time per query (and the cost of the preprocessing can be amortized over the unboundedly many queries). Unfortunately, existing preprocessing PIRs make undesirable tradeoffs to achieve sublinear online computation: they either require $\sqrt{n}$ or more bandwidth per query, which is asymptotically worse than classical PIR schemes, or they require the servers to store a linear amount state per client (or even per query), or require polylogarithmically many non-colluding servers.
We propose a novel 2-server preprocessing PIR scheme that achieves $\widetilde{O}(\sqrt{n})$ online computation per query, while preserving the polylogarithmic online bandwidth of classical PIR schemes. In our construction, each server stores only the original database and nothing extra, and each online query is served within a single round trip. Our construction relies on the standard LWE assumption. As an important stepping stone, we propose new, more generalized definitions for a cryptographic object called a Privately Puncturable Pseudorandom Set, and give novel constructions that depart significantly from prior approaches.
Kai-Min Chung, T-H. Hubert Chan, Ting Wen, Elaine Shi (random author ordering)
ePrint ReportIn a game theoretically fair leader election protocol, roughly speaking, we want that even majority coalitions cannot increase its own chance of getting elected, nor hurt the chance of any honest individual. The folklore tournament-tree protocol, which completes in logarithmically many rounds, can easily be shown to satisfy game theoretic security. To the best of our knowledge, no sub-logarithmic round protocol was known in the setting that we consider.
We show that by adopting an appropriate notion of approximate game-theoretic fairness, and under standard cryptographic assumption, we can achieve $(1-1/2^{\Theta(r)})$-fairness in $r$ rounds for $\Theta(\log \log n) \leq r \leq \Theta(\log n)$, where $n$ denotes the number of players. In particular, this means that we can approximately match the fairness of the tournament tree protocol using as few as $O(\log \log n)$ rounds. We also prove a lower bound showing that logarithmically many rounds is necessary if we restrict ourselves to ``perfect'' game-theoretic fairness and protocols that are ``very similar in structure'' to the tournament-tree protocol.
Although leader election is a well-studied problem in other contexts in distributed computing, our work is the first exploration of the round complexity of {\it game-theoretically fair} leader election in the presence of a possibly majority coalition. As a by-product of our exploration, we suggest a new, approximate game-theoretic fairness notion, called ``approximate sequential fairness'', which provides a more desirable solution concept than some previously studied approximate fairness notions.
22 December 2020
Max Planck Institutes in Computer Science, Germany
Job PostingLooking for a top PhD program in English that you can start after BSc or MSc?
CS@max planck is a highly selective doctoral program that grants admitted students full financial support to pursue research in the broad area of computer and information science, with faculty at Max Planck Institutes and some of the best German universities. The faculty at the Max Planck Institute for Security and Privacy (MPI-SP) is also part of this program.
To qualify for the program, students must hold a Bachelor’s or Master’s degree in computer science (or a related field) and have an outstanding academic record. We especially encourage applications from students who wish to explore research across the CS spectrum before committing to a topic and advisor.
For more information about CS@max planck, see here: https://www.cis.mpg.de/graduate-programs/cs-max-planck
The next upcoming application deadline is 31 December 2020.
Closing date for applications:
Contact: csmaxplanck@cis.mpg.de
More information: https://www.cis.mpg.de/graduate-programs/cs-max-planck
University of Surrey, Guildford, United Kingdom
Job PostingThis Ph.D. position is funded for EU and UK students, and the application deadline is on the 24th of January 2021.
In recent years, the use of solvers (SAT, MILP, CP...) to solve cryptanalysis problems has become prominent. The aim of this Ph.D. is to develop a fully automated framework based on these solvers for the cryptanalysis of block ciphers, starting with differential cryptanalysis. In particular, non-trivial modeling strategies are sometimes necessary to improve the resolution and scale up[1]. An important part of the task will be to derive efficient ways to model different types of ciphers, and compare which method (among MILP, CP, SAT) works best for each types of building blocks.
This position is fully funded, with a stipend of 16 000 GBP per year, and successful applicants are expected to start in April 2021.
[1] David Gerault, Pascal Lafourcade, Marine Minier, Christine Solnon: Computing AES related-key differential characteristics with constraint programming. Artificial Intelligence 278 (2020)Closing date for applications:
Contact: David Gerault (david.gerault@surrey.ac.uk)
More information: https://www.surrey.ac.uk/fees-and-funding/studentships/phd-studentships-computer-science