IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
12 January 2021
Jonathan Lee, Srinath Setty, Justin Thaler, Riad Wahby
ePrint ReportWe further observe that one can render the aforementioned SNARK zero knowledge and reduce the proof size and verifier time to polylogarithmic---while maintaining a linear-time prover---by outsourcing the verifier's work via one layer of proof composition with an existing zkSNARK as the ``outer'' proof system. A similar result was recently obtained by Bootle, Chiesa, and Liu (ePrint 2020/1527).
Thomas Schneider, Oleksandr Tkachenko
ePrint ReportIn this paper, we introduce EPISODE - a highly efficient privacy-preserving protocol for Similar Sequence Queries (SSQs), which can be used for finding genetically similar individuals in an outsourced genomic database, i.e., securely aggregated from data of multiple institutions. Our SSQ protocol is based on the edit distance approximation by Asharov et al. (PETS'18), which we further optimize and extend to the outsourcing scenario. We improve their protocol by using more efficient building blocks and achieve a 5-6x run-time improvement compared to their work in the same two-party scenario.
Recently, Cheng et al. (ASIACCS'18) introduced protocols for outsourced SSQs that rely on homomorphic encryption. Our new protocol outperforms theirs by more than factor 24000x in terms of run-time in the same setting and guarantees the same level of security. In addition, we show that our algorithm scales for practical database sizes by querying a database that contains up to a million short sequences within a few minutes, and a database with hundreds of whole-genome sequences containing 75 million alleles each within a few hours.
Victor LOMNE, Thomas ROCHE
ePrint ReportTo understand the NXP ECDSA implementation, find a vulnerability and design a key-recovery attack, we had to make a quick stop on Rhea (NXP J3D081 JavaCard smartcard). Freely available on the web, this product looks very much like the NXP A700X chip and uses the same cryptographic library. Rhea, as an open JavaCard platform, gives us more control to study the ECDSA implementation.
We could then show that the electromagnetic side-channel signal bears partial information about the ECDSA ephemeral key. The sensitive information is recovered with a non-supervised machine learning method and plugged into a customized lattice-based attack scheme.
Finally, 4000 ECDSA observations were enough to recover the (known) secret key on Rhea and validate our attack process. It was then applied on the Google Titan Security Key with success (this time with 6000 observations) as we were able to extract the long term ECDSA private key linked to a FIDO U2F account created for the experiment.
Cautionary Note: Two-factor authentication tokens (like FIDO U2F hardware devices) primary goal is to fight phishing attacks. Our attack requires physical access to the Google Titan Security Key, expensive equipment, custom software, and technical skills.
Thus, as far as the work presented here goes, it is still safer to use your Google Titan Security Key or other impacted products as FIDO U2F two-factor authentication token to sign in to applications rather than not using one.
Nevertheless, this work shows that the Google Titan Security Key (and other impacted products) would not avoid unnoticed security breach by attackers willing to put enough effort into it. Users that face such a threat should probably switch to other FIDO U2F hardware security keys, where no vulnerability has yet been discovered.
Sfirnaciuc Emilia, Vasilescu Miruna-Elena, Simion Emil
ePrint ReportSlim Bettaieb, Loïc Bidoux, Olivier Blazy, Yann Connan, Philippe Gaborit
ePrint ReportThien Duc Nguyen, Phillip Rieger, Hossein Yalame, Helen Möllering, Hossein Fereidooni, Samuel Marchal, Markus Miettinen, Azalia Mirhoseini, Ahmad-Reza Sadeghi, Thomas Schneider, Shaza Zeitouni
ePrint ReportPedro Hecht
ePrint Report07 January 2021
Microsoft Research, Redmond, WA
Job PostingThe Cryptography and Privacy Research Group at Microsoft Research, Redmond, is looking for candidates for Researcher positions.
Topics of particular interest to us include (but are not limited to) secure computing (FHE, MPC, TEE), ML privacy, end-to-end encryption, web privacy and security, post-quantum cryptography, and zero-knowledge proofs. Our work ranges from protocol design and security analysis to cryptography and privacy engineering, so we encourage people with any relevant experiences to apply.
Responsibilities: Working with other researchers and multi-disciplinary teams to create and build practical solutions to real-world privacy problems. Publishing papers in academic conferences.
Required Qualifications:
- A PhD (or close to completion) in computer science, electrical engineering, mathematics, or a related field
- Publications in top conferences, or submitted/accepted papers in top journals.
Apply: https://careers.microsoft.com/us/en/job/953748/Researcher-Cryptography-and-Privacy-Microsoft-Research
Closing date for applications:
Contact: Kim Laine, Melissa Chase, or Esha Ghosh
More information: https://careers.microsoft.com/us/en/job/953748/Researcher-Cryptography-and-Privacy-Microsoft-Research
Microsoft Research, Redmond, WA
Job PostingThe Cryptography and Privacy Research Group at Microsoft Research, Redmond, is looking for candidates for Post-Doc Researcher positions.
Topics of particular interest to us include (but are not limited to) secure computing (FHE, MPC, TEE), ML privacy, end-to-end encryption, web privacy and security, post-quantum cryptography, and zero-knowledge proofs. Our work ranges from protocol design and security analysis to cryptography and privacy engineering, so we encourage people with any relevant experiences to apply.
Responsibilities: Working with other researchers and multi-disciplinary teams to create and build practical solutions to real-world privacy problems. Publishing papers in academic conferences.
Required Qualifications: A PhD (or close to completion) in computer science, electrical engineering, mathematics, or a related field Publications in top conferences, or submitted/accepted papers in top journals.
Apply: https://careers.microsoft.com/us/en/job/953746/Post-Doc-Researcher-Cryptography-and-Privacy-Microsoft-Research
Closing date for applications:
Contact: Kim Laine, Melissa Chase, or Esha Ghosh
More information: https://careers.microsoft.com/us/en/job/953746/Post-Doc-Researcher-Cryptography-and-Privacy-Microsoft-Research
KU Leuven COSIC, Belgium
Job PostingClosing date for applications:
Contact: jobs-cosic@esat.kuleuven.be
More information: https://www.esat.kuleuven.be/cosic/vacancies/
KU Leuven COSIC
Job PostingClosing date for applications:
Contact: jobs-cosic@esat.kuleuven.be
More information: https://www.esat.kuleuven.be/cosic/vacancies/
06 January 2021
Nicholas Stifter, Aljosha Judmayer, Philipp Schindler, Andreas Kern, Walid Fdhila
ePrint ReportPatrick Derbez, Pierre-Alain Fouque
ePrint ReportPatrick Derbez, Pierre-Alain Fouque, Victor Mollimard
ePrint ReportStéphanie Delaune, Patrick Derbez, Mathieu Vavrille
ePrint ReportKaushik Nath, Palash Sarkar
ePrint ReportYuhao Yang, Xiujie Huang
ePrint ReportDan Boneh, Elette Boyle, Henry Corrigan-Gibbs, Niv Gilboa, Yuval Ishai
ePrint ReportOur protocols use two data-collection servers and, in a protocol run, each client send sends only a single message to the servers. Our protocols protect client privacy against arbitrary misbehavior by one of the servers and our approach requires no public- key cryptography (except for secure channels), nor general-purpose multiparty computation. Instead, we rely on incremental distributed point functions, a new cryptographic tool that allows a client to succinctly secret-share the labels on the nodes of an exponentially large binary tree, provided that the tree has a single non-zero path. Along the way, we develop new general tools for providing malicious security in applications of distributed point functions.
A limitation of our heavy-hitters protocol is that it reveals to the servers slightly more information than the set of popular strings itself. We precisely define and quantify this leakage and explain how to ameliorate its effects. In an experimental evaluation with two servers on opposite sides of the U.S., the servers can find the 200 most popular strings among a set of 400,000 client-held 256-bit strings in 54 minutes. Our protocols are highly parallelizable. We estimate that with 20 physical machines per logical server, our protocols could compute heavy hitters over ten million clients in just over one hour of computation.
Geoffroy Couteau, Pooya Farshim, Mohammad Mahmoody
ePrint ReportBy introducing and formalizing the notion of black-box uselessness, we develop a framework that allows us to make such conclusions. At an informal level, we call primitive $\mathcal{Q}$ black-box useless (BBU) for primitive $\mathcal{P}$ if $\mathcal{Q}$ cannot help constructing $\mathcal{P}$ in a black-box way, even in the presence of another primitive $\mathcal{Z}$. This is formalized by saying that $\mathcal{Q}$ is BBU for $\mathcal{P}$ if for any auxiliary primitive $\mathcal{Z}$, whenever there exists a black-box construction of $\mathcal{P}$ from $(\mathcal{Q},\mathcal{Z})$, then there must already also exist a black-box construction of $\mathcal{P}$ from $\mathcal{Z}$ alone. We also formalize various other notions of black-box uselessness, and consider in particular the setting of efficient black-box constructions when the number of queries to $\mathcal{Q}$ is below a threshold.
Impagliazzo and Rudich (STOC'89) initiated the study of black-box separations by separating key agreement from one-way functions. We prove a number of initial results in this direction, which indicate that one-way functions are perhaps also black-box useless for key agreement. In particular, we show that OWFs are black-box useless in any construction of key agreement in either of the following settings: (1) the key agreement has perfect correctness and one of the parties calls the OWF a constant number of times; (2) the key agreement consists of a single round of interaction (as in Merkle-type protocols). We conjecture that OWFs are indeed black-box useless for general key agreement protocols.
We also show that certain techniques for proving black-box separations can be lifted to the uselessness regime. In particular, we show that known lower bounds for assumptions behind black-box constructions of indistinguishability obfuscation (IO) can be extended to derive black-box uselessness of a variety of primitives for obtaining (approximately correct) IO. These results follow the so-called "compiling out" technique, which we prove to imply black-box uselessness.
Eventually, we study the complementary landscape of black-box uselessness, namely black-box helpfulness. Formally, we call primitive $\mathcal{Q}$ black-box helpful (BBH) for $\mathcal{P}$, if there exists an auxiliary primitive $\mathcal{Z}$ such that there exists a black-box construction of $\mathcal{P}$ from $(\mathcal{Q},\mathcal{Z})$, but there exists no black-box construction of $\mathcal{P}$ from $\mathcal{Z}$ alone.
We put forth the conjecture that one-way functions are black-box helpful for building collision-resistant hash functions. We define two natural relaxations of this conjecture, and prove that both of these conjectures are implied by a natural conjecture regarding random permutations equipped with a collision finder oracle, as defined by Simon (Eurocrypt'98). This conjecture may also be of interest in other contexts, such as hardness amplification.