International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

Here you can see all recent updates to the IACR webpage. These updates are also available:

email icon
via email
RSS symbol icon
via RSS feed

27 January 2021

Gilles Macario-Rat, Jacques Patarin
ePrint Report ePrint Report
In this paper, we present two new perturbations for the design of multivariate schemes that we call ``Ariadne Thread'' and ``Salt''. From these ideas, we present some efficient multivariate encryption and signature schemes with explicit parameters that resist all known attacks. In particular they resist the two main (and often very powerful) attacks in this area: the Gröbner attacks (to compute a cleartext from a ciphertext) and the MinRank attacks (to recover the secret key). Ariadne Threat and Salt can also be seen as new ``perturbations'' that we can use to enforce many multivariate schemes. The ``Salt'' perturbation works only for public key equations of degree (at least) 3. Similarly at present the ``Ariadne Thread'' perturbation seems to be particularly powerful with public keys of degree 3. Despite this, the size of the public key may still be reasonable since we can use larger fields (and also maybe non dense equations). Ariadne Thread perturbation seems to be particularly interesting for encryption. This is unusual since in multivariate cryptography encryption is generally more difficult than signatures.
Expand
Michael Troncoso, Britta Hale
ePrint Report ePrint Report
In this paper, we computationally analyze Passkey Entry in its entirety as a cryptographic authenticated key exchange (AKE) - including user-protocol interactions that are typically ignored as out-of-band. To achieve this, we model the user-to-device channels, as well as the typical device-to-device channel, and adversarial control scenarios in both cases. In particular, we separately capture adversarial control of device displays on the initiating and responding devices as well as adversarial control of user input mechanisms using what we call a CYBORG model. The CYBORG model enables realistic real-world security analysis in light of published attacks on user-mediated protocols such as Bluetooth that leverage malware and device displays. In light of this, we show that all versions of Passkey Entry fail to provide security in our model. Finally, we demonstrate how slight modi cations to the protocol would allow it to achieve stronger security guarantees for all current variants of passkey generation, as well as a newly proposed twofold mode of generation we term Dual Passkey Entry. These proof-of-concept modi cations point to improved design approaches for user-mediated protocols. Finally, this work points to categories of vulnerabilities, based on compromise type, that could be exploited in Bluetooth Passkey Entry.
Expand
Jaskaran V. Singh, Nicholas J. Hopper
ePrint Report ePrint Report
Secure Multiparty Computation involves a protocol between parties with an aim to produce a computed result just as a Trust Party would produce if the parties provided their inputs to it. The Trusted party in conventional computation is replaced by "un-trusted" parties in Secure Multiparty Computation. We first show that this existing Binary definition of Trust is inadequate. Real world is rife with disparities, that which produce a perceivable trust gradient between the participants. Conventional MPC models do not take this into account and rather provide security guarantees based on the threshold of corrupted parties. The thresholds are supposed to cover for some of the parties turning out to be corrupt. Often, with the knowledge of \emph{prior probability} of a party being corrupt, we can do better if we allot weight to each party based on how trusted we perceive it to be. Our paper explores this idea and our contributions towards it are two folds. First, we introduce the Graded Trust model where each party essentially has a \emph{Trust Grade} assigned to it in the protocol based on the prior of it being corrupt. Then, we present a discussion on the philosophy behind graded trust, and the potential benefits for large scale public MPC systems.
Expand
Hendrik Waldner, Tilen Marc, Miha Stopar, Michel Abdalla
ePrint Report ePrint Report
The concept of private stream aggregation (PSA) has been proposed by Shi et al. (NDSS 2011) to allow for data analysis in a privacy-preserving manner. In this work, we introduce the notion of labeled secret sharing (LaSS) schemes and show how to use it to construct PSA schemes. We also show how to realize LaSS using pseudorandom functions or alternatively with a hash function modeled as a random oracle and how it can be used to construct PSA schemes. Additionally, we revisit the security model of Becker et al. (NDSS 2018) and describe stronger security notions for PSA. We then present additional constructions achieving the stronger security notions by relying on recent results on multi-client functional encryption. For all of our constructions, we present implementations to show their practicality and the performance gains over existing solutions.
Expand

24 January 2021

DTU Denmark
Job Posting Job Posting
We are looking for an assistant/associate professor to extend and complement the cryptology research and teaching of the Cyber Security Section at DTU Compute. The position is available from August 1 2021 or according to mutual agreement.

Closing date for applications:

Contact: Professor Lars Ramkilde Knudsen, lrkn@dtu.dk. Please use the above link when applying for the position. Applications sent by email will not be considered.

More information: https://www.dtu.dk/english/about/job-and-career/vacant-positions/job?id=dd355396-a1f7-4960-8e94-af0f50a374dc

Expand

22 January 2021

Athens, Greece, 23 January 2021
Event Calendar Event Calendar
Event date: 23 January 2021
Expand
Cryptology and Data Security Group, University of Bern, Bern, Switzerland
Job Posting Job Posting
Ph.D. positions are available in the Cryptology and Data Security research group at the Institute of Computer Science, University of Bern, led by Christian Cachin.

Our research addresses all aspects of security in distributed systems, especially cryptographic protocols, consistency, consensus, and cloud-computing security. We are particularly interested in blockchains, distributed ledger technology, cryptocurrencies, and their security and economics.

Candidates should have a strong background in computer science. They should like conceptual, rigorous thinking for working theoretically, or be interested in building innovative systems for working practically. Demonstrated expertise in cryptography, distributed computing, or blockchain technology is a plus. Applicants must hold a master degree in the relevant research fields.

Positions are available immediately and come with a competitive salary. The selection process runs until suitable candidates have been found. The University of Bern conducts excellent research and lives up its vision that “Knowledge generates value”. The city of Bern lies in the center of Switzerland and offers some of the highest quality of life worldwide.

If you are interested, please apply be sending email with one single PDF file and subject line set to Application for Ph.D., addressed directly to Prof. Christian Cachin at crypto (at) inf.unibe.ch.

Since we receive many applications, we encourage you to include material that demonstrates your interests and strengths and sets you apart from others.

For more information, please contact Christian Cachin (https://crypto.unibe.ch/cc/).

Closing date for applications:

Contact: Christian Cachin < crypto (at) inf.unibe.ch >

More information: https://crypto.unibe.ch/

Expand
Masaryk University, Brno, Czechia
Job Posting Job Posting
Join the vibrant security and applied crypto research group in Brno, Czechia! Join the research team that won the 2016 USENIX Security Symposium Best Paper Award, 2017 ACM CCS Real-World Impact Award, or 2020 CHES Best Paper Award. The team that helped hundreds of graduates in the security Master programs, has been involved in both fundamental and applied crypto/security/privacy research projects and industry partnerships.

The Dean of the Faculty of Informatics, Masaryk University, invites applications for one position of Assistant Professor in Cybersecurity, with the Department of Computer Systems and Communications.

Applications due: February 28, 2021
Employment start date: By mutual agreement

This position is aimed to strengthen the work of the Centre for Research on Cryptography and Security (CRoCS - https://crocs.fi.muni.cz/) at the Faculty of Informatics. CRoCS works to improve security and privacy of real-world solutions through applied research (often in cooperation with industry) and advanced education of future security professionals. System security or network security focus are most desired, yet the abilities to work with a team of graduate students and faculty on research targeting top security/crypto conferences and to engage both undergraduate and graduate students in both educational and research exercises are most critical.

Job description keypoints:
  • Active international cooperation, in both research and education.
  • Involvement in teaching in the cybersecurity area.
  • Supervision of Master/Bachelor theses and consultancy or co-supervision of PhDs.
  • Involvement in expanding industrial cooperation in the cybersecurity area.
  • Expert knowledge in at least one of the areas covered by courses:
    • PV181 Laboratory of security and applied cryptography {https://is.muni.cz/course/fi/podzim2019/PV181};
    • PA193 Secure coding principles and practices {https://is.muni.cz/course/fi/podzim2019/PA193}.
    • PA197 Secure Network Design {https://is.muni.cz/course/fi/jaro2020/PA197}.

Closing date for applications:

Contact: Vashek Matyas

More information: https://www.muni.cz/en/about-us/careers/vacancies/59434

Expand
Amazon Web Services
Job Posting Job Posting
The AWS Cryptography Group is looking for an Applied Scientist with knowledge of cryptographic computing technologies such as privacy preserving machine learning, fully and partially homomorphic encryption, secure multiparty computation, private information retrieval, and related technologies. You will use this knowledge to conceptualize how this technology can be integrated into internal infrastructure and public AWS services, develop prototypes, and provide customers with world-class security. The ideal candidate will have a strong understanding of cryptography, the ability to prototype solutions, and a passion to realize these technologies in AWS products and services. We encourage research and publication of results that apply to our customers most complex initiatives.

We are seeking a candidates who are innovative, look for new ideas everywhere, and are not limited by “not invented here”. They should think big, and have bold ideas for new ways to serve customers.

BASIC QUALIFICATIONS

  • PhD in Computer Science or a closely related field
  • Expert knowledge of cryptography and, in particular, cryptographic-computing techniques (homomorphic encryption, secure multiparty computation, etc.)
  • Practical knowledge in one or more common development languages (C/C++, Java, Go, Rust, Python, etc.)
  • Good written and verbal communication skills.

PREFERRED QUALIFICATIONS

  • Basic knowledge of machine learning
  • 5+ years of industry experience

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

Closing date for applications:

Contact: Bill Horne

More information: https://amazon.jobs/en/internal/jobs/1397391/applied-cryptographer

Expand
Facebook Inc., Menlo Park, CA | Seattle, WA | San Francisco, CA | Remote, US
Job Posting Job Posting

Our Statistics and Privacy team focuses on establishing step-change improvements to advance our long-term business growth. The team's expertise spans many domains including statistics, machine learning and cryptography. We develop methodologies, design and prototype solutions, and partner with our engineering colleagues to launch these solutions such that millions of advertisers can benefit. Examples include internal and external experimentation platforms, ads delivery optimization for efficient causal outcomes, and the application of privacy enhancing technologies across our ads product stack.

We are looking for research interns to join our teams to drive forward new prototypes and methodologies. Interns will pursue novel applied research associated with privacy preserving machine learning, cryptography and internet technology, or causal inference and experimentation platforms. This work is critical to our long-term product development, and we expect interns to provide both scientific expertise and creative solutions to accelerate their project area.

Responsibilities
  • Assess potential opportunities and execute world-class research associated with your area of scientific expertise
  • Write high quality academic papers to advocate the research and innovations
  • Establish approaches to rigorously assess relative performance of new technologies or strategies
  • Learn new tools, systems and languages quickly as required by the particular project you are working on
  • Apply communication skills to engage diverse audiences on technical topics and nuanced insights

    Minimum Qualifications

  • Currently has, or is in the process of obtaining, a PhD degree in statistics, computer science, electrical engineering, physics, quantitative social science, or a related quantitative field
  • Expertise in one of the following areas: privacy preserving machine learning, cryptography and internet technology, or causal inference and experimentation platforms
  • continued on application webpage, see https://www.facebook.com/careers/v2/jobs/270789727484557/

    Closing date for applications:

    Contact: Apply Online or reach out to Benjamin Case (bmcase {at} fb DOT com) or Sanjay Saravanan

    More information: https://www.facebook.com/careers/v2/jobs/270789727484557/

  • Expand
    Graz University of Technology, Graz, Austria
    Job Posting Job Posting
    The Institute of Applied Information Processing and Communications (aka IAIK) is the largest university institute in Austria for research and education in security and privacy. It has been active in this field for more than 30 years and currently employs more than 60 researchers. Within the "Secure Systems" area of our institute Sujoy Sinha Roy is establishing the new research group "Cryptographic Engineering”.

    In order to complement our team, we are looking for a fulltime post-doctoral researcher:

    Responsibilities:
    The post-doctoral researcher will be working on the hardware acceleration of homomorphic encryption within the “Cyroptografic Engineering” group within the “Secure Systems” area at IAIK.

    Required Qualifications:
  • A PhD (or close to completion) in computer science, information and computer engineering, software development, mathematics, or a related field.
  • Publications in top conferences, or submitted/accepted papers in top journals.
  • Experience with cryptography, programming, and digital circuit design (ASIC or FPGA) design

    How to apply:
    Applications, curriculum vitae and other documents should preferably be uploaded here https://free.formcloud.de/formcycle/form/provide/7780/. Please select 7050/postdoc_2021 as a reference number.

    The position is full time - 40 h per week and the employment duration is set for 18 months. Prefered starting date early 2021. The application deadline is February 15th 2021.

    Closing date for applications:

    Contact: Sujoy Sinha Roy – sujoy.sinharoy@iaik.tugraz.at

  • Expand
    Jan-Pieter D'Anvers, Emmanuela Orsini, Frederik Vercauteren
    ePrint Report ePrint Report
    Chosen ciphertext security for lattice based encryption schemes is generally achieved through a generic transformation such as the Fujisaki-Okamoto transformation. This method requires full re-encryption of the plaintext during decapsulation, which typically dominates the cost of the latter procedure. In this work we show that it is possible to develop alternative transformations specifically designed for lattice based encryption schemes. We propose two novel chosen ciphertext transformations, $\mathtt{ETC1}$ and $\mathtt{ETC2}$, in which re-encryption is replaced by checking the error term of the input ciphertext. We show that our new ciphertext validity check can be securely applied to lattice based encryption schemes under specific conditions. For the NIST post-quantum standardization candidate Threebears we show a speed-up for decapsulation of up to $37.4\%$. Moreover, as our method only changes the validation check during decapsulation, it is fully backwards compatible with existing implementations of the Fujisaki-Okamoto transformation.
    Expand
    Kalle Ngo, Elena Dubrova, Qian Guo, Thomas Johansson
    ePrint Report ePrint Report
    In this paper, we present the first side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 16 traces by deep learning-based power analysis without explicitly extracting the random mask at each execution. Since the presented method is not dependent on the mask, we can improve success probability by combining score vectors of multiple traces captured for the same ciphertext. This is an important advantage over previous attacks on LWE/LWR-based KEMs, which must rely on a single trace. Another advantage is that the presented method does not require a profiling device with deactivated countermeasure, or known secret key. Thus, if a device under attack is accessible, it can be used for profiling. This typically maximizes the classification accuracy of deep learning models. In addition, we discovered a leakage point in the primitive for masked logical shifting on arithmetic shares which has not been known before. We also present a new approach for secret key recovery, using maps from error-correcting codes. This approach can compensate for some errors in the recovered message.
    Expand
    Nikolaj I. Schwartzbach
    ePrint Report ePrint Report
    We propose a smart contract that allows two mutually distrusting parties to transact any non-digital good or service on a blockchain. The contract acts as an escrow and settles disputes by letting parties wager that they can convince an arbiter they were the honest party. We analyze the contract as an extensive-form game and prove that the contract is secure in a strong game-theoretic sense if and only if the arbiter is biased in favor of honest parties. We show this is inherent to any contract that achieves game-theoretic security for interesting trades. We consider a generalization of the contract with different ways of paying back the wagers, and we can instantiate it to make a tradeoff between security and the size of the wager. By relaxing the security notion such that parties have only weak incentive to behave honestly, we can replace the arbiter by a random coin toss protocol. We implement the contract in Ethereum and estimate the amortized cost of running the contract as 2-3 USD for the seller and 4-5 USD for the buyer.
    Expand
    Rémi Géraud-Stewart, David Naccache
    ePrint Report ePrint Report
    In a recent paper Géraud-Stewart and Naccache \cite{gsn2021} (GSN) described an non-interactive process allowing a prover $\mathcal P$ to convince a verifier $\mathcal V$ that a modulus $n$ is the product of two randomly generated primes ($p,q$) of about the same size. A heuristic argument conjectures that $\mathcal P$ cannot control $p,q$ to make $n$ easy to factor.

    GSN's protocol relies upon elementary number-theoretic properties and can be implemented efficiently using very few operations. This contrasts with state-of-the-art zero-knowledge protocols for RSA modulus proper generation assessment.

    This paper proposes an alternative process applicable in settings where $\mathcal P$ co-generates a modulus $n=p_1q_1p_2q_2$ with a certification authority $\mathcal V$. If $\mathcal P$ honestly cooperates with $\mathcal V$, then $\mathcal V$ will only learn the sub-products $n_1=p_1q_1$ and $n_2=p_2q_2$.

    A heuristic argument conjectures that at least two of the factors of $n$ are beyond $\mathcal P$'s control. This makes $n$ appropriate for cryptographic use provided that \emph{at least one party} (of $\mathcal P$ and $\mathcal V$) is honest. This heuristic argument calls for further cryptanalysis.
    Expand
    Kang Yang, Pratik Sarkar, Chenkai Weng, Xiao Wang
    ePrint Report ePrint Report
    Zero-knowledge (ZK) proofs with an optimal memory footprint have attracted a lot of attention, because such protocols can easily prove very large computation with a small memory requirement. Such ZK protocol only needs O(M) memory for both parties, where M is the memory required to verify the statement in the clear. In this paper, we propose several new ZK protocols in this setting, which improve the concrete efficiency and, at the same time, enable sublinear amortized communication for circuits with some notion of relaxed uniformity. 1. In the circuit-based model, where the computation is represented as a circuit over a field, our ZK protocol achieves a communication complexity of 1 field element per non-linear gate for any field size while keeping the computation very cheap. We implemented our protocol, which shows extremely high efficiency and affordability. Compared to the previous best-known implementation, we achieve 6×–7× improvement in computation and 3×– 7× improvement in communication. When running on intro-level AWS instances, our protocol only needs one US dollar to prove one trillion AND gates (or 2.5 US dollars for one trillion multiplication gates over a 61-bit field). 2. In the setting where part of the computation can be represented as a set of polynomials, we can achieve communication sublinear to the polynomial size: the communication only depends on the input size and the highest degree of all polynomials, independent of the number of polynomials and the number of multiplications in the polynomials. Using the improved ZK protocol, we can prove matrix multiplication with communication proportional to the input size, rather than the number of multiplications. Proving the multiplication of two 1024 × 1024 matrices, our implementation, with one thread and 1 GB of memory, only needs 10 seconds and communicates 25 MB, 35× faster than the state-of-the-art protocol Virgo that would need more than 140 GB of memory for the same task.
    Expand
    Kamil Otal
    ePrint Report ePrint Report
    The subfield construction is one of the most promising methods to construct maximum distance separable (MDS) diffusion layers for block ciphers and cryptographic hash functions. In this paper, we give a generalization of this method and investigate the efficiency of our generalization. As a result, we provide several best MDS diffusions with respect to the number of XORs that the diffusion needs. For instance, we give (i) an involutory MDS diffusion $\mathbb{F}_{2^8}^{3} \rightarrow \mathbb{F}_{2^8}^{3}$ by 85 XORs and (ii) an involutory MDS diffusion $\mathbb{F}_{2^8}^{4} \rightarrow \mathbb{F}_{2^8}^{4}$ by 122 XORs, and hence present new records to the literature. Furthermore, we interpret the coding theoretical background of our generalization.
    Expand
    Mahdi Sedaghat, Bart Preneel
    ePrint Report ePrint Report
    Logic access control enforces who can read and write data; the enforcement is typically performed by a fully trusted entity. At TCC 2016, Damgård et al. proposed Access Control Encryption (ACE) schemes where a predicate function decides whether or not users can read (decrypt) and write (encrypt) data, while the message secrecy and the users' anonymity are preserved against malicious parties. Subsequently several ACE constructions with an arbitrary identity-based access policy have been proposed, but they have huge ciphertext and key sizes and/or rely on indistinguishability obfuscation. At IEEE S&P 2021, Wang and Chow proposed a Cross-Domain ACE scheme with constant-size ciphertext and arbitrary identity-based policy; the key generators are separated into two distinct parties, called Sender Authority and Receiver Authority. In this paper, we improve over their work with a novel construction that provides a more expressive access control policy based on attributes rather than on identities, the security of which relies on standard assumptions. Our construction combines Structure-Preserving Signatures, Non-Interactive Zero-Knowledge proofs, and Re-randomizable Ciphertext-Policy Attribute-Based Encryption schemes. The sizes of ciphertexts and encryption and decryption keys are constant and thus independent of the number of receivers and their attributes. Not only is our system more flexible, it also is more efficient and results in shorter keys.
    Expand
    Michał Wroński
    ePrint Report ePrint Report
    In 2020 Bernstein, De Feo, Leroux, and Smith presented a new odd-degree $\ell$-isogeny computation method called Velusqrt. This method has complexity $\tilde{O}(\sqrt{\ell})$, compared to the complexity of $\tilde{O}(\ell)$ of the classical Vélu method. In this paper application of the Velusqrt method to Huff's and general Huff's curves is presented. It is showed how to compute odd-degree isogeny on Huff's and general Huff's curves using Velusqrt algorithm and $x$-line arithmetic for different compression functions.
    Expand
    Servio Paguada, Lejla Batina, Igor Armendariz
    ePrint Report ePrint Report
    This paper introduces a practical evaluation procedure based on autoencoders for profiled side-channel analysis evaluations. An autoencoder is a learning model able to pre-process leakage traces improving in this way the guessing entropy. Nevertheless, this learning model's design should aim to code the leakage distribution to avoid relevant information being removed. For this reason, we propose an autoencoder built upon dilated convolutions. When using these learning models, the evaluation produces new assets, e.g., new versions of the dataset and new models based on learning algorithms. Our procedure comprises meaningful metrics and visualization techniques, namely signal-to-noise ratio and weight visualization, to evaluate those assets' effectiveness. After applying our procedure and our new autoencoder architecture to the ASCAD random key database, our results outperform state-of-the-art.
    Expand
    ◄ Previous Next ►