International Association
for Cryptologic Research

In this work, we study GPU implementations of various state-of-the-art sieving algorithms for lattices (Becker-Gama-Joux 2015, Becker-Ducas-Gama-Laarhoven 2016, Herold-Kirshanova 2017) inside the General Sieve Kernel (G6K, Albrecht et al. 2019). In particular, we extensively exploit the recently introduced *Tensor Cores* -- originally designed for raytracing and machine learning -- and demonstrate their fitness for the cryptanalytic task at hand. We also propose a new *dual-hash* technique for efficient detection of `lift-worthy' pairs to accelerate a key ingredient of G6K: finding short lifted vectors.

We obtain new computational records, reaching dimension $180$ for the SVP Darmstadt Challenge improving upon the previous record for dimension $155$. This computation ran for $51.6$ days on a server with $4$ NVIDIA Turing GPUs and $1.5$TB of RAM. This corresponds to a gain of about two orders of magnitude over previous records both in terms of wall-clock time and of energy efficiency.

Internet of Things (IoT) promises a strong world connecting digital and physical enviromments. Nevertheless, such a framework comes with huge security and privacy vulnerabilities, due to the heterogeneous nature of devices and of the diversity of their provenance. Other noticeable, technical challenges in IoT are brought with the constrained resources of devices, forcing to design protocol as lightweight as possible.

In this paper, we present a new system with access control key updates and direct user revocation, that are beneficial features in IoT. Access control is done using Ciphertext-Policy Attribute-Based Encryption where attributes represent roles of devices within their networks. Moreover, we devise a novel approach, based on a binary tree, to append time credentials. This allows us to find an interesting trade-off between key update frequency and user revocation list length, as well as stressing time-sensitive data exchanged in IoT environments. The security of our scheme is proved under the Decisional Bilinear Diffie-Hellman Exponent assumption.

Future work will focus on the implementation and analysis of our solution, in order to confirm that the latter is fully deployable in IoT networks.

Over the past five years, a significant line of research has investigated the blockchain consensus problem in the general permissionless setting, where protocol nodes can leave and join dynamically. The work of Garay et al. (Eurocrypt 2015) and Pass et al. (Eurocrypt 2017) showed the security properties of consistency and liveness for Nakamoto's seminal proof-of-work protocol. However, consistency and liveness do not provide any guarantees on the relationship between the order in which transactions arrive into the network and the finalized order in the ledger, making protocols prone to transaction order-manipulation attacks. As a solution, a recent paper by Kelkar et al. (Crypto 2020) introduced a third useful property for consensus protocols: transaction-order-fairness. Their model was limited to the classical (permissioned) setting, where the set of protocol nodes is fixed a priori, and does not fit well for permissionless environments where order-manipulation attacks have been most prominent.

In this work, we initiate the investigation of order-fairness in the permissionless setting and provide two protocols that realize it. Our protocols work in a synchronous network and use an underlying longest-chain blockchain. As an added contribution, we show that any fair ordering protocol achieves a powerful zero-block confirmation property, through which honest transactions can be securely confirmed even before they are included in any block.

The Classic McEliece cryptosystem is one of the most trusted quantum-resistant cryptographic schemes. Deploying it in practical applications, however, is challenging due to the size of its public key. In this work, we bridge this gap. We present an implementation of Classic McEliece on an ARM Cortex-M4 processor, optimized to overcome memory constraints. To this end, we present an algorithm to retrieve the public key ad-hoc. This reduces memory and storage requirements and enables the generation of larger key pairs on the device. To further improve the implementation, we perform the public key operation by streaming the key to avoid storing it as a whole. This additionally reduces the risk of denial of service attacks. Finally, we use these results to implement and run TLS on the embedded device.

Abstract—Cryptographic communication protocols provide confidentiality, integrity and authentication properties for end-to- end communication under strong corruption attacks, including, notably, post-compromise security (PCS). Most protocols are designed for one-to-one communication. Protocols for group communication are less common, less efficient, and tend to provide weaker security guarantees. This is because group communication poses unique challenges, such as coordinated key updates, changes to group membership and complex post- compromise recovery procedures.

We need to tackle this complex challenge as a community. Thus, the Internet Engineering Task Force (IETF) has created a working group with the goal of developing a sound standard for a continuous asynchronous key-exchange protocol for dynamic groups that is secure and remains efficient for large group sizes. The current version of the Messaging Layer Security (MLS) security protocol is in a feature freeze, i.e., no changes are made in order to provide a stable basis for cryptographic analysis. The key schedule and TreeKEM design are of particular concern since they are crucial to distribute and combine several keys to achieve PCS.

In this work, we provide a computational analysis of the MLS key schedule, TreeKEM and their composition, as specified in Draft 11 of the MLS RFC. The analysis is carried out using the State Separating Proofs methodology [9], and showcases the flexibility of the approach, enabling us to provide a full computational analysis shortly after Draft 11 was published.

We present an approach for designing fast public key encryption cryptosystems using random primitives and error permutation. An encryption speed of such systems allows to use them for “on-the-fly” public key encryption and makes them useful for real-time communications. A small error size allows to use this approach for designing digital signature schemes

Cramer, Damgård, and Schoenmakers (CDS) built a proof system to demonstrate the possession of subsets of witnesses for a given collection of statements that belong to a prescribed access structure P by composing so-called sigma-protocols for each atomic statement. Their verifier complexity is linear in the size of the monotone span program representation of P. We propose an alternative method for combining sigma-protocols into a single non-interactive system for a compound statement in the random oracle model. In contrast to CDS, our verifier complexity is linear in the size of the acyclicity program representation of P, a complete model of monotone computation introduced in this work. We show that the acyclicity program size of a predicate is never larger than its de Morgan formula size and it is polynomially incomparable to its monotone span program size. We additionally present an extension of our proof system, with verifier complexity linear in the monotone circuit size of P, in the common reference string model. Finally, considering the types of statement that naturally reduce to acyclicity programming, we discuss several applications of our new methods to protecting privacy in cryptocurrency and social networks.

In this work, we consider a recent application of coding theory in the context of post-quantum digital signature schemes, and their cryptanalysis. We indeed implement an attack on the recent attempt by Li, Xing and Yeo to produce a code-based signature scheme using the Schnorr-Lyubashevsky approach in the Hamming metric. Differently from other (unsuccessful) proposals, this new scheme exploits rejection sampling along with dense noise vectors to hide the secret key structure in produced signatures. We show that these measures, besides yielding very slow signing times and rather long signatures, do not succeed in protecting the secret key. We are indeed able to prove the existence of a strong correlation between produced signatures, which ultimately leaks information about the secret key. To support this claim, we use both theoretical arguments and numerical evidences. Finally, we employ such a weakness to mount a full key recovery attack, which is able to recover the secret key after the observation of a bunch of signatures.

Smart contract-enabled blockchains represent a powerful tool in supporting a large variety of applications. Despite their salient features of transparency, decentralization, and expressiveness, building privacy-preserving applications using these platforms remains an open question. Existing solutions fall short in achieving this goal since they support a limited operation set, only support private computation on inputs belonging to one user, or even ask the users themselves to perform the computations off-chain. In this paper, we propose smartFHE, a modular framework to support private smart contracts that utilizes fully homomorphic encryption (FHE). The smartFHE framework allows users to build arbitrary decentralized applications that preserve input/output privacy for inputs belonging to the same user or even different users. This is achieved by employing single and multi-key FHE to compute over private (encrypted) data and account balances, along with efficient zero-knowledge proof systems to prove well-formedness of private transactions. Crucially, our framework is "modular" since any FHE and ZKP scheme can be used so long as they satisfy certain minimal requirements with respect to correctness and security. Furthermore, smartFHE reduces the burden on the user, since miners translate smart contract code into public or private operations based on whether the accounts involved are public or private. In proposing smartFHE, we define notions for a privacy-preserving smart contract (PPSC) scheme along with its correctness and security. We provide a concrete instantiation of a PPSC using the smartFHE framework. Finally, we consider further extensions/optimizations.

Event date: to
Submission deadline: 23 November 2021

Event date: to
Submission deadline: 1 September 2021

Event date: to
Submission deadline: 1 June 2021

Event date: to
Submission deadline: 1 March 2021

Cybersecurity group at TU Delft opens a few positions for post-doc researchers and PhD on the topic of cryptographic protocols and implementation. The positions will be supported by H2020 projects. We are looking for candidates with: for PhD (i) strong math or computer science background, (ii) adequate programming ability, (iii) good communication skills, and sufficient English qualification, e.g., IELTS; as for post-doc: (i) strong cryptographic background, (ii) high-quality publications in cryptography, information security and privacy enhancing technology fields - conferences (e.g., NDSS, CCS, S&P, etc.) or/and journals; (iii) excellent communication skills; (iv) previous project experiences will be an extra bonus.

As one of the best engineering universities, TU Delft provides excellent future career training and opportunities, research environment and facilities to international and national academic researchers. Competitive salary, tax benefit and welfare package will be provided. Note the start date of the post-doc and PhD could be flexible but no later than the end of this year (2021).

Applicants should prepare and send their CVs, certificates, and transcripts to the following contact email.

Closing date for applications:

Contact: Dr. R. Wang

The Centre for Parallel Computing (CPC) at the University of Westminster is looking for a Research Associate in Cloud Security to carry out research mainly focusing on digital twins and smart factories security (as part of several EU research projects).

The successful candidate will carry out tasks in relation to the design and development of novel secure and privacy-preserving cloud/edge/fog orchestration solutions and is expected to contribute to writing project deliverables and research papers. We expect candidates to have a strong research background in network security and/or applied cryptography. Proven research in areas such as trusted computing, cloud security, safety verification, security verification, data privacy, cyber-physical and internet of things security and cloud or mobile security will be considered as a plus.

The Centre for Parallel Computing is one of the leading research centres in distributed and parallel computation technologies. In particular, the CPC is engaged in research in Distributed Computing Infrastructures such as edge-fog-cloud ecosystems, specifically concentrating on the secure and automated deployment, orchestration and scalability of a large variety of applications in such environments. The CPC has a well-established track record of securing research funding in large-scale collaborative research projects, leading and contributing to more than 15 projects in the last 10 years.

Salary: £35,743 to £40,646 per annum

Closing date for applications:

Contact: Tamas Kiss

More information: https://vacancies.westminster.ac.uk/hrvacancies/default.aspx?id=50052971

We are currently focused on building world-class research teams in three key areas: Security, Data Analytics, and Future of Payment, and we are looking for outstanding and innovative researchers at all levels of experience as part of the Advanced Cryptography Research team.

Working on Cryptography research at Visa is a unique opportunity at a time when the payments industry is undergoing a digital transformation, and with security technologies as the critical enabler for a growing number of emerging payment models and usage scenarios. We offer you the opportunity to be at the center of innovation in the payments industry and set the security direction for Visa and the future payment ecosystem.

As a Research Scientist you will work with a team to conduct world-class security research and contribute to the long-term research agenda for digital payments, as well as deliver innovative technologies and insights to Visa's strategic products and business. As an integral team member of the extended Research team, you will work on research and development activities with fellow researchers, and work closely with product and technology teams to ensure the successful creation and application of disruptive and innovative security technologies.

More information: https://usa.visa.com/careers/job-details.jobid.743999733735539.deptid.868588.html

Closing date for applications:

Contact: Apply online at: https://usa.visa.com/careers/job-details.jobid.743999733735539.deptid.868588.html

More information: https://usa.visa.com/careers/job-details.jobid.743999733735539.deptid.868588.html

Consider finite prime fields $\mathbb{F}_p$ for which $2$ is primitive element. In this short we propose a new algorithm to compute discrete log in such finite fields. Our algorithm is based on elementary properties of finite fields and is purely theoretical in nature. Further, complexity of the algorithm is exponential in nature and as such it is not being suggested for any computational purposes.

Existing work on privacy-preserving machine learning with Secure Multiparty Computation (MPC) is almost exclusively focused on model training and on inference with trained models, thereby overlooking the important data pre-processing stage. In this work, we propose the first MPC based protocol for private feature selection based on the filter method, which is independent of model training, and can be used in combination with any MPC protocol to rank features. We propose an efficient feature scoring protocol based on Gini impurity to this end. To demonstrate the feasibility of our approach for practical data science, we perform experiments with the proposed MPC protocols for feature selection in a commonly used machine-learning-as-a-service configuration where computations are outsourced to multiple servers, with semi-honest and with malicious adversaries. Regarding effectiveness, we show that secure feature selection with the proposed protocols improves the accuracy of classifiers on a variety of real-world data sets, without leaking information about the feature values or even which features were selected. Regarding efficiency, we document runtimes ranging from several seconds to an hour for our protocols to finish, depending on the size of the data set and the security settings.

Many video classification applications require access to personal data, thereby posing an invasive security risk to the users' privacy. We propose a privacy-preserving implementation of single-frame method based video classification with convolutional neural networks that allows a party to infer a label from a video without necessitating the video owner to disclose their video to other entities in an unencrypted manner. Similarly, our approach removes the requirement of the classifier owner from revealing their model parameters to outside entities in plaintext. To this end, we combine existing Secure Multi-Party Computation (MPC) protocols for private image classification with our novel MPC protocols for oblivious single-frame selection and secure label aggregation across frames. The result is an end-to-end privacy-preserving video classification pipeline. We evaluate our proposed solution in an application for private human emotion recognition. Our results across a variety of security settings, spanning honest and dishonest majority configurations of the computing parties, and for both passive and active adversaries, demonstrate that videos can be classified with state-of-the-art accuracy, and without leaking sensitive user information.

Event date: 14 August 2021
Submission deadline: 1 May 2021
Notification: 15 June 2021