International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

Here you can see all recent updates to the IACR webpage. These updates are also available:

email icon
via email
RSS symbol icon
via RSS feed

11 February 2021

Worcester Polytechnic Institute
Job Posting Job Posting
I am looking for highly motivated and qualified candidates to fill Ph.D. positions for research in applied cryptography. Topics include:
  • Design of extended features for lattice based post-quantum schemes.
  • Attacks / countermeasures for post-quantum schemes.
  • Efficient software and hardware implementation of post-quantum schemes.
Candidates should have a degree in computer science, electronics, or applied mathematics with a strong interest in systems security, algorithms. Prior experience in software or hardware development, code analysis, and/or signal processing is an asset. We offer a competitive salary and an international cutting-edge research program in an attractive working environment. WPI is a highly-ranked research university in the Boston area and offers the opportunity to collaborate with world-class faculty and students in a collegial environment. We maintain close connections with surrounding universities and private companies.

Closing date for applications:

Contact: Berk Sunar, sunar@wpi.edu
Professor, Department of Electrical and Computer Engineering
Vernam Applied Crypto and Cybersecurity Lab
Worcester Polytechnic Institute USA

More information: http://vernam.wpi.edu/positions/

Expand

10 February 2021

Juan Garay, Yu Shen
ePrint Report ePrint Report
Bitcoin Cash, created in 2017, is a “hard fork” from Bitcoin responding to the need for allowing a higher transaction volume. This is achieved by a larger block size, as well as a new difficulty adjustment (target recalculation) function(s) that acts more frequently (as opposed to Bitcoin’s difficulty adjustment happening about every two weeks), resulting in a potentially different target for each block. While seemingly achieving its goal in practice, to our knowledge there is no formal analysis to back this proposal up.

In this paper we provide the first formal cryptographic analysis of Bitcoin Cash’s target recalculation functions against all possible adversaries. We follow the analytical approach developed in the Bitcoin backbone protocol [Eurocrypt 2015 and follow-ups], of first establishing basic properties of the blockchain data structure, from which the properties of a robust transaction ledger (namely, Consistency and Liveness) can be derived. However, the more active target recalculation mechanism as well as the more pronounced fluctuation of the mining population (due in part to miners’ behavior of switching chains towards achieving higher expected rewards) require new analytical tools.

We perform our analysis in the bounded-delay network model with dynamic participation of miners, of both ASERT and SMA (Bitcoin Cash’s current and former recalculation functions, respectively) and conclude that in order to satisfy security (namely, properties satisfied except with negligible probability in the security parameter) considerably larger parameter values should be used with respect to the ones used in practice.
Expand
Muah Kim, Onur Gunlu, Rafael F. Schaefer
ePrint Report ePrint Report
Federated learning (FL) allows to train a massive amount of data privately due to its decentralized structure. Stochastic gradient descent (SGD) is commonly used for FL due to its good empirical performance, but sensitive user information can still be inferred from weight updates shared during FL iterations. We consider Gaussian mechanisms to preserve local differential privacy (LDP) of user data in the FL model with SGD. The trade-offs between user privacy, global utility, and transmission rate are proved by defining appropriate metrics for FL with LDP. Compared to existing results, the query sensitivity used in LDP is defined as a variable and a tighter privacy accounting method is applied. The proposed utility bound allows heterogeneous parameters over all users. Our bounds characterize how much utility decreases and transmission rate increases if a stronger privacy regime is targeted. Furthermore, given a target privacy level, our results guarantee a significantly larger utility and a smaller transmission rate as compared to existing privacy accounting methods.
Expand
Léo Ducas, Marc Stevens, Wessel van Woerden
ePrint Report ePrint Report
In this work, we study GPU implementations of various state-of-the-art sieving algorithms for lattices (Becker-Gama-Joux 2015, Becker-Ducas-Gama-Laarhoven 2016, Herold-Kirshanova 2017) inside the General Sieve Kernel (G6K, Albrecht et al. 2019). In particular, we extensively exploit the recently introduced *Tensor Cores* -- originally designed for raytracing and machine learning -- and demonstrate their fitness for the cryptanalytic task at hand. We also propose a new *dual-hash* technique for efficient detection of `lift-worthy' pairs to accelerate a key ingredient of G6K: finding short lifted vectors.

We obtain new computational records, reaching dimension $180$ for the SVP Darmstadt Challenge improving upon the previous record for dimension $155$. This computation ran for $51.6$ days on a server with $4$ NVIDIA Turing GPUs and $1.5$TB of RAM. This corresponds to a gain of about two orders of magnitude over previous records both in terms of wall-clock time and of energy efficiency.
Expand
Clémentine Gritti, Emanuel Regnath, Sebastian Steinhorst
ePrint Report ePrint Report
Internet of Things (IoT) promises a strong world connecting digital and physical enviromments. Nevertheless, such a framework comes with huge security and privacy vulnerabilities, due to the heterogeneous nature of devices and of the diversity of their provenance. Other noticeable, technical challenges in IoT are brought with the constrained resources of devices, forcing to design protocol as lightweight as possible.

In this paper, we present a new system with access control key updates and direct user revocation, that are beneficial features in IoT. Access control is done using Ciphertext-Policy Attribute-Based Encryption where attributes represent roles of devices within their networks. Moreover, we devise a novel approach, based on a binary tree, to append time credentials. This allows us to find an interesting trade-off between key update frequency and user revocation list length, as well as stressing time-sensitive data exchanged in IoT environments. The security of our scheme is proved under the Decisional Bilinear Diffie-Hellman Exponent assumption.

Future work will focus on the implementation and analysis of our solution, in order to confirm that the latter is fully deployable in IoT networks.
Expand
Mahimna Kelkar, Soubhik Deb, Sreeram Kannan
ePrint Report ePrint Report
Over the past five years, a significant line of research has investigated the blockchain consensus problem in the general permissionless setting, where protocol nodes can leave and join dynamically. The work of Garay et al. (Eurocrypt 2015) and Pass et al. (Eurocrypt 2017) showed the security properties of consistency and liveness for Nakamoto's seminal proof-of-work protocol. However, consistency and liveness do not provide any guarantees on the relationship between the order in which transactions arrive into the network and the finalized order in the ledger, making protocols prone to transaction order-manipulation attacks. As a solution, a recent paper by Kelkar et al. (Crypto 2020) introduced a third useful property for consensus protocols: transaction-order-fairness. Their model was limited to the classical (permissioned) setting, where the set of protocol nodes is fixed a priori, and does not fit well for permissionless environments where order-manipulation attacks have been most prominent.

In this work, we initiate the investigation of order-fairness in the permissionless setting and provide two protocols that realize it. Our protocols work in a synchronous network and use an underlying longest-chain blockchain. As an added contribution, we show that any fair ordering protocol achieves a powerful zero-block confirmation property, through which honest transactions can be securely confirmed even before they are included in any block.
Expand
Johannes Roth, Evangelos Karatsiolis, Juliane Krämer
ePrint Report ePrint Report
The Classic McEliece cryptosystem is one of the most trusted quantum-resistant cryptographic schemes. Deploying it in practical applications, however, is challenging due to the size of its public key. In this work, we bridge this gap. We present an implementation of Classic McEliece on an ARM Cortex-M4 processor, optimized to overcome memory constraints. To this end, we present an algorithm to retrieve the public key ad-hoc. This reduces memory and storage requirements and enables the generation of larger key pairs on the device. To further improve the implementation, we perform the public key operation by streaming the key to avoid storing it as a whole. This additionally reduces the risk of denial of service attacks. Finally, we use these results to implement and run TLS on the embedded device.
Expand
Chris Brzuska, Eric Cornelissen, Konrad Kohbrok
ePrint Report ePrint Report
Abstract—Cryptographic communication protocols provide confidentiality, integrity and authentication properties for end-to- end communication under strong corruption attacks, including, notably, post-compromise security (PCS). Most protocols are designed for one-to-one communication. Protocols for group communication are less common, less efficient, and tend to provide weaker security guarantees. This is because group communication poses unique challenges, such as coordinated key updates, changes to group membership and complex post- compromise recovery procedures.

We need to tackle this complex challenge as a community. Thus, the Internet Engineering Task Force (IETF) has created a working group with the goal of developing a sound standard for a continuous asynchronous key-exchange protocol for dynamic groups that is secure and remains efficient for large group sizes. The current version of the Messaging Layer Security (MLS) security protocol is in a feature freeze, i.e., no changes are made in order to provide a stable basis for cryptographic analysis. The key schedule and TreeKEM design are of particular concern since they are crucial to distribute and combine several keys to achieve PCS.

In this work, we provide a computational analysis of the MLS key schedule, TreeKEM and their composition, as specified in Draft 11 of the MLS RFC. The analysis is carried out using the State Separating Proofs methodology [9], and showcases the flexibility of the approach, enabling us to provide a full computational analysis shortly after Draft 11 was published.
Expand
Dmitry Schelkunov
ePrint Report ePrint Report
We present an approach for designing fast public key encryption cryptosystems using random primitives and error permutation. An encryption speed of such systems allows to use them for “on-the-fly” public key encryption and makes them useful for real-time communications. A small error size allows to use this approach for designing digital signature schemes
Expand
Masayuki Abe, Miguel Ambrona, Andrej Bogdanov, Miyako Ohkubo, Alon Rosen
ePrint Report ePrint Report
Cramer, Damgård, and Schoenmakers (CDS) built a proof system to demonstrate the possession of subsets of witnesses for a given collection of statements that belong to a prescribed access structure P by composing so-called sigma-protocols for each atomic statement. Their verifier complexity is linear in the size of the monotone span program representation of P. We propose an alternative method for combining sigma-protocols into a single non-interactive system for a compound statement in the random oracle model. In contrast to CDS, our verifier complexity is linear in the size of the acyclicity program representation of P, a complete model of monotone computation introduced in this work. We show that the acyclicity program size of a predicate is never larger than its de Morgan formula size and it is polynomially incomparable to its monotone span program size. We additionally present an extension of our proof system, with verifier complexity linear in the monotone circuit size of P, in the common reference string model. Finally, considering the types of statement that naturally reduce to acyclicity programming, we discuss several applications of our new methods to protecting privacy in cryptocurrency and social networks.
Expand
Marco Baldi, Jean-Christophe Deneuville, Edoardo Persichetti, Paolo Santini
ePrint Report ePrint Report
In this work, we consider a recent application of coding theory in the context of post-quantum digital signature schemes, and their cryptanalysis. We indeed implement an attack on the recent attempt by Li, Xing and Yeo to produce a code-based signature scheme using the Schnorr-Lyubashevsky approach in the Hamming metric. Differently from other (unsuccessful) proposals, this new scheme exploits rejection sampling along with dense noise vectors to hide the secret key structure in produced signatures. We show that these measures, besides yielding very slow signing times and rather long signatures, do not succeed in protecting the secret key. We are indeed able to prove the existence of a strong correlation between produced signatures, which ultimately leaks information about the secret key. To support this claim, we use both theoretical arguments and numerical evidences. Finally, we employ such a weakness to mount a full key recovery attack, which is able to recover the secret key after the observation of a bunch of signatures.
Expand
Ravital Solomon, Ghada Almashaqbeh
ePrint Report ePrint Report
Smart contract-enabled blockchains represent a powerful tool in supporting a large variety of applications. Despite their salient features of transparency, decentralization, and expressiveness, building privacy-preserving applications using these platforms remains an open question. Existing solutions fall short in achieving this goal since they support a limited operation set, only support private computation on inputs belonging to one user, or even ask the users themselves to perform the computations off-chain. In this paper, we propose smartFHE, a modular framework to support private smart contracts that utilizes fully homomorphic encryption (FHE). The smartFHE framework allows users to build arbitrary decentralized applications that preserve input/output privacy for inputs belonging to the same user or even different users. This is achieved by employing single and multi-key FHE to compute over private (encrypted) data and account balances, along with efficient zero-knowledge proof systems to prove well-formedness of private transactions. Crucially, our framework is "modular" since any FHE and ZKP scheme can be used so long as they satisfy certain minimal requirements with respect to correctness and security. Furthermore, smartFHE reduces the burden on the user, since miners translate smart contract code into public or private operations based on whether the accounts involved are public or private. In proposing smartFHE, we define notions for a privacy-preserving smart contract (PPSC) scheme along with its correctness and security. We provide a concrete instantiation of a PPSC using the smartFHE framework. Finally, we consider further extensions/optimizations.
Expand

08 February 2021

-
Event Calendar Event Calendar
Event date: to
Submission deadline: 23 November 2021
Expand
-
Event Calendar Event Calendar
Event date: to
Submission deadline: 1 September 2021
Expand
-
Event Calendar Event Calendar
Event date: to
Submission deadline: 1 June 2021
Expand
-
Event Calendar Event Calendar
Event date: to
Submission deadline: 1 March 2021
Expand
TU Delft, Netherlands
Job Posting Job Posting
Cybersecurity group at TU Delft opens a few positions for post-doc researchers and PhD on the topic of cryptographic protocols and implementation. The positions will be supported by H2020 projects. We are looking for candidates with: for PhD (i) strong math or computer science background, (ii) adequate programming ability, (iii) good communication skills, and sufficient English qualification, e.g., IELTS; as for post-doc: (i) strong cryptographic background, (ii) high-quality publications in cryptography, information security and privacy enhancing technology fields - conferences (e.g., NDSS, CCS, S&P, etc.) or/and journals; (iii) excellent communication skills; (iv) previous project experiences will be an extra bonus.

As one of the best engineering universities, TU Delft provides excellent future career training and opportunities, research environment and facilities to international and national academic researchers. Competitive salary, tax benefit and welfare package will be provided. Note the start date of the post-doc and PhD could be flexible but no later than the end of this year (2021).

Applicants should prepare and send their CVs, certificates, and transcripts to the following contact email.

Closing date for applications:

Contact: Dr. R. Wang

Expand
University of Westminster
Job Posting Job Posting

The Centre for Parallel Computing (CPC) at the University of Westminster is looking for a Research Associate in Cloud Security to carry out research mainly focusing on digital twins and smart factories security (as part of several EU research projects).

The successful candidate will carry out tasks in relation to the design and development of novel secure and privacy-preserving cloud/edge/fog orchestration solutions and is expected to contribute to writing project deliverables and research papers. We expect candidates to have a strong research background in network security and/or applied cryptography. Proven research in areas such as trusted computing, cloud security, safety verification, security verification, data privacy, cyber-physical and internet of things security and cloud or mobile security will be considered as a plus.

The Centre for Parallel Computing is one of the leading research centres in distributed and parallel computation technologies. In particular, the CPC is engaged in research in Distributed Computing Infrastructures such as edge-fog-cloud ecosystems, specifically concentrating on the secure and automated deployment, orchestration and scalability of a large variety of applications in such environments. The CPC has a well-established track record of securing research funding in large-scale collaborative research projects, leading and contributing to more than 15 projects in the last 10 years.

Salary: £35,743 to £40,646 per annum

Closing date for applications:

Contact: Tamas Kiss

More information: https://vacancies.westminster.ac.uk/hrvacancies/default.aspx?id=50052971

Expand
Visa Research
Job Posting Job Posting
We are currently focused on building world-class research teams in three key areas: Security, Data Analytics, and Future of Payment, and we are looking for outstanding and innovative researchers at all levels of experience as part of the Advanced Cryptography Research team.

Working on Cryptography research at Visa is a unique opportunity at a time when the payments industry is undergoing a digital transformation, and with security technologies as the critical enabler for a growing number of emerging payment models and usage scenarios. We offer you the opportunity to be at the center of innovation in the payments industry and set the security direction for Visa and the future payment ecosystem.

As a Research Scientist you will work with a team to conduct world-class security research and contribute to the long-term research agenda for digital payments, as well as deliver innovative technologies and insights to Visa's strategic products and business. As an integral team member of the extended Research team, you will work on research and development activities with fellow researchers, and work closely with product and technology teams to ensure the successful creation and application of disruptive and innovative security technologies.

More information: https://usa.visa.com/careers/job-details.jobid.743999733735539.deptid.868588.html

Closing date for applications:

Contact: Apply online at: https://usa.visa.com/careers/job-details.jobid.743999733735539.deptid.868588.html

More information: https://usa.visa.com/careers/job-details.jobid.743999733735539.deptid.868588.html

Expand

07 February 2021

Habeeb Syed
ePrint Report ePrint Report
Consider finite prime fields $\mathbb{F}_p$ for which $2$ is primitive element. In this short we propose a new algorithm to compute discrete log in such finite fields. Our algorithm is based on elementary properties of finite fields and is purely theoretical in nature. Further, complexity of the algorithm is exponential in nature and as such it is not being suggested for any computational purposes.
Expand
◄ Previous Next ►