International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

Here you can see all recent updates to the IACR webpage. These updates are also available:

email icon
via email
RSS symbol icon
via RSS feed

03 May 2021

Vadim Lyubashevsky, Ngoc Khanh Nguyen, Gregor Seiler
ePrint Report ePrint Report
In a set membership proof, the public information consists of a set of elements and a commitment. The prover then produces a zero-knowledge proof showing that the commitment is indeed to some element from the set. This primitive is closely related to concepts like ring signatures and ``one-out-of-many'' proofs that underlie many anonymity and privacy protocols. The main result of this work is a new succinct lattice-based set membership proof whose size is logarithmic in the size of the set.

We also give a transformation of our set membership proof to a ring signature scheme. The ring signature size is also logarithmic in the size of the public key set and has size $\raapprox$~KB for a set of $2^5$ elements, and $\rdapprox$~KB for a set of size $2^{25}$. At an approximately $128$-bit security level, these outputs are between 1.5X and 7X smaller than the current state of the art succinct ring signatures of Beullens et al. (Asiacrypt 2020) and Esgin et al. (CCS 2019).

We then show that our ring signature, combined with a few other techniques and optimizations, can be turned into a fairly efficient Monero-like confidential transaction system based on the MatRiCT framework of Esgin et al. (CCS 2019). With our new techniques, we are able to reduce the transaction proof size by factors of about 4X - 10X over the aforementioned work. For example, a transaction with two inputs and two outputs, where each input is hidden among $2^{15}$ other accounts, requires approximately $30$KB in our protocol.
Expand
Mojtaba Bisheh-Niasar, Reza Azarderakhsh, Mehran Mozaffari-Kermani
ePrint Report ePrint Report
This paper demonstrates an architecture for accelerating the polynomial multiplication using number theoretic transform (NTT). Kyber is one of the finalists in the third round of the NIST post-quantum cryptography standardization process. Simultaneously, the performance of NTT execution is its main challenge, requiring large memory and complex memory access pattern. In this paper, an efficient NTT architecture is presented to improve the respective computation time. We propose several optimization strategies for efficiency improvement targeting different performance requirements for various applications. Our NTT architecture, including four butterfly cores, occupies only 798 LUTs and 715 FFs on a small Artix-7 FPGA, showing more than 44% improvement compared to the best previous work. We also implement a coprocessor architecture for Kyber KEM benefiting from our high-speed NTT core to accomplish three phases of the key exchange in 9, 12, and 19 \mus, respectively, operating at 200 MHz.
Expand
Wouter Castryck, Ann Dooms, Carlo Emerencia, Alexander Lemmens
ePrint Report ePrint Report
It follows from a result by Friedl, Ivanyos, Magniez, Santha and Sen from 2014 that, for any fixed integer $m > 0$ (thought of as being small), there exists a quantum algorithm for solving the hidden shift problem in an arbitrary finite abelian group $(G, +)$ with time complexity poly$( \log |G|) \cdot 2^{O(\sqrt{\log |mG|})}$. As discussed in the current paper, this can be viewed as a modest statement of Pohlig-Hellman type for hard homogeneous spaces. Our main contribution is a simpler algorithm achieving the same runtime for $m = 2^tp$, with $t$ any non-negative integer and $p$ any prime number, where additionally the memory requirements are mostly in terms of quantum random access classical memory; indeed, the amount of qubits that need to be stored is poly$( \log |G|)$. Our central tool is an extension of Peikert's adaptation of Kuperberg's collimation sieve to arbitrary finite abelian groups. This allows for a reduction, in said time, to the hidden shift problem in the quotient $G/2^tpG$, which can then be tackled in polynomial time, by combining methods by Friedl et al. for $p$-torsion groups and by Bonnetain and Naya-Plasencia for $2^t$-torsion groups.
Expand
Pakize Sanal, Emrah Karagoz, Hwajeong Seo, Reza Azarderakhsh, Mehran Mozaffari-Kermani
ePrint Report ePrint Report
Public-key cryptography based on the lattice problem is efficient and believed to be secure in a post-quantum era. In this paper, we introduce carefully optimized implementations of Kyber encryption schemes for 64-bit ARM Cortex-A processors. Our research contribution includes several optimizations for Number Theoretic Transform (NTT), noise sampling, and AES accelerator based symmetric function implementations. The proposed Kyber512 implementation on ARM64 improved previous works by 1.72×, 1.88×, and 2.29× for key generation, encapsulation, and decapsulation, respectively. Moreover, by using AES accelerator in the proposed Kyber512-90s implementation, it is improved by 8.57×, 6.94×, and 8.26× for key generation, encapsulation, and decapsulation, respectively. These results set new speed records for Kyber encryption on 64-bit ARM Cortex-A processors.
Expand
Nael Rahman, Vladimir Shpilrain
ePrint Report ePrint Report
We use matrices over bit strings as platforms for Diffie-Hellman-like public key exchange protocols. When multiplying matrices like that, we use Boolean OR operation on bit strings in place of addition and Boolean AND operation in place of multiplication. As a result, (1) computations with these matrices are very efficient; (2) standard methods of attacking Diffie-Hellman-like protocols are not applicable.
Expand
Andrés Fabrega, Ueli Maurer, Marta Mularczyk
ePrint Report ePrint Report
Updatable encryption (UE) is symmetric encryption which additionally supports key rotation. UE was introduced for scenarios where a user stores encrypted data on a cloud and, in order to mitigate secret key leakage, periodically sends a short update token, which the cloud uses to re-encrypt stored data to a fresh key. A long line of research resulted in a wide variety of security properties UE schemes can provide, including confidentiality, integrity protection, and hiding metadata. Unfortunately, given the complexity and nuances in the definitions, different properties are difficult to compare for non-experts, making it hard to judge which scheme provides the best security-efficiency trade-off for a given application.

In this work, we challenge the approach of defining UE as a primitive with a set of properties. As an alternative, we propose to treat UE as an interactive protocol, whose goal is to implement secure outsourced storage, using limited and imperfect resources (such as a small, leakable memory). To facilitate this approach, we introduce a framework that allows to easily formalize different security guarantees and available resources, making security-efficiency trade-offs of UE protocols easy to compare.

We believe that our approach opens the way for many constructions of secure storage that are not compatible with the currently defined syntax of UE. Indeed, we propose two new protocols: one for the setting with adversaries who control randomness (an attack vector so far not considered for UE), and one for the setting with adversaries that actively tamper with memory. Both protocols provide stronger confidentiality guarantees than all existing UE schemes.
Expand
Kristian Gjøsteen, Thomas Haines, Johannes Müller, Peter Rønne, Tjerand Silde
ePrint Report ePrint Report
In this work we present a new approach to verifiable decryption which converts a 2-party passively secure distributed decryption protocol into a 1-party proof of correct decryption. To introduce our idea, we first present a toy example for an ElGamal distributed decryption protocol before applying our method to a lattice-based scheme. This leads to an efficient lattice-based verifiable decryption with only one server; it has lightweight computations as we reduce the need of zero-knowledge proofs. We believe the flexibility of the general technique is interesting and provides attractive trade-offs between complexity and security, in particular for the interactive variant where the online phase can be very efficient.
Expand

02 May 2021

Rabdan Academy (Government Sector) - Abu Dhabi - UAE
Job Posting Job Posting
Overview of Rabdan Academy: The Academy is a government-owned world class education institution established to coordinate and enhance learning outcomes for organizations and individuals in the safety, security, defense, emergency preparedness and crisis management sectors. Rabdan Academy was officially established under Law No. 7 for 2013, issued by President His Highness Sheikh Khalifa bin Zayed Al Nahyan in his capacity as Ruler of Abu Dhabi and is accredited by the UAE's Commission for Academic Accreditation (CAA) of the Ministry of Higher Education & Scientific Research. The academy is the first in UAE in providing learning in dual approach of combining academic and vocational education in one place whilst recognizing prior learning and experience and providing accredited and transferable credit from course to course and job to job. Key Objectives: To contribute and assist Rabdan Academy in achieving its Research Strategy and build an outstanding record in research related to contemporary issues related to Rabdan Academy’s mandate in developing safety, security, defence, emergency preparedness and crisis management (SSDEC) and ensuring students and activities are to positively contribute to improving the resilience of the nation. Key Responsibilities Reporting directly to the Assistant Dean of Research, the Researcher is responsible for producing peer reviewed research papers to be published in Quartile 1 Scopus Indexed Journals in arears related to safety, security, defence, emergency preparedness and crisis management (SSDEC), including but not limited to: • Carrying out approved scholarly research activities; • Contributing to RA related scholarship, research projects, and initiatives; * Working Closely with other colleagues from the homeland security Program on some projects with our stakeholders ( Ministry of defense, Ministry • Publish research papers in the top 10% most cited publications in its subject, to increase their work visibility, hence, number of citations; • Collaborate with other researchers to conduct joint researc

Closing date for applications:

Contact: Mr. Amir Adel - Recruitment Specialist

More information: https://ra.ac.ae/

Expand
Université de Picardie Jules Verne, Amiens, France
Job Posting Job Posting
The GOC group at MIS, University of Picardie Jules Verne is hiring a two-year postdoctoral researcher to work on the POSTCRYPTUM project, funded by the Agence Nationale de Recherche (ANR) and AID/DGA. This is a three-years project focused on algebraic cryptanalysis of public key cryptosystems, focused mainly on post-quantum schemes. For more details on the project, please check here: https://home.mis.u-picardie.fr/~ionica/postcryptum/Welcome.html The ideal candidate should hold a Phd degree in Computer Science or Mathematics, with a taste for cryptography, experimental mathematics and computation. He or she should have experience in one or several of the following areas: multivariate cryptography, coding theory, elliptic curves, polynomial system solving, Gröbner basis, linearization algorithms, linear algebra, exhaustive search, SAT solvers, hybrid methods for polynomial system solving. The starting date is flexible, but preferably around October 2021. For more information, please contact us (sorina.ionica@u-picardie.fr) before sending in your application.

Closing date for applications:

Contact: Sorina Ionica

More information: https://home.mis.u-picardie.fr/~ionica/postcryptum/Welcome.html

Expand
Seconize Technologies
Job Posting Job Posting
Seconize is an award winning Cyber Risk and Compliance Management Product Startup. We are currently looking to hire a seasoned Security Tester with below skills and requirements. 1. Security Testing of Telecom Products (3G/4G/GSM/5G) or related 2. Security Testing of IOT products, Proprietary Hardware , Networking Products 3. Thorough understanding of Cryptography protocols, techniques 4. Hands on Testing of PKI, Key Management, Cryptography Libraries and Implementations 5. Hands on experience with Standards such FIPS, NIST Security (SP 800-175b) OR ISO19790 or relevant 6. Ability to understand the business context of target applications and doing business logic testing 7. Ability to interact with Customers in a professional way 8. Minimum of 5 - 8 years of experience 8. Certifications like OSCP, CEH or relavant are mandatory The position is currently Remote (India-only), candidate should be ready to move to Bengaluru when needed.

Closing date for applications:

Contact: Sashank Dara

Expand

29 April 2021

IBM Research, Zurich
Job Posting Job Posting
The IBM cryptography research group in Zurich is looking for a Ph.D. student and/or a post-doctoral scholar to work in the area of lattice-based zero-knowledge proofs.

The ideal candidate should have:

  • Very good implementation skills – preferably in C or C++
  • A solid mathematical background – e.g. abstract algebra and some basic familiarity with algebraic number theory is a plus
  • High motivation for creating efficient theoretical cryptographic designs and turning them into prototypes and high-quality optimized implementations
  • Papers in top cryptography conferences (for the post-doc position)
  • Prior experience working with ZK proofs (not necessarily lattice-based) is a plus

    This position is funded by a European ERC project, and all its output will be open source and patent-free. So a positive attitude towards contributing to the open source community is also a requirement.

    The IBM research lab is located in Ruschlikon, a lakeside town that is reachable in 10 minutes by direct public transport from central Zurich. English is the working language at the lab, and it is also widely understood and spoken in Zurich and its surrounding regions.

    The group offers very good working conditions, with the majority of our time being spent purely on research activities. It is also currently one of the leading research groups in quantum-safe cryptography, with some of its members (Luca de Feo, Vadim Lyubashevsky, and Gregor Seiler) significantly contributing to the invention, design, and implementation of several finalists in the ongoing NIST post-quantum standardization effort.

    To apply, please include a C.V., a brief motivation letter, and the names and email addresses of two references. If you have contributed to open source projects, please include a link to the repository and a brief explanation of your role. The starting date is flexible, but the sooner the better.

    Closing date for applications:

    Contact: If interested, please send the application to: Vadim Lyubashevsky; vad@zurich.ibm.com; with "ZK APPLICATION" as the subject line

  • Expand
    Beersheba, Israel, 31 May - 2 June 2021
    Event Calendar Event Calendar
    Event date: 31 May to 2 June 2021
    Submission deadline: 27 May 2021
    Notification: 29 May 2021
    Expand
    Virtual event, Anywhere on Earth, 27 October -
    Event Calendar Event Calendar
    Event date: 27 October to
    Submission deadline: 21 June 2021
    Notification: 19 July 2021
    Expand
    Virtual event, Anywhere on Earth, 15 August 2021
    Event Calendar Event Calendar
    Event date: 15 August 2021
    Submission deadline: 1 June 2021
    Notification: 1 July 2021
    Expand

    28 April 2021

    University of Klagenfurt, Austria
    Job Posting Job Posting

    The Cybersecurity research group, headed by Elisabeth Oswald, is a relatively new group established in Austria's sunny south. The group currently features a diverse range of members (from France, Iran, India, and China). Current members work on topics such as leakage profiling, advanced leakage simulators, attacks (utilising deep learning), statistical foundations, and hardware aspects of side channels. The group receives funding from the ERC, as well as local funding, and thus offers a supportive research environment (both financially as well as from a human perspective).

    The group is looking to grow by two more members: one post doc and one doctoral student. The group is particularly keen to expand their existing coverage of topics and seeks researchers with an interest in

    • compilers/languages to support the secure implementation of cryptographic primitives
    • machine/deep learning
    • secure implementations w.r.t. the RISC-V instruction set

    A good candidate for the Post-doc position will have some existing publications in relevant venues (IACR conferences or workshops, journals, or system security venues), enjoy working with people in an international context, and love water, sun, and mountains.

    A good candidate for the PhD position will have a background in either computer science, maths, or statistics (an MSc level degree is required), will ideally have done some project in a crypto/security related topic, enjoy working with people in an international context, and love water, sun, and mountains.

    The funding for the Post-Doc Position is available until 31.08.2023. The funding for the PhD position is for 40 months. Rates are set according to a standard collective agreement for such positions (Kollektivvertrag), but the salary for the Post-Doc position can be adjusted depending on previous experience.

    Don't hesitate to get in touch with Elisabeth Oswald for informal enquiries, or to apply!

    Closing date for applications:

    Contact: Please contact Elisabeth . Oswald @ aau . at

    More information: http://www.cybersecurityresearch.at

    Expand
    Thijs Laarhoven, Michael Walter
    ePrint Report ePrint Report
    The dual attack has long been considered a relevant attack on lattice-based cryptographic schemes relying on the hardness of learning with errors (LWE) and its structured variants. As solving LWE corresponds to finding a nearest point on a lattice, one may naturally wonder how efficient this dual approach is for solving more general closest vector problems, such as the classical closest vector problem (CVP), the variants bounded distance decoding (BDD) and approximate CVP, and preprocessing versions of these problems. While primal, sieving-based solutions to these problems (with preprocessing) were recently studied in a series of works on approximate Voronoi cells, for the dual attack no such overview exists, especially for problems with preprocessing. With one of the take-away messages of the approximate Voronoi cell line of work being that primal attacks work well for approximate CVP(P) but scale poorly for BDD(P), one may wonder if the dual attack suffers the same drawbacks, or if it is a better method for solving BDD(P).

    In this work we provide an overview of cost estimates for dual algorithms for solving these ''classical'' closest lattice vector problems. Heuristically we expect to solve the search version of average-case CVPP in time and space $2^{0.293d + o(d)}$. For the distinguishing version of average-case CVPP, where we wish to distinguish between random targets and targets planted at distance approximately the Gaussian heuristic from the lattice, we obtain the same complexity in the single-target model, and we obtain query time and space complexities of $2^{0.195d + o(d)}$ in the multi-target setting, where we are given a large number of targets from either target distribution. This suggests an inequivalence between distinguishing and searching, as we do not expect a similar improvement in the multi-target setting to hold for search-CVPP. We analyze three slightly different decoders, both for distinguishing and searching, and experimentally obtain concrete cost estimates for the dual attack in dimensions $50$ to $80$, which confirm our heuristic assumptions, and show that the hidden order terms in the asymptotic estimates are quite small.

    Our main take-away message is that the dual attack appears to mirror the approximate Voronoi cell line of work -- whereas using approximate Voronoi cells works well for approximate CVP(P) but scales poorly for BDD(P), the dual approach scales well for BDD(P) instances but performs poorly on approximate CVP(P).
    Expand
    Leo Robert, Daiki Miyahara, Pascal Lafourcade, Takaaki Mizuk
    ePrint Report ePrint Report
    During the last years, many Physical Zero-knowledge Proof(ZKP) protocols for Nikoli’s puzzles have been designed. In this paper, we propose two ZKP protocols for the two Nikoli’s puzzles called Nurikabe and Hitori. These two puzzles have some similarities, since in their rules at least one condition requires that some cells are connected to each other, horizontally or vertically. The novelty in this paper is to propose two techniques that allow us to prove such connectivity without leaking any information about a solution.
    Expand
    Nils Wisiol, Khalid T. Mursi, Jean-Pierre Seifert, Yu Zhuang
    ePrint Report ePrint Report
    By revisiting recent neural-network based modeling attacks on XOR Arbiter PUFs from the literature, we show that XOR Arbiter PUFs and Interpose PUFs can be attacked faster, up to larger security parameters, and with orders of magnitude fewer challenge-response pairs than previously known. To support our claim, we discuss the differences and similarities of recently proposed modeling attacks and offer a fair comparison of the performance of these attacks by implementing all of them using the popular machine learning framework Keras and comparing their performance against the well-studied Logistic Regression attack. Our findings show that neural-network-based modeling attacks have the potential to outperform traditional modeling attacks on PUFs and must hence become part of the standard toolbox for PUF security analysis; the code and discussion in this paper can serve as a basis for the extension of our results to PUF designs beyond the scope of this work.
    Expand

    27 April 2021

    Gyeongju Song, Kyungbae Jang, Hyunji Kim, Wai-Kong Lee, Hwajeong Seo
    ePrint Report ePrint Report
    Quantum computers can solve or accelerate specific problems that were not possible with classical computers. Grover's search algorithm, a representative quantum algorithm, finds a specific solution from $N$ unsorted data with $O(\sqrt{N})$ queries. This quantum algorithm can be used to recover the key of symmetric cryptography. In this paper, we present a practical quantum attack using Grover's search to recover the key of ciphers (Caesar and Vigenère). The proposed quantum attack is simulated with quantum programming tools (ProjectQ and Qiskit) provided by IBM. Finally, we minimize the use of quantum resources and recover the key with a high probability.
    Expand
    Daniel De Almeida Braga, Pierre-Alain Fouque, Mohamed Sabt
    ePrint Report ePrint Report
    Protocols for password-based authenticated key exchange (PAKE) allow two users sharing only a short, low-entropy password to establish a secure session with a cryptographically strong key. The challenge in designing such protocols is that they must resist offline dictionary attacks in which an attacker exhaustively enumerates the dictionary of likely passwords in an attempt to match the used password. In this paper, we study the resilience of one particular PAKE against these attacks. Indeed, we focus on the Secure Remote Password (SRP) protocol that was designed by T. Wu in 1998. Despite its lack of formal security proof, SRP has become a de-facto standard. For more than 20 years, many projects have turned towards SRP for their authentication solution, thanks to the availability of open-source implementations with no restrictive licenses. Of particular interest, we mention the Stanford reference implementation (in C and Java) and the OpenSSL one (in C).

    In this paper, we analyze the security of the SRP implementation inside the OpenSSL library. In particular, we identify that this implementation is vulnerable to offline dictionary attacks. Indeed, we exploit a call for a function computing modular exponentiation of big numbers in OpenSSL. In the SRP protocol, this function leads to the call of a non-constant time function, thereby leaking some information about the used password when leveraging cache-based \textsc{Flush+Reload} timing attack. Then, we show that our attack is practical, since it only requires one single trace, despite the noise of cache measurements. In addition, the attack is quite efficient as the reduction of some common dictionaries is very fast using modern resources at negligible cost. We also prove that the scope of our vulnerability is not only limited to OpenSSL, since many other projects, including Stanford's, ProtonMail and Apple Homekit, rely on OpenSSL, which makes them vulnerable. We find that our flaw might also impact projects written in Python, Erlang, JavaScript and Ruby, as long as they load the OpenSSL dynamic library for their big number operations. We disclosed our attack to OpenSSL who acknowledged the attack and timely fixed the vulnerability.
    Expand
    ◄ Previous Next ►