IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
22 July 2021
Gregor Leander, Thorben Moos, Amir Moradi, Shahram Rasoolzadeh
ePrint ReportLichao Wu, Guilherme Perin, Stjepan Picek
ePrint ReportWe take another look at the template attack, and we devise a feature engineering phase allowing template attacks to compete or even outperform state-of-the-art deep learning-based side-channel attacks. More precisely, we show how a deep learning technique called the triplet model can be used to find highly efficient embeddings of input data, which can then be fed into the template attack resulting in powerful attacks.
Jonas Ruchti, Michael Gruber, Michael Pehl
ePrint ReportArpita Patra, Akshayaram Srinivasan
ePrint ReportMike Hamburg, Julius Hermelink, Robert Primas, Simona Samardjiska, Thomas Schamberger, Silvan Streit, Emanuele Strieder, Christine van Vredendaal
ePrint ReportIn this paper, we answer this question positively. First, we present a method for crafting ring/module-LWE ciphertexts that result in sparse polynomials at the input of inverse NTT computations, independent of the used private key. We then demonstrate how this sparseness can be incorporated into a side-channel attack, thereby significantly improving noise resistance of the attack compared to previous works. The effectiveness of our attack is shown on the use-case of CCA2 secure Kyber $k$-module-LWE, where $k\in\{2,3,4\}$. Our $k$-trace attack on the long-term secret can handle noise up to a $\sigma \leq 1.2$ in the noisy Hamming weight leakage model, also for masked implementations. A $2k$-trace variant for Kyber1024 even allows noise $\sigma \leq 2.2$ also in the masked case, with more traces allowing us to recover keys up to $\sigma \leq 2.7$. Single-trace attack variants have a noise tolerance depending on the Kyber parameter set, ranging from $\sigma \leq 0.5$ to $\sigma \leq 0.7$. As a comparison, similar previous attacks in the masked setting were only successful with $\sigma \leq 0.5$.
Mathilde Chenu, Benjamin Smith
ePrint ReportJose Maria Bermudo Mera, Angshuman Karmakar, Suparna Kundu, Ingrid Verbauwhede
ePrint ReportKeita Emura, Ryoma Ito, Sachiko Kanamori, Ryo Nojima, Yohei Watanabe
ePrint ReportLichao Wu, Guilherme Perin, Stjepan Picek
ePrint ReportThis paper considers how to evaluate deep learning-based side-channel analysis and whether the commonly used techniques give the best results. To that end, we consider different summary statistics and the influence of algorithmic randomness on the stability of profiling models. Our results show that besides commonly used metrics like guessing entropy, one should also show the standard deviation results to assess the attack performance properly. Our results show that using the arithmetic mean for guessing entropy does not yield the best results, and instead, a geometric mean should be used.
Melissa Azouaoui, Olivier Bronchain, Vincent Grosso, Kostas Papagiannopoulos, François-Xavier Standaert
ePrint ReportSébastien Duval, Pierrick Méaux, Charles Momin, François-Xavier Standaert
ePrint ReportYifeng Song, Danyang Zhu, Jing Tian, Zhongfeng Wang
ePrint Report19 July 2021
Zilliqa Research Pte. Ltd., Remote position
Job PostingThe research team at Zilliqa consists of senior researchers and research engineers working on distributed systems, programming languages, system security and formal verification. Since starting in late 2017, the team has produced several scientific and engineering work ranging from distributed systems, e.g., the sharding design for scaling blockchains that is now being adopted by several other platforms; to programming languages, e.g., a new principled smart contract language amenable to formal verification called Scilla among others.
We firmly believe in conducting research with practical significance in the blockchain space and particularly research that can go into production systems like Zilliqa, Ethereum or Bitcoin.
Role Overview: As a blockchain researcher, you will be responsible for conducting impactful research that can improve the state of the art blockchain infrastructures and in particular the Zilliqa blockchain. In this role, you will be working very closely with the research team as well as system engineers. We offer a competitive salary, a creative work environment and an opportunity to push a research contribution into a production system.
Scope of Role: We are looking for a researcher with experience in blockchains, distributed systems and applied cryptography. The role will require the researcher to identify key research problems in the blockchain space and the Zilliqa platform in particular and conduct impactful research.
Experience:
Applying for this Role: Contact us by sending your updated CV.
Closing date for applications:
Contact: amrit@zilliqa.com
TU Darmstadt, Germany
Job PostingJob description: You'll work in the research training group/doctoral college Privacy & Trust for Mobile Users funded by the German Research Foundation (DFG). In our sub-project, we build cryptography-based private machine learning services for mobile applications and investigate their legal applicability (data protection) and economic feasibility in interdisciplinary collaborations. You conduct research, implement prototypes, and publish&present the results at top venues. You'll participate in teaching and supervise thesis students & student assistants.
We offer: We demonstrate that privacy is efficiently protectable in real-world applications via cryptographic protocols. Our open and international working environment facilitates excellent research in a sociable team. TU Darmstadt is a top research university for IT security, cryptography and CS in Europe. Darmstadt is a very international, livable and well-connected city in the Rhine-Main area around Frankfurt. Knowledge of German is beneficial, but not required, and TU Darmstadt offers corresponding support.
Your profile:
- Completed Master's degree (or equivalent) at a top university with excellent grades in IT security, computer science, or a similar area.
- Extensive knowledge in applied cryptography/IT security and very good software development skills. Knowledge in cryptographic protocols (ideally MPC) is a plus.
- Experience with/motivation for working with other disciplines, e.g., law or economics.
- Self-motivated, reliable, creative, can work independently, and want to do excellent research.
- Our working language is English: able to discuss/write/present scientific results in English. German is beneficial but not required.
Closing date for applications:
Contact: Thomas Schneider (application@encrypto.cs.tu-darmstadt.de)
More information: https://encrypto.de/2021-RTG-EN
Brandenburg University of Technology (BTU) Cottbus-Senftenberg
Job PostingSeveral PhD positions (TV-L 13, full time) in the area of self-learning. Anomaly detection for critical infrastructure, secure cyber-physical Systems, Artificial Intelligence/Machine Learning for Encrypted Network Traffic Analysis (Traffic Analysis) at the Brandenburg University of Technology (BTU Cottbus) are to be filled as soon as possible.
English-speaking applicants with basic German language skills are also welcome.
Tasks:
Active research in the area of intrusion detection systems (IDS) for critical infrastructures, secure cyber-physical systems, and artificial intelligence / machine learning for traffic analysis.
Implementation and evaluation of new algorithms and methods.
Cooperation and knowledge transfer with industrial partners.
Publication of scientific results.
Assistance with teaching.
The employment takes place with the goal of doctoral graduation (obtaining a PhD degree).
Requirements:
Recognized above-average master's degree in computer science or a related discipline
Very good English skills
Programming skills
Interest in IT security/privacy/networking.
Applications containing the following documents:
A detailed Curriculum Vitae.
Transcript of records from your Master studies.
An electronic version of your Master thesis, if possible should be sent in a single PDF file as soon as possible, but not later than 30.07.2021 at itsec-jobs.informatik@lists.b-tu.de.
Closing date for applications:
Contact: Prof. A. Panchenko
More information: https://www.informatik.tu-cottbus.de/~andriy/phd-ad-btu_en.pdf
15 July 2021
Yokohama, Japan, 7 March - 11 March 2022
PKCSubmission deadline: 6 September 2021
Notification: 30 November 2021
University of Stuttgart, Institute of Information Security
Job Postingfully-funded Postdoc position in formal verification.
The successful candidate is expected to work on tool-supported formal verification of security-critical systems and security protocols.
The position is available immediately with an internationally competitive salary (German public salary scale TV-L E13, or TV-L E14, depending on the candidate's qualification, ranging from about 4.600 Euro to 6.200 Euro monthly gross salary). The appointment period follows the German Wissenschaftszeitvertragsgesetz (WissZeitVg), ranging from one year to up to six years.
The Institute of Information Security offers a creative international environment for top-level international research in Germany's high-tech region.
The successful candidate should have a Ph.D. (or should be very close to completion thereof) in Computer Science, Mathematics, Information Security, or a related field. We value strong analytical skills and
- solid knowledge of logic, proofs and/or formal verification techniques (Theorem Proving, Type Checking, etc.),
- solid programming experience.
The deadline for applications is
August 1st, 2021.
Late applications will be considered until the position is filled. See the official job announcement for details on how to apply.
https://www.sec.uni-stuttgart.de/institute/job-openings/
Closing date for applications:
Contact: Prof. Ralf Küsters
Institute of Information Security
University of Stuttgart
Germany
ralf.kuesters@sec.uni-stuttgart.de
More information: https://www.sec.uni-stuttgart.de/institute/job-openings/
QPQ
Job PostingDo you want to design, code and co-invent the next generation of Distributed Systems protocols?
At QPQ, we are building the Internet of Economics, a new approach to a compliant and regulated financial systems infrastructure.
Join a team of mathematicians, computer scientists, engineers and self-taught individuals.
What do we give you?
- A stimulating, Socratic intellectual environment.
- As Socratic implies, we want you to have a voice. We do not recruit brilliant people to put them in boxes, we recruit brilliant people so they can push the horizons even further.
- Hybrid office approach – we have been a distributed workforce from the start. This role is centred around our European axis, so we expect you to live within +/- 2 hours of CET. We get together a complete team every quarter, so you must be willing to travel and embrace being part of a diverse team drawn from many walks of life and cultures.
- Competitive salary, travel expense budget and many future opportunities to participate in the company’s growth.
- The mother of all intellectual challenges!
- Perform research and engineering on cryptographic protocols applied in a DeFi context.
- Working with a multi-faceted team of practitioners on a set of blockchain-based privacy protocols interacting in a DeFi environment and providing compliance with financial regulations.
- Focus on modern zero knowledge protocols that guarantee privacy and compliance.
- Master or Ph.D. in cryptography or a closely related field.
- Be able to prototype protocols/schemes/algorithms in at least one relevant programming language.
- General understanding of full-stack system architecture.
- Have a thorough approach and be committed to high quality output.
- Have prior research/code already published in the space.
- A proactive, self-driven approach and problem-solving mindset.
Closing date for applications:
Contact: Emanuele Ragnoli at opportunities at qpq.io
QPQ
Job PostingDo you want to design, code and co-invent the next generation of Distributed Systems protocols?
At QPQ, we are building the Internet of Economics, a new approach to a compliant and regulated financial systems infrastructure. Join a team of mathematicians, computer scientists, engineers and self-taught individuals.
What do we give you?
- A stimulating, Socratic intellectual environment. As Socratic implies, we want you to have a voice. We do not recruit brilliant people to put them in boxes, we recruit brilliant people so they can push the horizons even further.
- Hybrid office approach – we have been a distributed workforce from the start. This role is centred around our European axis, so we expect you to live within +/- 2 hours of CET. We get together a complete team every quarter, so you must be willing to travel and embrace being part of a diverse team drawn from many walks of life and cultures.
- Competitive salary, travel expense budget and many future opportunities to participate in the company’s growth.
- The mother of all intellectual challenges!
- Perform research and engineering on cryptographic protocols in a DS context.
- Working with a multi-faceted team of practitioners on a set of DLT-based privacy protocols interacting in a DeFi environment and providing compliance with financial regulations.
- Focus on modern zero knowledge protocols that guarantee privacy and compliance.
- 3+ years of experience in software development.
- Be able to prototype protocols/schemes/algorithms in at least one relevant programming language.
- General understanding of full-stack system architecture.
- Have a thorough approach and be committed to high quality output Have prior research/code already published in the space.
- Excellent communication and collaboration skills.
- A proactive, self-driven approach and problem.
Closing date for applications:
Contact: Emanuele Ragnoli at opportunities at qpq.io
13 July 2021
Yohei Watanabe, Takeshi Nakai, Kazuma Ohara, Takuya Nojima, Yexuan Liu, Mitsugu Iwamoto, Kazuo Ohta
ePrint ReportIn this paper, we focus on two unnoticed problems in the seminal paper by Curtmola et al. First, we show that SSE-2 does not appropriately implement Curtmola et al.'s construction idea for dummy addition. We refine SSE-2's (and its variants') dummy-adding procedure to keep the number of dummies sufficiently many but as small as possible. We then show how to extend it to the dynamic setting while keeping the dummy-adding procedure work well and implement our scheme to show its practical efficiency. Second, we point out that the SSE-1 can cause a search error when a searched keyword is not contained in any document file stored at a server and show how to fix it.