IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
28 July 2021
Amin Abdulrahman, Jiun-Peng Chen, Yu-Jia Chen, Vincent Hwang, Matthias J. Kannwischer, Bo-Yin Yang
ePrint ReportRecent work by Chung et al. has shown that NTT multiplication is superior compared to Toom--Cook multiplication for unprotected Saber implementations on the Cortex-M4 in terms of speed. However, it remains unclear if NTT multiplication can outperform Toom--Cook in masked implementations of Saber. Additionally, it is an open question if Saber with NTTs can outperform Toom--Cook in terms of stack usage. We answer both questions in the affirmative. Additionally, we present a Cortex-M3 implementation of Saber using NTTs outperforming an existing Toom--Cook implementation. Our stack-optimized unprotected M4 implementation uses around the same amount of stack as the most stack-optimized implementation using Toom--Cook while being 33%-41% faster. Our speed-optimized masked M4 implementation is 16% faster than the fastest masked implementation using Toom--Cook. For the Cortex-M3, we outperform existing implementations by 29%-35% in speed.
We conclude that for both stack- and speed-optimization purposes, one should base polynomial multiplications in Saber on the NTT rather than Toom--Cook for the Cortex-M4 and Cortex-M3. In particular, in many cases, composite moduli NTTs perform best.
Dana Dachman-Soled, Huijing Gong, Hunter Kippen, Aria Shahverdi
ePrint ReportYe Dong, Xiaojun Chen, Kaiyun Li, Dakui Wang, Shuai Zeng
ePrint ReportWe present $\mathsf{FLOD}$, a novel oblivious defender for private Byzantine-robust FL in dishonest-majority setting. Basically, we propose a novel Hamming distance-based aggregation method to resist $>1/2$ Byzantine attacks using a small \textit{root-dataset} and \textit{server-model} for bootstrapping trust. Furthermore, we employ two non-colluding servers and use additive homomorphic encryption ($\mathsf{AHE}$) and secure two-party computation (2PC) primitives to construct efficient privacy-preserving building blocks for secure aggregation, in which we propose two novel in-depth variants of Beaver Multiplication triples (MT) to reduce the overhead of Bit to Arithmetic ($\mathsf{Bit2A}$) conversion and vector weighted sum aggregation ($\mathsf{VSWA}$) significantly. Experiments on real-world and synthetic datasets demonstrate our effectiveness and efficiency: (\romannumeral1) $\mathsf{FLOD}$ defeats known Byzantine attacks with a negligible effect on accuracy and convergence, (\romannumeral2) achieves a reduction of $\approx 2\times$ for offline (resp. online) overhead of $\mathsf{Bit2A}$ and $\mathsf{VSWA}$ compared to $\mathsf{ABY}$-$\mathsf{AHE}$ (resp. $\mathsf{ABY}$-$\mathsf{MT}$) based methods (NDSS'15), (\romannumeral3) and reduces total online communication and run-time by $167$-$1416\times$ and $3.1$-$7.4\times$ compared to $\mathsf{FLGUARD}$ (Crypto Eprint 2021/025).
Kaizhan Lin , Jianming Lin, Weize Wang, Chang-an Zhao
ePrint ReportIn this paper, we mainly improve the performance of the public-key compression of SIDH, especially the efficiency and the storage of pairing computation involved. Our experimental results show that the memory requirement for pairing computation is reduced by a factor of about 1.31, and meanwhile, the instantiation of the key generation of SIDH is $3.99\%\sim 5.95\%$ faster than the current state-of-the-art. Besides, in the case of Bob, we present another method to further reduce storage cost, while the acceleration is not as obvious as the former. %achieves an acceleration factor of $1.10\sim1.17$.
Naila Mukhtar, Lejla Batina, Stjepan Picek, Yinan Kong
ePrint ReportSabrina Kunzweiler, Yan Bo Ti, Charlotte Weitkämper
ePrint ReportJia Xu, Yiwen Gao, Hoon Wei Lim, Hongbing Wang, Ee-Chien Chang
ePrint ReportWe propose the very first robust combiner (of KEMs), with $O(1)$ \emph{amortized} complexity overhead, which not only breaks the linear boundary, but also achieves optimal complexity. Our experiments also confirm that the performance overhead of our robust combiner of $n$ KEMs is constant (i.e. $O(1)$) rather than linear (i.e. $O(n)$). Our cost is that, the resulting KEM has to maintain a secret dynamic state of fixed and linear size (i.e. $O(n)$) . We call such KEM as Stateful Key Encapsulation Mechanism (SKEM). SKEM is suitable for two users (or devices), who will have \emph{frequent} secure communications (e.g. via VPN or SSH). We also formally define the security formulation for SKEM and prove the security of our proposed SKEM scheme in standard model.
George Teseleanu
ePrint Report27 July 2021
Kai Gellert, Tobias Handirk
ePrint ReportUsually, a ticket is only accepted by the server that issued the ticket. However, in practice, servers that share the same hostname, often share the same key material for ticket encryption. The concept of a server accepting a ticket, which was issued by a different server, is known as session resumption across hostnames (SRAH). In 2020, Sy et al. showed in an empirical analysis that, by using SRAH, the time to load a webpage can be reduced by up to 31% when visiting the page for the very first time. Despite its performance advantages, the TLS 1.3 specification currently discourages the use of SRAH.
In this work, we formally investigate which security guarantees can be achieved when using SRAH. To this end, we provide the first formalization of SRAH and analyze its security in the multi-stage key exchange model (Dowling et al.; JoC 2021), which proved useful in previous analyses of TLS handshakes. We find that an adversary can break authentication if clients do not specify the intended receiver of their first protocol message. However, if the intended receiver is specified by the client, we prove that SRAH is secure in the multi-stage key exchange model.
Announcement
Here you can find a compilation of mentoring videos with Q&A's on such questions as:
- How to prepare a good talk?
- Was there a time when you doubted yourself?
- How do you find a research topic?
- And many many more questions, all answered by people who have been through it before you, there will be many familiar faces.
- Peihan Miao
- Tal Rabin
- Xiao Wang
25 July 2021
Dan Boneh, Hart Montgomery, Ananth Raghunathan
ePrint ReportGachon University, Korea
Job PostingClosing date for applications:
Contact: Contact Professor Seong Oun Hwang at sohwang (at) gachon.ac.kr
23 July 2021
Hanno Becker, Vincent Hwang, Matthias J. Kannwischer, Bo-Yin Yang, Shang-Yi Yang
ePrint ReportKarim Lounis
ePrint ReportAlan Szepieniec
ePrint ReportAfter discussing the design considerations induced by the use of Legendre symbol gates, we present a concrete design that follows this strategy, along with an elaborate security analysis thereof. This cipher is called Grendel.
Elena Fuchs, Kristin Lauter, Matthew Litman, Austin Tran
ePrint ReportAnubhab Baksi, Kyungbae Jang, Gyeongju Song, Hwajeong Seo, Zejun Xiang
ePrint ReportSudharshan Swaminathan, Lukasz Chmielewski, Guilherme Perin, Stjepan Picek
ePrint ReportThis work provides a generalization for inner round side-channel attacks on AES and experimentally validates it with non-profiled and profiled attacks. This work \textit{formulates the computation of the hypothesis values of any byte in the intermediate rounds}. The more inner the AES round is, the higher is the attack complexity in terms of the number of bits to be guessed for the hypothesis. We discuss the main limitations for obtaining predictions in inner rounds and, in particular, we compare the performance of Correlation Power Analysis (CPA) against deep learning-based profiled side-channel attacks (DL-SCA). We demonstrate that because trained deep learning models require fewer traces in the attack phase, they also have fewer complexity limitations to attack inner AES rounds than non-profiled attacks such as CPA. This paper is the first to propose deep learning-based profiled attacks on inner rounds of AES under several time and memory constraints to the best of our knowledge.
University of Birmingham
Job PostingClosing date for applications:
Contact: Mark Ryan
More information: https://bham.taleo.net/careersection/external/jobdetail.ftl?job=2100019X
Cambridge Quantum, London, UK
Job PostingCambridge Quantum (CQ) is a quantum computing software and algorithms company aiming to allow our customers to get the most out of quantum computers both now and in the future. Our cybersecurity division is developing quantum-related technologies including the world’s only quantum random number generator (QRNG) that uses quantum computers to produce verifiably high-quality entropy.
In this role will work in our quantum cryptography team and bring your expertise in computer science and/or classical cryptography to find solutions to the different problems faced both by classical cryptography in a post-quantum world but also the ones faced by quantum cryptography.
Role overview- Research and design new cryptography applications with a quantum advantage, together with their security proofs.
- Find innovative solutions to the problems faced by classical cryptography in a quantum world and to the challenges faced in quantum cryptography.
- PhD in Computer Science, Mathematics, Physics or related field (or equivalent experience).
- Expertise in one or more of the following: post-quantum cryptography (E.g. lattice-based crypto), multi-party computation, zero-knowledge proofs, formal verification tools, information-theoretic security, cryptanalysis.
- Track record of publications in relevant fields.
- Job experience in research either as a postdoc or with a company.
- Familiarity with quantum-based cryptography.
- An interest in the discussions and issues surrounding the transition to post-quantum cryptography.
- Good programming skills (E.g. Python, C/C++ and/or other).
- Ability to mentor and coach colleagues.
Closing date for applications:
Contact: Ela Lee (ela dot lee at cambridgequantum dot com)
More information: https://jobs.eu.lever.co/cambridgequantum/762ede2f-22ce-4c4a-88f6-fa07f602d8f4?lever-origin=applied&lever-source%5B%5D=iacr.org%2Fjobs%2F