IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
06 August 2021
Juan Carlos Garcia-Escartin, Vincent Gimeno, Julio José Moyano-Fernández
ePrint ReportHyeokdong Kwon, Hyunjun Kim, Minjoo Sim, Wai-Kong Lee, Hwajeong Seo
ePrint ReportNusrat Farzana, Farimah Farahmandi, Mark Tehranipoor
ePrint ReportErik-Oliver Blass, Florian Kerschbaum, Travis Mayberry
ePrint ReportTo this end, we initiate the study of Iterative Oblivious Pseudorandom Functions (iOPRFs), new primitives providing two-sided, fully malicious security for these types of applications. We present a first, efficient iOPRF construction secure against both malicious clients and servers in the standard model, based on the DDH assumption. We demonstrate that iOPRFs are useful to implement different interesting applications, including an RFID authentication protocol and a protocol for private evaluation of outsourced decision trees. Finally, we implement and evaluate our full iOPRF construction and show that it is efficient in practice.
Quoc Huy Do, Pedram Hosseyni, Ralf Kuesters, Guido Schmitz, Nils Wenzler, Tim Wuertele
ePrint ReportPushed by major companies, including Apple, Google, Mastercard, and Visa, the W3C is currently developing a new set of standards to unify the online checkout process and streamline the users payment experience. The main idea is to integrate payment as a native functionality into web browsers, referred to as the Web Payment APIs. While this new checkout process will indeed be simple and convenient from an end-user perspective, the technical realization requires rather significant changes to browsers.
Many major browsers, such as Chrome, Firefox, Edge, Safari, and Opera, already implement these new standards, and many payment processors, such as Google Pay, Apple Pay, or Stripe, support the use of Web Payment APIs for payments. The ecosystem is constantly growing, meaning that the Web Payment APIs will likely be used by millions of people worldwide.
So far, there has been no in-depth security analysis of these new standards. In this paper, we present the first such analysis of the Web Payment APIs standards, a rigorous formal analysis. It is based on the Web Infrastructure Model (WIM), the most comprehensive model of the web infrastructure to date, which, among others, we extend to integrate the new payment functionality into the generic browser model.
Our analysis reveals two new critical vulnerabilities that allow a malicious merchant to over-charge an unsuspecting customer. We have verified our attacks using the Chrome implementation and reported these problems to the W3C as well as the Chrome developers, who have acknowledged these problems. Moreover, we propose fixes to the standard, which by now have been adopted by the W3C and Chrome, and prove that the fixed Web Payment APIs indeed satisfy strong security properties.
Mojtaba Rafiee
ePrint ReportEndre (Silur) Abraham
ePrint ReportAydin Abadi, Steven J. Murdoch, Thomas Zacharias
ePrint ReportZi-Yuan Liu, Yi-Fan Tseng, Raylin Tso, Masahiro Mambo, Yu-Chi Chen
ePrint Report05 August 2021
St. George's, Grenada, 14 February - 18 February 2022
Event CalendarSubmission deadline: 9 September 2021
Notification: 18 November 2021
Join Research Centre - European Commission - Ispra, Italy
Job PostingClosing date for applications:
Contact: Laurent Beslay jrc-e3-secretariat@ec.europa.eu
More information: https://recruitment.jrc.ec.europa.eu/
KU Leuven
Job PostingWe are looking for an internationally orientated candidate with both educational competence and excellent research experience in computer science, and with extensive expertise in the field of secure and robust software systems and services. The new faculty member will become a member of the DistriNet unit, an internationally leading research group with recognized expertise in the areas of security, distributed systems and software engineering.
Candidates will be expected to develop an ambitious research programme that integrates well with the current research activities of the research group. Candidates should also be prepared to provide scientific services both within and outside the university, and to contribute to education at bachelor and master level.
DistrNet is the "sister" organization of COSIC, it deals with general security research whereas COSIC deals with cryptographic research. The two organizations are part of the CyberSecurity Flanders initiative, which supports their work.
Closing date for applications:
Contact: For more information please contact Prof. dr. ir. Wouter Joosen, tel.: +32 16 32 76 53, mail: wouter.joosen@kuleuven.be or Prof. dr. ir. Stefan Vandewalle, tel.: +32 16 32 76 54, mail: stefan.vandewalle@kuleuven.be.
More information: https://www.kuleuven.be/personeel/jobsite/jobs/60022535
Telecom Paris, Institut Polytechnique de Paris
Job PostingClosing date for applications:
Contact: Phan Duong Hieu (hieu.phan@telecom-paris.fr)
More information: https://institutminestelecom.recruitee.com/l/en/o/maitre-de-conferences-en-informatique-fh-a-telecom-paris-cdi
04 August 2021
Real World Crypto
Submission information can be found at: https://rwc.iacr.org/2022/contributed.php
03 August 2021
Jean-Sebastien Coron, Agnese Gini
ePrint ReportGilles Macario-Rat, Jacques Patarin
ePrint ReportArush Chhatrapati
ePrint ReportNils Wisiol
ePrint ReportLejla Batina, Łukasz Chmielewski, Björn Haase, Niels Samwel, Peter Schwabe
ePrint Report02 August 2021
San Francisco, USA, 7 February - 10 February 2022
Event CalendarSubmission deadline: 13 September 2021
Notification: 11 November 2021