IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
16 August 2021
Neyman's Smoothness Test: a Trade-off between Moment-based and Distribution-based Leakage Detections
Si Gao, Elisabeth Oswald, Yan Yan
ePrint ReportMario Barbara, Lorenzo Grassi, Dmitry Khovratovich, Reinhard Lueftenegger, Christian Rechberger, Markus Schofnegger, Roman Walch
ePrint ReportAkinori Kawachi, Maki Yoshida
ePrint ReportWe consider bounds for the optimal length $\rho$ of the common random string among $k$ parties (or, {\it randomness complexity}) in PSM and CDS protocols with perfect and statistical privacy through combinatorial and entropic arguments. ($i$) We provide general connections from the optimal total length $\lambda = \sum_{i\in[k]}\lambda_i$ of the messages (or, {\it communication complexity}) to the randomness complexity $\rho$. ($ii$) We also prove randomness lower bounds in PSM and CDS protocols for general functions. ($iii$) We further prove randomness lower bounds for several important explicit functions. They contain the following results: For PSM protocols with perfect privacy, we prove $\rho\ge \lambda-1$ and $\rho\le \lambda$ as the general connection. To prove the upper bound, we provide a new technique for randomness sparsification for {\it perfect}\/ privacy, which would be of independent interest. From the general connection, we prove $\rho\ge 2^{(k-1)n}-1$ for a general function $f:(\{0,1\}^n)^k\rightarrow\{0,1\}$ under universal reconstruction, in which $P_0$ is independent of $f$. This implies that the Feige-Killian-Naor protocol for a general function [Proc.~STOC '94, pp.554--563]\ is optimal with respect to randomness complexity. We also provide a randomness lower bound $\rho> kn-2$ for a generalized inner product function. This implies the optimality of the $2$-party PSM protocol for the inner-product function of Liu, Vaikuntanathan, and Wee [Proc.~CRYPTO 2017, pp.758--790]. For CDS protocols with perfect privacy, we show $\rho\ge\lambda-\sigma$ and $\rho\le\lambda$ as the general connection by similar arguments to those for PSM protocols, where $\sigma$ is the length of secrets. We also obtain randomness lower bounds $\rho\ge (k-1)\sigma$ for XOR, AND, and generalized inner product functions. These imply the optimality of Applebaum and Arkis's $k$-party CDS protocol for a general function [Proc. TCC 2018, pp.317--344]\ up to a constant factor in a large $k$.
Pyrros Chaidos, Vladislav Gelfer
ePrint ReportConfidential assets is a mechanism that allows multiple currencies to co-exist in the same ledger and (optionally) enables transactions to be conducted without disclosing the currency.
Finally, we also describe how we can use Bulletproof coloring to enable offline payments, thus addressing one of the original shortcomings of Mimblewimble.
Seny Kamara, Abdelkarim Kati, Tarik Moataz, Thomas Schneider, Amos Treiber, Michael Yonli
ePrint ReportIn this work, we address the main limitations of leakage cryptanalysis. First, we design and implement an open-source framework called LEAKER that can evaluate the major leakage attacks against a given dataset and can serve as a common leakage analysis reference for the community. We identify new real-world datasets that capture different use cases for ESAs and, for the first time, include real-world user queries. Finally, we use LEAKER to evaluate known attacks on our datasets to assess their practical risks and gain insights about the properties that increase or diminish their accuracy.
Dmitrii Koshelev
ePrint ReportJung Hee Cheon, Keewoo Lee
ePrint ReportSacha Servan-Schreiber, Kyle Hogan, Srinivas Devadas
ePrint ReportAdVeil additionally supports private metrics for ad interactions, allowing the ad network to correctly charge advertisers and pay websites for publishing ads. This is done without the ad network learning which user interacted with an ad, only that some honest user did. AdVeil achieves this using an anonymizing proxy (e.g., Tor) to transit batched user reports along with unlinkable anonymous tokens with metadata to certify the authenticity of each report.
We build a prototype implementation of AdVeil which we evaluate on a range of parameters to demonstrate the applicability of AdVeil to a real-world deployment. Our evaluation shows that AdVeil scales to ad networks with millions of ads, using state-of-the-art single-server private information retrieval. A selection of ads from a database of 1 million ads can be targeted to a user in approximately 10 seconds with a single 32-core server, and can be parallelized further with more servers. Targeting is performed out-of-band (e.g., on a weekly basis) while ad delivery happens in real time as users browse the web. Verifying report validity (for fraud prevention) requires less than 300 microseconds of server computation per report.
Bruno Sterner
ePrint ReportBen Marshall, Daniel Page, Thinh Hung Pham
ePrint Report15 August 2021
Simula UiB, Bergen, Norway
Job PostingSimula UiB is a research center owned by Simula Research Laboratory and the University of Bergen. The goal of Simula UiB is to increase the security expertise in Norway through research and education. For further details, see our webpage http://simula-uib.com.
We have a solid background in coding, information theory, communication theory, and many related areas. Currently, our research focus includes various topics in private information retrieval (PIR), private computation (PC), coding for property testing, coding for zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs), and privacy-preserving technologies in general. We are looking for a candidate with a solid background within one/several of these research areas and algebraic coding theory.
We are also looking for interested candidates who:
Simula UiB Offers:
Closing date for applications:
Contact:
More information: https://www.simula.no/about/job/post-doctoral-position-coding-and-information-theory
University of Warsaw
Job PostingClosing date for applications:
Contact: Stefan Dziembowski
More information: https://www.crypto.edu.pl/post-doc
11 August 2021
Announcement
Details here: https://csrc.nist.gov/projects/threshold-cryptography
Consider also joining the TC forum: https://csrc.nist.gov/projects/threshold-cryptography/email-list
06 August 2021
EPFL
Job PostingPostdocs run their own research and are expected to interact with PhD students and to contribute to the lab projects. Our lab is active in cryptographic designs and analysis. fundamental and applied cryptography, security and privacy, and biometric systems.
EPFL is a top-ranked academic institute. It is located in beautiful Switzerland. We offer good environment and conditions.
Closing date for applications:
Contact: Serge Vaudenay <job_lasec@epfl.ch>
Please submit your detailed cv, list of publications, motivation, references, and availability.
More information: https://lasec.epfl.ch
Fujitsu Research, Sunnyvale CA
Job PostingFujitsu is hiring research engineers for our research lab based out of Sunnyvale, CA. We are looking for skilled developers with a research background who enjoy building systems and helping to write academic papers about them. This job will have a large open-source component, so someone who is comfortable working in the open-source space would be an ideal candidate. The role offers flexible office time with the potential to work from home for a large fraction of your time.
Job Responsibilities:- Design and develop secure blockchain and blockchain-based systems, and write academic papers about them when possible.
- Assist in the creation and maintenance of blockchain open-source projects, and help with research projects based on them. Engage and participate in the open-source blockchain community.
- Help developers build your research systems into production-ready systems.
- Collaborate with researchers both within and outside of Fujitsu to work towards building cutting-edge systems.
- A master’s degree in computer science or a related field, or relevant experience in research and development
- Some track record of research publications. We don’t expect you to publish every year in top venues, but we do want evidence of familiarity with research.
- Experience in open-source development, or a willingness to learn.
Closing date for applications:
Contact: Hart Montgomery (hmontgomery@fujitsu.com)
Fujitsu Research, Sunnyvale CA
Job PostingFujitsu is hiring strong cryptographic researchers for our research lab based out of Sunnyvale, CA. We are looking for researchers who can successfully publish in top venues, collaborate with others in industry and academia, and evangelize cryptography and security within Fujitsu. The role offers flexible office time (including the potential to mostly work from home) and could be fully remote for exceptionally strong candidates.
Job Responsibilities:- Conduct research in cryptography and related fields (i.e. distributed systems, security, and general theory) and publish it in top conferences. While researchers have wide latitude to work on whatever problems they deem interesting in the field, we do expect that at least some portion of research time will be spent on problems that are more relevant to Fujitsu’s business.
- Collaborate with others in both academia and industry on exciting research problems. Promote Fujitsu as a leader in the field of cryptography and computer security.
- Contribute to new Fujitsu technologies and IP, and help research engineers and developers shepherd the “practical” portion of your research into new business offerings.
- Ph.D. in computer science or a related field.
- A strong track record of publishing in top conferences in cryptography and related fields.
- A vision for the future direction of your research and ideas for how it can be impactful both academically and on Fujitsu’s business.
Closing date for applications:
Contact: Hart Montgomery (hmontgomery@fujitsu.com)
University College Cork, Ireland
Job PostingThe school strategy is to expand its research and teaching in the area of Cybersecurity and candidates with such expertise are encouraged to apply. The School seeks to appoint a committed computer science academic, a dynamic and thoughtful individual who will contribute to its research-led teaching ethos and research agenda.
The School of CSIT has 32 full-time academic staff and offers degrees at bachelors, masters and doctoral level. It offers a welcoming and open working environment, with excellent administrative and technical support, and an inclusive collegiate experience. Academic staff in the school have leadership roles in major national and international research initiatives, including the SFI funded research centers CONNECT (Future Networks and Communications), CONFIRM (Smart Manufacturing), Insight (Data Analytics), LERO (Irish Software Research Centre), and the SFI research spokes BAV (Blended Autonomous Vehicles) and ENABLE (Smart Communities). In addition, school academics lead and host the SFI Centre for Research Training in Advanced Networks for Sustainable Societies and the SFI Centre for Research Training in Artificial Intelligence. The Cork area is home to a cybersecurity cluster of about 25 companies, including multinationals that are well-known for their security products and services, many of whom the School engages with for student internships, research sponsorship and collaboration.
Appointment may be made on the internationally competitive Lectureship (Above the Bar) Salary Scale: €67,073 - €86,241. The position is permanent, with tenure subject to successful completion of the probation and establishment periods.
Closing date for applications:
Contact: Informal enquiries can be made, in confidence, to the Head of School, Prof. Cormac J. Sreenan, head@cs.ucc.ie
Applications must be submitted online via the University College Cork vacancy portal (https://ore.ucc.ie/) before 16-Sep-2021 12:00 (noon) Irish time.
More information: https://my.corehr.com/pls/uccrecruit/erq_jobspec_version_4.jobspec?p_id=048051
Diego F. Aranha, Elena Pagnin, Francisco Rodríguez-Henríquez
ePrint ReportClaude Carlet, Sylvain Guilley, Sihem Mesnager
ePrint ReportSeveral such protections have been proposed in the past and already cryptanalyzed thanks to a complete WBC scheme analysis. In this article, we study a particular pattern for local protection (which can be leveraged for robust WBC); we formalize it as DIBO (for Diffused-Input-Blocked-Output). This notion has been explored (albeit without having been nicknamed DIBO) in previous works. However, we notice that guidelines to adequately select the invertible diffusion $\phi$ and the blocked bijections $B$ were missing. Therefore, all choices for $\phi$ and $B$ were assumed as suitable. Actually, we show that most configurations can be attacked, and we even give mathematical proof for the attack. The cryptanalysis tool is the number of zeros in a Walsh-Hadamard spectrum. This ``spectral distinguisher'' improves on top of the previously known one (Sasdrich, Moradi, G{\"{u}}neysu, at FSE 2016). However, we show that such an attack does not work always (even if it works most of the time).
Therefore, on the defense side, we give a straightforward rationale for the WBC implementations to be secure against such spectral attacks: the random diffusion part $\phi$ shall be selected such that the rank of each restriction to bytes is full. In AES's case, this seldom happens if $\phi$ is selected at random as a linear bijection of $\F_2^{32}$. Thus, specific care shall be taken. Notice that the entropy of the resulting $\phi$ (suitable for WBC against spectral attacks) is still sufficient to design acceptable WBC schemes.
Kai Gellert, Tibor Jager, Lin Lyu, Tom Neuschulten
ePrint ReportPrior research has established the general perspective that a length-hiding padding which is long enough to improve security significantly incurs an unfeasibly large bandwidth overhead. We argue that this perspective is a consequence of the choice of the security models considered in prior works, which are based on classical indistinguishability of two messages, and that this does not reflect the attacker model of typical fingerprinting attacks well. Furthermore, these models also consider a model where the attacker is restricted to choosing messages of bounded length difference, depending on a given length-hiding padding of the encryption scheme. This restriction seems difficult to enforce in practice, because application layer protocols are typically unaware of the concrete length-hiding padding applied by an underlying encryption protocol, such as TLS. We also do not want to make application-layer messages dependent on the underlying encryption scheme, but instead want to provide length hiding encryption that satisfies the requirements of the given application.
Therefore we propose a new perspective on length hiding encryption, which aims to capture security against fingerprinting attacks more accurately. This makes it possible to concretely quantify the security provided by length-hiding padding against fingerprinting attacks, depending on the real message distribution of an application. We find that for many real-world applications (such as webservers with static content, DNS requests, Google search terms, or Wikipedia page visits) and their specific message distributions, even length-hiding padding with relatively small bandwidth overhead of only 2-5% can already significantly improve security against fingerprinting attacks. This gives rise to a new perspective on length-hiding encryption, which helps understanding how and under what conditions length-hiding encryption can be used to improve security.