IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
21 September 2021
Thomas Attema, Serge Fehr
ePrint ReportIn this work we show that indeed the $t$-fold parallel repetition of any $(k_1,\dots,k_{\mu})$-special-sound multi-round public-coin interactive proof optimally reduces the knowledge error from $\kappa$ down to $\kappa^t$. At the core of our results is an alternative, in some sense more fine-grained, measure of quality of a dishonest prover than its success probability, for which we show that it characterizes when knowledge extraction is possible. This new measure then turns out to be very convenient when it comes to analyzing the parallel repetition of such interactive proofs.
While parallel repetition reduces the knowledge error, it is easily seen to increase the completeness error. For this reason, we generalize our result to the case of $s$-out-of-$t$ threshold parallel repetition, where the verifier accepts a claim if $s$-out-of-$t$ of the parallel instances are accepting. An appropriately chosen threshold $s$ allows both the knowledge error and completeness error to be reduced simultaneously.
Shun Watanabe, Kenji Yasunaga
ePrint ReportS. Dov Gordon, Jonathan Katz, Mingyu Liang, Jiayu Xu
ePrint ReportA downside of the shuffle model is its reliance on a trusted shuffling mechanism, and it is natural to try to replace this with a distributed shuffling protocol run by the users themselves. Unfortunately, with only one exception, existing fully secure shuffling protocols require $\Omega(n^2)$ communication. In this work, we put forth a notion of differential obliviousness for shuffling protocols, and prove that this notion provides the necessary guarantees for the privacy blanket, without requiring a trusted shuffler. We also show a differentially oblivious shuffling protocol based on onion routing that can tolerate any constant fraction of corrupted users and requires only $O(n \log n)$ communication.
Zeyu Liu, Eran Tromer
ePrint ReportWe show how untrusted servers can detect messages on behalf of recipients, and summarize these into a compact encrypted digest that recipients can easily decrypt. These servers operate obliviously and do not learn anything about which messages are addressed to which recipients. Privacy, soundness, and completeness hold even if everyone but the recipient is adversarial and colluding (unlike in prior schemes), and are post-quantum secure.
Our starting point is an asymptotically-efficient approach, using Fully Homomorphic Encryption and homomorphically-encoded Sparse Random Linear Codes. We then address the concrete performance using a bespoke tailoring of lattice-based cryptographic components, alongside various algebraic and algorithmic optimizations. This reduces the digest size to a few bits per message scanned. Concretely, the servers' cost is a couple of USD per million messages scanned, and the resulting digests can be decoded by recipients in under 20ms. Our schemes can thus practically attain the strongest form of receiver privacy for current applications such as privacy-preserving cryptocurrencies.
Elena Kirshanova, Alexander May
ePrint ReportWe introduce a locality sensitive hashing (LSH) technique based on Odlyzko's work that avoids any guessing of $e$'s coordinates. This LSH technique involves a comparably small cost such that we can significantly improve on previous results, pushing complexities towards the asymptotic bound $\mathcal{S}^{0.25}$. Concretely, using LSH we lower the MitM complexity estimates for the currently suggested NTRU and NTRU Prime instantiations by a factor in the range $2^{20}-2^{49}$, and for BLISS and GLP parameters by a factor in the range $2^{18}-2^{41}$.
Chris Peikert, Zachary Pepin, Chad Sharp
ePrint ReportMore generally, functional commitment (FC) schemes allow one to concisely and verifiably reveal various functions of committed data, such as linear functions (i.e., inner products, including evaluations of a committed polynomial). Under falsifiable assumptions, all known functional commitments schemes have been limited to ``linearizable'' functions, and there are no known post-quantum FC schemes beyond ordinary VCs.
In this work we give post-quantum constructions of vector and functional commitments based on the standard Short Integer Solution lattice problem (appropriately parameterized): \begin{itemize} \item First, we present new statelessly updatable VCs with significantly shorter proofs than (and efficiency otherwise similar to) the only prior post-quantum, statelessly updatable construction (Papamanthou \etal, EUROCRYPT 13). Our constructions use private-key setup, in which an authority generates public parameters and then goes offline.
\item Second, we construct functional commitments for \emph{arbitrary (bounded) Boolean circuits} and branching programs. Under falsifiable assumptions, this is the first post-quantum FC scheme beyond ordinary VCs, and the first FC scheme of any kind that goes beyond linearizable functions. Our construction works in a new model involving an authority that generates the public parameters and remains online to provide public, reusable ``opening keys'' for desired functions of committed messages. \end{itemize}
Manuel Barbosa, Gilles Barthe, Xiong Fan, Benjamin Grégoire, Shih-Han Hung, Jonathan Katz, Pierre-Yves Strub, Xiaodi Wu, Li Zhou
ePrint Report20 September 2021
Award
The IACR Fellows Program recognizes outstanding IACR members for technical and professional contributions to the field of cryptology.
Information about nominating a Fellow is available here.
Andrea Caforio, Fatih Balli, Subhadeep Banik
ePrint ReportGeoffroy Couteau, Helger Lipmaa, Roberto Parisella, Arne Tobias Ødegaard
ePrint ReportFrancesco Berti, Chun Guo, Thomas Peters, François-Xavier Standaert
ePrint ReportInformation Security Group, Royal Holloway, University of London
Job PostingFull-Time, Permanent
The Information Security Group (ISG) at Royal Holloway is looking to appoint two excellent permanent members of academic staff to contribute to its research and teaching. The applicant should have a high-quality research profile that fits within the wide range of research undertaken by the ISG. Successful applicants must be able to demonstrate enthusiasm for research as well as teaching and communicating with diverse audiences.
The ISG was founded in 1990 and carries out research and teaching at both undergraduate and postgraduate level, with particularly high numbers of master’s students – we are one of the very few academic departments worldwide devoted solely to Information Security, enabling our staff to focus their teaching in this area. Our MSc in Information Security is one of the oldest programmes in the world, having started in 1992 and has a large alumni network with over 4,000 graduates. We have hosted, and continue to host, a series of Centres for Doctoral Training (CDT) in cyber security, which has enabling us to recruit 10 fully funded and first-rate PhD students every year, contributing to a large and vibrant PhD community.
We are involved in a range of inter/multidisciplinary research activities, spanning technology to psychology and social sciences. Our research strengths have continued to generate significant collaborative opportunities from industry and other leading universities.
We are now recruiting academic members of staff who can complement or strengthen our existing research and teaching in Information Security. We are also interested in candidates with interests in broader multidisciplinary research. The successful candidate must hold a PhD or equivalent, and will have a proven research record. Experience in attracting funding, engaging with industry, or contributing to outreach activities will also be valuable.
Closing date for applications:
Contact: Prof. Chris Mitchell c.mitchell@rhul.ac.uk or Prof. Martin Albrecht martin.albrecht@royalholloway.ac.uk
More information: https://jobs.royalholloway.ac.uk/vacancy.aspx?ref=0921-369
Wei Dai
ePrint ReportIn this work, we propose a framework of privacy-preserving and composable DeFi on public-state smart contract platforms. First, we define a cryptographic primitive called a flexible anonymous transaction (FLAX) system with two distinctive features: (1) transactions authenticate additional information known as ``associated data'' and (2) transactions can be applied flexibly via a parameter that is determined at processing time, e.g. during the execution time of smart contracts. Second, we design a privacy-preserving token standard (extending ERC20), which requires read access to the inter-contract call stack and admits composable} usage by other contracts. Third, we demonstrate how the FLAX token standard can realize privacy-preserving variants of the Ethereum DeFi ecosystem of today---we show contract designs for asset pools, decentralized exchanges, and lending, covering the largest DeFi projects to date including Curve, Uniswap, Dai stablecoin, Aave, Compound, and Yearn. Lastly, we provide formal security definitions for FLAX and describe instantiations from existing designs of anonymous payments such as Zerocash, RingCT, Quisquis, and Zether.
Yongge Wang
ePrint ReportTim Beyne
ePrint ReportMyrto Arapinis, Nikolaos Lamprou, Thomas Zacharias
ePrint ReportSeetal Potluri, Shamik Kundu, Akash Kumar, Kanad Basu, Aydin Aysu
ePrint ReportMing Li, Jian Weng∗, Member, IEEE, Yi Li, Yongdong Wu, Jiasi Weng, Dingcheng Li, Robert Deng, Fellow, IEEE
ePrint ReportAndre Esser, Emanuele Bellini
ePrint ReportBenedikt Bünz, Yuncong Hu, Shin'ichiro Matsuo, Elaine Shi
ePrint ReportIn this paper, we show that if one is willing to relax the security notion to $(\epsilon, \delta)$-differential privacy, henceforth also called $(\epsilon, \delta)$-differential anonymity, then, a non-interactive construction exists with subquadratic router computation, also assuming standard hardness assumptions in bilinear groups. Morever, even when $1-1/\poly\log n$ fraction of the senders are corrupt, we can attain strong privacy parameters where $\epsilon = O(1/\poly\log n)$ and $\delta = \negl(n)$.