IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
27 October 2021
Tenure-Track Faculty Positions in all areas related to IT-Security, Privacy and Cryptography (f/m/d)
CISPA Helmholtz Center for Information Security
Job PostingCISPA is located in Saarbrücken, in the tri-border area of Germany, France, and Luxembourg. We maintain an international and diverse work environment and seek applications from outstanding researchers worldwide. The working language is English. A command of German is not required for a successful career at CISPA.
CISPA is looking for candidates that hold a doctoral degree in computer science or related areas and have an outstanding research track record in all areas related to IT-Security, Privacy and Cryptography, especially in, but not limited to the fields of
All applicants are expected to build up a research team that pursues an internationally visible research agenda.
Tenure-track positions are intended for candidates with excellent research credentials and the potential to pursue a program of innovative research. The positions are comparable to tenure-track positions at a leading university, and come with two full time research staff positions and generous support for other expenses.
Closing date for applications:
Contact: scientific-recruiting@cispa.saarland
More information: https://jobs.cispa.saarland/jobs/detail/tenure-track-faculty-positions-in-all-areas-related-to-it-security-privacy-and-cryptography-f-m-d-129
Akash Shah, Nishanth Chandran, Mesfin Dema, Divya Gupta, Arun Gururajan, Huan Yu
ePrint Report1. We initiate the formal study of secure featurization and its use in conjunction with secure inference protocols. 2. We build secure featurization protocols in the one/two/three-server settings that provide a tradeoff between security and efficiency. 3. Finally, we apply our algorithms in the context of secure phishing detection and evaluate our end-to-end protocol on models that are commonly used for phishing detection.
Sebastian Paul, Yulia Kuzovkova, Norman Lahr, Ruben Niederhagen
ePrint ReportIn this work, we propose and investigate a migration strategy towards post-quantum (PQ) authentication for the network protocol Transport Layer Security (TLS). Our strategy is based on the concept of “mixed certificate chains” which use different signature algorithms within the same certificate chain. In order to demonstrate the feasibility of our migration strategy we combine the well-studied and trusted hash-based signature schemes SPHINCS+ and XMSS with elliptic curve cryptography first and subsequently with lattice-based PQC signature schemes (CRYSTALS-Dilithium and Falcon). Furthermore, we combine authentication based on mixed certificate chains with the lattice-based key encapsulation mechanism (KEM) CRYSTALS-Kyber as representative for PQC KEMs to evaluate a fully post-quantum and mutually authenticated TLS 1.3 handshake.
Our results show that mixed certificate chains containing hash-based signature schemes only at the root certificate authority level lead to feasible connection establishment times despite the increase in communication size. By analyzing code size and peak memory usage of our client and server programs we further demonstrate the suitability of our migration strategy even for embedded devices.
Dmitrii Koshelev
ePrint ReportLukas Aumayr, Sri AravindaKrishnan Thyagarajan, Giulio Malavolta, Pedro Monero-Sanchez, Matteo Maffei
ePrint ReportWe present Sleepy Channels, the first bi-directional PC protocol without watchtowers (or any other third party) that supports an unbounded number of payments and does not require parties to be persistently online. The key idea is to confine the period in which PC updates can be validated on-chain to a short, pre-determined time window, which is where the PC parties have to be online. This behavior is incentivized by letting the parties lock a collateral in the PC, which can be adjusted depending on their mutual trust and which they get back much sooner if they are online during this time window. Our protocol is compatible with any blockchain that is capable of verifying digital signatures (e.g., Bitcoin), as shown by our proof of concept. Moreover, Sleepy Channels impose a communication and computation overhead similar to state-of-the-art PC protocols while removing watchtower's collateral and fees for the monitoring service.
Bo-Yuan Peng, Adrian Marotzke, Ming-Han Tsai, Bo-Yin Yang, Ho-Lin Chen
ePrint ReportKarl Wüst, Kari Kostiainen, Srdjan Capkun
ePrint ReportYupu Hu, Jun Liu, Baocang Wang, Xingting Dong, Yanbin Pan
ePrint ReportIn this paper, we demonstrate that the Agr17 FE scheme is $P/poly$ invalid. More specifically, we show that, when processing $P/poly$ functions, the Agr17 FE scheme cannot be implemented again after its modulus reduction. To show the soundness of our demonstration, we present the statements in two stages. At the first stage, we show that the modulus reduction of the Agr17 FE scheme should be a double modulus reduction, which includes two modulus reductions for the FHE ciphertext and ABE ciphertext, respectively. This double modulus reduction has the following three key points: (1) The modulus reduction for the FHE ciphertext should be seen as a series of Boolean operations, and converted into `attribute quasi-homomorphic operations'. (2) The modulus reduction for the ABE ciphertext is a learning-with-errors (LWE) -based modulus reduction, which is an ordinary modulus reduction. (3) The two modulus reductions should obtain the same new modulus, otherwise, the scheme would not be implemented again. At the second stage, we show that the modulus reduction for the ABE ciphertext will destroy the structure of ABE so that the subsequent decryption would not be executed. The reason lies in that the decryption of ABE is an LWE decryption with conditions rather than an ordinary LWE decryption, and the modulus reduction will destroy the conditions of decryption. Besides, to show such invalidity cannot be easily crossed by revising the scheme, we design a `natural' revised version of the Agr17 scheme. The key point is to change the small modulus inner product into an arithmetic inner product, which can be obtained by the modulus inner product of the ABE ciphertext. The revised scheme is valid, i.e., the decryption can be implemented correctly. However, the revised scheme is insecure because the decryptor knows much more secret information, and hence the scheme can be broken by collusion attacks with much less cost.
Paul Crowley, Nathan Huckleberry, Eric Biggers
ePrint ReportKyoohyung Han, Dukjae Moon, Yongha Son
ePrint ReportZUC Design Team
ePrint ReportYiping Ma, Ke Zhong, Tal Rabin, Sebastian Angel
ePrint ReportAnuj Dubey, Afzal Ahmad, Muhammad Adeel Pasha, Rosario Cammarota, Aydin Aysu
ePrint ReportSebastian Angel, Andrew J. Blumberg, Eleftherios Ioannidis, Jess Woods
ePrint ReportZhaoCun Zhou, DengGuo Feng, Bin Zhang
ePrint ReportDaniel Matyas Perendi , Prosanta Gope
ePrint ReportArka Rai Choudhuri, Michele Ciampi, Vipul Goyal, Abhishek Jain, Rafail Ostrovsky
ePrint ReportIn this work, we study the problem of constructing round optimal oblivious transfer from trapdoor permutations. In particular, we obtain the following new results (in the plain model) relying on TDPs in a black-box manner:
1) Three-round oblivious transfer protocol that guarantees indistinguishability-security against malicious senders (and semi-honest receivers). 2) Four-round oblivious transfer protocol secure against malicious adversaries with black-box simulation-based security. By combining our second result with an already known compiler we obtain the first round-optimal 2-party computation protocol that relies in a black-box way on TDPs. A key technical tool underlying our results is a new primitive we call dual witness encryption (DWE) that may be of independent interest.
Gustavo Banegas, Thomas Debris-Alazard, Milena Nedeljković, Benjamin Smith
ePrint ReportChinmoy Biswas, Ratna Dutta
ePrint ReportKeywords: lattice based cryptosystem, multi-key fully homomorphic encryption, learning with errors, multi-bit messages
Yi Liu, Qi Wang, Siu-Ming Yiu
ePrint ReportFor an actively secure PFE protocol, it is crucial to guarantee that the private circuit provider cannot deviate from the protocol to learn more information. Hence, we need to ensure that the private circuit provider correctly performs an EP. This seeks the help of the so-called \emph{zero-knowledge argument of encrypted extended permutation} protocol. In this paper, we provide an improvement of this protocol. Our new protocol can be instantiated to be non-interactive while the previous protocol should be interactive. Meanwhile, compared with the previous protocol, our protocol is significantly (\eg more than $3.4\times$) faster, and the communication cost is only around $24\%$ of that of the previous one.