IACR News
If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.
Here you can see all recent updates to the IACR webpage. These updates are also available:
22 February 2022
Abu Dhabi, United Arab Emirates, 13 November - 16 November 2022
Jonathan Katz, Cong Zhang, Hong-Sheng Zhou
In this work, we analyze the relationship between the AGM and Shoup’s GGM (Eurocrypt 1997) and give evidence that:
• hardness of security games in Shoup’s GGM cannot be transferred via a generic reduction in the AGM;
• the AGM and Shoup’s GGM are incomparable.
Blockchain based Contact Tracing: A Solution using Bluetooth and Sound Waves for Proximity Detection
ZiXi Hee, Iftekhar Salam
21 February 2022
Alon Shakevsky, Eyal Ronen, Avishai Wool
In this work, we expose the cryptographic design and implementation of Android's Hardware-Backed Keystore in Samsung's Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed description of the cryptographic design and code structure, and we unveil severe design flaws. We present an IV reuse attack on AES-GCM that allows an attacker to extract hardware-protected key material, and a downgrade attack that makes even the latest Samsung devices vulnerable to the IV reuse attack. We demonstrate working key extraction attacks on the latest devices. We also show the implications of our attacks on two higher-level cryptographic protocols between the TrustZone and a remote server: we demonstrate a working FIDO2 WebAuthn login bypass and a compromise of Google’s Secure Key Import.
We discuss multiple flaws in the design flow of TrustZone based protocols. Although our specific attacks only apply to the $\approx$100 million devices made by Samsung, it raises the much more general requirement for open and proven standards for critical cryptographic and security designs.
Wien, Österreich, 23 August - 26 August 2022
Submission deadline: 20 April 2022
Notification: 8 June 2022
Abu Dhabi, United Arab Emirates, 13 February - 16 February 2022
Submission deadline: 21 February 2022
Kansas City, USA, 17 October - 19 October 2022
Submission deadline: 3 April 2022
Notification: 19 June 2022
Aarhus, Denmark, 7 June - 10 June 2022
Submission deadline: 26 March 2022
Notification: 23 April 2022
Trondheim, Norway, 29 May - 30 May 2022
Submission deadline: 15 March 2022
Notification: 7 April 2022
Luxembourg Institute of Science and Technology
For its recent H2020 project PRECINCT (Cyber-physical security management for critical infrastructures), a research engineer vacancy is immediately available in the TRUST research group at LIST. The duty of this vacancy is mainly to implement a Digital Twins solution in the context of interdependent critical systems (telecommunications and energy).
Closing date for applications:
Contact: Dr. Qiang Tang (qiang.tang@list.lu)
More information: https://app.skeeled.com/offer/62024729a7d5b0db47a87221?language=en&show_description=true
20 February 2022
Zhicong Huang, Wen-jie Lu, Cheng Hong, Jiansheng Ding
Ning Luo, Timos Antonopoulos, William Harris, Ruzica Piskac, Eran Tromer, Xiao Wang
The key insight is to prove, in ZK, the validity of *resolution proofs* of unsatisfiability. This is efficiently realized using an algebraic representation that exploits resolution proofs' structure to represent formula clauses as low-degree polynomials, combined with ZK random-access arguments. Only the proof's dimensions are revealed. We implemented our protocol and used it to prove unsatisfiability of formulas that encode combinatoric problems and program correctness conditions in standard verification benchmarks, including Linux kernel drivers and Intel cryptography modules. The results demonstrate both that our protocol has practical utility, and that its aggressive optimizations, based on non-trivial encodings, significantly improve practical performance.