IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
09 March 2022
Award
The IACR and PKC Steering Committee are pleased to announce the 2022 Test-of-Time award for papers published PKC.
PKC is the International Conference on Practice and Theory in Public Key Cryptography, which was founded in 1998 and became an official IACR event in 2003. The Test-of-Time award recognizes outstanding papers, published in PKC about 15 years ago, making a significant contribution to the theory and practice of public key cryptography, preferably with influence either on foundations or on the practice of the field.
The 2022 award was given on Tuesday March 8th at PKC in a virtual Award Ceremony, for papers published in the conference's initial years of early 2000s and late 1990s. In the first few years a number of papers from a few different initial years of PKC can be recognized. Thereafter, the award will typically recognize one year at a time with one or two papers.
The recipients of the 2022 award are:
- Password-Based Authenticated Key Exchange in the Three-Party Setting, by Michel Abdalla, Pierre-Alain Fouque, and David Pointcheval, PKC 2005.
- Curve25519: New Diffie-Hellman Speed Records, by Daniel J. Bernstein, PKC 2006.
Congratulations to these authors for their impactful work! More information about the award can be found at https://iacr.org/meetings/pkc/test_of_time_award/
Jeju City, South Korea, 24 August - 26 August 2022
Event CalendarSubmission deadline: 8 May 2022
Notification: 10 June 2022
Santa Barbara, USA, 13 August 2022
Event CalendarSubmission deadline: 1 May 2022
08 March 2022
Yao Jiang Galteland, Jiaxin Pan
ePrint ReportJoppe W. Bos, Joost Renes, Daan Sprenkels
ePrint ReportDeevashwer Rathee, Anwesh Bhattacharya, Rahul Sharma, Divya Gupta, Nishanth Chandran, Aseem Rastogi
ePrint ReportPieter Pauwels, Joni Pirovich, Peter Braunz, Jack Deeb
ePrint ReportPeter Rindal, Srinivasan Raghuraman
ePrint ReportThe first is an optimization to the protocol of Rindal et al. to utilize sub-field vector oblivious linear evaluation. This optimization allows our construction to be the first to achieve a communication complexity of $O(n\lambda + n \log n)$ where $\lambda$ is the statistical security parameter. In particular, the communication overhead of our protocol does not scale with the computational security parameter times $n$.
Our second improvement is to the OKVS data structure which our protocol crucially relies on. In particular, our construction improves both the computation and communication efficiency as compared to prior work (Garimella et al., Crypto 2021 ). These improvements stem from algorithmic changes to the data structure along with new techniques for obtaining both asymptotic and tight concrete bounds on its failure probability. This in turn allows for a highly optimized parameter selection and thereby better performance.
Long Meng, Liqun Chen
ePrint ReportHaiyang Xue, Man Ho Au, Xiang Xie, Tsz Hon Yuen, Handong Cui
ePrint ReportLukas Aumayr, Kasra Abbaszadeh, Matteo Maffei
ePrint ReportIn this work, we present Thora, the first Bitcoin-compatible off-chain protocol that enables atomic multi-channel updates across generic topologies beyond paths. Thora allows payments through distinct PCNs sharing the same blockchain and enables new applications such as secure and trustless crowdfunding, mass payments, and channel rebalancing in off-chain ways. Our construction requires only constant collateral and no specific scripting functionalities other than digital signatures and timelocks, thereby being applicable to a wider range of blockchains. We formally define security and privacy in the Universal Composability framework and show that our cryptographic protocol is a realization thereof. In our performance evaluation we show that our construction requires constant collateral, is independent of the number of channels, and has only a moderate off-chain communication as well as computation overhead.
CryptoLux Group, University of Luxembourg
Job PostingThe University of Luxembourg invites applications for a Ph.D. position in the general area of symmetric cryptography. The successful candidate will join the CryptoLux group of Prof. Alex Biryukov, which is affiliated to both the Department of Computer Science (DCS) and the Interdisciplinary Center for Security, Reliability and Trust (SnT).
Research Topics- Cryptanalysis and design of cryptographic primitives, lightweight ciphers, hash functions
- Financial cryptography (security of distributed ledgers, smart contracts)
- Privacy-enhancing technologies (Tor-like networks, privacy for cryptocurrencies, blockchains)
- White-box cryptography
- M.Sc. degree in computer science or applied mathematics with outstanding grades (GPA >= 85%)
- Strong mathematical and/or algorithmic CS background
- Some background in cryptography or information security
- Good programming skills (C/C++, Python, math tools, etc.)
- Fluent written and verbal communication skills in English
The University of Luxembourg offers a Ph.D. study program with an initial contract of 36 months, with a further possible 1-year extension if required. The successful candidate will work in one of the most international universities in the world and will have a chance to participate in a well-known security research center. The position will be available from April 2022.
Applications, written in English, should be sent by email to alex.biryukov@uni.lu. The application material should include a curriculum vitae (with photo, educational background, work experience), a brief research statement and topics of particular interest to the candidate (max. 1 page), a transcript of all modules and results from university-level courses taken (with overall GPAs) and contact information for 2-3 references.
Application deadline: 15 March 2022. Early submission is encouraged; applications will be processed upon arrival.
Closing date for applications:
Contact: Prof. Alex Biryukov (email: alex.biryukov@uni.lu)
07 March 2022
Shweta Agrawal, Fuyuki Kitagawa, Anuja Modi, Ryo Nishimaki, Shota Yamada, Takashi Yamakawa
ePrint Report- We construct an adaptively secure (AD-SIM) FE for Turing machines, supporting dynamic bounded collusion, from sub-exponential LWE. This improves the result of Agrawal et al. which achieved only non-adaptive (NA-SIM) security in the dynamic bounded collusion model.
- Towards achieving the above goal, we construct a ciphertext policy FE scheme (CPFE) for circuits of unbounded size and depth, which achieves AD-SIM security in the dynamic bounded collusion model from IBE and laconic oblivious transfer (LOT). Both IBE and LOT can be instantiated from a large number of mild assumptions such as the computational Diffie-Hellman assumption, the factoring assumption, and polynomial LWE.
- We construct an AD-SIM secure FE for Turing machines, supporting dynamic bounded collusions, from LOT, ABE for NC1 (or NC) and private information retrieval (PIR) schemes which satisfy certain properties. This significantly expands the class of assumptions on which AD-SIM secure FE for Turing machines can be based. In particular, it leads to new constructions of FE for Turing machines including one based on polynomial LWE and one based on the combination of the bilinear decisional Diffie-Hellman assumption and the decisional Diffie-Hellman assumption on some specific groups. In contrast the only prior construction by Agrawal et al. achieved only NASIM security and relied on sub-exponential LWE.
To achieve the above result, we define the notion of CPFE for read only RAM programs and succinct FE for LOT, which may be of independent interest.
- We also construct an ABE scheme for Turing machines which achieves AD-IND security in the standard model supporting dynamic bounded collusions. Our scheme is based on IBE and LOT. Previously, the only known candidate that achieved AD-IND security from IBE by Goyal et al. relied on the random oracle model.
Damiano Abram, Peter Scholl
ePrint ReportZvika Brakerski, Pedro Branco, Nico Döttling, Sihang Pu
ePrint ReportTo achieve rate-$1$ both on the receiver's and sender's end, we use the LPN assumption, with slightly sub-constant noise rate $1/m^{\epsilon}$ for any $\epsilon>0$ together with either the DDH, QR or LWE assumptions. In terms of efficiency, our protocols only rely on linear homomorphism, as opposed to the FHE-based solution which inherently requires an expensive ``bootstrapping'' operation. We believe that in terms of efficiency we compare favorably to existing batch-OT protocols, while achieving superior communication complexity. We show similar results for Oblivious Linear Evaluation (OLE).
For our DDH-based solution we develop a new technique that may be of independent interest. We show that it is possible to ``emulate'' the binary group $\mathbb{Z}_2$ (or any other small-order group) inside a prime-order group $\mathbb{Z}_p$ in a function-private manner. That is, $\mathbb{Z}_2$ operations are mapped to $\mathbb{Z}_p$ operations such that the outcome of the latter do not reveal additional information beyond the $\mathbb{Z}_2$ outcome. Our encoding technique uses the discrete Gaussian distribution, which to our knowledge was not done before in the context of DDH.
Cyprien Delpech de Saint Guilhem, Emmanuela Orsini, Titouan Tanguy, Michiel Verbauwhede
ePrint ReportShahar P. Cohen, Moni Naor
ePrint Report1. Breaking the $ \Omega(\sqrt n) $ bound in the simultaneous message case or the $ \Omega(\log n) $ bound in the interactive communication case, implies the existence of distributional collision-resistant hash functions (dCRH). This is shown using techniques from Babai and Kimmel (CCC '97). Note that with a CRH the lower bounds can be broken.
2. There are no protocols of constant communication in this preset randomness settings (unlike the plain public randomness model).
The other model we study is that of a stateful ``free talk", where participants can communicate freely before the inputs are chosen and may maintain a state, and the communication complexity is measured only afterwards. We show that efficient protocols for equality in this model imply secret key-agreement protocols in a constructive manner. On the other hand, secret key-agreement protocols imply optimal (in terms of error) protocols for equality.
Peihan Miao, Sikhar Patranabis, Gaven Watson
ePrint ReportIn this paper, we bridge this gap by showing the first feasibility results for realizing unidirectional UE and PRE from a new generic primitive that we call Key and Plaintext Homomorphic Encryption (KPHE) – a public-key encryption scheme that supports additive homomorphisms on its plaintext and key spaces simultaneously. We show that KPHE can be instantiated from DDH or LWE. This yields, in particular, the first constructions of unidirectional UE and PRE from DDH, as well as the first constructions of unidirectional UE and PRE from LWE that do not resort to FHE or lattice trapdoors.
Our constructions achieve the strongest notions of post-compromise security in the standard model. Our UE schemes also achieve “backwards-leak directionality” of key updates (a notion we discuss is equivalent, from a security perspective, to that of unidirectionality with no-key updates). Our results establish (somewhat surprisingly) that unidirectional UE and PRE schemes satisfying such strong security notions do not, in fact, require stronger/more structured cryptographic assumptions as compared to bidirectional schemes.
Muhammad ElSheikh, Amr M. Youssef
ePrint ReportAshrujit Ghoshal, Ilan Komargodski
ePrint ReportIn this work, we confirm the STB conjecture in many new parameter settings. For instance, in one result, we show that the conjecture holds for all constant values of $B$, significantly extending the result of Akshima et al. Further, using combinatorial properties of graphs, we are able to confirm the conjecture even for super constant values of $B$, as long as some restriction is made on $S$. For instance, we confirm the conjecture for all $B \le T^{1/4}$ as long as $S \le T^{1/8}$. Technically, we develop structural characterizations for bounded-length collisions in MD hashing that allow us to give a compression argument in which the number of cases needed to be handled does not explode.