IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
22 April 2022
-
Event CalendarSubmission deadline: 2 May 2022
Notification: 1 December 2022
Institute for Advancing Intelligence, TCG-CREST
Job PostingClosing date for applications:
Contact: Dr. Avijit Dutta +91 70035 59134 /avijit.dutta@tcgcrest.org https://www.tcgcrest.org/people/avijit-dutta/
More information: https://www.tcgcrest.org/iai-admission-2022/
Apple
Job PostingClosing date for applications:
Contact: Yannick Sierra at apple.com
More information: https://jobs.apple.com/en-us/details/200312812/cryptographic-engineer
Catinca Mujdei, Arthur Beckers, Jose Bermundo, Angshuman Karmakar, Lennert Wouters, Ingrid Verbauwhede
ePrint ReportDaniel J. Bernstein
ePrint ReportKatharina Boudgoust, Corentin Jeudy, Adeline Roux-Langlois, Weiqiang Wen
ePrint ReportAron Gohr, Friederike Laus, Werner Schindler
ePrint ReportIn order to see the shared cipher state, we employ a deep neural network similar to the one used by Gohr, Jacob and Schindler to solve the CHES 2018 AES challenge. We modify their architecture to predict the exact bit sequence of the secret-shared cipher state. We find that convergence of training on this task is unsatisfying with the standard encoding of the shared cipher state and therefore introduce a different encoding of the prediction target, which we call the scattershot encoding. In order to further investigate how exactly the scattershot encoding helps to solve the task at hand, we construct a simple synthetic task where convergence problems very similar to those we observed in our side-channel task appear with the naive target data encoding but disappear with the scattershot encoding.
We complete our analysis by showing results that we obtained with a classical method (as opposed to an AI-based method), namely the stochastic approach, that we generalize for this purpose first to the setting of shared keys. We show that the neural network draws on a much broader set of features, which may partially explain why the neural-network based approach massively outperforms the stochastic approach. On the other hand, the stochastic approach provides insights into properties of the implementation, in particular the observation that the $S$-boxes behave very different regarding the easiness respective hardness of their prediction.
Pourandokht Behrouz, Panagiotis Grontas, Vangelis Konstantakatos, Aris Pagourtzis, Marianna Spyrakou
ePrint ReportDaniel Fallnich, Shutao Zhang, Tobias Gemmeke
ePrint ReportLeizhang Wang, Wenwen Xia, Geng Wang, Baocang Wang, Dawu Gu
ePrint ReportArnaud de Grandmaison, Karine Heydemann, Quentin L. Meunier
ePrint ReportNicolas David, Thomas Espitau, Akinori Hosoyamada
ePrint ReportM. Rajululkahf
ePrint ReportBăhēm's security is very similar to that of the one-time pad (OTP), except that it does not require the communicating parties the inconvenient constraint of generating a large random pad in advance of their communication. Instead, Băhēm allows the parties to agree on a small pre-shared secret key, such as |k| = 128 bits, and then generate their random pads in the future as they go.
For any operation, be it encryption or decryption, Băhēm performs only 4 exclusive-or operations (XORs) per cleartext bit including its 2 overhead bits. If it takes a CPU 1 cycle to perform an XOR between a pair of 64 bit variables, then a Băhēm operation takes 4 / 8 = 0.5 cycles per byte. Further, all Băhēm's operations are independent, therefore a system with n many CPU cores can perform 0.5 / n cpu cycles per byte per wall-clock time.
While Băhēm has an overhead of 2 extra bits per every encrypted cleartext bit, its early single-threaded prototype implementation achieves a faster /decryption/ than OpenSSL's ChaCha20's, despite the fact that Băhēm's ciphertext is 3 times larger than ChaCha20's. This support that the 2 bit overhead is practically negligible for most applications.
Băhēm's early prototype has a slower /encryption/ time than OpenSSL's ChaCha20 due to its use of a true random number generator (TRNG). However, this can be trivially optimised by gathering the true random bits in advance, so Băhēm gets the entropy conveniently when it runs.
Aside from Băhēm's usage as a provably-secure general-purpose symmetric cipher, it can also be used, in some applications such as password verification, to enhance existing hashing functions to become provably one-way, by using Băhēm to encrypt a predefined string using the hash as the key. A password is then verified if its hash decrypts the Băhēm ciphertext to retrieve the predefined string.
Shaoxuan Zhang, Chun Guo, Qingju Wang
ePrint ReportWe first extend Kuwakado and Morii's attack against the Even-Mansour cipher (ISITA 2012), and exhibit key recovery attacks against a large class of pseudorandom schemes based on a single call to an $n$-bit permutation, with polynomial $O(n)$ quantum steps. We also show how to overcome restrictions on available quantum data in certain relevant settings.
We then consider TPPR schemes, namely, Two Permutation-based PseudoRandom cryptographic schemes. Using the improved Grover-meet-Simon method of Bonnetain et al. (ASIACRYPT 2019), we show that the keys of a wide class of TPPR schemes can be recovered with $O(n)$ superposition queries and $O(n2^{n/2})$ quantum steps. We also exhibit sub-classes of "degenerated" TPPR schemes that lack certain internal operations, and exhibit more efficient key recovery attacks using either the Simon's algorithm or Chailloux et al.'s algorithm for collision searching (ASIACRYPT 2017). Further using the all-subkeys-recovery idea of Isobe and Shibutani (SAC 2012), our results give rise to key recovery attacks against several recently proposed permutation-based PRFs, as well as the 2-round Even-Mansour ciphers with generic key schedule functions (Chen et al., JoC 2018) and their tweakable variants (Cogliati et al., CRYPTO 2015). From a constructive perspective, our results establish new quantum Q2 security upper bounds for two permutation-based pseudorandom schemes as well as sound design choices.
Harashta Tatimma Larasati, Dedy Septono Catur Putranto, Rini Wisnu Wardhani, Howon Kim
ePrint ReportMiguel Ambrona, Anne-Laure Schmitt, Raphael R. Toledo, Danny Willems
ePrint ReportWei Cheng, Sylvain Guilley, Jean-Luc Danger
ePrint ReportRelying on our empirical evaluations, we therefore recommend investigating the coding-theoretic properties to find the best linear codes in strengthening instances of code-based masking. As for applications, our attack-based evaluation directly empowers designers, by employing optimal linear codes, to enhance the protection of code-based masking. Our framework leverages simulated leakage traces, hence allowing for source code validation or patching in case it is found to be attackable.
Lin You, Qiang Zhu, Gengran Hu
ePrint Report18 April 2022
University of Clermont Auvergne, France
Job PostingTopics:
- Cryptographic algorithms and protocols
- Computer networking
- Research on secure Multi-Part Computation (MPC) and cutting-edge technologies to solve security issues in network routing.
- Possible teaching.
- Completion of a Master's degree (or equivalent) in computer science or applied mathematics
- Knowledge in applied cryptography/security and computer networking
- Analytical and problem solving skills.
Deadline: 3 May 2022
Closing date for applications:
Contact: Kevin Atighehchi (kevin.atighehchi@uca.fr), Gérard Chalhoub (gerard.chalhoub@uca.fr)
Aalto University, Department of Mathematics and Systems Analysis, Espoo, Finland
Job PostingResearch experience in cryptography is essential. Additionally, background in algebraic number theory, probability theory, complexity theory and/or machine learning are useful. For a cryptographer, we expect that the candidate has published in IACR conferences, established theoretical computer science venues (STOC/FOCS/APPROX-RANDOM/SODA/PODC) or IT security venues (CCS/S&P/Usenix). The applicant is expected to hold a PhD degree in mathematics or computer science. A research level proficiency in English, both writing and speaking, is expected.
We offer advising related to both algebraic lattices (Camilla Hollanti) and cryptography (Chris Brzuska). Our group offers a diverse, international, and open research environment with an interdisciplinary academic and industrial network. We expect the candidate to significantly shape the research questions which we investigate together as well as to pursue their own research within their existing research network.
The tentative duration of the position is September 2022 — December 2023 (16 months), but a shorter duration or an earlier starting date is negotiable. There is an option to renew the contract subject to acquiring funding (either by the candidate or by the hosts). The initial salary is €3700 and the contract includes occupational health care.
For details, see: https://www.aalto.fi/en/open-positions/postdoctoral-researcher-in-mathematics-or-computer-science-lattice-based
Closing date for applications:
Contact: Camilla Hollanti and Chris Brzuska for scientific questions and Johanna Glader for questions on the application process. (eMail: firstname.lastname@aalto.fi )
More information: https://www.aalto.fi/en/open-positions/postdoctoral-researcher-in-mathematics-or-computer-science-lattice-based