IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
10 May 2022
Yawning Angel, Benjamin Dowling, Andreas Hülsing, Peter Schwabe, Florian Weber
ePrint ReportPatrick Karl, Jonas Schupp, Tim Fritzmann, Georg Sigl
ePrint ReportJincheol Ha, Seongkwang Kim, Byeonghak Lee, Jooyoung Lee, Mincheol Son
ePrint ReportIn this paper, we propose a family of noisy ciphers, dubbed Rubato, with a novel design strategy of introducing noise to a symmetric cipher of a low algebraic degree. With this strategy, the multiplicative complexity of the cipher is significantly reduced, compared to existing HE-friendly ciphers, without degrading the overall security. More precisely, given a moderate block size (16 to 64), Rubato enjoys a low multiplicative depth (2 to 5) and a small number of multiplications per encrypted word (2.1 to 6.25) at the cost of slightly larger ciphertext expansion (1.26 to 1.31). The security of Rubato is supported by comprehensive analysis including symmetric and LWE cryptanalysis. Compared to HERA within the RtF framework, client-side and server-side throughput is improved by 22.9% and 32.2%, respectively, at the cost of only 1.6% larger ciphertext expansion.
Sabyasachi Dey, Hirendra Kumar Garai, Santanu Sarkar, Nitin Kumar Sharma
ePrint ReportDamiano Abram, Peter Scholl, Sophia Yakoubov
ePrint ReportIn this paper, we describe how to generate any SRS or correlated randomness in such a single round of communication, using, among other things, indistinguishability obfuscation. We introduce what we call a distributed sampler, which enables $n$ parties to sample a single public value (SRS) from any distribution. We construct a semi-malicious distributed sampler in the plain model, and use it to build a semi-malicious public-key PCF (Boyle et al, FOCS 2020) in the plain model. A public-key PCF can be thought of as a distributed correlation sampler; instead of producing a public SRS, it gives each party a private random value (where the values satisfy some correlation).
We introduce a general technique called an anti-rusher which compiles any one-round protocol with semi-malicious security without inputs to a similar one-round protocol with active security by making use of a programmable random oracle. This gets us actively secure distributed samplers and public-key PCFs in the random oracle model.
Finally, we explore some tradeoffs. Our first PCF construction is limited to reverse-sampleable correlations (where the random outputs of honest parties must be simulatable given the random outputs of corrupt parties); we additionally show a different construction without this limitation, but which does not allow parties to hold secret parameters of the correlation. We also describe how to avoid the use of a random oracle at the cost of relying on sub-exponentially secure indistinguishability obfuscation.
Renas Bacho (CISPA Helmholtz Center for Information Security), Julian Loss (CISPA Helmholtz Center for Information Security)
ePrint Report- We give a modular security proof that follows a two-step approach: 1) We introduce a new security notion for distributed key generation protocols (DKG). We show that it is satisfied by several protocols that previously only had a static security proof. 2) Assuming any DKG protocol with this property, we then prove unforgeability of the threshold BLS scheme. Our reductions are tight and can be used to substantiate real-world parameter choices.
- To justify our use of strong assumptions such as the algebraic group model (AGM) and the hardness of one-more-discrete logarithm (OMDL), we prove two impossibility results: 1) Without the AGM, there is no tight security reduction from $(t+1)$-OMDL. 2) Even in the AGM, $(t+1)$-OMDL is the weakest assumption from which any (possibly loose) security reduction exists.
M. Rajululkahf
ePrint ReportAside from the cost of memory access and input/output processing, Băhēm requires only three additions (one per-session, two per-block) and one XOR operation in order to encrypt or decrypt, and is also highly parallelise-able.
Despite Băhēm's 1-bit overhead per cleartext bit, its early prototype, Alyal, achieved similar run-time speeds to OpenSSL's ChaCha20; slightly faster decryption, while slightly slower encryption when the TRNG was prepared in a file in advance. This demonstrates that Băhēm is practicality usable for many real-world application scenarios.
Later implementations, with better TRNG optimisations and parallelism, must allow the prototype a faster run-time for both, encryption and decryption.
Joon-Woo Lee, Eunsang Lee, Young-Sik Kim, Jong-Seon No
ePrint ReportNorica Băcuieți, Joan Daemen, Seth Hoffert, Gilles Van Assche, Ronny Van Keer
ePrint ReportMalik Imran, Felipe Almeida, Andrea Basso, Sujoy Sinha Roy, Samuel Pagliarini
ePrint ReportDiego Aranha, Chuanwei Lin, Claudio Orlandi, Mark Simkin
ePrint ReportPreviously, practically relevant laconic PSI protocols were only known from factoring-type assumptions. The contributions of this work are twofold: 1) We present the first laconic PSI protocol based on assumptions over pairing-friendly elliptic curves; and 2) For the first time we provide empirical evaluation of any laconic PSI protocol by carefully implementing and optimising both our and previous protocols. Our experimental results shows that our protocol outperforms prior laconic PSI protocols.
Marzio Mula, Nadir Murru, Federico Pintore
ePrint ReportJungmin Park, N. Nalla Anandakumar, Dipayan Saha, Dhwani Mehta, Nitin Pundir, Fahim Rahman, Farimah Farahmandi, Mark M. Tehranipoor
ePrint ReportFuchun Guo, Willy Susilo
ePrint ReportWe show that the proposed chain-based unique signature scheme by Guo {\it et al.} must have the reduction loss $q^{1/n}$ for $q$ signature queries when each unique signature consists of $n$ BLS signatures. We use a meta reduction to prove this lower bound in the EUF-CMA security model under any non-interactive hardness assumption, and the meta-reduction is also applicable in the random oracle model. We also give a security reduction with reduction loss $4\cdot q^{1/n}$ for the chain-based unique signature scheme (in the EUF-CMA security model under the CDH assumption). This improves significantly on previous reduction loss $n\cdot q_H^{1/n}$ that is logarithmically tight at most. The core of our reduction idea is a {\em non-uniform} simulation that is specially invented for the chain-based unique signature construction.
Elena Kirshanova, Alexander May
ePrint ReportWe show that given more than $tm$ entries of the Goppa point vector $(\alpha_1, \ldots, \alpha_n)$ allows to recover the Goppa polynomial $g(x)$ and the remaining entries in polynomial time. Hence, in case $tm \approx \frac n 4$ roughly a fourth of a McEliece secret key is sufficient to recover the full key efficiently.
Let us give some illustrative numerical examples. For ClassicMcEliece with $(n,t,m)=(3488,64,12)$ on input $64\cdot 12+1=769$ Goppa points, we recover the remaining $3488-769=2719$ Goppa points in $\mathbb{F}_{2^{12}}$ and the degree-$64$ Goppa polynomial $g(x) \in \mathbb{F}_{2^{12}}[x]$ in $1$ minute.
For ClassicMcEliece with $(n,t,m)=(8192,128,13)$ on input $128\cdot 13+1=1665$ Goppa points, we recover the remaining $8192-1665=6529$ Goppa points in $\mathbb{F}_{2^{13}}$ and the degree-$128$ Goppa polynomial $g(x) \in \mathbb{F}_{2^{13}}[x]$ in $5$ minutes.
Our results also extend to the case of erroneous Goppa points, but in this case our algorithms are no longer polynomial time.
Hien Chu, Dario Fiore, Dimitris Kolonelos, Dominique Schröder
ePrint ReportMysten Labs (mystenlabs.com)
Job PostingThis role gives the opportunity to work closely with a senior team of experts in theoretical computer science, cryptography, language & systems design, while enjoying a high degree of ownership & autonomy in working conditions & task prioritization. We regularly publish to conferences like CCS, S&P, CRYPTO, NDSS, FC, AsicCCS, PETS, CT-RSA, ESORICS, ACNS etc.
While the following guidelines reflect some of our thinking about a background we would like to see in a candidate, we are committed to diversity, & more surprising profiles with a good argument to fit & capability are encouraged to apply.
Our ideal candidate would have:
- 2+ years of experience in hands-on software engineering for cryptographic operations, such as signature schemes, accumulators, key management, data encryption & compression.
- Understanding of fundamental cryptographic algorithms & underlying math for any of the following: hash functions, finite field arithmetic, polynomials (FFT) & elliptic curves.
- Experience implementing high-performance & parallelizable protocols in languages such as Rust, Go, Java, or C/C++.
- Experience implementing ZKP circuits or proof systems (Groth16, Halo, Plonk, STARKs, Marlin) is considered a plus.
Our team is 100% remote & we are hiring across the world. Here at Mysten Labs, you’ll be joining a world class team with tremendous growth potential. We raised our 1st funding round ($36m series A) from top Silicon Valley VCs led by Andreessen Horowitz (a16z) with participation from Redpoint, Lightspeed, Coinbase Ventures, Electric Capital, Standard Crypto, NFX, Slow Ventures, Scribble Ventures, Samsung Next, Lux Capital & many other great funds & angels!
Closing date for applications:
Contact: Kostas Chalkias (Chief Cryptographer) kostas {at} mystenlabs.com
More information: https://jobs.lever.co/mystenlabs/3733dd29-260f-41ac-80a6-127bd84aabd1
Composable Finance
Job Posting
You’ll be building the first ZK rollup in the Polkadot ecosystem with other exciting projects like Whirlpool Cash needing your expertise after.
As a high level blockchain developer with exposure to zero knowledge proofs, or cryptographer in the blockchain space with relevant programming skills, you’ll be working on cutting edge technology that will help shape DeFi.
Responsibilities
Requirements & skills:
Nice to have:
Perks: Competitive Crypto payments, all made in USDC.
Closing date for applications:
Contact: Maya Jerath
More information: https://incredulous.bamboohr.com/jobs/view.php?id=124
09 May 2022
University of Tübingen, Department of Computer Science; Tübingen, Germany
Job PostingResearch Topics: Development and analysis of cryptography-based privacy-preserving solutions for real-world healthcare problems. Topics of interest include (but are not limited to): privacy-preserving machine learning, genomic privacy, medical privacy as well as foundations for real-world cryptography.
Your profile:
- Completed Master's degree (or equivalent) at a top university with excellent grades in computer science, or a similar area.
- Knowledge in applied cryptography/security and cryptographic protocols.
- Knowledge in machine learning.
- Very good software development skills.
- Self-motivated, reliable, creative, can work independently and want to do excellent research.
Closing date for applications:
Contact: Dr. Mete Akgün (mete.akguen@uni-tuebingen.de)
PQShield
Job PostingWe are looking for a Cryptography Architect to join our team to help define the next generation of secure Hardware and Software implementations of Post Quantum Cryptography.
Responsibilities:Design, implement and analyse post quantum cryptographic algorithms including key exchange algorithms and digital signature schemes
- Investigate new and future algorithms, research potential implementations and optimisation for efficient implementation.
- Develop Architectural descriptions and models of PQ Cryptographic Algorithms
- Interface with the Engineering team, provide specifications for Micro-Architectural planning and implementation.
- Perform security analysis of Post Quantum and Classical Cryptography implementations
- Research and propose secure attack resistant (SCA, Fault) implementations of Post Quantum Algorithms.
- PhD or degree in Cryptography, Applied Cryptography, Mathematics or Computer Science
- 2+ years of work experience or research in the field of Post-Quantum Cryptography
- Knowledge of Secure Implementations of cryptography
- Knowledge of Side-channel analysis of cryptographic primitives
- Theoretical understanding of common side-channel countermeasures
- Programming skills , C/C++, Python, Mathematics tools
Closing date for applications:
Contact: Graeme Hickey
More information: https://pqshield.com/