IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
07 July 2022
Jakob Feldtkeller, David Knichel, Pascal Sasdrich, Amir Moradi, Tim Güneysu
ePrint ReportLipeng Wan, Fangyu Zheng, Guang Fan, Rong Wei, Lili Gao, Jiankuo Dong, Jingqiang Lin, Yuewu Wang
ePrint ReportAfter investigating and analysing the workload of the commercial off-the-shelf AI accelerators, we utilize NVIDIA's AI accelerator, Tensor Core, to accelerate the polynomial multiplication, usually the most time-consuming part in lattice-based cryptography. A series of measures are taken, such as accommodating the matrix-multiply-and-add mode of Tensor Core and making a trade-off between precision and performance, to leverage Tensor Core as a high-performance NTT box performing NTT/INTT through CUDA C++ WMMA API. Meanwhile, we take CRYSTALS-Kyber, one of the NIST PQC 3rd round candidates, as a case study on RTX 3080 with the Ampere Tensor Core. The empirical results show that the defined NTT of polynomial vector ($n=256,k=4$) with our NTT box obtains a speedup of around 6.47x that of the state-of-the-art implementation on the same platform.
Gustavo Banegas, Valerie Gilchrist, Benjamin Smith
ePrint ReportAurélien Greuet, Simon Montoya, Clémence Vermeersch
ePrint ReportMichael Rosenberg, Jacob White, Christina Garman, Ian Miers
ePrint ReportWe present and build $\texttt{zk-creds}$, a protocol that uses general-purpose zero-knowledge proofs to 1) remove the need for credential issuers to hold signing keys: credentials can be issued via a transparency log, Byzantine system, or even a blockchain; 2) convert existing identity documents into anonymous credentials without modifying documents or coordinating with their issuing authority; 3) allow for flexible, composable, and complex identity statements over multiple credentials. Concretely, identity assertions using $\texttt{zk-creds}$ take less than 300ms in a real-world scenario of using a passport to anonymously access age-restricted videos.
Myungsun Kim
ePrint ReportFoteini Baldimtsi, Aggelos Kiayias, Katerina Samari
ePrint ReportWe present the first scheme that obviates these restrictions in the secret-key marking model, i.e., the setting where extraction is performed using a private extraction key. Our construction offers constant time extraction complexity with constant size keys and ciphertexts and is secure under standard assumptions, namely the Decisional Composite Residuosity Assumption [Eurocrypt '99] and the Decisional Diffie Hellman in prime order subgroups of square higher order residues.
Christoph Hagen, Christian Weinert, Christoph Sendner, Alexandra Dmitrienko, Thomas Schneider
ePrint ReportOur study of three popular messengers (WhatsApp, Signal, and Telegram) shows that large-scale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we queried 10% of US mobile phone numbers for WhatsApp and 100% for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service. We present interesting (cross-messenger) usage statistics, which also reveal that very few users change the default privacy settings.
Furthermore, we demonstrate that currently deployed hashing-based contact discovery protocols are severely broken by comparing three methods for efficient hash reversal. Most notably, we show that with the password cracking tool "JTR" we can iterate through the entire world-wide mobile phone number space in <150s on a consumer-grade GPU. We also propose a significantly improved rainbow table construction for non-uniformly distributed input domains that is of independent interest.
Regarding mitigations, we most notably propose two novel rate-limiting schemes: our incremental contact discovery for services without server-side contact storage strictly improves over Signal's current approach while being compatible with private set intersection, whereas our differential scheme allows even stricter rate limits at the overhead for service providers to store a small constant-size state that does not reveal any contact information.
Shanxiang Lyu, Ling Liu, Junzuo Lai, Cong Ling, Hao Chen
ePrint Report06 July 2022
(Old) Ottawa, Canada, 12 December - 14 December 2022
Event CalendarSubmission deadline: 23 August 2022
Notification: 28 October 2022
Technology Innovation Institute (TII) - Abu Dhabi, UAE
Job PostingTechnology Innovation Institute (TII) is a publicly funded research institute, based in Abu Dhabi, United Arab Emirates. It is home to a diverse community of leading scientists, engineers, mathematicians, and researchers from across the globe, transforming problems and roadblocks into pioneering research and technology prototypes that help move society ahead.
Cryptography Research Centre
In our connected digital world, secure and reliable cryptography is the foundation of digital information security and data integrity. We address the world’s most pressing cryptographic questions. Our work covers post-quantum cryptography, lightweight cryptography, cloud encryption schemes, secure protocols, quantum cryptographic technologies and cryptanalysis.
Position: Senior MPC Researcher
Skills required for the job
Closing date for applications:
Contact: Mehdi Messaoudi - Talent Acquisition Manager
Email: mehdi.messaoudi@tii.ae
University of Edinburgh
Job PostingClosing date for applications:
Contact: Markulf Kohlweiss (markulf.kohlweiss@ed.ac.uk)
04 July 2022
Clément Hoffmann, Benoît Libert, Charles Momin, Thomas Peters, François-Xavier Standaert
ePrint ReportAkash Madhusudan, Mahdi Sedaghat, Philipp Jovanovic, Bart Preneel
ePrint ReportIn this paper, we propose Nirvana, that can be combined with existing cryptocurrencies to provide instant, anonymous and unlinkable payment guarantees. Nirvana does not require any trusted third party. It conceals the identities of honest participants, thus ensuring customer anonymity within the system while only relying on efficient Groth-Sahai proof systems. We introduce a novel randomness-reusable threshold encryption that mitigates double-spending by revealing the identities of malicious users. We formally prove how our scheme provides customer anonymity, unlinkability of transactions and payment guarantees to merchants. Our experiments demonstrate that Nirvana allows for fast (zero-confirmation) global payments in a retail setting with a delay of less than $1.7$ seconds.
Shashank Agrawal
ePrint ReportPlot generation and farming involve the use of secret information, which makes plot transfer a non-trivial task in Chia. In this short note, we propose a way to transfer Chia plots in a secure manner with the help of zero-knowledge proofs.
Jesse Elliott, Aaron Hutchinson
ePrint ReportAlex Lombardi, Ethan Mook, Willy Quach, Daniel Wichs
ePrint ReportConcretely, our work provides (contrived) constructions of pseudorandom functions, CPA-secure symmetric-key encryption, message-authentication codes, signatures, and CCA-secure public-key encryption schemes, all of which are proven to be classically secure under LWE via black-box reductions, but demonstrably fail to be post-quantum secure. All of these cryptosystems are stateless and non-interactive, but their security is defined via an interactive game that allows the attacker to make oracle queries to the cryptosystem. The polynomial-time quantum attacker can break these schemes by only making a few classical queries to the cryptosystem, and in some cases, a single query suffices.
Previously, we only had examples of post-quantum insecurity under post-quantum assumptions for stateful/interactive protocols. Moreover, there appears to be a folklore belief that for stateless/non-interactive cryptosystems with black-box proofs of security, a quantum attack against the scheme should translate into a quantum attack on the assumption. This work shows otherwise. Our main technique is to carefully embed interactive protocols inside the interactive security games of the above primitives.
As a result of independent interest, we also show a 3-round quantum disclosure of secrets (QDS) protocol between a classical sender and a receiver, where a quantum receiver learns a secret message in the third round but, assuming LWE, a classical receiver does not.