IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
09 August 2022
Research & Development Group, Horizen Labs
Job PostingHorizen Labs is a blockchain technology company that designs, develops, and delivers powerful, scalable, and reliable distributed ledger solutions for business.
Our Core Engineering Team is an innovative and collaborative group of researchers and software engineers who are dedicated to the design and development of world-class blockchain-based products. We are looking for a cryptographer, or applied cryptographer, to join our growing crypto team based in Milan, Italy. Currently, the team is developing a protocol suite for SNARK-based proof-composition, but its duties reach beyond that, developing privacy-enhancing solutions for our sidechain ecosystem.
Responsabilities- Design privacy-enhancing technology built on SNARK-based protocols
- Perform collaborative research and assist technical colleagues in their development work
- Participate in standards-setting
- Ph.D. in mathematics, computer science, or cryptography
- Solid foundations in zero-knowledge and cryptographic protocols
- Publications in acknowledged venues on applied or theoretical cryptography, preferably cryptographic protocols or PETs
- Strong problem-solving skills
- The ability to work in a team setting as well as autonomously
- Foundations in blockchain technology and experience in reading Rust are a plus
- A competitive salary plus pre-series A stock options
- Flexible working hours, including the possibility of remote working
- The opportunity to work with talented minds on challenging topics in this field, including the most recent advancements in zero-knowledge
- A nice and informal team setting to conduct research and development of high-quality open source solutions
If you are interested in this position, you might want to take a look at our recent publications (IACR eprints 2021/930, 2021/399, 2020/123) and our latest podcast on zeroknowledge.fm (Episode 178). For further questions, please contact the email below.
Closing date for applications:
Contact: Raffaella Lixi raffaella@horizenlabs.io
More information: https://horizenlabs.io/careers/job/?gh_jid=4116067004
Research & Development Group, Horizen Labs
Job PostingHorizen Labs is a blockchain technology company that designs, develops, and delivers powerful, scalable, and reliable distributed ledger solutions for business.
We are looking for an engineer who will contribute in building the cryptographic infrastructure of our Web 3.0-enabled blockchain ecosystem. You will be involved in the design and implementation of our zero-knowledge Layer 2 scaling solution based on STARK-proven virtual machines. Our international team works in a stimulating and innovative environment, where people’s technical expertise and experience contribute to the development of cutting-edge blockchain technology.
Requirements- Experience in implementing zero-knowledge proving systems or related cryptographic primitives;
- Comfortable in implementing low-level operations such as finite field arithmetics, hash functions, etc.;
- Enthusiastic about algorithmic improvements and code optimization.
- Plonk, STARKs, AIR circuits,
- EVM, zk-VMs,
- C/C++/Rust programming language
- Competitive salary, yearly bonus, and stock options
- Flexible working hours, fully remote if preferred
- The opportunity to work with talented minds on innovative, high-quality open source solutions.
If you want to get more knowledge about our technology, read our Whitepapers at the website: https://www.horizen.io/research/
Closing date for applications:
Contact: Raffaella Lixi raffaella@horizenlabs.io
More information: https://horizenlabs.io/careers/job/?gh_jid=4534454004
Research & Development Group, Horizen Labs
Job PostingHorizen Labs is a blockchain technology company that designs, develops, and delivers powerful, scalable, and reliable distributed ledger solutions for business.
Our Core Engineering Team is an innovative and collaborative group of researchers and software engineers who are dedicated to the design and development of world-class blockchain-based products. We are working on cutting edge tech, including zkSNARKS, proof systems and zkVMs, to fundamentally change the way of building decentralized and scalable Web3 applications. We are looking for a Lead Zero-Knowledge Cryptographer for our cryptographic team distributed across the globe. Amongst other projects, the team is dedicated to the design of our Layer-2 scaling solution based on STARK-proven virtual machines. You will help our team grow, conduct research and lay out SNARK-based cryptographic protocols, working on related cutting-edge technologies such as zkVMs.
RequirementsYou should be aware of state of the art proving systems such as Plonk and STARKs, and have a solid background in computational models and blockchain technologies. Additional requirements are represented by:
- Ph.D. in mathematics, computer science, or cryptography;
- Solid foundations in zero-knowledge and cryptographic protocols ;
- Publications in acknowledged venues on applied or theoretical cryptography, preferably cryptographic protocols, and PETs;
- Strong problem-solving skills;
- The ability to work in a team setting as well as autonomously
Experience in reading code (e.g. C++, Rust) though not mandatory, it is welcomed.
We offer:- Competitive salary, yearly bonus, and stock options
- Flexible working hours, fully remote if preferred
- The opportunity to work with talented minds on innovative, high-quality open source solutions.
If you want to get more knowledge about our technology, read our Whitepapers at the website: https://www.horizen.io/research/
Closing date for applications:
Contact: Raffaella Lixi raffaella@horizenlabs.io
More information: https://horizenlabs.io/careers/job/?gh_jid=4536288004
Dalian university of technology
Job PostingOpen Positions: 03 Post-doctoral research fellows for three years contract. The salary is $50,000 -- $70,000 per year plus Superannuation. Housing/renting is covered.
Responsibilities:
- Conduct research on state-of-the-art cryptography and cyber-security research fields.
- Analyze project requirements and provide technical and functional recommendations.
- Implement cryptographic libraries and security frameworks.
- Propose new projects and research directions.
- Ph.D. degree in Cryptography, Applied Cryptography, Information Theory, or Mathematics.
- Knowledge of cryptography and cybersecurity.
- Familiar with C, C++, Python, or JAVA
- Self-motivated, reliable, creative, can work independently and want to do excellent research.
Closing date for applications:
Contact: kumar.abdal@protonmail.com
Cryptology Group, CWI, Amsterdam, The Netherlands
Job PostingThe Cryptology Group at CWI in Amsterdam invites applications for a 3-year postdoc position within the NWO NWA consortium project HAPKIDO. The successful candidate is expected to do cutting edge research on the topic of post-quantum cryptography, but ideally has also some interest in practical aspects of the migration to post-quantum secure schemes.
Candidates are required to hold a PhD in mathematics or computer science, with a specialization in cryptology, and they are expected to have a good knowledge of post-quantum cryptography and/or of quantum information science in general. Candidates must have a strong track record (ideally with publications at IACR conferences) and good academic writing and presentation skills.
The position is with a flexible starting date, available as of immediately. Applications will be reviewed continuously until the position is filled.
All applications should include a motivation letter, a detailed resume (including a list of publications), a research statement (max 2 pages) discussing prior, current and future research, and the names of at least three references.
Questions and applications should be sent to serge.fehr@cwi.nl.
Closing date for applications:
Contact: Serge Fehr
Rex Fernando, Yuval Gelles, Ilan Komargodski, Elaine Shi
ePrint ReportMotivated by the need to perform large-scale data analytics in a privacy-preserving manner, several recent works have presented generic compilers that transform algorithms in the MPC model into secure counterparts, while preserving various efficiency parameters of the original algorithms. The first paper, due to Chan et al. (ITCS ’20), focused on the honest majority setting. Later, Fernando et al. (TCC ’20) considered the dishonest majority setting. The latter work presented a compiler that transforms generic MPC algorithms into ones which are secure against semi-honest attackers that may control all but one of the parties involved. The security of their resulting algorithm relied on the existence of a PKI and also on rather strong cryptographic assumptions: indistinguishability obfuscation and the circular security of certain LWE-based encryption systems.
In this work, we focus on the dishonest majority setting, following Fernando et al. In this setting, the known compilers do not achieve the standard security notion called malicious security, where attackers can arbitrarily deviate from the prescribed protocol. In fact, we show that unless very strong setup assumptions as made (such as a programmable random oracle), it is provably impossible to withstand malicious attackers due to the stringent requirements on space and round complexity.
As our main contribution, we complement the above negative result by designing the first general compiler for malicious attackers in the dishonest majority setting. The resulting protocols withstand all-but-one corruptions. Our compiler relies on a simple PKI and a (programmable) random oracle, and is proven secure assuming LWE and SNARKs. Interestingly, even with such strong assumptions, it is rather non-trivial to obtain a secure protocol.
Luciano Maino, Chloe Martindale
ePrint ReportCody Freitag, Rafael Pass, Naomi Sirkin
ePrint ReportOur main results show the existence of a publicly-verifiable, non-interactive, SPARG for P assuming polynomial hardness of LWE. Our SPARG construction relies on the elegant recent delegation construction of Choudhuri, Jain, and Jin (FOCS'21) and combines it with techniques from Ephraim et al (EuroCrypt'20).
We next demonstrate how to make our SPARG time-independent–where the prover and verifier do not need to known the running-time t in advance; as far as we know, this yields the first construction of a time-tight delegation scheme with time-independence based on any hardness assumption.
We finally present applications of SPARGs to the constructions of VDFs (Boneh et al, Crypto'18), resulting in the first VDF construction from standard polynomial hardness assumptions (namely LWE and the minimal assumption of a sequentially hard function).
Shweta Agrawal, Anshu Yadav, Shota Yamada
ePrint Report1. Formalizing Security: We provide definitions for ${\sf miABE}$ and ${\sf miPE}$ in the {symmetric} key setting and formalize security in the standard indistinguishability (IND) paradigm, against unbounded collusions.
2. Two-input ${\sf ABE}$ for ${\sf NC}_1$ from ${\sf LWE}$ and Pairings: We provide the first constructions for two-input key-policy ${\sf ABE}$ for ${\sf NC}_1$ from ${\sf LWE}$ and pairings. Our construction leverages a surprising connection between techniques recently developed by Agrawal and Yamada (Eurocrypt, 2020) in the context of succinct single-input ciphertext-policy ${\sf ABE}$, to the seemingly unrelated problem of two-input key-policy ${\sf ABE}$. Similarly to Agrawal-Yamada, our construction is proven secure in the bilinear generic group model. By leveraging inner product functional encryption and using (a variant of) the KOALA knowledge assumption, we obtain a construction in the standard model analogously to Agrawal, Wichs and Yamada (TCC, 2020).
3. Heuristic two-input ${\sf ABE}$ for ${\sf P}$ from Lattices: We show that techniques developed for succinct single-input ciphertext-policy ${\sf ABE}$ by Brakerski and Vaikuntanathan (ITCS 2022) can also be seen from the lens of ${\sf miABE}$ and obtain the first two-input key-policy ${\sf ABE}$ from lattices for ${\sf P}$.
4. Heuristic three-input ${\sf ABE}$ and ${\sf PE}$ for ${\sf NC}_1$ from Pairings and Lattices: We obtain the first three-input ${\sf ABE}$ for ${\sf NC}_1$ by harnessing the powers of both the Agrawal-Yamada and the Brakerski-Vaikuntanathan constructions.
5. Multi-input ${\sf ABE}$ to multi-input ${\sf PE}$ via Lockable Obfuscation: We provide a generic compiler that lifts multi-input ${\sf ABE}$ to multi-input ${\sf PE}$ by relying on the hiding properties of Lockable Obfuscation (${\sf LO}$) by Wichs-Zirdelis and Goyal-Koppula-Waters (FOCS 2018), which can be based on ${\sf LWE}$. Our compiler generalizes such a compiler for single-input setting to the much more challenging setting of multiple inputs. By instantiating our compiler with our new two and three-input ${\sf ABE}$ schemes, we obtain the first constructions of two and three-input ${\sf PE}$ schemes.
Our constructions of multi-input ${\sf ABE}$ provide the first improvement to the compression factor of non-trivially exponentially efficient Witness Encryption defined by Brakerski et al. (SCN 2018) without relying on compact functional encryption or indistinguishability obfuscation. We believe that the unexpected connection between succinct single-input ciphertext-policy ${\sf ABE}$ and multi-input key-policy ${\sf ABE}$ may lead to a new pathway for witness encryption.
Albert Yu, Donghang Lu, Aniket Kate, Hemanta K. Maji
ePrint ReportThis work identifies and presents SIM, a secure protocol for the functionality of interval membership testing. This security functionality, in particular, facilitates secure less-than-zero testing and, in turn, secure comparison. A key technical challenge is to support a fast online protocol for testing in large rings while keeping the precomputation tractable. Motivated by the map-reduce paradigm, this work introduces the innovation of (1) computing a sequence of intermediate functionalities on a partition of the input into input blocks and (2) securely aggregating the output from these intermediate outputs. This innovation allows controlling the size of the precomputation through a granularity parameter representing these input blocks' size -- enabling application-specific automated compiler optimizations.
To demonstrate our protocols' efficiency, we implement and test their performance in a high-demand application: privacy-preserving machine learning. The benchmark results show that switching to our protocols yields significant performance improvement, which indicates that using our protocol in a plug-and-play fashion can improve the performance of various security applications. Our new paradigm of protocol design may be of independent interest because of its potential for extensions to other functionalities of practical interest.
Fukang Liu, Willi Meier, Santanu Sarkar, Takanori Isobe
ePrint ReportIn this paper, we improve the attacks on LowMC in a model where memory consumption is costly. First, a new attack on 3-round LowMC with full S-box layers with negligible memory complexity is found, which can outperform Bouillaguet et al.'s fast exhaustive search attack and can achieve better time-memory tradeoffs than Dinur's algorithm. Second, we extend the 3-round attack to 4 rounds to significantly reduce the memory complexity of Dinur's algorithm at the sacrifice of a small factor of time complexity. For LowMC instances with 1 S-box per round, our attacks are shown to be much faster than the MITM attacks. For LowMC instances with 10 S-boxes per round, we can reduce the memory complexity from 32GB ($2^{38}$ bits) to only 256KB ($2^{21}$ bits) using our new algebraic attacks rather than the MITM attacks, while the time complexity of our attacks is about $2^{3.2}\sim 2^{5}$ times higher than that of the MITM attacks. A notable feature of our new attacks (apart from the 4-round attack) is their simplicity. Specifically, only some basic linear algebra is required to understand them and they can be easily implemented.
Charlotte Hoffmann, Pavel Hubáček, Chethan Kamath, Karen Klein, Krzysztof Pietrzak
ePrint ReportIn this work, we propose a statistically-sound PoE for arbitrary groups for the case where the exponent $q$ is the product of all primes up to some bound $B$. For such a structured exponent, we show that it suffices to run only $\lambda/\log(B)$ parallel instances of Pietrzak's PoE. This reduces the concrete proof-size compared to Block et al. by an order of magnitude. Furthermore, we show that in the known applications where PoEs are used as a building block such structured exponents are viable. Finally, we also discuss batching of our PoE, showing that many proofs (for the same $\mathbb{G}$ and $q$ but different $x$ and $T$) can be batched by adding only a single element to the proof per additional statement.
08 August 2022
Taipei, Taiwan, 4 December -
Event CalendarSubmission deadline: 31 August 2022
Notification: 7 October 2022
Monash University
Job PostingMore information about Monash's cybersecurity group can be found at https://www.monash.edu/it/ssc/cybersecurity, and about our PPML work on https://dowsley.net
Monash is one of the leading universities in Australia and is located in Melbourne (which is consistently ranked as one of the top cities in the world to live in).
Closing date for applications:
Contact: Rafael Dowsley
07 August 2022
Aviv Yaish, Gilad Stern, Aviv Zohar
ePrint ReportTomoki Moriya
ePrint ReportIn this paper, we proposed the new isogeny-based scheme named \textit{masked-degree SIDH}. This scheme is the variant of SIDH that masks most information about degrees of hidden isogenies, and the first trial against Castryck--Decru attack. The main idea to cover degrees is to use many primes to compute isogenies that allow the degree to be more flexible. Though the size of the prime $p$ for this scheme is slightly larger than that of SIDH, this scheme resists current attacks using degrees of isogenies like the attack of Castryck and Decru. The most effective attack for masked-degree SIDH has $\tilde{O}(p^{1/(8\log_2{(\log_2{p})})})$ time complexity with classical computers and $\tilde{O}(p^{1/(16\log_2{(\log_2{p})})})$ time complexity with quantum computers in our analysis.
Gabrielle Beck, Arka Rai Choudhuri, Matthew Green, Abhishek Jain, Pratyush Ranjan Tiwari
ePrint ReportWe first investigate the security definitions for time-deniability, demonstrating that past definitional attempts are insufficient (and indeed, allow for broken signature schemes.) We then propose an efficient construction of TDS based on well-studied assumptions.
Gareth T. Davies, Jeroen Pijnenburg
ePrint ReportWe define distributed key acquisition (DKA) as the primitive for the task at hand, where a user interacts with one or more servers to acquire a strong cryptographic key, and both user and server are required to store as little as possible. We present a construction framework that we call PERKS---Password-based Establishment of Random Keys for Storage---providing efficient, modular and simple protocols that utilize Oblivious Pseudorandom Functions (OPRFs) in a distributed manner with minimal storage by the user (just the password) and servers (a single global key for all users). Along the way we introduce a formal treatment of DKA, and provide proofs of security for our constructions in their various flavours. Our approach enables key rotation by the OPRF servers, and for this we incorporate updatable encryption. Finally, we show how our constructions fit neatly with recent research on encrypted outsourced storage to provide strong security guarantees for the outsourced ciphertexts.
Leixiao Cheng, Fei Meng
ePrint ReportIn this paper, we first analyze the schemes of Liu et al. and Emura, and point out some issues regarding their construction and security model. In short, in their lattice-based instantiations, the sender and receiver use a lattice-based word independent SPHF to compute the same shared key to authenticate keywords, leading to a super-polynomial modulus $q$; their generic constructions need a trusted setup assumption or the designated-receiver setting; Liu et al. failed to provide convincing evidence that their scheme satisfies their claimed security.
Then, we propose two new lattice-based PAEKS schemes with totally different construction methodology from Liu et al. and Emura. Specifically, in our PAEKS schemes, instead of using the shared key calculated by SPHF, the sender and receiver achieve keyword authentication by using their own secret key to sample a set of short vectors related to the keyword. In this way, the modulus $q$ in our schemes could be of polynomial size, which results in much smaller size of the public key, ciphertext and trapdoor. In addition, our schemes need neither a trusted setup assumption nor the designated-receiver setting. Finally, our schemes can be proven secure in stronger security model, and thus provide stronger security guarantee for both ciphertext privacy and trapdoor privacy.