IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
23 September 2022
Jie Chen, Yu Li, Jinming Wen, Jian Weng
ePrint ReportMore concretely, our IB-ME is constructed from a variant of two-level anonymous IBE. We observed that this two-level IBE with anonymity and unforgeability satisfies the same functionality of IB-ME, and its security properties cleverly meet the two requirements of IB-ME (Privacy and Authenticity). The privacy property of IB-ME relies on the anonymity of this two-level IBE, while the authenticity property is corresponding to the unforgeability in the 2nd level. This variant of two-level IBE is built from dual pairing vector spaces, and both security reductions rely on dual system encryption.
Lorenzo Grassi
ePrint Report19 September 2022
Yu Long Chen
ePrint ReportWe also present a framework to use the new techniques, which provides the bad events that need to be excluded in order to apply the public permutation mirror theory. Furthermore, we showcase the new technique on three examples: the Tweakable Even-Mansour cipher by Cogliati et al. (CRYPTO ’15), the two permutation variant of the pEDM PRF by Dutta et al. (ToSC ’21(2)), and the two permutation variant of the nEHtM\(_p\) MAC algorithm by Dutta and Nandi (AFRICACRYPT ’20). With this new tool we prove the multi-user security of these constructions in a considerably simplified way.
Hanno Becker, Matthias J. Kannwischer
ePrint ReportAmos Treiber, Dirk Müllmann, Thomas Schneider, Indra Spiecker genannt Döhmann
ePrint ReportSecure Multi-Party Computation (MPC) is often seen as a technological means to solve privacy conflicts where actors want to exchange and analyze data that needs to be protected due to data protection laws. In this interdisciplinary work, we investigate the problem of private information exchange between LEAs from both a legal and technical angle. We give a legal analysis of secret-sharing based MPC techniques in general and, as a particular application scenario, consider the case of matching LE databases for lawful information exchange between LEAs. We propose a system for lawful information exchange between LEAs using MPC and private set intersection and show its feasibility by giving a legal analysis for data protection and a technical analysis for workload complexity. Towards practicality, we present insights from qualitative feedback gathered within exchanges with a major European LEA.
George Teseleanu, Paul Cotan
ePrint ReportGeorge Teseleanu
ePrint ReportJun Xu, Santanu Sarkar, Huaxiong Wang, Lei Hu
ePrint ReportIn this paper, we revisit the Coppersmith method for solving the involved modular multivariate polynomials in the Diffie--Hellman variant of EC-HNP and demonstrate that, for any given positive integer $d$, a given sufficiently large prime $p$, and a fixed elliptic curve over the prime field $\mathbb{F}_p$, if there is an oracle that outputs about $\frac{1}{d+1}$ of the most (least) significant bits of the $x$-coordinate of the ECDH key, then one can give a heuristic algorithm to compute all the bits within polynomial time in $\log_2 p$. When $d>1$, the heuristic result $\frac{1}{d+1}$ significantly outperforms both the rigorous bound $\frac{5}{6}$ and heuristic bound $\frac{1}{2}$. Due to the heuristics involved in the Coppersmith method, we do not get the ECDH bit security on a fixed curve. However, we experimentally verify the effectiveness of the heuristics on NIST curves for small dimension lattices.
Ping Wang, Yiting Su, Fangguo Zhang
ePrint ReportAlexander Bienstock, Yevgeniy Dodis, Sanjam Garg, Garrison Grogan, Mohammad Hajiabadi, Paul Rösler
ePrint Report1. Can we have CGKA protocols that are efficient in the worst case? We start by answering this basic question in the negative. First, we show that a natural primitive that we call Compact Key Exchange (CKE) is at the core of CGKA, and thus tightly captures CGKA's worst-case communication cost. Intuitively, CKE requires that: first, $n$ users non-interactively generate key pairs and broadcast their public keys, then, some other special user securely communicates to these $n$ users a shared key. Next, we show that CKE with communication cost $o(n)$ by the special user cannot be realized in a black-box manner from public-key encryption, thus implying the same for CGKA, where $n$ is the corresponding number of group members. Surprisingly, this impossibility holds even in an offline setting, where parties have access to the sequence of group operations in advance.
2. Can we realize one CGKA protocol that works as well as possible in all cases? Here again, we present negative evidence showing that no such protocol based on black-box use of public-key encryption exists. Specifically, we show two distributions over sequences of group operations such that no CGKA protocol obtains optimal communication costs on both sequences.
Lalita Devadas, Rishab Goyal, Yael Kalai, Vinod Vaikuntanathan
ePrint ReportIn contrast, prior work either relied on non-standard knowledge assumptions, or produced proofs of size $m \cdot \mathsf{poly}(\lambda,\log k)$ (Choudhuri, Jain, and Jin, STOC 2021, following Kalai, Paneth, and Yang 2019). We show how to use our rate-$1$ BARG scheme to obtain the following results, all under the LWE assumption: - A multi-hop BARG scheme for $\mathsf{NP}$. - A multi-hop aggregate signature scheme (in the standard model). - An incrementally verifiable computation (IVC) scheme for arbitrary $T$-time deterministic computations with proof size $\mathsf{poly}(\lambda,\log T)$. Prior to this work, multi-hop BARGs were only known under non-standard knowledge assumptions or in the random oracle model; aggregate signatures were only known under indistinguishability obfuscation (and RSA) or in the random oracle model; IVC schemes with proofs of size $\mathsf{poly}(\lambda,T^{\epsilon})$ were known under a bilinear map assumption, and with proofs of size $\mathsf{poly}(\lambda,\log T)$ under non-standard knowledge assumptions or in the random oracle model.
Tianshu Shan, Jiangxia Ge, Rui Xue
ePrint ReportIn this paper, we formalize one class of public-key encryption schemes, named oracle-masked schemes, relative to random oracles. For each oracle-masked scheme, we design a preimage extraction procedure and prove that it simulates the quantum decryption oracle with a certain loss. We also observe that the implementation of the preimage extraction procedure for some oracle-masked schemes does not need to take the secret key as input. This contributes to the IND-qCCA security proof of these schemes in the quantum random oracle model (QROM). As an application, we prove the IND-qCCA security of schemes obtained by the Fujisaki-Okamoto (FO) transformation and REACT transformation in the QROM, respectively.
Notably, our security reduction for FO transformation is tighter than the reduction given by Zhandry (Crypto 2019).
Soumya Chattopadhyay, Ashwin Jha, Mridul Nandi
ePrint ReportYevgeniy Dodis, Daniel Jost, Harish Karthikeyan
ePrint ReportTo address these inefficiencies, we look at the common real-life situation which we call the bulletin board model, where communicating parties rely on some infrastructure -- such as an application provider -- to help them store and deliver ciphertexts to each other. We then define and construct FF-FSE in the bulletin board model, which addresses the above-mentioned disadvantages. In particular,
* Our FF-stream-cipher in the bulletin-board model has: (a) constant state size; (b) constant normal (no fast-forward) operation; and (c) logarithmic fast-forward property. This essentially matches the efficiency of non-fast-forwardable stream ciphers, at the cost of constant communication complexity with the bulletin board per update.
* Our public-key FF-FSE avoids HIBE-based techniques by instead using so-called updatable public-key encryption (UPKE), introduced in several recent works (and more efficient than public-key FSEs). Our UPKE-based scheme uses a novel type of "update graph" that we construct in this work. Our graph has constant in-degree, logarithmic diameter, and logarithmic "cut property" which is essential for the efficiency of our schemes. Combined with recent UPKE schemes, we get two FF-FSEs in the bulletin board model, under the DDH and the LWE assumptions.
Julia Kastner, Julian Loss, Jiayu Xu
ePrint ReportWe point out several subtle flaws in the original proof of security, and provide a new detailed and rigorous proof, achieving similar bounds as the original work. We believe our insights on the proof strategy will find useful in the security analyses of other OR-proof-based schemes.
Gianluca Brian, Sebastian Faust, Elena Micheli, Daniele Venturi
ePrint ReportJulien Duman, Dominik Hartmann, Eike Kiltz, Sabrina Kunzweiler, Jonas Lehmann, Doreen Riepel
ePrint ReportWe prove that active security of the two protocols in the Quantum Random Oracle Model (QROM) inherently relies on very strong variants of the Group Action Strong CDH problem, where the adversary is given arbitrary quantum access to a DDH oracle. That is, quantum accessible Strong CDH assumptions are not only sufficient but also necessary to prove active security of the GA-HEG KEM and the GA-HDH NIKE protocols.
Furthermore, we propose variants of the protocols with QROM security from the classical Strong CDH assumption, i.e., CDH with classical access to the DDH oracle. Our first variant uses key confirmation and can therefore only be applied in the KEM setting. Our second but considerably less efficient variant is based on the twinning technique by Cash et al. (EUROCRYPT '08) and in particular yields the first actively secure isogeny-based NIKE with QROM security from the standard CDH assumption.
18 September 2022
Bol, Croatia, 1 May - 5 May 2023
Event CalendarSubmission deadline: 19 October 2022
Notification: 19 January 2023
SUTD, Singapore
Job PostingWe are looking for postdocs / research fellows with expertise on cybersecurity in general and CPS security, applied cryptography, or applied ML in particular. The candidates should have track record of strong R&D capability, with publications at leading security conferences (http://jianying.space/conference-ranking.html).
We are also looking for research assistants / software engineers with strong programming skills and good knowledge of cybersecurity, computer networks and applied ML.
Only **short-listed** candidates will be contacted for interview. Successful candidates will be offered internationally competitive remuneration.
Interested candidates please send your CV to Prof. Jianying Zhou.
Closing date for applications:
Contact: Prof. Jianying Zhou (Email: jianying_zhou@sutd.edu.sg)
More information: http://jianying.space/
Input Output Global - remote work opportunity
Job PostingIO Global is searching for a Cryptographic Engineer to join their Core Technology team. As Cryptographic Engineer you will have the exciting challenge of working on cutting-edge research and technology focusing on the market’s needs. You will be working with the Cardano-related projects, such as Cardano Core Cryptographic Primitives, Hydra, Mithril or Sidechains.
The Cryptography Engineering team is growing with the goal of bringing recent academic papers into production. In this team, you will work closely with researchers and engineers, being the bridge between both teams. As Cryptography Engineer you are responsible for writing high-quality code. To support you, our products have software architects, product managers, project managers, formal methods specialists, and QA test engineers, with whom you must communicate professionally, effectively, and efficiently.
Your mission
Working with teams across time zones
- Working independently on software development tasks
- Being proactive and requiring minimal supervision or mentoring to complete tasks
- Reviewing specifications produced by architects and formal methods specialists
- Contributing to the design of algorithms
- Troubleshooting, debugging, and upgrading software
- Writing documentation for the code
- Writing technical user manuals
- Understanding complex cryptographic concepts from academic papers
- Bridging ideas from academic papers to production ready systems.
Requirements
Your expertise
- Degree in computer science or mathematics is desirable, but not essential.
- Experience with systems programming (C/C++/Rust)
- Skilled in software development methods such as agile programming and test-driven development
- Experience in developing cryptography protocols would be a bonus, as would blockchain experience.
Location
IOG is a fully distributed organization and therefore this is a remote position. Due to team distribution we are ideally searching for someone in an European timezone.
Closing date for applications:
Contact: marios.nicolaides@iohk.io
More information: https://apply.workable.com/io-global/j/1B3EF63104/