IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
10 October 2022
Trey Li
ePrint ReportDivesh Aggarwal, Marshall Ball, Maciej Obremski
ePrint ReportOver the last decade, non-malleable codes have been studied for a wide variety of tampering families. Among the most well studied of these is the split-state family of tampering channels, where the codeword is split into two or more parts and each part is tampered independently.
We survey various constructions and applications of non-malleable codes in the split-state model.
07 October 2022
Coinbase
Job PostingWe have a senior/staff cryptography researcher position available in the Blockchain Security team at Coinbase.
Full description available here:
- Senior role: https://www.coinbase.com/careers/positions/4582729
- Staff role: https://www.coinbase.com/careers/positions/4586906
Please reach out to me at [s] [last name] @pm.me if you have any questions.
Closing date for applications:
Contact: Shashank Agrawal
More information: https://www.coinbase.com/careers/positions/4582729
Aarhus University, Department of Computer Science, Denmark
Job PostingClosing date for applications:
Contact: Head of Department, Professor Kaj Grønbæk kgronbak@cs.au.dk.
More information: https://www.au.dk/om/stillinger/job/full-professorship-in-cryptography-and-security-at-computer-science-aarhus-university
The University of Alabama in Huntsville
Job PostingThe Department of Mathematical Sciences offers academic programs that lead to Bachelor's and Master's degrees in Mathematics and a Doctor of Philosophy degree in Applied Mathematics. It has over 18 full-time faculty members whose expertise covers the essential topics in applied mathematics. The successful applicant will be expected to teach undergraduate and graduate courses, advise undergraduate and graduate students, and engage in funded research.
ABOUT THE UNIVERSITY: UAH is a Very High Research Activity (R1) university that provides academic and research programs in the Colleges of Arts, Humanities, and Social Sciences, Business, Education, Engineering, Nursing, Professional Studies, and Science. Huntsville has one of the greatest per capita incomes and living standards in the Southeast. It houses NASA's Marshall Space Flight Hub and is a national aerospace and high technology research center.
APPLICATION PROCEDURE AND DEADLINE: To apply for the position, please submit the following required application materials electronically no later than January 28, 2023: 1) Cover letter 2) Curriculum vitae 3) Research statement 4) Teaching statement 5) Transcripts 6) Three reference letters to the Search Committee through Dr. Toka Diagana, mathchair@uah.edu. Please refer to the log number: 23-24-583.
A formal review of the applications will begin on January 17, 2023, and continue until the position is filled.
UAH mandates that all employees maintain compliance with current federal regulations.
The University of Alabama in Huntsville is an affirmative action/equal opportunity employer of minorities/ females/veterans/disabled.
Closing date for applications:
Contact: Dr. Toka Diagana, e-mail: mathchair@uah.edu. Please refer to the log number: 23-24-583.
More information: https://www.uah.edu/hr/careers/faculty-careers#COS
PACY Lab, RI CODE, Universität der Bundeswehr Munich, Germany
Job PostingWe are looking for a bright postdoc (or a PhD student nearing completion) with expertise in any of the following areas:
- Confidential computing (ZKP, FHE, MPC, ABC techniques)
- Distributed cryptography (key generation, signatures, encryption)
- Secure and private messaging (authentication, key exchange)
- Design of post-quantum secure cryptographic protocols
The position is available for immediate start, funded at federal salary levels TV-ÖD E13/14 (~50k to 65k EUR p.a. depending on qualifications and experience). Initial contract for 2 years with a possibility of extension. (Due to the nature of funding restrictions on the eligibility of some candidates may apply.)
Requirements:
- Completed PhD in cryptography, information security, computer science or mathematics.
- Alternatively, PhD students with a relevant Master degree nearing PhD completion.
- Strong background knowledge / experience in privacy-enhancing cryptography (research and development)
- Relevant publications in top cryptography / security / privacy venues
- Fluency in written and spoken English.
Closing date for applications:
Contact: Prof. Mark Manulis, mark.manulis AT unibw.de
More information: https://www.unibw.de/pacy-en/
KU Leuven
Job PostingThe area is interpreted broadly, and covers for example security and privacy, reliability and resilience of digital services, of software products and of internet-based systems.
Closing date for applications:
Contact: Prof. dr. ir. Wouter Joosen chair of DistriNet Wouter.Joosen@kuleuven.be +32 16 32 76 53
Prof. dr. ir. Stefan Vandewalle chair of Computer Science Stefan.Vandewalle@kuleuven.be +32 16 32 76 54
More information: https://distrinet.cs.kuleuven.be/jobs/PDF/Flyer_ZAP-2022-48_Sep22.pdf
05 October 2022
Thomas Pornin
ePrint ReportIn this paper, we show how to make a prime order group abstraction out of standard binary curves. We describe a new canonical compression scheme that yields a canonical and compact encoding. We also describe complete formulas for operations on the group. The formulas have no exceptional case, and are furthermore faster than previously known complete and incomplete formulas (general point addition in cost 8M+2S+2mb on all curves, 7M+2S+2mb on half of the curves). We also show how the same formulas can be applied to computations on the entire original curve, if full backward compatibility with standard curves is needed. Finally, we implemented our method over the standard NIST curves B-233 and K-233. Our strictly constant-time code achieves generic point multiplication by a scalar on curve K-233 in as little as 29600 clock cycles on an Intel x86 CPU (Coffee Lake core).
Venkata Koppula, Brent Waters, Mark Zhandry
ePrint ReportShujiao Cao, Rui Xue
ePrint ReportWe propose two variants of one-way quantum state generator, which we call them the weak one-way quantum state generator and distributionally one-way quantum state generator, and show the equivalence among these three primitives.
The distributionally one-way quantum state generator from average-case hardness assumption of a promise problem belongs to \textsf{QSZK} is obtained, and hence a construction of one-way quantum state generator.
A direct construction of quantum bit commitment with statistical binding (sum-binding) and computational hiding from the average-case hardness of a complete problem of $\textsf{QSZK}$.
To show the non-triviality of the constructions above, a quantum oracle $\mathcal{U}$ is devised relative to which such promise problem in $\textsf{QSZK}$ doesn't belong to $\mathsf{QMA}^{\mathcal{U}}$.
Our results present the first non-trivial construction of one-way quantum state generator from the hardness assumption of complexity class, and give another evidence that one-way quantum state generator probably requires less than post-quantum secure one-way function.
Anton A. Sokolov
ePrint ReportTao Lu, Chengkun Wei, Ruijing Yu, Yi Chen, Li Wang, Chaochao Chen, Zeke Wang, Wenzhi Chen
ePrint ReportYael Tauman Kalai, Alex Lombardi, Vinod Vaikuntanathan, Daniel Wichs
ePrint ReportTrey Li
ePrint ReportBolton Bailey, Andrew Miller
ePrint ReportAayush Jain, Huijia Lin, Ji Luo
ePrint ReportWe present the first PHFE scheme for RAMs based on the necessary assumption of FE for circuits. It achieves nearly optimal succinctness and efficiency:
* The secret keys $\mathsf{sk}_f$ are of (optimal) *constant size*, independent of the description size $|f|$ of the function tied to it.
* The ciphertexts $\mathsf{ct}_x(y)$ have (nearly optimal) *rate-2* dependency on the private input length $|y|$ and (optimal) independency of the public input length $|x|$.
* Decryption is efficient, running in time linear in the instance running time $T$ of the RAM computation, in addition to the input and function sizes, i.e., ${T_{\mathsf{Dec}}=(T+|f|+|x|+|y|)\operatorname{poly}(\lambda)}$.
Our construction significantly improves upon the asymptotic efficiency of prior schemes. As a corollary, we obtain the first ABE scheme with both constant-size keys and constant-size ciphertexts, and the best-possible decryption time matching an existing lower bound.
We show barriers to further improvement on the asymptotic efficiency of (PH-)FE. We prove the first unconditional space-time trade-off for (PH-)FE. *No* secure (PH-)FE scheme can have both key size and decryption time sublinear in the function size $|f|$, and *no* secure PHFE scheme can have both ciphertext size and decryption time sublinear in the public input length $|x|$. These space-time trade-offs apply even in the simplest selective 1-key 1-ciphertext secret-key setting. Furthermore, we show a conditional barrier towards achieving the optimal decryption time ${T_{\mathsf{Dec}}=T\operatorname{poly}(\lambda)}$ — any such (PH-)FE scheme implies a primitive called secret-key doubly efficient private information retrieval (SK-DE-PIR), for which so far the only known candidates rely on new and non-standard hardness conjectures.
Daniel Escudero, Vipul Goyal, Antigoni Polychroniadou, Yifan Song
ePrint ReportJakub Klemsa
ePrint ReportAmong existing FHE schemes, in this contribution we focus on the TFHE Scheme by Chillotti et al., which currently achieves the best evaluation times for generic functions. To be instantiated, TFHE however requires an extensive set of parameters. These parameters affect several aspects, including but not limited to the cleartext size, the bit-security level, the probability of errors and also the evaluation time. We propose, implement and evaluate a (semi-)automated approach to generate a set of TFHE parameters with particular respect to the evaluation time, given just the desired security level, cleartext precision, and a parameter that relates to the properties of the evaluated function $f$. With our tool, we re-generate some of the existing TFHE parameters, while achieving up to 39% better execution times in an equivalent setup.
Vincent Cheval, Cas Cremers, Alexander Dax, Lucca Hirschi, Charlie Jacomme, Steve Kremer
ePrint ReportWe develop the first methodology to systematically discover attacks on security protocols that exploit weaknesses in widely deployed hash functions. We achieve this by revisiting the gap between theoretical properties of hash functions and the weaknesses of real-world hash functions, from which we develop a lattice of threat models. For all of these threat models, we develop fine-grained symbolic models.
Our methodology's fine-grained models cannot be directly encoded in existing state-of-the-art analysis tools by just using their equational reasoning. We therefore develop extensions for the two leading tools, Tamarin and Proverif. In extensive case studies using our methodology, the extended tools rediscover all attacks that were previously reported for these protocols and discover several new variants.
Lorenzo Grassi
ePrint ReportIn this paper, we discuss the possibility to set up MPC-/HE-/ZK-friendly symmetric primitives instantiated with non-invertible weak bijective functions. With respect to one-to-one correspondence functions, any output of a weak bijective function admits at most two pre-images. The simplest example of such function is the square map over $\mathbb F_p$ for a prime $p\ge 3$, for which $x^2 = (-x)^2$. When working over $\mathbb F_p^n$ for $n\gg 1$, a weak bijective function can be set up by re-considering the recent results of Grassi, Onofri, Pedicini and Sozzi as starting point. Given a quadratic local map $F:\mathbb F_p^2 \rightarrow \mathbb F_p$, they proved that the non-linear function over $\mathbb F_p^n$ for $n\ge 3$ defined as $\mathcal S_F(x_0, x_1, \ldots, x_{n-1}) = y_0\| y_1\| \ldots \| y_{n-1}$ where $y_i := F(x_i, x_{i+1})$ is never invertible. Here, we prove that -- the quadratic function $F:\mathbb F_p^2 \rightarrow \mathbb F_p$ that minimizes the probability of having a collision for $\mathcal S_F$ over $\mathbb F_p^n$ is of the form $F(x_0, x_1) = x_0^2 + x_1$ (or equivalent); -- the function $\mathcal S_F$ over $\mathbb F_p^n$ defined as before via $F(x_0, x_1) = x_0^2 + x_1$ (or equivalent) is weak bijective.
As concrete applications, we propose modified versions of the MPC-friendly schemes MiMC, HadesMiMC, and (partially of) Hydra, and of the HE-friendly schemes Masta, Pasta, and Rubato. By instantiating them with the weak bijective quadratic functions proposed in this paper, we are able to improve the security and/or the performances in the target applications/protocols.