IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
10 October 2022
Bart Mennink
ePrint ReportHuanhuan Chen, Yao Jiang Galteland, Kaitai Liang
ePrint ReportSebastian Ramacher, Daniel Slamanig, Andreas Weninger
ePrint ReportIn this work we set the goal to provide a single PPAKE model that captures privacy guarantees against different types of attacks, thereby covering previously proposed notions as well as so far not achieved privacy guarantees. In doing so, we obtain different "degrees" of privacy within a single model, which, in its strongest forms also capture privacy guarantees against powerful active adversaries. We then proceed to investigate (generic) constructions of AKE protocols that provide strong privacy guarantees in our PPAKE model. This includes classical Diffie-Hellman type protocols as well as protocols based on generic building blocks, thus covering post-quantum instantiations.
Timo Glaser, Alexander May
ePrint ReportTomoyuki Morimae, Takashi Yamakawa
ePrint Report(1) We define a weaker version of OWSGs, which we call weak OWSGs, and show that they are equivalent to OWSGs. It is a quantum analogue of the amplification theorem for classical weak one-way functions.
(2) (Bounded-time-secure) quantum digital signatures with quantum public keys are equivalent to OWSGs.
(3) Private-key quantum money schemes (with pure money states) imply OWSGs.
(4) Quantum pseudo one-time pad schemes imply both OWSGs and EFI pairs. For EFI pairs, single-copy security suffices.
(5) We introduce an incomparable variant of OWSGs, which we call secretly-verifiable and statistically-invertible OWSGs, and show that they are equivalent to EFI pairs.
Kai Hu, Thomas Peyrin
ePrint ReportUnsurprisingly, HD/HDL attacks have the potential to be more effective than their simpler differential/DL counterpart. We provide three novel methods to detect possible HD/HDL distinguishers, including: (a) an estimation of the algebraic degree of the differential supporting function (DSF); (b) the higher-order algebraic transitional form (HATF); (c) experimental methods based on cube testers. With these methods, we greatly improve the distinguishing attacks on the 8-round Ascon permutation under the black-box model from $2^{130}$ to $2^{46}$. Also, we give a new zero-sum distinguisher for a full 12-round Ascon permutation with only $2^{55}$ time/data complexity, improving over the previous best one that requires $2^{130}$ calls (we make clear that this does not impact the full Ascon AEAD scheme). For the 4-round Ascon initialization, a deterministic 2nd order HDL distinguisher is proposed with only four nonces. Besides the distinguishers, the HATF technique allows us to handle the probabilistic HD/HDL properties of cryptographic primitives. This leads to a conditional HDL attack on 5-round Ascon initialization that can recover all the key bits, and performing 8 times faster than the conditional DL attack. To the best of our knowledge, this is the first theoretical work to propose a probabilistic HDL attack since it was first published.All our attacks in this paper apply to both Ascon-128 and Ascon-128a. We also give a conditional HD approximation for 130-round Grain v1 (reaching 5 more rounds than the previous best conditional differential approximation) and new 4-round deterministic HDL distinguishers for the Xoodoo permutation with only four chosen plaintexts. Finally, we applied our strategy to the ARX-based cipher ChaCha, obtaining 3.5-, 4- and 4.5-round distinguishers and again improving over the state-of-the-art. Our cryptanalyses do not threaten the security of the ciphers mentioned in this paper.
Trey Li
ePrint ReportSajin Sasy, Aaron Johnson, Ian Goldberg
ePrint ReportIn this work, we present fast, fully oblivious algorithms for compaction and shuffling. We implement and evaluate our designs to show that they are practical and outperform the state of the art. Our oblivious compaction algorithm, ORCompact, is always faster than the best alternative and can yield up to a 5x performance improvement. For oblivious shuffling, we provide two novel algorithms: ORShuffle and BORPStream. ORShuffle outperforms prior fully oblivious shuffles in all experiments, and it provides the largest speed increases—up to 1.8x—when shuffling a large number of small items. BORPStream outperforms all other algorithms when shuffling a large number of large items, with a speedup of up to 1.4x in such cases. It can obtain even larger performance improvements in application settings where the items to shuffle arrive incrementally over time, obtaining a speedup of as much as 4.2x. We additionally give parallel versions of all of our algorithms, prove that they have low parallel step complexity, and experimentally show a 5–6x speedup on an 8-core processor.
Finally, ours is the first work with the explicit goal of ensuring full obliviousness of complex functionalities down to the implementation level. To this end, we design Fully Oblivious Assembly Verifier (FOAV), a tool that verifies the binary has no secret-dependent conditional branches.
Nikolaos Makriyannis
ePrint ReportOn a technical level, we show the above by extending the proof technique of Canetti, Makriyannis, and Peled, recently generalized by Blokh, Makriyannis, and Peled (Manuscript’22) for arbitrary threshold-signature schemes, whereby the indistinguishability of the UC simulation is reduced to the unforgeability of the underlying signature scheme. Our results hold in the random oracle model under the discrete logarithm assumption.
Dario Catalano, Dario Fiore, Ida Tucker
ePrint ReportLei Bi, Xianhui Lu, Junjie Luo, Kunpeng Wang
ePrint ReportAndre Esser, Floyd Zweydinger
ePrint ReportOur trade-offs yield significant running time improvements for every fixed memory limit $M\geq2^{0.091n}$. Furthermore, we interpolate to the running times of the fastest known algorithms when memory is not limited. Technically, our design introduces a pruning strategy to the construction by Becker-Coron-Joux (BCJ) that allows for an exponentially small success probability. We compensate for this reduced probability by multiple randomized executions. Our main improvement stems from the clever reuse of parts of the computation in subsequent executions to reduce the time complexity per iteration.
As an application of our construction, we derive the first non-trivial time-memory trade-offs for Information Set Decoding (ISD) algorithms. Our new algorithms improve on previous (implicit) trade-offs asymptotically as well as practically. Moreover, our optimized implementation also improves on running time, due to reduced memory access costs. We demonstrate this by obtaining a new record computation in decoding quasi-cyclic codes (QC-3138). Using our newly obtained data points we then extrapolate the hardness of suggested parameter sets for the NIST PQC fourth round candidates McEliece, BIKE and HQC, lowering previous estimates by up to 6 bits and further increasing their reliability.
Andre Esser
ePrint ReportIn this work we first revisit the Both-May algorithm, by giving a clean exposition and a corrected analysis. We confirm the claim by Carrier et al. that the initial analysis is flawed. However, we find that the algorithm still (slightly) improves on time complexity and significantly improves on memory complexity over previous algorithms. Our first main contribution is therefore to set the correct baseline for further improvements.
As a second main contribution we then show how to improve on the Both-May algorithm, lowering the worst case running time in the full distance decoding setting to $2^{0.0948n}$. We obtain even higher time complexity gains for small rates, shifting the break even point with RLPN decoding to rate $\frac{k}{n}=0.25$. Moreover, we significantly improve on memory for all rates $\frac{k}{n}<0.5$. We obtain our improvement by introducing a novel technique to combine the list construction step and the list filtering step commonly applied by ISD algorithms. Therefore we treat the nearest neighbor routine in a non-blackbox fashion which allows us to embed the filtering into the nearest neighbor search. In this context we introduce the fixed-weight nearest neighbor problem, and propose a first algorithm to solve this problem. Besides resulting in an improved decoding algorithm this opens the direction for further improvements, since any faster algorithm for solving this fixed-weight nearest neighbor variant is likely to lead to further improvements of our ISD algorithm.
Trey Li
ePrint ReportDivesh Aggarwal, Marshall Ball, Maciej Obremski
ePrint ReportOver the last decade, non-malleable codes have been studied for a wide variety of tampering families. Among the most well studied of these is the split-state family of tampering channels, where the codeword is split into two or more parts and each part is tampered independently.
We survey various constructions and applications of non-malleable codes in the split-state model.
07 October 2022
Coinbase
Job PostingWe have a senior/staff cryptography researcher position available in the Blockchain Security team at Coinbase.
Full description available here:
- Senior role: https://www.coinbase.com/careers/positions/4582729
- Staff role: https://www.coinbase.com/careers/positions/4586906
Please reach out to me at [s] [last name] @pm.me if you have any questions.
Closing date for applications:
Contact: Shashank Agrawal
More information: https://www.coinbase.com/careers/positions/4582729
Aarhus University, Department of Computer Science, Denmark
Job PostingClosing date for applications:
Contact: Head of Department, Professor Kaj Grønbæk kgronbak@cs.au.dk.
More information: https://www.au.dk/om/stillinger/job/full-professorship-in-cryptography-and-security-at-computer-science-aarhus-university
The University of Alabama in Huntsville
Job PostingThe Department of Mathematical Sciences offers academic programs that lead to Bachelor's and Master's degrees in Mathematics and a Doctor of Philosophy degree in Applied Mathematics. It has over 18 full-time faculty members whose expertise covers the essential topics in applied mathematics. The successful applicant will be expected to teach undergraduate and graduate courses, advise undergraduate and graduate students, and engage in funded research.
ABOUT THE UNIVERSITY: UAH is a Very High Research Activity (R1) university that provides academic and research programs in the Colleges of Arts, Humanities, and Social Sciences, Business, Education, Engineering, Nursing, Professional Studies, and Science. Huntsville has one of the greatest per capita incomes and living standards in the Southeast. It houses NASA's Marshall Space Flight Hub and is a national aerospace and high technology research center.
APPLICATION PROCEDURE AND DEADLINE: To apply for the position, please submit the following required application materials electronically no later than January 28, 2023: 1) Cover letter 2) Curriculum vitae 3) Research statement 4) Teaching statement 5) Transcripts 6) Three reference letters to the Search Committee through Dr. Toka Diagana, mathchair@uah.edu. Please refer to the log number: 23-24-583.
A formal review of the applications will begin on January 17, 2023, and continue until the position is filled.
UAH mandates that all employees maintain compliance with current federal regulations.
The University of Alabama in Huntsville is an affirmative action/equal opportunity employer of minorities/ females/veterans/disabled.
Closing date for applications:
Contact: Dr. Toka Diagana, e-mail: mathchair@uah.edu. Please refer to the log number: 23-24-583.
More information: https://www.uah.edu/hr/careers/faculty-careers#COS
PACY Lab, RI CODE, Universität der Bundeswehr Munich, Germany
Job PostingWe are looking for a bright postdoc (or a PhD student nearing completion) with expertise in any of the following areas:
- Confidential computing (ZKP, FHE, MPC, ABC techniques)
- Distributed cryptography (key generation, signatures, encryption)
- Secure and private messaging (authentication, key exchange)
- Design of post-quantum secure cryptographic protocols
The position is available for immediate start, funded at federal salary levels TV-ÖD E13/14 (~50k to 65k EUR p.a. depending on qualifications and experience). Initial contract for 2 years with a possibility of extension. (Due to the nature of funding restrictions on the eligibility of some candidates may apply.)
Requirements:
- Completed PhD in cryptography, information security, computer science or mathematics.
- Alternatively, PhD students with a relevant Master degree nearing PhD completion.
- Strong background knowledge / experience in privacy-enhancing cryptography (research and development)
- Relevant publications in top cryptography / security / privacy venues
- Fluency in written and spoken English.
Closing date for applications:
Contact: Prof. Mark Manulis, mark.manulis AT unibw.de
More information: https://www.unibw.de/pacy-en/
KU Leuven
Job PostingThe area is interpreted broadly, and covers for example security and privacy, reliability and resilience of digital services, of software products and of internet-based systems.
Closing date for applications:
Contact: Prof. dr. ir. Wouter Joosen chair of DistriNet Wouter.Joosen@kuleuven.be +32 16 32 76 53
Prof. dr. ir. Stefan Vandewalle chair of Computer Science Stefan.Vandewalle@kuleuven.be +32 16 32 76 54
More information: https://distrinet.cs.kuleuven.be/jobs/PDF/Flyer_ZAP-2022-48_Sep22.pdf