IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
18 March 2023
Technical University of Darmstadt, Germany
Job PostingThe Cryptography and Privacy Engineering Group (ENCRYPTO) @Department of Computer Science @TU Darmstadt offers a full position for a Postdoctoral Researcher in Cryptography & Privacy Engineering, available immediately and for initially until 31.1.2025.
Our mission is to demonstrate that privacy can be efficiently protected in real-world applications via cryptographic protocols.TU Darmstadt is a top research university for IT security, cryptography and computer science in Europe. The position is based in the City of Science Darmstadt, which is very international, livable and well-connected in the Rhine-Main area around Frankfurt. Knowledge of German is helpful, but not required, and TU Darmstadt offers a Welcome Center and language courses.
Job descriptionAs postdoc @ENCRYPTO, you conduct research, build prototype implementations, and publish and present the results at top venues. You are involved in project management, teaching, co-advise PhD students and supervise thesis students & student research assistants. The position is co-funded by the ERC Starting Grant “Privacy-preserving Services on the Internet” (PSOTI), where we build privacy-preserving services on the Internet, which includes designing protocols for privately processing data among untrusted service providers using secure multi-party computation and implementing a scalable framework.
Your profile- Completed PhD degree (or equivalent) at a top university in IT security, computer science, applied mathematics, electrical engineering, or a similar area
- Publications at top venues (CORE rank A*/A) for IT security/applied cryptography (e.g., EUROCRYPT, S&P, CCS, NDSS, USENIX SEC), ideally on cryptographic protocols and secure computation
- Experience in software development, project management and supervising students
- Self-motivated, reliable, creative, can work in a team, and want to do excellent research on challenging scientific problems with practical relevance
- The working language at ENCRYPTO is English, so you must be able to discuss/write/present scientific results in English, whereas German is not required.
Closing date for applications:
Contact: Thomas Schneider (application@encrypto.cs.tu-darmstadt.de)
More information: https://encrypto.de/POSTDOC
Spetses, Greece, 21 May - 26 May 2023
Event CalendarVoss, Norway, 3 September - 8 September 2023
Event CalendarSubmission deadline: 15 April 2023
Notification: 15 June 2023
Groningen, Netherlands, 29 November - 1 December 2023
Event CalendarSubmission deadline: 27 July 2023
Quito, Ecuador, 2 October - 6 October 2023
Event CalendarSubmission deadline: 27 May 2023
Notification: 22 July 2023
College Park, USA, 14 August - 18 August 2023
Event CalendarSubmission deadline: 12 April 2023
Notification: 21 June 2023
College Park, Maryland, USA, 16 August - 18 August 2023
Event CalendarSubmission deadline: 24 April 2023
Notification: 5 June 2023
16 March 2023
Lucianna Kiffer, Joachim Neu, Srivatsan Sridhar, Aviv Zohar, David Tse
ePrint ReportWe demonstrate that security of both PoW and PoS longest chain, when operating at capacity, requires carefully designed scheduling policies that correctly prioritize which blocks are processed first, as we show attack strategies tailored to such policies. In PoS, we show an attack exploiting equivocations, which highlights that the throughput of the PoS longest chain protocol with a broad class of scheduling policies must decrease as the desired security error probability decreases. At the same time, through an improved analysis method, our work is the first to identify block production rates under which PoW longest chain is secure in the bounded bandwidth setting. We also present the first PoS longest chain protocol, SaPoS, which is secure with a block production rate independent of the security error probability, by using an ‘equivocation removal’ policy to prevent equivocation spamming.
Edward Eaton, Tancrède Lepoint, Christopher A. Wood
ePrint ReportIn recent years, some protocols have extended the basic syntax of signature schemes to support key blinding, a.k.a., key randomization. Roughly speaking, key blinding is the process by which a private signing key or public verification key is blinded (randomized) to hide information about the key pair. This is generally done for privacy reasons and has found applications in Tor and Privacy Pass.
Recently, Denis, Eaton, Lepoint, and Wood proposed a technical specification for signature schemes with key blinding in an IETF draft. In this work, we analyze the constructions in this emerging specification. We demonstrate that the constructions provided satisfy the desired security properties for signature schemes with key blinding. We experimentally evaluate the constructions and find that they introduce a very reasonable 2-3x performance overhead compared to the base signature scheme. Our results complement the ongoing standardization efforts for this primitive.
Theodoros Kapourniotis, Elham Kashefi, Dominik Leichtle, Luka Music, Harold Ollivier
ePrint ReportNerla Jean-Louis, Yunqi Li, Yan Ji, Harjasleen Malvai, Thomas Yurek, Sylvain Bellemare, Andrew Miller
ePrint ReportThe first and most broadly applicable result is that access pattern leakage occurs when handling persistent contract storage. On Secret Network, its fine-grained access pattern is catastrophic for the transaction privacy of SNIP-20 tokens. If ERC-20 tokens were naively ported to Oasis they would be similarly vulnerable; the others in the cohort leak coarse-grained information at approximately the page level (4 kilobytes). Improving and characterizing this will require adopting techniques from ORAMs or encrypted databases. Second, the importance of state consistency has been underappreciated, in part because exploiting such vulnerabilities is thought to be impractical. We show they are fully practical by building a proof-of-concept tool that breaks all advertised privacy properties of SNIP-20 tokens, able to query the balance of individual accounts and the token amount of each transfer. We additionally demonstrate MEV attacks against the Sienna Swap application. As a final consequence of lacking state consistency, the developers have inadvertently introduced a decryption backdoor through their software upgrade process. We have helped the Secret developers mitigate this through a coordinated vulnerability disclosure, after which their transaction replay defense is roughly on par with the rest.
Stefan Ritterhoff, Georg Maringer, Sebastian Bitzer, Violetta Weger, Patrick Karl, Thomas Schamberger, Jonas Schupp, Antonia Wachter-Zeh
ePrint ReportThomas Decru, Sabrina Kunzweiler
ePrint ReportNicolas Belleville
ePrint ReportOrr Dunkelman, Nathan Keller, Ariel Weizman
ePrint ReportYuuki Komi, Takayuki Tatekawa
ePrint ReportHaozhe Jiang, Kaiyue Wen, Yilei Chen
ePrint ReportComparing with the previous experiments of Esser, Kübler, and May (CRYPTO 2017), for dimension $n=26$, noise rate $\tau = 0.498$, the "Guess-then-Gaussian-elimination'' algorithm takes 3.12 days on 64 CPU cores, whereas our neural network algorithm takes 66 minutes on 8 GPUs. Our algorithm can also be plugged into the hybrid algorithms for solving middle or large dimension LPN instances.