## IACR News

Here you can see all recent updates to the IACR webpage. These updates are also available:

#### 24 March 2023

###### Tomer Ashur, Erik Takke

ePrint Report###### Dahlia Malkhi, Kartik Nayak

ePrint ReportThe quest for two-phase HotStuff variants that achieve all the above desirable properties has been long, producing a series of results that are yet sub-optimal and, at the same time, are based on somewhat heavy hammers. HotStuff-2 demonstrates that none of these are necessary: HotStuff-2 is remarkably simple, adding no substantive complexity to the original HotStuff protocol.

The main takeaway is that two phases are enough for BFT after all.

###### Giuseppe D'Alconzo

ePrint Report###### Danilo Francati, Daniele Friolo, Monosij Maitra, Giulio Malavolta, Ahmadreza Rahimi, Daniele Venturi

ePrint ReportIn this paper, we generalize the notion of registered encryption to the setting of functional encryption (FE). Our contributions are twofold: On the one hand, we show that registered FE exists assuming indistinguishability obfuscation and somewhere statistically binding hash functions. On the other hand, we show an efficient construction of registered FE for the special case of inner-product predicates, over asymmetric bilinear groups of prime order, with provable security in the generic group model.

###### Joël Alwen, Marta Mularczyk, Yiannis Tselekounis

ePrint ReportA major problem preventing the use of CGKA over unreliable infrastructure are so-called forks. A fork occurs when group members have diverging views of the group's history (and thus its current state); e.g. due to network or server failures. Once communication channels are restored, members resolve a fork by agreeing on the state of the group again. Today's CGKA protocols make fork resolution challenging, as natural resolution strategies seem to conflict with the way the protocols enforce group state agreement and forward secrecy. Meanwhile, secure group messaging protocols which do support fork resolution do not scale nearly as well as CGKA does.

In this work, we pave the way to practical scalable E2E messaging over unreliable infrastructure. To that end, we generalize CGKA to Fork Resilient-CGKA which allows clients to process significantly more types of out-of-order network traffic. This is important for many natural fork resolution procedures as they are based, in part, on replaying missed traffic. Next, we give two FR-CGKA constructions: a practical one based on the CGKA underlying the MLS messaging standard and an optimally secure one (albeit with only theoretical efficiency). To further assist with fork resolution, we introduce a simple new abstraction to describe a client's local protocol state. The abstraction describes all and only the information relevant to natural fork resolution, making it easier for higher-level fork resolution procedures to work with and reason about. We define a black-box extension of an FR-CGKA which maintains such a description of a client's internal state. Finally, as a proof of concept, we give a basic fork resolution protocol.

###### Liam Eagen, Ariel Gabizon

ePrint Report###### Justin Holmgren, Ruta Jawale

ePrint ReportFor any constant $k$, we give a locally covert algorithm for efficiently learning any Fourier-sparse function (technically, our notion of learning is improper, agnostic, and with respect to the uniform distribution). Our result holds unconditionally and for computationally unbounded adversaries. Prior to our work, such an algorithm was known only for the special case of $O(\log n)$-juntas, and only with $k = 2$ servers, Ishai et al. (Crypto 2019).

Our main technical observation is that the original Goldreich-Levin algorithm only utilizes i.i.d. pairs of correlated queries, where each half of every pair is uniformly random. We give a simple generalization of this algorithm in which pairs are replaced by $k$-tuples in which any $k - 1$ components are jointly uniform. The cost of this generalization is that the number of queries needed grows exponentially with $k$.

###### Rhys Weatherley

ePrint Report###### Dmitrii Koshelev

ePrint Report###### Sahiba Suryawanshi, Dhiman Saha, Shashwat jaiswal

ePrint Report###### Lucjan Hanzlik

ePrint ReportIn this paper, we show that constraining the recipient's choice over the message distribution spawns a surprising new primitive that improves the well-established state-of-the-art. We formalize this concept by introducing the notion of non-interactive blind signatures (${\sf NIBS}$). Informally, the signer can create a presignature with a specific recipient in mind, identifiable via a public key. The recipient can use her secret key to finalize it and receive a blind signature on a random message determined by the finalization process. The key idea is that online interaction between the signer and recipient is unnecessary. We show an efficient instantiation of ${\sf NIBS}$ in the random oracle model from signatures on equivalence classes.

The exciting part is that, in this case, for the recipient's public key, we can use preexisting keys for Schnorr, ECDSA signatures, El-Gamal encryption scheme, or even the Diffie-Hellman key exchange. Reusing preexisting public keys allows us to distribute anonymous tokens similarly to cryptocurrency airdropping. Additional contributions include tagged non-interactive blind signatures (${\sf TNIBS}$) and their efficient instantiation. A generic construction in the random oracle or common reference string model based on verifiable random functions, standard signatures, and non-interactive proof systems.

###### Geoffroy Couteau, Pierre Meyer, Alain Passelègue, Mahshid Riahinia

ePrint Report###### Julia Len, Esha Ghosh, Paul Grubbs, Paul Rösler

ePrint ReportIn this paper, we take an initial step in this direction. We break down the DMA’s effects on the design of encrypted messaging systems into three main areas: identity, or how to resolve identities across service providers; protocols, or how to establish a secure connection between clients on different platforms; and abuse prevention, or how service providers can detect and take action against users engaging in abuse or spam. For each area, we identify key security and privacy requirements, summarize existing proposals, and examine whether proposals meet our security and privacy requirements. Finally, we propose our own design for an interoperable encrypted messaging system, and point out open problems.

###### Marco Baldi, Sebastian Bitzer, Alessio Pavoni, Paolo Santini, Antonia Wachter-Zeh, Violetta Weger

ePrint Report###### zhenfei zhang

ePrint Report###### Gideon Samid

ePrint Report###### Thomas Attema, Pedro Capitão, Lisa Kohl

ePrint ReportIn this work, we present a new 2-party local share conversion procedure, which allows to locally convert noise encoded shares to non-noise plaintext shares such that the parties can detect whenever a (potential) error occurs and in that case resort to an alternative conversion procedure. Building on this technique, we present the first HSS for branching programs from (Ring-)LWE with polynomial input share size which can make use of the efficient multiplication procedure of Boyle et al.~(Eurocrypt 2019) and has no correctness error. Our construction comes at the cost of a -- on expectation -- slightly increased output share size (which is insignificant compared to the input share size) and a more involved reconstruction procedure. More concretely, we show that in the setting of 2-server private counting queries we can choose ciphertext sizes of only a quarter of the size of the scheme of Boyle et al. at essentially no extra cost.

#### 23 March 2023

###### Université de Montréal, Canada

Job Posting**Description**We are seeking applicants for fully funded Ph.D. positions at Université de Montréal, the birthplace of quantum cryptography. The position is funded as part of the QUébec Ontario consoRtium on quantUM protocols (QUORUM). As a member of of the Consortium, candidates will have the opportunity to collaborate with Canada's foremost experts in cryptography and quantum information. Candidates will have the opportunity to undertake high-quality research in one of the following topics:

- New cryptographic protocols based on uniquely quantum phenomena
- Security of classical cryptography against quantum adversaries
- Cryptography based on the hardness of keeping qubits in quantum superposition
- Quantum zero-knowledge proof systems
- Quantum multiparty secure computation
- Quantum money

**Requirements** The ideal applicant will have a strong background in theoretical
computer science and mathematics, knowledge of cryptography and/or quantum
information, and strong written and oral communication skills.

Information on the Ph.D. program can be found here: https://diro.umontreal.ca/english/programs/graduate-programs/phd-in-computer-science/

**Closing date for applications:**

**Contact:** Philippe Lamontagne (philippe.lamontagne.1@umontreal.ca)

###### IPFS Force; Shanghai, China (remote friendly)

Job Posting**Closing date for applications:**

**Contact:** judith.li@protocol.ai - please send CV's to this email

**More information:** https://github.com/ipfs-force-community

#### 21 March 2023

###### Royal Holloway, University of London

Job PostingThe Department of Information Security has a record of outstanding research and hosts established research groups in Systems and Software Security, Smart Card and Internet of Things Security, Cryptography, Interdisciplinary Security, and Ethnography.

For one of the posts, we are looking for applicants with interests that would support our new Media Broadcasting Security Centre (MBSC). For the other two we welcome applications from a broad range of areas related to information security, especially those with expertise and experience in software and systems security and applications of AI in security. Applicants should either have, or have the potential for producing, high quality publications and attracting significant research funding. Applicants will have a track record demonstrated excellence, or will show the potential for excellence, in delivering undergraduate and postgraduate teaching and the supervision of both undergraduate and postgraduate students. The post holder will be expected to contribute strongly to the development of research impact, and the successful applicant will have, or have the potential to have, a strong track record in this area.

The post is based in Egham, Surrey where the College is situated in a beautiful, leafy campus near to Windsor Great Park and within commuting distance from London. There will be also the opportunity to develop and deliver postgraduate programmes at our Central London campus, located in Bloomsbury.

**Closing date for applications:**

**Contact:** For an informal discussion about the post, please contact Professor Chris Mitchell (c.mitchell@rhul.ac.uk).

**More information:** https://jobs.royalholloway.ac.uk/vacancy.aspx?ref=0323-132