IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
07 June 2023
Dennis Hofheinz, Kristina Hostáková, Julia Kastner, Karen Klein, Akin Ünal
ePrint ReportIn this paper, we present the first SO-CCA secure encryption scheme that combines the following two properties: (1) it has a constant ciphertext expansion (i.e., ciphertexts are only larger than plaintexts by a constant factor), and (2) its security can be proven from a standard assumption. Previously, the only known SO-CCA secure encryption scheme achieving (1) was built from an ad-hoc assumption in the RSA regime.
Our construction builds upon LWE, and in particular on a new and surprisingly simple construction of compact lossy trapdoor functions (LTFs). Our LTF can be converted into an “all-but-many LTF” (or ABM-LTF), which is known to be sufficient to obtain SO-CCA security. Along the way, we fix a technical problem in that previous ABM-LTF-based construction of SO-CCA security.
Damiano Abram, Maciej Obremski, Peter Scholl
ePrint ReportJiangxia Ge, Tianshu Shan, Rui Xue
ePrint ReportFor the implicit rejection type, the \textsf{IND-CCA} security reduction of $\textsf{FO}^{\slashed{\bot}}$ in the quantum random oracle model (QROM) can avoid the quadratic security loss, as shown by Kuchta et al. (EUROCRYPT 2020). However, for the explicit rejection type, the best known \textsf{IND-CCA} security reduction in the QROM presented by Ho"velmanns et al. (ASIACRYPT 2022) for $\textsf{FO}_m^\bot$ still suffers from a quadratic security loss. Moreover, it is not clear until now whether the implicit rejection type is more secure than the explicit rejection type.
In this paper, a QROM security reduction of $\textsf{FO}_m^\bot$ without incurring a quadratic security loss is provided. Furthermore, our reduction achieves \textsf{IND-qCCA} security, which is stronger than the \textsf{IND-CCA} security. To achieve our result, two steps are taken: The first step is to prove that the \textsf{IND-qCCA} security of $\textsf{FO}_m^\bot$ can be tightly reduced to the \textsf{IND-CPA} security of $\textsf{FO}_m^\bot$ by using the online extraction technique proposed by Don et al. (EUROCRYPT 2022). The second step is to prove that the \textsf{IND-CPA} security of $\textsf{FO}_m^\bot$ can be reduced to the \textsf{IND-CPA} security of the underlying public key encryption (PKE) scheme without incurring quadratic security loss by using the Measure-Rewind-Measure One-Way to Hiding Lemma (EUROCRYPT 2020).
In addition, we prove that (at least from a theoretic point of view), security is independent of whether the rejection type is explicit ($\textsf{FO}_m^\bot$) or implicit ($\textsf{FO}_m^{\slashed{\bot}}$) if the underlying PKE scheme is weakly $\gamma$-spread.
Matilda Backendal, Mihir Bellare, Felix Günther, Matteo Scarlata
ePrint ReportFor the swap case, we note that security does not hold in general, but completely characterize when it does; we show that HMAC is swap-PRF secure if and only if keys are restricted to sets satisfying a condition called feasibility, that we give, and that holds in applications. The sufficiency is shown by proof and the necessity by attacks. For the conventional PRF case, we fill a gap in the literature by proving PRF security of HMAC for keys of arbitrary length.
Our proofs are in the standard model, make assumptions only on the compression function underlying the hash function, and give good bounds in the multi-user setting. The positive results are strengthened through achieving a new notion of variable key-length PRF security that guarantees security even if different users use keys of different lengths, as happens in practice.
Damiano Abram, Brent Waters, Mark Zhandry
ePrint ReportMichele Battagliola, Giacomo Borin, Alessio Meneghetti, Edoardo Persichetti
ePrint ReportKrijn Reijnders
ePrint ReportCarsten Baum, Samuel Dittmer, Peter Scholl, Xiao Wang
ePrint ReportThis article is a survey of recent developments in building practical systems for zero-knowledge proofs of knowledge using vector oblivious linear evaluation (VOLE), a tool from secure two-party computation.
Ashrujit Ghoshal, Stefano Tessaro
ePrint ReportLuke Harmon, Gaetan Delavignette
ePrint ReportKai Gellert, Kristian Gjøsteen, Håkon Jacobsen, Tibor Jager
ePrint ReportCohn-Gordon et al. gave a very efficient underlying protocol with weak forward secrecy having a linear security loss, and showed that this is optimal for certain reductions. However, they also claimed that full forward secrecy could be achieved by adding key confirmation messages, and without any additional loss. Our impossibility result disproves this claim, showing that their approach, in fact, has an overall quadratic loss.
Motivated by this predicament we seek to restore the original linear loss claim of Cohn-Gordon et al. by using a different proof strategy. Specifically, we start by lowering the goal for the underlying protocol with weak forward secrecy, to a selective security notion where the adversary must commit to a long-term key it cannot reveal. This allows a tight reduction rather than a linear loss reduction. Next, we show that the protocol can be upgraded to full forward secrecy using key confirmation messages with a linear tightness loss, even when starting from the weaker selective security notion. Thus, our approach yields an overall tightness loss for the fully forward-secret protocol that is only linear, as originally claimed. Finally, we confirm that the underlying protocol of Cohn-Gordon et al. can indeed be proven selectively secure, tightly.
Julia Hesse, Nitin Singh, Alessandro Sorniotti
ePrint ReportKelong Cong, Robin Geelen, Jiayi Kang, Jeongeun Park
ePrint ReportWe design a secure and non-interactive version of the $k$-nearest neighbors classifier, based on fully homomorphic encryption, which does not leak any information about the query to the server. Our algorithm is instantiated with the TFHE homomorphic encryption scheme, and the selection of the top-$k$ elements is done with a novel strategy based on a type of data-oblivious algorithm---sorting networks. Compared to prior work from PoPETs 2021, the asymptotic complexity is improved from $O(d^2)$ to $O(d \log^2 {k})$, where $d$ is the number of entries in the $k$-NN model. Experimental results show that the proposed protocol can be up to 16 times faster (not accounting for difference in CPU) than previous approaches for a moderately sized database.
Alex Biryukov, Je Sen Teh, Aleksei Udovenko
ePrint ReportWe illustrate our methods on block cipher families CHAM and KATAN and show best-to-date single-key differential attacks for these ciphers.
Kaiyi Zhang, Hongrui Cui, Yu Yu
ePrint ReportAs a core building block of hash-based signatures, the efficiency of one-time signature (OTS) largely dominates that of hash-based signatures. The WOTS$^{+}$ signature scheme (Africacrypt 2013) is the current state-of-the-art OTS adopted by the signature schemes standardized by NIST---XMSS, LMS and SPHINCS$^+$.
A natural question is whether there is (and how much) room left for improving one-time signatures (and thus standard hash-based signatures). In this paper, we show that WOTS$^{+}$ one-time signature, when adopting the constant-sum encoding scheme (Bos and Chaum, Crypto 1992), is size-optimal not only under Winternitz's OTS framework, but also among all tree-based OTS designs. Moreover, we point out a flaw in the DAG-based OTS design previously shown to be size-optimal at Asiacrypt 1996, which makes the constant-sum WOTS$^{+}$ the most size-efficient OTS to the best of our knowledge. Finally, we evaluate the performance of constant-sum WOTS$^{+}$ integrated into the SPHINCS$^+$ (CCS 2019) and XMSS (PQC 2011) signature schemes which exhibit certain degrees of improvement in both signing time and signature size.
Marshall Ball, Alexander Bienstock, Lisa Kohl, Pierre Meyer
ePrint ReportIn this work we move towards closing the gap between MPC and THC by presenting a protocol for THC on general graphs secure against all-but-one semi-honest corruptions from constant-round constant-overhead secure two-party computation. Our protocol is therefore the first to achieve THC on arbitrary networks without relying on assumptions with rich algebraic structure. As a technical tool, we introduce the notion of locally simulatable MPC, which we believe to be of independent interest.
Chen Qian, Yao Jiang Galteland, Gareth T. Davies
ePrint ReportWe provide three pairing-based constructions of public-key signable updatable encryption. The first scheme, $\mathsf{PSigUE}_1$, is built using a dual-mode zero-knowledge proof of knowledge system under an assumption closely related to the $k$-linear assumption. The second scheme, $\mathsf{PSigUE}_2$, provides unlinkability in addition to public authenticity. In the third scheme, $\mathsf{PSigUE}_\mathsf{T}$, we achieve the tight security with respect of number of epochs. The construction of $\mathsf{PSigUE}_\mathsf{T}$ is inspired by tag-based tightly-secure PKE schemes.
06 June 2023
University of Surrey
Job PostingThe Surrey Centre for Cyber Security (SCCS) at the University of Surrey is seeking to recruit a full-time Research Fellow in Data Resilience, Security and Privacy. The post is available with the opportunity for hybrid working – some time on campus and some from home. We welcome applicants who wish to pursue the role through flexible working patterns.
The successful candidate will be expected to conduct research within the context of the Defence Data Research Centre https://ddrc.uk/, funded by DSTL, in which SCCS is a partner, alongside the Universities of Exeter and Liverpool, and the Digital Catapult. The Centre is focusing on problems related to the use of data for Artificial Intelligence applications, particularly around the challenges of bringing raw data to the state where it can be used. We consider these problems within a defence context, such as logistics support, object tracking and data wrangling. SCCS is focused on the area of data resilience, security and privacy, considering problems such as the trustworthiness and resilience of data and issues around anonymisation.
The post holder will benefit from the research environment provided by the Surrey Centre for Cyber Security, an Academic Centre of Excellence in Cyber Security Research recognised by the National Cyber Security Centre. The Centre’s broader research agenda is in the areas of trusted computing, data privacy, privacy preserving security, applied cryptography, and a range of cyber security topics.
Closing date for applications:
Contact: Steve Schneider.
s.schneider@surrey.ac.uk
More information: https://jobs.surrey.ac.uk/Vacancy.aspx?id=13336
The University of Manchester, Department of Computer Science
Job PostingThe postdoc will be hosted by Bernardo Magri at the Systems and Software Security group at the CS department of the University of Manchester, located in the Northwest of England (https://www.cs.manchester.ac.uk/research/expertise/systems-and-software-security/).
The ideal candidate should have a PhD degree in Computer Science or related areas, and a proven record of publications in cryptography and/or security venues such as Crypto, Eurocrypt, Asiacrypt, TCC, PKC, CCS, S&P, USENIX, ACNS, ESORICS, etc. Experience with protocol composition frameworks (such as the UC framework) is a plus, but not required.
The position is at grade 7 (salary between £43k-53k/year depending on experience) and it lasts for 2 years. Positions can be filled from September 1st to December 1st, 2023, and will remain open until filled.
To apply, please send an email with the subject "SECCOM application" to bernardo.magri@manchester.ac.uk with:
Closing date for applications:
Contact: Bernardo Magri