IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
21 August 2023
National Sun Yat-sen University, Department of Computer Science and Engineering; Kaohsiung, Taiwan
Job PostingEssential Qualifications:
Closing date for applications:
Contact: Dr. Arijit Karati (arijit.karati@mail.cse.nsysu.edu.tw)
Monash University, Melbourne, Australia
Job Posting- Post-quantum cryptography (based on lattices and/or hash) and its applications
- Privacy-enhancing technologies (e.g. zero-knowledge proofs) and their applications
- highly competitive tuition fee and stipend scholarships
- opportunities to collaborate with leading academic and industry experts in the related areas
- opportunities to participate in international grant-funded projects
- collaborative and friendly research environment
- an opportunity to live/study in one of the most liveable and safest cities in the world
Requirements. A strong mathematical and cryptography background is required. Some knowledge/experience in coding (for example, Python, C/C++, SageMath) is a plus. Candidates must have completed (or be about to complete within the next 6 months) a significant research component either as part of their undergraduate (honours) degree or masters degree. They should have excellent English verbal and written communication skills.
How to apply. Please fill in the following form (also clickable from the advertisement title): https://docs.google.com/forms/d/e/1FAIpQLSetFZLvDNug5SzzE-iH97P9TGzFGkZB-ly_EBGOrAYe3zUYBw/viewform?usp=sf_link
Closing date for applications:
Contact: Ron Steinfeld
More information: https://docs.google.com/forms/d/e/1FAIpQLSetFZLvDNug5SzzE-iH97P9TGzFGkZB-ly_EBGOrAYe3zUYBw/viewform?usp=sf_link
Monash University, Melbourne, Australia
Job PostingClosing date for applications:
Contact: Rafael Dowsley Email: rafael.dowsley@monash.edu
Queen's University Belfast
Job PostingClosing date for applications:
Contact: Arnab Kumar Biswas
More information: https://www.qub.ac.uk/courses/postgraduate-research/phd-opportunities/a-trusted-execution-environment-based-framework-for-securing-legacy-embedded-systems.html
Queen's University Belfast
Job PostingClosing date for applications:
Contact: Arnab Kumar Biswas
More information: https://www.qub.ac.uk/courses/postgraduate-research/phd-opportunities/secure-multitenant-and-federated-satellite-system.html
Leuven, Belgium, 11 October - 13 October 2023
Event CalendarBITS Pilani Goa, India, 10 December - 13 December 2023
Event CalendarSubmission deadline: 7 September 2023
Notification: 15 October 2023
Hongda Li, Peifang Ni, Yao Zan
ePrint ReportAdditionally, we obtain a witness encryption (WE) scheme for NP language based on the presented PKE scheme. This result highlights that WE scheme can also be established based on the existence of OWF.
Michael Brand, Tania Churchill, Carsten Friedrich
ePrint ReportTianyao Gu, Yilei Wang, Bingnan Chen, Afonso Tinoco, Elaine Shi, Ke Yi
ePrint ReportYibin Yang, David Heath, Carmit Hazay, Vladimir Kolesnikov, Muthuramakrishnan Venkitasubramaniam
ePrint ReportOur main result, Batchman, is asymptotically and concretely efficient VOLE-based ZK for batched disjunctions, i.e. statements containing R repetitions of the same disjunction. This is crucial for, e.g., emulating CPU steps in ZK. Our prover and verifier complexity is only O(RB + R|C| + B|C|), where |C| is the maximum circuit size of the B branches. Prior works’ computation scales in RB|C|.
For non-batched disjunctions, we also construct a VOLE-based ZK protocol, Robin, which is (only) communication efficient. For small fields and for statistical security parameter λ, this protocol’s communication improves over the previous state of the art (Mac′n′Cheese, Baum et al., CRYPTO’21) by up to factor λ.
Our implementation outperforms prior state of the art. E.g., we achieve up to $6×$ improvement over Mac′n′Cheese (Boolean, single disjunction), and for arithmetic batched disjunctions our experiments show we improve over QuickSilver (Yang et al., CCS’21) by up to $70×$ and over AntMan (Weng et al., CCS’22) by up to $36×$.
Alexander R. Block, Albert Garreta, Pratyush Ranjan Tiwari, Michał Zając
ePrint ReportSteve Thakur
ePrint ReportThe proof size is constant ($10$ $\mathbb{G}_1$, $20$ $\mathbb{F}_p$), as is the verification time, which is dominated by a single pairing check (i.e. two pairings). The Prover time is dominated by the $10$ multi-scalar multiplications in $\mathbb{G}_1$ - with a combined MSM length of $22\cdot |\mathrm{Circuit}|$- and, to a lesser extent, the computation of a single sum of polynomial products over the prime scalar field via multimodular FFTs.
The scheme supports succinct lookup arguments for subsets as well as subsequences. Our construction relies on homomorphic table commitments, which makes them amenable to vector lookups. The Prover algorithm runs in runtime $O(M\cdot \log(M))$, where $M = \max \{|\text{Circuit}| , \;|\text{Table}|\}.$
Furthermore, the scheme supports custom gates, albeit at the cost of a larger proof size. As an application of the techniques in this paper, we describe a protocol that supports multiple *univariate* custom gates $\mathcal{G}_i$ of high degree that are sparsely distributed in the sense that $$\sum_{i} \deg(\mathcal{G}_i)\cdot \#(\mathcal{G}_i\;\text{gates}) \; = \; O(|\text{Circuit}|). $$ This comes at the cost of three additional $\mathbb{G}_1$ elements and does not blow up the proof generation time, i.e. it does not entail MSMs or FFTs of length larger than the circuit size.
Matthias Geihs, Hart Montgomery
ePrint ReportAggelos Kiayias, Nikos Leonardos, Yu Shen
ePrint ReportAchieving optimal order fairness in the sense of bounded unfairness turns out to be connected to the graph theoretic properties of the underlying transaction dependency graph and specifically the bandwidth metric of strongly connected components in this graph. This gives rise to a specific instance of the definition that we call ``directed bandwidth order-fairness'' which we show that it captures the best possible that any protocol can achieve in terms of bounding unfairness. We prove ordering transactions in this fashion is NP-hard and non-approximable for any constant ratio. Towards realizing the property, we put forth a new distributed ledger protocol called Taxis that achieves directed bandwidth order-fairness in the permissionless setting. We present two variants of our protocol, one that matches the property perfectly but (necessarily) lacks in performance and liveness, and a second variant that achieves liveness and better complexity while offering a slightly relaxed version of the directed bandwidth definition. Finally, we comment on applications of our work to social choice theory, a direction which we believe to be of independent interest.
Fabian Schmid, Shibam Mukherjee, Stjepan Picek, Marc Stöttinger, Fabrizio De Santis, Christian Rechberger
ePrint ReportAntonin Leroux
ePrint ReportIn $\mathsf{DeuringVRF}_{y,z}$, the evaluation is done with algorithms for the Deuring correspondence that make use of isogenies in dimension $z$, and the verification is based on the isogeny representation obtained from isogenies in dimension $y$.
The main advantage of the $\mathsf{DeuringVRF}_{y,z}$ family is its compactness, with proof sizes of a few hundred bytes, which is orders of magnitude smaller than other generic purpose post-quantum VRF constructions.
We describe four variants of our scheme with $(y,z) \in \lbrace (2,1),(2,2),(4,1), (4,2) \rbrace$ each offering different tradeoffs between compactness, evaluation efficiency and verification efficiency.
In the process, we introduce several new algorithms that might be of independent interest. In particular, for the variants with $z=2$, we introduce the first algorithm to translate an ideal into the corresponding isogeny of dimension $1$ using isogenies between abelian variety of dimension $2$ as a tool. The main advantage of this new algorithm compared to existing solution is the relaxation of the constraints on the prime characteristic: our new algorithm can run efficiently with ``SIDH primes" that are very easy to generate unlike ``SQIsign primes" that are currently required by the state of the art appoach. We believe that this algorithm opens a promising research direction to speed-up other schemes based on the Deuring correspondence such as the SQIsign signature scheme.