IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
15 December 2023
Poulami Das, Andreas Erwig, Michael Meyer, Patrick Struck
ePrint ReportIn this work, we advance the study on post-quantum secure signature and wallet schemes. That is, we provide the first formal model for deterministic threshold wallets and we show a generic post-quantum secure construction from any post-quantum secure threshold signature scheme with rerandomizable keys. We then instantiate our construction from the isogeny-based signature scheme CSI-FiSh and we show that our instantiation significantly improves over prior work.
Srinidhi Hari Prasad, Florian Mendel, Martin Schläffer, Rishub Nagpal
ePrint ReportPrasanna Ravi, Arpan Jati, Shivam Bhasin
ePrint ReportUpon bypassing RSA authentication, an attacker can mount any unauthenticated software application on the target device to mount a variety of attacks. Among the several possible attacks, we are interested to perform recovery of the encrypted bitstream in the target boot image of the Zynq-7000 device. To the best of our knowledge, there does not exist any prior work that has reported a practical bitstream recovery attack on the Zynq-7000 device. In the context of bitstream recovery, Ender et al. in 2020 proposed the Starbleed attack that is applicable to standalone Virtex-6 and 7-series Xilinx FPGAs. The design advisory provided by Xilinx as a response to the Starbleed attack claims that the Zynq-7000 SoC is resistant “due to the use of asymmetric and/or symmetric authentication in the boot/configuration process that ensures configuration is authenticated prior to use". Due to the security flaw found in the FSBL, we managed to identify a novel approach to mount the Starbleed attack on the Zynq-7000 device for full bitstream recovery. Thus, as a second contribution of our work, we present the first practical demonstration of the Starbleed attack on the Zynq-7000 SoC. We perform experimental validation of our proposed attacks on the PYNQ-Z1 platform based on the Zynq-7000 SoC.
Hongqing Liu, Chaoping Xing, Chen Yuan, Taoxu Zou
ePrint ReportNai-Hui Chia, Shih-Han Hung
ePrint ReportPrevious results for separating hybrid quantum-classical computers with various quantum depths require either quantum access to oracles or interactions between the classical verifier and the quantum prover. However, instantiating oracle separations can significantly increase the quantum depth in general, and interaction challenges the quantum device to keep the qubits coherent while waiting for the verifier's messages. These requirements pose barriers to implementing the protocols on near-term devices.
In this work, we present a two-message protocol under the quantum hardness of learning with errors and the random oracle heuristic. An honest prover only needs classical access to the random oracle, and therefore any instantiation of the oracle does not increase the quantum depth. To our knowledge, our protocol is the first non-interactive CVQD, the instantiation of which using concrete hash functions, e.g., SHA-3, does not require additional quantum depth.
Our second protocol seeks to explore the minimality of cryptographic assumptions and the tightness of the separations. To accomplish this, we introduce an untrusted quantum machine that shares entanglements with the target machine. Utilizing a robust self-test, our protocol certifies the depth of the target machine with information-theoretic security and nearly optimal separation.
Daniel R. L. Brown
ePrint ReportYunqi Li, Kyle Soska, Zhen Huang, Sylvain Bellemare, Mikerah Quintyne-Collins, Lun Wang, Xiaoyuan Liu, Dawn Song, Andrew Miller
ePrint ReportAmirreza Sarencheh, Aggelos Kiayias, Markulf Kohlweiss
ePrint ReportTim Beyne, Michiel Verbauwhede
ePrint ReportAndrea Basso, Mingjie Chen, Tako Boris Fouotsa, Péter Kutas, Abel Laval, Laurane Marco, Gustave Tchoffo Saah
ePrint Report12 December 2023
Scott Fluhrer
ePrint ReportSulaiman Alhussaini, Craig Collett, Serge˘ı Sergeev
ePrint ReportCéline Chevalier, Guirec Lebrun, Ange Martinelli
ePrint ReportMost research on CGKAs has focused on how to improve these two security properties. However, post-compromise security and forward secrecy require the active participation of respectively all compromised users and all users within the group. Inactive users – who remain offline for long periods – do not update anymore their encryption keys and therefore represent a vulnerability for the entire group. This issue has already been identified in the MLS standard, but no solution, other than expelling these inactive users after some disconnection time, has been found.
We propose here a CGKA protocol based on TreeKEM and fully compatible with the MLS standard, that implements a “quarantine” mechanism for the inactive users in order to mitigate the risk induced by these users without removing them from the group. That mechanism indeed updates the inactive users’ encryption keys on their behalf and secures these keys with a secret sharing scheme. If some of the inactive users eventually reconnect, their quarantine stops and they are able to recover all the messages that were exchanged during their offline period. Our “Quarantined-TreeKEM” protocol thus offers a good trade-off between security and functionality, with a very limited – and sometimes negative – communication overhead.
François-Xavier Wicht, Zhipeng Wang, Duc V. Le, Christian Cachin
ePrint ReportCong Ling, Andrew Mendelsohn
ePrint Report11 December 2023
Technical University of Denmark, Dept. of Applied Mathematics and Computer Science, Copenagen Area
Job PostingThe goal of the project is to explore different routes towards providing a fully quantum-secure replacement for X3DH, the key exchange protocol used by Signal, WhatsApp and the likes. It is an excellent opportunity to be involved in advanced research on cryptographic systems secure against quantum computing.
For more information click the title of this job listing. If you are interested feel free to reach out to Christian Majenz (chmaj@dtu.dk).
Closing date for applications:
Contact: Christian Majenz, Associate Professor at DTU Compute, Cyber Security Engineering Section
More information: https://efzu.fa.em2.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1/job/2851/?utm_medium=jobshare
University of Kassel, Germany
Job PostingThe Information Security group is looking for a strong candidate to fill an open PhD position. The PhD will be supervised by Jiaxin Pan and will work on provable security, for instance, key exchange protocols and digital signature schemes. We will also work on the post-quantum security of them.
We hope that the PhD can publish at major venues, such as Crypto, Eurocrypt, Asiacrypt, PKC, etc., under the supervision. In the past, this has been successfully realized.
The position is paid according to EG13 TV-H (full-time). It is initially limited for 3 years with the possibility of extension for a further 2 years. The position comes with teaching load of 4 hours per week during the semester teaching period. This is usually manageable and can be done in the forms of tutorials, labs, seminars, or thesis co-supervision.
We encourage strong candidates with a Master degree and those who are close to finish to apply. Knowledge in post-quantum cryptography, digital signatures, or key exchange is highly desirable.
More information can be found in:
- https://stellen.uni-kassel.de/jobposting/9023eb9d3fd3366877c376079417eb1d088ded3c0 (English), or
- https://stellen.uni-kassel.de/jobposting/0870f187f0392f19987735519cbe2b5778a3eb910 (German)
Closing date for applications:
Contact: Jiaxin Pan: https://sites.google.com/view/jiaxinpan
More information: https://stellen.uni-kassel.de/jobposting/9023eb9d3fd3366877c376079417eb1d088ded3c0
University of Birmingham, UK
Job PostingClosing date for applications:
Contact: Rishiraj Bhattacharyya (r.bhattacharyya@bham.ac.uk)
More information: https://edzz.fa.em3.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_6001/job/3750/
Limitless Labs, Ukraine or Remote
Job PostingThis role is dedicated to applied research. In our initial phases, we are committed to understanding and leveraging the state-of-the-art, while in future phases, we will advance it. Primarily, the researcher will contribute to the design of new architectural solutions.
Responsibilities
- Design, specify and verify distributed systems by leveraging formal and experimental techniques.
- Build proof of concepts and prepare executable specifications for the development team.
- Regularly going through papers, bringing new ideas and staying up-to-date.
- Conducting theoretical and practical analysis of the performance of distributed systems.
- Collaborating with both internal and external contributors.
Closing date for applications:
Contact: Ira | Head of People @ Limitless Labs
More information: https://apply.workable.com/limitless-labs-network/j/EF6246F619/
Mingxun Zhou, Elaine Shi, Giulia Fanti
ePrint ReportTo address this challenge, we propose an efficient protocol called Shuffle-ZKP, which enables users within an unlinkable messaging system to collectively prove their compliance. Our protocol leverages a distributed and private set equality check protocol along with generic Non-Interactive Zero-Knowledge (NIZK) proof systems. We also provide an additional attributing protocol to identify misbehaving users. We theoretically analyze the protocol's correctness and privacy properties; we then implement and test it across multiple use cases. Our empirical results show that in use cases involving thousands of users, each user is able to generate a compliance proof within 0.2-10.6 seconds, depending on the use case, while the additional communication overhead remains under 3KB. Furthermore, the protocol is computationally efficient on the server side; the verification algorithm requires a few seconds to handle thousands of users in all of our use cases.