IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
16 February 2024
Pedro Branco, Nico Döttling, Akshayaram Srinivasan, Riccardo Zanotto
ePrint ReportDevadas, Goyal, Kalai, and Vaikuntanathan (FOCS 2022) introduced a variant of somewhere extractable hashing called rate-1 fully local SE hash functions. The rate-1 requirement states that the size of the digest is $m + \mathsf{poly}(\lambda)$ (where $\lambda$ is the security parameter). The fully local property requires that for any index $i$, there is a "very short" opening showing that $i$-th bit of the hashed input is equal to $b$ for some $b \in \{0,1\}$. The size of this opening is required to be independent of $m$ and in particular, this means that its size is independent of the size of the digest. Devadas et al. gave such a construction from Learning with Errors (LWE).
In this work, we give a construction of a rate-1 fully local somewhere extractable hash function from Decisional Diffie-Hellman (DDH) and BARGs. Under the same assumptions, we give constructions of rate-1 BARG and RAM SNARG with partial input soundness whose proof sizes are only matched by prior constructions based on LWE.
Alexander Bienstock, Sarvar Patel, Joon Young Seo, Kevin Yeo
ePrint ReportUsing our compression schemes, we obtain state-of-the-art schemes for batch private information retrieval (PIR) where a client wishes to privately retrieve multiple entries from a server-held database in one query. We show that our compression schemes may be used to reduce communication by up to 30% for batch PIR in both the single- and two-server settings.
Additionally, we study labeled private set intersection (PSI) in the unbalanced setting where one party's set is significantly smaller than the other party's set and each entry has associated data. By utilizing our novel compression algorithm, we present a protocol with 65-88% reduction in communication with comparable computation compared to prior works.
Michele Battagliola, Andrea Flamini
ePrint ReportSince its introduction, the Fiat-Shamir Transform has been the most popular way to design standard digital signature schemes. In this work, we translate the Fiat-Shamir Transform into a multi-party setting, building a framework that seeks to be an alternative, easier, way to design threshold digital signatures. We do that by introducing the concept of threshold identification scheme and threshold sigma protocol, and showing necessary and sufficient conditions to prove the security of the threshold signature schemes derived from them.
Lastly, we show a practical application of our framework providing an alternative security proof for Sparkle, a recent threshold Schnorr signature. In particular, we consider the threshold identification scheme underlying Sparkle and prove the security of the signature derived from it.
We show that using our framework the effort required to prove the security of threshold signatures might be drastically lowered. In fact, instead of reducing explicitly its security to the security of a hard problem, it is enough to prove some properties of the underlying threshold sigma protocol and threshold identification scheme. Then, by applying the results that we prove in this paper it is guaranteed that the derived threshold signature is secure.
Charlotte Lefevre
ePrint ReportElijah Pelofske
ePrint ReportTao Zhang, Shang Shi, Md Habibur Rahman, Nitin Varshney, Akshay Kulkarni, Farimah Farahmandi, Mark Tehranipoor
ePrint Report13 February 2024
Warszawa, Polska, 20 June - 21 June 2024
Event CalendarSubmission deadline: 8 April 2024
Notification: 6 May 2024
IFT | Logos | Vac
Job PostingThis role is within the Vac Nescience unit, which develops Nescience A zkVM leveraging hiding properties.
The role
In this role, you will be responsible implementing and analysing components of zero knowledge argument systems and architectures for private computation. The ideal candidate should be well-versed in zero-knowledge circuits written in Rust, with the ability to adapt to evolving research needs.
Your responsibilities will include implementing zero-knowledge circuits and writing comprehensive specifications. Additionally, your role will involve measuring the performance of circuits, while also possessing the skills to debug and optimize as needed.
Join us in pushing the boundaries of private computation technology and contribute to groundbreaking advancements in the field of zkVMs.
Closing date for applications:
Contact: Maya
More information: https://grnh.se/0ee4300f1us
SandboxAQ
Job PostingWe have postdoc and PhD residency positions available at SandboxAQ [1]. We seek people interested in doing research in the areas of post-quantum cryptography, privacy, and machine learning applied to cybersecurity. The positions are remote, but allow for travel to collaborate with team members. The postdoc residencies are initially for two years, but with the option to extend it to up to three years, on mutual agreement. PhD residencies are up to one year.
We are open to strong candidates that reinforce existing expertise of the team as well as candidates extending our expertise. We are committed to creating an inclusive culture where we have zero tolerance for discrimination. We invest in our employees' personal and professional growth. Learn more about what we’ve been doing so far by checking out our publications page [2] or the individual DBLP pages of our permanent researchers listed below for each of the teams associated with these residencies. [1] www.sandboxaq.com [2] pub.sandboxaq.com Rolling deadline. More information: https://www.sandboxaq.com/careers. PQC members’ information:- Carlos Aguilar Melchor: https://dblp.org/pid/71/4606.html
- Martin Albrecht: https://dblp.org/pid/92/7397.html
- Nina Bindel: https://dblp.org/pid/167/3021.html
- James Howe: https://dblp.org/pid/163/8680.html
- Andreas Hülsing: https://dblp.org/pid/27/1744.html
- Nicolas Gama: https://dblp.org/pid/49/4575.html
- Sandra Guasch Castelló: https://dblp.org/pid/86/8292.html
- Raphael Labaca-Castro: raphael.labaca@sandboxaq.com
- Parth Mishra: parth.mishra@sandboxaq.com
Closing date for applications:
Contact:
- PQC: martin.albrecht@sandboxaq.com and james.howe@sandboxaq.com
- Privacy: nicolas.gama@sandboxaq.com and sandra.guasch@sandboxaq.com
- ML: raphael.labaca@sandboxaq.com and parth.mishra@sandboxaq.com
More information: https://www.sandboxaq.com/careers
University of Wollongong, Australia
Job PostingClosing date for applications:
Contact: Dr Yannan Li (first_name@uow.edu.au)
University of Wollongong, Australia
Job PostingClosing date for applications:
Contact: Dr Yannan Li (first_name@uow.edu.au)
12 February 2024
Dionysis Zindros, Apostolos Tzinas, David Tse
ePrint ReportKonstantinos Brazitikos, Vassilis Zikas
ePrint ReportSamuel Lavery
ePrint ReportPrabhanjan Ananth, Gilad Asharov, Vipul Goyal, Hadar Kaner, Pratik Soni, Brent Waters
ePrint Report- We consider a new notion of NIZK called subversion advice-ZK NIZK that strengthens the notion of zero-knowledge with malicious authority security considered by Ananth, Asharov, Dahari and Goyal (EUROCRYPT'21), and present a construction of a subversion advice-ZK NIZK from the sub-exponential hardness of learning with errors.
- We introduce a new notion that strengthens the traditional definition of soundness, called accountable soundness, and present generic compilers that lift any NIZK for interesting languages in NP to additionally achieve accountable soundness.
- Finally, we combine our results for both subversion advice-ZK and accountable soundness to achieve a subversion advice-ZK NIZK that also satisfies accountable soundness. This results in the first NIZK construction that satisfies meaningful notions of both soundness and zero-knowledge even for maliciously chosen CRS.
Andi Liu, Yizhong Liu, Zhuocheng Pan, Yinuo Li, Jianwei Liu, Yuan Lu
ePrint ReportIn this paper, we present Kronos, a generic and efficient sharding blockchain consensus ensuring robust security. At the core of Kronos, we introduce a ''buffer'' mechanism for atomic cross-shard transaction processing. Shard members collectively maintain a buffer to manage cross-shard inputs, ensuring that a transaction is committed only if all inputs are available, and no fund is transferred for invalid requests. While ensuring security including atomicity, Kronos processes transactions with optimal intra-shard communication overhead. A valid cross-shard transaction, involving $x$ input shards and $y$ output shards, is processed with a minimal intra-shard communication overhead factor of $x+y$. Additionally, we propose a reduction for transaction invalidity proof generation to simple and fast multicasting, leading to atomic rejection without executing full-fledged Byzantine fault tolerance (BFT) protocol in optimistic scenarios. Moreover, Kronos adopts a newly designed ''batch'' mechanism, reducing inter-shard message complexity for cross-shard transactions from $\mathcal{O}(\lambda)$ to $\mathcal{O}((m \text{log} m/b)\lambda)$ without sacrificing responsiveness (where $m$ denotes number of shards, $b$ denotes the batch size of intra-shard consensus, and $\lambda$ is security parameter).
Kronos operates without dependence on any time or client honesty assumption, serving as a plug-in sharding blockchain consensus supporting applications in diverse network environments including asynchronous ones. We implement Kronos using two prominent BFT protocols: asynchronous Speeding Dumbo (NDSS'22) and partial synchronous HotStuff (PODC'19). Extensive experiments (over up to $1000$ AWS EC2 nodes across 4 AWS regions) demonstrate Kronos achieving a substantial throughput of $68.6$ktx/sec with $1.7$sec latency. Compared with state-of-the-art solutions, Kronos outperforms in all cases, achieving up to a $42 \times$ improvement in throughput and a $50\%$ reduction in latency when cross-shard transactions dominate the workload.
ChihYun Chuang, IHung Hsu, TingFang Lee
ePrint ReportZeyu Liu, Eran Tromer, Yunhao Wang
ePrint ReportRecent work constructed Oblivious Message Retrieval (OMR) protocols that outsource the message detection and retrieval in a privacy-preserving way, using homomorphic encryption. This exhibits significant costs in computation per message scanned (${\sim}109$ms), as well as in the size of the associated messages (${\sim}1$kB overhead) and public keys (${\sim}132$kB).
This work constructs more efficient OMR schemes, by replacing the LWE-based clue encryption of prior works with a Ring-LWE variant, and utilizing the resulting flexibility to improve several components of the scheme. We thus devise, analyze, and benchmark two protocols:
The first protocol focuses on improving the detector runtime, using a new retrieval circuit that can be homomorphically evaluated more efficiently. Concretely, this construction takes only ${\sim}7.3$ms per message scanned, about $15$x faster than the prior work.
The second protocol focuses on reducing the communication costs, by designing a different homomorphic decryption circuit. While the circuit is less homomorphic-encryption-friendly (than our first construction), it allows the parameter of the Ring-LWE encryption to be set such that both the public key and the message size are greatly reduced. Concretely, the public key size is about $235$x smaller than the prior work, and the message size is roughly $1.6$x smaller. The runtime of this second construction is ${\sim}40.0$ms per message, still more than $2.5$x faster than prior works.
Andreea Alexandru, Ahmad Al Badawi, Daniele Micciancio, Yuriy Polyakov
ePrint ReportTo address this confusion, we introduce the notion of application-aware homomorphic encryption and devise related security definitions, which correspond more closely to how homomorphic encryption schemes are implemented and used in practice. We then formulate the guidelines for implementing the application-aware homomorphic encryption model to achieve $IND-CPA^{D}$ security for practical applications of CKKS. We also show that our application-aware model can be used for secure, efficient instantiation of exact homomorphic encryption schemes.
Mark Manulis, Jérôme Nguyen
ePrint ReportWe strengthen the credibility of our definitions by exploring relations to existing security notions for homomorphic encryption schemes, namely CCA1, RCCA, FuncCPA, CCVA, and HCCA. We prove that vCCA security is the strongest notion known so far, that can be achieved by an FHE scheme; in particular, vCCA is strictly stronger than CCA1.
Finally, we provide a general transformation, that takes any CPA-secure FHE scheme and makes it vCCA-secure. Our transformation first turns an FHE scheme into a CCA2-secure scheme where a part of the ciphertext retains the homomorphic properties and then extends it with a succinct non-interactive argument of knowledge (SNARK) to verifiably control the evaluation algorithm. In fact, we obtain four general variation of this transformation. We handle both the asymmetric and the symmetric key FHE schemes, and for each we give two variations differing in whether the ciphertext integrity can be verified publicly or requires the secret key. We use well-known techniques to achieve CCA security in the first step of our transformation. In the asymmetric case, we use the double encryption paradigm, and in the symmetric case, we use Encrypt-then-MAC techniques. Furthermore, our transformation also gives the first CCA-secure FHE scheme based on bootstrapping techniques.