IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
19 February 2024
CSEM, Neuchâtel CH
Job PostingCollaborating with two experienced teams in security, digital hardware and software, you will contribute to the development of an embedded anchor of trust for future generation of sustainable IoT devices, enabling features such as post quantum cryptography, threshold cryptography, distributed architectures, or reconfigurability over the air. You will be working closely with a diverse team of engineers and researchers, and you will take a leading role in transforming a vision into tangible IPs.
Your responsibilities
- Research in applied cryptography and implementations for embedded devices.
- Implement cryptography and security primitives for embedded devices; mainly HW/SW co-design.
- Develop Proof of concepts based on advanced cryptography topics.
- Harden security modules against side channel attacks, software attacks and other threats.
- Adopt a holistic approach to design and implement robust features yielding solid foundations for end-to-end security.
- Propose innovative security IPs, challenge them against state of the art and review them with peers.
Know-how
- PhD graduate or an MSc graduate.
- Background in one or more of these fields: digital design, embedded software design and applied cryptography.
- A high motivation to progress and excel in the field of applied cryptography and embedded security.
- Experience in digital hardware or embedded software development.
- Programming skills in VHDL, C, Python (or equivalent).
- Fluent in English. French or German are an advantage.
Interpersonal skills
- Natural curiosity and ability to adapt to new situations.
- Autonomous and hands-on, motivated to take initiative in the development of innovative solutions.
- Open-minded attitude and well-developed team-spirit.
Closing date for applications:
Contact: Damian Vizar
More information: https://www.csem.ch/en/jobs/151354/
Tarragona, Spanien, 2 October - 4 October 2024
Event CalendarSubmission deadline: 15 May 2024
Notification: 23 June 2024
Virtual event, Anywhere on Earth, 28 February - 29 February 2024
Event CalendarRadboud University, Netherlands
Job PostingClosing date for applications:
Contact: Simona Samardjiska
More information: https://www.ru.nl/en/working-at/job-opportunities/phd-candidate-in-post-quantum-cryptography
Janice Jianing Si, Sharma Tanusree, Kanye Ye Wang
ePrint ReportSamir Jordan Menon, David J. Wu
ePrint ReportBy removing the need for offline communication, YPIR significantly reduces the server-side costs for private auditing of Certificate Transparency logs. Compared to the best previous PIR-based approach, YPIR reduces the server-side costs by a factor of $5.6\times$. Note that to reduce communication costs, the previous approach assumed that updates to the Certificate Transparency log servers occurred in weekly batches. Since there is no offline communication in YPIR, our approach allows clients to always audit the most recent Certificate Transparency logs (e.g., updating once a day). Supporting daily updates using the prior scheme would cost $30\times$ more than YPIR (based on current AWS compute costs).
Milad Seddigh, Seyed Hamid Baghestani
ePrint ReportMinki Hhan
ePrint ReportEvan Laufer, Alex Ozdemir, Dan Boneh
ePrint ReportIn this work we build zkPi, the first zkSNARKfor proofs expressed in Lean, a state of the art interactive theorem prover. With zkPi, a prover can convince a verifier that a Lean theorem is true, while revealing little else. The core problem is building an efficient zkSNARKfor dependent typing. We evaluate zkPion theorems from two core Lean libraries: stdlib and mathlib. zkPisuccessfuly proves 57.9% of the theorems in stdlib, and 14.1% of the theorems in mathlib, within 4.5 minutes per theorem. A zkPiproof is sufficiently short that Fermat could have written one in the margin of his notebook to convince the world, in zero knowledge, that he proved his famous last theorem.
Interactive theorem provers (ITPs) can express virtually all systems of formal reasoning. Thus, an implemented zkSNARKfor ITP theorems generalizes practical zero-knowledge's interface beyond the status quo: circuit satisfiability and program execution.
Leo de Castro, Kevin Lewi, Edward Suh
ePrint ReportWe demonstrate that WhisPIR requires significantly less communication than all other lattice-based PIR protocols in a stateless setting. WhisPIR is outperformed in computation only by SimplePIR and HintlessPIR when the database entries are large (several kilobytes). WhisPIR achieves this performance by introducing a number of novel optimizations. These include improvements to the index expansion algorithm of SealPIR & OnionPIR that optimizes the algorithm when only one rotation key is available. WhisPIR also makes novel use of the non-compact variant of the BGV homomorphic encryption scheme to further save communication and computation. To demonstrate the practicality of WhisPIR, we apply the protocol to the problem of secure blocklist checking, an important user-safety application in end-to-end encrypted messaging.
Michele Orrù, George Kadianakis, Mary Maller, Greg Zaverucha
ePrint ReportWe construct techniques for offloading foreign arithmetic from a zero-knowledge circuit including: (i) equality of discrete logarithms across different groups; (ii) scalar multiplication without requiring elliptic curve operations; (iii) proving knowledge of an AES encryption.
To achieve our goal, we employ techniques inherited from rejection sampling and lookup protocols. We implement and provide concrete benchmarks for our protocols.
Nils Fleischhacker, Mathias Hall-Andersen, Mark Simkin
ePrint ReportUsing our witness encryption scheme, we construct a simple and highly efficient laconic OT protocol, which significantly outperforms the state of the art in most important metrics.
Sanjam Garg, Dimitris Kolonelos, Guru-Vamsi Policharla, Mingyuan Wang
ePrint ReportTim Beyne, Addie Neyt
ePrint ReportVéronique Cortier, Alexandre Debant, Anselme Goetschmann, Lucca Hirschi
ePrint ReportAntoine Joux, Julian Loss, Benedikt Wagner
ePrint ReportIn this work, we study implicit rejection through a novel lens, namely, from the perspective of kleptography. Concretely, we consider an attacker model in which the attacker can subvert the user's code to compromise security while remaining undetectable. In this scenario, we present three attacks that significantly reduce the security level of the FO transform with implicit rejection. Notably, our attacks apply to CRYSTALS-Kyber.
Kehao Ma, Minghui Xu, Yihao Guo, Lukai Cui, Shiping Ni, Shan Zhang, Weibing Wang, Haiyong Yang, Xiuzhen Cheng
ePrint ReportChuanlei Li, Minghui Xu, Jiahao Zhang, Hechuan Guo, Xiuzhen Cheng
ePrint ReportDan Boneh, Binyi Chen
ePrint Report16 February 2024
Liyan Chen, Yilei Chen, Zikuan Huang, Nuozhou Sun, Tianqi Yang, Yiding Zhang
ePrint ReportOur main results give new insights for Fiat-Shamir against bounded-depth adversaries in both the positive and negative directions. On the positive side, for Fiat-Shamir for proofs with certain properties, we show that weak worst-case assumptions are enough for constructing explicit hash functions that give $\mathsf{AC}^0[2]$-soundness. In particular, we construct an $\mathsf{AC}^0[2]$-computable correlation-intractable hash family for constant-degree polynomials against $\mathsf{AC}^0[2]$ adversaries, assuming $\oplus \mathsf{L}/\mathsf{poly} \not\subseteq \widetilde{\mathsf{Sum}}_{n^{-c}} \circ\mathsf{AC}^0[2]$ for some $c > 0$. This is incomparable to all currently-known constructions, which are typically useful for larger classes and against stronger adversaries, but based on arguably stronger assumptions. Our construction is inspired by the Fiat-Shamir hash function by Peikert and Shiehian [CRYPTO ’19] and the fully-homomorphic encryption scheme against bounded-depth adversaries by Wang and Pan [EUROCRYPT ’22].
On the negative side, we show Fiat-Shamir for arguments is still impossible to achieve against bounded-depth adversaries. In particular, • Assuming the existence of $\mathsf{AC}^0[2]$-computable CRHF against p.p.t. adversaries, for every poly-size hash function, there is a (p.p.t.-sound) interactive argument that is not $\mathsf{AC}^0[2]$-sound after applying Fiat-Shamir with this hash function. • Assuming the existence of $\mathsf{AC}^0[2]$-computable CRHF against $\mathsf{AC}^0[2]$ adversaries, there is an $\mathsf{AC}^0[2]$-sound interactive argument such that for every hash function computable by $\mathsf{AC}^0[2]$ circuits the argument does not preserve $\mathsf{AC}^0[2]$-soundness when applying Fiat-Shamir with this hash function. This is a low-depth variant of the result of Goldwasser and Kalai.