IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
10 April 2024
Mario Yaksetig
ePrint ReportOur findings indicate that most challenges can be effectively addressed through the implementation of cryptography and subnets (i.e., Avalanche architecture), which allow for segmented, optimized environments within the broader metaverse ecosystem. This approach not only enhances performance but also provides a flexible framework for managing the diverse needs of metaverse applications.
Nimish Mishra, Debdeep Mukhopadhyay
ePrint ReportMustafa Khairallah
ePrint ReportIn this paper, we present two new AEAD modes and four instantiations based on Tweakable Block Ciphers. These new modes target equipping high-speed applications on parallel platforms with nonce misuse resistant AEAD (MRAE). The first mode, LLSIV, targets similar performance on single-core platforms to SCT-2, while eliminating the bottlenecks that make SCT-2 not fully parallelizable. The enhanced parallelism allows LLSIV to encrypt significantly more blocks on parallel platforms, compared to SCT-2, in the same amount of time. LLSIV is based on the NaT MAC, where each ciphertext block can itself be viewed as an instance of NaT when the plaintext is prepended with $0^n$. The trade-off is that LLSIV requires the inverse function of the TBC. However, the inverse function is used only once per message and we demonstrate that for parallel implementations it represents a very small overhead.
We give an instantiation of LLSIV based on the SKINNY-128-384 TBC, and a pruned scheme, dubbed pLLSIV, which targets enhanced performance compared both SCT-2 and LLSIV on all platforms, while having reduced security claims. It relies on the recently popularized prove-then-prune methodology to take full advantage of the properties of LLSIV. This leads to a significant performance improvement, making pLLSIV even faster than online TBC-based schemes that are not MRAE-secure. Last but not least, we give an instantiation that uses the primitives used in AES-GCM-SIV: the PolyVal hash function and AES. Our instantiation is faster than AES-GCM-SIV on all platforms and have better bounds. On the other hand, it relies on the ideal cipher model as it uses the ICE TBC proposed as part of the Remus AEAD design.
The second mode we describe is LLDFV. It uses ideas from LLSIV combined the Decryption-Fast SIV (DFV) framework proposed recently by Minematsu. The goal is to reduce the number of calls to the TBC by one, while making the scheme as parallelizable as LLSIV. This makes the scheme faster that DFV on all platforms.
Zeyu Xu, Jiamin Cui, Kai Hu, Meiqin Wang
ePrint ReportDécio Luiz Gazzoni Filho, Tomás S. R. Silva, Julio López
ePrint ReportStanislav Peceny, Srinivasan Raghuraman, Peter Rindal, Harshal Shah
ePrint ReportWe give two novel protocols for efficiently generating a random permutation correlation. The first makes use of recent advances in MPC-friendly PRFs to obtain a protocol requiring $O(n\ell)$ OTs/time and constant rounds to permute $n$ $\ell$-bit strings. Unlike the modern OT extension techniques we rely on, this was previously only achievable from relatively more expensive public-key cryptography, e.g. Paillier or LWE. We implement this protocol and demonstrate that it can generate a correlation for $n=2^{20},\ell=128$ in 19 seconds and $\sim2\ell n$ communication, a 15 \& $1.1\times$ improvement over the LWE solution of Juvekar at al. (CCS 2018). The second protocol is based on pseudo-random correlation generators and achieves an overhead that is \emph{sublinear} in the string length $\ell$, i.e. the communication and number of OTs is $O(n\log \ell)$. The latter protocol is ideal for the setting when you need to repeatedly permute secret-shared data by the same permutation, e.g. in graph algorithms.
Finally, we present a suite of highly efficient protocols for performing various batched random access operations. These include a class of protocols we refer to as \emph{extraction}, which allow a user to \emph{mark} a subset of $X$ and have this subset obliviously extracted into an output list. Additionally, the parties can specify an \emph{arbitrary} selection function $\sigma:[n]\rightarrow[n]$ and obtain shares of $\sigma(X)=(X_{\sigma(1)},\ldots,X_{\sigma(n)})$ from $X$. We implement these protocols and report on their performance.
Martin R. Albrecht, Matilda Backendal, Daniele Coppola, Kenneth G. Paterson
ePrint ReportWe provide the first detailed documentation and security analysis of Nextcloud's E2EE feature. Nextcloud's strong security claims motivate conducting the analysis in the setting where the server itself is considered malicious. We present three distinct attacks against the E2EE security guarantees in this setting. Each one enables the confidentiality and integrity of all user files to be compromised. All three attacks are fully practical and we have built proof-of-concept implementations for each. The vulnerabilities make it trivial for a malicious Nextcloud server to access and manipulate users' data.
We have responsibly disclosed the three vulnerabilities to Nextcloud. The second and third vulnerabilities have been remediated. The first was addressed by temporarily disabling file sharing from the E2EE feature until a redesign of the feature can be made. We reflect on broader lessons that can be learned for designers of E2EE systems.
09 April 2024
Paris, France, 26 June 2024
Event CalendarSubmission deadline: 5 May 2024
Notification: 12 May 2024
Arlington, USA, 23 October - 25 October 2024
Event CalendarSubmission deadline: 6 June 2024
Notification: 30 July 2024
Halifax, Canada, 4 September 2024
Event CalendarBrandenburg University of Technology, Chair of IT Security
Job Posting- Privacy-Enhancing Technologies in Cyber-Physical Systems.
- AI-based Network Attack Detection and Simulation.
- AI-enabled Penetration Testing.
Closing date for applications:
Contact: Ivan Pryvalov (ivan.pryvalov@b-tu.de)
Graz University of Technology
Job PostingJoin our Cryptographic Engineering research team at the Technical University of Graz (TU Graz) in Austria! We are seeking a one PhD and one postdoctoral researchers.
You will contribute to an exciting research project advancing isogeny-based cryptography. This role offers a unique opportunity to collaborate with leading experts in the field and perform cutting-edge research.
The Cryptographic Engineering research team is based at IAIK, TU Graz, the largest university institute in Austria for research and education in security and privacy. It has been active in this field for more than 30 years and currently employs more than 60 researchers.
Required Qualifications for PhD position:The ideal candidate for the PhD position will hold a master's degree with project experience in the implementation aspects (e.g., efficient implementation, side-channel analysis, fault analysis, etc.) of cryptography, preferably in isogeny-based cryptography.
Required Qualifications for Postdoc position:The ideal candidate for the postdoc position will hold a PhD (or be close to completion) in cryptography and be an expert in isogeny-based cryptography and/or secure implementation aspects of cryptography.
How to apply:
Submit your applications, CV, and other documents before 1st May, 2024.
https://jobs.tugraz.at/en/jobs/bbba0417-7a9c-69a5-f012-6613bd4b383f/apply?preview=true
Closing date for applications: The application deadline is May 1st, 2024.
Closing date for applications:
Contact: Sujoy Sinha Roy – sujoy.sinharoy@iaik.tugraz.at
Vu Amsterdam
Job PostingClosing date for applications:
Contact: Kristina Sojakova
More information: https://workingat.vu.nl/vacancies/phd-in-effective-and-scalable-tools-against-side-channel-attacks-amsterdam-1064918
Quantstamp
Job PostingQuantstamp is looking for an applied cryptographer. Quantstamp often deals with a wide range of cryptographic problems, including reviewing implementations and tackling new theoretical problems using cryptography. For example, Quantstamp regularly receives requests to review code bases which either invoke or implement (custom) cryptography, as part of an audit.
Requirments
Closing date for applications:
Contact: candidate-upload-to-job-N7wnRj36Krf2zX@inbox.ashbyhq.com
More information: https://jobs.ashbyhq.com/quantstamp/6ae4fc70-98bb-42e1-9f24-c40e7af441cc
Monash University; Melbourne, Australia
Job Posting- highly competitive scholarships to cover tuition fees, health insurance and living expenses (as stipend),
- opportunities to collaborate with leading academic and industry experts in the related areas,
- opportunities to participate in international grant-funded projects,
- collaborative and friendly research environment,
- an opportunity to live/study in one of the most liveable and safest cities in the world.
Requirements. A strong mathematical and cryptography background is required. Some knowledge/experience in coding (for example, Python, C/C++, SageMath) is a plus. Candidates must have completed (or be about to complete within the next 8 months) a significant research component either as part of their undergraduate (honours) degree or masters degree. They should have excellent English verbal and written communication skills.
How to apply. please first refer to mfesgin.github.io/supervision/ for more information. Then, please fill out the following form (also clickable from the advertisement title): https://docs.google.com/forms/d/e/1FAIpQLScOvp0w397TQMTjTa6T7TKqri703Z-c3en0aS654w6nl4_EFg/viewform
Closing date for applications:
Contact: Muhammed Esgin
More information: https://docs.google.com/forms/d/e/1FAIpQLScOvp0w397TQMTjTa6T7TKqri703Z-c3en0aS654w6nl4_EFg/viewform
08 April 2024
Vincent Gramoli, Zhenliang Lu, Qiang Tang, Pouriya Zarbafian
ePrint ReportIn this paper, we introduce a protocol for state machine replication with fair separability ($\mathsf{SMRFS}$); moreover, our protocol has communication complexity $\mathcal{O}(n\ell+\lambda n^2)$, where $n$ is the number of processes, $\ell$ is the input (transaction) size, and $\lambda$ is the security parameter. This is optimal when $\ell\geq \lambda n$, while previous works have cubic communication. To the best of our knowledge, $\mathsf{SMRFS}$ is the first protocol to achieve fair separability, and the first implementation of fair ordering that has optimal communication complexity and optimal Byzantine resilience.
Novak Kaluderovic, Nan Cheng, Katerina Mitrokotsa
ePrint ReportPrabhanjan Ananth, Aditya Gulati, Yao-Ting Lin
ePrint ReportOur main result is the construction of a statistically secure PRSG with: (a) the output length of the PRSG is strictly larger than the key size, (b) the security holds even if the adversary receives $O\left(\frac{\lambda}{(\log(\lambda))^{1.01}} \right)$ copies of the pseudorandom state. We show the optimality of our construction by showing a matching lower bound. Our construction is simple and its analysis uses elementary techniques.
Jun Xu, Zhiwei Li, Lei Hu
ePrint ReportLoïc Bidoux, Thibauld Feneuil, Philippe Gaborit, Romaric Neveu, Matthieu Rivain
ePrint ReportWhile a straightforward application of these frameworks already improve the existing MPCitH-based signatures, we show in this work that we can adapt the arithmetic constraints representing the underlying security assumptions (here called the modeling) to achieve smaller sizes using these new techniques. More precisely, we explore existing modelings for the rank syndrome decoding (RSD) and MinRank problems and we introduce a new modeling, named dual support decomposition, which achieves better sizes with the VOLEitH and TCitH frameworks by minimizing the size of the witnesses. While this modeling is naturally more efficient than the other ones for a large set of parameters, we show that it is possible to go even further and explore new areas of parameters. With these new modeling and parameters, we obtain low-size witnesses which drastically reduces the size of the ``arithmetic part'' of the signature. We apply our new modeling to both TCitH and VOLEitH frameworks and compare our results to RYDE, MiRitH, and MIRA signature schemes. We obtain signature sizes below 4 kB for 128 bits of security with N=256 parties (a.k.a. leaves in the GGM trees) and going as low as $\approx$ 3.5 kB with N=2048, for both RSD and MinRank. This represents an improvement of more than 1.5 kB compared to the original submissions to the 2023 NIST call for additional signatures. We also note that recent techniques optimizing the sizes of GGM trees are applicable to our schemes and further reduce the signature sizes by a few hundred bytes, bringing them arround 3 kB (for 128 bits of security with N=2048).