IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
11 November 2024
Kasra Abbaszadeh, Jonathan Katz
ePrint ReportWe formally define this notion and build several candidate constructions from standard cryptographic assumptions. In particular, we propose a primary construction from classical NIZK for NP and one-way functions, albeit with two limitations: (i) deletion certificates are only privately verifiable, and (ii) both prover and verifier are required to be quantum algorithms. We resolve these hurdles in two extensions that assume the quantum hardness of the learning with errors problem. The first one achieves publicly verifiable certificates, and the second one requires merely classical communication between classical provers and quantum verifiers.
Chuhan Lu, Nikhil Pappu
ePrint ReportVadim Lyubashevsky, Gregor Seiler, Patrick Steuer
ePrint ReportZhikun Wang, Ling Ren
ePrint ReportFrom a technical standpoint, we present a novel organization of hints where each PIR query consumes a hint, and entries in the consumed hint are relocated to other hints. We then present a new data structure to track the hint relocations and use small-domain pseudorandom permutations to make the hint storage sublinear while maintaining efficient lookups in the hints.
Lorenz Panny, Christophe Petit, Miha Stopar
ePrint ReportHadas Zeilberger
ePrint ReportJens Ernstberger, Chengru Zhang, Luca Ciprian, Philipp Jovanovic, Sebastian Steinhorst
ePrint ReportCarl Kwan, Quang Dao, Justin Thaler
ePrint ReportWe present an approach to formally verify Lasso-style lookup arguments against the semantics of instruction set architectures. We demonstrate our approach by formalizing and verifying all Jolt 32-bit instructions corresponding to the RISC-V base instruction set (RV32I) using the ACL2 theorem proving system. Our formal ACL2 model has undergone extensive validation against the Rust implementation of Jolt. Due to ACL2's bit-blasting, rewriting, and developer-friendly features, our formalization is highly automated.
Through formalization, we also discovered optimizations to the Jolt codebase, leading to improved efficiency without impacting correctness or soundness. In particular, we removed one unnecessary lookup each for four instructions, and reduced the sizes of three subtables by 87.5\%.
Omar Alrabiah, Prabhanjan Ananth, Miranda Christ, Yevgeniy Dodis, Sam Gunn
ePrint ReportIn this work, we show the following. - Adaptive robustness: We show that the pseudorandom codes of Christ and Gunn are adaptively robust, resolving a conjecture posed by Cohen, Hoover, and Schoenbach [S&P 2025]. Our proof involves several new ingredients, combining ideas from both cryptography and coding theory and taking hints from the analysis of Boolean functions. - Ideal security: We define an ideal pseudorandom code as one which is indistinguishable from the ideal functionality, capturing both the pseudorandomness and robustness properties in one simple definition. We show that any adaptively robust pseudorandom code for single-bit messages can be bootstrapped to build an ideal pseudorandom code with linear information rate, under no additional assumptions. - CCA security: In the setting where the encoding key is made public, we define a CCA-secure pseudorandom code in analogy with CCA-secure encryption. We show that any adaptively robust public-key pseudorandom code for single-bit messages can be used to build a CCA-secure pseudorandom code with linear information rate, in the random oracle model.
Together with the result of Christ and Gunn, it follows that there exist ideal pseudorandom codes assuming the $2^{O(\sqrt{n})}$-hardness of LPN. This extends to CCA security in the random oracle model. These results immediately imply stronger robustness guarantees for generative AI watermarking schemes, such as the practical quality-preserving image watermarks of Gunn, Zhao, and Song (2024).
F. Betül Durak, Abdullah Talayhan, Serge Vaudenay
ePrint ReportThe proposed framework involves a client (referring to the user or their devices), an identity manager (which authenticates the client), and an agent (which executes the action upon receiving consent). It supports various applications and ensures compatibility with existing identity managers. We require the client to keep no more than a password. The design addresses several security and privacy challenges, including preventing offline dictionary attacks, ensuring non-repudiable consent, and preventing unauthorized actions by the agent. Security is maintained even if either the identity manager or the agent is compromised, but not both.
Our notion of an identity manager is broad enough to include combinations of different authentication factors such as a password, a smartphone, a security device, biometrics, or an e-passport. We demonstrate applications for signing PDF documents, e-banking, and key recovery.
Nadiia Ichanska, Simon Berg, Nikolay S. Kaleyski, Yuyin Yu
ePrint ReportZichen Gui, Kenneth G. Paterson, Sikhar Patranabis
ePrint ReportIn this paper, we present the first leakage cryptanalysis of the substring-SSE scheme of Chase and Shen. We propose a novel inference-based query reconstruction attack that: (i) exploits a reduced version of the actual leakage profile of their scheme, and (ii) assumes a weaker attack model as compared to the one in which Chase and Shen originally claimed security. We implement our attack and experimentally validate its success rate and efficiency over two real-world datasets. Our attack achieves high query reconstruction rate with practical efficiency, and scales smoothly to large datasets containing $100,000$ strings.
To the best of our knowledge, ours is the first and only query reconstruction attack on (and the first systematic leakage cryptanalysis of) any substring-SSE scheme till date.
David Garvin, Oleksiy Kondratyev, Alexander Lipton, Marco Paini
ePrint ReportMasayuki Abe, Miguel Ambrona, Miyako Ohkubo
ePrint Report- Our schemes are hybrid, commit-and-prove zero-knowledge argument systems that establish a connection between secrets embedded in algebraic commitments and a relation represented by a Boolean circuit. - Our schemes incorporate diverse cross-domain secrets embedded within distinct algebraic commitments, simultaneously supporting Pedersen-like commitments and lattice-based commitments.
As an application, we develop circuit-represented compositions of Σ-protocols that support attractive access structures, such as weighted thresholds, that can be easily represented by a small circuit. For predicates P1, . . . , Pn individually associated with a Σ-protocol, and a predicate C represented by a Boolean circuit, we construct a Σ-protocol for proving C(P1, . . . , Pn) = 1. This result answers positively an open question posed by Abe, et. al., at TCC 2021.
10 November 2024
CryptoNext Security
Job PostingIn this role, you will design and implement cryptographic algorithms in languages like C and Java, optimize them for embedded and IoT systems, and address side-channel attacks. You’ll develop and integrate protocols such as TLS and IPSEC using tools like OpenSSL and ensure the security and performance of our software through rigorous testing. Collaboration is key as you’ll work closely with the team to integrate CryptoNext solutions with HSMs, VPNs, and PKI.
We’re looking for someone with a strong background in cryptography, including public-key, and proficiency in programming languages like C or Java. Problem-solving and independence are essential, and fluency in French and English is required.
You’ll join a high-level R&D team, working on cutting-edge projects in a hybrid environment at our Paris office near Gare de Lyon.
Closing date for applications:
Contact:
Apply here: https://apply.workable.com/cryptonext-security/j/B1F279EA06/
More information: https://apply.workable.com/cryptonext-security/j/B1F279EA06/
08 November 2024
Université de Montréal (Montréal, Canada)
Job PostingWe are seeking applicants for Ph.D. positions at Université de Montréal. The position is funded as part of the QUébec Ontario consoRtium on quantUM protocols (QUORUM). As a member of of the Consortium, candidates will have the opportunity to collaborate with Canada's foremost experts in cryptography and quantum information. Candidates will have the opportunity to undertake high-quality research in one of the following topics:
- Design of new quantum cryptographic protocols
- Security of classical cryptography against quantum adversaries
- Cryptography based on the hardness of keeping qubits in quantum superposition
- Quantum zero-knowledge proof systems
- Quantum multiparty secure computation
- Quantum money
The ideal applicant will have a strong background in theoretical computer science and mathematics, knowledge of cryptography and/or quantum information, and strong written and oral communication skills. A prior research experience is also desirable.
Université de Montréal is a French speaking institution. Fluency in French is an asset, but all are welcome to apply. Information on the Ph.D. program can be found here: https://diro.umontreal.ca/english/programs/graduate-programs/phd-in-computer-science
Possible start dates are the Summer or Fall 2025 semesters. To apply, send your resume, course transcript and any other relevant documents to philippe.lamontagne.1@umontreal.ca by December 31st, 2024.
Closing date for applications:
Contact: Philippe Lamontagne (philippe.lamontagne.1@umontreal.ca)
More information: https://diro.umontreal.ca/english/programs/graduate-programs/phd-in-computer-science
University of Luxembourg (SnT)
Job PostingThe candidate should have obtained or going to soon obtain the PhD. The research profile includes (any) cryptanalysis and/or equation system solving (e.g., Gröbner bases), parallel computing. Preference would be given to applicants with experience in multivariate and/or code-based cryptosystems and cryptanalysis methods, familiarity with computer algebra (SageMath, Magma).
The prospective candidates should send their CV with a list of publications to aleksei.udovenko at uni.lu (same address can be used for any questions related to the position). Deadline for applications is 15th of December 2024, but applications will be considered upon receipt, so early application is encouraged.
Closing date for applications:
Contact: Aleksei Udovenko (aleksei.udovenko at uni.lu)
Yanju Chen, Juson Xia, Bo Wen, Kyle Charbonnet, Hongbo Wen, Hanzhi Liu, Yu Feng
ePrint ReportHengcheng Zhou
ePrint ReportAlper Çakan, Vipul Goyal, Justin Raizes
ePrint ReportIn this work, we initiate the study of certified deniability in order to obtain a more comprehensive notion of deletion. Certified deniability uses a simulation-based security definition, ensuring that any information the user has kept after deletion could have been learned without being given the deleteable object to begin with; meaning that deletion leaves no trace behind! We define and construct two non-interactive primitives that satisfy certified deniability in the quantum random oracle model: signatures and non-interactive zero-knowledge arguments (NIZKs). As a consequence, for example, it is not possible to delete a signature/NIZK and later provide convincing evidence that it used to exist. Notably, our results utilize uniquely quantum phenomena to bypass Pass's (CRYPTO '03) celebrated result showing that deniable NIZKs are impossible even in the random oracle model.