IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
22 February 2016
Xingguang Zhou, Jianwei Liu, Weiran Liu, Qianhong Wu
Michele Ciampi, Giuseppe Persiano, Alessandra Scafuro, Luisa Siniscalchi, Ivan Visconti
Joseph Jaeger, Thomas Ristenpart, Qiang Tang
We show that one can build HE schemes that can hide partial information about plaintexts and that prevent mauling even in the face of exhaustive brute force attacks. To do so, we introduce target-distribution semantic-security and target-distribution non-malleability security notions and proofs that a slight variant of the JR HE construction can meet them. The proofs require new balls-and-bins type analyses significantly different from those used in prior work. Finally, we provide a formal proof of the folklore result that an unbounded adversary which obtains a limited number of encryptions of known plaintexts can always succeed at message recovery.
Marcin Andrychowicz, Stefan Dziembowski, and Sebastian Faust
Our results can be summarized as follows. First, we construct circuit compilers with perfect security and leakage rate $O(1/\log(n))$, where $n$ denotes the security parameter (previously known constructions achieved rate $O(1/n)$). Moreover, for the circuits that have only affine gates we obtain a construction with a constant leakage rate. In particular, our techniques can be used to obtain constant-rate leakage-resilient schemes for refreshing an encoded secret (previously known schemes could tolerate leakage rates $O(1/n)$).
We also show that our main construction is secure against constant-rate leakage in the random probing leakage model, where the leaking wires are chosen randomly.
Yupeng Zhang, Jonathan Katz, Charalampos Papamanthou
We thoroughly study file-injection attacks--in which the server sends files to the client that the client then encrypts and stores--on the query privacy of single-keyword and conjunctive SE schemes. We show such attacks can reveal the client's queries in their entirety using very few injected files, even for SE schemes having low leakage. We also demonstrate that natural countermeasures for preventing file-injection attacks can be easily circumvented. Our attacks outperform prior work significantly in terms of their effectiveness as well as in terms of their assumptions about the attacker's prior knowledge.
Jacques Patarin, Val\'erie Nachef
Jacques Patarin
Zhangjiajie, Chinia, 16 November - 18 November 2016
Submission deadline: 1 July 2016
Notification: 15 August 2016
19 February 2016
Ran Raz
More formally, in the problem of parity learning, an unknown string $x \in \{0,1\}^n$ was chosen uniformly at random. A learner tries to learn $x$ from a stream of samples $(a_1, b_1), (a_2, b_2)... $, where each $a_t$ is uniformly distributed over $\{0,1\}^n$ and $b_t$ is the inner product of $a_t$ and $x$, modulo 2. We show that any algorithm for parity learning, that uses less than $n^2/25$ bits of memory, requires an exponential number of samples.
Previously, there was no non-trivial lower bound on the number of samples needed, for any learning problem, even if the allowed memory size is $O(n)$ (where $n$ is the space needed to store one sample).
We also give an application of our result in the field of bounded-storage cryptography. We show an encryption scheme that requires a private key of length $n$, as well as time complexity of $n$ per encryption/decryption of each bit, and is provenly and unconditionally secure as long as the attacker uses less than $n^2/25$ memory bits and the scheme is used at most an exponential number of times. Previous works on bounded-storage cryptography assumed that the memory size used by the attacker is at most linear in the time needed for encryption/decryption.
Peter Gazi, Stefano Tessaro
We propose a seeded variant of Bertoni et al.'s PRNG with input which we prove secure in the sense of robustness, delivering in particular concrete security bounds. On the way, we make what we believe to be an important conceptual contribution, developing a variant of the security framework of Dodis et al. tailored at the ideal permutation model that captures PRNG security in settings where the weakly random inputs are provided from a large class of possible adversarial samplers which are also allowed to query the random permutation.
As a further application of our techniques, we also present a simple and very efficient key-derivation function based on sponges (which can hence be instantiated from SHA-3 in a black-box fashion), which we also prove secure when fed with samples from permutation-dependent distributions.
Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, Elaine Shi
We present an authenticated data feed system called Town Crier (TC). TC builds on the observation that many web sites, such as major news and finance sites, already serve as trusted data sources for non-blockchain uses. TC acts as a bridge between such servers and smart contract systems. It uses trusted hardware to authenticate and scrape data from HTTPS-enabled websites and to generate trustworthy data for relying smart contracts. It also includes a range of advanced features such as support for private data requests, which involve decryption and evaluation of request ciphertext within TC's hardware.
We describe the TC architecture, its underlying trust model, and its applications, and report on an implementation that uses the newly released Intel SGX software development kit and furnishes data for the smart-contract system Ethereum. To the best of our knowledge, ours is the first research paper reporting system implementation on a real SGX-enabled host. Finally, we present formal proofs of the security of TC, including correct handling of payment in Ethereum. We will soon be launching TC as an online public service.
Ilias Giechaskiel, Cas Cremers, Kasper Rasmussen
We present the first systematic analysis of the effect of broken primitives on Bitcoin. We identify the core cryptographic building blocks and analyze the various ways in which they can break, and the subsequent effect on the main Bitcoin security guarantees. Our analysis reveals a wide range of possible effects depending on the primitive and type of breakage, ranging from minor privacy violations to a complete breakdown of the currency.
Our results lead to several observations on, and suggestions for, the Bitcoin migration plans in case of broken cryptographic primitives.
Gr\'egory Demay, Peter Ga\v{z}i, Ueli Maurer, Bj\"orn Tackmann
Our contributions are two-fold. First, we provide a new, general technique for stating security guarantees that degrade gracefully and which could not be expressed with existing formalisms. Our method is simple, does not require new security definitions, and can be carried out in any simulation-based security framework (thus providing composability). Second, we apply our approach to revisit the analysis of password-based message authentication and of password-based encryption (PBE), investigating whether they provide strong per-session guarantees.
In the case of PBE, one would intuitively expect a weak form of confidentiality, where a transmitted message only leaks to the adversary once the underlying password is guessed. Indeed, we show that PBE does achieve this weak confidentiality if an upper-bound on the number of adversarial password-guessing queries is known in advance for each session. However, such local restrictions appear to be questionable since we show that standard domain separation techniques employed in password-based cryptography, such as salting, can only provide global restrictions on the number of adversarial password-guessing queries. Quite surprisingly, we show that in this more realistic scenario the desired per-session confidentiality is unachievable. This impossibility result resolves an open problem stated by Bellare, Ristenpart and Tessaro (CRYPTO 2012).
Hung Dang, Ee-Chien Chang
L\'eo Ducas, Damien Stehle
18 February 2016
AIT Austrian Institute of Technology, Vienna, Austria
Further infos:
- Direct job posting: http://www.ait.ac.at/fileadmin/inserate/Jobs/Science/Scientist_for_Applied_Crypthography.pdf
- AIT Digital Safety & Security Department: http://www.ait.ac.at/departments/digital-safety-security
Closing date for applications: 30 April 2016
Contact:
- Thomas Loruenser, Department Digital Safety & Security, AIT Austrian Institute of Technology, or
- Maria Leonhard-Maurer, Head of Human Resources, E-Mail: maria.leonhard-maurer (at) ait.ac.at
More information: http://www.ait.ac.at/fileadmin/inserate/Jobs/Science/Scientist_for_Applied_Crypthography.pdf
United Kingdom or France
The successful candidate for this position will have significant experience performing security evaluation tasks on customers’ products – through code review, vulnerability analysis, test planning and interpretation of test results. The tasks are mainly carried out on embedded products, particularly payment devices, such as smart cards, POS terminals and mobile payment devices. A formal report will then be prepared for the customer.
Security Analysts are expected to maintain a high level of expertise regarding known threats and to follow technical developments in the embedded security arena to protect transaction applications. You will be particularly experienced in C, Java, assembly languages, GlobalPlatform and EMV standards, perhaps with a background in cryptography or data security. You will also be responsible for supporting the Project Management team on evaluation scoping, resource requirements, and certification body and customer expectations. Formal report writing in line with customer and certification scheme requirements will also be required.
Closing date for applications: 20 April 2016
Contact: Dom Gooch / 02032067564 / dominic.gooch (at) solagroup.com
University of Luxembourg, Cryptolux team
applied crypto, cryptanalysis, crypto finance, privacy.
Applications will be considered on receipt therefore applying before the deadline is encouraged.
Closing date for applications: 30 March 2016
Contact: Prof. Alex Biryukov
More information: https://www.cryptolux.org/index.php/Vacancies