IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
12 April 2016
Darmstadt, Germany, 18 July 2016
Submission deadline: 13 May 2016
Notification: 20 June 2016
Bonn, Germany, 25 July - 29 July 2016
Chalmers University of Technology, Sweden
The PhD student is expected to have a MSc degree or equivalent, and strong background in mathematics and/or theoretical computer science, with some background in cryptography.
The position is fully funded for up to five years. The call for expressions of interest will remain open until a suitable candidate is appointed.
For any inquiries or to apply for the position, submit a full research curriculum-vitae (cv), names of two references, and a research statement to Prof. Katerina Mitrokotsa (aikmitr@ chalmers.se) clearly indicating the position sought.
Successful candidates will help to design and evaluate cryptographically reliable and privacy-preserving authentication protocols.
Closing date for applications: 15 May 2016
Contact: Katerina Mitrokotsa
Associate Professor
Chalmers University of Technology
Department of Computer Science and Engineering
Göteborg, Sweden
11 April 2016
Stéphanie Alt, Pierre-Alain Fouque, Gilles Macario-rat, Cristina Onete, Benjamin Richard
In this paper, we provide a formal security analysis of the \aka\ protocol in its complete three-party setting. We formulate requirements with respect to both Man-in-the-Middle (MiM) adversaries, i.e. key-indistinguishability and impersonation security, and to local untrusted serving networks, denoted "servers", namely state-confidentiality and soundness. We prove that the unmodified AKA protocol attains these properties as long as servers cannot be corrupted. Furthermore, adding a unique server identifier suffices to guarantee all the security statements even in in the presence of corrupted servers. We use a modular proof approach: the first step is to prove the security of (modified and unmodified) AKA with generic cryptographic algorithms that can be represented as a unitary pseudorandom function --PRF-- keyed either with the client's secret key or with the operator key. A second step proceeds to show that TUAK and Milenage guarantee this type of pseudorandomness, though the guarantee for Milenage requires a stronger assumption. Our paper provides (to our knowledge) the first complete, rigorous analysis of the original AKA protocol and these two instantiations. We stress that such an analysis is important for any protocol deployed in real-life scenarios.
Houda Ferradi, Rémi Géraud, Diana Maimut, , David Naccache, David Pointcheval
Lalitha Kiran Nemana, V. Ch. Venkaiah
Shweta Agrawal, Alon Rosen
The online component of our scheme significantly outperforms the best previously known construction of bounded key functional encryption by Gorbunov, Vaikuntanathan and Wee (CRYPTO12), and in fact quasi-linearly depends only on the message size in contrast to the GVW12 ciphertext, which additionally grows as O(q^4) for q queries. Security of our scheme is based on the Ring LWE assumption, which is comparable to the assumption underlying the GVW scheme and is well-established compared to those underlying known constructions of unbounded key functional encryption (based on multilinear maps and/or obfuscation).
To prove security of our scheme, we introduce a new proof technique, which we call noisy functional encryption. Arguing security via this technique requires the encryptor to artificially add noise to the decryption equation, providing an intriguing tradeoff between correctness and security. This technique appears to be quite general and we believe it is likely to have other applications.
Sanjit Chatterjee, Neal Koblitz, Alfred Menezes, Palash Sarkar
Nicolas Bruneau, Sylvain Guilley, Annelie Heuser, Damien Marion, Olivier Rioul
In this paper, we carry out a mathematical analysis of dimensionality reduction. We show that optimal attacks remain optimal after a first pass of preprocessing, which takes the form of a linear projection of the samples. We then investigate the state-of-the-art dimensionality reduction techniques, and find that asymptotically, the optimal strategy coincides with the linear discriminant analysis.
Jens Groth, Amit Sahai
Groups with bilinear maps have enjoyed tremendous success in the field of cryptography in recent years and have been used to construct a plethora of protocols. This paper provides non-interactive witness-indistinguishable proofs and non-interactive zero-knowledge proofs that can be used in connection with these protocols. Our goal is to spread the use of non-interactive cryptographic proofs from mainly theoretical purposes to the large class of practical cryptographic protocols based on bilinear groups.
08 April 2016
Bregenz, Austria, 18 October - 21 October 2016
Submission deadline: 27 May 2016
Notification: 11 July 2016
07 April 2016
Ari Juels, Ahmed Kosba, Elaine Shi
Next-generation cryptocurrencies such as Ethereum will include rich scripting languages in support of {\em smart contracts}, programs that autonomously intermediate transactions. In this paper, we explore the risk of smart contracts fueling new criminal ecosystems. Specifically, we show how what we call {\em criminal smart contracts} (CSCs) can facilitate leakage of confidential information, theft of cryptographic keys, and various real-world crimes (murder, arson, terrorism).
We show that CSCs for leakage of secrets (\`{a} la Wikileaks) are efficiently realizable in existing scripting languages such as that in Ethereum. We show that CSCs for theft of cryptographic keys can be achieved using primitives, such as Succinct Non-interactive ARguments of Knowledge (SNARKs), that are already expressible in these languages and for which efficient supporting language extensions are anticipated. We show similarly that authenticated data feeds, an emerging feature of smart contract systems, can facilitate CSCs for real-world crimes (e.g., property crimes).
Our results highlight the urgency of creating policy and technical safeguards against CSCs in order to realize the promise of smart contracts for beneficial goals.
David McGrew, Panos Kampanakis, Scott Fluhrer, Stefan-Lukas Gazdag, Denis Butin, Johannes Buchmann
Somindu C. Ramanna
Vahid Aminghafari, Honggang Hu
06 April 2016
Guangzhou University, Guangzhou, China; The University of Hong Kong, Hong Kong
- Security and Privacy in Big Data
- Security in Cloud Computing
- Applied Cryptography
- Biometric security
Successful candidate(s) will receive a competitive salary (around 50,000 USD-60,000 USD/per year) as well as research funding around 25,000USD.
Closing date for applications: 20 August 2016
Contact: Jin Li, jinli71 (at) gmail.com
Siuming Yiu, smyiu (at) cs.hku.hk
UK or France
The successful candidate will have significant experience with native code based products (C and Assembly) and is expected to take full responsibility for performing security evaluation tasks on the customers’ products. This will be completed through code review, vulnerability analysis, test planning and interpretation of test results. The evaluation tests are mainly carried out on embedded products, particularly payment devices, such as smart cards, POS terminals and mobile payment devices. A formal report will be expected for the customer, and the Senior Security Analyst is normally the technical coordinator for the entire project.
The ideal candidate will be particularly experienced in C, Java, assembly languages and EMV standards, perhaps with a background in data security and cryptography.
Closing date for applications: 6 June 2016
Contact: Dom Gooch - dominic.gooch (at) solagroup.com / 02032067564
UK or France
The successful candidate will have significant experience with Open Platform products and is expected to take full responsibility for performing security evaluation tasks on the customers’ products. This will be completed through code review, vulnerability analysis, test planning and interpretation of test results. The evaluation tests are mainly carried out on embedded products, particularly payment devices, such as smart cards, POS terminals and mobile payment devices. A formal report will be expected for the customer, and the Senior Security Analyst is normally the technical coordinator for the entire project.
The ideal candidate will be particularly experienced in C, Java, assembly languages, GlobalPlatform and EMV standards, and perhaps have a background in cryptography or data security.
Closing date for applications: 6 June 2016
Contact: Dom Gooch - dominic.gooch (at) solagroup.com / 02032067564
Suvradip Chakraborty, Srinivasan Raghuraman, C. Pandu Rangan
Atsushi Takayasu, Noboru Kunihiro
In this paper, we revisit the problem for an arbitrary \beta. At first, we summarize the previous results for 0<\beta<1/4. We reveal that there are some results that are not valid and show that Weger's algorithms provide the best bounds. Next, we propose an improved algorithm to solve the problem for 0<\beta<1/4. Our algorithm works when \delta<1-2(\sqrt{\beta(3+4 \beta)}-\beta)/3. Our algorithm construction is based on the combinations of Boneh and Durfee's two forms of lattices and it is more natural compared with previous works. For the cryptographic application, we introduce small secret exponent attacks on Multi-Prime RSA with small prime differences.