IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
03 June 2016
Nir Bitansky, Ryo Nishimaki, Alain Passelègue, Daniel Wichs
Dahmun Goudarzi; Matthieu Rivain
Martin Hirt, Ueli Maurer, Daniel Tschudi, Vassilis Zikas
To our knowledge, with the exception of two recent works by Chandran et al. [ITCS 2015] and by Moran et al. [TCC 2015], existing MPC protocols do not hide the topology of the underlying communication network. Moreover, the above two solutions are either not applicable to arbitrary networks (as is [ITCS 2015]) or, as in [TCC 2015], they make non-black-box and recursive use of cryptographic primitives resulting in an unrealistic communication and computation complexity even for simple, i.e., low degree and diameter, networks.
Our work suggests the first topology-hiding communication protocol for incomplete networks which makes black-box use of the underlying cryptographic assumption-in particular, a public-key encryption scheme-and tolerates any adversary who passively corrupts arbitrarily many network nodes. Our solutions are based on a new, enhanced variant of threshold homomorphic encryption, in short, TH-PKE, that requires no a-priori setup and allows to circulate an encrypted message over any (unknown) incomplete network and then decrypt it without revealing any network information to intermediate nodes. We show how to realize this enhanced TH-PKE from the DDH assumption. The black-box nature of our scheme, along with some optimization tricks that we employ, makes our communication protocol more efficient than existing solutions.
We then use our communication protocol to make any semi-honest secure MPC protocol topology-hiding with a reasonable-i.e., for simple networks, polynomial with small constants-communication and computation overhead. We further show how to construct anonymous broadcast without using expensive MPCs to setup the original pseudonyms.
Arthur Gervais, Ghassan O. Karame, Karl Wüst, Vasileios Glykantzis, Hubert Ritzdorf, Srdjan Capkun
In this paper, we introduce a novel quantitative framework to analyse the security and performance implications of various consensus and network parameters of PoW blockchains. Based on our framework, we devise optimal adversarial strategies for double-spending and selfish mining while taking into account real world constraints such as network propagation, different block sizes, block generation intervals, information propagation mechanism, and the impact of eclipse attacks. Our framework therefore allows us to capture existing PoW-based deployments as well as PoW blockchain variants that are instantiated with different parameters, and to objectively compare the tradeoffs between their performance and security provisions.
Christina Boura, Anne Canteaut
02 June 2016
University College London
Authentication technology plays a critical role in securing access to online services, such as banking, email and social networking. Session authentication schemes establish the identity of the user only at the beginning of the session so are vulnerable to attacks which tamper with communications after the authenticated session has been established. Transaction authentication schemes defend against such attacks by performing an additional authentication step at critical parts of the session, but are unpopular with users due to repeated authentication. Continuous authentication schemes, in contrast, verify user identity and intent throughout the session. So far, such schemes have had limited use in practice due to two primary weaknesses of existing approaches: privacy concerns and risk of false positives/false negatives.
This project aims to address these limitations by designing and evaluating new approaches for continuous authentication, based on a solid theoretical underpinning so as to give a high degree of confidence that the resulting decisions match expectations and requirements. Furthermore the project will focus on ways to preserve user privacy by processing behavioural measurements on the user’s computer such that sensitive information is not sent to the online service. The evaluation to be performed will consider the false-positive/false-negative rates, privacy impact, user acceptance and costs of deployment and operation.
The student will be supervised by Dr Steven Murdoch in the Information Security Group at University College London, in collaboration with VASCO Data Security.
The successful applicant will have their fees paid in full at the home/EU rate at UCL and receive a tax-free stipend at standard EPSRC rates. The project is to start on the 26th September 2016, in line with the start of the 2016/17 Academic Year at UCL.
Closing date for applications: 27 June 2016
Contact: Submit applications online using the PRiSM (the UCL application system). Contact Dr Steven Murdoch (s.murdoch (at) ucl.ac.uk) for queries about the position
More information: https://www.prism.ucl.ac.uk/#!/?project=185
New Jersey Institute of Technology, Newark, USA
The Postdoctoral Research Associate is expected to pursue research towards establishing a framework that provides strong integrity, availability and reliability guarantees for data outsourced at cloud storage providers. Familiarity with cloud storage systems and applied cryptography is preferred.
The candidates are expected to:
- have completed their PhD degree in Computer Science or closely related areas,
- have adequate cybersecurity/applied cryptography research experience demonstrated through a good publication record, and
- have excellent verbal and written skills in English
We expect the position to be available immediately for one year and to be renewable, based on mutual interest and availability of funding.
Interested applicants should submit their CV and the names of at least two references by applying as soon as possible at https://njit.jobs/applicants/Central?quickFind=55066. Applications will be reviewed on a rolling basis until the position is filled.
Work environment and location:
Details about the center\'s research activities can be found at:
http://centers.njit.edu/cybersecurity/.
The Department of Computer Science at NJIT includes 27 tenured/tenure track professors and is rapidly expanding, supported by the university\'s \"2020 Vision\" strategic plan. Sources of research funding include DARPA, NSF, NIH, DHS, DOE, ARL, and ONR to name a few. Located in Northern New Jersey, within the greater New York Metropolitan area, NJIT is part of a vibrant ecosystem of research universities and corporate research centers.
Closing date for applications: 30 June 2016
Contact: Prof. Reza Curtmola
More information: https://njit.jobs/applicants/Central?quickFind=55066
Queensland University of Technology
You\'ll investigate security in a particular control system (such as UAV) or perhaps a cluster of systems that exhibits similar design characteristics. This research is likely to relate to a generic key management protocols to implement authentication and confidentiality. Another possible research avenue is software defined networking and its impact on availability or how it can be used to mitigate denial of service (DoS) attacks.
Closing date for applications: 1 August 2016
Contact: Professor Josef Pieprzyk
More information: https://www.qut.edu.au/study/fees-and-scholarships/scholarships-and-prizes/control-system-security-scholarship
Iraklis Leontiadis, Ming Li
Jintai Ding, Saed Alsayigh, Jean Lancrenon, Saraswathy RV, Michael Snook
Jean-Sebastien Coron, Rina Zeitoun
Andrew D. Zonenberg; Bulent Yener
Xiong Fan, Juan Garay, Payman Mohassel
As a feasibility result, we provide the first instantiation of all variants of adjustable signatures based on indistinguishability obfuscation. Our starting point is the state-of-the-art construction by Ramchen and Waters [CCS 2014]. We observe that their scheme fails to meet our requirements for an adjustable signatures scheme, and enhance it to obtain {\em shorter} (and adjustable) signatures, {\em faster} signing and strong unforgeability.
For the simpler case of setup-adjustable signatures, we also provide a concrete construction based on the BLS signature scheme, by instantiating it using smaller group sizes that yield shorter signature lengths while providing reasonable security. We implement this scheme for various signature sizes an report on its efficiency.
Brent Carmer, Mike Rosulek
Our main technical result is that it is possible to decide {\em in polynomial time} whether two given Linicrypt programs induce computationally indistinguishable distributions (against arbitrary PPT adversaries, in the random oracle model).
We show also that indistinguishability of Linicrypt programs can be expressed as an existential formula, making the model amenable to {\em automated program synthesis.} In other words, it is possible to use a SAT/SMT solver to automatically generate Linicrypt programs satisfying a given security constraint. Interestingly, the properties of Linicrypt imply that this synthesis approach is both sound and complete.
We demonstrate this approach by synthesizing Linicrypt constructions of garbled circuits.
Markus Kammerstetter; Markus Muellner; Daniel Burian; Christian Kudera; Wolfgang Kastner
Lucas Schabhüser, Denise Demirel, Johannes Buchmann
01 June 2016
IRISA, Rennes, France
Looking for a Ph.D. thesis that combines computer security and mathematics? IRISA (https://www.irisa.fr/en), the computer science laboratory of Rennes in France, seeks to hire an outstanding doctoral student to perform research in the field of formal modeling and analysis of security. The position is within the project entitled Attack-Defense Trees for Computer Security: Formal Modeling of Preventive and Reactive Countermeasures. A detailed description of the thesis topic is available at http://people.irisa.fr/Barbara.Kordy/vacancies.php and at http://people.irisa.fr/Barbara.Kordy/vacancies/PhD_16.pdf
Candidate profile
The candidate is expected to have
-
A Master degree in computer science or mathematics;
- A proven interest in formal methods and formal modeling;
- Excellent written and oral English skills.
Background in computer security will be a plus. Knowledge of French is not required.
Application
Applications should be written in English and include the following documents
Motivation letter clearly explaining the candidate\'s interest in the proposed topic and his/her fit to the position;
- Curriculum Vitae (including contact information, education and work experience, short description of the master thesis, list of publications, etc.);
- Transcript of grades from all university-level courses taken;
- Contact information for 2 referees.
Applications will be considered on a rolling basis until the position is filled. Documents should be submitted by e-mail to dr. Barbara Kordy (barbara.kordy (at) irisa.fr).
Closing date for applications: 30 October 2016
Contact: Barbara Kordy
barbara.kordy (at) irisa.fr
More information: http://people.irisa.fr/Barbara.Kordy/vacancies.php
Aggelos Kiayias, Giorgos Panagiotakos
We introduce a new formal framework for the analysis of blockchain protocols that relies on trees (rather than chains) and we showcase the power of the framework by providing a unified description of the \GHOST and Bitcoin protocols, the former of which we extract and formally describe in our framework. We then prove that \GHOST implements a ``robust transaction ledger'' (i.e., possesses liveness and persistence) and hence it is a provably secure alternative to Bitcoin.
We then focus on the liveness property of both Bitcoin and \GHOST, i.e., the worst-case transaction confirmation time that can be expected when playing against an adversary. We present a general attack methodology against liveness and we instantiate it with two attacks for Bitcoin and \GHOST. We prove that our attack for Bitcoin is essentially optimal. Furthermore, we perform simulation results and we demonstrate that for a wide range of confirmation parameter choices and hashing power bounds for the adversary, \GHOST, when under our attack, performs about the same or worse than Bitcoin in terms of transaction confirmation time. % Our results highlight the importance of provable security analysis in the context of blockchain protocols.
Geoffroy Couteau
In this work, we design new two-party protocols for the greater-than functionality, secure against honest-but-curious adversaries (who follow the specifications of the protocol), improving over the state of the art. They can be readily used in a large variety of applications in which secure comparisons constitute the main efficiency bottleneck. Our protocols are defined in the preprocessing model, and are extremely efficient during the online phase. They are based solely on oblivious transfers, and can therefore use oblivious transfer extensions to get rid of all but a constant amount of expensive computations. Toward our goal of secure comparison, we also design protocols for testing equality between private inputs, which improve similarly over the state of the art. The latter contribution is of independent interest.