IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
10 August 2016
Russell Impagliazzo; Ragesh Jaiswal; Valentine Kabanets; Bruce M. Kapron; Valerie King; Stefano Tessaro
Even in the restricted model, we require that for the original channel, the failure chance for the attacker must be a factor $c$ more than that for the intended receiver. We show that for any $c > 4 $, there is a one-way protocol (where the sender sends information to the receiver only) which achieves simultaneous secrecy and reliability. From results of Holenstein and Renner (\emph{CRYPTO'05}), there are no such one-way protocols for $c < 2$. On the other hand, we also show that for $c > 1.5$, there are two-way protocols that achieve simultaneous secrecy and reliability.
We propose using similar models to address other questions in the theory of cryptography, such as using noisy channels for secret agreement, trade-offs between reliability and secrecy, and the equivalence of various notions of oblivious channels and secure computation.
Jo\"el Alwen, Jeremiah Blocki
A key security desiderata for any such algorithm is that evaluating it (even using a custom device) requires a large amount of memory amortized across multiple instances. Alwen and Blocki (CRYPTO 2016) introduced a class of theoretical attacks against Argon2i-A and BH. While these attacks yield large asymptotic reductions in the amount of memory, it was not, a priori, clear if (1) they can be extended to the newer Argon2i-B, (2) the attacks are effective on any algorithm for practical parameter ranges (e.g., 1GB of memory) and (3) if they can be effectively instantiated against any algorithm under realistic hardware constrains.
In this work we answer all three of these questions to the affirmative for all three algorithms. It is also the first work to analyze the security of Argon2i-B. In more detail, we extend the theoretical attacks of Alwen and Blocki (CRYPTO 2016) to the recent Argon2i-B proposal demonstrating severe asymptotic deficiencies in its security. Next we introduce several novel heuristics for improving the attack's concrete memory efficiency even when on-chip memory bandwidth is bounded. We then simulate our attacks on randomly sampled Argon2i-A, Argon2i-B and BH instances and measure the resulting memory consumption for various practical parameter ranges and for a variety of upperbounds on the amount of parallelism available to the attacker. Finally we describe, implement and test a new heuristic for applying the Alwen-Blocki attack to functions employing a technique developed by Corrigan-Gibs et al. for improving concrete security of memory-hard functions.
We analyze the collected data and show the effects various parameters have on the memory consumption of the attack. In particular, we can draw several interesting conclusions about the level of security provided by these functions. \begin{itemize} \item For the Alwen-Blocki attack to fail against practical memory parameters, Argon2i-B must be instantiated with more than 10 passes on memory. The current IRTF proposal calls even just 6 passes as the recommended ``paranoid'' setting. \item More generally, the parameter selection process in the proposal is flawed in that it tends towards producing parameters for which the attack is successful (even under realistic constraints on parallelism). \item The technique of Corrigan-Gibs for improving security can also be overcome by the Alwen-Blocki attack under realistic hardware constraints. \item On a positive note, both the asymptotic and concrete security of Argon2i-B seem to improve on that of Argon2i-A. \end{itemize}
Erdem Alkim, Philipp Jakubeit, Peter Schwabe
09 August 2016
Giuseppe Ateniese, Bernardo Magri, Daniele Venturi, Ewerton Andrade
Our approach generically leverages so-called chameleon hash functions (Krawczyk and Rabin, NDSS '00), which allow to efficiently determine hash collisions given a secret trapdoor information. We detail how to integrate a chameleon hash function in virtually any blockchain-based technology, for both cases where the power of redacting the blockchain content is in the hands of a single trusted entity and where such a capability is distributed among several distrustful parties (as is the case in Bitcoin).
We also report on a proof-of-concept implementation of a redactable blockchain, building on top of Nakamoto's Bitcoin core. The implementation only requires minimal changes to the way current client software interprets information stored in the blockchain and to the current blockchain, block, or transaction structures. Moreover, our experiments show that the overhead imposed by a redactable blockchain is small compared to the case of an immutable one.
David Bernhard, Véronique Cortier, Olivier Pereira, Ben Smyth, Bogdan Warinschi
Michael T. Goodrich, Evgenios M. Kornaropoulos, Michael Mitzenmacher, Roberto Tamassia
We introduce auditable data structures, where an auditor can observe data structures at arbitrary times (as in SHI), but we relax the unrealistic restriction that data structures cannot react to observations, since in most applications of history-independence, data owners know when observations have occurred. We consider two audit scenariossecure topology, where an auditor can observe the contents and pointers of a data structure, and secure implementation, where an auditor can observe the memory layout of a data structure. We present a generic template for auditable data structures and, as a foundation for any auditable data structure, an Auditable Memory Manager (AMM), which is an efficient memory manager that translates any auditable data structure with a secure topology into one with a secure implementation. We give a prototype implementation that provides empirical evidence that the worst-case time running times of our AMM are 45× to 8,300× faster than those of a well-known SHI memory manager. Thus, auditable data structures provide a practical way of achieving time efficiency, as in WHI, while allowing for multiple audits, as in SHI.
Christoph Dobraunig, Maria Eichlseder, Florian Mendel
We present a key-recovery attack against MANTIS-5 with $2^{28}$ chosen plaintexts and a computational complexity of about $2^{52}$ block cipher calls, which violates this claim.
Shi Bai, Damien Stehlé , Weiqiang Wen
Adnan Baysal, Ünal Kocabaş
08 August 2016
Adnan Baysal, Mustafa Çoban, Mehmet Özen
Simon Cogliani, Bao Feng, Houda Ferradi, R\'emi G\'eraud, Diana Maimut, David Naccache, Rodrigo Portella do Canto, Guilin Wang
The proposed algorithm is provably secure, and achieves zero-knowledge authentication of a network in a time logarithmic in the number of nodes.
Kwangsu Lee
Mohammad Etemad, Alptekin Küpçü
Pasquale Forte, Diego Romano, Giovanni Schmid
04 August 2016
University of Wollongong, Australia
UOW is a leading Australian university with a history of outstanding achievements in teaching and learning, research and community engagement. It is fundamentally committed to providing our diverse body of students with an engaging world class and internationally oriented learning experience. The University has also established a strong research profile and an outstanding record of achievement in research performance and intensity over the last decade.
The successful candidate will have a national/international reputation in cyber security research field, innovative teaching experience, an established research profile and demonstrable commitment to positive change. You may be required to teach outside of standard business hours, offshore delivery and other locations, such as Liverpool, Sydney.
Candidates must address the selection criteria outlined in the position description. Submissions must be done via the website. No email submission is accepted.
For further enquiries, please contact Head of School, Professor Willy Susilo on wsusilo (at) uow.edu.au.
Closing date for applications: 11 September 2016
Contact: Professor Willy Susilo
More information: http://uow.employment.com.au/jobs/Lecturer--Senior-Lecturer-in-Cyber-Security/2333
Institute for Infocomm Research, Singapore
Interested candidates please send CV to Jianying Zhou. Fresh PhD is welcome to apply. Review of applications will begin immediately and will continue until the positions are filled. Only short-listed candidates will be contacted for interview.
Closing date for applications: 30 September 2016
Contact: Dr. Jianying Zhou, Dept Head, Infocomm Security, Institute for Infocomm Research.
More information: http://icsd.i2r.a-star.edu.sg/
02 August 2016
Peter Rindal, Mike Rosulek
Our starting point is the protocol of Dong, Chen \& Wen (CCS 2013) that is based on Bloom filters. We identify a bug in their malicious-secure variant and show how to fix it using a cut-and-choose approach that has low overhead while simultaneously avoiding one the main computational bottleneck in their original protocol. We also point out some subtleties that arise when using Bloom filters in malicious-secure cryptographic protocols.
We have implemented our PSI protocols and report on its performance. Our improvements reduce the cost of Dong et al.'s protocol by a factor of $8-75\times$ on a single thread. For instance, our protocol has an online time of 14 seconds and an overall time of 3.3 minutes to securely compute the intersection of two sets of 1 million items each.