IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
24 August 2016
Gizem S. \c{C}etin, Wei Dai, Yark{\i}n Dor\"{o}z, William J. Martin, Berk Sunar
Bar Alon, Eran Omri
Recently, in a breakthrough result, Haitner and Tsfadia [STOC 2014] constructed an $O(\log^3(r)/r)$-fair (almost optimal) three-party coin-tossing protocol. Their work brings forth a combination of novel techniques for coping with the difficulties of constructing fair coin-tossing protocols. Still, the best coin-tossing protocols for the case where more than 2/3 of the parties may be corrupted (and even when $t=2m/3$, where $m>3$) were $\theta(1/\sqrt{r})$-fair. We construct an $O(\log^3(r)/r)$-fair $m$-party coin-tossing protocol, tolerating up to $t$ corrupted parties, whenever $m$ is constant and $t<3m/4$.
Vladimir Kolesnikov, Ranjit Kumaresan, Mike Rosulek, Ni Trieu
We explore in detail our protocol's application to semi-honest secure private set intersection (PSI). The fastest state-of-the-art PSI protocol (Pinkas et al., Usenix 2015) is based on efficient OT extension. We observe that our OPRF can be used to remove their PSI protocol's dependence on the bit-length of the parties' items. We implemented both PSI protocol variants and found ours to be 3.1--3.6$\times$ faster than Pinkas et al.\ for PSI of 128-bit strings and sufficiently large sets. Concretely, ours requires only 3.8 seconds to securely compute the intersection of $2^{20}$-size sets, regardless of the bitlength of the items. For very large sets, our protocol is only $4.3\times$ slower than the {\em insecure} na\"{\i}ve hashing approach for PSI.
Karthikeyan Bhargavan, Gaëtan Leurent
In this work, we demonstrate two concrete attacks that exploit collisions on short block ciphers. First, we present an attack on the use of 3DES in HTTPS that can be used to recover a secret session cookie. Second, we show how a similar attack on Blowfish can be used to recover HTTP BasicAuth credentials sent over OpenVPN connections. In our proof-of-concept demos, the attacker needs to capture about 785GB of data, which takes between 19-38 hours in our setting. This complexity is comparable to the recent RC4 attacks on TLS: the only fully implemented attack takes 75 hours. We evaluate the impact of our attacks by measuring the use of 64-bit block ciphers in real-world protocols. We discuss mitigations, such as disabling all 64-bit block ciphers, and report on the response of various software vendors to our responsible disclosure of these attacks.
Aysajan Abidin, Abdelrahaman Aly, Sara Cleemput, Mustafa A. Mustafa
23 August 2016
Greetings from the IACR! It is now a few days since Crypto 2016 wrapped up. For those of you who weren't able to make it to the membership meeting, here are some of the important things you missed. You can see IACR President Christian Cachin's complete slides from the membership meeting at https://www.iacr.org/docs/minutes/minutes.html.
2016 IACR Election
The 2016 IACR election is being held to fill all four IACR Officer positions (president, vice president, treasurer, secretary) and three of nine IACR Director positions. Nominations are due by September 24, 2016. Information about the vacant positions and a nomination form can be found at https://www.iacr.org/elections/2016/.
2018 IACR Distinguished Lecture
The board has selected Mitsuru Matsui to give the 2018 IACR Distinguished Lecture. The lecture will be delivered at Asiacrypt 2018 (December) in Brisbane, Australia. Information about the IACR Distinguished Lectures can be found at https://www.iacr.org/publications/dl/.
New Cryptology ePrint Archive editor
Nigel Smart has stepped down as co-editor of ePrint. We thank him for his dedicated service to the community. He is replaced by Tancrède Lepoint, who joins Alexandra Boldyreva as the current ePrint co-editors.
Future Events
Two upcoming IACR events have been recently approved by the board:
- CHES 2017 will be in Taipei, Taiwan (September 26-28). Bo-Yin Yang & Chen-Mou Cheng will be general chairs, while Naofumi Homma & Wieland Fischer will be program co-chairs.
- TCC 2017 will be at Johns Hopkins University in Baltimore, USA (November 13-15). Abhishek Jain will be general chair, while Yael Kalai & Leonid Reyzin will be program co-chairs.
Upcoming deadlines:
- August 31 (extended!): Propose an IACR Cryptology School for the next cycle. See http://iacr.org/schools/propose.php.
- September 1: Submit to FSE 2017 / issue 2 of Transactions on Symmetric Cryptology. See http://www.nuee.nagoya-u.ac.jp/labs/tiwata/fse2017/.
- September 2 (extended!): Propose an event to be affiliated with Eurocrypt and EuroS&P in Paris. See https://eurocrypt2017.di.ens.fr/cfw.html.
- September 24: Nominate for the IACR election. See https://www.iacr.org/elections/2016/.
- October 1: Eurocrypt submission deadline. See https://eurocrypt2017.di.ens.fr/cfp.html.
- October 6: PKC submission deadline. See http://www.iacr.org/workshops/pkc2017/cfp.html.
University of Passau, Germany
The advertised position does not include a tenure track option. The first appointment is for a 3-years period, with an option of an extension for another 3 years upon successful evaluation.
The position is associated with a teaching load of 5 hours per week before evaluation (within the first 3 years) and 7 hours per week after evaluation. Teaching programs in Passau are offered in English and German languages. German language skills sufficient for teaching are desired, but exceptional candidates with a credible commitment to achieve proficiency within the duration of the appointment will be considered.
Please consult the official (German-language) announcement for more details on the position and how to apply. Note that only the official announcement on the University web page is legally binding.
http://www.uni-passau.de/fileadmin/dokumente/beschaeftigte/Stellenangebote/2016-W_1-Juniorprofessur_Hardware_Oriented_Security.pdf
Closing date for applications: 15 September 2016
Contact: Prof. Ilia Polian
More information: http://www.uni-passau.de/universitaet/stellenangebote/
Cyber Security Consulting - Abu Dhabi, UAE
We are looking for an expert who has good familiarity with standards (SPs, CAVP, FIPS 140-2, CMVP, etc.). The incumbent must have expertise in design of end-to-end secure protocols with PFS and validation using mathematical proofs and test vectors. Expertise in existing network protocols (e.g., TLS, OpenSSL) and knowledge of inherent vulnerabilities, cryptographic security analysis and security proofs covering: Symmetric crypto and Modes of Operation (state of art block ciphers , Rijndael variants, stream ciphers, etc.), Public Key Crypto / PKI (RSA, ECC, ECDSA, ECDH, etc.), Hashing Algorithms, Random Number Generation Algorithms, etc. Must have expertise in theoretical cryptanalysis techniques: Based on underlying mathematics of asymmetric ciphers (IF, DL, EC schemes)
We offer a tax-free package and an opportunity to live in an advanced city with easy access to the rest of the world.
For more information on the role and the organisation, please send your resume to itjobsuae16 (at) gmail (dot) com
Closing date for applications: 31 December 2016
22 August 2016
Abu Dhabi, UAE, 2 April - 6 April 2017
Submission deadline: 1 November 2016
Notification: 10 January 2017
University of Alabama at Birmingham
We seek a student interested in advancing the security of Bitcoin and related distributed peer-to-peer systems, understanding the theoretical foundations of decentralized networks, and developing disruptive technologies. Work may include big data management, incentive structures and consensus protocols, smart contracts, financial services, Internet of Things, quantum algorithms, decentralized governance, certification, and other forms of distributed trust.
The successful candidate will receive a Graduate Assistanship package with a starting annual stipend of $19,500 plus health insurance benefits and tuition waiver. Birmingham and its surrounding area offers natural beauty and modest cost-of-living. Applicants should hold an undergraduate degree in computer science, mathematics, or a related field prior to commencement of study. Coding and analytic skills will be viewed favorably. Please see the website below for additional information, requirements, and application instructions.
https://cis.uab.edu/academics/graduates/doctoral-degree-program/graduate-program-prerequisites/
Indicate in your application materials your interest in this position.
Closing date for applications: 31 December 2016
Contact: Informal inquiries may be sent to either Dr. Zheng (http://cis.uab.edu/yzheng/) or Dr. Teutsch (http://people.cs.uchicago.edu/~teutsch/).
Cambridge, UK, 18 September - 22 September 2017
20 August 2016
University of California Santa Barbara
Apply via the UCSB Recruit. The URL is given below.
Closing date for applications: 5 September 2016
Contact: Dr. Çetin Kaya Koç
koc (at) cs.ucsb.edu
http://koclab.cs.ucsb.edu
More information: https://recruit.ap.ucsb.edu/apply/JPF00802
Vadim Lyubashevsky
As of today, there haven't been any weaknesses found in Ring-SIS or Ring-LWE problems when one uses an $f(x)$ which leads to a meaningful worst-case to average-case reduction, but there have been some recent algorithms for related problems that heavily use the algebraic structures of the underlying rings. It is thus conceivable that some rings could give rise to more difficult instances of Ring-SIS and Ring-LWE than other rings. A more ideal scenario would therefore be if there would be an average-case problem, allowing for efficient cryptographic constructions, that is based on the hardness of finding short vectors in ideals of $Z[x]/\langle f(x)\rangle$ for \emph{every} $f(x)$.\\
In this work, we show that the above may actually be possible. We construct a digital signature scheme based (in the random oracle model) on a simple adaptation of the Ring-SIS problem which is as hard to break as worst-case problems in every $f(x)$ whose degree is bounded by the parameters of the scheme. Up to constant factors, our scheme is as efficient as the highly practical schemes that work over the ring $Z[x]/\langle x^n+1\rangle$.
Huijia Lin, Vinod Vaikuntanathan
We present a new construction of IO, with a security reduction based on two assumptions: (a) a DDH-like assumption called the joint-SXDH assumption on constant degree graded en- codings, and (b) the existence of polynomial-stretch pseudorandom generators (PRG) in NC0. Our assumption on graded encodings is simple, has constant size, and does not require handling composite-order rings. This narrows the gap between the mathematical objects that exist (bilinear maps, from elliptic curve groups) and ones that suffice to construct general purpose indistinguishability obfuscation.
Mihir Bellare, Viet Tung Hoang, Stefano Tessaro
Christoph Dobraunig, Maria Eichlseder, Thomas Korak, Florian Mendel
David Derler, Daniel Slamanig
We close this gap and initiate the study of key-homomorphic signatures, which turns out to be an interesting and versatile concept. In doing so, we firstly propose a definitional framework for key-homomorphic signatures distilling various natural flavours of key-homomorphic properties. Those properties aim to generalize larger classes of existing signature schemes, which makes it possible to infer general statements about signature schemes from those classes by simply making black-box usage of the respective properties. We then employ our definitional framework to show elegant and simple compilers from classes of schemes satisfying different types of key-homomorphisms to a number of other interesting primitives such as ring signature schemes, (universal) designated verifier signature schemes and multisignature schemes.
Moreover, we introduce the notion of multikey-homomorphic signatures. Such schemes provide homomorphic properties on the message space of signatures under different keys. We discuss key-homomorphisms in this context and present some first constructive results from key-homomorphic schemes. Finally, we discuss some interesting open problems and an application of multikey-homomorphic schemes to verifiable delegation of computations.
Ilan Komargodski
Dodis et al. (FOCS '10) formalized and constructed leakage resilient one-way functions. These are one-way functions $f$ such that given a random image $f(x)$ and leakage $g(x)$ it is still hard to invert $f(x)$. Based on any one-way function, Dodis et al. constructed such a one-way function that is leakage resilient assuming that an attacker can leak any lossy function g of the input.
In this work we consider the problem of constructing leakage resilient one-way functions that are secure with respect to arbitrary computationally hiding leakage (a.k.a auxiliary-input). We consider both types of leakage --- selective and adaptive --- and prove various possibility and impossibility results. On the negative side, we show that if the leakage is an adaptively-chosen arbitrary one-way function, then it is impossible to construct leakage resilient one-way functions. The latter is proved both in the random oracle model (without any further assumptions) and in the standard model based on a strong vector-variant of DDH. On the positive side, we observe that when the leakage is chosen ahead of time, there are leakage resilient one-way functions based on a variety of assumption.