IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
26 September 2016
Wesleyan University, Middletown Connecticut, USA
Job PostingThe Department of Mathematics and Computer Science at Wesleyan University invites applications for a tenure track assistant professorship in mathematics to begin in fall, 2017. Candidates must possess, or be close to completing, a Ph.D. or equivalent degree, and must have strong records in both research and teaching.
We seek strong candidates whose research interests are in applied mathematics, broadly construed, and which are compatible with the existing research interests of the department. Relevant areas include, but are very much not limited to, algebraic statistics, applied topology, coding theory, discrete and computational geometry, cryptography, optimization, and stochastic processes. Exceptional candidates in any field compatible with the research interests of the faculty are also encouraged to apply.
Teaching duties will be two courses in each semester, typically including a graduate-level course. Additional duties include advising and mentoring students, and participating in faculty governance at the departmental and university level.
For full consideration applications must be received by November 15, 2016, and must include a cover letter, curriculum vitae, research statement, teaching statement, and at least four letters of recommendation, one of which evaluates teaching. As part of the teaching statement, we invite you to describe your cultural competencies and experiences engaging a diverse student body. Applications must be submitted online at mathjobs.org.
For a full version of our job description, please visit
https://www.mathjobs.org/jobs/jobs/8903
Closing date for applications: 15 November 2016
Contact: Adam Fieldsteel, Chair, Department of Mathematics and Computer Science, Wesleyan University, Middletown, CT 06459,
email: afieldsteel (at) wesleyan.edu
More information: https://www.mathjobs.org/jobs/jobs/8903
Security Lab, SICS Swedish ICT, Sweden
Job PostingThe successful applicant will have a solid background in one or more of the following topics:
• Network virtualization security
• Secure cloud orchestration
• Platform virtualization security
• Secure and robust communication in the IoT
• Secure and efficient key management for the IoT
• Security and privacy for authorization in the IoT
Applicants with either theoretical skills or practical implementation skills are welcome. The successful applicants are expected to take an active role in the scientific research projects conducted in the lab and will have the opportunity to participate in the co-supervision of Masters or PhD students. There is also the potential to participate in industry collaborations. In order to increase gender equality, we especially welcome female applicants.
Requirements:
• Master’s degree (or equivalent) in Computer Science, Mathematics, or a similar discipline
• Extensive knowledge in the areas of IT security, proven in the form of publications in these areas.
• Excellent English language skills
• Applicants must be cleared to graduate from their PhD program by the commencement of the position.
Monthly salary: 35.000 SEK
Closing date for applications: 15 October 2016
Contact: Christian Gehrmann
Lab Manager, SICS Security
More information: https://www.sics.se/groups/security-lab-sec#node-12248
24 September 2016
Subhadeep Banik, Andrey Bogdanov, Francesco Regazzoni
ePrint ReportMatthias Hamann, Matthias Krause, Willi Meier
ePrint ReportLiang Wang, Rafael Pass, abhi shelat, Thomas Ristenpart
ePrint ReportKoh-ichi Nagao
ePrint ReportxL algorithm, is the algorithm for solving quadratic equations system, which consists of $n$ variables and $m$ equations. Here, $n$ and $m$ are considered as parameters. Put $D=D(n,m)$ by the maximal degree of the polynomials, which appears in the computation of solving equations system by xL. Courtois et al. observe and assume the following assumption;
1) There are small integer $C_0$, such that $D(n,n+C_0)$ is usually in $O(\sqrt{n})$, and the cost for solving equations system is in $O(exp(n^{1/2+0(1)}))$. However, this observation is optimistic and it must have the following assumption
2) The equations system have small number of the solutions over algebraic closure. (In this draft we assume the number of the solutions is 0 or 1)
In the previous version's bit coincidence mining algorithm (in 2015), the number of the solutions of the desired equations system over algebraic closure is small and it can be probabilistically controlled to be 1 and the assumption 2) is indirectly true. For my sense, the reason that xL algorithm, which is the beautiful heuristic, is not widely used is that the general equations system over finite field does not satisfy the assumption 2) (there are many solutions over algebraic closure) and is complexity is much larger.
In the previous draft, I show that the ECDLP of $E({\bf F}_q)$ reduces to solving equations system consists of $d-1$ variables and $d+C_0-1$ equations where $C_0$ is an arbitrary positive integer and $d \sim C_0 \times \log_2 q$. So, the complexity for solving ECDLP is in subexponential under the following assumption
a) There are some positive integer $C_0$ independent from $n$, such that solving quadratic equations system consists of $n$ variables and $m=n+C_0$ equations (and we must assume the assumption 2)) by xL algorithm, the maximum degree of the polynomials $D=D(n,m)$, appears in this routine is in $O(\sqrt{n})$ in high probability.
Here, we propose the new algorithm that ECDLP of $E({\bf F}_q)$ is essentially reducing to solving equations system consists of $d-1$ variables and $\frac{b_0}{2}d$ equations where $b_0(\ge 2)$ is an arbitrary positive integer named block size and $d \sim (b_0-1)\log_{b_0} q$. Here, we mainly treat the case block size $b_0=3$. In this case, ECDLP is essentially reducing to solving equations system consists of about $2 \log_3 q$ variables and $3 \log_3 q$ equations. So that the desired assumption 1) is always true. Moreover, the number of the solutions (over algebraic closure) of this equations system can be probabilistically controlled to be 1 and the desired assumption 2) is also true.
In the former part of this manuscript, the author states the algorithm for the construction of equations system that ECDLP is reduced and in the latter part of this manuscript, the author state the ideas and devices in order for increasing the number of the equations, which means the obtained equations system is easily solved by xL algorithm.
Erick Nascimento, Lukasz Chmielewski, David Oswald, Peter Schwabe
ePrint ReportWei Yang, Yuchen Cao, Ke Ma, Hailong Zhang, Yongbin Zhou, Baofeng Li
ePrint ReportHoussem Maghrebi, Thibault Portigliatti, Emmanuel Prouff
ePrint Report21 September 2016
Paul Grubbs, Richard McPherson, Muhammad Naveed, Thomas Ristenpart, Vitaly Shmatikov
ePrint ReportIddo Bentov, Rafael Pass, Elaine Shi
ePrint ReportIn this work, we seek to address the following basic questions:
What kind of functionalities and robustness requirements should a consensus candidate offer to be suitable in a proof-of-stake application?
Can we design a provably secure protocol that satisfies these requirements?
To the best of our knowledge, we are the first to formally articulate a set of requirements for consensus candidates for proofs-of-stake. We argue that any consensus protocol satisfying these properties can be used for proofs-of-stake, as long as money does not switch hands too quickly. Moreover, we provide the first consensus candidate that provably satisfies the desired robustness properties.
Iddo Bentov, Rafael Pass, Elaine Shi
ePrint ReportRafael Pass, Elaine Shi
ePrint ReportRafael Pass, Elaine Shi
ePrint ReportAssuming honest participation, however, is a strong assumption, especially in a setting where honest players are expected to perform a lot of work (to solve the computational puzzles). In Nakamoto's Bitcoin application of the blockchain protocol, players are incentivized to solve these puzzles by receiving rewards for every ``blocks'' (of transactions) they contribute to the blockchain. An elegant work by Eyal and Sirer (FinancialCrypt'14), strengthening and formalizing an earlier attack discussed on the Bitcoin forum, demonstrates that a coalition controlling even a minority fraction of the computational power in the network can gain (close to) 2 times its ``fair share'' of the rewards (and transation fees) by deviating from the protocol instructions. In contrast, in a fair protocol, one would expect that players controlling a $\phi$ fraction of the computational resources to reap a $\phi$ fraction of the rewards.
In this work, we present a new blockchain protocol---the FruitChain protocol---which satisfies the same consistency and liveness properties as Nakamoto's protocol (assuming an honest majority of the computing power), and additionally is $\delta$-approximately fair: with overwhelming probability, any honest set of players controlling a $\phi$ fraction of computational power is guaranteed to get at least a fraction $(1 - \delta) \phi$ of the blocks (and thus rewards) in any $Omega( \kappa/\delta )$ length segment of the chain (where $\kappa$ is the security parameter).
As a consequence, if this blockchain protocol is used as the ledger underlying a cryptocurrency system, where rewards and transaction fees are evenly distributed among the miners of blocks in a length kappa segment of the chain, no coalition controlling less than a majority of the computing power can gain more than a factor $(1 + 3\delta)$ by deviating from the protocol (i.e., honest participation is an $n/2$-coalition-safe $3\delta$-Nash equilibrium).
Finally, the fruit chain protocol enables decreasing the variance of mining rewards and as such significantly lessens (or even obliterates) the need for mining pools.
Melissa Chase, Sarah Meiklejohn
ePrint ReportGora Adj, Isaac Canales-Mart\'inez, Nareli Cruz-Cort\'es, Alfred Menezes, Thomaz Oliveira, Luis Rivera-Zamarripa, Francisco Rodr\'iguez-Henr\'iquez
ePrint ReportBusan, Korea, 13 February - 15 February 2017
Event CalendarSubmission deadline: 5 October 2016
Notification: 15 November 2016
19 September 2016
Boru Gong, Yunlei Zhao
ePrint ReportIn this work, we propose a new type of attack, referred to as small field attack (SFA), against the one-pass protocol $\Pi_1$, as well as its resultant deniable encryption scheme. With SFA, a malicious user can efficiently recover the static private key of the honest victim user in $\Pi_1$ with overwhelming probability. Moreover, the SFA attack is realistic and powerful in practice, in the sense that it is almost impossible for the honest user to prevent, or even detect, the attack. Besides, some new property regarding the CRT basis of $R_q$ is also developed in this work, which is essential for our small field attack and may be of independent interest.
The security proof of the two-pass protocol $\Pi_2$ is then revisited. We are stunk at Claim 16 in [ZZDS14], with a gap identified and discussed in the security proof. To us, we do not know how to fix the gap, which traces back to some critical differences between the security proof of HMQV and that of its RLWE-based analogue.