IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
20 March 2017
Berk Gulmezoglu, Thomas Eisenbarth, Berk Sunar
ePrint ReportHere we propose a machine learning based technique to classify applications according to their cache access profiles. We show that with minimal and simple manual processing steps feature vectors can be used to train models using support vector machines to classify the applications with a high degree of success. The profiling and training steps are completely automated and do not require any inspection or study of the code to be classified. In native execution, we achieve a successful classification rate as high as 98\% (L1 cache) and 78\% (LLC) over 40 benchmark applications in the Phoronix suite with mild training. In the cross-VM setting on the noisy Amazon EC2 the success rate drops to 60\% for a suite of 25 applications. With this initial study we demonstrate that it is possible to train meaningful models to successfully predict applications running in co-located instances.
Mateus Borges, Quoc-Sang Phan, Antonio Filieri, Corina S. P\u{a}s\u{a}reanu
ePrint Report15 March 2017
NIT Raipur
Job PostingExplosive growth in the numbers of forged images has created a situation where authenticity of every image is a suspect. Also it is not humanly possible to examine each suspect image manually by experts. Thus researchers are coming up with methods to verify the authenticity of an image without any human intervention. New schemes for verification of suspect images are getting published every other day without any formal analysis of their performance. Most of these schemes employ fancy image processing techniques and their reliability is proven against standard image processing operations that can be performed using off the shelf software like Adobe Photoshop. A proper evaluation of these forensics schemes is need of the hour and we want to design anti-forensics scheme meant for JPEG compression.
Closing date for applications: 23 March 2017
More information: http://nitrr.ac.in/downloads/recruitment/recruitment2017/project_fellow/JRF_MCA_10032017.pdf
14 March 2017
Colin Boyd, Xavier Boyen, Christopher Carr, Thomas Haines
ePrint ReportRiad S. Wahby, Ye Ji, Andrew J. Blumberg, abhi shelat, Justin Thaler, Michael Walfish, Thomas Wies
ePrint ReportThis paper describes a new VA system, called Giraffe; charges Giraffe for all three costs; and identifies regimes where outsourcing is worthwhile. Giraffes base is an interactive proof geared to data parallel computation. Giraffe makes this protocol asymptotically optimal for the prover, which is of independent interest. Giraffe also develops a design template that produces hardware designs automatically for a wide range of parameters, introduces hardware primitives molded to the protocols data flows, and incorporates program analyses that expand applicability. Giraffe wins even when outsourcing several tens of sub-computations, scales to 500x larger computations than prior work, and can profitably outsource parts of programs that are not worthwhile to outsource in full.
Alexander Russell, Cristopher Moore, Aggelos Kiayias, Saad Quader
ePrint Report31 March 2017
Event CalendarSubmission deadline: 31 March 2017
Notification: 15 July 2017
Ho Chi Minh City, Vietnam, 6 September - 8 September 2017
Event CalendarSubmission deadline: 28 April 2017
Notification: 23 June 2017
Centre for Secure Information Technologies (CSIT), Queen\'s University Belfast
Job PostingThis research will investigate the design of novel Physical Unclonable Functions, which exploit random variations found in the silicon used in the manufacture of electronic chips as an inherently lightweight means to uniquely identify and authenticate IoT devices.The main aims of the proposed research are:
• To investigate novel software-based PUF designs for an embedded micro-controller (MCU) in addition to a multi-PUF design based on combining software and/or hardware PUFs.
• To investigate methods to accurately evaluate the entropy offered by a PUF primitive, as current metrics vary widely and can depend on how the PUF is to be subsequently used.
• To study the use of PUFs in higher level protocols.
This is a GCHQ-sponsored PhD studentship; therefore, only UK nationals are eligible for this funding.
Closing date for applications: 31 May 2017
More information: http://www.qub.ac.uk/schools/eeecs/Research/PhDStudy/NewBatch-Dec2016/PhD2017-52/
11 March 2017
Dan Boneh, Yuval Ishai, Amit Sahai, David J. Wu
ePrint ReportWe then show a surprising connection between our new lattice-based SNARGs and the concrete efficiency of program obfuscation. All existing obfuscation candidates currently rely on multilinear maps. Among the constructions that make black-box use of the multilinear map, obfuscating a circuit of even moderate depth (say, 100) requires a multilinear map with multilinearity degree in excess of 2^100. In this work, we show that an ideal obfuscation of both the decryption function in a fully homomorphic encryption scheme and a variant of the verification algorithm of our new lattice-based SNARG yields a general-purpose obfuscator for all circuits. Finally, we give some concrete estimates needed to obfuscate this "obfuscation-complete" primitive. We estimate that at 80-bits of security, a (black-box) multilinear map with ≈2^12 levels of multilinearity suffices. This is over 2^80 times more efficient than existing candidates, and thus, represents an important milestone towards implementable program obfuscation for all circuits.
Tomer Ashur, Orr Dunkelman, Atul Luykx
ePrint ReportTim Ruffing, Pedro Moreno-Sanchez
ePrint ReportThe goal of this work is to overcome this trade-off. Building on CoinJoin, we design ValueShuffle, the first coin mixing protocol compatible with Confidential Transactions, a proposed enhancement to the Bitcoin protocol to hide payment values in the blockchain. ValueShuffle ensures the anonymity of mixing participants as well as the confidentiality of their payment values even against other possibly malicious mixing participants. By combining CoinJoin with Confidential Transactions and additionally Stealth Addresses, ValueShuffle provides comprehensive privacy (payer anonymity, payee anonymity, and payment value privacy) without breaking with fundamental design principles or features of the current Bitcoin system. Assuming that Confidential Transactions will be integrated in the Bitcoin protocol, ValueShuffle makes it possible to mix funds of different value as well as to mix and spend funds in the same transaction, which overcomes the two main limitations of previous coin mixing protocols.
Tim Ruffing, Giulio Malavolta
ePrint ReportIn this paper, our aim is to overcome this dilemma. We introduce switch commitments, which constitute a cryptographic middle ground between computationally binding and statistically binding commitments. The key property of this novel primitive is the possibility to switch existing commitments, e.g., recorded in the blockchain, from computational bindingness to statistical bindingness if doubts in the underlying hardness assumption arise. This switch trades off efficiency for security. We provide a practical and simple construction of switch commitments by proving that ElGamal commitments with a restricted message space are secure switch commitments.
Pierre Loidreau
ePrint ReportIsheeta Nargis
ePrint ReportKevin Milner, Cas Cremers, Jiangshan Yu, Mark Ryan
ePrint ReportPrevious works have studied domain-specific partial solutions to this problem. For example, Google's Certificate Transparency aims to provide infrastructure to detect the misuse of a certificate authority's signing key, logs have been used for detecting endpoint compromise, and protocols have been proposed to detect cloned RFID/smart cards. Contrary to these existing approaches, for which the designs are interwoven with domain-specific considerations and which usually do not enable fully automatic response (i.e., they need human assessment), our approach shows where automatic action is possible. Our results unify, provide design rationales, and suggest improvements for the existing domain-specific solutions.
Based on our analysis, we construct several mechanisms for the detection of misuse. Our mechanisms enable automatic response, such as revoking keys or shutting down services, thereby substantially limiting the impact of a compromise.
In several case studies, we show how our mechanisms can be used to substantially increase the security guarantees of a wide range of systems, such as web logins, payment systems, or electronic door locks. For example, we propose and formally verify an improved version of Cloudflare's Keyless SSL protocol that enables key misuse detection.
10 March 2017
NEC Laboratories Europe
Job PostingWe are looking for a Research Scientist / Senior Researcher to contribute to research and development in the areas of security and privacy with a special focus on applied cryptography, access control, cloud security, and distributed systems security. Our work ranges from foundational research and IPR creation to prototype development for NEC products and services. We support individual creativity, strong teamwork as well as scientific publications. English is the working language in the Laboratories. Initially, this position is limited to two years.
Applicants are sought with experience and skills in these areas:
- Excellent publication track record in security or applied cryptography.
- Strong experience in system security, distributed systems security, or software security.
- Strong experience in applied cryptography, cryptographic protocols, and security models.
- Proven experience in handling and managing large scale projects.
- Excellent interpersonal and communication skills in English. Knowledge of Japanese is a plus.
- Experience in software development including experience with programming languages, such as Golang, Java, or C/C++.
Candidates with a fresh Ph.D. in Security, Cryptography, Computer Science, or a closely related field, with a hands-on approach and proven skills in real-world problem solving are preferred.
Closing date for applications: 1 May 2017
Contact: Dr. Ghassan Karame, ghassan.karame (at) neclab.eu
Amardeo Sarma, amardeo.sarma (at) neclab.eu
More information: http://www.neclab.eu/jobs/openings/staff/NEC-NLE-1703-229-SEC-2-Security_Researcher.pdf
Microsoft Research
Job PostingClosing date for applications: 31 May 2017
Contact: Kristin Lauter, Research Manager
msrcryptointerns (at) outlook.com
More information: https://www.microsoft.com/en-us/research/project/homomorphic-encryption/
08 March 2017
Shashank Agrawal, Melissa Chase
ePrint ReportAward
Jan Camenisch: For contributions to the theory and practice of privacy-preserving protocols and impact on government policy and industry.
Louis Guillou: For visionary actions that brought cryptography and smart cards to the real world, and for essential contributions to cryptographic standards.
Kwangjo Kim: For cryptographic design, education, and leadership, and for exemplary service to IACR and the Asia-Pacific cryptographic community.
Christof Paar: For founding CHES, service to the IACR, and for important contributions to secure and efficient implementation of cryptography.
Kenneth G. Paterson: For research and service contributions spanning theory and practice, and improving the security of widely deployed protocols.
Congratulations to the new fellows!