IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
03 April 2017
Dakshita Khurana, Amit Sahai
ePrint Report- We construct two-message public-coin non-malleable commitments with respect to commitment, assuming sub-exponentially hard one-way permutations, sub-exponential ZAPs, and sub-exponentially hard DDH.
- We obtain two-message private-coin non-malleable commitments with respect to commitment, assuming only sub-exponentially hard DDH or QR or Nth-residuosity.
- We also bootstrap the above protocols (under the same assumptions) to obtain bounded-concurrent non-malleability while preserving round complexity.
In order to obtain our results, we develop a new two-round black-box extraction technique that is based on two-party secure computation, and may be of independent interest.
Yuanqi Shen, Hai Zhou
ePrint ReportMatthias Krause
ePrint ReportPooya Farshim, Claudio Orlandi, Răzvan Roşie
ePrint ReportLiwei Zhang, A. Adam Ding, Francois Durvaux, Francois-Xavier Standaert, Yunsi Fei
ePrint ReportWenquan Bi, Zheng Li, Xiaoyang Dong, Xiaoyun Wang
ePrint Report02 April 2017
Universitat Rovira i Virgili
Job PostingThe scholarship is a Martí Franquès - COFUND grant, which receives funding from a Marie Sk?odowska-Curie Horizon 2020 research and innovation programme (http://www.urv.cat/en/research/support/programmes/marti-franques/cofund/). This research project is called \"Characterizing access structures with efficient secret sharing schemes\" (2017MFP-COFUND-12). The gross anual salary is 26443.80 €, and there is also an anual budget of 6500 € for travels, research and training.
The submission deadline is April 15, the official notification of winners is on July 31, and the fellowship will start on October 1.
If you are interested in it, send an email to oriol.farras (at) urv.cat and start the submission process (http://www.urv.cat/en/research/support/programmes/marti-franques/cofund/submission/).
Closing date for applications: 15 April 2017
Contact: Oriol Farràs (oriol.farras (at) urv.cat, https://sites.google.com/site/oriolfv/)
Hongik University, Korea
Job Posting
Closing date for applications: 20 April 2017
Contact: Professor Seong Oun Hwang at sohwang (at) hongik.ac.kr
More information: http://shinan.hongik.ac.kr/~sohwang/index_e.htm
30 March 2017
Kamil Doruk G\"{u}r, Yuriy Polyakov, Kurt Rohloff, Gerard W. Ryan, Erkay Sava\c{s}
ePrint ReportMaik Ender, Alexander Wild, Amir Moradi
ePrint ReportThorben Moos, Amir Moradi
ePrint ReportDominique Unruh
ePrint ReportKeith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, Karn Seth
ePrint ReportRafael del Pino, Vadim Lyubashevsky
ePrint ReportOne can do better if one considers simultaneously proving the knowledge of many instances of the above linear equation. The protocol that has the smallest amortized communication complexity while achieving close-to-optimal slack (i.e. the ratio between the coefficients in the secret and those that can be extracted from the proof) is due to Cramer et al. (Eurocrypt '17) which builds on an earlier work of Baum et al. (Crypto '16). The main downside of this protocol is that the amortization only kicks in when the number of equations is rather large -- $4k^2$. This means that for $k=128$, it is only truly optimal when one has more than $2^{16}$ equations to prove. The aforementioned work of Cramer et al. also shows how to achieve a protocol requiring $o(k^2)$ samples, but it is only applicable for much larger values of $k$ and the number of required samples ends up being larger than $2^{16}$.
The main result of our work is reducing the concrete minimal number of equations required for the amortization, while keeping the communication complexity almost unchanged. The cost of this is an increase in the running time of the zero-knowledge proof. More specifically, we show that one can decrease the required number of equations by a factor of $\Omega(\log^2{\alpha})$ at the cost of increasing the running time by a factor of $\Omega(\alpha)$. For example, increasing the running time by a factor of $8$ allows us to decrease the required number of samples from $66000$ to $4500$ -- a factor of $14$. As a side benefit, the slack of our protocol decreases by a factor of $\log{\alpha}$ as well.
We also show that in the case that $f$ is a function over the polynomial ring $\mathbb Z[X]/(X^d+1)$ and we would like to give a proof of knowledge of an $\mathbf x'$ with small coefficients such that $f(\mathbf x')=2y$, then the number of samples needed for amortization is even lower. Without any trade-offs in the running time, our algorithm requires around $2000$ samples, and for the same factor $8$ increase in the running time, the requirement goes down to $850$.
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha
ePrint ReportIn our signature constructions, the public key is an image y=f(x) of a one-way function f and secret key x. A signature is a non-interactive zero-knowledge proof of x, that incorporates a message to be signed. For this proof, we leverage recent progress of Giacomelli et al. (USENIX'16) in constructing an efficient sigma protocol for statements over general circuits. We improve this sigma protocol to reduce proof sizes by a factor of two, at no additional computational cost. While this is of independent interest as it yields more compact proofs for any circuit, it also decreases our signature sizes.
We consider two possibilities for making the proof non-interactive, the Fiat-Shamir transform, and Unruh's transform (EUROCRYPT'12,'15,'16). The former has smaller signatures, while the latter has a security analysis in the quantum-accessible random oracle model. By customizing Unruh's transform to our application, the overhead is reduced to 1.6x when compared to the Fiat-Shamir transform, which does not have a rigorous post-quantum security analysis.
We implement and benchmark both approaches and explore the possible choice of f, taking advantage of the recent trend to strive for practical symmetric ciphers with a particularly low number of multiplications and end up using LowMC.
27 March 2017
Eurocrypt
You can register online at https://secure.iacr.org/conferences/eurocrypt2017/register/
There are two available registration options:
- If you are registering to attend EUROCRYPT 2017, regardless of whether you are attending any additional workshops, please select option #1 of the registration form.
- If you are registering to attend the workshops but not attending EUROCRYPT 2017, please select option #2 of the registration form.
The program includes invited talks by:
- Gilles Barthe (IMDEA Software Institute, Spain) on Advances in computer-aided cryptography
- Nigel Smart (University of Bristol) on Living Between the Ideal and Real Worlds
University of York, UK
Job PostingThe Role
We welcome applications from researchers with a track record as an international leader in Cybersecurity, with some emphasis on pragmatic aspects of Cybersecurity. You will actively engage and collaborate with colleagues leading the development of Cybersecurity research and teaching. You\'ll develop relationships across the wider University and beyond, to help build a distinctive and positive working environment that emphasises excellence.
Salary will be commensurate with experience on the professorial scale: current minimum £61,539 a year
Interviews will be held in York on: 25th May 2017
Why York?
We are a dynamic, research-intensive university and have experienced significant growth over the past ten years, securing national and international recognition for our academic excellence. Our attractive landscaped campus has seen significant development which will continue as the University continues to develop. We are recognised consistently for our family-friendly policies and proud of our Athena SWAN Award.
Closing date for applications: 10 April 2017
Contact: Informal enquiries may be directed to Professor Neil Audsley (neil.audsley (at) york.ac.uk)
More information: https://jobs.york.ac.uk/wd/plsql/wd_portal.show_job?p_web_site_id=3885&p_web_page_id=305603
University College London
Job PostingIn order to remove any regulatory obstacles to the adoption of the positive applications of these technologies, it is therefore important to address these negative applications and convince regulators they can be dealt with appropriately. To achieve this, we will develop (1) new heuristics for identifying relationships in a cryptocurrency ecosystem; (2) tools for collecting and analyzing data from underground markets; and (3) new techniques to ensure that honest users continue to maintain their privacy. Eventually, these will all be incorporated into a microservice architecture that provides a forensic tool.
This project is funded by an EU H2020 grant, and will be carried out with partners across Europe. The ideal candidate will have a strong degree in Computer Science, Mathematics, or a related MSc course, and some proficiency with cryptography, machine learning, and/or data analytics.
Closing date for applications: 1 June 2017
Contact: Sarah Meiklejohn
More information: https://www.prism.ucl.ac.uk/#!/?project=229
Yunwen Liu, Vincent Rijmen
ePrint Report26 March 2017
Alex Lombardi, Vinod Vaikuntanathan
ePrint ReportHowever, it was previously unknown if $\text{TSA}$ is an ``optimal'' predicate according to other complexity measures: in particular, decision tree (DT-)complexity (i.e., the smallest depth of a binary decision tree computing $P$) and $\mathbb Q$-degree (i.e., the degree of $P$ as a polynomial over $\mathbb Q$), which are important measures of complexity in cryptographic applications such as the construction of an indistinguishability obfuscation scheme. In this work, we ask: Can Goldreich's PRG be instantiated with a predicate with DT-complexity or $\mathbb Q$-degree less than $5$?
We show that this is indeed possible: we give a candidate predicate for Goldreich's PRG with DT-complexity $4$ and $\mathbb Q$-degree $3$; in particular, this candidate PRG therefore has the property that every output bit is a degree 3 polynomial in its input. Moreover, Goldreich's PRG instantiated with our predicate has security properties similar to what is known for $\text{TSA}$, namely security against $\mathbb F_2$-linear attacks and security against attacks from SDP hierarchies such as the Lasserre/Parrilo sum-of-squares hierarchy.
We also show that all predicates with either DT-complexity less than $4$ or $\mathbb Q$-degree less than $3$ yield insecure PRGs, so our candidate predicate simultaneously achieves the best possible locality, DT-complexity, $\mathbb Q$-degree, and $\mathbb F_2$-degree according to all known attacks.