IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
07 June 2017
CISPA, Saarbrücken, Germany
Job PostingA doctoral degree in computer science or related areas and an outstanding research track record are required. Applicants are expected to pursue an internationally visible research agenda and to build up their research team. Candidates for senior positions must be internationally accomplished scientists.
The cybersecurity research center CISPA, currently in the founding process to join the German Helmholtz Association as a new member, provides a unique work environment that offers the advantages of a university department and a research laboratory alike: Faculty will be offered highly competitive research salaries and institutional funding; they enjoy academic freedom, and build and lead their team of PhD students and postdocs; they attract additional third-party funds, supervise doctoral theses, and are granted the opportunity to teach graduate and undergraduate courses. CISPA moreover offers outstanding technical infrastructure and administrative support.
CISPA is located in Saarbrücken, in the tri-border area of Germany, France, and Luxembourg. We maintain an international and diverse work environment and seek applications from outstanding researchers worldwide. The working language is English.
All applicants are strongly encouraged to submit their complete application by June 30, 2017 for full consideration. However, applications will continue to be accepted until July 15, 2017. For more information and details on how to apply, please see here:
https://www.cispa.saarland/jobs/faculty/
CISPA values diversity and is committed to equality. We provide special support for dual-career couples. Female researchers are encouraged to apply.
Closing date for applications: 15 July 2017
Contact: Prof. Michael Backes
eMail: backes (at) cispa.saarland
More information: https://www.cispa.saarland/jobs/faculty/
IRISA, Rennes, France
Job PostingThe applicants should have background and be interested in working on different aspects of lattice based cryptography, in particular on:
- security proofs for lattice-based schemes,
- building and implementing lattice-based constructions,
- fully homomorphic encryption,
- cryptanalysis.
The research will take place in the Embedded Security and Cryptography (EMSEC) team, within the IRISA computer science institute located in Rennes, France.
To apply please send your detailed CV (with publication list) and names of at least two people who can provide reference letters (e-mail).
The positions has flexible starting date. Review of applications will start immediately until the positions are filled.
Closing date for applications: 31 December 2017
Contact: Adeline Roux-Langlois, Adeline.Roux-Langlois (at) irisa.fr and Pierre-Alain Fouque, Pierre-Alain.Fouque (at) irisa.fr
06 June 2017
Tetsu Iwata, Kazuhiko Minematsu, Thomas Peyrin, Yannick Seurin
ePrint ReportZhenzhen Bao, Lei Wang, Jian Guo, Dawu Gu
ePrint Report\begin{itemize}
\item in EUROCRYPT~2016, Dinur proposes generic (second) preimage attacks on the concatenation combiner and the XOR combiner using a new and essential observation on functional graph, which is experimentally verified but the proof is incomplete. Our first contribution is to provide a proof for Dinur's observation;
\item we find improved preimage attack against the XOR combiner with a complexity of $2^{5n/8}$, while the previous best-known complexity is $2^{2n/3}$;
\item we find the first generic second-preimage attack on Zipper hash with an optimal complexity of $2^{3n/5}$.
\end{itemize}
Gorjan Alagic, Christian Majenz
ePrint ReportOur techniques also yield new results regarding the closely-related task of quantum authentication. We show that ``total authentication'' (a notion recently proposed by Garg et al.) can be satisfied with two-designs, a significant improvement over their eight-design-based construction. We also show that, under a mild adaptation of the rejection procedure, both total authentication and our notion of non-malleability yield quantum authentication as defined by Dupuis et al.
Xavier Boyen, Qinyi Li
ePrint ReportOur first result is an ABM-LTF construction from lattices, based on the learning-with-errors (LWE) problem. Unlike the previous schemes which behaved as ``encrypted signatures'', the core of our construction is an ``encrypted, homomorphic-evaluation-friendly, weak pseudorandom function''. The weak pseudorandom function outputs matrices, where the lossy tags are preimages of the zero matrix, and the injective tags are preimages of random full-rank matrices.
Our second result is a public-key system tightly secure against ``selective opening'' attacks, where an attacker gets many challenges and can ask to see the random bits of any of them. Following the steps of Hemenway et al. (Asiacrypt 2011) and Hofheinz (Eurocrypt 2012), our ABM-LTF gives the first lattice-based, compact public-key encryption (PKE) scheme that has indistinguishability against adaptive chosen-ciphertext and selective opening attacks (IND-SO-CCA2), with tight security, and whose public-key size and security reduction are independent of the number of decryption queries and ciphertext challenges.
Meanwhile, this result provides an alternative solution to the problem of building pairing-free IND-CCA2 PKE schemes with tight security in the multi-challenge setting, which was firstly answered by Gay et al. (Eurocrypt 2016).
Additionally, our ABM-LTF answers the open question of constructing all-but-many trapdoor function from lattices, first asked by Alperin-Sheriff and Peikert (PKC 2012).
Stjepan Picek, Annelie Heuser, Sylvain Guilley
ePrint ReportSebastian Faust, Kristina Hostakova, Pratyay Mukherjee, Daniele Venturi
ePrint ReportIn this paper, we explore one particular such scenario where the class of tampering adversaries naturally includes the decoding (but not the encoding) algorithm. In particular, we consider the class of adversaries that are restricted in terms of memory/space. Our main contributions can be summarized as follows:
-- We initiate a general study of non-malleable codes resisting space-bounded tampering. In our model, the encoding procedure requires large space, but decoding can be done in small space, and thus can be also performed by the adversary. Unfortunately, in such a setting it is impossible to achieve non-malleability in the standard sense, and we need to aim for slightly weaker security guarantees. In a nutshell, our main notion (dubbed {\em leaky space-bounded non-malleability}) ensures that this is the best the adversary can do, in that space-bounded tampering attacks can be simulated given a small amount of leakage on the encoded value.
-- We provide a simple construction of a leaky space-bounded non-malleable code. Our scheme is based on any Proof of Space (PoS)---a concept recently put forward by Ateniese {\em et al.} (SCN 2014) and Dziembowski {\em et al.} (CRYPTO 2015)---satisfying a variant of soundness. As we show, our paradigm can be instantiated by extending the analysis of the PoS construction by Ren and Devadas (TCC 2016-A), based on so-called stacks of localized expander graphs.
-- Finally, we show that our flavor of non-malleability yields a natural security guarantee against memory tampering attacks, where one can trade a small amount of leakage on the secret key for protection against space-bounded tampering attacks.
Ling Song, Guohong Liao, Jian Guo
ePrint ReportClaude Carlet
ePrint ReportBruno Blanchet
ePrint Report05 June 2017
Adam Everspaugh, Kenneth Paterson, Thomas Ristenpart, Sam Scott
ePrint ReportThis paper presents a systematic study of updatable Authenticated Encryption (AE). We provide a set of security notions that strengthen those in prior work. These notions enable us to tease out real-world security requirements of different strengths and build schemes that satisfy them efficiently. We show that the hybrid approach currently used in industry achieves relatively weak forms of confidentiality and integrity, but can be modified at low cost to meet our stronger confidentiality and integrity goals. This leads to a practical scheme that has negligible overhead beyond conventional AE. We then introduce re-encryption indistinguishability, a security notion that formally captures the idea of fully refreshing keys upon rotation. We show how to repair the scheme of Boneh et al., attaining our stronger confidentiality notion. We also show how to extend the scheme to provide integrity, and we prove that it meets our re- encryption indistinguishability notion. Finally, we discuss how to instantiate our scheme efficiently using off-the-shelf cryptographic components (AE, hashing, elliptic curves). We report on the performance of a prototype implementation, showing that fully secure key rotations can be performed at a throughput of approximately 116 kB/s.
Jiangshan Yu, Mark Ryan
ePrint ReportMuch research has been done to enhance certificate management in order to create more secure and reliable cloud architectures. However, none of it has been widely adopted yet, and it is hard to judge which one is the winner. This chapter provides a survey with critical analysis on the existing proposals for managing public key certificates. This evaluation framework would be helpful for future research on designing an alternative certificate management system to secure the internet.
Romain Gay, Dennis Hofheinz, Lisa Kohl
ePrint ReportIn this work, we present an improved pairing-free PKE scheme with a tight security reduction to the Decisional Diffie-Hellman assumption, small ciphertexts (of three group elements), and small public keys (of six group elements). Compared to the work of Gay et al., our scheme thus has a considerably smaller public key and comparable other characteristics, although our encryption and decryption algorithms are somewhat less efficient.
Technically, our scheme borrows ideas both from the work of Gay et al. and from a recent work of Hofheinz (EUROCRYPT, 2017). The core technical novelty of our work is an efficient and compact designated-verifier proof system for an OR-like language. We show that adding such an OR-proof to the ciphertext of the state-of-the-art PKE scheme from Kurosawa and Desmedt enables a tight security reduction.
Masayuki Abe, Dennis Hofheinz, Ryo Nishimaki, Miyako Ohkubo, Jiaxin Pan
ePrint ReportVadim Lyubashevsky, Gregor Seiler
ePrint ReportIn this work we show that one can use the optimal challenge sets $\mathcal{C}$ and still have the polynomial $X^n+1$ split into more than two factors. For the most common parameters that are used in such zero-knowledge proofs, we show that $X^n+1$ can split into $8$ or $16$ irreducible factors. Experimentally, having the rings split in this fashion, increases the speed of polynomial multiplication by around $30\%$. This is a modest improvement, but it comes completely for free simply by working over the ring $R^n_p$ with a different modulus $p$. In addition to the speed improvement, the splitting of the ring into more factors is useful in scenarios where one embeds information into the Chinese Remainder representation of the ring elements.
Marc Beunardeau, Aisling Connolly, Rémi Géraud, David Naccache
ePrint ReportThis work shows that AJPS' security estimates are too optimistic and describes an algorithm allowing to recover the secret key from the public key much faster than foreseen in \cite{eprint:2017:481}.
In particular, our algorithm is \emph{experimentally practical} (within the reach of the computational capabilities of a large organization), at least for the parameter choice $\{n=1279,h=17\}$ conjectured in \cite{eprint:2017:481} as corresponding to a $2^{120}$ security level. The algorithm is fully parallelizable.
F. Betül Durak, Serge Vaudenay
ePrint ReportJuan Garay, Yuval Ishai, Rafail Ostrovsky, Vassilis Zikas
ePrint ReportWe provide a complete investigation of security against semi-honest adversaries---static and adaptive, with and without erasures---and initiate the study of malicious adversaries. For semi-honest static adversaries, our bounds match (up to any constant fraction of corruptions) the corresponding bounds when there is no communication restriction---i.e., we can tolerate up to $t < (1/2 -\epsilon)n$ corrupted parties. For the adaptive case, however, the situation is different. We prove that without erasures a constant fraction of corruptions is intolerable, and---most surprisingly---when erasures are allowed, we prove that $t < (1 - \sqrt{0.5} - \epsilon)n$ corruptions can be tolerated, which we also show to be optimal up to an arbitrarily small constant factor. The latter optimality proof hinges on a new treatment of probabilistic adversary structures which may be of independent interest. In the case of active corruptions in this setting, we prove that static security with abort is feasible when $t < (1/2 - \epsilon)n$, namely, the bound that is tight for semi-honest security.
Nishanth Chandran, Juan Garay, Payman Mohassel, Satyanarayana Vusirikala
ePrint ReportIn this paper we design and implement a new actively secure 5PC protocol tolerating two corruptions that requires $8$ rounds of interaction, only uses fast symmetric-key operations, and incurs~60\% less communication than the passively secure state-of-the-art solution [CCS 2016]. For example, securely evaluating the AES circuit when the parties are in different regions of the U.S. and Europe only takes $1.8$s which is $2.6\times$ faster than the passively secure 5PC in the same environment.
Instrumental for our efficiency gains (less interaction, only symmetric key primitives) is a new 4-party primitive we call \emph{Attested OT}, which in addition to Sender and Receiver involves two additional ``assistant parties'' who will attest to the respective inputs of both parties, and which might be of broader applicability in practically relevant MPC scenarios. Finally, we also show how to generalize our construction to $n$ parties with similar efficiency properties where the corruption threshold is $t \approx \sqrt n$, and propose a combinatorial problem which, if solved optimally, can yield even better corruption thresholds for the same cost.