IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
25 August 2017
Elena Pagnin, Aikaterini Mitrokotsa, Keisuke Tanaka
ePrint ReportTung Chou
ePrint ReportJean-Marie Chauvet
ePrint Report22 August 2017
Aljosha Judmayer, Alexei Zamyatin, Nicholas Stifter, Artemios G. Voyiatzis, Edgar Weippl
ePrint Report21 August 2017
Nico Döttling, Satrajit Ghosh, Jesper Buus Nielsen, Tobias Nilges, Roberto Trifiletti
ePrint ReportOLE works over a finite field F. In an OLE the sender inputs two eld elements $a$ and $b$, and the receiver inputs a field element $x$ and learns only $f(x) = ax + b$.
Our protocol can evaluate an arithmetic circuit over a finite field $F$ given black-box access to OLE for $F$. The protocol is unconditionally secure and consumes only a constant number of OLEs per multiplication gate. An OLE over a field $F$ of size $O(2^k)$ can be implemented with communication $O(k)$. This gives a protocol with communication complexity O(|C|) for large enough fields, where C is an arithmetic circuit computing the desired function. This asymptotically matches the best previous protocols, but our protocol at the same time obtains significantly smaller constants hidden by the big-O notation, yielding a highly practical protocol.
Conceptually our techniques lift the techniques for basing practical actively secure 2PC of Boolean circuits on OT introduced under the name TinyOT by Nielsen, Nordholt, Orlandi and Burra at Crypto 2012 to the arithmetic setting. In doing so we develop several novel techniques for generating various flavours of OLE and combining these.
We believe that the efficiency of our protocols, both in asymptotic and practical terms, establishes OLE as an important foundation for efficient actively secure 2PC.
Gustavo Banegas, Daniel J. Bernstein
ePrint ReportNIST has claimed a high post-quantum security level for AES-128, starting from the following rationale: "Grover's algorithm requires a long-running serial computation, which is difficult to implement in practice. In a realistic attack, one has to run many smaller instances of the algorithm in parallel, which makes the quantum speedup less dramatic." NIST has also stated that resistance to multi-key attacks is desirable; but, in a realistic parallel setting, a straightforward multi-key application of Grover's algorithm costs more than targeting one key at a time.
This paper introduces a different quantum algorithm for multi-target preimage search. This algorithm shows, in the same realistic parallel setting, that quantum preimage search benefits asymptotically from having multiple targets. The new algorithm requires a revision of NIST's AES-128, AES-192, and AES-256 security claims.
William Diehl
ePrint ReportLukas Zobernig, Steven D. Galbraith, Giovanni Russello
ePrint ReportApplied science and technology research institute, security lab, Hong Kong
Job Posting
The main duties and responsibilities of cryptography engineers are:
• Work with cryptographers in our team to design and implement novel cryptographic algorithms and protocols.
• Design, build and deploy blockchain/distributed ledger technologies with application to cryptocurrencies, micropayments and beyond.
• Design, develop and deploy innovative yet high-quality application software for FinTech initiatives.
Desired skills and experience:
• Bachelor or Master degree in Computer Science or related disciplines with at least 4+ years’ experience.
• Knowledge in Blockchain technologies and a good understanding of applied cryptography. A good understanding of distributed consensus protocol is a big plus.
• Experience in implementing and integrating cryptographic protocols (such as Elliptical Curve cryptography or Lattice-based cryptography) in a real-world distributed system is a plus. Experience in open-source project related to cryptocurrency is a huge plus. Experience in ethical hacking or attacking a real-world cryptosystem is also a big plus.
• Must possess extensive hands-on experience in one or more system programming languages: C/C++, Go, Rust, C#, etc.
• Team-based code and project management using revision control (e.g., Git), open-source workflows (e.g., GitHub).
• Must possess excellent interpersonal, verbal, and written communication skills, detail-oriented, problem-solving and multi-tasking skills.
• Self-motivated fast learning and willing to work under pressure. Team player and keen to share knowledge but can work independently.
Closing date for applications: 15 October 2017
Contact: The candidates should submit a full CV to Dr. Huang Lin (linhuang (at) astri.org) with “Application: cryptography engineer” in the subject line (PDF attachments only). Applications should be submitted by October 15, 2017, but the positions will remain open until filled.
20 August 2017
Giorgia Azzurra Marson, Bertram Poettering
ePrint ReportConcretely, the contributions of this paper are as follows: We develop a set of formal definitions of security goals for broadcast communication, capturing targets like confidentiality and authenticity. Our notions in particular take into account the causal dependencies that exchanged messages might have. (Note that these have no counterpart in the much simpler unidirectional case.) We then switch to the constructive side, designing an efficient protocol that requires only reliable point-to-point links between users and a standard cryptographic building block (AEAD), achieving all security goals defined in this paper. Our work thus paves the ground towards understanding the exact level of security that current secure messaging systems achieve.
19 August 2017
Aloni Cohen
ePrint ReportThere are two well-studied notions of security for proxy reencryption schemes: security under chosen-plaintext attacks (CPA) and security under chosen-ciphertext attacks (CCA). Both definitions aim to formalize security against both Polly and Bob.
However, we observe that CPA security guarantees much less security against Bob than was previously understood. In particular, CPA security does not prevent Bob from learning Alice's secret key after receiving a single honestly reencrypted ciphertext. In common applications of proxy reencryption, this means that CPA security provides scant guarantees.
We propose security under honest-reencryption attacks (PRE-HRA), a new notion intermediate to CPA and CCA that better captures the goals of proxy reencryption. In applications, PRE-HRA security provides much more robust security. We identify a property of proxy reencryption schemes that suffices to amplify CPA security to PRE-HRA security and show that two existing proxy reencryption schemes are in fact PRE-HRA secure.
Colin Boyd, Britta Hale
ePrint Report18 August 2017
Marc Fyrbiak, Sebastian Wallat, Pawel Swierczynski, Max Hoffmann, Sebastian Hoppach, Matthias Wilhelm, Tobias Weidlich, Russell Tessier, Christof Paar
ePrint ReportWanfen Guo, Xiaolei Dong, Zhenfu Cao, Jiachen Shen
ePrint Report16 August 2017
Leuven, Belgium, 3 July - 5 July 2018
Event CalendarSubmission deadline: 26 January 2018
Notification: 31 March 2018
Hamilton, Canada, 14 August - 16 August 2019
Event CalendarRupeng Yang, Man Ho Au, Junzuo Lai, Qiuliang Xu, Zuoxia Yu
ePrint ReportOne common feature of these schemes is the need to limit the number of times a key can be (mis-)used. Traditionally, it is usually achieved through the use of a pseudorandom function (PRF) which maps a user's key to a pseudonym, along with a proof of correctness. However, existing lattice-based PRFs do not interact well with zero-knowledge proofs. To bridge this gap, we propose and develop the following techniques and primitives:
We formalize the notion of weak PRF with efficient protocols, which allows a prover to convince a verifier that the function $\mathsf{F}$ is evaluated correctly. Specifically, we provide an efficient construction based on the learning with rounding problem, which uses abstract Stern's Protocol to prove $y = \mathsf{F}_k(x)$ and $y \neq \mathsf{F}_k(x)$ without revealing $x$, $y$ or $k$.
We develop a general framework, which we call extended abstract Stern's protocol, to construct zero-knowledge arguments system for statements formed by conjunction and disjunction of sub-statements, who (or whose variants) are provable using abstract Stern's Protocol. Specifically, our system supports arbitrary monotonic propositions and allows a prover to argue polynomial relationships of the witnesses used in these sub-statements.
As many existing lattice-based primitives also admit proofs using abstract Stern's protocol, our techniques can easily glue different primitives together for privacy-enhancing applications in a simple and clean way. Indeed, we propose three new schemes, all of which are the first of its kind, in the lattice setting. They also enjoy additional advantages over instances of the number-theoretic counterpart. Our $k$-TAA and BLAC schemes support concurrent enrollment while our LRS features logarithmic signature size without relying on a trusted setup. Our techniques enrich the arsenal of privacy-enhancing techniques and could be useful in the constructions of other schemes such as e-cash, unique group signatures, public key encryption with verifiable decryption, etc.