IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
30 September 2017
Gorjan Alagic, Tommaso Gagliardoni, Christian Majenz
29 September 2017
Dung Hoang Duong, Masaya Yasuda, Tsuyoshi Takagi
In this paper, we exploit technical results from Kirchner and Fouque for the relative norm of field elements in the subfield and we use Hermite factor for estimating the output of a lattice basis reduction algorithm in order to analyze general choice of parameters for the subfield attack by Albrecht et al. As a result, we obtain the estimation for better choices of the subfields for which the attack works with smaller modulus. Our experiment results show that we can attack overstretched NTRU with modulus smaller than that of Albrecht et al. and of Kirchner and Fouque.
Nico Döttling, Nils Fleischhacker, Johannes Krupp, Dominique Schröder
Nico Döttling, Sanjam Garg
Dan Boneh, Rosario Gennaro, Steven Goldfeder, Aayush Jain, Sam Kim, Peter M. R. Rasmussen, Amit Sahai
Amin Ardeshirdavani, Charlotte Bonte, Eleftheria Makri, Yves Moreau, Jaak Simm, Frederik Vercauteren
28 September 2017
Debajyoti Das, Sebastian Meiser, Esfandiar Mohammadi, Aniket Kate
We further study anonymity against a stronger global passive adversary that can additionally passively compromise some of the AC protocol nodes. For a given number of compromised nodes, we derive necessary constraints between bandwidth and latency overhead whose violation make it impossible for an AC protocol to achieve strong anonymity. We analyze prominent AC protocols from the literature and depict to which extend those satisfy our necessary constraints. Our fundamental necessary constraints offer a guideline not only for improving existing AC systems but also for designing novel AC protocols with non-traditional bandwidth and latency overhead choices.
Johannes Buchmann, Erik Dahmen, Sarah Ereth, Andreas Hülsing, Markus Rückert
27 September 2017
University of Washington, Tacoma
Closing date for applications: 15 November 2017
Contact: Anderson C A Nascimento
email: andclay (at) uw.edu
More information: http://ap.washington.edu/ahr/academic-jobs/position/aa25483/
George Teseleanu
Yehuda Lindell, Tal Rabin
In this paper, we ask whether or not the property of not having an input committal round is inherent for achieving fairness for two parties. In order to do so, we revisit the definition of security of Micali and Rogaway (Technical report, 1992), that explicitly requires the existence of such a committal round. We adapt the definition of Canetti in the two-party setting to incorporate the spirit of a committal round, and show that under such a definition, it is impossible to achieve fairness for any non-constant two-party function. This result deepens our understanding as to the type of protocol construction that is needed for achieving fairness. In addition, our result discovers a fundamental difference between the definition of security of Micali and Rogaway and that of Canetti (Journal of Cryptology, 2000) which has become the standard today. Specifically, many functions can be securely computed with fairness under the definition of Canetti but no non-constant function can be securely computed with fairness under the definition of Micali and Rogaway.
Nina Bindel, Johannes Buchmann, Juliane Krämer, Heiko Mantel, Johannes Schickel, Alexandra Weber
Saeed Mahloujifar, Mohammad Mahmoody
In this work, we revisit and extend the bitwise tampering model of Austrin et al. to blockwise setting, where blocks of randomness becomes tamperable with independent probability $p$. Our main result is an efficient blockwise $p$-tampering attack to bias the average $E[f(X)]$ of any efficient function $f$ mapping arbitrary $X$ to $[-1,+1]$ by $\Omega(p \cdot Var[f(X)])$ regardless of how $X$ is partitioned into individually tamperable blocks $X=(X_1,\dots,X_n)$. Relying on previous works, our main biasing attack immediately implies efficient attacks against the privacy primitives as well as seedless multi-source extractors, in a model where the attacker gets to tamper with each block (or source) of the randomness with independent probability $p$. Further, we show how to increase the classification error of deterministic learners in the so called `targeted poisoning' attack model under Valiant's adversarial noise. In this model, an attacker has a `target' test data $d$ in mind and wishes to increase the error of classifying $d$ while she gets to tamper with each training example with independent probability $p$ an in an online way.
Gunnar Hartung, Björn Kaidel, Alexander Koch, Jessica Koch, Dominik Hartmann
A relatively recent feature of these schemes is resistance against truncations, i.e. the deletion and/or replacement of the end of the log file. This is especially relevant as system intruders are typically interested in manipulating the later log entries that point towards their attack. However, there are not many schemes that are resistant against truncating the log file. Those that are have at least one of the following disadvantages: They are memory intensive (they store at least one signature per log entry), or fragile (i.e. a single error in the log renders the signature invalid and useless in determining where the error occurred).
We obtain a publicly-verifiable secure logging scheme that is simultaneously robust, space-efficient and truncation secure with provable security under simple assumptions. Our generic construction uses forward-secure signatures, in a plain and a sequential aggregate variant, where the latter is additionally fault-tolerant, as recently formalized by Hartung et al. (PKC 2016). Fault-tolerant schemes can cope with a number of manipulated log entries (bounded a priori) and offer strong robustness guarantees while still retaining space efficiency. Our implementation and the accompanying performance measurements confirm the practicality of our scheme.
Ilan Komargodski, Anat Paskin-Cherniavsky
Furthermore, we show how to generically translate any scheme for $k$-threshold into a scheme which is robust, where a shared secret can be recovered even if some parties hand-in incorrect shares. This answers another open problem of Komargodski et al. Our construction is based on the construction of robust (classical) secret sharing schemes of Cramer et al. (EUROCRYPT 2008) using algebraic manipulation detection codes.
Université catholique de Louvain
She/he will teach Computer Science classes in the various degree programs organised by the Louvain School of Engineering. Bachelor level courses are mostly taught in French, master courses in English.
Within the Sector of Sciences and Technologies (SST) of UCL, the faculty position is attached to the Louvain School of Engineering (Ecole polytechnique de Louvain, EPL) and the Institute for Information and Communication Technologies, Electronics and Applied Mathematics (ICTEAM).
UCL is a comprehensive university that provides opportunities for cross-disciplinary research. The Louvain school of engineering (EPL) is committed to excellence and innovation in education, as witnessed by the constant growth of enrolments in its engineering, computer science and doctoral degrees since 10 years. The Institute for Information and Communication Technologies, Electronics and Applied Mathematics (ICTEAM) is a dynamic, highly collaborative, and inter-disciplinary research institute involving 41 faculty members and more than 200 researchers. Louvain-la-Neuve offers a unique living environment in a naturally preserved neighbourhood, conveniently located at the heart of Europe.
Closing date for applications: 15 November 2017
Contact: Professor Michel Verleysen, Dean of the Louvain School of Engineering (EPL), doyen-epl (at) uclouvain.be, tel : +32 10 47 2491 - Secr. : +32 10 47 2465
Professor Jean-Didier Legat, President of the Institute of Informationand Communication Technologies, Electronics and Applied Mathematics (ICTEAM), president-ictm (at) uclouvain.be, tel : +32 10 47 8036 - Secr. : +32 10 47 2597
More information: http://www.informatics-europe.org/services/informatics-job-platform/item/full-time-professor-in-software-security.html
Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam
We present two variants of this result, one which is aimed at minimizing the number of oblivious transfers and another which is aimed at optimizing concrete efficiency. Our protocols are based on a novel combination of previous techniques together with a new efficient protocol to certify that pairs of strings transmitted via oblivious transfer satisfy a global relation. The communication complexity of the second variant of our protocol can beat the best previous protocols even for realistic values of the circuit size and the security parameter. This variant is particularly attractive in the offline-online setting, where the online cost is dominated by a single evaluation of an authenticated garbled circuit, and can also be made non-interactive using the Fiat-Shamir heuristic.
Fermi Ma, Mark Zhandry
Next, we turn to building constant degree multilinear maps on top of CLT13 for which there are no known attacks. Precisely, we prove that our scheme achieves the ideal security notion for multilinear maps in our weak CLT13 model, under a much stronger variant of the algebraic complexity assumption used above. Our multilinear maps do not achieve the full functionality of multilinear maps as envisioned by Boneh and Silverberg (Contemporary Mathematics, 2003), but do allow for re-randomization and for encoding arbitrary plaintext elements.
Joël Alwen, Björn Tackmann
On a technical level, beyond the mentioned definitions, we instantiate the model for four different notions of hardness. We extend the work of Alwen and Serbinenko (STOC 2015) by providing a general tool for proving security for the first notion of memory-hard functions that allows for provably secure applications. The tool allows us to recover all of the graph-theoretic techniques developed for proving security under the older, non-composable, notion of security used by Alwen and Serbinenko. As an application of our definition of moderately hard functions, we prove the security of two different schemes for proofs of effort (PoE). We also formalize and instantiate the concept of a non-interactive proof of effort (niPoE), in which the proof is not bound to a particular communication context but rather any bit-string chosen by the prover.