IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
23 November 2017
Valérie Nachef, Nicolas Marrière, Emmanuel Volte
David Cash, Cong Zhang
Léonard Benedetti, Aurélien Thierry, Julien Francq
We used grap to detect cryptographic algorithms: we created patterns for AES and ChaCha20 that are based on parts of the assembly code produced by compiling popular implementations (available in LibreSSL and libsodium). Our approach is thus based on the algorithms and their structure and does not rely on constant detection.
Ittai Abraham, Dahlia Malkhi, Kartik Nayak, Ling Ren, Alexander Spiegelman
Rishab Goyal, Venkata Koppula, Brent Waters
At first glance the utility of such a system might seem questionable since the $f$ we achieve for short ciphertexts is relatively small. Indeed an attacker in such a system can more likely than not get away with producing a decoding box. However, we believe this approach to be viable for three reasons:
1. A risky traitor tracing system will provide deterrence against risk averse attackers. In some settings the consequences of being caught might bear a high cost and an attacker will have to weigh his utility of producing a decryption $D$ box against the expected cost of being caught.
2. One potential use of a risky traitor tracing system is to place it in a continual use situation where users will periodically receive fresh traitor tracing secret keys via a key refresh mechanism that is built using standard encryption. If an attacker wishes to produce a decoder $D$ that continues to work through these refreshes the decoder will be taking an $f$ risk of being caught after each key refresh, which presents a Russian roulette situation for the attacker.
2. Finally, we can capture impossibility results for differential privacy from risky traitor tracing. Since our ciphertexts are short ($O(\lambda)$), thus we get the negative result which matches what one would get plugging in the obfuscation based tracing system Boneh-Zhandry (CRYPTO 2014) solution into the prior impossibility result of Dwork et al. (STOC 2009).
Incheon, Korea, 4 June 2018
Submission deadline: 15 January 2018
Notification: 28 February 2018
University of Waterloo
Excellent faculty members are sought who will enhance the school’s strength in Computer Science. Priority areas include:
Computer Security, Cryptography, Privacy, and related.
Tenured appointments at the associate and full professor level are possible as circumstances warrant.
The David R. Cheriton School of Computer Science is the largest computer science school in Canada, with 89 faculty members. It enjoys an excellent reputation in pure and applied research and houses a diverse research program of international stature. Because of its recognized capabilities, the school attracts exceptionally well-qualified students at both undergraduate and graduate levels. In addition, the University of Waterloo has an enlightened intellectual property policy that vests all rights in the inventor. Please see the school’s website for more information: https://www.cs.uwaterloo.ca.
To submit an application, please register at the submission site: https://www.cs.uwaterloo.ca/faculty-recruiting. Once registered, instructions will be provided regarding how to submit your full application. Applications will be considered when they are complete and as long as positions are available. However, full consideration is assured only for applications received by November 30, 2017.
Closing date for applications: 31 December 2017
More information: https://cs.uwaterloo.ca/about/open-positions/faculty-positions#Tenure-Track or Tenured Faculty
IMDEA Software Institute
The primary mission of the IMDEA Software Institute is to perform research of excellence at the highest international level in the area of software development technologies. It is one of the highest ranked institutions worldwide in its main topic areas.
All positions require a doctoral degree in Computer Science or a closely related area, earned by the expected start date. Candidates for tenure-track positions will have shown exceptional promise in research and will have displayed an ability to work independently as well as collaboratively. Candidates for tenured positions must possess an outstanding research record, have recognized international stature, and demonstrated leadership abilities. Experience in graduate student supervision is also valued at this level.
Working at the IMDEA Software Institute
The institute is located in the vibrant area of Madrid, Spain. It offers an ideal working environment, combining the best aspects of a research center and a university department. The institute offers institutional funding and also encourages its members to participate in national and international research projects. The working language at the institute is English.
Salaries at the Institute are internationally competitive and established on an individual basis. They include social security provisions in accordance with existing national Spanish legislation, and in particular access to an excellent public health care system.
Further information about the Institute\'s current faculty and research can be found at
http://www.software.imdea.org
Closing date for applications: 15 January 2018
Contact: Applications should be completed using the application form at
https://careers.imdea.org/software/
For full consideration, complete applications must be received by January 15, 2018 but will continue to be accepted until the positions are filled.
More information: https://software.imdea.org/open_positions/call_for_faculty.html
21 November 2017
Kaisei Kajita, Kazuto Ogawa, Eiichiro Fujisaki
Colin D. Walter
20 November 2017
Florian Bourse, Michele Minelli, Matthias Minihold, Pascal Paillier
This paper achieves unprecedentedly fast, scale-invariant homomorphic evaluation of neural networks. Scale-invariance here means that the computation carried out by every neuron in the network is independent of the total number of neurons and layers, thus opening the way to privacy-preserving applications of deep neural networks. We refine the recent R/LWE-based Torus- FHE construction by Chillotti et al. (ASIACRYPT 2016) and make use of its efficient bootstrapping to refresh ciphertexts propagated throughout the network. For our techniques to be applicable, we require the neural network to be discretized, meaning that signals are binarized values in $\{-1, 1\}$, weights are signed integers in a prescribed interval and neurons are activated by the sign function. We show how to train such networks using a specifically designed backpropagation algorithm. We report experimental results on the MNIST dataset and show-case a discretized neural network that recognizes handwritten numbers with over 92% accuracy and is evaluated homomorphically in just about 0.88 seconds on a single core of an average-level laptop. We believe that this work can help bridge the gap between machine learning's capabilities and its practical, efficient and privacy-preserving implementation.
Henry Corrigan-Gibbs, Dmitry Kogan
In particular, we focus on generic algorithmsthese are algorithms that operate in every cyclic group. We show that any generic discrete-log algorithm with preprocessing that uses an $S$-bit advice string, runs in online time $T$, and succeeds with probability $\epsilon$ in a group of prime order $N$ must satisfy $ST^2 = \Omega(\epsilon N)$. Our lower bound, which is tight up to logarithmic factors, uses a synthesis of incompressibility techniques and classic methods for generic-group lower bounds. We apply our techniques to prove related lower bounds for the CDH, DDH, and multiple-discrete-log problems.
Finally, we demonstrate two new generic preprocessing attacks: one for the multiple-discrete-log problem and one for certain decisional-type problems in groups. This latter result demonstrates that, for generic algorithms with preprocessing, distinguishing tuples of the form $(g, g^x, g^{(x^2)})$ from random is much easier than the discrete-log problem.
Changhai Ou, Degang Sun, Zhu Wang, Xinping Zhou, Wei Cheng
Pierre-Alain Dupont, Julia Hesse, David Pointcheval, Leonid Reyzin, Sophia Yakoubov
Stjepan Picek, Annelie Heuser, Alan Jovic, Axel Legay
Nishanth Chandran, Divya Gupta, Aseem Rastogi, Rahul Sharma, Shardul Tripathi
Kristin Lauter, Michael Naehrig
Lucas Kowalczyk, Tal Malkin, Jonathan Ullman, Daniel Wichs
Ignoring computational constraints, this problem can be solved even when $X$ and $Q$ are exponentially large and $n$ is just a small polynomial; however, all algorithms with remotely similar guarantees run in exponential time. There have been several results showing that, under the strong assumption of indistinguishability obfuscation (iO), no efficient differentially private algorithm exists when $X$ and $Q$ can be exponentially large. However, there are no strong separations between information-theoretic and computationally efficient differentially private algorithms under any standard complexity assumption.
In this work we show that, if one-way functions exist, there is no general purpose differentially private algorithm that works when $X$ and $Q$ are exponentially large, and $n$ is an arbitrary polynomial. In fact, we show that this result holds even if $X$ is just subexponentially large (assuming only polynomially-hard one-way functions). This result solves an open problem posed by Vadhan in his recent survey.