IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
21 June 2024
Seongkwang Kim, Byeonghak Lee, Mincheol Son
ePrint ReportThis work addresses these inefficiencies by enhancing vector commitments within MPCitH-based schemes. We introduce the concept of vector semi-commitment, which relaxes traditional vector commitment requirements without compromising security, thus reducing signature size while maintaining performance. We instantiate vector semi-commitment schemes in both the random oracle model and the ideal cipher model, leveraging recent optimizations such as the Half-tree technique. Additionally, we propose a key injection technique that further minimizes signature size by embedding the secret key into the Half-GGM tree.
We apply these improvements to the BN++ signature scheme and prove it fully secure in the ideal cipher model. Implementing these improvements in the $\mathsf{AIMer}$ v2.0 signature scheme, we achieve up to 18% shorter signatures and up to 112% faster signing and verification speeds, setting new benchmarks for MPCitH-based schemes.
Seongho Park, Jaekyoung Choi, Jihye Kim, Hyunok Oh
ePrint ReportJoseph M. Shunia
ePrint ReportElena Kirshanova, Chiara Marcolla, Sergi Rovira
ePrint ReportTjard Langhout, Huanhuan Chen, Kaitai Liang
ePrint ReportMaryam Rezapour, Benjamin Fuller
ePrint ReportWhen the desired result set is of size at most one, we show a new preprocessing technique and system called ProxCode that inserts shares of a linear secret sharing into the map instead of the full biometric. Instead of choosing shares independently, shares are correlated so exactly one share is associated with each keyword/LSH output. As a result, one can rely on a map instead of a multimap. Secure maps are easier to construct with low leakage than multimaps.
For many parameters, this approach reduces the required number of LSHs for a fixed accuracy. Our scheme yields the most improvement when combining a high accuracy requirement with a biometric with large underlying noise. Our approach builds on any secure map. We evaluate the scheme accuracy for both iris data and random data.
Pascal Berrang, Paul Gerhart, Dominique Schröder
ePrint Report1. We introduce the notion of conditional anonymity sets derived from statistical properties of the population. 2. We measure anonymity sets for two real-world applications and present overarching findings from 39 countries. 3. We develop a graphical tool for people to explore their own anonymity set.
One of our case studies is a popular app for tracking the menstruation cycle. Our findings for this app show that, despite their promise to protect privacy, the collected data can be used to identify users up to groups of 5 people in 97% of all the US counties, allowing the de-anonymization of the individuals. Given that the US Supreme Court recently overturned abortion rights, the possibility of determining individuals is a calamity.
Daniel Escudero, Antigoni Polychroniadou, Yifan Song, Chenkai Weng
ePrint ReportMatthias Geihs
ePrint ReportSergio Juárez, Mark Blunden, Joris Koopman, Anish Mohammed, Kapil Shenvi Pause, Steve Thakur
ePrint ReportHelger Lipmaa, Roberto Parisella, Janno Siim
ePrint Report20 June 2024
Seoul, South Korea, 20 November - 22 November 2024
Event CalendarSubmission deadline: 6 September 2024
Notification: 30 October 2024
SandboxAQ
Job PostingClosing date for applications:
Contact: [email protected]
Graz University of Technology
Job Posting
You will contribute to an exciting research project advancing isogeny-based cryptography. This role offers a unique opportunity to collaborate with leading experts in the field and perform cutting-edge research.
The Cryptographic Engineering research team is based at IAIK, TU Graz, the largest university institute in Austria for research and education in security and privacy. It has been active in this field for more than 30 years and currently employs more than 60 researchers.
Required Qualifications for PhD position: The ideal candidate for the PhD position will hold a master's degree with project experience in the implementation aspects (e.g., efficient implementation, side-channel analysis, fault analysis, etc.) of cryptography, preferably in isogeny-based cryptography.
Required Qualifications for Postdoc position: The ideal candidate for the postdoc position will hold a PhD (or be close to completion) in cryptography and be an expert in isogeny-based cryptography and/or secure implementation aspects of cryptography.
How to apply:
Submit your applications, CV, and other documents before 31st July, 2024.
https://jobs.tugraz.at/en/jobs/bbba0417-7a9c-69a5-f012-6613bd4b383f/apply?preview=true
Closing date for applications:
Contact: Prof. Sujoy Sinha Roy
More information: https://jobs.tugraz.at/en/jobs/bbba0417-7a9c-69a5-f012-6613bd4b383f/apply?preview=true
Technical University of Denmark, Copenhagen, Denmark
Job Posting
We are looking for an assistant/associate professor to extend and complement research and teaching at the Cybersecurity Engineering Section at DTU Compute, Technical University of Denmark. You could be our new colleague if you are a talented researcher with a passion for research within cybersecurity, and a desire to impact society through collaboration with both private and public sector partners. We strive for academic excellence in a very international environment characterized by collegial respect and academic freedom tempered by responsibility. We value intellectual freedom, offering you the autonomy to pursue research topics that truly interest you. We promote talent in different forms according to your specific interests and strengths. We understand the value of balance, for instance we can ensure a reasonable teaching load, providing ample time for your research.
The university is located in the greater Copenhagen area, which is acknowledged for its excellent standards of living, childcare and welfare system.
Closing date for applications:
Contact: Professor Nicola Dragoni ([email protected])
More information: https://efzu.fa.em2.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1/job/3667/?utm_medium=jobshare
George Lu, Mark Zhandry
ePrint ReportIn particular, we focus on the case of $q$-type assumptions, which are ubiquitous in group- and pairing-based cryptography, but unfortunately are less desirable than the more well-understood static assumptions. Subgroup decision techniques have had great success in removing $q$-type assumptions, even allowing $q$-type assumptions to be generically based on static assumptions on composite-order groups. Our main result shows that the same likely does not hold in the prime order setting. Namely, we show that a large class of $q$-type assumptions, including the security definition of a number of cryptosystems, cannot be proven secure in a black box way from any static assumption.
Damien VIDAL, Sorina IONICA, Claire Delaplace
ePrint ReportShuhong Gao, Kyle Yates
ePrint ReportShravani Patil, Arpita Patra
ePrint ReportThe feasibility of perfectly-secure MPC in synchronous and asynchronous networks has been settled a long ago. The landmark work of [Ben-Or, Goldwasser, and Wigderson, STOC'88] shows that $n > 3t_s$ is necessary and sufficient for any MPC protocol with $n$-parties over synchronous network tolerating $t_s$ active corruptions. In yet another foundational work, [Ben-Or, Canetti, and Goldreich, STOC'93] show that the bound for asynchronous network is $n > 4t_a$, where $t_a$ denotes the number of active corruptions. However, the same question remains unresolved for network-agnostic setting till date. In this work, we resolve this long-standing question.
We show that perfectly-secure network-agnostic $n$-party MPC tolerating $t_s$ active corruptions when the network is synchronous and $t_a$ active corruptions when the network is asynchronous is possible if and only if $n > 2 \max(t_s,t_a) + \max(2t_a,t_s)$.
When $t_a \geq t_s$, our bound reduces to $n > 4t_a$, whose tightness follows from the known feasibility results for asynchronous MPC. When $t_s > t_a$, our result gives rise to a new bound of $n > 2t_s + \max(2t_a,t_s)$. Notably, the previous network-agnostic MPC in this setting [Appan, Chandramouli, and Choudhury, PODC'22] only shows sufficiency for a loose bound of $n > 3t_s + t_a$. When $t_s > 2t_a$, our result shows tightness of $ n > 3t_s$, whereas the existing work shows sufficiency for $n > 3t_s+t_a$.
Matilda Backendal, Hannah Davis, Felix Günther, Miro Haller, Kenneth G. Paterson
ePrint ReportIn this paper, we address this shortcoming by initiating the formal study of E2EE cloud storage. We give a formal syntax to capture the core functionality of a cloud storage system, capturing the real-world complexity of such a system's constituent interactive protocols. We then define game-based security notions for confidentiality and integrity of a cloud storage system against a fully malicious server. We treat both selective and fully adaptive client compromises. Our notions are informed by recent attacks on E2EE cloud storage providers. In particular we show that our syntax is rich enough to capture the core functionality of MEGA and that recent attacks on it arise as violations of our security notions. Finally, we present an E2EE cloud storage system that provides all core functionalities and that is both efficient and provably secure with respect to our selective security notions. Along the way, we discuss challenges on the path towards bringing the security of cloud storage up to par with other end-to-end primitives, such as secure messaging and TLS.