[crypto] Fwd: CWG - 1 March programme
R. Hirschfeld
ray at unipay.nl
Tue Feb 13 17:26:08 CET 2024
-------- Original Message --------
Subject: CWG - 1 March programme
Date: 2024-02-13 16:54
From: "Guarise Vieira, Heloise" <h.guarise.vieira at tue.nl>
To:
Dear all,
We will host the next Crypto Working Group meeting on 1 March, from
10:45 to 16h, at the Kargadoor, in Utrecht.
Below you will find the programme for this meeting.
We hope to see you there!
10:45h – One for All, All for Ascon: Ensemble-based Deep Learning
Side-channel Analysis (Azade Rezaeezade)
Abstract:
In recent years, deep learning-based side-channel analysis (DLSCA) has
become an active research topic within the side-channel analysis
community. The well-known challenge of hyperparameter tuning in DLSCA
encouraged the community to use methods that reduce the effort required
to identify an optimal model. One of the successful methods is ensemble
learning. While ensemble methods have demonstrated their effectiveness
in DLSCA, particularly with AES-based datasets, their efficacy in
analyzing symmetric-key cryptographic primitives with different
operational mechanics remains unexplored.
Ascon was recently announced as the winner of the NIST lightweight
cryptography competition. This will lead to broader use of Ascon and a
crucial requirement for thorough side-channel analysis of its
implementations. With these two considerations in view, we utilize an
ensemble of deep neural networks to attack two implementations of Ascon.
Using an ensemble of five multilayer perceptrons or convolutional neural
networks, we could find the secret key for the Ascon-protected
implementation with less than 3\,000 traces. To the best of our
knowledge, this is the best currently known result. We can also identify
the correct key with less than 100 traces for the unprotected
implementation of Ascon, which is on par with the state-of-the-art
results.
11:30h – coffee break
11:45h – Analysis of HWQCS and Layered-ROLLO-I (Alex Pellegrini)
Research in code based cryptography area led to the proposal of
candidates to post-quantum competitions using both codes in the Hamming
and rank metrics. In this talk I will present the cryptanalysis of
Layered-ROLLO-I, a rank metric code-based cryptosystem submitted to the
Korean post-quantum Cryptography Competition, and HWQCS, a Hamming
metric signature scheme presented at ICISC 2023. I will show how to
unwrap the layers of Layered-ROLLO-I reducing it to a weak version of
ROLLO-I and also describe an efficient message recovery attack that only
uses linear algebra. Moving to HWQCS, I will show that the signatures
leak substantial secret information, give a statistical modeling of the
leakage and finally use this knowledge to mount an efficient universal
forgery attack.
12:30h – lunch
14h - Towards Compressed Permutation Oracle (Dominique Unruh)
Abstract:
Compressed oracles (Zhandry, Crypto 2019) are a powerful technique to
reason about quantum random oracles, enabling a sort of lazy sampling in
the presence of superposition queries. A long-standing open question is
whether a similar technique can also be used to reason about random
(efficiently invertible) permutations.
In this work, we make a step towards answering this question. We first
define the compressed permutation oracle and illustrate its use. While
the soundness of this technique (i.e., the indistinguishability from a
random permutation) remains a conjecture, we show a curious 2-for-1
theorem: If we use the compressed permutation oracle methodology to show
that some construction (e.g., Luby-Rackoff) implements a random
permutation (or strong qPRP), then we get the fact that this methodology
is actually sound for free.
14:45h – Coffee break
15h - Topology-Based Reconstruction Defences for Decentralised Learning
(Florine Dekker)
Abstract:
Decentralised learning has recently gained traction as an alternative to
federated learning in which both data and coordination are distributed
over the users. To preserve the confidentiality of users' data,
decentralised learning relies on differential privacy, multi-party
computation, or a combination thereof. However, running multiple
privacy-preserving summations in sequence may, counterintuitively,
decrease privacy in what is known as a reconstruction attack.
Unfortunately, current reconstruction countermeasures either do not
consider correlated data, or have been designed for centralised systems
and cannot trivially be adapted to the setting of decentralised
learning.
In this work, we show that passive honest-but-curious adversaries can
reconstruct other users' private data after several privacy-preserving
summations. For example, in subgraphs with 18 users, we show that only
three passive honest-but-curious adversaries succeed at reconstructing
private data 11.0% of the time, requiring an average of 8.8 summations
per adversary. The success rate is independent of the size of the full
network. We consider weak adversaries, who do not control the graph
topology, and can exploit neither the inner workings of the summation
protocol nor the specifics of users' data.
We develop a mathematical understanding of how reconstruction relates to
topology and propose the first decentralised countermeasure to
reconstruction attacks as seen in decentralised learning. Specifically,
we show that reconstruction requires a number of adversaries linear in
the length of the network's shortest cycle. Consequently, reconstructing
private data from privacy-preserving summations is impossible in acyclic
networks.
Our work is a stepping stone for a formal theory of decentralised
reconstruction defences through structured composition. Such a theory
would generalise our countermeasure beyond summation, define
confidentiality in terms of entropy, and describe the effects of
(topology-aware) differential privacy.
15:45h – end of activities
Best regards,
--
[Image]
Heloise Vieira, PhD
Discrete Mathematics Cluster, Project Leader
Department of Mathematics and Computer Science
Phone number +31 (0)402474864
De Zaale, Eindhoven
05 MetaForum, MF 6.101
More information about the crypto
mailing list