Crypto 2018 Program

Sunday, August 19, 2018

17:00–20:00 Registration Location: Anacapa Formal Lounge

17:30–21:30 Reception Dinner Location: Anacapa Lawn Monday, August 20, 2018

7:30–8:45 Breakfast Location: De La Guerra Dining Commons Opening remarks 8:50–9:00 Location: Corwin Pavilion Chair: Crypto General Chair, Tal Rabin Secure Messaging Round Optimal MPC Location: Lotte Lehman Hall Location: Corwin Pavilion Chair: Kenny Paterson Chair: Fabrice Benhamouda Towards Bidirectional Ratcheted Key Exchange Round-Optimal Secure Multiparty Bertram Poettering, Paul Rösler Computation with Honest Majority Royal Holloway, University of London, Ruhr University Bochum Prabhanjan Ananth, Arka Rai Choudhuri, Aarushi Optimal Channel Security Against Fine-Grained Goel, Abhishek Jain State Compromise: The Safety of Messaging MIT, JHU Joseph Jaeger, Igors Stepanovs On the Exact Round Complexity of Secure UC San Diego Three-Party Computation Out-of-Band Authentication in Group Messaging: Arpita Patra, Divya Ravi Computational, Statistical, Optimal Indian Institute of Science, India 9:05–10:25 Lior Rotem, Gil Segev Soft Merge with the next talk: Promise Hebrew University of Jerusalem Zero Knowledge and its Applications to Round Optimal MPC Saikrishna Badrinarayanan, Vipul Goyal, Abhishek Jain, Yael Tauman Kalai, Dakshita Khurana, Amit Sahai UCLA, CMU, JHU, MIT and Microsoft Research Round-Optimal Secure Multi-Party Computation Shai Halevi, Carmit Hazay, Antigoni Polychroniadou, Muthuramakrishnan Venkitasubramaniam IBM, Bar Ilan University, Cornell-Tech / University of Rochester, University of Rochester 10:20–10:50 Coffee Break Implementations and Physical Attacks Foundations Location: Lotte Lehman Hall Location: Corwin Pavilion Chair: Tancrède Lepoint Chair: Daniel Wichs Faster Homomorphic Linear Transformations in Yes, There is an Oblivious RAM Lower HElib Bound! 10:50–11:40 Shai Halevi, Victor Shoup Kasper Green Larsen, Jesper Buus Nielsen IBM Research, NYU Aarhus University CAPA: The Spirit of Beaver against Physical Attacks Constrained PRFs for NC1 in Traditional Oscar Reparaz, Lauren De Meyer, Begül Bilgin, Victor Arribas, Groups Svetla Nikova, Ventzislav Nikov, Nigel P. Smart Nuttapong Attrapadung, Takahiro Matsuda, Ryo KU Leuven, imec - Cosic, Leuven, Belgium, Square Inc., San Nishimaki, Shota Yamada, Takashi Yamakawa Francisco, USA, NXP Semiconductors, Leuven, Belgium AIST, NTT Secure Platform Laboratories 11:40–11:45 Track-switch Break

1 Monday, August 20, 2018 IACR Distinguished Lecture Location: Corwin Pavilion Chair: Tal Rabin 11:45–12:45 From Idea to Impact, the Crypto story: What's next? Shafi Goldwasser Berkeley and MIT

12:50–14:00 Lunch Location: De La Guerra Dining Commons Authenticated and Format-Preserving Lattices Encryption Location: Corwin Pavilion Location: Lotte Lehman Hall Chair: Daniele Micciancio Chair: Aishwarya Thiruvengadam GGH15 Beyond Permutation Branching Fast Message Franking: From Invisible Programs: Proofs, Attacks, and Salamanders to Encryptment Candidates Yevgeniy Dodis, Paul Grubbs, Thomas Ristenpart, Joanne Yilei Chen, Vinod Vaikuntanathan, Hoeteck Wee Woodage Boston University, MIT, CNRS and ENS, PSL 14:15–15:30 NYU, Cornell Tech, Royal Holloway Lower Bounds on Lattice Enumeration Indifferentiable Authenticated Encryption with Extreme Pruning Manuel Barbosa, Pooya Farshim Yoshinori Aono, Phong Q. Nguyen, Takenobu Seito, INESC TEC and FC University of Porto, DI/ENS, CNRS, PSL Junji Shikata University and Inria, Paris, France NICT, Inria and CNRS, JFLI, University of Tokyo, The Curse of Small Domains: New Attacks on Bank of Japan, Yokohama National University Format-Preserving Encryption Dissection-BKW Viet Tung Hoang, Stefano Tessaro, Ni Trieu Andre Esser, Felix Heuer, Robert Kübler, Alexander Florida State University, UCSB, Oregon State University May, Christian Sohler Ruhr University Bochum, TU Dortmund 15:30–16:00 Coffee Break Cryptanalysis Lattice-based Zero Knowledge Location: Lotte Lehman Hall Location: Corwin Pavilion Chair: Viet Tung Hoang Chair: Anna Lysyanskaya Cryptanalysis via algebraic spans Sub-Linear Lattice-Based Zero-Knowledge Adi Ben-Zvi, Arkadius Kalka, Boaz Tsaban Arguments for Arithmetic Circuits Bar-Ilan University Carsten Baum, Jonathan Bootle, Andrea Cerulli, Improved Division Property Based Cube Attacks Rafael del Pino, Jens Groth, Vadim Lyubashevsky Exploiting Algebraic Properties of Superpoly Bar Ilan University, UCL, IBM Research - Zurich Qingju Wang, Yonglin Hao, Yosuke Todo, Chaoyun Li, Takanori Lattice-Based Zero-Knowledge Arguments 16:00–17:15 Isobe, Willi Meier for Integer Relations University of Luxembourg, Luxembourg, State Key Laboratory Benoît Libert, San Ling, Khoa Nguyen, Huaxiong of Cryptology, P.O. Box 5159, Beijing 100878, China, NTT Wang Secure Platform Laboratories, Japan, imec-COSIC, Dept. CNRS and ENS de Lyon (France), Nanyang Electrical Engineering (ESAT), KU Leuven, Belgium, University Technological University (Singapore) of Hyogo, Japan, FHNW, Switzerland Multi-Theorem Preprocessing NIZKs from Generic Attacks against Beyond-Birthday-Bound Lattices MACs Sam Kim, David J. Wu Gaëtan Leurent, Mridul Nandi, Ferdinand Sibleyras Stanford University Inria,

19:00–21:00 Dinner Location: Anacapa Lawn Tuesday, August 21, 2018

7:30–8:35 Breakfast Location: De La Guerra Dining Commons

2 Tuesday, August 21, 2018 Searchable Encryption and Efficient MPC Differential Privacy Location: Corwin Pavilion Location: Lotte Lehman Hall - starts at 8:55 Chair: Mike Rosulek Chair: Alexandra Boldyreva SPDZ2k: Efficient MPC mod 2^k for Dishonest Structured Encryption and Leakage Majority Suppression Ronald Cramer, Ivan Damgård, Daniel Escudero, Peter Scholl, Seny Kamara, Tarik Moataz, Olga Ohrimenko Chaoping Xing Brown University, Microsoft Research CWI, Amsterdam, Aarhus University, Aarhus Univerity, Nanyang Technological University, Singapore Soft Merge with the next talk: Searchable Encryption with Optimal Yet Another Compiler for Active Security or: Efficient Locality: Achieving Sublogarithmic MPC Over Arbitrary Rings Ivan Damgård, Claudio Orlandi, Mark Simkin Read Efficiency Aarhus University Ioannis Demertzis, Dimitrios Papadopoulos, Charalampos Papamanthou TinyKeys: A New Approach to Efficient Multi-Party University of Maryland, Hong Kong University of Computation 8:40–10:20 Science and Technology Carmit Hazay, Emmanuela Orsini, Peter Scholl, Eduardo Soria- Tight Tradeoffs in Searchable Vazquez Bar-Ilan University, KU Leuven, Aarhus University, University of Symmetric Encryption Bristol Gilad Asharov, Gil Segev, Ido Shahaf Cornell Tech, Hebrew University of Jerusalem Fast Large-Scale Honest-Majority MPC for Malicious Soft Merge with the next talk: Hardness Adversaries Koji Chida, Daniel Genkin, Koki Hamada, Dai Ikarashi, Ryo of Non-Interactive Differential Privacy Kikuchi, Yehuda Lindell, Ariel Nof from One-Way Functions NTT Secure Platform Laboratories, University of Pennsylvania and Lucas Kowalczyk, Tal Malkin, Jonathan Ullman, University of Maryland, Bar-Ilan University Daniel Wichs Columbia University, Northeastern University Risky Traitor Tracing and New Differential Privacy Negative Results Rishab Goyal, Venkata Koppula, Andrew Russell, Brent Waters UT Austin 10:20–10:50 Coffee Break Secret Sharing Quantum Cryptography I Location: Lotte Lehman Hall Location: Corwin Pavilion Chair: Hoeteck Wee Chair: Alexandra Boldyreva Non-Malleable Secret Sharing for Quantum FHE (Almost) As Secure As Classical General Access Structures Zvika Brakerski Vipul Goyal, Ashutosh Kumar Weizmann Institute of Science CMU, UCLA IND-CCA-secure Key Encapsulation Mechanism in the On the Local Leakage Resilience of Quantum Random Oracle Model, Revisited Linear Secret Sharing Schemes Haodong Jiang, Zhenfeng Zhang, Long Chen, Hong Wang, Zhi Ma State Key Laboratory of Mathematical Engineering and Advanced 10:50–11:40 Fabrice Benhamouda, Akshay Degwekar, Yuval Ishai, Tal Rabin Computing, Zhengzhou, Henan, China, TCA Laboratory, State Key IBM Research, MIT, Technion Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, China, TCA Laboratory, State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, China, University of Chinese Academy of Sciences, Beijing, China, State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, Henan, China, State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, Henan, China, CAS Center for Excellence and Synergetic Innovation Center in Quantum information and Quantum Physics,USTC, Hefei, Anhui, China 11:40–11:45 Track-switch Break

3 Tuesday, August 21, 2018 Encryption Quantum Cryptography II Location: Lotte Lehman Hall Location: Corwin Pavilion Chair: Ananth Raghunathan Chair: Chitchanok Chuengsatiansup Threshold Cryptosystems From Pseudorandom Quantum States Threshold Fully Homomorphic Zhengfeng Ji, Yi-Kai Liu, Fang Song Encryption University of Technology Sydney, University of Maryland and Dan Boneh, Rosario Gennaro, Steven Goldfeder, NIST, Portland State University Aayush Jain, Sam Kim, Peter M. R. Rasmussen, Soft Merge with the next talk: Quantum Attacks Amit Sahai against Indistinguishablility Obfuscators Proved Stanford University, City College of New York, Secure in the Weak Multilinear Map Model Princeton University, UCLA and Center for Alice Pellet-Mary 11:45–12:40 Encrypted Functionalities Univ Lyon, CNRS, ENS de Lyon, Inria, UCBL, LIP, Lyon, France. Multi-Input Functional Encryption for Cryptanalyses of Branching Program Obfuscations Inner Products: Function-Hiding over GGH13 Multilinear Map from the NTRU Problem Realizations and Constructions without Jung Hee Cheon, Minki Hhan, Jiseung Kim, Changmin Lee Pairings Seoul National University Michel Abdalla, Dario Catalano, Dario Fiore, Romain Gay, Bogdan Ursu Departement informatique de l’ENS, Ecole normale supérieure, CNRS, PSL University, 75005 Paris, France and INRIA, Paris, France, Università di Catania, Italy, IMDEA Software Institute, Madrid, Spain, KIT, Karlsruhe, Germany

12:45–14:00 Lunch Location: De La Guerra Dining Commons 14:00–18:00 Free afternoon

18:00–21:00 Dinner Reception Location: University Center Lagoon Plaza

19:00–19:30 IACR Award Ceremony Location: Corwin Pavilion Rump Session 19:30–23:00 Location: Corwin Pavilion Chair: Stuart Haber Wednesday, August 22, 2018

7:30–8:35 Breakfast Location: De La Guerra Dining Commons

4 Wednesday, August 22, 2018 Symmetric Cryptography MPC Location: Lotte Lehman Hall Location: Corwin Pavilion Chair: Xuejia Lai Chair: Seny Kamara Encrypt or Decrypt? To Make a Single-Key An Optimal Distributed Discrete Log Protocol Beyond Birthday Secure Nonce-Based MAC with Applications to Homomorphic Secret Nilanjan Datta, Avijit Dutta, Mridul Nandi, Kan Yasuda Sharing Indian Institute of Technology, Kharagpur, Indian Itai Dinur, Nathan Keller, Ohad Klein Statistical Institute, Kolkata, NTT Information Sharing Ben-Gurion University, Israel, Bar-Ilan University, Israel Platform Laboratories, NTT Corporation, Japan Must the Communication Graph of MPC Rasta: A cipher with low ANDdepth and few Protocols be an Expander? ANDs per bit Elette Boyle, Ran Cohen, Deepesh Data, Pavel Hubacek Christoph Dobraunig, Maria Eichlseder, Lorenzo Grassi, IDC Herzliya, MIT and Northeastern University, UCLA, Virginie Lallemand, Gregor Leander, Eik List, Florian Charles University Mendel, Christian Rechberger Two-Round Multiparty Secure Computation Graz University of Technology, Horst Görtz Institute for IT Minimizing Public Key Operations 8:40–10:20 Security, Ruhr-Universität Bochum, Bauhaus-Universität Sanjam Garg, Peihan Miao, Akshayaram Srinivasan Weimar, Infineon Technologies AG University of California, Berkeley Non-Uniform Bounds in the Random- Limits of Practical Sublinear Secure Permutation, Ideal-Cipher, and Generic-Group Computation Models Elette Boyle, Yuval Ishai, Antigoni Polychroniadou Sandro Coretti, Yevgeniy Dodis, Siyao Guo IDC Herzliya, Technion, Cornell Tech and University of New York University, Northeastern University Rochester Provable Security of (Tweakable) Block Ciphers Based on Substitution-Permutation Networks Benoit Cogliati, Yevgeniy Dodis, Jonathan Katz, Jooyoung Lee, John Steinberger, Aishwarya Thiruvengadam, Zhe Zhang University of Luxembourg, Luxembourg, New York University, USA, University of Maryland, USA, KAIST, Korea, , University of California, Santa Barbara, Tsinghua University, Beijing 10:20–10:50 Coffee Break Proofs of Work and Proofs of Stake Garbling Location: Lotte Lehman Hall Location: Corwin Pavilion Chair: Alessandra Scafuro Chair: Hoeteck Wee Verifiable Delay Functions Limits on the Power of Garbling Techniques Dan Boneh, Joseph Bonneau, Benedikt Bünz, Ben Fisch for Public-Key Encryption Stanford University, New-York University Sanjam Garg, Mohammad Hajiabadi, Mohammad 10:50–11:40 Proofs of Work from Worst-Case Assumptions Mahmoody, Ameer Mohammed Marshall Ball, Alon Rosen, Manuel Sabin, Prashant Nalini University of California, Berkeley, Vasudevan Optimizing Authenticated Garbling for Faster Columbia University, IDC Herzliya, UC Berkeley, MIT Secure Two-Party Computation Jonathan Katz, Samuel Ranellucci, Mike Rosulek, Xiao Wang University of Maryland, University of Maryland and George Mason University, Oregon State University 11:40–11:45 Track-switch Break Invited Talk Location: Corwin Pavillon Chair: Hovav Shacham 11:45–12:45 Crypto: a Key Ingredient to Building Respectful Products Lea Kissner Google

12:50–14:00 Lunch Location: De La Guerra Dining Commons

5 Wednesday, August 22, 2018 Proof Tools Information-Theoretic MPC Location: Lotte Lehman Hall Location: Corwin Pavilion Chair: Alexandra Boldyreva Chair: Daniel Wichs Simplifying Game-Based Definitions: Amortized Complexity of Information- Indistinguishability up to Correctness and Its Theoretically Secure MPC Revisited Application to Stateful AE Ignacio Cascudo, Ronald Cramer, Chaoping Xing, Chen 14:15–15:05 Phillip Rogaway, Yusi Zhang Yuan University of California, Davis, USA Aalborg University, Denmark, CWI Amsterdam and The Algebraic Group Model and its Applications Leiden University, the Netherlands, Nanyang Technological University, Singapore, CWI Amsterdam, Georg Fuchsbauer, Eike Kiltz, Julian Loss the Netherlands Inria, ENS, CNRS, PSL, France, Ruhr University Bochum, Germany Private Circuits: A Modular Approach Prabhanjan Ananth, Yuval Ishai, Amit Sahai MIT, Technion, UCLA 15:05–15:35 Coffee Break Key Exchange Various Topics Location: Lotte Lehman Hall Location: Corwin Pavilion Chair: Marc Fischlin Chair: Hoeteck Wee On Tightly Secure Non-Interactive Key A New Public-Key Cryptosystem via Mersenne Exchange Numbers Julia Hesse, Dennis Hofheinz, Lisa Kohl Divesh Aggarwal, Antoine Joux, Anupam Prakash, TU Darmstadt, Karlsruhe Institute of Technology Miklos Santha 15:35–16:25 Practical and Tightly-Secure Digital Signatures NUS, Fondation Partenariale de l, NTU and CQT, NUS, and Authenticated Key Exchange CNRS and CQT, NUS Kristian Gjøsteen, Tibor Jager Fast Homomorphic Evaluation of Deep NTNU - Norwegian University of Science and Technology, Discretized Neural Networks Trondheim, Norway, Paderborn University, Paderborn, Florian Bourse, Michele Minelli, Matthias Minihold, Germany Pascal Paillier Orange Labs, ENS, CNRS, PSL Research University, Inria, Ruhr-Universität Bochum, CryptoExperts

16:35–17:35 IACR Membership Meeting Location: Corwin Pavilion

18:00–19:30 Beach Barbeque Location: Goleta Beach

19:30–22:30 Crypto Café Location: Anacapa Formal Lounge and Anacapa Front Lawn Thursday, August 23, 2018

7:30–8:35 Breakfast Location: De La Guerra Dining Commons

6 Thursday, August 23, 2018 Symmetric Cryptanalysis Oblivious Transfer and Non-Malleable Location: Lotte Lehman Hall Codes Chair: Hovav Shacham Location: Corwin Pavilion Improved Key Recovery Attacks on Reduced- Chair: Pooya Farshim Round AES with Practical Data and Memory Adaptive Garbled RAM from Laconic Oblivious Complexities Transfer Achiya Bar-On, Orr Dunkelman, Nathan Keller, Eyal Sanjam Garg, Rafail Ostrovsky, Akshayaram Srinivasan Ronen, Adi Shamir University of California, Berkeley, UCLA Bar Ilan University, Israel, University of Haifa, Israel, On the Round Complexity of OT Extension Weizmann Institute, Israel Sanjam Garg, Mohammad mahmoody, Daniel Masny, Fast Correlation Attack Revisited - Izaak Meckler Cryptanalysis on Full Grain-128a, Grain-128, Berkeley, University of Virginia 8:40–10:20 and Grain-v1 Non-Malleable Codes for Partial Functions Yosuke Todo, Takanori Isobe, Willi Meier, Kazumaro Aoki, with Manipulation Detection Bin Zhang Aggelos Kiayias, Feng-Hao Liu, Yiannis Tselekounis NTT Secure Platform Laboratories, University of Hyogo, University of Edinburgh, Florida Atlantic University FHNW, Chinese Academy of Sciences Continuously Non-Malleable Codes in the A Key-recovery Attack on 855-round Trivium Split-State Model from Minimal Assumptions Ximing Fu, Xiaoyun Wang, Xiaoyang Dong, Willi Meier Rafail Ostrovsky, Giuseppe Persiano, Daniele Venturi, Tsinghua University, Tsinghua University, Shandong Ivan Visconti University, FHNW UCLA, University of Salerno, Sapienza University of Bernstein Bound on WCS is Tight - Repairing Rome Luykx-Preneel Optimal Forgeries Mridul Nandi Indian Statistical Institute, Kolkata 10:20–10:50 Coffee Break Hashes and Random Oracles Zero Knowledge Location: Lotte Lehman Hall Location: Corwin Pavilion Chair: Stanislaw Jarecki Chair: Daniel Genkin Correcting Subverted Random Oracles Non-Interactive Zero-Knowledge Proofs for Alexander Russell, Qiang Tang, Moti Yung, Hong-Sheng Composite Statements Zhou Shashank Agrawal, Chaya Ganesh, Payman Mohassel UNIVERSITY OF CONNECTICUT, New Jersey Institute of Visa Research, Aarhus University Technology, Snapchat and Columbia University, Virginia From Laconic Zero-Knowledge to Public-Key Commonwealth University 10:50–12:05 Cryptography Combiners for Backdoored Random Oracles Itay Berman, Akshay Degwekar, Ron D. Rothblum, Balthazar Bauer, Pooya Farshim, Sogol Mazaheri Prashant Nalini Vasudevan École Normale Supérieure, Technische Universität MIT, MIT, Northeastern University Darmstadt Updatable and Universal Common Reference On Distributional Collision Resistant Hashing Strings with Applications to zk-SNARKs Ilan Komargodski, Eylon Yogev Jens Groth, Markulf Kohlweiss, Mary Maller, Sarah Cornell Tech, Weizmann Institute Meiklejohn, Ian Miers University College London, University of Edinburgh, Cornell Tech 12:05–12:10 Track-switch Break

7 Thursday, August 23, 2018 Trapdoor Functions Obfuscation Location: Lotte Lehman Hall Location: Corwin Pavilion Chair: Marc Fischlin Chair: Tancrède Lepoint Fast Distributed RSA Key Generation for Semi- On the Complexity of Compressing Honest and Malicious Adversaries Obfuscation Tore K. Frederiksen, Yehuda Lindell, Valery Osheter, Gilad Asharov, Naomi Ephraim, Ilan Komargodski, Rafael 12:10–13:00 Benny Pinkas Pass Alexandra Institute, Bar-Ilan University, Unbound Tech Cornell Tech, Cornell University Ltd. A Simple Obfuscation Scheme for Pattern- Trapdoor Functions from the Computational Matching with Wildcards Diffie-Hellman Assumption Allison Bishop, Lucas Kowalczyk, Tal Malkin, Valerio Sanjam Garg, Mohammad Hajiabadi Pastro, Mariana Raykova, Kevin Shi University of California Berkeley, University of California IEX, Columbia University, Columbia University, Columbia Berkeley and University of Virginia University, Yale University, Yale University

13:05–14:00 Lunch Location: De La Guerra Dining Commons

8