International Association
for Cryptologic Research

We present a simple Byzantine agreement protocol with leader election, that works under > 2/3 honest majority and does not rely on the participants having synchronized clocks. When honest messages are delivered within a bounded worst-case delay, agreement is reached in expected constant number of steps when the elected leader is malicious, and is reached after two steps when the elected leader is honest. Our protocol is resilient to arbitrary network partitions with unknown length, and recovers fast after the partition is resolved and bounded message delay is restored. We will briefly discuss how the protocol applies to blockchains in a permissionless system. In particular, when an honest leader proposes a block of transactions, the first voting step happens in parallel with the block propagation. Effectively, after the block propagates, a certificate is generated in just one step of voting.

In this paper we investigate various arithmetic techniques which can be used to potentially enhance the performance in the supersingular isogeny Diffie-Hellman (SIDH) key-exchange protocol which is one of the more recent contenders in the post-quantum public-key arena. Firstly, we give a systematic overview of techniques to compute efficient arithmetic modulo $2^xp^y\pm 1$. Our overview shows that in the SIDH setting, where arithmetic over a quadratic extension field is required, the approaches based on Montgomery reduction for such primes of a special shape are to be preferred. Moreover, the outcome of our investigation reveals that there exist moduli which allow even faster implementations.

Secondly, we investigate if it is beneficial to use other curve models to speed-up the elliptic curve scalar multiplication. The use of twisted Edwards curves allows one to search for efficient addition-subtraction chains for fixed scalars while this is not possible with the differential addition law when using Montgomery curves. Our preliminary results show that despite the fact that we found such efficient chains, using twisted Edwards curves does not result in faster scalar multiplication arithmetic in the setting of SIDH.

Consider an access policy for some resource which only allows access to users of the system who own a certain set of attributes. Specifically, we consider the case where such an access structure is defined by a monotone formula (or logarithmic depth circuit) $F:\{0,1\}^N\rightarrow\{0,1\}$, where $N$ is the number of possible attributes.

In this work we present two results, which we believe to be of individual interest even regardless of the above application, and show how to combine them to achieve a succinct single-round private access control protocol. That is, a verifier can be convinced that an approved user (i.e. one which holds an approved set of attributes) is accessing the system, without learning any additional information about the user or the set of attributes.

First, assuming a computational PIR scheme (which can be based, for example, on the polynomial hardness of the LWE assumption), we construct for any $NP$ language $L$, a succinct single-round (2-message) protocol for delegating \monotone batch $L$ computations. Explicitly, for every $N\in \mathbb{N}$, every $x_1,\ldots,x_N\in \{0,1\}^n$, and every monotone formula $F:\{0,1\}^N\rightarrow \{0,1\}$, a prover can succinctly prove that $F(1_{x_1\in L},\ldots,1_{x_N\in L})=1$, where $1_{x_i\in L}=1$ if and only if $x_i\in L$, and where the communication complexity is $m \cdot polylog(N)$ where $m$ is the length of a single witness.

Second, assuming a quasi-polynomially secure two-message oblivious transfer scheme with statistical sender privacy (which can be based on quasi-polynomial hardness of the DDH, QR or DCR assumptions), we show how to convert any single-round protocol into a witness indistinguishable one, with similar communication complexity.

We provide a survey about generic attacks on cryptographic hash constructions including hash-based message authentication codes and hash combiners.

We look into attacks involving iteratively evaluating identical mappings many times. The functional graph of a random mapping also involves iteratively evaluating the mapping. These attacks essentially exploit properties of the functional graph. We map the utilization space of those properties from numerous proposed known attacks, draw a comparison among classes of attacks about their advantages and limitations.

We provide a systematic exposition of concepts of cycles, deep-iterate images, collisions and their roles in cryptanalysis of iterated hash constructions. We identify the inherent relationship between these concepts, such that case-by-case theories about them can be unified into one knowledge system, that is, theories on the functional graph of random mappings. We show that the properties of the cycle search algorithm, the chain evaluation algorithm and the collision search algorithm can be described based on statistic results on the functional graph. Thereby, we can provide different viewpoints to support previous beliefs on individual knowledge.

In that, we invite more sophisticated analysis of the functional graph of random mappings and more future exploitations of its properties in cryptanalysis.

We present PanORAMa, the first Oblivious RAM construction that achieves communication overhead $O(\log N \cdot \log \log N)$ for database of N blocks and for any block size $B = \Omega(\log N)$ while requiring client memory of only a constant number of memory blocks. Our scheme can be instantiated in the ”balls and bins” model in which Goldreich and Ostrovsky [JACM 96] showed an $\Omega(\log N)$ lower bound for ORAM communication.

Our construction follows the hierarchical approach to ORAM design and relies on two main building blocks of independent interest: a new oblivious hash table construction with improved amortized $O(\log N + poly(\log \log \lambda))$ communication overhead for security parameter $\lambda$ and $N = \mathsf{poly}(\lambda)$, assuming its input is randomly shuffled; and a complementary new oblivious random multi-array shuffle construction, which shuffles N blocks of data with communication $O(N \log \log \lambda + \frac{N \log N}{\log \lambda})$ when the input has a certain level of entropy. We combine these two primitives to improve the shuffle time in our hierarchical ORAM construction by avoiding heavy oblivious shuffles and leveraging entropy remaining in the merged levels from previous shuffles. As a result, the amortized shuffle cost is asymptotically the same as the lookup complexity in our construction.

Most secure computation protocols can be effortlessly adapted to offload a significant fraction of their computationally and cryptographically expensive components to an offline phase so that the parties can run a fast online phase and perform their intended computation securely. During this offline phase, parties generate private shares of a sample generated from a particular joint distribution, referred to as the correlation. These shares, however, are susceptible to leakage attacks by adversarial parties, which can compromise the security of the entire secure computation protocol. The objective, therefore, is to preserve the security of the honest party despite the leakage performed by the adversary on her share.

Prior solutions, starting with $n$-bit leaky shares, either used 4 messages or enabled the secure computation of only sub-linear size circuits. Our work presents the first 2-message secure computation protocol for 2-party functionalities that have $\Theta(n)$ circuit-size despite $\Theta(n)$-bits of leakage, a qualitatively optimal result. We compose a suitable 2-message secure computation protocol in parallel with our new 2-message correlation extractor. Correlation extractors, introduced by Ishai, Kushilevitz, Ostrovsky, and Sahai (FOCS--2009) as a natural generalization of privacy amplification and randomness extraction, recover ``fresh'' correlations from the leaky ones, which are subsequently used by other cryptographic protocols. We construct the first 2-message correlation extractor that produces $\Theta(n)$-bit fresh correlations even after $\Theta(n)$-bit leakage.

Our principal technical contribution, which is of potential independent interest, is the construction of a family of multiplication-friendly linear secret sharing schemes that is simultaneously a family of small-bias distributions. We construct this family by randomly ``twisting then permuting'' appropriate Algebraic Geometry codes over constant-size fields.

Event date: 14 December to 16 December 2018
Submission deadline: 14 August 2018
Notification: 14 October 2018

Event date: 6 September to 7 September 2018
Submission deadline: 11 June 2018
Notification: 18 July 2018

The Nanyang Technological University in Singapore is offering scholarship for Ph.D students on the field of cryptography, inclusive of symmetric-key cryptography, cryptanalysis, lightweight cryptography etc.

The Ph.D. program at NTU is usually for 4 years, which comprises some coursework in the first year and intensive research for all years. The research scholarship offers full coverage of tuition fees, support of conference trips, tax-free living allowance of 2000 SGD/month for the first year, and 2500 SGD/month for the subsequence years after passing the Ph.D candidate qualification examination, further top-up is possible for exceptional good candidates, Singapore citizens and permanent residents. For more information about the requirements of admission and application procedure, refer to here: http://admissions.ntu.edu.sg/graduate/Pages/home.aspx

These positions will be available until filled. For the Jan 2019 intake, submit by 30th September 2018, and by 31st March 2019 for the August 2019 intake. More information about the CATF research team can be found here: http://catf.crypto.sg

Closing date for applications: 31 December 2019

Contact: Jian Guo, Assistant Professor, guojian (at) ntu.edu.sg for more information.

Ant Financial is a technology company that brings inclusive financial services to the world.Ant Financial, officially founded in October 2014, originated from Alipay founded in 2004.

Ant Financial is dedicated to bringing the world more equal opportunities through building a technology-driven open ecosystem and working with other financial institutions to support the future financial needs of society.

We are hiring:

- Applied Cryptography

- Crypto-currencies, smart-contracts, financial cryptography

- Privacy enhancing technologies

- Distributed consensus protocols

- Cybersecurity

Requirements:

- M.S. or Ph.D. in Cryptographic, System Security, Computer Science or related field, or equivalent experience.

- Good programming skills - C/C++, Go

- Good knowledge in Blockchain technology

- Chinese Mandarin can be used as work language

Interested candidates kindly contact Email: lewis.ls (at) antfin.com

Closing date for applications: 31 October 2018

More information: https://www.antfin.com/index.htm?locale=en_US

Event date: 8 October to 12 October 2018
Submission deadline: 8 June 2018
Notification: 8 July 2018

Event date: 5 November to 7 November 2018
Submission deadline: 10 June 2018
Notification: 10 August 2018

PhD position on Contactless Electronic Payments at Surrey Centre for Cyber Security, Univ. of Surrey, UK

A fully-funded PhD in contactless electronic payments and their security.

Tax-free stipend of 22,000 GBP per year + annual increments. UK citizenship is required.

The project focuses on the cryptographic design and provable security of extensions of the contactless version of the EMV (Europay, Mastercard and Visa) protocol-suite. The main aim is to protect against threats linked to impersonation and therefore fraudulent payments, stemming from relay attacks, but it is not restricted to this. A second goal is that this EMV-enhancement also gives a second authentication-factor to the payment procedure. The project has Consult Hyperion as an industrial partner, which is a company with world-class experience in EMV security.

To apply, please contact Dr Ioana Boureanu, at i.boureanu (at) surrey.ac.uk

Closing date for applications: 25 May 2018

Contact: Ioana Boureanu, at i.boureanu (at) surrey.ac.uk

More information: https://jobs.surrey.ac.uk/vacancy.aspx?ref=007318

Founded in 2015 by Charles Hoskinson and Jeremy Wood, IOHK is a technology company committed to using peer-to-peer innovations to provide financial services to the three billion people who don’t have them. We are an engineering company that builds cryptocurrencies and block chains for academic institutions, government entities and corporations. We are a decentralized company that loves small innovative teams forming and executing ideas that cause cascading disruption.

Job Description

We are looking for a talented, specialised Security Manager to join our growing in-house Security team. The prospective candidate will oversee and coordinate the security process, from research to product development, and will be working with internal teams on embedding Security across IOHK’s project line.

The prospective candidate will be expected to assemble a team and work directly with research, engineering and Project Management (BA’s, Test and Quality, Cryptography and management teams throughout the current and future set of projects

The individual should have an excellent understanding of Security requirements in the Development lifecycle and have an excellent and detailed understanding of the threats and risks that need to be addressed in the development life cycle, specifically in the blockchain / cryptocurrency area.

Closing date for applications: 24 June 2018

Contact: David Rountree

Technical Recruiter

david.rountree (at) iohk.io

More information: https://iohk.io/careers/#op-250078-security-team-manager

The Department of Computer, Control and Management Engineering Antonio Ruberti (DIAG) of Sapienza University of Rome invites outstanding candidates to express their interests for 1 full-time tenured position (full professor) in Cyber Security. The position is funded under the program ``Departments of Excellence´´ of the Italian Ministry of Education and Research that will help consolidating and strengthening the research group in Cyber Security at DIAG-Sapienza.

Profile

Candidates will hold a PhD from a leading research university, an established teaching experience, an appropriate record of publications in highly ranked international journals and conferences, an appropriate record of national and international grants as principle investigator, and an adequate record of supervision of PhD students or similar experience in leading research teams in industrial research. Candidates will also have either a tenured position status in a university or have recently obtained the appropriate national qualification (ASN) in the Academic Discipline ``Information Processing Systems´´ (ING-INF/05) of the Italian University System.

Position

Successful candidates will be engaged in first-class research in the area of Cyber Security, will supervise Master Thesis and PhD students in their fields, will contribute to the Master degree in Cyber Security at Sapienza University of Rome, and will be involved in collaborations with industry and public bodies. Appointments are full-time. The salary is competitive. We especially welcome expressions of interests from female scholars.

Expression of Interest

Application to be sent at recruitment (at) diag.uniroma1.it must contain the following:

1. Curriculum vitae

2. 3-page (max) research and teaching statement including the candidate research program that intends to pursue while at Sapienza.

Expressions of interest should preferably be sent before the end of May 2018. For further information, please consult recruitment (at) diag.uniroma1.it

Closing date for applications: 31 May 2018

Contact: recruitment (at) diag.uniroma1.it

The goal of this PhD project is to study different constructions for hash chains, signature schemes and their surrounding protocols within blockchain technology. Analysis of their combined properties will be conducted from a cryptographic point of view, with emphasis on efficiency, privacy and anonymity. Modern methods of analysis will be applied to obtain high assurance of security. This project will be run in close conjunction with networking and security researchers and relate to application-oriented blockchain projects as target areas.

The research will be carried out within a program of 6 PhD projects under the heading of Trust and Transparency in Digital Society Through Blockchain Technology. This multi-disciplinary program includes technological aspects (cryptographic mechanisms, networking requirements, identity management), societal aspects and application areas. The program team involves 12 professors across several different departments and faculties. It is expected that the PhD fellow for this project will collaborate actively with other PhD fellows involved in the overall program and contribute to plenary meetings of the program. This program forms part of the NTNU Digital Transformation initiative.

Closing date for applications: 27 May 2018

Contact: For further information about the position, please contact Professor Kristian Gjøsteen (kristian.gjosteen (at) ntnu.no), or Professor Colin Boyd (colin.boyd (at) ntnu.no) for information about the Trust and Transparency in Digital Society Through Blockchain Technology project.

More information: https://www.jobbnorge.no/en/available-jobs/job/151330/

We are looking for hardworking and self-driven PhD students to work in the areas of applied cryptography beginning from August 2018 or January 2019. University of South Florida is a Rank 1 Research University and offers a competitive salary with an excellent working environment, all within a close proximity of high-tech industry and beautiful beaches of Sunny Florida. Tampa/Orlando area is a key part of Florida High Technology Corridor, and harbors major tech and research companies. The qualified candidate will have opportunities for research internship and joint-projects with lead-industrial companies. Topics:

Trustworthy Unmanned Aerial Systems

• New cryptographic frameworks to protect aerial drones

Trustworthy Machine Learning (TML)

• Privacy-Preserving Machine Learning

• Adversarial Machine Learning

Breach-Resilient Cyber-Infrastructures:

• New searchable encryption and Oblivious RAM schemes

• Augmentation of privacy enhancing technologies with trusted execution environments

Secure and Reliable IoT and Cryptocurrencies

• Post-Quantum public key infrastructure for IoT

• Use of Blockchain for Cyber Security

Requirements:

• A BS degree in computer science, electrical engineering or mathematics with a high-GPA.

• Very good programming skills (e.g., C, C++), familiarity with OS/Systems.

• Good Academic Writing and Presentation Skills.

• MS degree in computer science, electrical engineering or mathematics is a big plus. Publications in security and privacy are highly desirable.

Please send (by e-mail): (i) Transcripts, (ii) Curriculum vitae, (iii) Three reference letters, (iv) Research statement, (v) GRE and TOEFL scores

Closing date for applications: 15 September 2018

Contact: Dr. Attila A. Yavuz

attila.yavuz (at) gmail.com

More information: http://web.engr.oregonstate.edu/~yavuza/article/PositionDescrption_at_USF.pdf

The proceedings for Crypto 2018 are now available via SpringerLink. Through our agreement with Springer, IACR members can access these proceedings for free by logging into this access page. The conference will be held April 29 - May 3 in Tel Aviv.

In this paper, we study several related computational problems for supersingular elliptic curves, their isogeny graphs, and their endomorphism rings. We prove reductions between the problem of path finding in the $\ell$-isogeny graph, computing maximal orders isomorphic to the endomorphism ring of a supersingular elliptic curve, and computing the endomorphism ring itself. We also give constructive versions of Deuring's correspondence, which associates to a maximal order in a certain quaternion algebra an isomorphism class of supersingular elliptic curves. The reductions are based on heuristics regarding the distribution of norms of elements in quaternion algebras.

We show that conjugacy classes of maximal orders have a representative of polynomial size, and we define a way to represent endomorphism ring generators in a way that allows for efficient valuation at points on the curve. We relate these problems to the security of the Charles-Goren-Lauter hash function. We provide a collision attack for special but natural parameters of the hash function and prove that for general parameters its preimage and collision resistance are also equivalent to the endomorphism ring computation problem.

S-boxes are important parts of modern ciphers. To construct S-boxes having cryptographic parameters close to optimal is an unsolved problem at present time. In this paper some new methods for generating such S-boxes are introduced.