International Association
for Cryptologic Research

The dramatic increase of data breaches in modern computing platforms has emphasized that access control is not sufficient to protect sensitive user data. Even in the case of honest parties, unknown software/hardware vulnerabilities and side-channels can enable data leakage, leading to the conclusion that as long as data exists decrypted, it can be leaked. Fortunately, recent advances on cryptographic schemes allow end-to-end processing of encrypted data, without any need for decryption. However, besides the reported impractical overheads, such schemes are particularly hard to use by non-crypto-savvy users, which further inhibits their applicability. In this work, we propose the first usability-oriented framework that enables programmers to incorporate comprehensive privacy protections in their programs, by automatically protecting user-annotated variables using encryption. As a proof of concept and without loss of generality, our E$^3$ framework incorporates three state-of-the-art FHE libraries. In our evaluation, we validate the usability of E$^3$ by employing various benchmarks written in C++, and directly compare the overhead of the core FHE libraries in terms of runtime performance, as well as memory and storage requirements. While FHE is used as a base study, E$^3$ can be used as the base for performance comparison of any encrypted computation methodology.

This note defines Kravatte-SANE and Kravatte-SANSE. Both are session authenticated encryption schemes and differ in their robustness with respect to nonce misuse. They are defined as instances of modes on top of the deck function Kravatte, where a deck function is a keyed function with variable-length input strings, an arbitrary-length output and certain incrementality properties.

NYUAD invites applications for a faculty position in Computer Science at the rank of associate professor or professor, each with tenure. Faculty in the Program in Computer Science contribute to the multidisciplinary research at NYU Abu Dhabi that is a hallmark of the institution’s mission, currently working with faculty from other programs in areas that include cyber-security, natural language processing, music, and data science.

Applicants from all areas of computer science are welcome to apply. However, specific areas of research interest include: (1) data science, with interest in interactive data analytics, big data systems and distributed systems, and database systems; (2) cyber-security, with experience building and deploying large-scale security solutions in the real world that focus on systems security, network security, privacy, cryptography, and formal methods; (3) artificial intelligence, with experience in machine learning research agendas, from statistical models to neural networks or research broadly applicable to language, robotics and imaging; and (4) bioinformatics and synthetic biology.

To obtain further information about research at NYU Abu Dhabi, visit http://nyuad.nyu.edu/en/research/faculty-research.html

To be considered, applicants should submit a complete curriculum vitae, statements of teaching and research interests that should not exceed three pages each, and no more than three representative publications. Applicants should also arrange for the submission of three letters of reference on their behalf, in PDF format.

To apply visit https://apply.interfolio.com/47185

If you have any questions, please e-mail nyuad.science (at) nyu.edu

Appointments can begin as soon as September 1, 2019, but later start dates are possible.

The University is an equal opportunity employer committed to equity, diversity and social inclusion.

Closing date for applications: 1 February 2019

Contact: Tasso Feldman

More information: https://apply.interfolio.com/47185

NYUAD invites applications for a faculty position in Computer Science at the rank of assistant professor, tenure track. Faculty in the Program in Computer Science contribute to the multidisciplinary research at NYU Abu Dhabi that is a hallmark of the institution’s mission, currently working with faculty from other programs in areas that include cyber-security, natural language processing, music, and data science.

Applicants from all areas of computer science are welcome to apply. However, specific areas of research interest include: (1) data science, with interest in interactive data analytics, big data systems and distributed systems, and database systems; (2) cyber-security, with experience building and deploying large-scale security solutions in the real world that focus on systems security, network security, privacy, cryptography, and formal methods; (3) artificial intelligence, with experience in machine learning research agendas, from statistical models to neural networks or research broadly applicable to language, robotics and imaging; and (4) bioinformatics and synthetic biology.

To obtain further information about research at NYU Abu Dhabi, visit http://nyuad.nyu.edu/en/research/faculty-research.html

To be considered, applicants should submit a complete curriculum vitae, statements of teaching and research interests that should not exceed three pages each, and no more than three representative publications. Applicants should also arrange for the submission of three letters of reference on their behalf, in PDF format. For full consideration, complete applications must be received by November 15, 2018.

To apply visit https://apply.interfolio.com/52873

If you have any questions, please e-mail nyuad.science (at) nyu.edu

Appointments can begin as soon as September 1, 2019, but later start dates are possible.

The University is an equal opportunity employer committed to equity, diversity and social inclusion.

Closing date for applications: 15 November 2018

Contact: Tasso Feldman

More information: https://apply.interfolio.com/52873

We are hiring two postdocs to work on (acoustic) side channels, automotive security or cybercrime at Linköping University, Sweden.

Candidates with solid backgrounds in security or applied crypto are welcome to apply.

PI google scholar profile: https://scholar.google.com/citations?hl=en&user=rYhiAEUAAAAJ&view_op=list_works&sortby=pubdate

Closing date for applications: 10 December 2018

Contact: Prof Jeff Yan (jeff.yan (at) liu.se)

We give the first practical instance – BISON – of the Whitened Swap-Or-Not construction. After clarifying inherent limitations of the construction, we point out that this way of building block ciphers allows easy and very strong arguments against differential attacks.

In a (t_1,...,t_l)-multi-secret sharing scheme (MSSS), l independent secrets s_1,...,s_l are shared with n parties in such a way that at least t_i parties are required to recover the secret s_i (while s_i remains hidden with fewer shares). We consider the problem of minimizing the share size of MSSS in the challenging setting when there are many secrets to be shared among many parties. To circumvent the information-theoretic lower bound (e.g., Blundo [4]), we focus on the computational setting. A simple generalization of computational secret sharing (Krawczyk [17]) to multi-secret sharing yields a scheme with share size/overhead scaling linearly in l, the total number of secrets. To beat this linear scaling, we consider constructing MSSS based on a related notion of encryption|dynamic threshold public key encryption (DTPKE)|that enables a sender to dynamically specify a threshold for each ciphertext. None of the existing DTPKE is well-suited for our purpose. Thus, we propose a new construction of a dynamic threshold public key encryption scheme with improved efficiency characteristics. We then give a recursive application of our construction that yields an efficient MSSS with share size only logarithmic in the number of secrets (thuseffectively O(log l) as in the common cases, where l and n are polynomially related). Finally, we describe an application of our space efficient (1,2,...,n-1)-MSSS to a special tool called gradual verifiable secret sharing which is the fundamental building block for general multiparty computation (MPC) with n players that provides fairness without honest majority.

Lattice based cryptography is one of the leading candidates of the post quantum cryptography. A major obstacle of deployment, though, is that its payload is relatively larger than the classical solutions, such as elliptic curve Diffie-Hellman. In this paper, we investigate the approach of reducing the key size and ciphertext size by decreasing the size of the modulus, and propose the first instantiation to the family of ring learning with error based solutions where the modulus is at a byte level. The main technical contributions of this paper are around the implementation side of the algorithms. With the use of large-block error correction code, we are able to propose parameter sets with small moduli while achieving a negligible decryption error rate. We investigate best known attacks, and give a concrete security estimation of the proposed parameter sets. Since our parameter sets are no longer compatible with number theoretic transform (NTT), we also present optimizations for ring multiplications. As a result, our scheme is more compact and nearly as efficient as popular solutions in this domain, such as NewHope and Kyber.

The Mathematical Institute proposes to appoint an Associate Professor (or Professor) of Mathematical Cryptography from 1 October 2019 or as soon as possible thereafter. The successful candidate will be appointed to a Tutorial Fellowship at Lincoln College, under arrangements described in the job description.

The combined University and College salary scale has a minimum point of £47,263 per annum. In addition the College pays substantial additional benefits, including a housing allowance of £9,316 p.a. (or single accommodation if available); access to housing loan scheme (upon successful application); membership of a medical insurance scheme; and other allowances including tutor’s allowance of £3,000 p.a. An additional allowance of £2,754 p.a. would be payable upon award of Full Professor title.

The main duties of the post are to carry out, disseminate the results of, obtain funding for, and supervise research at a high international standard in mathematical cryptography, to teach a range of topics in mathematics via lectures, classes and tutorials, and to perform administrative and pastoral functions associated with teaching and research.

The successful candidate will have a PhD in mathematics or a closely related subject and will demonstrate the ability to carry out high-quality independent research at an international level in mathematical cryptography, broadly conceived but firmly rooted in advanced mathematics, along with the ability to teach effectively across a range of topics in mathematics. The duties and responsibilities of the post are set out in the job description.

Applications are particularly welcome from women and black and minority ethnic candidates, who are under-represented in academic posts in Oxford. The University is committed to equality and valuing diversity.

The department was awarded an Athena SWAN Silver Award in 2017 in recognition of its commitment to addressing gender inequalities, to tackling the unequal representation of women in science, and to improving career progression for female academics.

Closing date for applications: 19 November 2018

Contact: The Recruitment Administrator (email: vacancies (at) maths.ox.ac.uk; telephone: +44 (0) 1865 273518)

More information: https://www.maths.ox.ac.uk/node/30043

The post-doc will work in the Prosecco project (http://prosecco.inria.fr) of INRIA Paris (https://www.inria.fr/en/centre/paris).

He/she will work on improvements and extensions of CryptoVerif (http://cryptoverif.inria.fr). CryptoVerif is a computational security protocol verifier that generates proofs by sequences of games, like proofs manually written by cryptographers. It is implemented in OCaml.

Possible directions among which he/she will be able to choose include:

• new game transformations.

• reduce the size of games.

• specialized prover to simplify random oracle calls, based on indifferentiability lemmas.

• deal with mutable state and loops.

• improve the compatibility with the symbolic protocol verifier ProVerif (http://proverif.inria.fr).

• interface with EasyCrypt (https://www.easycrypt.info/), to delegate parts of proofs to EasyCrypt, in collaboration with some EasyCrypt authors (Pierre-Yves Strub, Benjamin Grégoire, Clément Sartori).

His/her own ideas of research directions will also be most welcome. His/her work will be both theoretical (design, soundness proofs) and practical (implementation, tests). He/she will publish his/her work in high quality computer science conferences. He/she will collaborate with members working on CryptoVerif (Bruno Blanchet, Benjamin Lipp, Karthikeyan Bhargavan).

We will also consider applications of research engineers; the engineer would focus on the implementation part.

• Required expertise:

  • knowledge in cryptography and/or in formal methods: program semantics, static analysis, program transformations

  • knowledge of OCaml (object part not required)

  • fluency in English

  • PhD in computer science

• Duration: initial contract 1 year, possibility of extensions.

• Start: beginning of 2019 (2 months hiring delay).

• Please send detailed curriculum vitae, motivation letter, and references to Bruno Blanchet, bruno.blanchet (at) inria.fr

Closing date for applications: 21 December 2018

Contact: Bruno Blanchet, bruno.blanchet (at) inria.fr

More information: http://prosecco.inria.fr/personal/bblanche/postdoc.html

The AriC team at ENS de Lyon is seeking to recruit one or several post-docs in the area of cryptography. One position is available now, and another is likely.

The post-doc will work with the cryptography researchers of ENS de Lyon. Topics covered by the group cover: protocols, functional encryption, foundations of lattice-based cryptography, lattice algorithms, cryptanalysis, pseudo-random functions.

Applicants should have already completed a PhD in a relevant area (or be very near PhD completion). They should have an outstanding research track record in cryptography or a relevant area (typically results published in top tier venues). They should demonstrate scientific creativity and research independence.

This is a full-time, fixed-term position based in Lyon. Duration is negotiable. Salary can be adapted based on experience.

Applications should be sent by email to benoit[dot]libert[at]ens-lyon[dot]fr, alain[dot]passelegue[at]ens-lyon[dot]fr, damien[dot]stehle[at]gmail[dot]com, fabien[dot]laguillaumie[at]ens-lyon[dot]fr. They should include a CV, a list of publications (with the top 3 ones highlighted) and contact information of two persons who are willing to give references.

Closing date for applications: 1 February 2019

IOHK is looking for a talented, specialized cryptographic engineer to join our growing in-house cryptography team. You’ll be responsible for cryptographic implementations and their use.

You will have a good understanding of cryptography (e.g. mathematics, information theory, primitives, implementations) and the ability to deliver working implementation related to these domains. The ideal candidate should understand and follow best engineering processes and practices and should demonstrate a working knowledge of a functional programming language (preference is for Haskell), and system languages (preferably Rust or C).

Skills & Requirements:

Skills and Knowledge – - A solid understanding of cryptography: basic theory & use. System programming experience. Ability to translate specifications (e.g. cryptography research papers, RFCs) into working code. Know when and how to use basic cryptographic primitives. Can reason about complex & abstract problems

Completion of a relevant degree such as Computer Science, Software Engineering, Mathematics or a related technical discipline.

Responsibilities - Read & review cryptographic research papers and implement them as a prototype. Improve existing implementations of common cryptographic primitives and/or interface/translate them to a different programming language. Transform prototypes into production level projects. Interact and coordinate with research, engineering and product management teams

Desired competencies - We are particularly interested in at least one of them having the following profile: Familiarity and/or experience with privacy enhancing cryptographic technologies, e.g., zero-knowledge proofs and/or SNARKs, multi-party computation, and differential privacy. Functional programming experience (Preferably Scala or Haskell)

Closing date for applications: 30 November 2018

Contact: david.rountree (at) iohk.io

More information: https://iohk.io/careers/#op-286193-specialized-cryptography-engineer-

The School of Electrical Engineering and Computer Science at Oregon State University invites applications for two or more full-time, nine-month, tenure-track faculty positions in any area of cybersecurity including but not limited to systems security (operating systems, distributed systems, networked systems, embedded systems, real-time systems, cyber-physical systems, and energy delivery systems), hardware security, software security, privacy, cryptography and usable security. Appointment will start in Fall 2019 and is anticipated at the Assistant Professor rank, but candidates with exceptional qualifications may be considered for appointment at the rank of Associate or Full Professor. Applicants must hold a Ph.D. degree in Computer Science, Electrical and Computer Engineering, or closely related discipline by employment start date, and should demonstrate a strong commitment and capacity to initiate new funded research as well as to expand, complement, and collaborate with existing research programs in the OSU College of Engineering and beyond. Furthermore, applicants should demonstrate a strong commitment to undergraduate and graduate teaching, including developing new courses related to their research expertise. Duties include teaching, research, and service.

Oregon State University is located in Corvallis, at the heart of Oregon’s Willamette Valley and close to Portland’s Silicon Forest with numerous collaboration opportunities. The School of EECS has 60 tenured/tenure-track faculty members and 425 graduate students (206 Ph.D. students). Among the faculty, we have one member of the National Academy of Engineering, 18 professional society (IEEE and ACM) fellows, and 25 Young Investigator/CAREER Award recipients. Many faculty members of the School of EECS are also active participants of the recently established Collaborative Robotics and Intelligent Systems (CoRIS) Institute.

We are an Affirmative Action/Equal Opportunity employer.

Closing date for applications: 1 December 2018

Contact: Apply online at https://jobs.oregonstate.edu/postings/67888 (posting #P02523UF) with the following documents: A letter of interest; vita; a two-page statement of research interests; a one-page statement of teaching interests; a one-page statement on efforts towards equity and inclusion; and names and contact information for at least three references

More information: https://jobs.oregonstate.edu/postings/67888

Event date: 18 February to 21 February 2019
Submission deadline: 10 January 2019

Efficient scalar multiplication algorithms require a single finite field inversion at the end to convert from projective to affine coordinates. This inversion consumes a significant proportion of the total time. The present work makes a comprehensive study of inversion over Mersenne and pseudo-Mersenne prime order fields. Inversion algorithms for such primes are based on exponentiation which in turn requires efficient algorithms for multiplication, squaring and modulo reduction. From a theoretical point of view, we present a number of algorithms for multiplication/squaring and reduction leading to a number of different inversion algorithms which are appropriate for different settings. Our algorithms collect together and generalise ideas which are scattered across various papers and codes. At the same time, they also introduce new ideas to improve upon existing works. A key theoretical feature of our work, which is not present in previous works, is that we provide formal statements and detailed proofs of correctness of the different reduction algorithms that we describe. On the implementation aspect, a total of twenty primes are considered, covering all previously proposed cryptographically relevant (pseudo-)Mersenne prime order fields at various security levels. For each of these fields, we provide 64-bit assembly implementations of all the relevant inversion algorithms for a wide range of Intel processors. We were able to find previous 64-bit implementations of inversion for six of the twenty primes considered in this work. On the Haswell, Skylake and Kabylake processors of Intel, for all the six primes where previous implementations are available, our implementations outperform such previous implementations. The assembly codes that we have developed are publicly available and can be used as a plug-in to replace the inversion routines in existing softwares for scalar multiplication.

Masking is the best-researched countermeasure against side-channel analysis attacks. Even though masking was invented almost 20 years ago, research on the efficient implementation of masking continues to be an active research topic. Many of the existing works focus on the reduction of randomness requirements since the production of fresh random bits with high entropy is very costly in practice. Most of these works rely on the assumption that only so-called online randomness results in additional costs. In practice, however, it shows that the distinction between randomness costs to produce the initial masking and the randomness to maintain security during computation (online) is not meaningful. In this work, we thus study the question of minimum randomness requirements for first-order Boolean masking when taking the costs for initial randomness into account. We demonstrate that first-order masking can always be performed by just using two fresh random bits and without requiring online randomness. We first show that two random bits are enough to mask linear transformations and then discuss prerequisites under which nonlinear transformations are securely performed likewise. Subsequently, we introduce a new masked AND gate that fulfills these requirements which form the basis for our synthesis tool that automatically transforms an unmasked circuit into a first-order secure masked circuit. We demonstrate the feasibility of this approach by implementing an AES circuit with only two bits of randomness.

ECDSA is a standardized signing algorithm that is widely used in TLS, code signing, cryptocurrency and more. Due to its importance, the problem of securely computing ECDSA in a distributed manner (known as threshold signing) has received considerable interest. However, despite this interest, there is still no full threshold solution for more than 2 parties (meaning that any $t$-out-of-$n$ parties can sign, security is preserved for any $t-1$ or fewer corrupted parties, and $t\leq n$ can be any value thus supporting an honest minority) that has practical key distribution. This is due to the fact that all previous solutions for this utilize Paillier homomorphic encryption, and efficient distributed Paillier key generation for more than two parties is not known.

In this paper, we present the first truly practical full threshold ECDSA signing protocol that has both fast signing and fast key distribution. This solves a years-old open problem, and opens the door to practical uses of threshold ECDSA signing that are in demand today. One of these applications is the construction of secure cryptocurrency wallets (where key shares are spread over multiple devices and so are hard to steal) and cryptocurrency custody solutions (where large sums of invested cryptocurrency are strongly protected by splitting the key between a bank/financial institution, the customer who owns the currency, and possibly a third-party trustee, in multiple shares at each). There is growing practical interest in such solutions, but prior to our work these could not be deployed today due to the need for distributed key generation.

The hardness of decoding random linear codes with errors is a complexity-theoretic assumption with broad applications to cryptography. In contrast, Reed-Solomon codes permit efficient decoding in many representations. Despite this, a result of Peikert (TCC 2006) proves that in groups where discrete log is hard it is difficult to perform Reed-Solomon error correction if each symbol is written in the exponent. We bring these two lines of work together, examining hardness of decoding random linear codes in the exponent. Our main result is a pair of theorems that show hardness of decoding random linear codes in both the generic group model and the standard model. In the generic group model our analysis can be carried out for a quite general family of distributions for (the support of) the error terms. We show hardness of decoding as long as every subset of group elements (of size at least the dimension of the code) has an overwhelming probability of at least one random error. This family includes error distributions whose symbols are correlated. Our results in the standard model show hardness of decoding random linear codes with a uniform input point. These results improve on a result of Peikert (TCC 2006) who considered the problem for Reed-Solomon codes. We explore two applications of these results. First, we construct a reusable fuzzy extractor with storage independent of the number of errors to be corrected. This construction unifies the strengths of two prior constructions (Fuller, Meng, and Reyzin, Asiacrypt 2013) and (Canetti et al., Eurocrypt 2016). Second, we show how to build virtual black-box obfuscation for a class of functionality known as pattern matching. Recently, Bishop et al. (Crypto 2018) constructed a scheme based on codes in the exponent and showed security for uniform inputs. We show the same construction is secure for more distributions. The security arguments of both applications rely on distributions drawn from some physical process which are best modeled by distributions with correlated bits.

We present two new protocols:

(1) A succinct publicly verifiable non-interactive argument system for logspace-uniform $\mathsf{NC}$ computations, under the assumption that any one of a broad class of fully homomorphic encryption (FHE) schemes has almost optimal security against polynomial-time adversaries. The class includes all FHE schemes in the literature that are based on the learning with errors (LWE) problem.

(2) A non-interactive zero-knowledge argument system for $\mathsf{NP}$ in the common random string model, assuming almost optimal hardness of search-LWE against polytime adversaries.

Both results are obtained by applying the Fiat-Shamir transform with explicit, efficiently computable functions (specifically, correlation intractable functions) to certain classes of interactive proofs. We improve over prior work by reducing the security of these protocols to qualitatively weaker computational hardness assumptions. Along the way, we also show that the Fiat-Shamir transform can be soundly applied (in the plain model) to a richer class of protocols than was previously known.

\emph{Secure Report} is the problem of retrieving from a database table (e.g. on the cloud) all records matching specified attributes, as in SQL SELECT queries, but where the query and possibly the database are encrypted. Here, only the client has the secret key, but still the server (e.g. cloud owner) can compute and return the encrypted result. Secure report is theoretically possible with Fully Homomorphic Encryption (FHE). However, the current state-of-the-art solutions are realized by a polynomial of degree that is at least linear in the number $m$ of records, which is too slow in practice even for very small databases. Nevertheless, in this work we present the first algorithm for secure report that is realized by a polynomial of degree polynomial in $\log m$, as well as the first implementation of secure (FHE) report. This is by suggesting a novel paradigm that forges a link between cryptography and modern data summarization techniques known as core-sets, and sketches in particular. The key idea is to compute only a core-set of the desired report. Since the core-set is small, the client can quickly decode the desired report that the server computes after decrypting its core-set. We implemented our main reporting system including all its sub-routines in an open source library. This is the first implemented system that can answer such database queries under the strong secure notion of FHE. As our analysis promises, the experimental results show that we can run secure report queries on billions records compared to few thousands in previous FHE papers. We hope that our results and open code would lead to the first FHE database engine in the near future.