International Association
for Cryptologic Research

Event date: 4 November to 6 November 2019

The Department of Computer Science at the University of Warwick is seeking to recruit an assistant professor in the broad areas of systems and security. Preferably the candidate should have expertise in at least one of the following: system security, applied cryptography, computational science and engineering, real-time and embedded systems. Candidates with interest and a track record in solving real-world problems and/or experience of working with industry are particularly encouraged to apply.

The Department is one of the UK’s most prominent and research-active Computer Science departments, and is an international leader in research and teaching. Ranked 2nd in the most recent Research Excellence Framework out of all UK departments in the CS subject, and ranked top in the 2018 National Student Survey within the Russell Group of research intensive UK universities, the Department is 3rd in the Times and Sunday Times Good University Guide 2019 league table for Computer Science.

Closing date for applications: 10 January 2019

Contact: Informal enquires can be addressed to Professor Ranko Lazic (R.S.Lazic (at) warwick.ac.uk), Professor Stephen Jarvis (Stephen.Jarvis (at) warwick.ac.uk), or Professor Feng Hao (Feng.Hao (at) warwick.ac.uk).

More information: https://atsv7.wcn.co.uk/search_engine/jobs.cgi?owner=5062452&ownertype=fair&jcode=1786691&vt_template=1457&adminview=1

The Computer Science & Engineering (CSE) Department at the University of Connecticut invites applications for the Synchrony-Financial Endowed Chair in Cybersecurity, a tenure-track faculty position at the associate or full professor level. The position has an expected start date of August 23, 2019. This position seeks to advance education and research in Computer Science with a particular emphasis in Cybersecurity or related specialties.

The successful candidate will be expected to develop and sustain an internationally-recognized and externally-funded research program in at least one established or emerging cybersecurity field. The position offers the successful candidate the Synchrony Financial Chair for Cybersecurity, an endowed chair in cybersecurity. The individual appointed to the Chair will be a nationally or internationally recognized researcher, scholar, and teacher, and will have made significant contributions to security fields.

The successful candidate must also share a deep commitment to effective instruction at the undergraduate and graduate levels, development of innovative courses and mentoring of students in research, outreach, and professional development. It is the expectation that the candidate will broaden participation among members of under-represented groups; demonstrate through their teaching, research, and/or public engagement the richness of diversity in the learning experience; integrate multicultural experiences into instructional methods and research tools; and provide leadership in developing pedagogical techniques designed to meet the needs of diverse learning styles and intellectual interests.

This is a full-time, 9-month, tenure track position. Employment is conditional upon the timely completion of an approved I-9 (Employment Eligibility Verification Form). Salary and rank will be commensurate with qualifications.

Closing date for applications: 21 March 2019

More information: https://academicjobsonline.org/ajo/jobs/12084

Applications are open for a PhD studentship looking at Post-Quantum Cryptography.

Research supervision

If successful, you will conduct your research under the supervision of the Chair of Cyber Security Professor Delaram Kahrobaei: https://sites.google.com/a/nyu.edu/delaram-kahrobaei/ at University of York.

Award funding

If successful, you will be supported for three years. Funding includes:

? £14,777 (2018/19 rate) per year stipend

? UK/EU tuition fees

? RTSG (training/consumables/travel) provision

Funding requirements

To be considered for this funding you must:

? meet the entrance requirements for a PhD in Computer Science

? be eligible to pay UK/EU fees

We will look favourably on applicants that can demonstrate knowledge of cryptography, algebra, quantum computation, and who have strong programming and mathematical skills.

Apply for this studentship

1. Apply to study

? You must apply online for a full-time PhD in Computer Science.

? You must quote the project title (Post-Quantum Cryptography Studentship) in your application.

? There is no need to write a full formal research proposal (2,000-3,000 words) in your application to study as this studentship is for a specific project.

2. Provide a personal statement. As part of your application please provide a personal statement of 500-1,000 words with your initial thoughts on the research topic.

Interviews are expected to take place within approximately 14 days of the closing date.

The studentship must begin as soon as possible.

Closing date for applications: 7 January 2019

Contact: Project enquiries

Professor Delaram Kahrobaei, Chair of Cyber Security (delaram.kahrobaei (at) york.ac.uk):

https://sites.google.com/a/nyu.edu/delaram-kahrobaei/

Application enquiries

cs-pg-admissions (at) york.ac.uk

More information: https://www.cs.york.ac.uk/postgraduate/research-degrees/phdstudentships/

The University of Bristol’s Department of Computer Science is seeking to recruit up to two faculty members at the Lecturer, Senior Lecturer, or Reader level in the field of Cryptography. These positions are similar to (tenured) Assistant/ Associate Professor positions in North America and are on full-time, open-ended contracts.

The University of Bristol is a UK Academic Centre of Excellence in Cyber Security Research. The successful candidates will be expected to play a major role in strengthening and growing cryptography research and teaching at Bristol.

Our current expertise spans much of cryptography with emphasis on protocol-level security and secure implementations of cryptography (in particular, side-channel resistance, compiler techniques and microarchitectural support). Academics with expertise in any area of cryptography are encouraged to apply, and we are particularly interested in those specialising in

Symmetric-key cryptography

Post-quantum cryptography

High-assurance cryptography

Applicants with expertise that covers more than one of these areas and/or intersects with our existing strengths are also strongly encouraged.

The application should include:

a cover letter

your CV (including contact information for two references)

a one-page Research Statement detailing your research plans and their impact on the research profile of the Department; and

a one-page Teaching Statement detailing how you intend to contribute to teaching in the Department

The closing date to apply is 31st January 2019. Interviews are expected to take place in the first half of March 2019

Closing date for applications: 31 January 2019

Contact: Bogdan Warinschi (Professor of Computer Science, Department of Computer Science, csxbw (at) bristol.ac.uk) or

Seth Bullock (Head of Department, Department of Computer Science, bullock (at) bristol.ac.uk)

More information: https://bit.do/eCPzo

Event date: 7 July to 12 July 2019
Submission deadline: 15 January 2019
Notification: 3 April 2019

Event date: 5 June to 7 June 2019
Submission deadline: 30 March 2019
Notification: 30 April 2019

Event date: 18 May to 19 May 2019
Submission deadline: 2 February 2019
Notification: 1 April 2019

In this paper, we present a cryptanalysis of round reduced Keccak-384 for 2 rounds. The best known preimage attack for this variant of Keccak has the time complexity $2^{129}$. In our analysis, we find a preimage in the time complexity of $2^{89}$ and almost same memory is required.

In a recent work, Katz et al. (CANS'17) generalized the notion of Broadcast Encryption to define Subset Predicate Encryption (SPE) that emulates \emph{subset containment} predicate in the encrypted domain. They proposed two selective secure constructions of SPE in the small universe settings. Their first construction is based on $q$-type assumption while the second one is based on DBDH. % which can be converted to large universe using random oracle. Both achieve constant size secret key while the ciphertext size depends on the size of the privileged set. They also showed some black-box transformation of SPE to well-known primitives like WIBE and ABE to establish the richness of the SPE structure.

This work investigates the question of large universe realization of SPE scheme based on static assumption without random oracle. We propose two constructions both of which achieve constant size secret key. First construction $\mathsf{SPE}_1$, instantiated in composite order bilinear groups, achieves constant size ciphertext and is proven secure in a restricted version of selective security model under the subgroup decision assumption (SDP). Our main construction $\mathsf{SPE}_2$ is adaptive secure in the prime order bilinear group under the symmetric external Diffie-Hellman assumption (SXDH). Thus $\mathsf{SPE}_2$ is the first large universe instantiation of SPE to achieve adaptive security without random oracle. Both our constructions have efficient decryption function suggesting their practical applicability. Thus the primitives like WIBE and ABE resulting through black-box transformation of our constructions become more practical.

Adversary models have been integral to the design of provably-secure cryptographic schemes or protocols. However, their use in other computer science research disciplines is relatively limited, particularly in the case of applied security research (e.g., mobile app and vulnerability studies). In this study, we conduct a survey of prominent adversary models used in the seminal field of cryptography, and more recent mobile and Internet of Things (IoT) research. Motivated by the findings from the cryptography survey, we propose a classification scheme for common app-based adversaries used in mobile security research, and classify key papers using the proposed scheme. Finally, we discuss recent work involving adversary models in the contemporary research field of IoT. We contribute recommendations to aid researchers working in applied (IoT) security based upon our findings from the mobile and cryptography literature. The key recommendation is for authors to clearly define adversary goals, assumptions and capabilities.

We present batching techniques for cryptographic accumulators and vector commitments in groups of unknown order. Our techniques are tailored for decentralized settings where no trusted accumulator manager exists and updates to the accumulator are processed in batches. We develop techniques for non-interactively aggregating membership proofs that can be verified with a constant number of group operations. We also provide a constant sized batch non-membership proof for a large number of elements. These proofs can be used to build a positional vector commitment with constant sized openings and constant sized public parameters. As a core building block for our batching techniques we develop several succinct proofs for groups of unknown order. These include a proof that an exponentiation was done correctly and a zero-knowledge proof of knowledge of an integer discrete logarithm between two group elements. We use these new constructions to design a stateless blockchain, where nodes only need a constant storage. Further we show that our vector commitment can be used to significantly reduce the size of IOP instantiations, such as STARKs.

The division property proposed at Eurocrypt'15 is a novel technique to find integral distinguishers, which has been applied to most kinds of symmetric ciphers such as block ciphers, stream ciphers, and authenticated encryption,~\textit{etc}. The original division property is word-oriented, and later the bit-based one was proposed at FSE'16 to get better integral property, which is composed of conventional bit-based division property (two-subset division property) and bit-based division property using three subsets (three-subset division property). Three-subset division property has more potential to achieve better integral distinguishers compared with the two-subset division property. The bit-based division property could not be to apply to ciphers with large block sizes due to its unpractical complexity. At Asiacrypt'16, the two-subset division property was modeled using Mixed Integral Linear Programming (MILP) technique, and the limits of block sizes were eliminated. However, there is still no efficient method searching for three-subset division property. The propagation rule of the \texttt{XOR} operation for $\mathbb{L}$ \footnote{The definition of $\mathbb{L}$ and $\mathbb{K}$ is introduced in Section 2.}, which is a set used in the three-set division property but not in two-set one, requires to remove some specific vectors, and new vectors generated from $\mathbb{L}$ should be appended to $\mathbb{K}$ when \texttt{Key-XOR} operation is applied, both of which are difficult for common automatic tools such as MILP, SMT or CP. In this paper, we overcome one of the two challenges, concretely, we address the problem to add new vectors into $\mathbb{K}$ from $\mathbb{L}$ in an automatic search model. Moreover, we present a new model automatically searching for a variant three-subset division property (VTDP) with STP solver. The variant is weaker than the original three-subset division property (OTDP) but it is still powerful in some ciphers. Most importantly, this model has no constraints on the block size of target ciphers, which can also be applied to ARX and S-box based ciphers. As illustrations, some improved integral distinguishers have been achieved for SIMON32, SIMON32/48/64(102), SPECK32 and KATAN/KTANTAN32/48/64 according to the number of rounds or number of even/odd-parity bits.

Division property is a generalized integral property proposed by Todo at EUROCRYPT 2015, and then conventional bit-based division property (CBDP) and bit-based division property using three subsets (BDPT) were proposed by Todo and Morii at FSE 2016. The huge time and memory complexity that once restricted the applications of CBDP have been solved by Xiang et al. at ASIACRYPT 2016. They extended Mixed Integer Linear Programming (MILP) method to search integral distinguishers based on CBDP. BDPT can find more accurate integral distinguishers than CBDP, but it can not be modeled efficiently. Thus it cannot be applied to block ciphers with block size larger than 32 bits. In this paper, we focus on the feasibility of applying MILP-aided method to search integral distinguishers based on BDPT. We firstly study how to get the BDPT propagation rules of an S-box. Based on that we can efficiently describe the BDPT propagation of cipher which has S-box. Moreover, we propose a technique called ``fast propagation", which can translate BDPT into CBDP, then the balanced bits based on BDPT can be presented. Together with the propagation properties of BDPT, we can use MILP method based on CBDP to search integral distinguishers based on BDPT. In order to prove the efficiency of our method, we search integral distinguishers on SIMON, SIMECK, PRESENT, RECTANGLE, LBlock, and TWINE. For SIMON64, PRESENT, and RECTANGLE, we find more balanced bits than the previous longest distinguishers. For LBlock, we find a 17-round integral distinguisher which is one more round than the previous longest integral distinguisher, and a better 16-round integral distinguisher with less active bits can be obtain. For other ciphers, our results are in accordance with the previous longest distinguishers.

Large-scale quantum computing is a significant threat to classical public-key cryptography. In strong “quantum access” security models, numerous symmetric-key cryptosystems are also vulnerable. We consider classical encryption in a model which grants the adversary quantum oracle access to encryption and decryption, but where the latter is restricted to non-adaptive (i.e., pre-challenge) queries only. We define this model formally using appropriate notions of ciphertext indistinguishability and semantic security (which are equivalent by standard arguments) and call it QCCA1 in analogy to the classical CCA1 security model. Using a bound on quantum random-access codes, we show that the standard PRF- and PRP-based encryption schemes are QCCA1-secure when instantiated with quantum-secure primitives.

We then revisit standard IND-CPA-secure Learning with Errors (LWE) encryption and show that leaking just one quantum decryption query (and no other queries or leakage of any kind) allows the adversary to recover the full secret key with constant success probability. In the classical setting, by contrast, recovering the key uses a linear number of decryption queries, and this is optimal. The algorithm at the core of our attack is a (large-modulus version of) the well-known Bernstein-Vazirani algorithm. We emphasize that our results should not be interpreted as a weakness of these cryptosystems in their stated security setting (i.e., post-quantum chosen-plaintext secrecy). Rather, our results mean that, if these cryptosystems are exposed to chosen-ciphertext attacks (e.g., as a result of deployment in an inappropriate real-world setting) then quantum attacks are even more devastating than classical ones.

The blockchain technology represents a new paradigm to realize persistent distributed ledgers globally. While the blockchain technology is promising in a great number of fields, it can be abused to covertly store and disseminate potentially harmful digital content. Consequently, using blockchains as uncensored decentralized networks for arbitrary data distribution poses a serious regulatory issue. In this work, we show the severity of the problem by demonstrating a new technique that can be exploited to use the blockchain as a covert bulletin board to secretly store and distribute objectionable content. More specically, all major blockchain systems use randomized cryptographic primitives, such as digital signatures and non-interactive zero-knowledge proofs, and we illustrate how the uncontrolled randomness in such primitives can be maliciously manipulated to enable covert communication and hidden persistent storage. We also demonstrate how the same technique can be extended to launch subversion attacks on the wallets of most top-ranked cryptocurrencies, such as Bitcoin, Ethereum, Monero, etc. To clarify the potential risk of uncontrolled randomness, we design, implement and evaluate our technique against the widely-used ECDSA signature scheme, the CryptoNote's ring signature scheme, and Monero's ring condential transactions. Note that the signicance of the demonstrated attacks stems from their undetectability, their adverse effect on the future of decentralized blockchains, and their serious repercussions on users' privacy and crypto funds. Finally, besides presenting the attacks, we provide a discussion of current countermeasures and suggest some countermeasures to mitigate the threat of such attacks.

We are looking for a bright post-doctoral researcher focusing in theoretical cryptography and more precisely verifiable delegation of computation to work on a collaborative project on cloud-assisted computing.

The position is fully funded for 2 years. The post-doc will be hired at the department of Computer Science and Engineering at Chalmers and will be working under the supervision of Prof. Katerina Mitrokotsa. The preferred starting date is in April 2019.

To Apply use the online form at: https://goo.gl/HqgGqM

Closing date for applications: 5 January 2019

Contact: Katerina Mitrokotsa, Associate Professor, Chalmers University of Technology, Department of Computer Science and Engineering, Gothenburg, Sweden, aikmitr (at) chalmer.se

More information: http://www.chalmers.se/en/about-chalmers/Working-at-Chalmers/Vacancies/Pages/default.aspx?rmpage=job&rmjob=6985

Postdoc / Research Fellow position at Nanyang Technological University, Singapore

School of Physical and Mathematical Sciences at Nanyang Technological University (NTU), Singapore, and Temasek Labs@NTU is seeking candidates for one research fellow positions (from fresh post-doc to senior research fellow, flexible contract duration) in the areas of symmetric key cryptography and/or machine learning.

Salaries are competitive and are determined according to the successful applicants accomplishments, experience and qualifications. Interested applicants should send their detailed CVs, cover letter and references to Prof. Thomas Peyrin (thomas.peyrin (at) ntu.edu.sg).

Review of applications starts immediately and will continue until positions are filled.

Closing date for applications: 15 April 2019

Contact: thomas.peyrin (at) ntu.edu.sg

Lossy trapdoor functions (Peikert and Waters, STOC 2008 and SIAM J. Computing 2011) imply, via black-box transformations, a number of interesting cryptographic primitives, including chosen-ciphertext secure public-key encryption. Kiltz, O'Neill, and Smith (CRYPTO 2010) showed that the RSA trapdoor permutation is lossy under the Phi-hiding assumption, but syntactically it is not a lossy trapdoor function since it acts on Z_N and not on strings. Using a domain extension technique by Freeman et al. (PKC 2010 and J. Cryptology 2013) it can be extended to a lossy trapdoor permutation, but with considerably reduced lossiness.

In this work we give new constructions of lossy trapdoor permutations from the Phi-hiding assumption, the quadratic residuosity assumption, and the decisional composite residuosity assumption, all with improved lossiness. Furthermore, we propose the first all-but-one lossy trapdoor permutation from the Phi-hiding assumption. A technical vehicle used for achieving this is a novel transform that converts trapdoor functions with index-dependent domain into trapdoor functions with fixed domain.

With the fast development of quantum computation, code based cryptography arises public concern as a candidate of post quantum cryptography. However, the large key-size becomes a main drawback such that the code-based schemes seldom become practical although they performed pretty well on the speed of both encryption and decryption algorithm. Algebraic geometry codes was considered to be a good solution to reduce the size of keys, but because of its special construction, there have lots of attacks against them. In this paper, we propose a public key encryption scheme based on elliptic codes which can resist the known attacks. By using automorphism on the rational points of the elliptic curve, we construct quasi-cyclic elliptic codes, which reduce the key size further. We apply the list-decoding algorithm to decryption thus more errors beyond half of the minimum distance of the code could be correct, which is the key point to resist the known attacks for AG codes based cryptosystem.