International Association
for Cryptologic Research

Distributed systems and Blockchain

Project description

We research and develop scalable, fault-tolerant and secure distributed and blockchain systems that drive a new generation of financial and digital transactions.

We are looking for highly motivated and enthusiastic software engineers and distributed systems researchers to join the Industry Platforms and Blockchain Group at IBM Research – Zurich. You will be expected to contribute to the architecture definition and implementation in our blockchain projects, notably their aspects pertaining to distributed systems. You will be able to directly contribute and make impact not only on IBM products, but also on the Hyperledger Fabric open source project. The researchers in the group have deep expertise and knowledge in scalable, fault-tolerant and secure distributed systems. Software to be developed will be included in critical production system and is expected to be of high quality, modularity, maintainability, scalability, and resilience.

Closing date for applications: 31 July 2019

Contact: Judith Blanc

HR Business Partner

Säumerstrasse 4

8803 Rüschlikon

Switzerland

jko (at) zurich.ibm.com

More information: https://www.zurich.ibm.com/careers/

DTU Compute’s Section for Cyber Security invites applications for appointment as a postdoctoral researcher within the area of symmetric cryptology. The position is available from 1 May 2019 or according to mutual agreement.

The aim of the new position is to expand the Section’s research in symmetric cryptology and align it with potential novel threats.

The research field of this new Postdoc position is within analysis and design of symmetric cryptographic algorithms, both basic primitives and modes of operation. Correspondingly, we aim to hire a postdoc with a track record in symmetric cryptography and cryptanalysis.

Responsibilities and tasks

The main tasks of the postdoc position are to analyze existing symmetric cryptographic primitives as well as to design and evaluate new primitives to address novel challenges. In this position, you will actively engage in our ongoing and prospective research activities on analysis and design of block ciphers, hash functions, authentication schemes and authentication encryption.

External stays are planned at our research partners in Europe.

Qualifications

Candidates should have a PhD degree (or equivalent) within mathematics, computer science or electric engineering with a focus on cryptology or a closely related field. If you are close to completing your PhD studies, your application will also be considered. You must have contributed with high-quality research to the area of cryptology or a closely related field.

Application procedure

Please submit your online application no later than 1 March 2019 (local time). Apply online at www.career.dtu.dk

Read the full job description at

https://www.dtu.dk/english/about/job-and-career/vacant-positions/job?id=1804831b-d132-4570-b6e6-46324b1a14c7

Closing date for applications: 1 March 2019

Contact: Further information can be obtained from Assoc. Prof. Andrey Bogdanov (anbog (at) dtu.dk). Please do not send applications to this e-mail address.

More information: https://www.dtu.dk/english/about/job-and-career/vacant-positions/job?id=1804831b-d132-4570-b6e6-46324b1a14c7

Applications are invited for PhD studentships in areas such as: (1) Post-quantum cryptography; (2) Physical attacks of IoT devices; (3) Privacy-aware cybercrime tracking; (4) Edge-based solutions to IoT attacks; (5) Activity Recognition in Social Media videos; (5) Defending ML-based Network Security Systems from Adversarial Attacks.

Students will be based in the Centre for Secure Information Technology (CSIT), Queens University Belfast. CSIT is recognised by the UK National Cyber Security Centre as an Academic Centre of Excellence (ACE) in Cyber Security Research. It is also host to the UK Research Institute in Secure Hardware and Embedded Systems (RISE).

ACADEMIC REQUIREMENTS:

A minimum 2.1 honours degree or equivalent in Computer Science, Electrical and Electronic Engineering, Mathematics or closely related discipline is required.

Available to eligible UK and EU citizens only.

Applicants should apply electronically through the Queen’s online application portal at: https://dap.qub.ac.uk/portal/

Closing date for applications: 8 March 2019

Contact: Professor Maire O\'Neill,Email: m.oneill AT ecit.qub.ac.uk

More information: https://www.qub.ac.uk/csit/PhD-in-Cyber-Security-Centre-for-Doctoral-Training/PhDResearchProjects2019/

The work of the Protocol Engineering Groups and Systems R&D team spans all layers of the tech stack for the Ethereum blockchain. Our work covers both public chain and enterprise, including crypto-economics, consensus, networking, storage, cryptography and virtual machine operations. Some of the challenges we have been focusing on include scalability, privacy, permissioning, and robustness — and there are plenty of other areas we’d like to be working on.

The Role

We are seeking applied researchers from a variety of backgrounds who are able to think deeply and creatively about protocol-level blockchain challenges and translate that work into practical outputs for PegaSys, enterprises seeking to use Ethereum and the wider blockchain community.

The Profile We are Seeking

• Computer Science, Mathematics or Physics Master degree. PhD is a bonus.

• Strong familiarity with advanced computer science and mathematical concepts

• Expertise in using formal verification tools especially in the context of analysing distributed systems

• Capable of articulating theories and related proof in a language suitable for scientific publication. Track record of previous scientific publications is a bonus.

• Well versed in analysing existing code in a number of languages including Java, Go, Rust, etc.

• Capable of deep and creative thinking.

• Have a drive for excellence and quality

• Passionate about blockchain consensus protocol research and blockchain technology in general

• Previous experience either in leading small/medium teams or as member of well-functioning self-organising teams

• Willing collaborator: swift to seek support and advice; equally ready to give support and advice to others.

• Comfortable with working remotely, and will make progress without supervision while proactively keeping in contact with other remote collaborators.

Closing date for applications: 31 July 2019

Contact: Roberto Saltini

More information: https://consensys.net/open-roles/1522894/

The Research Group at Nanyang Technological University (NTU), Singapore, led by Prof. Anupam Chattopadhyay is seeking skilled and motivated PhD candidates to participate in an upcoming project focusing on System-on-Chip (SoC) security. The research team is currently funded by several large and strategic research grants in different domains ranging from microprocessor to system security. Interested applicants are encouraged send their detailed CV, cover letter and two letters of references to Prof. Anupam Chattopadhyay (anupam at ntu.edu.sg).

We are soliciting candidates to have an introductory knowledge in cryptography and strong background in digital/system design, including relevant experience in managing large-scale programming projects in C/C++/VHDL/Verilog. Candidates with prior industrial experience and familiarity with commercial processor architectures are preferred.

Review of applications starts immediately and will continue until the position is filled.

Closing date for applications:

PhD and Post-Doc Positions on Privacy Technologies at UCL

I have funding for 2-3 PhD studentships and 1 post-doctoral positions (24 months) in my group at UCL Computer Science to work on research problems at the intersection of privacy and machine learning.

For an overview of my work in this area, please visithttps://emilianodc.com/privacyML/

FUNDING

These positions are funded by a mix of industry grants, thanks to the generous support of Amazon, Cisco, Microsoft Research, and the UK Government.

UCL DOCTORAL TRAINING CENTRE IN CYBERSECURITY

Moreover, we have recently been awarded funding for a Doctoral Training Centre (DTC) in Cybersecurity (see https://epsrc.ukri.org/newsevents/news/seventy-five-centres-for-doctoral-training-announced-by-ukri-to-develop-the-skills-needed-for-uk-prosperity/) so *additional* positions will be funded through the centre.

Other researchers working on security and privacy at UCL include: Nicolas Courtois, George Danezis, Sarah Meiklejohn, Steven Murdoch, Angela Sasse, plus a couple more faculty that we are in the process of recruiting. The Centre will have a strongly interdisciplinary focus, and will involve colleagues in the Crime Science (e.g., Shane Johnson) and Public Policy (e.g., Madeline Carr).

DATES AND ELIGIBILITY

The PhD students will start in September/October 2019. Alas, some of the funding is limited to people who have lived in the UK for at least 3 years prior to the start of the PhD.

The post-doctoral research should start in the summer and have already completed their PhD or about to.

APPLICATION

For both the PhD and the post-doc positions, please send an email to jobs (at) emilianodc.com if you are interested.
For the PhD positions, you will also have to apply through http://www.cs.ucl.ac.uk/prospective_students/phd_programme/applying/ (even though the next deadline is April 17th, please apply ASAP).

 

Closing date for applications: 30 April 2019

Contact: Emiliano De Cristofaro, Associate Professor at UCL

jobs (at) emilianodc.com

More information: https://emilianodc.com/positions.html

Event date: 7 July 2019
Submission deadline: 15 February 2019
Notification: 10 April 2019

Event date: 25 August to 28 August 2019

Event date: 2 October to 4 October 2019
Submission deadline: 4 May 2019
Notification: 22 June 2019

Event date: 27 May to 29 May 2019

Anonymous credential (AC) schemes are protocols which allow for authentication of authorized users without compromising their privacy. Of particular interest are non-interactive anonymous credential (NIAC) schemes, where the authentication process only requires the user to send a single message that still conceals its identity. Unfortunately, all known NIAC schemes in the standard model require pairing based cryptography, which limits them to a restricted set of specific assumptions and requires expensive pairing computations. The notion of keyed-verification anonymous credential (KVAC) was introduced in (Chase et al., CCS'14) as an alternative to standard anonymous credential schemes allowing for more efficient instantiations; yet, making existing KVAC non-interactive either requires pairing-based cryptography, or the Fiat-Shamir heuristic.

In this work, we construct the first non-interactive keyed-verification anonymous credential (NIKVAC) system in the standard model, without pairings. Our scheme is efficient, attribute-based, supports multi-show unlinkability, and anonymity revocation. We achieve this by building upon a combination of algebraic \MAC with the recent designated-verifier non-interactive zero-knowledge (DVNIZK) proof of knowledge of (Couteau and Chaidos, Eurocrypt'18). Toward our goal of building NIKVAC, we revisit the security analysis of a MAC scheme introduced in (Chase et al., CCS'14), strengthening its guarantees, and we introduce the notion of oblivious non-interactive zero-knowledge proof system, where the prover can generate non-interactive proofs for statements that he cannot check by himself, having only a part of the corresponding witness, and where the proof can be checked efficiently given the missing part of the witness. We provide an efficient construction of an oblivious DVNIZK, building upon the specific properties of the DVNIZK proof system of (Couteau and Chaidos, Eurocrypt'18).

In this paper, we propose a Multi-Key Homomorphic Encryption (MKHE) which allows homomorphic evaluation of a binary gate (with bootstrapping) on ciphertexts encrypted under different keys. We generalize a low-latency homomorphic encryption scheme of Chillotti et al. (ASIACRYPT 2016) by exploiting a key-extension approach of Brakerski and Perlman (CRYPTO 2016).

All the prior works on MKHE were too inefficient to be used in practice. Our construction improved the performance in terms of both asymptotic and concrete complexity: the length of ciphertexts and the computational costs of a binary gate grow linearly and quadratically on the number of parties, respectively. Furthermore, our scheme is fully-dynamic so that no information about the involved parties needs to be known before the computation and the resulting ciphertext can be reused in further computation with newly joined parties.

To the best of our knowledge, this is the first work to implement an MKHE scheme. Our implementation takes about 0.15 (resp. 0.72) seconds to perform the gate bootstrapping when the number of involved parties is 2 (resp. 4).

Distributional collision resistance is a relaxation of collision resistance that only requires that it is hard to sample a collision (x,y) where x is uniformly random and y is uniformly random conditioned on colliding with x. The notion lies between one-wayness and collision resistance, but its exact power is still not well-understood. On one hand, distributional collision resistant hash functions cannot be built from one-way functions in a black-box way, which may suggest that they are stronger. On the other hand, so far, they have not yielded any applications beyond one-way functions.

Assuming distributional collision resistant hash functions, we construct constant-round statistically hiding commitment scheme. Such commitments are not known based on one-way functions and are impossible to obtain from one-way functions in a black-box way. Our construction relies on the reduction from inaccessible entropy generators to statistically hiding commitments by Haitner et al. (STOC '09). In the converse direction, we show that two-message statistically hiding commitments imply distributional collision resistance, thereby establishing a loose equivalence between the two notions.

A corollary of the first result is that constant-round statistically hiding commitments are implied by average-case hardness in the class SZK (which is known to imply distributional collision resistance). This implication seems to be folklore, but to the best of our knowledge has not been proven explicitly. We provide yet another proof of this implication, which is arguably more direct than the one going through distributional collision resistance.

A threshold signature scheme enables distributed signing among $n$ players such that any subgroup of size $t+1$ can sign, whereas any group with $t$ or fewer players cannot. While there exist previous threshold schemes for the ECDSA signature scheme, we present the first protocol that supports multiparty signatures for any $t \leq n$ with efficient, dealerless key generation. Our protocol is faster than previous solutions and significantly reduces the communication complexity as well. We prove our scheme secure against malicious adversaries with a dishonest majority. We implemented our protocol, demonstrating its efficiency and suitability to be deployed in practice.

Privacy and mutual authentication under corruption with temporary state disclosure are two significant requirements for real-life applications of RFID schemes. No RFID scheme is known so far to meet these two requirements. In this paper we propose two practical RFID schemes that fill this gap. The first one achieves destructive privacy, while the second one narrow destructive privacy, in Vaudenay's model with temporary state disclosure. Both of them provide mutual (reader-first) authentication. In order to achieve these privacy levels we use Physically Unclonable Functions (PUFs) to assure that the internal secret of the tag remains hidden against an adversary with invasive capabilities. Our first RFID scheme cannot be desynchronized for more than one step, while the second one avoids the use of random generators on tags. Detailed security and privacy proofs are provided.

Techniques for eliminating variables from a system of nonlinear equations are used to find solutions of the system. We discuss how these methods can be used to attack certain types of symmetric block ciphers, by solving sets of equations arising from known plain text attacks. The systems of equations corresponding to these block ciphers have the characteristics that the solution is determined by a small subset of the variables (i.e., the secret key), and also that it is known that there always exists at least one solution (again corresponding to the key which is actually used in the encryption). It turns out that some toy ciphers can be solved simpler than anticipated by this method, and that the method can take advantage of overdetermined systems.

In this paper, we continue the study of bit-parallel multiplier using a $n$-term Karatsuba algorithm (KA), recently introduced by Li et al. (IEEE Access 2018). Such a $n$-term KA is a generalization of the classic KA, which can multiply two $n$-term polynomials using $O(n^2/2)$ scalar multiplications. Based on this observation, Li et al. developed an efficient bit-parallel multiplier scheme for a new special class of irreducible trinomial $x^{m}+x^{k}+1, m=nk$. The lower bound of the space complexity of their proposal is about $O(\frac{m^2}{2}+m^{3/2})$. However, such a special type of trinomial does not always exist. In this contribution, we investigate the space and time complexity of Karatsuba multiplier for general trinomials, i.e., $x^m+x^k+1$ where $m>2k$. We use a new decomposition that $m=n\ell+r$, where $r<n, r<\ell$. Combined with shifted polynomial basis (SPB), a new approach other than Mastrovito approach is proposed to exploit the spatial correlation between different subexpressions. Explicit space and time complexity formulations are given to indicate the optimal choice of the decomposition. As a result, the optimal multiplier achieves nearly the same space complexity as $x^{m}+x^{k}+1, m=nk$, but it is suitable to more general trinomials. Meanwhile, its time complexity matches or is at most $1T_X$ higher than the similar KA multipliers, where $T_X$ is the delay of one 2-input XOR gate.

In this paper, we present an efficient method to compute arbitrary odd-degree isogenies on Edwards curves. By using the $w$-coordinate, we optimized the isogeny formula on Edwards curves by Moody \textit{et al}.. The state-of-the-art implementation of isogeny-based cryptosystems works entirely with Montgomery curves since they provide efficient isogeny computation and elliptic curve arithmetic. However, we demonstrated that the same computational costs of elliptic curve arithmetic and isogeny evaluation could be achieved by using the $w$-coordinate on Edwards curves, with additional benefit when computing isogenous curves. For $\ell$-degree isogeny where $\ell=2s+1$, our isogeny formula on Edwards curves outperforms Montgomery curves when $s \geq 2$. The result of our work opens the door for the usage of Edwards curves in isogeny-based cryptography, especially in CSIDH which requires higher degree isogenies.

In this paper, we present an optimized FPGA implementation of a novel, fast and highly parallelized NTT-based polynomial multiplier architecture, which proves to be effective as an accelerator for lattice-based homomorphic cryptographic schemes. As input-output (I/O) operations are as time-consuming as NTT operations during homomorphic computations in a host processor/accelerator setting, instead of achieving the fastest NTT implementation possible on the target FPGA, we focus on a balanced time performance between the NTT and I/O operations. Even with this goal, we achieved the fastest NTT implementation in literature, to the best of our knowledge. For proof of concept, we utilize our architecture in a framework for Fan-Vercauteren (FV) homomorphic encryption scheme, utilizing a hardware/software co-design approach, in which NTT operations are offloaded to the accelerator while the rest of operations in the FV scheme are executed in software running on an off-the-shelf desktop computer. Specifically, our framework is optimized to accelerate Simple Encrypted Arithmetic Library (SEAL), developed by the Cryptography Research Group at Microsoft Research, for the FV encryption scheme, where forward and inverse NTT operations are utilized extensively for large degree polynomial multiplications. The hardware part of the proposed framework targets XILINX VIRTEX-7 FPGA device, which communicates with its software part via a PCIe connection. Offloading forward/inverse NTT and coefficient multiplication operations on FPGA, taking into account the time expended on I/O operations, the proposed framework achieves almost x11 latency speedup for the offloaded operations compared to their pure software implementations. With careful pipelining, overlapping I/O operations with actual polynomial multiplication computations, and assuming one of the operands for the polynomial multiplication operation is already inside the FPGA (valid assumption for encrypt/decrypt operations for homomorphic applications), we achieved a throughput of almost 800k polynomial multiplications per second, for polynomials of degree 1024 with 32-bit coefficients.

Algebraic structure lies at the heart of much of Cryptomania as we know it. An interesting question is the following: instead of building (Cryptomania) primitives from concrete assumptions, can we build them from simple Minicrypt primitives endowed with additional algebraic structure? In this work, we affirmatively answer this question by adding algebraic structure to the following Minicrypt primitives:

• One-Way Function (OWF) • Weak Unpredictable Function (wUF) • Weak Pseudorandom Function (wPRF)

The algebraic structure that we consider is group homomorphism over the input/output spaces of these primitives. We also consider a “bounded” notion of homomorphism where the primitive only supports an a priori bounded number of homomorphic operations in order to capture lattice-based and other “noisy” assumptions. We show that these structured primitives can be used to construct many cryptographic protocols. In particular, we prove that:

• (Bounded) Homomorphic OWFs (HOWFs) imply collision-resistant hash functions, Schnorr-style signatures, and chameleon hash functions. • (Bounded) Input-Homomorphic weak UFs (IHwUFs) imply CPA-secure PKE, non-interactive key exchange, trapdoor functions, blind batch encryption (which implies anonymous IBE, KDM-secure and leakage-resilient PKE), CCA2 deterministic PKE, and hinting PRGs (which in turn imply transformation of CPA to CCA security for ABE/1-sided PE). • (Bounded) Input-Homomorphic weak PRFs (IHwPRFs) imply PIR, lossy trapdoor functions, OT and MPC (in the plain model).

In addition, we show how to realize any CDH/DDH-based protocol with certain properties in a generic manner using IHwUFs/IHwPRFs, and how to instantiate such a protocol from many concrete assumptions. We also consider primitives with substantially richer structure, namely Ring IHwPRFs and L-composable IHwPRFs. In particular, we show the following:

• Ring IHwPRFs with certain properties imply FHE. • 2-composable IHwPRFs imply (black-box) IBE, and $L$-composable IHwPRFs imply non-interactive $(L + 1)$-party key exchange.

Our framework allows us to categorize many cryptographic protocols based on which structured Minicrypt primitive implies them. In addition, it potentially makes showing the existence of many cryptosystems from novel assumptions substantially easier in the future.