International Association
for Cryptologic Research

The sharing of biomedical data is crucial to enable scientific discoveries across institutions and improve health care. For example, genome-wide association studies (GWAS) based on a large number of samples can identify disease-causing genetic variants. The privacy concern, however, has become a major hurdle for data management and utilization. Homomorphic encryption is one of the most powerful cryptographic primitives which can address the privacy and security issues. It supports the computation on encrypted data so that we can aggregate data and perform an arbitrary computation on an untrusted cloud environment without the leakage of sensitive information.

This paper presents a secure outsourcing solution to assess logistic regression models for quantitative traits to test their associations with genotypes. We adapt the semi-parallel training method by Sikorska et al., which builds a logistic regression model for covariates, followed by one-step parallelizable regressions on all individual single nucleotide polymorphisms (SNPs). In addition, we modify our underlying approximate homomorphic encryption scheme for performance improvement.

We evaluate the performance of our solution through experiments on real-world dataset. It achieves the best performance of homomorphic encryption system for GWAS analysis in terms of both complexity and accuracy. For example, given a dataset consisting of 245 samples, each of which has 10643 SNPs and 3 covariates, our algorithm takes about 41 seconds to perform logistic regression based genome wide association analysis over encryption. We demonstrate the feasibility and scalability of our solution.

In this note, we show that a strong notion of KDM security cannot be obtained by any encryption scheme in the auxiliary input setting, assuming Learning With Errors (LWE) and one-way permutations. The notion of security we deal with guarantees that for any (possibly inefficient) function $f$, it is computationally hard to distinguish between an encryption of 0s and an encryption of f(pk, z), where pk is the public key and z is the auxiliary input. Furthermore, we show that this holds even when restricted to bounded-length auxiliary input where z is much shorter than pk under the additional assumption that (non-leveled) fully homomorphic encryption exists.

Registration for Eurocrypt 2019 is now open; information can be found at https://eurocrypt.iacr.org/2019/registration.html. Prices will increase after April 15.

Eurocrypt will be held this year in Darmstadt, Germany from May 19-23, with affiliated events held on May 18-19.

While error correcting codes (ECC) have the potential to significantly reduce the failure probability of post-quantum schemes, they add an extra ECC decoding step to the algorithm. As this additional computation handles secret information, it is susceptible to side-channel attacks. We show that if no precaution is taken, it is possible to use timing information to distinguish between ciphertexts that result in an error before decoding and ciphertexts that do not contain errors, due to the variable execution time of the ECC decoding algorithm. We demonstrate that this information can be used to break the IND-CCA security of post-quantum secure schemes by presenting an attack on both the Ring-LWE scheme LAC and the Mersenne prime scheme Ramstake. This attack recovers the full secret key using a limited number of timed decryption queries. The attack is implemented on the reference and the optimized implementations of both submissions. It is able to retrieve LAC's secret for all security levels in under 2 hours using less than $2^{21}$ decryption queries and Ramstake's secret in under 2 minutes using approximately $2400$ decryption queries. The attack generalizes to other schemes with ECC's in which side-channel information about the presence of errors is leaked during decoding.

We study the relationship among public-key encryption (PKE) satisfying indistinguishability against chosen plaintext attacks (IND-CPA security), that against chosen ciphertext attacks (IND-CCA security), and trapdoor functions (TDF). Specifically, we aim at finding a unified approach and some additional requirement to realize IND-CCA secure PKE and TDF based on IND-CPA secure PKE, and show the following two main results.

As the first main result, we show how to achieve IND-CCA security via a weak form of key-dependent-message (KDM) security. More specifically, we construct an IND-CCA secure PKE scheme based on an IND-CPA secure PKE scheme and a secret-key encryption (SKE) scheme satisfying one-time KDM security with respect to projection functions (projection-KDM security). Projection functions are very simple functions with respect to which KDM security has been widely studied. Since the existence of projection-KDM secure PKE implies that of the above two building blocks, as a corollary of this result, we see that the existence of IND-CCA secure PKE is implied by that of projection-KDM secure PKE.

As the second main result, we extend the above construction of IND-CCA secure PKE into that of TDF by additionally requiring a mild requirement for each building block. Our TDF satisfies adaptive one-wayness. We can instantiate our TDF based on a wide variety of computational assumptions. Especially, we obtain the first TDF (with adaptive one-wayness) based on the sub-exponential hardness of constant-noise learning-parity-with-noise (LPN) problem.

Invasive or semi-invasive attacks require, of course, because of their nature, the removal of metal layers or at least the package de-capsulation of the chip. For many people - not expert in those sample preparation techniques - the simple access to the die surface and the observation of the chip structure after metal layers removal are the first obstacles to conduct an attack. In another direction, the development of embedded secure devices, sometime with very dense and complex assembly process, adds a new difficulty for an attacker to get a physical access to the silicon without intensive use of advanced soldering capabilities. This paper will deal with those two challenges: the first one is to provide an in-situ depackaging solution with limited ressources and then, the second one consists in finding the minimum mandatory tools required to perform chip delayering before metal layers imaging - or reverse engineering.

Forkciphers are a new kind of primitive proposed recently by Andreeva et al. for efficient encryption and authentication of small messages. They fork the middle state of a cipher and encrypt it twice under two smaller independent permutations. Thus, forkciphers produce two output blocks in one primitive call.

Andreeva et al. proposed ForkAES, a tweakable AES-based forkcipher that splits the state after five out of ten rounds. While their authenticated encrypted schemes were accompanied by proofs, the security discussion for ForkAES was not provided, and founded on existing results on the AES and KIASU-BC. Forkciphers provide a unique interface called reconstruction queries that use one ciphertext block as input and compute the respective other ciphertext block. Thus, they deserve a careful security analysis.

This work fosters the understanding of the security of ForkAES with three contributions: (1) We observe that security in reconstruction queries differs strongly from the existing results on the AES. This allows to attack nine out of ten rounds with differential, impossible-differential and yoyo attacks. (2) We observe that some forkcipher modes may lack the interface of reconstruction queries, so that attackers must use encryption queries. We show that nine rounds can still be attacked with rectangle and impossible-differential attacks. (3) We present forgery attacks on the AE modes proposed by Andreeva et al. with nine-round ForkAES.

Modern block ciphers are facing the threat of side-channel attacks by power leakage whose main target are the non-linear components known as S-boxes. A theoretical measure for the resistance of an S-box against this type of attacks is the confusion coefficient variance property. A higher value of this property represents a better theoretical resistance. In this work we use the leaders and followers meta-heuristic in order to achieve good confusion coefficient variance’s valued S-boxes.

We propose a general method for security evaluation of SNOW 2.0-like ciphers against correlation attacks that are built similarly to known attacks on SNOW 2.0. Unlike previously known methods, the method we propose is targeted at security proof and allows obtaining lower bounds for efficiency of attacks from the class under consideration directly using parameters of stream cipher components similarly to techniques for security proofs of block ciphers against linear cryptanalysis. The method proposed is based upon automata-theoretic approach to evaluation the imbalance of discrete functions. In particular, we obtain a matrix representation and upper bounds for imbalance of an arbitrary discrete function being realized by a sequence of finite automata. These results generalize a number of previously known statements on matrix (linear) representations for imbalance of functions having specified forms, and may be applied to security proofs for other stream ciphers against correlation attacks. Application of this method to SNOW 2.0 and Strumok ciphers shows that any of the considered correlation attacks on them over the field of the order 256 has an average time complexity not less than $2^{146.20}$ and $2^{249.40}$ respectively, and requires not less than $2^{142.77}$ and, respectively, $2^{249.38}$ keystream symbols.

Boolean functions used in some cryptosystems of stream ciphers should satisfy various criteria simultaneously to resist some known attacks. The fast algebraic attack (FAA) is feasible if one can find a nonzero function $g$ of low algebraic degree and a function $h$ of algebraic degree significantly lower than $n$ such that $f\cdot g=h$. Then one new cryptographic property fast algebraic immunity was proposed, which measures the ability of Boolean functions to resist FAAs. It is a great challenge to determine the exact values of the fast algebraic immunity of an infinite class of Boolean functions with optimal algebraic immunity. In this letter, we explore the exact fast algebraic immunity of two subclasses of the majority function.

A geometry is a measure of restraint over the allowed 0.5n(n-1) distances between a set of n points (e.g. the metric and topological spaces). So defined, geometries lead to associated algebra. The complexities of such algebras are used to build cryptographic primitives. We propose then to push geometries to the limit -- unbound geometries -- where any two points may be assigned an arbitrary distance value, which may reflect a planning process or a randomized assignment. Regarding these distances as a cryptographic key, one could use the resultant algebras to carry out cryptographic missions. We define the mathematical framework for this aim, then present a few cryptographic primitives. Most effective implementation is through the new technology for “rock of randomness” establishing random distances through 3D printed molecular compounds. Security is proportional to the size of the ‘rock’. We use the term SpaceFlip to collectively refer to the unbound geometry, its associated algebra and the cryptographic tools derived from it.

In ISO/IEC 20008-2, several anonymous digital signature schemes are specified. Among these, the scheme denoted as Mechanism 6, is the only plain group signature scheme that does not aim at providing additional functionalities. The Intel Enhanced Privacy Identification (EPID) scheme, which has many applications in connection with Intel Software Guard Extensions (Intel SGX), is in practice derived from Mechanism 6. In this paper, we firstly show that Mechanism 6 does not satisfy anonymity in the standard security model, i.e., the Bellare-Shi-Zhang model [CT-RSA 2005]. We then provide a detailed analysis of the security properties offered by Mechanism 6 and characterize the conditions under which its anonymity is preserved. Consequently, it is seen that Mechanism 6 is secure under the condition that the issuer, who generates user signing keys, does not join the attack. We also derive a simple patch for Mechanism 6 from the analysis.

In this paper, we describe an attack on RSA cryptosystem which is based on Euclid's algorithm. Given a public key $(n,e)$ with corresponding private key $d$ such that $e$ has the same order of magnitude as $n$ and one of the integers $k = (ed-1)/\phi(n)$ and $e-k$ has at most one-quarter as many bits as $e$, it computes the factorization of $n$ in deterministic time $O((\log n)^2)$ bit operations.

Event date: 8 January to 10 January 2020
Submission deadline: 1 September 2019
Notification: 1 November 2019

Event date: 22 August to 24 August 2019
Submission deadline: 31 May 2019
Notification: 21 June 2019

The School of Cyber Science and Engineering of Shanghai Jiao Tong University was founded in October 2000. It was the first school-level training base for high-level information security professionals in China and was jointly established by the Ministry of Education of China, the Ministry of Science and Technology of China, and the Shanghai Municipal People’s Government. In order to dock the international academic frontiers and national development strategies, the key research areas of school\'s planning include: 1) Theory of Cryptography and Algorithms, 2) Quantum Computing and Post-quantum Cryptography, 3) Software and System Security, 4) Hardware and Embedded System Security, 5) Security Architecture, 6) Information Content Security, 7) Artificial Intelligence Security, 8) Cloud Security and Big Data Privacy Protection, 9) Industrial Internet, Wireless Network and Internet of Things Security, 10) Blockchain and Financial Security.

The school now has 20 open positions on the cyberspace security including 1) tenured full professors, 2) tenure-track associate professors, 3) tenure-track assistants professors, 4) full-time research fellows and postdoctoral. Applicants should have (a) a doctoral degree in Computer Science, Electronic Engineering, Communication, Mathematics, Statistics, Physics closely related to cyberspace security; (b) an established track record in research and scholarship; (c) expertise in the abovementioned 10 strategic research areas; and (d) a demonstrated commitment to excellence in teaching. We sincerely invite academic talents engaged in research related to cyberspace security from both abroad and domestic to join us. The school will provide highly competitive remuneration packages, superior research conditions and high-quality graduate students. We will assist to apply for various national, provincial and ministerial level talent programs. The university will also assist on employment of spouses, schooling for children and medical care.

Please refer to the link: http://english.seiee.sjtu.edu.cn/english/info/14810.htm

Closing date for applications: 15 August 2019

Contact: Dawu GU, Professor/Head of School of the CSE

Email: dwgu (at) sjtu.edu.cn

Identiq is introducing a new paradigm in the Identity verification market, offering strong identity verification, while preserving privacy and meeting strict regulation, such as GDPR. It is set to take over this market, and capture a significant market share in the near future.

The company is developing a unique solution, based on cryptographic protocols and multi-party computation techniques, which allows users to be validated without compromising their privacy.

The company was founded by Itay Levy, a serial entrepreneur with multiple exits in his past, Ido Shilon the general manager of Nielsen Exelate, and Uri Arad PayPal Israel’s Chief Technologist. The company closed its first financing round, with participation by strong Israeli and US investors.

Responsibilities

The job responsibilities include the design and analysis of cryptographic primitives and a full protocol involving multi-party-computation techniques, as well as bringing the protocol from design to implementation. You will be collaborating with our world-renown cryptography advisors and our top-tier technology teams. You will be inventing new encryption schemes, design computationally, and communication efficient protocols, and will be writing proofs of security and privacy under various adversary models.

This is a full-time position, reporting directly to the company’s head of research.

Qualifications

- Strong background in multi-party computation and homomorphic encryption

- Theoretical and applied experience in cryptographic protocols design

- Cryptographic protocol design and analysis

- M.Sc. in mathematics, computer science, or similar field, with specialization in cryptography and security. PhD an advantage

- Programming in C/C++/Java/C#/Go or similar languages

- Experience in protocol simulation and verification tools an advantage

Interested candidates should submit their resumes to jobs (at) identiq.com

Closing date for applications: 31 March 2019

In a joined project Telecom ParisTech and Telecom SudParis are proposing a 1 year renewable PostDoc on the topic hereunder.

Blockchain, security and privacy issues

The first 6 months consist in delivering a state of the art, plus refining on research objectives. Here are three examples of further specific topics:

A. Anonymization and micropayment channels

Such transactions appear only in a consolidated form in the blockchain. They can be managed by smart contracts, or payment providers, which have a privileged view on these transactions. A point of interest is anonymization and description of possible attacks on anonymity. A long term goal could be designing tools for monitoring and de-anonymisation.

B. Security analysis of the network layer of blockchain

The underlying network of can leak information on the identity of the users/participants. Such analysis was done on the Bitcoin network, but cannot be generalized. The research would consist in selecting another relevant example then analyzing in depth availability / performance / anonymization. Possible tools are tomography of networks, topology analysis or e.g. addresses links.

C. Fully anonymous blockchains

Contrary to Bitcoin [ACM18], Zcash and Monero enable fully anonymous paiments [OM18]. Ethereum on its side makes possible multiparty pooling of transactions [Meiklejohn & Mercer PETS18]. It could be interesting to quantify the practical usage and weaknesses of these tools [Usx18]. Getting used to monitoring tools will be usefull, as well as technological watch (including social media: reddit, discord, medium, telegram or blogs).

[ACM18] S. Meiklejohn and al. A Fistful of Bitcoins: Characterizing Payments Among Men with No Names. Communications ACM.

[OM18] C Orlandi and S Meiklejohn. QuisQuis: A New Design for Anonymous Cryptocurrencies.

[Usx18] G. Kappos and al. An Empirical Analysis of Anonymity in Zcash. 27th USENIX Security Symposium.

Closing date for applications: 31 August 2019

Contact: Please send your resume and/or questions to Gerard Memmi : gerard.memmi \'at\' telecom-paristech.fr

We are recruiting a project fellow/senior project fellow to work on applications of blockchain technology in ensuring food and drug safety.

Candidates are expected to have completed a PhD in computer science or a related discipline (in particular, candidates with a background from biotech or chemical engineering will also be considered); or with significant experience in applied research and knowledge transfer activities.

The appointee is expected to take charge of the development of the system. He/she will assume senior level of responsibility, including project management, supervising of project personnels, communicate with relevant academia staff members and meeting regularly with our industry partners.

The position is funded by the project titled \"Blockchain-Based Food and Drug Counterfeit Detection and Regulatory System\" funded by the Innovation and Technology Commission of Hong Kong.

Closing date for applications: 30 April 2019

Contact: Man Ho Allen Au

More information: http://www4.comp.polyu.edu.hk/~csallen

Applications are invited for a PhD fellowship at the Computer Science Department in the IT University of Copenhagen, Denmark. The PhD fellowship includes a salary and tuition for the duration of PhD studies, as well as access to the Danish public education and healthcare systems.

Project: Cryptographic Protocols for Scalable Privacy Preserving Blockchains

Current blockchain consensus protocols underpinning the security of cryptocurrencies and smart contracts suffer from a number of bottlenecks that severely limit the transaction throughput of such systems. Moreover, the few cryptocurrencies that offer strong privacy guarantees are not compatible with the current techniques for achieving higher throughputs. Besides scalability concerns, current privacy preserving cryptocurrencies and smart contracts are also incompatible with legal financial regulations since they do not allow for lawful audits.

The successful candidate will work on a project aiming at solving these issues by means of more efficient consensus protocols and multiparty computation techniques. We will investigate efficient cryptographic protocols for two main tasks: (1) scalable blockchain based consensus compatible with privacy preserving cryptocurrencies and (2) accountable privacy preserving cryptocurrency and smart contract systems that adhere to financial regulations. The research will be focused on developing new provably secure frameworks for building such protocols with high concrete efficiency.

This project will be carried out in cooperation with the Concordium Foundation.

Qualifications:

We are looking for motivated candidates with a background in discrete mathematics and/or theoretical computer science. Experience with distributed systems or cryptography will be considered an advantage. Candidates should have an MsC degree (or equivalent) or a BsC degree plus one year of Master level studies (equivalent to 4 years of studies).

Closing date for applications: 25 March 2019

Contact: Bernardo David, Associate Professor, beda (at) itu.dk

More information: https://candidate.hr-manager.net/ApplicationInit.aspx?cid=119&ProjectId=181022&DepartmentId=3439&MediaId=5