International Association
for Cryptologic Research

As part of the first recruitment round to the new Institute of Advanced Studies in Cyber Security and Conflict (SoCyETAL) and to support the growth plan of the Kent Interdisciplinary Research Centre in Cyber Security (KirCCS), the University of Kent in the UK is seeking to appoint 2 new Lecturers (Assistant Professors) in Cyber Security.

The University of Kent is one of only 17 Academic Centres of Excellence in Cyber Security Research (ACEs-CSR) in the UK, recognised by UK government. SoCyETAL will grow interdisciplinary research in areas such as international conflict, cyber influence and behaviour, cybercrime, cyber law, and financial technology, just to name a few. In addition to research, SoCyETAL will offer a number of interdisciplinary MSc programmes.

Applications are invited from candidates in any research area that can complement or enhance the existing research strengths of the KirCCS and the Cyber Security research group at the School of Computing, especially in the socio-technical security theme. Successful candidates will be made members of both KirCCS and SoCyETAL. SoCyETAL will have a dedicated physical space allowing researchers from different schools and disciplines to work together, and there will be dedicated PhD studentships for members of SoCyETAL.

We are particularly interested in candidates who have worked with researchers in social science disciplines including but not limited to Psychology, Law, Sociology, Business, and Economics. Candidates with research experience in Artificial Intelligence are welcome, especially if that research goes beyond pure technical issues into topics such as human behaviour, ethics, law, transparency, trust, fairness, and policy.

For more details and to apply for the posts, please visit the further information URL.

Closing date for applications: 10 April 2019

Contact: For informal queries, please contact Prof Shujun Li (S.J.Li (at) kent.ac.uk, http://www.hooklee.com/) and Prof Richard Jones (R.E.Jones (at) kent.ac.uk, https://www.cs.kent.ac.uk/people/staff/rej/).

More information: https://jobs.kent.ac.uk/STM1002

Multiple Postdoc Positions available in areas ranging from Malware and Attack Analysis, to Security Analysis of Machine Learning, 3D Object Model Analysis, and Image processing for Circuit Board analysis, at Nanyang Technological University

NTU and HP have announced the creation of a new HP-NTU Digital Manufacturing Corporate Lab located at NTU, representing an $84 million push towards industry transformation in the areas of digital manufacturing and 3D printing technologies.

Within this collaboration, we have several exciting research projects within HP Security Lab, based in Bristol, UK:

1. Malware and Attack Analysis

2. Security Analysis of Machine Learning

3. 3D Object Model Analysis

4. Image processing for Circuit Board analysis

There are multiple Postdoc positions available in each of the areas. The postdoc will work in the HP-NTU Digital Manufacturing Corporate Lab at Nanyang Technological University in Singapore. The position involves conducting basic research, developing tools, working as part of a large research team, traveling, and giving presentations. The working language is English.

Apart from specific requirement to the topic, general requirements for a candidate are:

- A PhD in Computer Science/Mathematics or related areas is required.

- Some of the positions (not all) will require a strong background in cybersecurity.

- Strong programming and algorithmic skills.

- An established research record.

Candidates must be experienced in one or more of the following areas:

- Malware and attack analysis

- Software testing and verification

- Machine Learning (Random Forests, Ensemble Learning, Deep Learning, Reinforcement Learning and other algorithms)

- 3D Object Modelling (matching, recognition, classification, analysis and computer graphics)

- 2D Image Analysis and pattern recognition

The term is currently one to three years starting immediately. The salary is 5.5k to 10k SGD per month with up to 3 month performance bonus. (Singapore Tax is around 5%)

Closing date for applications: 31 July 2019

Contact: Prof. Yang Liu at yangliu AT ntu.edu.sg

More information: http://www.ntu.edu.sg/home/yangliu

Physical Analysis and Cryptographic Engineering (PACE) lab and Symmetric and Lightweight Cryptography Lab (SYLLAB) from Nanyang Technological University (NTU), Singapore, are seeking a skilled and motivated PhD candidate to explore the potential of machine learning in the field of side-channel attacks and cryptanalysis in general. Candidates are expected to have a strong background in either cryptography or side-channel attacks or machine learning.

Interested applicants are encouraged to send their detailed CV and cover letter to Shivam Bhasin (sbhasin at ntu.edu.sg) and Prof. Thomas Peyrin (thomas.peyrin at ntu.edu.sg).

Deadline: end of April 2019 (but preferably before the 4th of April 2019)

Closing date for applications: 1 May 2019

At Purdue University, we are looking for one or more outstanding post-doctoral researchers (or an extended visitor) working on topics at the intersection of applied cryptography, multi-party computation (MPC), and secure distributed systems. The researchers will have the exciting opportunity of working closely with our young and energetic team consisting of Jeremiah Blocki, Christina Garman, Aniket Kate, Hemanta K. Maji, and their Ph.D. students as they design and implement high-performance MPC and other distributed cryptographic libraries. There will be considerable freedom in actively shaping the research agenda and taking leadership roles within the project. This research position shall provide an ideal exposure to foundational research in cryptography as well as experience in implementing end-to-end cryptographic solutions that are real-world deployable.

The application must include a curriculum vitae, a short research statement, and names of (at least) two contacts who can provide a reference about the applicant and their work. The candidate should be able to demonstrate substantial expertise in cryptography/distributed systems illustrated in the form of publications at top crypto/security/systems venues. For full consideration, applications are expected by April 05, 2019. However, we shall accept applications until all the positions are filled. Applications may be submitted by email to crypto-postdoc (at) purdue.edu.

Closing date for applications: 5 April 2019

Contact:
Contact Email: crypto-postdoc (at) purdue.edu

Purdue Faculty Team

• Jeremiah Blocki
• Christina Garman
• Aniket Kate
• Hemanta K. Maji

Event date: 21 October to 23 October 2019
Submission deadline: 24 May 2019
Notification: 23 July 2019

The Information Security Research Group at UCL’s Computer Science Department invites applications for a post as Post-Doctoral Research Fellow in Privacy-Preserving Machine Learning.

We seek candidates with expertise and experience in both machine learning and information security. We expect the Post-Doctoral Research Fellow to lead cutting-edge research in this area, and more specifically, produce and present academic publications in top-tier conferences/journals, liaise with academic and industrial partners, and work with other researchers in the field.

UCL is one of the top-rated research institutions in the world, and currently the top recipient of Horizon 2020 funding in Europe. As of 2018, 30 Nobel Laureates and 3 Fields Medalists were UCL affiliates. UCL’s Computer Science Department is recognized as an Academic Centre of Excellence in Cyber Security Research by the National Cyber Security Centre. In the 2014 Research Excellence Framework (REF) evaluation, UCL was ranked first in the UK for Computer Science: 61% of its research submission are rated as world-leading and 96% as internationally excellent. For more information about our group, please visit http://sec.cs.ucl.ac.uk.

This post is funded for 24 months in the first instance.

Closing date for applications: 30 May 2019

Contact: Emiliano De Cristofaro, Head of Information Security Research, jobs (at) emilianodc.com

More information: http://bit.ly/ucl-privacyml-postdoc

The HKUST Computer Science and Engineering department invites applications for PhD students, Post-doctoral fellows, and short-term visiting interns in the topic of theory and applications of cryptography. Applicants should have a background/interest in the topics of: zero-knowledge arguments, secure multi-party computation, searchable encryption, oblivious algorithms, or homomorphic encryption.

PhD applicants should have a bachelor/master degree in computer science or engineering, information security, mathematics, or a relevant area. Excellent analytical and mathematical skills are necessary, as well as good organization skills and the ability to work independently. A strong background in coding and software engineering is a great plus for successful applicants.

Short-term internship positions are available for undergraduate and postgraduate students with an interest in the above topics.

HKUST offers competitive stipends and a creative environment that is ideal for excellent research. Our CSE department was ranked 14th in the world in 2018 by QS World University Rankings and our graduates consistently staff world-class institutions.

Interested applicants please send your CV and a short research statement to Prof. Dimitrios Papadopoulos.

Closing date for applications: 30 April 2019

Contact: dipapado (at) cse.ust.hk

Event date: 22 November to 24 November 2019
Submission deadline: 20 July 2019
Notification: 11 August 2019

The annual CHES conference highlights new results in the design and analysis of cryptographic hardware and embedded system implementations. CHES provides a valuable connection between the research and cryptographic engineering communities and attracts participants from industry, academia, and government organizations.

The program co-chairs welcome proposals for half-day tutorials at CHES 2019. The scope of topics include but are not limited to: cryptographic implementations, attacks against implementations and countermeasures, tools and methodologies for secure designs, security issues in the field including Internet-of-Things, Cyber-Physical Systems, etc. We will compensate the presenters of each accepted proposal with one complimentary registration to CHES 2019 and a fixed amount of stipend towards their travel costs (for multiple presenters, these will be split among them).

Please submit your single-page pdf proposal for a tutorial including title, speaker name, speaker affiliation, and abstract by Apr. 19th, 2019, 23:59 EST to CHES 2019 Program Co-chairs at ches2019@iacr.org. Accepted tutorials will be announced by May 10th, 2019.

Event date: 12 June to 15 June 2019
Submission deadline: 31 March 2019
Notification: 10 April 2019

Event date: 14 June to 16 June 2019
Submission deadline: 15 April 2019
Notification: 15 May 2019

We construct private-key and public-key functional encryption schemes secure against adversaries that corrupt an a-priori bounded number of users and obtain their functional keys, from minimal assumptions.

For a collusion bound of $Q=Q(\lambda)$ (where $\lambda$ is the security parameter), our public-key (resp. private-key) functional encryption scheme (a) supports the class of all polynomial-size circuits; (b) can be built solely from a vanilla public-key (resp. private-key) encryption scheme; and (c) has ciphertexts that grow linearly with the collusion bound $Q$. Previous constructions were sub-optimal with respect to one or more of the above properties. The first two of these properties are the best possible and any improvement in the third property, namely the ciphertext size dependence on the collusion bound $Q$, can be used to realize an indistinguishability obfuscation scheme.

In addition, our schemes are adaptively secure and make black-box use of the underlying cryptographic primitives.

Logical cryptanalysis, first introduced by Massacci in 2000, is a viable alternative to common algebraic cryptanalysis techniques over boolean fields. With XOR operations being at the core of many cryptographic problems, recent research in this area has focused on handling XOR clauses efficiently. In this paper, we investigate solving the point decomposition step of the index calculus method for prime degree extension fields $\mathbb{F}_{2^n}$, using SAT solving methods. We propose an original XOR-reasoning SAT solver, named WDSat, dedicated to this specific problem. While asymptotically solving the point decomposition problem with our method has exponential worst time complexity in the dimension $l$ of the vector space defining the factor base, experimental running times show that our solver is significantly faster than current algebraic methods based on Gröbner basis computation. For the values $l$ and $n$ considered in the experiments, WDSat was up to 300 times faster then MAGMA's F4 implementation, and this factor grows with $l$ and $n$. Our solver outperforms as well current best state-of-the-art SAT solvers for this specific problem.

We are proud to announce the winners of the 2019 IACR Test-of-Time Award. This award honors papers published at the 3 IACR flagship conferences 15 years ago which have had a lasting impact on the field.

The Test-of-Time award for Eurocrypt 2004 is awarded to "Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data" (Yevgeniy Dodis, Leonid Reyzin, Adam D. Smith), for introducing new techniques for entropy extraction from noisy data.

The Test-of-Time award for Crypto 2004 is awarded to "Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions" (Antoine Joux), for the development of an important attack on a widely-used class of collision resistant hash functions.

The Test-of-Time award for Asiacrypt 2004 is awarded to "How Far Can We Go Beyond Linear Cryptanalysis?" (Thomas Baignères, Pascal Junod, Serge Vaudenay), for introducing new techniques in linear cryptanalysis of block ciphers.

For more information, see https://www.iacr.org/testoftime.

Physical Unclonable Functions (PUFs) have the potential to provide a higher level of security for key storage than traditional Non-Volatile Memory (NVM). However, the susceptibility of the PUF primitives to non-invasive Side-Channel Analysis (SCA) is largely unexplored. While resistance to SCA was indicated for the Transient Effect Ring Oscillator (TERO) PUF, it was not backed by an actual assessment. To investigate the physical security of the TERO PUF, we first discuss and study the conceptual behavior of the PUF primitive to identify possible weaknesses. We support our claims by conducting an EM-analysis of a TERO design on an FPGA. When measuring TERO cells with an oscilloscope in the time domain, a Short Time Fourier Transform (STFT) based approach allows to extract the relevant information in the frequency domain. By applying this method we significantly reduce the entropy of the PUF. Our analysis shows the vulnerability of not only the originally suggested TERO PUF implementation but also the impact on TERO designs in general. We discuss enhancements of the design that potentially prevent the TERO PUF from exposing the secret and point out that regarding security the TERO PUF is similar to the more area-efficient Ring Oscillator PUF.

Event date: 22 July to 24 July 2019
Submission deadline: 30 April 2019
Notification: 21 May 2019

We present practical attacks on OCB2. This mode of operation of a blockcipher was designed with the aim to provide particularly efficient and provably-secure authenticated encryption services, and since its proposal about 15~years ago it belongs to the top performers in this realm. OCB2 was included in an ISO standard in 2009.

An internal building block of OCB2 is the tweakable blockcipher obtained by operating a regular blockcipher in XEX$^\ast$ mode. The latter provides security only when evaluated in accordance with certain technical restrictions that, as we note, are not always respected by OCB2. This leads to devastating attacks against OCB2's security promises: We develop a range of very practical attacks that, amongst others, demonstrate universal forgeries and full plaintext recovery. We complete our report with proposals for (provably) repairing OCB2. As a direct consequence of our findings, OCB2 was removed from ISO standards in 2019.

Our privacy attacks on OCB2 require an active adversary and are not applicable to the related schemes OCB1 and OCB3.

Transient execution attacks like Spectre, Meltdown and Foreshadow have shown that combinations of microarchitectural side-channels can be synergistically exploited to create side-channel leaks that are greater than the sum of their parts. While both hardware and software mitigations have been proposed against these attacks, provably security has remained elusive.

This paper introduces a formal methodology for enabling secure speculative execution on modern processors. We propose a new class of of information flow security properties called trace property-dependent observational determinism (TPOD). We use this class to formulate a secure speculation property. Our formulation precisely characterises all transient execution vulnerabilities. We demonstrate its applicability by verifying secure speculation for several illustrative programs.

Many constructions based on multilinear maps require independent slots in the plaintext, so that multiple computations can be performed in parallel over the slots. Such constructions are usually based on CLT13 multilinear maps, since CLT13 inherently provides a composite encoding space. However, a vulnerability was identified at Crypto 2014 by Gentry, Lewko and Waters, with a lattice-based attack in dimension 2, and the authors have suggested a simple countermeasure. In this paper, we identify an attack based on higher dimension lattice reduction that breaks the author’s countermeasure for a wide range of parameters. Combined with the Cheon et al. attack from Eurocrypt 2015, this leads to a total break of CLT13 multilinear maps with independent slots. We also show how to apply our attack against various constructions based on composite-order CLT13, such as [FRS17]. Finally, we suggest a set of secure parameters for CLT13 multilinear maps that prevents our attack.

Every known construction of general indistinguishability obfuscation ($\mathsf{i}\mathcal{O}$) is either based on a family of exponentially many assumptions, or is based on a single assumption -- e.g.~functional encryption ($\mathsf{FE}$) -- using a reduction that incurs an exponential loss in security. This seems to be an inherent limitation if we insist on providing indistinguishability for any pair of functionally equivalent circuits.

Recently, Liu and Zhandry (TCC 2017) introduced the notion of decomposable $\mathsf{i}\mathcal{O}$ ($\mathsf{d}\mathcal{O}$), which provides indistinguishability for a restricted class of functionally equivalent circuit pairs, and, as the authors show, can be constructed from polynomially secure $\mathsf{FE}$.

In this paper we propose a new notion of obfuscation, termed $\mathsf{radi}\mathcal{O}$ (repeated-subcircuit and decomposable obfuscation), which allows us to obfuscate a strictly larger class of circuit pairs using a polynomial reduction to $\mathsf{FE}$.

Our notion builds on the equivalence criterion of Liu and Zhandry, combining it with a new incomparable criterion to obtain a strictly larger class.