International Association
for Cryptologic Research

Key exchange protocols in the asymmetric-key setting are known to provide stronger security properties than protocols in symmetric-key cryptography. In particular, they can provide perfect forward secrecy, as illustrated by key exchange protocols based on the Diffie-Hellman scheme. However public-key algorithms are too heavy for low-resource devices, which can then not benefit from forward secrecy. In this paper, we describe a scheme that solves this issue. Using a nifty resynchronisation technique, we propose an authenticated key exchange protocol in the symmetric-key setting that guarantees perfect forward secrecy. We prove that the protocol is sound, and provide a formal security proof.

We study protocols that rely on a public ledger infrastructure, concentrating on protocols for zero-knowledge contingent payment, whose security properties combine diverse notions of fairness and privacy. We argue that rigorous models are required for capturing the ledger semantics, the protocol-ledger interaction, the cryptographic primitives and, ultimately, the security properties one would like to achieve.

Our focus is on a particular level of abstraction, where network messages are represented by a term algebra, protocol execution by state transition systems (e.g. multiset rewrite rules) and where the properties of interest can be analyzed with automated verification tools. We propose models for: (1) the rules guiding the ledger execution, taking the coin functionality of public ledgers such as Bitcoin as an example; (2) the security properties expected from ledger-based zero-knowledge contingent payment protocols; (3) two different security protocols that aim at achieving these properties relying on different ledger infrastructures; (4) reductions that allow simpler term algebras for homomorphic cryptographic schemes.

Altogether, these models allow us to derive a first automated verification for ledger-based zero-knowledge contingent payment using the Tamarin prover. Furthermore, our models help in clarifying certain underlying assumptions, security and efficiency tradeoffs that should be taken into account when deploying protocols on the blockchain.

At the Computer Science Department at the University of Twente, we are looking for highly motivated and enthusiastic Assistant/Associate/Full Professors (f/m) in several domains.

In the Security & Privacy domain, we are particularly looking for someone in the areas of \"Big Data and Security\" (which considers both \"Big Data for Security\" and \"Security for Big Data\") and \"Security and the Internet of Things\" (broadly conceived).

For more information, please check the link provided below.

Closing date for applications: 25 May 2019

More information: https://www.utwente.nl/en/organization/careers/!/121825/assistantassociatefull-professors-in-computer-science

For a 3-year collaborative research project on automotive security, Lund University (Sweden) and Nanyang Technological University (Singapore) are seeking candidates for two postdoc/research fellow positions (from fresh post-doc to senior research fellow, flexible contract duration) in the areas of symmetric key cryptography and/or hardware implementations. One position is available for Lund University and one position is available for Nanyang Technological University.

Salaries are competitive and are determined according to the successful applicants accomplishments, experience and qualifications. Interested applicants should send their detailed CVs, cover letter and references to Prof. Thomas Johansson (thomas.johansson (at) eit.lth.se) and Prof. Thomas Peyrin (thomas.peyrin (at) ntu.edu.sg).

Review of applications starts immediately and will continue until positions are filled.

Closing date for applications: 15 October 2019

Contact: thomas.johansson (at) eit.lth.se and thomas.peyrin (at) ntu.edu.sg

Postdoctoral research fellow openings are immediately available in the School of Computer Science and Engineering (SCSE) at Nanyang Technological University (NTU) in Singapore. The postdoc will work with Assistant Professor Jun ZHAO (biography below) on one of the following topics:

1. Differential privacy with applications to deep learning, federated learning, or machine learning in general,

2. Local differential privacy,

3. Adversarial machine learning and security in AI systems,

4. Blockchains,

5. Other areas in AI security/privacy or IoT security/privacy.

Interested candidates can contact Jun Zhao via email at JunZhao (at) ntu.edu.sg?JunZhao (at) alumni.cmu.edu?via WeChat by scanning the QR code at http://www.ntu.edu.sg/home/JunZhao/wechat.png

via Skype at live:junzhaocmu, or by calling Singapore phone number +65 8648 3534 (the first two numbers 65 represent the area code of Singapore). Thanks.

Jun Zhao’s homepage: http://ntu.edu.sg/home/JunZhao/

Biography: Jun Zhao received a PhD degree in Electrical and Computer Engineering from Carnegie Mellon University (CMU) in the USA (advisors: Virgil Gligor, Osman Yagan), affiliating with CMU CyLab Security & Privacy Institute. He is currently an Assistant Professor at Nanyang Technological University (NTU) in Singapore. His research interests include blockchains, security, and privacy with applications to deep learning, the Internet of Things, and social networks.

Closing date for applications: 1 November 2019

Contact: Interested candidates can contact Jun Zhao via email at JunZhao (at) ntu.edu.sg?JunZhao (at) alumni.cmu.edu?via WeChat by scanning the QR code at http://www.ntu.edu.sg/home/JunZhao/wechat.png

via Skype at live:junzhaocmu, or by calling Singapore phone number +65 8648 3534 (the first two numbers 65 represent the area code of Singapore). Thanks.

More information: http://www.ntu.edu.sg/home/JunZhao/HirePostdoc.htm

Candidates interested to pursuing a PhD in security/cryptography are invited to apply for this PhD scholarship in the Department of Computer Science at the University of Warwick. This scholarship covers full Home/EU fees and a stipend payable at current UK Research Council rates for 3.5 years. Outstanding overseas students are also encouraged to apply. It\'s possible to cover the gap in the tuition fee for the overseas student if the student is really excellent.

The research topic falls under the general theme of security and cryptography. We are very flexible with the specific topic. Our previous research has been largely driven by tackling real-world security problems. Some of our research outputs have been adopted by the industry at a large scale and have had a significant societal impact. We expect the student to pursue a research topic that really matters in the real world and that matches their interest and background.

The Computer Science Department at Warwick is a leading department in the UK. In the 2014 Research Evaluation Framework (REF) which all UK universities participated in, Warwick computer science was ranked the 1st in terms of research output, 2nd in terms of impact and 2nd overall. It is also highly regarded for its research culture, informal environment, excellent students, and beautiful campus.

Ideally, candidates should have an excellent degree in computer science, engineering or related disciplines, solid mathematical background, excellent programming skills and a desire to tackle real-world problems.

For informal inquiries about this studentship, please contact Professor Feng Hao, feng.hao (at) warwick.ac.uk, enclosing a CV and a short description of your relevant background and interests within the research subject. Formal application of this PhD scholarship needs to be made online at the Warwick CS department website: https://warwick.ac.uk/fac/sci/dcs/admissions/postgraduateresearch/

Closing date for applications: 31 May 2019

Contact: feng.hao (at) warwick.ac.uk

More information: https://www.jobs.ac.uk/job/BRS537/phd-studentship-in-security

Fetch.AI is a world-changing project, a “decentralised digital world” where autonomous software agents act on the behalf of their owners, or themselves, to get useful economic work done.

We are a dynamic, fast-growing international team of experts and forward-thinking technology enthusiasts working on the convergence of blockchain, AI and multi-agent systems. We are building technology for both today and tomorrow - a collective super-intelligence on top of decentralized economic internet built with a highly scalable next-generation distributed ledger technology. Combined with machine learning, this delivers the predictions and infrastructure to power the future economy.

Do you like challenges and want to work on cutting edge state-of-the-art technology that will define how we will interact? Come and join us.

Job description

The role involves the design and implementation of cryptography techniques to build, maintain and enrich the functionalities of Fetch’s decentralised smart-ledger technology. Interested candidates will be provided with multiple opportunities to work at the intersection of Artificial Intelligence/Machine Learning and cryptography/security.

We are working at the cutting edge of cryptography, artificial intelligence, distributed computation and economics, and are therefore looking for people with a desire to create novel solutions for complex problems.

Responsibilities

You will be responsible for the timely delivery of varied projects within the Cryptography Team and wider Fetch.AI Teams

Skills and experience

A good mathematical background is essential

Software engineering skills in Python or C/C++, Linux, Git

A BSc/MSc in Cyber Security/Computer Science/Mathematics or a related field with previous exposure to programming with cryptography

Demonstrable skills in one or more of the following: systems security/protocol design/distributed computing

Proven track record of independently and successfully driving projects

Closing date for applications: 30 May 2019

Contact: David Wood

david.wood (at) fetch.ai

More information: https://careers.fetch.ai/jobs/cryptography-engineer/

Event date: 18 August 2019
Submission deadline: 1 June 2019
Notification: 1 July 2019

Event date: 14 November to 15 November 2019
Submission deadline: 17 September 2019
Notification: 23 October 2019

Event date: 9 September to 13 September 2019

With the rapid development of quantum technologies, quantum-safe cryptography has found significant attention. Hash-based signature schemes have been in particular of interest because of (i) the importance of digital signature as the main source of trust on the Internet, (ii) the fact that the security of these signatures relies on existence of one-way functions, which is the minimal assumption for signature schemes, and (iii) they can be efficiently implemented. Basic hash-based signatures are for a single message, but have been extended for signing multiple messages. In this paper we design a Multi-message Signature Scheme (MSS) based on an existing One-Time Signature (OTS) that we refer to as KSN-OTS. KSN uses SWIFFT, an additive homomorphic lattice-based hash function family with provable one-wayness property, as the one-way-function and achieves a short signature. We prove security of our proposed signature scheme in a new strengthened security model (multi-target multi-function) of MSS, determine the system parameters for 512 bit classical (256 bit quantum) security, and compare parameter sizes of our scheme against XMSS, a widely studied hash based MSS that has been a candidate for NIST standardization of post-quantum signature scheme. We give an efficient implementation of our scheme using Intel SIMD (Single Instruction Multiple Data) instruction set. For this, we first implement SWIFFT computation using a SIMD parallelization of Number Theoretic Transform (NTT) of elements of the ring $\mathbb{Z}_p[X]/(X^\n+1)$, that can support different levels of parallelization. We compare efficiency of this implementation with a comparable (security level) implementation of XMSS and show its superior performance on a number of efficiency parameters.

Recent foundational work on leakage-based attacks on encrypted databases has broadened our understanding of what an adversary can accomplish with a standard leakage profile. Nevertheless, all known value reconstruction attacks succeed under strong assumptions that may not hold in the real world. The most prevalent assumption is that queries should be issued uniformly at random by the client. We present the first value reconstruction attacks for encrypted databases without any assumptions about the query or data distribution. Our approach uses the search pattern leakage, which exists in all known structured encryption schemes but has not been effectively utilized so far. At the core of our method lies a support size estimator, a technique that utilizes the repetition of search tokens with the same response to estimate distances between encrypted values without any assumptions about the underlying distribution. We develop distribution-agnostic reconstruction attacks for both range queries and k-nearest-neighbor (k-NN) queries based on information extracted from the search pattern leakage. Our new range attack follows a different algorithmic approach than state-of-the-art attacks, which are fine-tuned to succeed under the uniform queries. Instead, we reconstruct plaintext values under a variety of skewed query distributions and even outperform the accuracy of previous approaches under uniform query distribution. Our new k-NN attack succeeds with far fewer samples than a previously proposed attack and scales to much larger values of k. We demonstrate the effectiveness of our attacks by experimentally testing them on a wide range of query distributions and database densities, both unknown to the adversary.

Tweakable block cipher (TBC), a stronger notion than standard block ciphers, has wide-scale applications in symmetric-key schemes. At a high level, it provides flexibility in design and (possibly) better security bounds. In multi-keyed applications, a TBC with short tweak values can be used to replace multiple keys. However, the existing TBC construction frameworks, including TWEAKEY and XEX, are designed for general purpose tweak sizes. Specifically, they are not optimized for short tweaks, which might render them inefficient for certain resource constrained applications. So a dedicated paradigm to construct short-tweak TBCs (tBC) is highly desirable. In this paper, we present a dedicated framework, called the Elastic-Tweak framework (ET in short), to convert any reasonably secure SPN block cipher into a secure tBC. We apply the ET framework on GIFT and AES to construct efficient tBCs, named TweGIFT and TweAES. We present hardware and software results to show that the performance overheads for these tBCs are minimal. We perform comprehensive security analysis and observe that TweGIFT and TweAES provide sufficient security without any increase in the number of block cipher rounds when compared to GIFT and AES. We also show some concrete applications of ET-based tBCs, which are better than their block cipher counterparts in terms of key size, state size, number of block cipher calls, and short message processing. Some notable applications include, Twe-FCBC (reduces the key size of FCBC and gives better security than CMAC), Twe-LightMAC Plus (better rate than LightMAC Plus), Twe-SUNDAE, Twe-CLOC, and Twe-SILC (reduces the number of block cipher calls and simplifies the design of SUNDAE, CLOC and SILC).

In Side Channel Analysis, masking is known to be a reliable and robust counter-measure. Recently, several papers have focused on the application of the Deep Learning (DL) theory to improve the efficiency of side channel attacks against implementations protected with this approach. Even if these seminal works have demonstrated the practical interest of DL in the side-channel context, they did not argue on their theoretical soundness nor quantify their efficiency, especially with respect to the optimality bounds published so far in the literature. This paper aims at addressing this question of optimality, in particular when masking is applied. We argue that minimizing the Negative Log Likelihood during the training of Deep Learning models is actually asymptotically equivalent to maximizing a lower bound of the mutual information between the observations and the target secret chunk, or equivalently to minimizing an upper bound on underlying side-channel efficiency. Also, we argue that training a Deep Neural Networks consists in finding the parameters that maximize the Perceived Information introduced by Renauld et al. at EUROCRYPT 2011. These theoretical results allowed us to formally study the impact of masking counter-measures against Deep Learning based Side Channel attacks. In particular, and as expected, we verified, both on simulations and on experimental traces, that Boolean masking is sound against such a class of Side Channel attacks.

Ensuring secure deduplication of encrypted data is a very active topic of research because deduplication is effective at reducing storage costs. Schemes supporting deduplication of encrypted data that are not vulnerable to content guessing attacks (such as Message Locked Encryption) have been proposed recently [Bellare et al. 2013, Li et al. 2015]. However in all these schemes, there is a key derivation phase that solely depends on a short hash of the data and not the data itself. Therefore, a file specofic key can be obtained by anyone possessing the hash. Since hash values are usually not meant to be secret, a desired solution will be a more robust oblivious key generation protocol where file hashes need not be kept private. Motivated by this use-case, we propose a new primitive for oblivious pseudorandom function (OPRF) on committed vector inputs in the universal composable (UC) framework. We formalize this functionality as $\mathcal{F}_\mathsf{OOPRF}$, where $\mathsf{OOPRF}$ stands for Ownership-based Oblivious PRF. $\mathcal{F}_\mathsf{OOPRF}$ produces a unique random key on input a vector digest provided the client proves knowledge of a (parametrisable) number of random positions of the input vector. To construct an efficient $\mathsf{OOPRF}$ protocol, we carefully combine a hiding vector commitment scheme, a variant of the PRF scheme of Dodis- Yampolskiy [Dodis et al. 2005] and a homomorphic encryption scheme glued together with concrete, efficient instantiations of proofs of knowledge. To the best of our knowledge, our work shows for the first time how these primitives can be combined in a secure, efficient and useful way. We also propose a new vector commitment scheme with constant sized public parameters but $(\log n)$ size witnesses where n is the length of the committed vector. This can be of independent interest.

A framework is introduced for efficiently computing with encrypted data. We assume a semi-honest security model with two computing parties. Two different coding techniques are used with additively homomorphic encryption, such that many values can be put into one large encryption, and additions and multiplications can be performed on all values simultaneously. For more complicated operations such as comparisons and equality tests, bit-wise secret sharing is proposed as an additional technique that has a low computational and communication complexity, and which allows for precomputing. The framework is shown to significantly improve the computational complexity of state-of-the-art solutions on generic operations such as secure comparisons and secure set intersection.

The Noise protocol framework is a suite of channel establishment protocols, of which each individual protocol ensures various security properties of the transmitted messages, but keeps specification, implementation, and configuration relatively simple. Implementations of the Noise protocols are themselves, due to the employed primitives, very performant. Thus, despite its relative youth, Noise is already used by large-scale deployed applications such as WhatsApp and Slack. Though the specification describes and claims the security properties of the protocol patterns very precisely, there has been no computational proof yet. We close this gap.

Noise uses only a limited number of cryptographic primitives which makes it an ideal candidate for reduction-based security proofs. Due to its patterns' characteristics as channel establishment protocols, and the usage of established keys within the handshake, the authenticated and confidential channel establishment (ACCE) model (Jager et al. CRYPTO 2012) seems perfectly fit for an analysis of Noise. However, the ACCE model strictly divides protocols into two non-overlapping phases: the pre-accept phase (i.e., the channel establishment) and post-accept phase (i.e., the channel). Using the example of Noise, we show that this separation originates from the historic background of the TLS 1.2 proof, rather than it depicting the natural core of a channel establishment protocol. Similarly to TLS 1.3, Noise allows the transmission of encrypted messages as soon as a key is established (for instance, before any authentication between parties has taken place).

By proposing a generalization of the original ACCE model, we catch security properties of these earlier messages precisely. As our generalized model is aimed to capture security of multiple different channel establishment protocols, we then add flexibility to the security definition, comparable to the multi-stage key exchange model (Fischlin and Günther CCS 2014). We furthermore provide a broad discussion on the relations among and dimensions of the considered security properties as this plays a crucial role when defining security flexibly. Based on this, we observe that each message sent during the channel establishment can add new security properties, while inheriting those established in previous stages.

We give full security proofs for eight of the 15 basic Noise patterns to illustrate the flexibility and validity of this approach.

Nazarbayev University is seeking highly-qualified faculty at the assistant and associate professor ranks to join its rapidly growing Mathematics Department in the School of Science and Technology. All areas of mathematics will be considered but preference will be given to applied mathematics and statistics (broadly interpreted).

Successful candidates should hold a PhD in mathematics, statistics or in a related field and have excellent English-language communication skills and experience with Western higher education. Applicants for associate professor positions should have considerable experience in supervising students at the graduate level, possess strong teaching skills and experience, and a demonstrated rank-appropriate research accomplishment and service. Applicants for assistant professor level should demonstrate a potential for excellence in teaching, research, and service.

Position responsibilities include: teaching undergraduate and graduate level of courses (2-2 teaching load), supervision of graduate students, curricular and program development, ongoing engagement in professional and research activities, general program guidance and leadership, and other activities related to the intellectual and cultural environment of the university.

Nazarbayev University offers an attractive benefits package, including:

competitive compensation;

free housing based on family size and rank;

relocation allowance;

no-cost medical insurance, with global coverage;

educational allowance for children

air tickets to home country, twice per year

Closing date for applications: 31 May 2019

Contact: Applicants should send a detailed CV, teaching and research statements, and list of publications to sst.cv (at) nu.edu.kz

More information: http://sst.nu.edu.kz

The crypto group at NTNU is looking for outstanding candidates for a postdoc position working on topics related to public-key cryptography (including encryption, signature and NIZK schemes). The successful candidate will work with Jiaxin Pan who will start an Associate Professor position at the Department of Mathematical Sciences in fall 2019. Currently, topics of interest include (but not limited to):

- Tight security,

- Structure-preserving cryptography, and

- Lattice-based cryptography.

Candidates should be able to show their strong expertise in cryptography in form of publications at major crypto or security conferences. The position is for 2 years and the department may offer a twelve months extension for teaching. Knowledge of the Norwegian language is not mandatory for this position. The working language in the group is English. All students and people in the city (Trondheim) speak very good English.

More information is given in the following link and one can only apply this position through the same link: https://www.jobbnorge.no/en/available-jobs/job/169418/postdoctoral-fellowships-in-public-key-cryptography.

If you would like to have further information or any questions, please feel free to contact Jiaxin Pan.

Closing date for applications: 16 May 2019

Contact: Jiaxin Pan (jiaxin.pan at ntnu.no)

The crypto group at NTNU is looking for outstanding candidates for two PhD positions (one on public-key cryptography and one on cryptographic voting systems).

The successful candidate in public-key cryptography will work with Jiaxin Pan who will start an Associate Professor position at the Department of Mathematical Sciences in fall 2019. Currently, topics of interest include (but not limited to):

- Tight security,

- Structure-preserving cryptography, and

- Lattice-based cryptography.

The successful candidate in cryptographic voting systems will work with Professor Kristian Gjøsteen at the Department of Mathematical Sciences. Topics of interest include (but not limited to):

- User confidence in cryptographic voting systems,

- Security proofs for such systems, and

- Long-term security, including post-quantum security.

The applicants should have a master’s degree in mathematics, or a master’s degree in computer science, communications technology or related areas, with a strong mathematical component. A background including experience with cryptography or computational complexity is desirable. Candidates completing their master degree in 2019 are encouraged to apply.

Norway needs candidates that can be security cleared. The PhD work itself does not require a security clearance, but candidates that can be security cleared may be preferred.

The positions are for 3 years. The Department may offer a twelve month extension as a teaching assistant. The candidates for the position must be fluent in English, both oral and written.

More information is given in the following links and one can only apply these positions through the corresponding links:

* https://www.jobbnorge.no/en/available-jobs/job/169454/doctoral-fellowship-in-public-key-cryptography

* https://www.jobbnorge.no/en/available-jobs/job/169452/phd-fellowship-in-cryptographic-voting

Closing date for applications: 16 May 2019

Contact: Jiaxin Pan (jiaxin.pan at ntnu.no) or Kristian Gjøsteen (kristian.gjosteen at ntnu.no)