International Association
for Cryptologic Research

Event date: 8 July to 10 July 2020
Submission deadline: 28 February 2020
Notification: 24 April 2020

The Cryptography and Privacy Research Group at Microsoft Research seeks outstanding graduate students for summer internships in Redmond in the areas of Homomorphic Encryption, Post-Quantum Cryptography, Zero-knowledge Proofs, Private Set Intersection, Privacy for ML, Blockchain-based applications, Compilers, Verifiable Computation, Oblivious RAM, Privacy-preserving systems, applied Secure Multi Party Computation, Differential Privacy, and other areas of applied cryptography.

Responsibilities: Interns put inquiry and theory into practice. Alongside fellow doctoral candidates and some of the world’s best researchers, interns learn, collaborate, and network for life. Interns not only advance their own careers, but they also contribute to exciting research and development strides. During the 12-week internship, students are paired with mentors and expected to collaborate with other interns and researchers, present findings, and contribute to the vibrant life of the community. Research internships are available in all areas of research, and are offered year-round, though they typically begin in the summer.

Qualifications In addition to the qualifications below, you’ll need submit a minimum of two reference letters for this position. After you submit your application, a request for letters may be sent to your list of references on your behalf. Note that reference letters cannot be requested until after you have submitted your application, and furthermore, that they might not be automatically requested for all candidates. You may wish to alert your letter writers in advance, so they will be ready to submit your letter.

Required Qualifications: Must be currently enrolled in a PhD program in mathematics, computer science, electrical engineering, or a related STEM field.

Preferred Qualifications: Demonstrated ability to engage in research. Must be able to collaborate effectively with other researchers and product development teams. Excellent interpersonal skills, cross-group, and cross-cultural collaboration. Ability to think unconventionally to derive creative and innovative solutions.

Closing date for applications:

Contact: Please apply through https://careers.microsoft.com/us/en/job/724755/Research-Intern-Cryptography-and-Privacy-Research?utm_campaign=google_jobs_apply&utm_source=google_jobs_apply&utm_medium=organic

More information: https://careers.microsoft.com/us/en/job/724755/Research-Intern-Cryptography-and-Privacy-Research?utm_campaign=google_job

The Cryptography and Privacy Research Group at Microsoft Research seeks researchers working on cutting-edge cryptography techniques and their applications, specifically in the areas of Homomorphic Encryption, Post-Quantum Cryptography, Compilers, Verifiable Computation, Oblivious RAM, Zero-knowledge Proofs, Private Set Intersection, Privacy for Machine Learning and AI, Adversarial Machine Learning, Blockchain-based applications, Privacy-preserving systems, Applied Secure Multi Party Computation, Differential Privacy, and other areas of applied cryptography.

Qualifications Required: A Ph.D. degree in mathematics, computer science, electrical engineering or other related fields. Preferred: Demonstrated ability to develop original research agendas. Must be able to collaborate effectively with other researchers and product development teams. Excellent interpersonal skills, cross-group, and cross-cultural collaboration. As part of your application please upload: A current CV; An academic research statement (approximately 2-4 pages) that outlines both your research achievements and agenda, and your service and outreach activities and plans; 3 letters of recommendation. This role is not to exceed 2 years.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form. Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country wh

Closing date for applications:

Contact: Please apply online through https://careers.microsoft.com/students/us/en/job/732256/Post-Doc-Researcher-Cryptography-Privacy

The Network and Information Security Group is currently looking for up to 2 motivated and talented researchers (Postdoctoral Researchers) to contribute to research projects related to applied cryptography, security and privacy. The successful candidates will be working on the following topics (but not limited to):

• Searchable Encryption and data structures enabling efficient search operations on encrypted data;
• Restricting the type of access given when granting access to search over one's data;
• Processing of encrypted data in outsourced and untrusted environments;
• Applying encrypted search techniques to SGX environments;
• Revocable Attribute-Based Encryption schemes and their application to cloud services;
• Functional Encryption;
• Privacy-Preserving Analytics;
• IoT Security.

Programming skills is a must.

The positions are strongly research-focused. Activities include conducting both theoretical and applied research, design of secure and/or privacy-preserving protocols, software development and validation, reading and writing scientific articles, presentation of the research results at seminars and conferences in Finland and abroad, acquiring (or assisting in acquiring) further funding.

Closing date for applications:

Contact: Antonis Michalas antonios.michalas (at) tuni.fi

Applications are invited for a full time permanent post of Lecturer in the Information Security Group (ISG) at Royal Holloway, University of London. This post carries the responsibility to conduct research and to contribute to the teaching in the department. The post is equivalent to an assistant professor in the US system, or a Juniorprofessor in Germany. The applicant should have a good research profile that fits within the wide range of research undertaken by the ISG. We are particularly interested in applicants who will be able to drive forward research related to all fields of cryptography: theory, applied, primitives, protocols, symmetric, asymmetric. However, strong social scientists working on information security and researchers working on software and systems security or any other field of information security are also encouraged to apply. The post holder will contribute to the research and teaching of the Information Security Group which is a full department within the University that hosts a dynamic inter-disciplinary group of academics and researchers focused on information security research and teaching. The ISG is amongst the largest departments dedicated to information security in the world with circa 20 academic staff in the department, as well as research and support staff. We work with many research partners in other departments and have circa 70 PhD students working on a wide range of security research, many of whom are fully funded through our Centre for Doctoral Training in Cyber Security for the Everyday, funding 10 PhD positions per annum for the next four years.

Closing date for applications:

Contact: Martin Albrecht

More information: https://jobs.royalholloway.ac.uk/vacancy.aspx?ref=0120-023

We are looking for an excellent, motivated, and self-driven doctoral student wishing to work in the area of cryptography, secure protocols or information security. The PhD student will join the cryptography group at the Department of Engineering at Lund University (LTH - Lunds tekniska högskola). The position is linked to a project funded by the Swedish research council focusing on security and privacy issues in communication protocols and it is fully funded five years with possible extension for parental or sick leave.

Applicants are expected to hold a MSc degree or equivalent, have a solid background in mathematics and/or theoretical computer science. Knowledge of cryptographic primitives and formal security definitions is preferable, but not mandatory. All students wishing to do a PhD degree in secure cryptographic protocols are invited to apply for this position.

Closing date for applications:

Contact: For more details or to apply to the call use the link https://lu.varbi.com/en/what:job/jobID:311518/

The IACR Test-of-Time Award is given annually for each one of the three IACR General Conferences (Eurocrypt, Crypto, and Asiacrypt). An award will be given at a conference for a paper which has had a lasting impact on the field and was published 15 years prior.

We welcome nominations for the 2020 award (for papers published in 2005) until Feb 15, 2020. The proceedings of these conferences can be found here:

• Asiacrypt 2005
• Crypto 2005
• Eurocrypt 2005

To submit your nomination please use the following nomination form.

More information about the IACR Test-of-Time awards can be found in iacr.org/testoftime/

The 2020 Selection Committee:

• Tatsuaki Okamoto (chair)
• Ueli Maurer
• Anne Canteaut (Eurocrypt 2020 program co-chair)
• Daniele Micciancio (Crypto 2020 program co-chair)
• Shiho Morai (Asiacrypt 2020 program co-chair)

The absence of deployed vehicular communication systems, which prevents the advanced driving assistance systems (ADASs) and autopilots of semi/fully autonomous cars to validate their virtual perception regarding the physical environment surrounding the car with a third party, has been exploited in various attacks suggested by researchers. Since the application of these attacks comes with a cost (exposure of the attacker’s identity), the delicate exposure vs. application balance has held, and attacks of this kind have not yet been encountered in the wild. In this paper, we investigate a new perceptual challenge that causes the ADASs and autopilots of semi/fully autonomous to consider depthless objects (phantoms) as real. We show how attackers can exploit this perceptual challenge to apply phantom attacks and change the abovementioned balance, without the need to physically approach the attack scene, by projecting a phantom via a drone equipped with a portable projector or by presenting a phantom on a hacked digital billboard that faces the Internet and is located near roads. We show that the car industry has not considered this type of attack by demonstrating the attack on today’s most advanced ADAS and autopilot technologies: Mobileye 630 PRO and the Tesla Model X, HW 2.5; our experiments show that when presented with various phantoms, a car’s ADAS or autopilot considers the phantoms as real objects, causing these systems to trigger the brakes, steer into the lane of oncoming traffic, and issue notifications about fake road signs. In order to mitigate this attack, we present a model that analyzes a detected object’s context, surface, and reflected light, which is capable of detecting phantoms with 0.99 AUC. Finally, we explain why the deployment of vehicular communication systems might reduce attackers’ opportunities to apply phantom attacks but won’t eliminate them.

Threshold Signatures allow n parties to share the power of issuing digital signatures so that any coalition of size at least (t+1) can sign, whereas groups of t or less players cannot. Over the last few years many schemes addressed the question of realizing efficient threshold variants for the specific case of EC-DSA signatures. In this paper we present new solutions to the problem that aim at reducing the overall bandwidth consumption. Our main contribution is a new variant of the Gennaro and Goldfeder protocol from ACM CCS 2018 that avoids all the required range proofs, while retaining provable security against malicious adver- saries in the dishonest majority setting. Our experiments show that – for all levels of security – our signing protocol reduces the bandwidth consumption of best previously known secure protocols for factors varying between 4.4 and 9, while key generation is consistently two times less expensive. Furthermore compared to these same protocols, our signature generation is faster for 192-bits of security and beyond.

File-sharing systems like Dropbox offer insufficient privacy because a compromised server can see the file contents in the clear. Although encryption can hide such contents from the servers, metadata leakage remains significant. The goal of our work is to develop a file-sharing system that hides metadata---including user identities and file access patterns.

Metal is the first file-sharing system that hides such metadata from malicious users and that has a latency of only a few seconds. The core of Metal consists of a new two-server multi-user oblivious RAM (ORAM) scheme, which is secure against malicious users, a metadata-hiding access control protocol, and a capability sharing protocol. Compared with the state-of-the-art malicious-user file-sharing scheme PIR-MCORAM (Maffei et al.'17), which does not hide user identities, Metal hides the user identities and is 500x faster (in terms of amortized latency) or 10^5x faster (in terms of worst-case latency).

The established bounds on the round-complexity of (black-box) concurrent zero-knowledge (cZK) consider adversarial verifiers with complete control over the scheduling of messages of different sessions. Consequently, such bounds only represent a \emph{worst} case study of concurrent schedules, forcing $\widetilde{\Omega}(\log n)$ rounds for \emph{all} protocol sessions. What happens in ``average'' cases against random schedules? Must all sessions still suffer large number of rounds?

Rosen and Shelat first considered such possibility, and constructed a cZK protocol that adjusts its round-complexity based on existing network conditions. While they provide experimental evidence for its average-case performance, no provable guarantees are known.

In general, a proper framework for studying and understanding the average-case schedules for cZK is missing. We present the first theoretical framework for performing such average-case studies. Our framework models the network as a stochastic process where a new session is opened with probability $p$ or an existing session receives the next message with probability $1-p$; the existing session can be chosen either in a first-in-first-out (FIFO) or last-in-first-out (LIFO) order. These two orders are fundamental and serve as good upper and lower bounds for other simple variations.

We also develop methods for establishing provable average-case bounds for cZK in these models. The bounds in these models turn out to be intimately connected to various properties of one-dimensional random walks that reflect at the origin. Consequently, we establish new and tight asymptotic bounds for such random walks, including: expected rate of return-to-origin, changes of direction, and concentration of ``positive'' movements. These results may be of independent interest.

Our analysis shows that the Rosen-Shelat protocol is highly sensitive to even moderate network conditions, resulting in a large fraction of non-optimal sessions. We construct a more robust protocol by generalizing the ``footer-free'' condition of Rosen-Shelat which leads to significant improvements for both FIFO and LIFO models.

We present an enhanced version of the Kate, Zaverucha and Goldberg polynomial commitment scheme [KZG, ASIACRYPT 2010] where a single group element can be an opening proof for multiple polynomials each evaluated at a different arbitrary subset of points. As a sample application we ``plug in'' this scheme into the PLONK proving system[GWC, 2019] to obtain improved proof size and prover run time at the expense of additional verifier ${\mathbb{G}}_2$ operations and pairings, and additional ${\mathbb{G}}_2$ SRS elements.

We also present a second scheme where the proof consists of two group elements and the verifier complexity is better than previously known batched verification methods for [KZG].

A secret-sharing scheme allows to distribute a secret $s$ among $n$ parties such that only some predefined ``authorized'' sets of parties can reconstruct the secret, and all other ``unauthorized'' sets learn nothing about $s$. The collection of authorized sets is called the access structure. For over 30 years, it was known that any (monotone) collection of authorized sets can be realized by a secret-sharing scheme whose shares are of size $2^{n-o(n)}$ and until recently no better scheme was known. In a recent breakthrough, Liu and Vaikuntanathan (STOC 2018) have reduced the share size to $2^{0.994n+o(n)}$, which was later improved to $2^{0.892n+o(n)}$ by Applebaum et al. (EUROCRYPT 2019).

In this paper we improve the exponent of general secret-sharing down to $0.637$. For the special case of linear secret-sharing schemes, we get an exponent of $0.762$ (compared to $0.942$ of Applebaum et al.).

As our main building block, we introduce a new \emph{robust} variant of conditional disclosure of secrets (robust CDS) that achieves unconditional security even under limited form of re-usability. We show that the problem of general secret-sharing reduces to robust CDS with sub-exponential overhead and derive our main result by implementing robust CDS with a non-trivial exponent. The latter construction follows by presenting a general immunization procedure that turns standard CDS into a robust CDS.

Event date: 9 August to 11 August 2020
Submission deadline: 1 May 2020
Notification: 22 June 2020

Event date: 28 July 2020
Submission deadline: 17 February 2020
Notification: 23 March 2020

The Hubert Curien laboratory is a joint research unit of the University of Lyon, Saint-Etienne, the National Research Centre "CNRS". Its Secure Embedded Systems & Hardware Architectures (SESAM) Group is one of the leading European research groups in the areas of hardware security. The SESAM group of the Hubert Curien Lab explores three main aspects of hardware security: - the random number generation and physical unclonable function implementation in logic devices, including design, characterization, test and security evaluation - the design of hardware architectures resistant to passive and active physical attacks, - the security of systems on chip (SoC) This group offer a post-doc research position to work on one of these three aspects of hardware security. We are looking for an excellent candidate with PhD and track record in hardware security. The Post-Doc position will start as soon as possible to finish at the end of March 2021 (no-flexible ending date), it could extend for one more year in function of the scientific work produced during the first year.

Closing date for applications:

Contact: To apply please send to Prof. L. Bossuet your detailed CV (with publication list), motivation for applying (1 page) and names of at least two people who can provide reference letters (e-mail).

More information: https://laboratoirehubertcurien.univ-st-etienne.fr/en/teams/secure-embedded-systems-hardware-architectures.html.

If two or more identical HTTPS clients, located at different geographic locations (regions), make an HTTPS request to the same domain (e.g. example.com), on the same day, will they receive the same HTTPS security guarantees in response? Our results give evidence that this is not always the case. We conduct scans for the top 250000 most visited domains on the Internet, from clients located at five different regions: Australia, Brazil, India, the UK, and the US. Our scans gather data from both application (URLs and HTTP headers) and transport (servers' selected TLS version, ciphersuite, and certificate) layers. Overall, we find that HTTPS inconsistencies at the application layer are higher than those at the transport layer. We also find that HTTPS security inconsistencies are strongly related to URLs and IPs diversity among regions, and to a lesser extent to the presence of redirections. Further manual inspection shows that there are several reasons behind URLs diversity among regions such as downgrading to the plain-HTTP protocol, using different subdomains, different TLDs, or different home page documents. Furthermore, we find that downgrading to plain-HTTP is related to websites' regional blocking. We also provide attack scenarios that show how an attacker can benefit from HTTPS security inconsistencies, and introduce a new attack scenario which we call the "region confusion" attack. Finally, based on our observations, we draw some recommendations including the need for testing tools for domain administrators and users that help to mitigate and detect regional domains' inconsistencies, standardising regional domains format with the same-origin policy (of domains) in mind, standardising secure URL redirections, and avoid redirections whenever possible.

Quantum random number generators (QRNGs) produce theoretically unpredictable random numbers. A typical QRNG is implemented in quantum optics [Herrero-Collantes, M., Garcia-Escartin, J. C.: Quantum Random Number Generators. Rev. Mod. Phys. \textbf{89}, 015004 (2017)]. Quantum computers become QRNGs when given certain programs. The simplest example of such a program applies the Hadamard gate on all qubits and performs measurement. As a result of repeatedly running this program on a 20-qubit superconducting quantum computer (IBM 20Q Tokyo), we obtained a sample with a length of 43,560. However, statistical analysis showed that this sample was biased and correlated. One of the post-processed samples passed statistical tests. To show the effectiveness of post-processing, a larger sample size is required. The present study of quantum random number generation and statistical testing may provide a potential candidate for benchmarking tests of actual quantum computing devices.

We present improved quantum circuits for elliptic curve scalar multiplication, the most costly component in Shor's algorithm to compute discrete logarithms in elliptic curve groups. We optimize low-level components such as reversible integer and modular arithmetic through windowing techniques and more adaptive placement of uncomputing steps, and improve over previous quantum circuits for modular inversion by reformulating the binary Euclidean algorithm. Overall, we obtain an affine Weierstrass point addition circuit that has lower depth and uses fewer T gates than previous circuits. While previous work mostly focuses on minimizing the total number of qubits, we present various trade-offs between different cost metrics including the number of qubits, circuit depth and T-gate count. Finally, we provide a full implementation of point addition in the Q# quantum programming language that allows unit tests and automatic quantum resource estimation for all components.

We consider a key encapsulation mechanism (KEM) based on ring-LWE where reconciliation is performed on an $N$-dimensional lattice using Wyner-Ziv coding. More precisely, we consider Barnes-Wall lattices and use Micciancio and Nicolosi's bounded distance decoder with polynomial complexity $\mathcal{O}(N \log^2(N))$. We show that in the asymptotic regime for large $N$, the achievable key rate is $\Theta(\log N)$ bits per dimension, while the error probability $P_e$ vanishes exponentially in $N$. Unlike previous works, our scheme does not require a dither.