International Association
for Cryptologic Research

A blockchain protocol (also called state machine replication) allows a set of nodes to agree on an ever-growing, linearly ordered log of transactions. The classical consensus literature suggests two approaches for constructing a blockchain protocol: 1) through composition of single-shot consensus instances often called Byzantine Agreement; and 2) through direct construction of a blockchain where there is no clear-cut boundary between single-shot consensus instances. While conceptually simple, the former approach precludes cross-instance optimizations in a practical implementation. This perhaps explains why the latter approach has gained more traction in practice: specifically, well-known protocols such as Paxos and PBFT all follow the direct-construction approach. In this tutorial, we present a new paradigm called “streamlined blockchains” for directly constructing blockchain protocols. This paradigm enables a new family of protocols that are extremely simple and natural: every epoch, a proposer proposes a block extending from a notarized parent chain, and nodes vote if the proposal’s parent chain is not too old. Whenever a block gains enough votes, it becomes notarized. Whenever a node observes a notarized chain with several blocks of consecutive epochs at the end, then the entire chain chopping off a few blocks at the end is final. By varying the parameters highlighted in blue, we illustrate two variants for the partially synchronous and synchronous settings respectively. We present very simple proofs of consistency and liveness. We hope that this tutorial provides a compelling argument why this new family of protocols should be used in lieu of classical candidates (e.g., PBFT, Paxos, and their variants), both in practical implementation and for pedagogical purposes.

FHEW and TFHE are fully homomorphic encryption (FHE) cryptosystems that can evaluate arbitrary Boolean circuits by bootstrapping after each gate evaluation. The FHEW cryptosystem was originally designed based on standard (Ring) LWE assumptions, and its initial implementation was able to run bootstrapping in less than 1 second. The TFHE cryptosystem used somewhat stronger assumptions, such as LWE over torus and binary secret distribution, and applied several other optimizations to reduce the bootstrapping runtime to less than 0.1 second. Up to now, the gap between the underlying security assumptions prevented a fair comparison of the cryptosystems for same security settings.

We present a unified framework that includes the original and extended variants of both FHEW and TFHE cryptosystems, and implement it in PALISADE using modular arithmetic. Our analysis shows that the main distinction between the cryptosystems is the bootstrapping procedure used: Alperin-Sherif--Peikert (AP) for FHEW vs. Gama--Izabachene--Nguyen--Xie (GINX) for TFHE. All other algorithmic optimizations in TFHE equally apply to both cryptosystems. We extend the GINX bootstrapping to ternary uniform and Gaussian secret distributions, which are included in the HE community security standard. Our comparison of the AP and GINX bootstrapping methods for different secret distributions suggests that the TFHE/GINX cryptosystem provides better performance for binary and ternary secrets while FHEW/AP is faster for Gaussian secrets. We make a recommendation to consider the variants of FHEW and TFHE cryptosystems based on ternary and Gaussian secrets for standardization by the HE community.

The ST Engineering-SUTD Cyber Security Laboratory @ SUTD looks for one Postdoctoral Fellow position and one Research Assistant position, for a project on the security of avionics systems with emphases on the aircraft data bus and network technologies.

 

Post-Doc

Requirements:

• Ph.D. in Computer Science or related areas;
• Background in Security, Software Engineering, and/or Data Science;
• Track record of publications in high-quality journals and/or conferences;
• Good written/oral communication skills in English, and ability to work effectively in a collaborative team;
• Skills and experience in both analytical and empirical research;
• Programming skills in one or more of the following: Python, Java, C++;
• Interest to work in:
  1. Avionics data bus and network technologies
  2. Computer and network security
  3. Attack emulation
  4. Machine learning with application to intrusion detection

 

Research Assistant

Requirements:

• Master degree in Computer Science or related areas;
• Strong programming skills in one or more of the following: Python, Java, C++;
• Familiarity with (i) applied software and/or systems security, and (ii) machine learning;
• Good written/oral communication skills in English, and ability to work effectively in a collaborative team;
• Interest to work in:
  1. Avionics data bus and network technologies
  2. Computer and network security
  3. Attack emulation
  4. Machine learning with application to intrusion detection

 

A full-time appointment will be offered for one year renewable. SUTD offers an internationally competitive salary that will be determined based on the applicant's experience and qualifications.

Closing date for applications:

Contact: Interested persons please email with a cover letter and updated curriculum vitae to cyberlab@sutd.edu.sg . Positions will be available until filled; only short-listed candidates will be notified.

About

Our mission at Zama is to protect people’s privacy by preventing data breaches and surveillance.

Our first product is a deep learning framework that enables fast and accurate inference over encrypted data, without any changes to the neural network architecture.

We believe privacy-enabling technologies should benefit the widest possible community of developers and security researchers, which is why everything we create will be published and open-sourced.

Zama is founded by Pascal Paillier and Rand Hindi

Responsibilities

discovering new cryptographic techniques to compute on encrypted data

working with the engineering and product teams to implement your research into our products

design robust benchmarks to test your research and its implementation

review the latest published research, and inform the team on potential new applications or changes to our approach

work with the entire team to define the research and product roadmaps

publishing papers, filing patents and presenting your work at academic conferences

Requirements

PhD in cryptography or equivalent

deep knowledge of homomorphic encryption

optionally knowledge of machine learning

be based in or willing to relocate to Paris, France

passionate about privacy and open science

Closing date for applications:

Contact: hello@zama.ai

More information: https://zama.ai/jobs/senior-researcher-cryptography/

We are hiring one more junior postdoc, for two years, to work on blue-sky research, real world crypto, cryptanalysis, side channels, or interdisciplinary studies of crypto-system failures. Positions available immediately with internationally competitive salaries and first-rate research support, but start dates are negotiable.

Our track records include award-winning papers at Usenix Security, ACM CCS, ACSAC and SOUPS; making a finalist for the Pwnie Award for most innovative research; and trailblazing a number of subjects such as usable security and differential imaging forensics.

Our research philosophy: have fun; write papers that matter; and make an impact.

Closing date for applications:

Contact: Prof Jeff.Yan@liu.se

We are looking for candidates for 2 - 3 Research Fellow positions on cryptography for the following topics: • Post-quantum cryptography • Homomorphic encryption • Secure multiparty computation • Verifiable Computation We offer a competitive salary package commensurate with applicant's research experience. The contract will be for 1 year initially with the possibility to be extended up to 3 years. Candidates are expected to have proven record of publications. Interested candidates are encouraged to send their CV and name two references to Prof Wang Huaxiong. Review of applicants will start immediately until the positions are filled.

Closing date for applications:

Contact: Wang Huaxiong (hxwang@ntu.edu.sg)

OneSpan is seeking applications for highly motivated and self-driven research scientists to complement its Innovation Centre team currently working on cutting-edge research in security, privacy, machine learning and digital identity. The Innovation Centre was established to research and prototype the next generation of digital technologies to improve online security. The centre is characterised by a collaborative and entrepreneurial mind-set and brings together researchers from different disciplinary backgrounds. We seek to make technological advances in areas ranging from OneSpan’s core business of strong authentication, to areas of growing importance such as fraud detection, privacy and digital identity. Our work aims to generate new scientific knowledge, prototypes, and intellectual property that can be transferred into products. We also aspire to be a leading academic-industry partner of choice on emerging technologies related to online security. Our driving ambition is to create novel technologies that carefully consider the user experience and exhibit the strong security that our customers have come to expect. Job Duties and Responsibilities The objective of the research scientist is to conduct applied research linked to OneSpan’s product range with the aim of enhancing OneSpan’s offering in the short and mid-term. Your key tasks are: Propose research agenda; Perform first-class research; Create research software prototypes that could lead to new products; Show leadership in your field of expertise; Work collaboratively in a team that spans international borders and departments; Responsibilities Must haves A PhD degree or equivalent experience in information engineering, mathematics, computer science. Candidates expected to finish their PhD before summer 2020 will also be considered. Strong proven interest and knowledge of one or more of these research areas: security, privacy, digital identity, biometrics, and machine learning; A willingness to learn and the ability to quickly understand unfamiliar areas of technology;

Closing date for applications:

Contact: Talent Acquisition (Julie Tinel). Thank you for applying via our website.

More information: https://grnh.se/b666606f1

The Dean of the Faculty of Informatics, Masaryk University, invites applications for one position of Assistant Professor in Cybersecurity, with the Department of Computer Systems and Communications.

Applications due: March 1, 2020

Employment start date: By mutual agreement

This position is aimed to strengthen the work of the Centre for Research on Cryptography and Security (CRoCS - https://crocs.fi.muni.cz/) at the Faculty of Informatics. CRoCS works to improve security and privacy of real-world solutions through applied research (often in cooperation with industry) and advanced education of future security professionals. System security or network security focus are most desired, yet the abilities to work with a team of graduate students and faculty on research targeting top security/crypto conferences and to engage both undergraduate and graduate students in both educational and research exercises are most critical.

Masaryk University, the second largest university in Czech Republic, is one of the most respected institutions of higher education in Central Europe, with more than 30 000 students. Its Faculty of Informatics (FI) provides Computer Science education for 2 000 students and hosts almost 20 labs where researchers and students perform leading-edge research, often in cooperation with companies located in the science and technology park directly in the FI area.

Brno is a great place to live. As an international student city (1/5 of the population are students), there is always something to do and the Czech language isn’t a barrier. Brno, as one of the top student cities of the world, according to Quacquarelli Symonds, provides a great student experience: “The city gets extremely strong ratings for tolerance and inclusivity, and ease of getting around, while also scoring very well for both affordability and nightlife. Respondents praised the attractiveness of the city, as well as the large and friendly student community.”

Note - and if looking for a postdoc position, please consider https://www.muni.cz/en/about-us/careers/vacancies/52171.

Closing date for applications:

Contact: Vashek Matyas

More information: https://www.muni.cz/en/about-us/careers/vacancies/51351

Event date: 15 June to 17 June 2020
Submission deadline: 2 February 2020
Notification: 30 March 2020

Event date: 1 September 2020
Submission deadline: 24 April 2020
Notification: 24 July 2020

Event date: 8 July to 10 July 2020
Submission deadline: 28 February 2020
Notification: 24 April 2020

The Cryptography and Privacy Research Group at Microsoft Research seeks outstanding graduate students for summer internships in Redmond in the areas of Homomorphic Encryption, Post-Quantum Cryptography, Zero-knowledge Proofs, Private Set Intersection, Privacy for ML, Blockchain-based applications, Compilers, Verifiable Computation, Oblivious RAM, Privacy-preserving systems, applied Secure Multi Party Computation, Differential Privacy, and other areas of applied cryptography.

Responsibilities: Interns put inquiry and theory into practice. Alongside fellow doctoral candidates and some of the world’s best researchers, interns learn, collaborate, and network for life. Interns not only advance their own careers, but they also contribute to exciting research and development strides. During the 12-week internship, students are paired with mentors and expected to collaborate with other interns and researchers, present findings, and contribute to the vibrant life of the community. Research internships are available in all areas of research, and are offered year-round, though they typically begin in the summer.

Qualifications In addition to the qualifications below, you’ll need submit a minimum of two reference letters for this position. After you submit your application, a request for letters may be sent to your list of references on your behalf. Note that reference letters cannot be requested until after you have submitted your application, and furthermore, that they might not be automatically requested for all candidates. You may wish to alert your letter writers in advance, so they will be ready to submit your letter.

Required Qualifications: Must be currently enrolled in a PhD program in mathematics, computer science, electrical engineering, or a related STEM field.

Preferred Qualifications: Demonstrated ability to engage in research. Must be able to collaborate effectively with other researchers and product development teams. Excellent interpersonal skills, cross-group, and cross-cultural collaboration. Ability to think unconventionally to derive creative and innovative solutions.

Closing date for applications:

Contact: Please apply through https://careers.microsoft.com/us/en/job/724755/Research-Intern-Cryptography-and-Privacy-Research?utm_campaign=google_jobs_apply&utm_source=google_jobs_apply&utm_medium=organic

More information: https://careers.microsoft.com/us/en/job/724755/Research-Intern-Cryptography-and-Privacy-Research?utm_campaign=google_job

The Cryptography and Privacy Research Group at Microsoft Research seeks researchers working on cutting-edge cryptography techniques and their applications, specifically in the areas of Homomorphic Encryption, Post-Quantum Cryptography, Compilers, Verifiable Computation, Oblivious RAM, Zero-knowledge Proofs, Private Set Intersection, Privacy for Machine Learning and AI, Adversarial Machine Learning, Blockchain-based applications, Privacy-preserving systems, Applied Secure Multi Party Computation, Differential Privacy, and other areas of applied cryptography.

Qualifications Required: A Ph.D. degree in mathematics, computer science, electrical engineering or other related fields. Preferred: Demonstrated ability to develop original research agendas. Must be able to collaborate effectively with other researchers and product development teams. Excellent interpersonal skills, cross-group, and cross-cultural collaboration. As part of your application please upload: A current CV; An academic research statement (approximately 2-4 pages) that outlines both your research achievements and agenda, and your service and outreach activities and plans; 3 letters of recommendation. This role is not to exceed 2 years.

Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request via the Accommodation request form. Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country wh

Closing date for applications:

Contact: Please apply online through https://careers.microsoft.com/students/us/en/job/732256/Post-Doc-Researcher-Cryptography-Privacy

The Network and Information Security Group is currently looking for up to 2 motivated and talented researchers (Postdoctoral Researchers) to contribute to research projects related to applied cryptography, security and privacy. The successful candidates will be working on the following topics (but not limited to):

• Searchable Encryption and data structures enabling efficient search operations on encrypted data;
• Restricting the type of access given when granting access to search over one's data;
• Processing of encrypted data in outsourced and untrusted environments;
• Applying encrypted search techniques to SGX environments;
• Revocable Attribute-Based Encryption schemes and their application to cloud services;
• Functional Encryption;
• Privacy-Preserving Analytics;
• IoT Security.

Programming skills is a must.

The positions are strongly research-focused. Activities include conducting both theoretical and applied research, design of secure and/or privacy-preserving protocols, software development and validation, reading and writing scientific articles, presentation of the research results at seminars and conferences in Finland and abroad, acquiring (or assisting in acquiring) further funding.

Closing date for applications:

Contact: Antonis Michalas antonios.michalas (at) tuni.fi

Applications are invited for a full time permanent post of Lecturer in the Information Security Group (ISG) at Royal Holloway, University of London. This post carries the responsibility to conduct research and to contribute to the teaching in the department. The post is equivalent to an assistant professor in the US system, or a Juniorprofessor in Germany. The applicant should have a good research profile that fits within the wide range of research undertaken by the ISG. We are particularly interested in applicants who will be able to drive forward research related to all fields of cryptography: theory, applied, primitives, protocols, symmetric, asymmetric. However, strong social scientists working on information security and researchers working on software and systems security or any other field of information security are also encouraged to apply. The post holder will contribute to the research and teaching of the Information Security Group which is a full department within the University that hosts a dynamic inter-disciplinary group of academics and researchers focused on information security research and teaching. The ISG is amongst the largest departments dedicated to information security in the world with circa 20 academic staff in the department, as well as research and support staff. We work with many research partners in other departments and have circa 70 PhD students working on a wide range of security research, many of whom are fully funded through our Centre for Doctoral Training in Cyber Security for the Everyday, funding 10 PhD positions per annum for the next four years.

Closing date for applications:

Contact: Martin Albrecht

More information: https://jobs.royalholloway.ac.uk/vacancy.aspx?ref=0120-023

We are looking for an excellent, motivated, and self-driven doctoral student wishing to work in the area of cryptography, secure protocols or information security. The PhD student will join the cryptography group at the Department of Engineering at Lund University (LTH - Lunds tekniska högskola). The position is linked to a project funded by the Swedish research council focusing on security and privacy issues in communication protocols and it is fully funded five years with possible extension for parental or sick leave.

Applicants are expected to hold a MSc degree or equivalent, have a solid background in mathematics and/or theoretical computer science. Knowledge of cryptographic primitives and formal security definitions is preferable, but not mandatory. All students wishing to do a PhD degree in secure cryptographic protocols are invited to apply for this position.

Closing date for applications:

Contact: For more details or to apply to the call use the link https://lu.varbi.com/en/what:job/jobID:311518/

The IACR Test-of-Time Award is given annually for each one of the three IACR General Conferences (Eurocrypt, Crypto, and Asiacrypt). An award will be given at a conference for a paper which has had a lasting impact on the field and was published 15 years prior.

We welcome nominations for the 2020 award (for papers published in 2005) until Feb 15, 2020. The proceedings of these conferences can be found here:

• Asiacrypt 2005
• Crypto 2005
• Eurocrypt 2005

To submit your nomination please use the following nomination form.

More information about the IACR Test-of-Time awards can be found in iacr.org/testoftime/

The 2020 Selection Committee:

• Tatsuaki Okamoto (chair)
• Ueli Maurer
• Anne Canteaut (Eurocrypt 2020 program co-chair)
• Daniele Micciancio (Crypto 2020 program co-chair)
• Shiho Morai (Asiacrypt 2020 program co-chair)

The absence of deployed vehicular communication systems, which prevents the advanced driving assistance systems (ADASs) and autopilots of semi/fully autonomous cars to validate their virtual perception regarding the physical environment surrounding the car with a third party, has been exploited in various attacks suggested by researchers. Since the application of these attacks comes with a cost (exposure of the attacker’s identity), the delicate exposure vs. application balance has held, and attacks of this kind have not yet been encountered in the wild. In this paper, we investigate a new perceptual challenge that causes the ADASs and autopilots of semi/fully autonomous to consider depthless objects (phantoms) as real. We show how attackers can exploit this perceptual challenge to apply phantom attacks and change the abovementioned balance, without the need to physically approach the attack scene, by projecting a phantom via a drone equipped with a portable projector or by presenting a phantom on a hacked digital billboard that faces the Internet and is located near roads. We show that the car industry has not considered this type of attack by demonstrating the attack on today’s most advanced ADAS and autopilot technologies: Mobileye 630 PRO and the Tesla Model X, HW 2.5; our experiments show that when presented with various phantoms, a car’s ADAS or autopilot considers the phantoms as real objects, causing these systems to trigger the brakes, steer into the lane of oncoming traffic, and issue notifications about fake road signs. In order to mitigate this attack, we present a model that analyzes a detected object’s context, surface, and reflected light, which is capable of detecting phantoms with 0.99 AUC. Finally, we explain why the deployment of vehicular communication systems might reduce attackers’ opportunities to apply phantom attacks but won’t eliminate them.

Threshold Signatures allow n parties to share the power of issuing digital signatures so that any coalition of size at least (t+1) can sign, whereas groups of t or less players cannot. Over the last few years many schemes addressed the question of realizing efficient threshold variants for the specific case of EC-DSA signatures. In this paper we present new solutions to the problem that aim at reducing the overall bandwidth consumption. Our main contribution is a new variant of the Gennaro and Goldfeder protocol from ACM CCS 2018 that avoids all the required range proofs, while retaining provable security against malicious adver- saries in the dishonest majority setting. Our experiments show that – for all levels of security – our signing protocol reduces the bandwidth consumption of best previously known secure protocols for factors varying between 4.4 and 9, while key generation is consistently two times less expensive. Furthermore compared to these same protocols, our signature generation is faster for 192-bits of security and beyond.

File-sharing systems like Dropbox offer insufficient privacy because a compromised server can see the file contents in the clear. Although encryption can hide such contents from the servers, metadata leakage remains significant. The goal of our work is to develop a file-sharing system that hides metadata---including user identities and file access patterns.

Metal is the first file-sharing system that hides such metadata from malicious users and that has a latency of only a few seconds. The core of Metal consists of a new two-server multi-user oblivious RAM (ORAM) scheme, which is secure against malicious users, a metadata-hiding access control protocol, and a capability sharing protocol. Compared with the state-of-the-art malicious-user file-sharing scheme PIR-MCORAM (Maffei et al.'17), which does not hide user identities, Metal hides the user identities and is 500x faster (in terms of amortized latency) or 10^5x faster (in terms of worst-case latency).