International Association
for Cryptologic Research

Groups of hidden order have gained a surging interest in recent years due to applications to cryptographic commitments, verifiable delay functions and zero knowledge proofs. Recently, Dobson and Galbraith ([DG20]) proposed Jacobians of genus three hyperelliptic curves as a suitable candidate for such a group. While this looks like a promising idea, certain Jacobians are less secure than others and hence, the curve has to be chosen with caution. In this short note, we explore the types of Jacobians that would be suitable for this purpose.

The efficiency of zero-knowledge protocols is measured by the round complexity. The construction of low round zero-knowledge protocols for any NP language has been a classical and open question.

In this paper, we focus on zero-knowledge protocols for NP with low round complexity under the augmented black-box simulation technique, in which the simulator has access to the verifier's secret information, and obtain positive results on 3-round zero-knowledge proofs and 2-round zero-knowledge arguments and proofs. More precisely, our contributions are five-fold: (i) we propose the notion of generalized claw-free function and the notion of trapdoor generalized claw-free function, and then we show a construction of trapdoor generalized claw-free function under the discrete logarithm assumption and the knowledge of exponent assumption, (ii) we propose the notion of completely extractable bit-commitment and give a construction of it from trapdoor generalized claw-free functions, (iii) we present a 3-round zero-knowledge proof for NP based on the completely extractable bit-commitment schemes and Yao's garbling circuit technique, (iv) we show a 2-round zero-knowledge argument for NP based on indistinguishable obfuscator, (v) we transform the basic 2-round honest verifier zero-knowledge proof protocol for quadratic non-residue into a 2-round zero-knowledge proof protocol.

Since Keccak was selected as the SHA-3 standard, both its hash mode and keyed mode have attracted lots of third-party cryptanalysis. Especially in recent years, there is progress in analyzing the collision resistance and preimage resistance of round-reduced Keccak. However, for the preimage attacks on round-reduced Keccak-384/512, we found that the linear relations leaked by the hash value are not well exploited when utilizing the current linear structures. To make full use of the $320+64\times2=448$ and 320 linear relations leaked by the hash value of Keccak-512 and Keccak-384, respectively, we propose a dedicated algebraic attack by expressing the output as a quadratic Boolean equation system in terms of the input. Such a quadratic Boolean equation system can be efficiently solved with linearization techniques. Consequently, we successfully improved the preimage attacks on 2/3/4 rounds of Keccak-384 and 2/3 rounds of Keccak-512. Since similar $\theta$ and $\chi$ operations exist in the round function of Xoodoo, which has been selected by NIST for the second round in the Lightweight Cryptography Standardization process, we make a study of the permutation and construct a practical zero-sum distinguisher for full Xoodoo.

In early nineties Carlet [1] introduced two new classes of bent functions, both derived from the Maiorana-McFarland ($\mathcal{M}$) class, and named them $\cC$ and $ \cD$ class, respectively. Apart from a subclass of $\cD$, denoted by $\cD_0$ by Carlet, which is provably outside two main (completed) primary classes of bent functions, little is known about their efficient constructions. More importantly, both classes may easily remain in the underlying $\mathcal{M}$ class which has already been remarked in [21]. Assuming the possibility of specifying a bent function $f$ that belongs to one of these two classes (apart from $\cD_0$), the most important issue is then to determine whether $f$ is still contained in the known primary classes or lies outside their completed versions. In this article, we further elaborate on the analysis of the set of sufficient conditions given in \cite{OutsideMM} concerning the specification of bent functions in $\cC$ and $ \cD$ which are provably outside $\cM$. It is shown that these conditions, related to bent functions in class $\cD$, can be relaxed so that even those permutations whose component functions admit linear structures still can be used in the design. It is also shown that monomial permutations of the form $x^{2^r+1}$ have inverses which are never quadratic for $n >4$, which gives rise to an infinite class of bent functions in $\cC$ but outside $\cM$. Similarly, using a relaxed set of sufficient conditions for bent functions in $\cD$ and outside $\cM$, one explicit infinite class of such bent functions is identified. We also extend the inclusion property of certain subclasses of bent functions in $ \cC$ and $ \cD$, as addressed initially in [1,21], that are ultimately within the completed $\mathcal{M}$ class. Most notably, we specify {\em another generic and explicit subclass} of $\cD$, which we call $\cD_2^\star$, whose members are bent functions provably outside the completed $\mathcal{M}$ class.

A decade long thrive of cryptocurrency has shown its potential as a source of alternative-finance and the security and the robustness of the underpinning blockchain technology.

However, most cryptocurrencies fail to show inimitability and their meanings in the real world. As a result, they usually start off as favourites but quickly become the outcasts of the digital asset market.

The blockchain society attempts to anchor the value of cryptocurrency with real values by employing smart contracts and link it with computation resources and the digital-productivity that have value and demands in the real world. But their attempts have some undesirable effects due to a limited number of practical applications. This limitation is caused by the dilemma between high performance and decentralisation (universal joinability). The emerging of blockchain sharding models, however, has offered a possible solution to address this dilemma.

In this paper, we explore a financial model for blockchain sharding that will build an active link between the value of cryptocurrency and computation resources as well as the market and labour behaviours. Our model can adjust the price of resources and the compensation for maintaining a system based on those behaviours. We anchor the value of cryptocurrency by the amount of computation resources participated in and give the cryptocurrency a meaning as the exchange between computation resources globally. Finally, we present a working example which, through financial regularities, regulates the behaviour of anonymous participants, also incents/discourages participation dynamically.

We propose BSC, a Bitcoin Smart Contract implementation. It integrates the functionality of smart contracts into the Bitcoin system, giving developers the ability to build decentralized applications on Bitcoin. BSC will require a new hard fork, on which Bitcoin holders can use their existing funds directly. BSC combines the unlimited creative space of smart contracts and the vast network effect of Bitcoin, which will bring even more possibilities to the cryptocurrency world.

In the context of the Cluster of Excellence CASA (Cyber-Security in the Age of Large-Scale Adversaries), the Department of Electrical Engineering and Information Sciences at Ruhr-Universität Bochum invites applications for the position of a Full Professor (W3) for Data-Driven Security to start as soon as possible. The candidate is expected to establish an excellent research program, to conduct and publish innovative research, be an effective lecturer and mentor of both undergraduate and graduate students, and participate in institutional and professional processes. We are looking for scientists with an internationally visible research profile in Quantum Information, in at least one of the following subfields:

Computer security and machine learning

Security in distributed systems

Secure and dependable software systems

Privacy Enhancing Technologies

The successful applicant is expected to cooperate with the Horst Görtz IT Security Research Department (HGI) and especially with the recently granted Cluster of Excellence CASA. The recently founded Max Planck Institute for Cybersecurity and Privacy offers additional possibilities for collaboration.

International visibility through publications and projects and above-average third-party funding are expected, as well as the willingness and ability to lead and participate in large collaborative projects. Positive evaluation as a junior professor or equivalent academic achievement (e.g. Habilitation) or significant post-doctoral research contributions and teaching experience is as much required as the willingness to participate in the self-governing bodies of the RUB. Furthermore, a strong commitment to academic teaching, the readiness to participate in interdisciplinary research and the proven experience in successful acquisition of third-party funds are expected. Ruhr-Universität Bochum is an equal opportunity employer and offers a dual career program (see https://www.dcnruhr.de/en for details).

Closing date for applications:

Contact: Applications including a CV, copies of academic certificates, list of publications, list of self-raised third-party funds, teaching record, and a statement of research interests should be sent by email to Prof. Dr.-Ing. Thomas Musch
Bewerbung-dds@ei.rub.de

More information: https://casa.rub.de/ and https://www.ei.rub.de/

Ruhr-Universität Bochum (RUB) is one of Germany’s leading research universities.
In the context of the Cluster of Excellence CASA (Cyber-Security in the Age of Large-ScaleAdversaries), the Department of Electrical Engineering and Information Sciences at Ruhr-Universität Bochum invites applications for the position of an Assistant Professor (W1) for Software Security with Tenure Track to start as soon as possible.
The candidate is expected to establish an excellent research program, to conduct and publish innovative research, be an effective lecturer and mentor of both undergraduate and graduate students, and have an interest to participate in institutional and professional processes. We are looking for scientists with an internationally visible research profile in computer security, in at least one of the following subfields:

Software-based side channel and micro-architectural attacks

Software aspects of network and Internet security

Security and Privacy

Security in new application domains

The successful applicant is expected to cooperate with the Horst Görtz IT Security Research Department (HGI) and especially with the recently granted Cluster of Excellence CASA. The recently founded Max Planck Institute for Cybersecurity and Privacy offers additional possibilities for collaboration.

We expect:

Excellent scientific qualifications, usually proven by a Ph.D. thesis of outstanding quality and first-class international publications

strong commitment to academic teaching at graduate and undergraduate level

willingness to participate in interdisciplinary research

willingness and ability to attract external funding

readiness to contribute to joint research projects

The position includes a tenure track option, after a positive evaluation the position will be turned into a tenured professorship (W2). Complete applications including CV, copies of academic certificates, list of publications, list of self-raised third-party funds, teaching record, and a statement of research interests should be sent by email to the

Closing date for applications:

Contact: Dean of the Faculty of Electrical Engineering and Information Technology Prof. Dr.-Ing. Thomas Musch
Bewerbung-sosi@ei.rub.de

More information: https://www.stellenwerk-bochum.de/jobboerse/professuren-w1-assistant-professor-software-security-tenure-track-bo-2020-03

Due to expanding our research domain in electronic voting, we are looking to recruit a new researcher in this field. Possible more specific topics include • security and cryptography in the post-quantum era, • mobile platform security, • human and social aspects of voting security, • cryptographic protocols, • verifiability aspects of electronic voting, • security of electronic identity solutions. Successful applicant has a • PhD degree in computer science, mathematics, software engineering or in a closely related field, or an equivalent qualification, • proven track record showing academic and/or industrial performance in the field of security or cryptography. We offer • opportunity to make a research contribution to the World’s leading digital society with 44% of its members using electronic voting, • opportunity to integrate new research activities into Cybernetica's R&D portfolio, as well as to contribute to existing themes; • to work with, learn from, and teach highly qualified professionals, both in research and development; • to be part of, and improve e-society in Estonia and internationally; • being part of a growing team either in our Tallinn or Tartu office; • flexible working hours. To apply for the Researcher position in Cybernetica, please send your resume to job@cyber.ee The information security research activities in Cybernetica are summarized at https://cyber.ee/en/research/.

Closing date for applications:

Contact: Jan Willemson, PhD - jan.willemson@cyber.ee

More information: https://cyber.ee/careers/vacancies/#researcher-in-remote-electronic-voting

Two fully funded PhD scholarships for EU/UK applicants are available in the Security and Trust of Advanced Systems Group (Prof. Achim Brucker and Dr. Diego Marmsoler) at the Department of Computer Science of the University of Exeter, UK.

We are looking for enthusiastic and outstanding Computer Science or Mathematics students with a strong background in some of the following topics:

• safety or security of (software) systems,
• formal modelling or formal reasoning/verification,
• program analysis or program verification,
• language-based security
• semantics of programming languages,
• theorem proving, model checking,
• cryptographic protocols,
• distributed systems (e.g., blockchain),
• specification-based testing, and
• design and implementation of security architectures.

This award provides annual funding to cover UK/EU tuition fees and a tax-free stipend. For students who pay UK/EU tuition fees the award will cover the tuition fees in full, plus at least £15,009 per year tax-free stipend. The studentship will be awarded on the basis of merit for 3.5 years of full-time study.

For more details, please consult the official advertisement. The closing date for applications is midnight on 1 May 2020.

Closing date for applications:

Contact: Achim Brucker (http://emps.exeter.ac.uk/computer-science/staff/ab1185)

More information: http://www.exeter.ac.uk/studying/funding/award/?id=3887

As part of the expansion of the Department of Computer Science at the University of Exeter [1], we are recruiting for a Lecturer in Cybersecurity. The lecturer will be part of the newly formed Security and Trust of Advanced Systems Group [2].

We are looking for a candidate with an outstanding research record in any area related to cyber security (information security) such as (but not limited to):

• access control
• usable security
• software/application security
• formal methods for security
• language-based security/privacy
• secure programming
• information flow
• security protocols
• network security
• security of distributes systems
• human aspects of security
• hardware security
• security economics
• security-by-design
• applied cryptography
• privacy-enhancing technologies
• threat hunting, security analytics
• threat modelling
• forensics, reverse engineering
• trustworthy AI/ML
• security/penetration testing

You will have a PhD or equivalent in Cybersecurity, Computer Science, Mathematics, Engineering or a related area. Please refer to the job description for full details.

We understand security and safety entangled concepts: in most modern systems one cannot be achieved without the other. Hence, we encourage also candidates working in related domains such as safety, dependability, resilience, or reliability to apply.

Please apply by 8th of April 2020! See the full announcement and application details at

https://jobs.exeter.ac.uk/hrpr_webrecruitment/wrd/run/ETREC107GF.open?VACANCY_ID=803965SHQd&WVID=3817591jNg&LANG=USA

We are happy to do online/remote interviews. Feel free to contact me for informal inquiries about the post.

Closing date for applications:

Contact: Achim Brucker (http://emps.exeter.ac.uk/computer-science/staff/ab1185)

More information: https://jobs.exeter.ac.uk/hrpr_webrecruitment/wrd/run/ETREC107GF.open?VACANCY_ID=803965SHQd&WVID=3817591jNg&LANG=USA

Event date: 6 October to 9 October 2020
Submission deadline: 15 May 2020
Notification: 24 June 2020

Event date: 22 September to 25 September 2020
Submission deadline: 5 June 2020
Notification: 22 July 2020

Event date: 21 May 2020

In 2017, the first CHES Capture the Flag Challenge was organized in an effort to promote good design candidates for white-box cryptography. In particular, the challenge assessed the security of the designs with regard to key extraction attacks. A total of 94 candidate programs were submitted, and all of them were broken eventually. Even though most candidates were broken within a few hours, some candidates remained robust against key extraction attacks for several days, and even weeks. In this paper, we perform a qualitative analysis on all candidates submitted to the CHES 2017 Capture the Flag Challenge. We test the robustness of each challenge against different types of attacks, such as automated attacks, extensions thereof and reverse engineering attacks. We are able to classify each challenge depending on their robustness against these attacks, highlighting how challenges vulnerable to automated attacks can be broken in a very short amount of time, while more robust challenges demand for big reverse engineering efforts and therefore for more time from the adversaries. Besides classifying the robustness of each challenge, we also give data regarding their size and efficiency and explain how some of the more robust challenges could actually provide acceptable levels of security for some real-life applications.

Let $\mathcal{E}/\mathbb{F}_q$ be an elliptic curve, and $P$ a point in $\mathcal{E}(\mathbb{F}_q)$ of prime order $\ell$. Vélu's formulae let us compute a quotient curve $\mathcal{E}' = \mathcal{E}/\langle{P}\rangle$ and rational maps defining a quotient isogeny $\phi: \mathcal{E} \to \mathcal{E}'$ in $\widetilde{O}(\ell)$ $\mathbb{F}_q$-operations, where the $\widetilde{O}$ is uniform in $q$. This article shows how to compute $\mathcal{E}'$, and $\phi(Q)$ for $Q$ in $\mathcal{E}(\mathbb{F}_q)$, using only $\widetilde{O}(\sqrt{\ell})$ $\mathbb{F}_q$-operations, where the $\widetilde{O}$ is again uniform in $q$. As an application, this article speeds up some computations used in the isogeny-based cryptosystems CSIDH and CSURF.

Head mounted displays bring eye tracking into daily use and this raises privacy concerns for users. Privacy-preservation techniques such as differential privacy mechanisms are recently applied to the eye tracking data obtained from such displays; however, standard differential privacy mechanisms are vulnerable to temporal correlations in the eye movement features. In this work, a transform coding based differential privacy mechanism is proposed for the first time in the eye tracking literature to further adapt it to statistics of eye movement feature data by comparing various low-complexity methods. Fourier Perturbation Algorithm, which is a differential privacy mechanism, is extended and a scaling mistake in its proof is corrected. Significant reductions in correlations in addition to query sensitivities are illustrated, which provide the best utility-privacy trade-off in the literature for the eye tracking dataset used. The differentially private eye movement data are evaluated also for classification accuracies for gender and document-type predictions to show that higher privacy is obtained without a reduction in the classification accuracies by using proposed methods.

The Hill cipher is a classical poly-alphabetical cipher based on matrices. Although known plaintext attacks for the Hill cipher have been known for almost a century, feasible ciphertext only attacks have been developed only about ten years ago and for small matrix dimensions. In this paper we extend the ciphertext only attacks for the Hill cipher in two ways. First, we present two attacks for the affine version of the Hill cipher. Secondly, we show that the presented attacks can be extended to several modes of operations. We also provide the reader with several experimental results and show how the message's language can influence the presented attacks.

The Security & Crypto Group in the EECS Department at UC Berkeley welcomes inquiries for postdoctoral fellowships in the area of secure multi-party computation. Please send a CV to raluca.popa@berkeley.edu, and list at least three letter writers in the CV.

Closing date for applications:

Contact: raluca.popa@berkeley.edu

This work introduces novel techniques to improve the translation between arithmetic and binary data types in multi-party computation. To this end, we introduce a new approach to performing these conversions, using what we call extended doubly-authenticated bits (edaBits), which correspond to shared integers in the arithmetic domain whose bit decomposition is shared in the binary domain. These can be used to considerably increase the efficiency of non-linear operations such as truncation, secure comparison and bit-decomposition.

Our edaBits are similar to the daBits technique introduced by Rotaru et al. (Indocrypt 2019). However, our main observations are that (1) applications that benefit from daBits can also benefit from edaBits in the same way, and (2) we can generate edaBits directly in a much more efficient way than computing them from a set of daBits. Technically, the second contribution is much more challenging, and involves a novel cut and choose technique that may be of independent interest, and requires taking advantage of natural tamper-resilient properties of binary circuits that occur in our construction to obtain the best level of efficiency. Finally, we show how our edaBits can be applied to efficiently implement various non-linear protocols of interest, and we thoroughly analyze their correctness for both signed and unsigned integers.

The results of this work can be applied to any corruption threshold, although they seem best suited to dishonest majority protocols such as SPDZ. We implement and benchmark our constructions, and experimentally verify that our technique yield a substantial increase in efficiency. Our edaBits save in communication by a factor that lies between 2 and 170 for secure comparisons with respect to a purely arithmetic approach, and between 2 and 60 with respect to using daBits. Improvements in throughput per second are more subdued but still as high as a factor of 47. We also apply our novel machinery to the tasks of biometric matching and convolutional neural networks, obtaining a noticeable improvement as well.