International Association
for Cryptologic Research

In this note, we observe that a proof of quantumness in the random oracle model recently proposed by Brakerski et al. can be seen as a proof of quantum access to a random oracle. Based on this observation, we give the first examples of natural cryptographic schemes that separate classical and quantum random oracle models. Specifically, we construct digital signature and public key encryption schemes that are secure in the classical random oracle model but insecure in the quantum random oracle model assuming the quantum hardness of learning with error problem.

The masking countermeasure is among the most powerful countermeasures to counteract side-channel attacks. Leakage models have been exhibited to theoretically reason on the security of such masked implementations. So far, the most widely used leakage model is the probing model defined by Ishai, Sahai, and Wagner at (CRYPTO 2003). While it is advantageously convenient for security proofs, it does not capture an adversary exploiting full leakage traces as, e.g., in horizontal attacks. Those attacks target the multiple manipulations of the same share to reduce noise and recover the corresponding value. To capture a wider class of attacks another model was introduced and is referred to as the random probing model. From a leakage parameter p, each wire of the circuit leaks its value with probability p. While this model much better reflects the physical reality of side channels, it requires more complex security proofs and does not yet come with practical constructions. In this paper, we define the first framework dedicated to the random probing model. We provide an automatic tool, called VRAPS, to quantify the random probing security of a circuit from its leakage probability. We also formalize a composition property for secure random probing gadgets and exhibit its relation to the strong non-interference (SNI) notion used in the context of probing security. We then revisit the expansion idea proposed by Ananth, Ishai, and Sahai (CRYPTO 2018) and introduce a compiler that builds a random probing secure circuit from small base gadgets achieving a random probing expandability property. We instantiate this compiler with small gadgets for which we verify the expected properties directly from our automatic tool. Our construction can tolerate a leakage probability up to 2^−8, against 2^−25 for the previous construction, with a better asymptotic complexity.

This paper initiates the study of the provable security of authenticated encryption (AE) in the memory-bounded setting. Recent works – Tessaro and Thiruvengadam (TCC '18), Jaeger and Tessaro (EUROCRYPT '19), and Dinur (EUROCRYPT '20) – focus on confidentiality, and look at schemes for which trade-offs between the attacker's memory and its data complexity are inherent. Here, we ask whether these results and techniques can be lifted to the full AE setting, which additionally asks for integrity.

We show both positive and negative results. On the positive side, we provide tight memory-sensitive bounds for the security of GCM and its generalization, CAU (Bellare and Tackmann, CRYPTO '16). Our bounds apply to a restricted case of AE security which abstracts the deployment within protocols like TLS, and rely on a new memory-tight reduction to corresponding restricted notions of confidentiality and integrity. In particular, our reduction uses an amount of memory which linearly depends on that of the given adversary, as opposed to only imposing a constant memory overhead as in earlier works (Auerbach et al., CRYPTO '17).

On the negative side, we show that a large class of black-box reductions cannot generically lift confidentiality and integrity security to a joint definition of AE security in a memory-tight way.

Cryptographic protocols often need to encompass time, e.g. for time outs. Modeling time formally is therefore crucial, as security of protocols can then be proven under more realistic assumptions. This is particularly important when considering composition, as protocols are rarely used in a stand-alone setting. This work extends the recent TARDIS model of abstract composable time (ACT) to the case of multiparty functionalities encompassing communication, publicly verifiable time-based primitives and secure computation. We model delayed multiparty communication through an ACT treatment of broadcast channels and public ledgers. Next, we introduce a publicly verifiable time-lock puzzle (TLP) functionality which we realize by showing that the TLP construction from TARDIS is publicly verifiable. Finally, we show that these new primitives can be used as building blocks for obtaining highly efficient composable randomness beacons and MPC with output independent abort and financial fairness.

A weak pseudorandom function (weak PRF) is one of the most important cryptographic primitives for its efficiency although it has lower security than a standard PRF.

Recently, Boneh et al. (TCC'18) introduced two types of new weak PRF candidates, called a basic Mod-2/Mod-3 and alternative Mod-2/Mod-3 weak PRF. They both use the mixture of linear computations defined on different small moduli to satisfy conceptual simplicity, low complexity (depth-2 ${\sf ACC^0}$) and MPC friendliness. In fact, the new candidates are conjectured to be exponentially secure against any adversary that allows exponentially many samples, and a basic Mod-2/Mod-3 weak PRF is the only candidate that satisfies all above features. However, none of direct attacks which focus on a basic and alternative Mod-2/Mod-3 weak PRFs uses their own structures.

In this paper, we investigate weak PRFs in three perspectives; attacks, fixes, and a new analysis to support the hardness conjecture of weak PRFs. We first propose direct attacks for an alternative Mod-2/Mod-3 weak PRF and a basic Mod-2/Mod-3 weak PRF when a circulant matrix is used as a secret key.

For an alternative Mod-2/Mod-3 weak PRF, we prove that the adversary's advantage is at least $2^{-0.105n}$, where $n$ is the size of input space of weak PRF. Similarly, we show that the advantage of our heuristic attack to the weak PRF with a circulant matrix key is larger than $2^{-0.21n}$, which is contrary to previous expectation that `a structured secret key' does not affect the security of a weak PRF. Thus, for optimistic parameter choice $n = 2\lambda$ for the security parameter $\lambda$, parameters should be increased to preserve $\lambda$-bit security when an adversary obtains exponentially many samples.

Next, we provide a simple method for repairing two weak PRFs affected by our attack while preserving the depth-2 ${\sf ACC^0}$ circuit complexity and parameters.

Moreover, we provide an observation and a new analysis to support the exponential hardness conjecture of a basic Mod-2/Mod-3 weak PRF when a secret key is uniformly sampled from $\{0,1\}^{m \times n}$.

In this paper, we extend the concept of bias amplifiers and show how they can be used to detect badly broken noise sources both in the design and production phases of a true random number generator. We also develop a theoretical framework that supports the experimental results obtained in this paper.

We introduce an interpolation attack using the \textsc{Moebius Transform}. This can reduce the time complexity to get a linear system of equations for specified intermediate state bits, which is general to cryptanalysis of some ciphers with update function of low algebraic degree. Along this line, we perform an interpolation attack against \textsc{Elephant-Delirium}, a round 2 submission of the ongoing NIST lightweight cryptography project. This is the first third-party cryptanalysis on this cipher. Moreover, we promote the interpolation attack by applying it to the \textbf{Farfalle} pseudo-random constructions \textsc{Kravatte} and \textsc{Xoofff}. Our attacks turn out to be the most efficient method for these ciphers thus far.

GlobalPlatform (GP) card specifications are defined for smart cards regarding rigorous security requirements. The increasingly more powerful cards within an open ecosystem of multiple players stipulate that asymmetric-key protocols become necessary. In this paper, we analyze SCP10, which is the Secure Channel Protocol (SCP) that relies on RSA for key exchange and authentication. Our findings are twofold. First, we demonstrate several flaws in the design of SCP10. We discuss the scope of the identified flaws by presenting several attack scenarios in which a malicious attacker can recover all the messages protected by SCP10. We provide a full implementation of these attacks. For instance, an attacker can get the freshly generated session keys in less than three hours. Second, we propose a secure implementation of SCP10 and discuss how it can mitigate the discovered flaws. Finally, we measure the overhead incurred by the implemented countermeasures.

Event date: 18 November to 20 November 2020
Submission deadline: 3 July 2020
Notification: 4 September 2020

The ISG is seeking to recruit a post-doctoral research assistant to work in the area of cryptography. The position is available now until 1 June 2022.

The PDRA will work alongside Prof. Martin Albrecht, Dr. Rachel Player and other cryptographic researchers at Royal Holloway on topics in lattice-based cryptography. This post is part of the EU H2020 PROMETHEUS project (https://www.h2020prometheus.eu) for building privacy preserving systems from advanced lattice primitives. Our research focus within this project is on cryptanalysis and implementations, but applicants with a strong background in other areas such as protocol/primitive design are also encouraged to apply.

See also this blog post (https://martinralbrecht.wordpress.com/2020/06/26/postdoc-at-royal-holloway-on-lattice-based-cryptography-3/) for more details.

Closing date for applications:

Contact: Martin Albrecht or Rachel Player

More information: https://jobs.royalholloway.ac.uk/Vacancy.aspx?ref=0620-149

Department Summary: University of North Texas (UNT) is rapidly building its Center for Agile and Adaptive Manufacturing (CAAAM), a State of Texas funded multi-million-dollar initiative with a multi-disciplinary focus on further advancing the science and technology of additive manufacturing (AM). CAAAM involves a multi-disciplinary team of researchers from materials science, mechanical engineering, manufacturing, data science, cybersecurity and logistics & supply chain, committed to collaborating on large research projects with an emphasis on additive manufacturing.

Position Summary: CAAAM is seeking a Research Assistant Professor to collaborate with a team of faculty on cybersecurity issues related to AM. This is a non-tenure track terminal position with a primary association with CAAAM and secondary association with an appropriate academic department. The selected candidate is expected to focus on cybersecurity in the context of advanced manufacturing systems in general and additive manufacturing systems more specifically. A successful candidate will work closely with faculty in the Computer Science and Engineering department as well as other faculty and researchers in CAAAM. The candidate is expected to conduct research on securing advanced manufacturing systems and develop fundamental and innovative approaches to the design and validation of secure, trustworthy and resilient cyber systems for industrial automation. The candidate is also expected to develop educational material for training workforce to operate advanced manufacturing systems as well as mentor graduate students and post-doctoral researchers working in CAAAM.

Minimum qualifications include an earned doctorate in Computer Engineering, Computer Science or a related discipline with a research focus on cybersecurity in general but more specifically, cybersecurity related to cyber-physical systems, security in edge devices, hardware/systems security, security of IoT’s and Industrial IoT’s, design and validation of secure and resilient cyber-physical systems. The research background should be evident from high quality publications.

Closing date for applications:

Contact: Krishna Kavi (Krishna.Kavi@unt.edu), Mary Chandler (Mary.Chandler@unt.edu)

More information: http://jobs.untsystem.edu/postings/34619

What you will do

Reporting to the Director, Fintech Research team in the IT Services department, you use your expertise and intellect to solve unique and difficult problems. Working in a talented and diverse team you touch all phases of a research and development project towards meeting challenging policy goals.

You will have the opportunity to use your specialized skills, develop these further and contribute to other areas of the project:
- Devise technical solutions to difficult and unique problems either independently, with team members or with external vendors and experts as required
-Identify gaps and Investigate emerging technologies as required for their application for CBDC
- Liaise closely with, and consider impacts on, other aspects of the system, outside the immediate area of responsibility, in formulating technical designs
- Recommend solutions to specific problem to solution architect and project leadership with a holistic view of impacts (e.g. effectiveness of solution, costs, risks, evolution over time)
- Explain and justify design choices, especially when multiple options are available
- Explain technologies and solutions to other technical audiences and occasionally business stakeholders in the Bank
- Assist in the design and development of proof-of-technologies / proof-of-concepts
- Contribute to development of a working CBDC system
- Contribute to the documentation and body of knowledge of technical designs
- Give intellectual leadership to other members of the team involved in the same domain area
- Manage day-to-day relationship with external parties such as vendors to ensure efficient work practices and management of risks
- Manage and balance the workloads of multiple simultaneous projects

What you can expect from us

Salaries are based on qualifications and experience and typically range from $94,100 and $117,600 (job grade 18). The intent is to staff at job grade job grade 18. Based on business needs and the successful candidate’s experience, knowledge and competencies, the position may be staffed at JG 17 ($83,900 and $104,

Closing date for applications:

Contact: Apply Online using above link

More information: https://careers.bankofcanada.ca/job/Ottawa-%28Downtown%29-Research-and-Development-Technologist%2C-CBDC/540381817/

OneSpan is seeking applications for highly motivated and self-driven research scientists to complement its Innovation Centre team currently working on cutting-edge research in security, privacy, machine learning and digital identity. The Innovation Centre was established to research and prototype the next generation of digital technologies to improve online security. We seek to make technological advances in areas ranging from OneSpan’s core business of strong authentication, to areas of growing importance such as cybersecurity incidents detection, digital identity and privacy. Our work aims to generate new scientific knowledge, prototypes, and intellectual property that can be transferred into products. We also aspire to be a leading academic-industry partner of choice on emerging technologies related to online security. Job Duties and Responsibilities The objective of the research scientist is to conduct applied research linked to OneSpan’s product range with the aim of enhancing OneSpan’s offering in the short and mid-term. Your key tasks are: Propose research agenda. Perform first-class research. Create research software prototypes that could lead to new products. Show leadership in your field of expertise. Work collaboratively in a team that spans international borders and departments. Requirements Must haves A PhD degree or equivalent experience in information engineering, computer science. Candidates expected to finish their PhD before autumn 2020 will also be considered. Strong proven interest and knowledge of one or more of these research areas: security, machine learning, digital identity, and privacy A willingness to learn and the ability to quickly understand unfamiliar areas of technology. Desirable skills Interest in computer security and machine learning. Some experience in software development. Experience in working in multi-disciplinary teams Authoring reports for and presenting to non-technical audiences. Demonstrated ability to innovate through publications, patents or equivalent

Closing date for applications:

Contact: Julie Tinel

More information: https://grnh.se/48c98f131us

OneSpan is seeking applications for highly motivated and self-driven research scientists to complement its Innovation Centre team currently working on cutting-edge research in security, privacy, machine learning and digital identity. The Innovation Centre was established to research and prototype the next generation of digital technologies to improve online security. We seek to make technological advances in areas ranging from OneSpan’s core business of strong authentication, to areas of growing importance such as cybersecurity incidents detection, digital identity and privacy. Our work aims to generate new scientific knowledge, prototypes, and intellectual property that can be transferred into products. We also aspire to be a leading academic-industry partner of choice on emerging technologies related to online security. Job Duties and Responsibilities The objective of the research scientist is to conduct applied research linked to OneSpan’s product range with the aim of enhancing OneSpan’s offering in the short and mid-term. Your key tasks are: Propose research agenda. Perform first-class research. Create research software prototypes that could lead to new products. Show leadership in your field of expertise. Work collaboratively in a team that spans international borders and departments. Requirements Must haves A PhD degree or equivalent experience in information engineering, computer science. Candidates expected to finish their PhD before autumn 2020 will also be considered. Strong proven interest and knowledge of one or more of these research areas: security, machine learning, digital identity, and privacy A willingness to learn and the ability to quickly understand unfamiliar areas of technology. Desirable skills Interest in computer security and machine learning. Some experience in software development. Experience in working in multi-disciplinary teams Authoring reports for and presenting to non-technical audiences. Demonstrated ability to innovate through publications, patents or equivalent

Closing date for applications:

Contact: Julie Tinel

More information: https://grnh.se/a47755df1us

Event date: 21 June to 24 June 2020
Submission deadline: 4 September 2020
Notification: 9 November 2020

Event date: 7 July to 9 July 2020

We introduce and construct a variant of a time-lock puzzle which is non-malleable. A non-malleable time-lock puzzle guarantees, roughly, that it is impossible to "maul" a puzzle into one for a related message without solving it. The security of this construction relies on the existence of any (plain) time-lock puzzle and it is proven secure in the auxiliary-input random oracle model. We show that our construction satisfies bounded concurrency and prove that it is impossible to obtain full concurrency. We additionally introduce a more general non-malleability notion, termed functional non-malleability, which protects against tampering attacks that affect a specific function of the related messages. We show that in many (useful) cases, our construction satisfies fully concurrent functional non-malleability.

We use our (functional) non-malleable time-lock puzzles to give efficient multi-party protocols for desirable tasks such as coin flipping and auctions. Our protocols are (1) fair, meaning that no malicious party can influence the output, (2) optimistically efficient, meaning that if all parties are honest, then the protocol terminates immediately, and (3) publicly verifiable, meaning that from the transcript of the protocol anyone can quickly infer the outcome, without the need to perform a long computation phase. Our protocols support an unbounded number of participants and require no adversary-independent trusted setup. Our protocol is the first protocol that satisfies all of the above properties under any assumption. Security is proven assuming the repeated squaring assumption and in the auxiliary-input random oracle model. Along the way, we introduce a publicly verifiable notion of time-lock puzzles which is of independent interest. This notion allows the solver of the puzzle to compute the solution together with a proof which can be quickly verified by anyone.

Lightweight authenticated key exchange (AKE) protocols based on symmetric-key cryptography is important in securing the Internet of Things (IoT). However, achieving perfect forward secrecy (PFS) is not trivial for AKE based on symmetric-key cryptography, as opposed to AKE based on public-key cryptography. The most recent proposals that provide PFS are SAKE and SAKE-AM. In this paper, we first take a closer look at these protocols and observe that they are vulnerable to a number of attacks, such as, replay attack, denial of service (DoS) attack, tracking attack, etc. We then propose countermeasures to both protocols to restore security. Additionally, our proposed scheme SAKE+ enables concurrent execution of the protocol, whereas the original SAKE scheme supports the sequential execution of the protocol. The concurrency provided by our scheme makes it more suitable for IoT applications where a server receives and sends information from a large number of IoT end devices. Finally, we prove the security and soundness of our schemes, and verify using ProVerif tool.

We propose a Dynamic Universal Accumulator in the Accumulator Manager setting for bilinear groups which extends Nguyen's positive accumulator and Au et al. and Damgård and Triandopoulos non-membership proof mechanism. The new features include support for batch addition and deletion operations as well as a privacy-friendly decentralized batch witness update protocol, where the witness update information is the same for all users. Together with a non-interactive zero-knowledge protocol, these make the proposed scheme suitable as an efficient and scalable Anonymous Credential System, accessible even by low-resource users. We show security of the proposed protocol under the t-SDH assumption through a proper initialization of the accumulator and we demonstrate its practical relevance by providing and discussing an implementation realized using state-of-the-art libraries.

Non-malleable codes allow one to encode data in such a way that, after tampering, the modified codeword is guaranteed to decode to either the original message, or a completely unrelated one. Since the introduction of the notion by Dziembowski, Pietrzak, and Wichs (ICS '10 and J. ACM '18), a large body of work has focused on realizing such coding schemes secure against various classes of tampering functions. It is well known that there is no efficient non-malleable code secure against all polynomial size tampering functions. Nevertheless, non-malleable codes in the plain model (i.e., no trusted setup) secure against $\textit{bounded}$ polynomial size tampering are not known and obtaining such a code has been a major open problem.

We present the first construction of a non-malleable code secure against $\textit{all}$ polynomial size tampering functions that have $\textit{bounded polynomial depth}$. This is an even larger class than all bounded polynomial $\textit{size}$ functions and, in particular, we capture all functions in non-uniform $\mathbf{NC}$ (and much more). Our construction is in the plain model (i.e., no trusted setup) and relies on several cryptographic assumptions such as keyless hash functions, time-lock puzzles, as well as other standard assumptions. Additionally, our construction has several appealing properties: the complexity of encoding is independent of the class of tampering functions and we obtain sub-exponentially small error.