International Association
for Cryptologic Research

Distributed ledgers, such as those arising from blockchain protocols, have been touted as the centerpiece of an upcoming security-critical information technology infrastructure. Their basic properties---consistency and liveness---can be guaranteed under specific constraints about the resources of an adversary relative to the resources of the nodes that follow the protocol. Given the intended long-livedness of these protocols, perhaps the most fundamental open security question currently is their behavior and potential resilience to temporary spikes in adversarial resources.

In this work we give the first thorough treatment of self-healing properties of distributed ledgers covering both proof-of-work (PoW) and proof-of-stake (PoS) protocols. Our results quantify the vulnerability period that corresponds to an adversarial spike and classify three types of currently deployed protocols with respect to their self-healing ability: PoW-based blockchains, PoS-based blockchains, and iterated Byzantine Fault Tolerant (iBFT) protocols.

We prove that the module learning with errors (M-LWE) problem with arbitrary polynomial-sized modulus p is classically at least as hard as standard worst-case lattice problems, as long as the module rank d is not smaller than the number field degree n. Previous publications only showed the hardness under quantum reductions. We achieve this result in an analogous manner as in the case of the learning with errors (LWE) problem. First, we show the classical hardness of M-LWE with an exponential-sized modulus. In a second step, we prove the hardness of M-LWE using a binary secret. And finally, we provide a modulus reduction technique. The complete result applies to the class of power-of-two cyclotomic fields. However, several tools hold for more general classes of number fields and may be of independent interest.

We analyze the multi-user security of the streaming encryption in Google's Tink library via an extended version of the framework of nonce-based online authenticated encryption of Hoang et al. (CRYPTO'15) to support random-access decryption. We show that Tink's design choice of using random nonces and a nonce-based key-derivation function indeed improves the concrete security bound. We then give two better alternatives that are more robust against randomness failure. In addition, we show how to efficiently instantiate the key-derivation function via AES, instead of relying on HMAC-SHA256 like the current design in Tink. To accomplish this we give a multi-user analysis of the XOR-of-permutation construction of Bellare, Krovetz, and Rogaway (EUROCRYPT'98).

Event date: 1 March to 5 March 2021
Submission deadline: 17 September 2020
Notification: 3 December 2020

The Institute of Science and Technology Austria invites applications for several open positions in all areas of computer science including cryptography, systems security and privacy.

IST Austria offers:

• A highly international and interdisciplinary research environment with English as working language on campus
• State-of the art facilities and scientific support services (www.ist.ac.at/scientific-service-units/)
• Competitive start-up package and salary
• Guaranteed annual base funding including funding for PhD students and postdocs
• Wide portfolio of career support
• Child-care facilities and support on campus

IST Austria is an international institute dedicated to basic research and graduate education in the natural, mathematical, and computational sciences. The Institute fosters an interactive, collegial, and supportive atmosphere, sharing space and resources between research groups whenever possible, and facilitating cross-disciplinary collaborations. Our PhD program involves a multi-disciplinary course schedule and rotations in research groups and hire scholars from diverse international backgrounds. The campus of IST Austria is located close to Vienna, one of the most livable cities in the world.

Assistant professors receive independent group leader positions with an initial contract of six years, at the end of which they are reviewed by international peers. If the evaluation is positive, an assistant professor is promoted to a tenured professor.
Candidates for tenured positions are distinguished scientists in their respective research fields and have at least six years of experience in leading a research group.

Please apply online at: www.ist.ac.at/jobs/faculty

The closing date for applications is October 30, 2020.

IST Austria values diversity and is committed to equal opportunity. We strive for increasing the number of women, particularly in fields where they are underrepresented, and therefore we strongly encourage female researchers to apply.

Closing date for applications:

Contact: krzysztof.pietrzak@ist.ac.at

More information: https://ist.ac.at/en/jobs/faculty/

We are looking for an Expert in Cryptography and/or Privacy-Preserving Computations with the right skillset to complement our team with practical deep tech and coding expertise.
Join us putting cutting-edge privacy-preserving technologies and federated computations into production.

As a domain Expert in Cryptography, you will help us build never-seen-before deep tech products for our high-profile customers. You contribute to the Apheris products, including protocol and architecture and author detailed technical concepts around cryptography. You identify and resolve performance bottlenecks and perform and participate in code reviews. Together with our CTO and other senior engineers you will help us hit product milestones by writing high quality, well tested code.

Closing date for applications:

Contact: Robin Röhm, career@apheris.com

More information: https://apheris-jobs.personio.de/job/242412

The Max Planck Institute (MPI) for Security and Privacy (https://www.mpi-sp.org/) is looking to hire Postdocs in cryptography and computer security. The topic of the position depends on common interests, including (but not limited to):

Public-key, lattice-based, and advanced cryptographic primitives.

Cryptocurrencies, blockchains, and concurrent systems.

Post-quantum cryptography and quantum computing.

In order to be considered for the position, the candidate must:

Have completed (or be close to completing) a PhD in computer science, mathematics, or related fields.

Show a record of excellent publications in leading venues for security (S&P, CCS, Usenix Sec, NDSS) cryptography (CRYPTO, EUROCRYPT, ASIACRYPT) or general theory of computer science (STOC, FOCS, ICALP).

The MPI for Security and Privacy is co-located with the Ruhr University of Bochum (Germany) and offers a vibrant atmosphere for research that spans across all aspects of computer security. The knowledge of German is not required for a successful career at MPI. To apply for the position, send an email to Giulio Malavolta (address below) including the following documents:

A curriculum vitae (including list of publications).

The names of 2/3 referees for recommendation letters.

If you have any questions, don’t hesitate to get in touch.

Closing date for applications:

Contact: Giulio Malavolta (giulio.malavolta@hotmail.it)

The University of St. Gallen in Switzerland and the chair of Cyber Security invites applications from PhD holders in the area of cryptography and information security. The researcher will join a group of researchers focusing in applied and theoretical cryptography, network and information security and privacy-preservation led by Prof. Katerina Mitrokotsa. We are affiliated to the Department of Computer Science (DCS) and the Institute of Computer Science. More precisely, the student shall be working on investigating efficient authentication and verifiable delegation of computation mechanisms that provide: i) provable security guarantees, and ii) rigorous privacy guarantees. The overall aim of the PhD position will be to design and evaluate provably secure cryptographic protocols for privacy-preserving authentication and verifiable delegation of computation protocols. The research shall also consider the case where multiple clients outsource jointly computations to untrusted cloud servers.
Research area: Research areas include but are not limited to:

• Verifiable computation
• Secure Multi Party Computation
• Privacy-preserving authentication
• Cryptographic primitives

Your Profile

• A MsC degree in Computer Science, Applied Mathematics or a relevant field;
• Strong mathematical and algorithmic CS background;
• Good skills in programming is beneficial;
• Excellent written and verbal communication skills in English

Deadline for applications: 31 August
Starting date: Fall 2020 or by mutual agreement
Contact: Prof. Katerina Mitrokotsa

Closing date for applications:

Contact: Katerina Mitrokotsa

More information: http://direktlink.prospective.ch/?view=2d5b5bd0-e017-4917-90bb-14f3b6efe9c4

Event date: 2 March to 5 March 2021
Submission deadline: 30 November 2020
Notification: 30 December 2020

We obfuscate the big subset and small superset functionalities in a very simple way. We prove both VBB and input-hiding in the standard model based on the subset product problems. Our security proofs are simple.

Let n in N be the bit length, t in N be the threshold indicating big/small, x in {0,1}^n be the characteristic vector of a set, with its hamming weight |x| denoting the size of the set. Our obfuscation for x requires that ||x|-t| < n/2. Note that a random x has hamming weight approximately n/2, hence this condition is for free most of the time.

Our obfuscation requires hamming distance evasiveness, which is stronger than big subset and small superset evasiveness. Though, this requirement already implies a fairly large family of functions to obfuscate.

We also give a proof of input-hiding for the conjunction obfuscation by Bartusek et al. [5] (see Appendix A) and propose a new conjunction obfuscation based on the big subset and small superset obfuscation (see Appendix B). The security of our conjunction obfuscation is from our new assumption called the twin subset product problem.

This paper contains an analysis of decentralized exchange governance as an effective framework for voting, profit sharing baking and partially updating the system with a possibility to create new pairs for decentralized exchange with automatic market-making. It will also review 2 alternative baker election and rotation mechanisms such as “Simple first-place voting protocol” and “First-place with veto protocol” and will provide a more in-depth look on these mechanisms. It will examine a proposed architectural software solution for monitoring the decentralized network to mediate deviant baker behavior - the watchtower.

The protection of intellectual property (IP) rights of well-trained deep learning (DL) models has become a matter of major concern, especially with the growing trend of deployment of Machine Learning as a Service (MLaaS). In this work, we demonstrate the utilization of a hardware root-of-trust to safeguard the IPs of such DL models which potential attackers have access to. We propose an obfuscation framework called Hardware Protected Neural Network (HPNN) in which a deep neural network is trained as a function of a secret key and then, the obfuscated DL model is hosted on a public model sharing platform. This framework ensures that only an authorized end-user who possesses a trustworthy hardware device (with the secret key embedded on-chip) is able to run intended DL applications using the published model. Extensive experimental evaluations show that any unauthorized usage of such obfuscated DL models result in significant accuracy drops ranging from 73.22 to 80.17% across different neural network architectures and benchmark datasets. In addition, we also demonstrate the robustness of proposed HPNN framework against a model fine-tuning type of attack.

Multivariate cryptography studies applications of endomorphisms of K[x_1, x_2, …, x_n] where K is a finite commutative ring. The importance of this direction for the construction of multivariate digital signature systems is well known. We suggest modification of the known digital signature systems for which some of cryptanalytic instruments were found . This modification prevents possibility to use recently developed attacks on classical schemes such as rainbow oil and vinegar system, and LUOV. Modification does not change the size of hashed messages and size of signatures. Basic idea is the usage of multivariate messages of unbounded degree and polynomial density for the construction of public rules. Modified algorithms are presented for standardization and certification studies.

In recent years, deep neural networks (DNN) have become an important type of intellectual property due to their high performance on various classification tasks. As a result, DNN stealing attacks have emerged. Many attack surfaces have been exploited, among which cache timing side-channel attacks are hugely problematic because they do not need physical probing or direct interaction with the victim to estimate the DNN model. However, existing cache-side-channel-based DNN reverse engineering attacks rely on analyzing the binary code of the DNN library that must be shared between the attacker and the victim in the main memory. In reality, the DNN library code is often inaccessible because 1) the code is proprietary, or 2) memory sharing has been disabled by the operating system. In our work, we propose GANRED, an attack approach based on the generative adversarial nets (GAN) framework which utilizes cache timing side-channel information to accurately recover the structure of DNNs without memory sharing or code access. The benefit of GANRED is four-fold. 1) There is no need for DNN library code analysis. 2) No shared main memory segment between the victim and the attacker is needed. 3) Our attack locates the exact structure of the victim model, unlike existing attacks which only narrow down the structure search space. 4) Our attack efficiently scales to deeper DNNs, exhibiting only linear growth in the number of layers in the victim DNN.

Gated Recurrent Unit (GRU) has broad application fields, such as sentiment analysis, speech recognition, malware analysis, and other sequential data processing. For low-cost deployment and efficient machine learning services, a growing number of model owners choose to deploy the trained GRU models through Machine-learning-as-a-service (MLaaS). However, privacy has become a significant concern for both model owners and prediction clients, including model weights privacy, input data privacy, and output results privacy. The privacy leakage may be caused by either external intrusion or insider attacks. To address the above issues, this research designs a framework for privacy-preserving GRU models, which aims for privacy scenarios such as predicting on textual data, network packets, heart rate data, and so on. In consideration of accuracy and efficiency, this research uses additive secret sharing to design the basic operations and gating mechanisms of GRU. The protocols can meet the security requirements of privacy and correctness under the Universal Composability framework with the semi-honest adversary. Additionally, the framework and protocols are realized with a proof-of-concept implementation. The experiment results are presented with respect to time consumption and inference accuracy.

Oblivious transfer (OT) is an essential tool of cryptographic protocols. It can serve as a building block for realizing all multiparty functionalities. The strongest security notion against malicious adversaries is universal composibility (UC-secure). Due to the rigorous algebraic structures and operations, achieving the specific security notion with isogenies is believed to be difficult. Hence, it is an open problem to have an efficient UC-secure OT oblivious transfer scheme based on isogenies.

In this work, we propose the first isogeny-based UC-secure oblivious transfer protocol in the presence of malicious adversaries without analogues in the Diffie-Hellman setting. The simple and compact CSIDH-based scheme consists of a constant number of isogeny computations. The underlying relaxed problem is called the computational reciprocal CSIDH problem which we can prove equivalent to the computational CSIDH problem with a quantum reduction.

The private join and compute (PJC) functionality enables secure computation over data distributed across different databases, which is a functionality with a wide range of applications, many of which address settings where the input databases are of significantly different sizes.

We introduce the notion of private information retrieval (PIR) with default, which enables two-party PJC functionalities in a way that hides the size of the intersection of the two databases and incurs sublinear communication cost in the size of the bigger database. We provide two constructions for this functionality, one of which requires offline linear communication, which can be amortized across queries, and one that provides sublinear cost for each query but relies on more computationally expensive tools. We construct inner-product PJC, which has applications to ads conversion measurement and contact tracing, relying on an extension of PIR with default. We evaluate the efficiency of our constructions, which can enable $\mathbf{2^{12}}$ PIR with default lookups on a database of size $\mathbf{2^{30}}$ (or inner-product PJC on databases with such sizes) with the communication of $\mathbf{945}$MB, which costs less than $\mathbf{\$0.04}$ for the client and $\mathbf{\$5.22}$ for the server.

We show the existence of indistinguishability obfuscators (iO) for general circuits assuming subexponential security of: - the Learning with Error (LWE) assumption (with subexponential modulus-to-noise ratio); - the Decisional Composite Residuosity (DCR) assumption; and, - a circular security conjecture regarding the Gentry-Sahai-Water’s (GSW) and the Damgard-Jurik (DJ) encryption schemes.

More precisely, the circular security conjecture states that a notion of leakage-resilient security (which we refer to as “shielded randomness leakage security”) satisfied by GSW (assuming LWE) is retained in the presence of a key-cycle w.r.t. GSW and DJ.

Our work thus places iO on qualitatively similar assumptions as (unlevelled) FHE, for which known constructions also rely on a circular security conjecture.

We construct a VBB and perfect circuit-hiding obfuscator for evasive deterministic finite automata using a matrix encoding scheme with a limited zero-testing algorithm. We construct the matrix encoding scheme by extending an existing matrix FHE scheme. Using obfuscated DFAs we can for example evaluate secret regular expressions or disjunctive normal forms on public inputs. In particular, the possibility of evaluating regular expressions solves the open problem of obfuscated substring matching.

Side-channel attacks exploit information that is leaked from hardware. The differential power analysis (DPA) attack aims at extracting sensitive information that is processed by the operations in a cryptographic primitive. Power traces are collected and subsequently processed using statistical methods. The ChipWhisperer Nano is a low-cost, open-source device that can be used to implement and study side-channel attacks. This paper describes how the DPA attack with the difference of means method can be used to extract the secret key from both an 8-bit and a 32-bit implementation of AES using the ChipWhisperer Nano. The results show that although it is possible to carry out the attack on both implementations, the attack on the 32-bit implementation requires more traces than the 8-bit implementation.