International Association
for Cryptologic Research

The School of Electrical Engineering and Computer Science at Oregon State University invites applications for several full-time, nine-month, tenure-track faculty positions. As a land grant institution committed to teaching, research, and outreach and engagement, Oregon State University promotes economic, social, cultural, and environmental progress for the people of Oregon, the nation, and the world. In support of this mission, the College of Engineering recently updated its strategic plan to advance its achievement in high impact research, excellent preparation of all our students, and developing a community of faculty, students, and staff that is increasingly more inclusive, collaborative, diverse, and centered on student success. Faculty candidates are sought in areas that include the following: Software Engineering, Artificial Intelligence/Machine Learning, Cybersecurity, Systems and Theoretical Computer Science. Applicants should demonstrate a strong commitment and capacity to initiate new funded research as well as to expand and complement existing research programs in the OSU College of Engineering and beyond. Furthermore, applicants should demonstrate a strong commitment to undergraduate and graduate teaching; some successful candidates may also have opportunity to teach in the school’s highly ranked online computer science program. Applicants are expected to mentor students and promote equitable outcomes among learners of diverse and underrepresented identity groups. Appointment is anticipated at the Assistant Professor rank, but candidates with exceptional qualifications may be considered for appointment at the rank of Associate or Full Professor. Applicants must hold a Ph.D. degree in Computer Science, Electrical and Computer Engineering, or a closely related discipline.

Closing date for applications:

Contact: Mike Rosulek <rosulekm at eecs.oregonstate.edu>

More information: https://jobs.oregonstate.edu/postings/96561

We are looking for an excellent, motivated, self-driven post-doctoral researcher to work in the area of information security and cryptography with a focus on secure and private cloud assisted computing. More precisely, the postdoctoral researcher shall be working on investigating efficient verifiable delegation of computation mechanisms that provide: i) provable security guarantees, and ii) rigorous privacy guarantees. The overall aim of the postdoctoral position will be to design and evaluate provably secure cryptographic protocols for privacy-preserving and verifiable delegation of computation protocols. The research shall also consider the case where multiple clients jointly outsource computations to untrusted cloud servers. Research area: Research areas include but are not limited to:

• Verifiable computation
• Secure Multi Party Computation
• Privacy-preserving authentication
• Cryptographic primitives

Your Profile:

• A PhD degree in Cryptography;
• Strong publication record;
• Strong mathematical and algorithmic CS background;
• Excellent programming skills;
• Excellent written and verbal communication skills in English

Final Deadline for applications: 8 January 2021. Starting date: Beginning of 2021 or by mutual agreement.

Closing date for applications:

Contact: Katerina Mitrokotsa

More information: https://www.chalmers.se/en/about-chalmers/Working-at-Chalmers/Vacancies/Pages/default.aspx?rmpage=job&rmjob=9112

We are looking for an excellent, motivated, self-driven post-doctoral researcher to work in the area of information security and cryptography. More precisely, we envision secure and privacy-preserving machine learning algorithms for artificial intelligence applications in everyday life that can provide confidentiality and integrity guarantees. In particular the main aims of the project are to: (i) Safeguard the privacy of individuals that participate by either providing their data to build the AI system or being end-users of the system, (ii) safeguard the integrity of the system by ensuring its robustness to adversarial inputs and cryptographically limiting the possible points of adversarial manipulation. You will be working with Prof. Mitrokotsa and Prof. Dimitrakakis. Full-time employment for three years.
Your Profile:

• A PhD degree in Cryptography with connections to Machine learning;
• Publications
• Strong mathematical and algorithmic CS background;
• Excellent programming skills;
• Excellent written and verbal communication skills in English

Final Deadline for applications: 3 January 2021 Starting date: Beginning of 2021 or by mutual agreement.

Closing date for applications:

Contact: Katerina Mitrokotsa

More information: https://www.chalmers.se/en/about-chalmers/Working-at-Chalmers/Vacancies/Pages/default.aspx?rmpage=job&rmjob=9089

The security of blockchains based on PoW-based blockchain relies on the total amount of mining power and the ratio of mining power possessed by the honest miners. Loosely speaking, a system with higher mining power makes an attack more difficult. To incentivise miners joining the network and contributing their mining power, reward mechanisms are designed to provide economic profit to miners in exchange for their mining power. We identify shutdown price as an overlooked factor that has an impact on the current incentive mechanisms. This work fills this knowledge gap. We formalise the concept of shutdown price, which represents the break-even point of operating a mining machine. Once the shutdown price of a type of mining machines is reached, mining coins by using such machines is more expensive than buying coins directly in the cryptocurrency market. Therefore a rational operator would shut these machines down. This reduces the mining power in the network. However, as the variance of the coin price can be very high and the coin price may recover from the break-even point within a short time interval, the miners may not shut down the break-even triggered machine immediately or choose a partial shutdown strategy to hedge risk. We define and analyse such shutdown tolerance by applying real option theory.

Attacks can take advantage of this shutdown threshold, and attackers can even cleverly utilise financial derivatives of cryptocurrencies (whose gain is primarily affected by the change of coin price) to increase their potential gains. As the coin price may drop when successful attacks (such as double spending attacks) on the associated cryptocurrency are discovered, the financial derivatives may be leveraged by a rational adversary to gain extra profit from the launched attacks.

Zero-Knowledge Proof is a crucial tool for privacy preserving and stake proving. It allows the Prover to convince the Verifier about the validity of some statement without leaking any knowledge of his own. Quantities of zero knowledge protocols have been proposed by now and one of the state-of-the-art works is Halo [1], which is brought about by Bowe, Grigg and Hopwood. Even though nested amortization technique used in Halo, the Verifier still has to compute an O(n) operation ultimately. As a result, Halo is not a fully succinct zero-knowledge scheme and infeasible to be utilized in some scenarios such as Ethereum Smart Contract applications. We propose Halo 1.1, which is an enhanced version of Halo aiming at the issue above. Specifically, we introduce the SRS in [2] as the substitute for the random vector in the inner product and thus transform the Pedersen vec-tor commitment to Kate polynomial commitment [2]. On the premise of original Halo protocol remained, the computation of Verifier is in logarith-mic time.

Zoom Meeting is an enterprise online video conferencing solution with real-time messaging and content sharing. However, they are lack of privacy protection since centralized Zoom servers are capable of monitoring user’s messages. Thereby, to solve the privacy problem, in May 2020, Zoom acquired Keybase so that Keybase’s team can help it to build end-to-end encryption meeting while remain Zoom’s current scalability and high-performance. Nonetheless, according to the latest released Zoom’s whitepaper, even with the new design of E2E(end to end) encryption meeting, the security threats can’t be erased completely since the new design is not fully decentralized. In this paper, we introduce a fully decentralized design of E2E encryption meeting via blockchain technology. With this new design, Zoom’s E2E meeting privacy can be further improved.

Hardware security tokens have now been used for several decades to store cryptographic keys. When deployed, the security of the corresponding schemes fundamentally relies on the tamper-resistance of the tokens – a very strong assumption in practice. Moreover, even secure tokens, which are expensive and cumbersome, can often be subverted.

We introduce a new cryptographic primitive called Encryption schemes with Password-protected Assisted Decryption (EPAD schemes), in which a user’s decryption key is shared between a user device (or token) on which no assumption is made, and an online server. The user shares a human-memorizable password with the server. To decrypt a ciphertext, the user launches, from a public computer, a distributed protocol with the device and the server, authenticating herself to the server with her password (unknown to the device); in such a way that her secret key is never reconstructed during the interaction. We propose a strong security model which guarantees that (1) for an efficient adversary to infer any information about a user’s plaintexts, it must know her password and have corrupted her device (secrecy is guaranteed if only one of the two conditions is fulfilled), (2) the device and the server are unable to infer any information about the ciphertexts they help to decrypt (even though they could together reconstruct the secret key), and (3) the user is able to verify that device and server both performed the expected computations. These EPAD schemes are in the password-only model, meaning that the user is not required to remember a trusted public key, and her password remains safe even if she is led to interact with a wrong server and a malicious device.

We then give a practical pairing-based EPAD scheme. Our construction is provably secure under standard computational assumptions, using non-interactive proof systems which can be efficiently instantiated in the standard security model, i.e., without relying on the random oracle heuristic.

We address security and privacy problems for digital devices and biometrics from an information-theoretic optimality perspective, where a secret key is generated for authentication, identification, message encryption/decryption, or secure computations. A physical unclonable function (PUF) is a promising solution for local security in digital devices and this review gives the most relevant summary for information theorists, coding theorists, and signal processing community members who are interested in optimal PUF constructions. Low-complexity signal processing methods such as transform coding that are developed to make the information-theoretic analysis tractable are discussed. The optimal trade-offs between the secret-key, privacy-leakage, and storage rates for multiple PUF measurements are given. Proposed optimal code constructions that jointly design the vector quantizer and error-correction code parameters are listed. These constructions include modern and algebraic codes such as polar codes and convolutional codes, both of which can achieve small block-error probabilities at short block lengths, corresponding to a small number of PUF circuits. Open problems in the PUF literature from a signal processing, information theory, coding theory, and hardware complexity perspectives and their combinations are listed to stimulate further advancements in the research on local privacy and security.

Byzantine Agreement (BA) is one of the most fundamental problems in distributed computing, and its communication complexity is an important efficiency metric. It is well known that quadratic communication is necessary for BA in the worst case due to a lower bound by Dolev and Reischuk. This lower bound has been shown to be tight for $f < n/3$ by Berman et al. but a considerable gap remains for $n/3 \le f < n/2$.

This paper provides two results towards closing this gap. Both protocols have a quadratic communication complexity and have different trade-offs in resilience and assumptions. The first protocol achieves the optimal resilience of $f < n/2$ but requires a trusted setup for threshold signature. The second protocol achieves near optimal resilience $f \le (1/2 - \varepsilon)n$ in the standard PKI model.

We introduce compact certificate schemes, which allow any party to take a large number of signatures on a message $M$, by many signers of different weights, and compress them to a much shorter certificate. This certificate convinces the verifiers that signers with sufficient total weight signed $M$, even though the verifier will not see---let alone verify---all of the signatures. Thus, for example, a compact certificate can be used to prove that parties who jointly have a sufficient total account balance have attested to a given block in a blockchain.

After defining compact certificates, we demonstrate an efficient compact certificate scheme. We then show how to implement such a scheme in a decentralized setting over an unreliable network and in the presence of adversarial parties who wish to disrupt certificate creation. Our evaluation shows that compact certificates are 50--280$\times$ smaller and 300--4000$\times$ cheaper to verify than a natural baseline approach.

Smart grid has improved the security, efficiency of the power system and balanced the supply and demand by intelligent management, which enhanced stability and reliability of power grid. The key point to achieve them is real-time data and consume data sharing by using fine-grained policies. But it will bring the leakage of the privacy of the users and losing of control over data for data owners. The reported solutions can not give the best trade-off among the privacy protection, control over the data shared and confidentiality. In addition, they can not solve the problems of large computation overhead and dynamic management such as users’ revocation. This paper aims at these problems and proposes a decentralized attribute-based data sharing scheme. The proposed scheme ensures the secure sharing of data while removing the central authority and hiding user’s identity information. It uses attribute-based signcryption(ABSC) to achieve data confidentiality and authentication. Under this model, attribute-based encryption gives the access policies for users and keeps the data confidentiality, and the attribute-based signature is used for authentication of the primary ciphertextintegrity. It is more efficient than ”encrypt and then sign” or ”sign and then encrypt”. In addition, the proposed scheme enables user’s revocation and public verifiability. Under the random oracle model, the security and the unforgeability against adaptive chosen message attack are demonstrated.

Though Mobile Cloud Computing (MCC) and Mobile Edge Computing (MEC) technologies have brought more convenience to mobile services over past few years, but security concerns like mutual authentication, user anonymity, user untraceability, etc., have yet remained unresolved. In recent years, many efforts have been made to design security protocols in the context of MCC and MEC, but most of them are prone to security threats. In this paper, we analyze Jia et al.’s scheme, one of the latest authentication protocols for MEC environment and we show this scheme is vulnerable to user impersonation and ephemeral secret leakage attacks. Further, we demonstrate that the aforementioned attacks can be similarly applied to Li et al.’s scheme which recently derived from Jia et al.’s protocol. In this paper, we propose a provably secure authenticated key agreement protocol on the basis of Jia et al.’s scheme that not only withstands security weaknesses of it, but also offers low computational and communicational costs compared to the other related schemes. As a formal security proof, we simulate our scheme with widely used AVISPA tool. Moreover, we show the scalability and practicality of our scheme in a MEC environment through NS-3 simulation.

Several Central Bank Digital Currency (CBDC) projects are considering the development of a digital currency that is managed on a permissioned blockchain, i.e. only authorized entities are involved in transactions verification. In this paper, we explore the best possible balance between privacy and accountability in such a traceable digital currency. Indeed, in case of suspicion of fraud or money laundering activity, it is important to enable the retrieval of the identity of a payer or a payee involved in a specific transaction. Based on a preliminary analysis of achievable anonymity properties in a transferable, divisible and traceable digital currency systems, we first present a digital currency framework along with the corresponding security and privacy model. Then, we propose a pairing-free traceable digital currency system that reconciles user's privacy protection and accountability. Our system is proven secure in the random oracle model.

Prime integers form the basis for finite field and elliptic curve cryptography, as well as many other applications. Provable prime generation guarantees primality and is more efficient than probabilistic generation, and provides components for an efficient primality proof. This paper details a protocol which takes in the proof components from the generation process, proves primality, and as an added benefit, supplies the user with a subgroup generator.

A verifiable timed signature (VTS) scheme allows one to time-lock a signature on a known message for a given amount of time $T$ such that after performing a sequential computation for time $T$ anyone can extract the signature from the time-lock. Verifiability ensures that anyone can publicly check if a time-lock contains a valid signature on the message without solving it first, and that the signature can be obtained by solving the same for time $T$.

This work formalizes VTS, presents efficient constructions compatible with BLS, Schnorr, and ECDSA signatures, and experimentally demonstrates that these constructions can be employed in practice. On a technical level, we design an efficient cut-and-choose protocol based on the homomorphic time-lock puzzles to prove the validity of a signature encapsulated in a time-lock puzzle. We also present a new efficient {range proof} protocol that significantly improves upon existing proposals in terms of the proof size, and is also of independent interest.

While VTS is a versatile tool with numerous existing applications, we demonstrate VTS's applicability to resolve three novel challenging issues in the space of cryptocurrencies. Specifically, we show how VTS is the cryptographic cornerstone to construct: (i) Payment channel networks with improved on-chain unlinkability of users involved in a transaction, (ii) multi-party signing of transactions for cryptocurrencies without any on-chain notion of time and (iii) cryptocurrency-enabled fair multi-party computation protocol.

In this paper, we completely study two classes of Boolean functions that are suited for hybrid symmetric-FHE encryption with stream ciphers like FiLIP. These functions (which we call homomorphic-friendly) need to satisfy contradictory constraints: 1) allow a fast homomorphic evaluation, and have then necessarily a very elementary structure, 2) be secure, that is, allow the cipher to resist all classical attacks (and even more, since guess and determine attacks are facilitated in such framework). Because of constraint 2, these functions need to have a large number of variables (often more than 1000), and this makes even more difficult to satisfy constraint 1 (hence the interest of these two classes). We determine exactly all the main cryptographic parameters (algebraic degree, resiliency order, nonlinearity, algebraic immunity) for all functions in these two classes and we give close bounds for the others (fast algebraic immunity, dimension of the space of annihilators of minimal degree). This is the first time that this is done for all functions in classes of a sufficient cryptographic interest.

Private stream aggregation (PSA) allows an untrusted data aggregator to compute statistics over a set of multiple participants' data while ensuring the data remains private. Existing works rely on a trusted party to enable an aggregator to achieve offline fault tolerance, but in the real world this may not be practical. We develop a new framework that supports PSA in a way that is robust to online user faults, while still supporting a strong guarantee on each individual’s privacy. We first must define a new level of security in the presence of online faults and malicious adversaries because the existing definition does not account for online faults. After this we describe a general framework that allows existing work to reach this new level of security. Furthermore, we develop the first protocol that provably reaches this level of security by leveraging trusted hardware. After we develop a methodology to outsource computationally intensive work to higher performance devices, while still allowing for strong privacy, we reach new levels of scalability and communication efficiency over existing work seeking to support offline fault tolerance, and achieve differential privacy.

CPU caches are a powerful source of information leakage. To develop practical cache-based attacks, there is an increasingly need to automate the process of finding exploitable cache-based side-channels in computer systems. Cache template attack is a generic technique that utilizes Flush+Reload attack in order to automatically exploit cache vulnerability of Intel platforms. Cache template attack on T-table-based AES implementation consists of two phases including the profiling phase and the key exploitation phase. Profiling is a preprocessing phase to monitor dependencies between the secret key and behavior of the cache memory. In addition, the addresses of T-tables can be obtained automatically. In the key exploitation phase, most significant bits (MSBs) of the secret key bytes are retrieved by monitoring exploitable addresses. In this paper, we propose a simple yet effective searching technique which accelerates the profiling phase by a factor of at most 64. To verify the theoretical model of our technique, we implement the described attack on AES. The experimental results showed the profiling phase runtime of the cache template attack is around 10 minutes while our method speeds up the running of this phase to around 9 seconds.

We have a vacancy for a PhD Candidate at NTNU, in the Department of Information Security and Communication Technology (IIK), in the area of cryptography. The candidate will work in the general areas of privacy-preserving computation, lattice-based cryptography and post-quantum cryptography. This will be under the supervision of Dr. Anamaria Costache, in the cryptography team at NTNU. The cryptography team at NTNU is heavily involved in research in these areas, and so the successful candidate will benefit from a good research support system. A good work environment is characterized by diversity. We encourage qualified candidates to apply, regardless of their gender, functional capacity or cultural background. If you have any questions about the position, please contact Dr. Anamaria Costache, Anamaria.costache@ntnu.no. If you have any questions about the recruitment process, please contact HR officer Stine Terese Ruen Nymoen, stine.t.r.nymoen@ntnu.no. For a detailed description of the requirements, please go the link below. Application deadline 25/01/2021.

Closing date for applications:

Contact: Dr. Anamaria Costache, anamaria.costache@ntnu.no

More information: https://www.jobbnorge.no/en/available-jobs/job/197509/phd-candidate-in-cryptography

Applications are invited for a research intern position at the IMDEA Software Institute, Madrid, Spain. The successful applicant will work under the supervision of Ignacio Cascudo in a project in the area of cryptography, where the topic will be related to mathematical aspects of privacy-preserving protocols such as secure multiparty computation protocols, secret sharing or zero knowledge proofs.

Who should apply?
Applicants should be MSc students in computer science, mathematics or a related discipline. The applicants should in particular have strong background in mathematics and some background and interest in cryptography. Good teamwork and communication skills, including excellent spoken and written English are also required.

Working at IMDEA Software
The position is based in Madrid, Spain, where the IMDEA Software Institute is situated. The institute provides for travel expenses and an internationally competitive stipend. The working language at the institute is English.

Dates
The internship duration is intended to be for 4-6 months (with some flexibility). The starting period would be March 2021 or later.

How to apply?
Applicants interested in the position should submit their application at https://careers.software.imdea.org/ using reference code 2020-12-intern-mpc. Deadline for applications is January 25th, 2021.

For enquiries about the position, please contact: Ignacio Cascudo, ignacio.cascudo (at) imdea.org

Closing date for applications:

Contact: Ignacio Cascudo

More information: https://careers.software.imdea.org/