International Association
for Cryptologic Research

As part of the teaching and research role, the Lecturer contributes to at least one of the interdisciplinary cybersecurity research areas such as applied cryptography, blockchain, privacy-preserving machine learning etc., and will engage in teaching, including the development of education resources and new course units; and research of cutting-edge cyber security technologies and practices.

You should have a PhD (or nearly finish PhD) and demonstrate expertise in one or more of the following research areas: cryptography (including zero-knowledge proofs, secure multi-party computation and other advanced primitives), interdisciplinary cybersecurity, human aspects of cybersecurity, secure critical infrastructures, blockchain technology, security of AI and machine learning, and security requirements engineering.

Interested party can apply through this link: https://careers.pageuppeople.com/513/cw/en/job/629426/lecturersenior-lecturer-identified-position-women

Closing date for applications:

Contact: Joseph Liu ( joseph . liu @ monash . edu )

More information: https://careers.pageuppeople.com/513/cw/en/job/629426/lecturersenior-lecturer-identified-position-women

Applications are invited for the M.S. and Ph.D. positions in Information Security at the Department of Computer Science and Engineering, National Sun Yat-sen University, Kaohsiung, Taiwan. Successful candidates will work at CANSEC Lab on various topics in Applied Cryptology under the supervision of Arijit Karati. Expertise in post-quantum cryptography, secure vehicle communication, edge computing, satellite communication, and 6G security may be beneficial. We are seeking students dedicated to their research and are highly motivated. There are currently 05 openings (03 for M.S. and 02 are Ph.D.).

Responsibilities:
Aside from academic work, students must participate in various activities, either in a group or individually, including (but not limited to):

Security protocol design and implementation.

Assessment of the security and performance metric.

On a regular basis, meet with supervisor and share study findings.

Maintain the lab's ethics and rules.

Requirements:
Students must meet the following major requirements in addition to the university's fundamental admission policies (https://cse.nsysu.edu.tw/?Lang=en):

Strong motivation on applied cryptology and cybersecurity.

Understanding of technological advancements.

Knowledge of basic mathematics for cryptography.

Knowledge of at least two programming languages, such as Python/Java/C/C++.

Scholarship:

Under the university policy.

Project funding (based on students' performance).

Method to join CANSEC:

Send recent CV to arijit.karati@mail.cse.nsysu.edu.tw

Two rounds of interview (optional based on CV)
Candidates must apply properly through the ONLINE portal after satisfying the prerequisites.

Closing date for applications:

Contact: Arijit Karati (arijit.karati@mail.cse.nsysu.edu.tw)

The FIDO2 standard is widely-used class of challenge-response type protocols that allows to authenticate to an online service using a hardware token. Barbosa et al. (CRYPTO `21) provided the first formal security model and analysis for the FIDO2 standard. However, their model has two shortcomings: (1) it does not include privacy, one of the key features claimed by FIDO2 (2) their model and proofs apply only to tokens that store all secret keys locally.

In contrast, due to limited memory, most existing FIDO2 tokens use one of the following approaches to handle an unlimited number of keys. Key derivation derives a fresh per-server secret key from a common seed. Key wrapping stores an encryption of the key on the server and retrieves them for each authentication. These approaches substantially complicate the protocols and their security analysis. In particular, they bear additional risks for privacy and security of FIDO2 that are not captured in the model Barbosa et al. model.

In this paper, we revisit the security of the FIDO2 as implemented in practice. Our contributions are as follows. (1) We adapt the model of Barbosa et al. so as to capture authentication tokens using key derivation or key wrapping. (2) In our adapted model, we provide the first formal definition of privacy for FIDO2 and show that these common FIDO2 token implementations are secure in our model, if the underlying building blocks are chosen appropriately. (3) Finally, we address the unsolved problem of global key revocation in FIDO2. We first provide appropriate syntax of a revocation procedure and extend our model to support this feature. We then provide the first secure global key revocation protocol for FIDO2. Our solution is based on the popular BIP32 standard used in cryptocurrency wallets.

We introduce Zef, the first Byzantine-Fault Tolerant (BFT) protocol to support payments in anonymous digital coins at arbitrary scale. Zef follows the communication and security model of FastPay: both protocols are asynchronous, low-latency, linearly-scalable, and powered by partially-trusted sharded authorities. In contrast with FastPay, user accounts in Zef are uniquely-identified and safely removable. Zef coins are bound to an account by a digital certificate and otherwise stored off-chain by their owners. To create and redeem coins, users interact with the protocol via privacy-preserving operations: Zef uses randomized commitments and NIZK proofs to hide coin values; and, created coins are made unlinkable using the blind and randomizable threshold anonymous credentials of Coconut. Besides the detailed specifications and our analysis of the protocol, we are making available an open-source implementation of Zef in Rust. Our extensive benchmarks on AWS confirm textbook linear scalability and demonstrate a confirmation time under one second at nominal capacity. Compared to existing anonymous payment systems based on a blockchain, this represents a latency speedup of three orders of magnitude, with no theoretical limit on throughput.

Zero-Knowledge protocols have increasingly become both popular and practical in recent years due to their applicability in many areas such as blockchain systems. Unfortunately, public verifiability and small proof sizes of zero-knowledge protocols currently come at the price of strong assumptions, large prover time, or both, when considering statements with millions of gates. In this regime, the most prover-efficient protocols are in the designated verifier setting, where proofs are only valid to a single party that must keep a secret state.

In this work, we bridge this gap between designated-verifier proofs and public verifiability by {\em distributing the verifier}. Here, a set of verifiers can then verify a proof and, if a given threshold $t$ of the $n$ verifiers is honest and trusted, can act as guarantors for the validity of a statement. We achieve this while keeping the concrete efficiency of current designated-verifier proofs, and present constructions that have small concrete computation and communication cost. We present practical protocols in the setting of threshold verifiers with $t

We construct new private-information-retrieval protocols in the single-server setting. Our schemes allow a client to privately fetch a sequence of database records from a server, while the server answers each query in average time sublinear in the database size. Specifically, we introduce the first single-server private-information-retrieval schemes that have sublinear amortized server time, require sublinear additional storage, and allow the client to make her queries adaptively. Our protocols rely only on standard cryptographic assumptions (decision Diffie-Hellman, quadratic residuosity, learning with errors, etc.). They work by having the client first fetch a small "hint" about the database contents from the server. Generating this hint requires server time linear in the database size. Thereafter, the client can use the hint to make a bounded number of adaptive queries to the server, which the server answers in sub-linear time--yielding sublinear amortized cost. Finally, we give a lower bound proving that our most efficient scheme is optimal with respect to the trade-off it achieves between server online time and client storage.

We improve upon the security of (tweakable) correlation-robust hash functions, which are essential components of garbling schemes and oblivious-transfer extension schemes. We in particular focus on constructions from permutations, and improve upon the work by Guo et al. (IEEE S&P '20) in terms of security and efficiency.

We present a tweakable one-call construction which matches the security of the most secure two-call construction -- the resulting security bound takes form O((p+q)q/2^n), where q is the number of construction evaluations and p is the number of direct adversarial queries to the underlying n-bit permutation, which is modeled as random. Moreover, we present a new two-call construction with much better security degradation -- in particular, for applications of interest, where only a constant number of evaluations per tweak are made, the security degrades as O((sqrt(q)p+q^2)/2^n).

Our security proof relies on on the sum-capture theorems (Babai ’02; Steinberger ’12, Cogliati and Seurin ’18), as well as on new balls-into-bins combinatorial lemmas for limited independence ball-throws.

Of independent interest, we also provide a self-contained concrete security treatment of oblivious transfer extension.

Event date: 26 May 2022
Submission deadline: 27 January 2022
Notification: 27 February 2022

Event date: 7 September to 9 September 2022
Submission deadline: 23 May 2022
Notification: 11 July 2022

Event date: 10 July to 16 July 2022
Submission deadline: 1 March 2022
Notification: 15 April 2022

Event date: 10 July to 16 July 2022
Submission deadline: 1 March 2022
Notification: 15 April 2022

Event date: 29 August to 31 August 2022
Submission deadline: 25 March 2022
Notification: 25 May 2022

Event date: 7 November to 10 November 2022
Submission deadline: 24 May 2022
Notification: 28 August 2022

Event date: 13 June to 17 June 2022

The project is related to Building Trust on Computing Platform and Standardization of Elliptic Curve Cryptography for Indian Smart-Card Operating System
Fellowship: Rs. 42,000 per month + HRA
Age Limit: 40 years
Qualifications:

• Master's Degree in Engineering or Technology from a recognized University or equivalent; and
• Four years experience in Research and Development in Industrial and Academic Institutions or Science and Technology Organisations and Scientific activities and services
  OR
  Doctoral Degree in Science / Engineering / Technology from a recognized University or equivalent

Desired Qualifications: a. Have a good knowledge of Cryptography, Security, Embedded Systems, Programming. b. Preference will be given to candidates having NET/GATE scores and working experience relevant to the projects.

Employment Type: Contract

How to Apply:
Candidates should only apply using the application form given in the link. A duly completed application form along with the candidate’s detailed CV must be mailed to the PI, Dr. Dhiman Saha at deciphered.recruitment@gmail.com

For more info on the research group visit: http://de.ci.phe.red

Closing date for applications:

Contact: Dr. Dhiman Saha
Assistant Professor
Department of EECS, IIT Bhilai
Email: dhiman@iitbhilai.ac.in, decipheredlab@iitbhilai.ac.in Website: http://dhimans.in

More information: https://www.iitbhilai.ac.in/index.php?pid=adv_jan22_2

An exciting project to derive a sustainable and environmental-friendly consensus protocol for permissionless blockchain.

We are looking for a candidate with an outstanding PhD in cryptography and/or blockchain and a strong publication record in this field. The postdoc position will start asap and it is funded for 2 years.

To apply please send your detailed CV (with publication list) to Joseph Liu.

More information about our Blockchain Centre can be found here: https://www.monash.edu/blockchain

Closing date for applications:

Contact: Joseph Liu ( joseph . liu @ monash . edu )

We solve the millionaires problem in the semi-trusted model with homomorphic encryption without using intermediate decryptions. This leads to the computationally least expensive solution with homomorphic encryption so far, with a low bandwidth and very low storage complexity. The number of modular multiplications needed is less than the number of modular multiplications needed for one Pallier encryption. The output of the protocol can be either publicly known, encrypted, or secret-shared. The private input of the first player is computationally secure towards the second player, and the private input of the second player is even unconditionally secure towards the first player. We also introduce an efficient client-server solution for the millionaires problem with similar security properties

We consider that multiple noisy observations of a remote source are used by different nodes in the same network to compute a function of the noisy observations under joint secrecy, joint privacy, and individual storage constraints, as well as a distortion constraint on the function computed. Suppose that an eavesdropper has access to one of the noisy observations in addition to the public messages exchanged between legitimate nodes. This model extends previous models by 1) considering a remote source as the source of dependency between the correlated random variables observed at different nodes; 2) allowing the function computed to be a distorted version of the target function, which allows to reduce the storage rate as compared to a reliable function computation scenario in addition to reducing secrecy and privacy leakages; 3) introducing a privacy metric that measures the information leakage about the remote source to the fusion center in addition to the classic privacy metric that measures the leakage to an eavesdropper; 4) considering two transmitting nodes to compute a function rather than one node. Single-letter inner and outer bounds are provided for the considered lossy function computation problem, and exact lossy rate regions are characterized for two special cases in which either the computed function is partially invertible or the function is invertible and the measurement channel of the eavesdropper is physically degraded with respect to the measurement channel of the fusion center.

The problem of reliable function computation is extended by imposing privacy, secrecy, and storage constraints on a remote source whose noisy measurements are observed by multiple parties. The main additions to the classic function computation problem include 1) privacy leakage to an eavesdropper is measured with respect to the remote source rather than the transmitting terminals' observed sequences; 2) the information leakage to a fusion center with respect to the remote source is considered as another privacy leakage metric; 3) two transmitting node observations are used to compute a function. Inner and outer bounds on the rate regions are derived for lossless single-function computation with two transmitting nodes, which recover previous results in the literature, and for special cases that consider invertible functions exact rate regions are characterized.

Bitcoin is the most secure blockchain in the world, supported by the immense hash power of its Proof-of-Work miners, but consumes huge amount of energy. Proof-of-Stake chains are energy-efficient, have fast finality and accountability, but face several fundamental security issues: susceptibility to non-slashable long-range safety attacks, non-slashable transaction censorship and stalling attacks and difficulty to bootstrap new PoS chains from low token valuation. We propose Babylon, a blockchain platform which combines the best of both worlds by reusing the immense Bitcoin hash power to enhance the security of PoS chains. Babylon provides a data-available timestamping service, securing PoS chains by allowing them to timestamp data-available block checkpoints, fraud proofs and censored transactions on Babylon. Babylon miners merge mine with Bitcoin and thus the platform has zero additional energy cost. The security of a Babylon-enhanced PoS protocol is formalized by a cryptoeconomic security theorem which shows slashable safety and liveness guarantees.