International Association
for Cryptologic Research

Applications are invited for a PhD project "Secure multi-tenant and federated satellite system". The full-time doctoral candidate will develop novel computer architecture required to support the security protocols proposed and/or standardized by CCSDS and will also propose new protocols. The student will also work on Software defined Satellite networking to enable programmability and reconfigurability of the system. The work will involve design of novel computer architecture and/or novel operating system and/or novel multiparty security protocol.

Closing date for applications:

Contact: Dr Arnab Kumar Biswas

More information: https://www.qub.ac.uk/courses/postgraduate-research/phd-opportunities/secure-multitenant-and-federated-satellite-system.html

Applications are invited for a PhD project "A Trusted Execution Environment based framework for securing legacy embedded systems". The full-time doctoral candidate will investigate existing Trusted Execution Environment (TEE) on COTS devices in Industrial control systems (ICS) and implement a framework which will allow the use of the COTS devices without any compromise on trust. In this case, the ICS operator will issue the applications for the COTS operator that will be able to communicate with the ICS devices using the required protocol and perform the necessary maintenance tasks. The project work will involve proposing novel architectural solution and/or novel operating system-based solution.

Closing date for applications:

Contact: Dr Arnab Kumar Biswas

More information: https://www.qub.ac.uk/courses/postgraduate-research/phd-opportunities/a-trusted-execution-environment-based-framework-for-securing-legacy-embedded-systems.html

A single-leader election (SLE) is a way to elect one leader randomly among the parties in a distributed system. If the leader is secret (i.e., unpredictable) then it is called a secret single leader election (SSLE). In this paper, we model the security of SLE in the universally composable (UC) model. Our model is adaptable to various unpredictability levels for leaders that an SLE aims to provide. We construct an SLE protocol that we call semi-anonymous single leader election (SASLE). We show that SASLE is secure against adaptive adversaries in the UC model. SASLE provides a good amount of unpredictability level to most of the honest leaders while it does not provide unpredictability to the rest of them. In this way, we obtain better communication overhead by comparing the existing SSLE protocols. In the end, we construct a PoS-protocol (Sassafras) which deploys SASLE to elect the block producers. Sassafras benefits from the efficiency of SASLE and gains significant security both to grinding attacks and the private attack as shown by Azouvi and Cappelletti (ACM AFT 2021) because it elects a single block producer.

In Private Set Intersection protocols (PSIs), a non-empty result always reveals something about the private input sets of the parties. Moreover, in various variants of PSI, not all parties necessarily receive or are interested in the result. Nevertheless, to date, the literature has assumed that those parties who do not receive or are not interested in the result still contribute their private input sets to the PSI for free, although doing so would cost them their privacy. In this work, for the first time, we propose a multi-party PSI, called “Anesidora”, that rewards parties who contribute their private input sets to the protocol. Anesidora is efficient; it mainly relies on symmetric key primitives and its computation and communication complexities are linear with the number of parties and set cardinality. It remains secure even if the majority of parties are corrupted by active colluding adversaries.

End-to-end encryption (E2EE) prevents online services from accessing user content. This important security property is also an obstacle for content moderation methods that involve content analysis. The tension between E2EE and efforts to combat child sexual abuse material (CSAM) has become a global flashpoint in encryption policy, because the predominant method of detecting harmful content---server-side perceptual hash matching on plaintext images---is unavailable.

Recent applied cryptography advances enable private hash matching (PHM), where a service can match user content against a set of known CSAM images without revealing the hash set to users or nonmatching content to the service. These designs, especially a 2021 proposal for identifying CSAM in Apple's iCloud Photos service, have attracted widespread criticism for creating risks to security, privacy, and free expression.

In this work, we aim to advance scholarship and dialogue about PHM by contributing new cryptographic methods for system verification by the general public. We begin with motivation, describing the rationale for PHM to detect CSAM and the serious societal and technical issues with its deployment. Verification could partially address shortcomings of PHM, and we systematize critiques into two areas for auditing: trust in the hash set and trust in the implementation. We explain how, while these two issues cannot be fully resolved by technology alone, there are possible cryptographic trust improvements.

The central contributions of this paper are novel cryptographic protocols that enable three types of public verification for PHM systems: (1) certification that external groups approve the hash set, (2) proof that particular lawful content is not in the hash set, and (3) eventual notification to users of false positive matches. The protocols that we describe are practical, efficient, and compatible with existing PHM constructions.

Event date: 29 June to 30 June 2023
Submission deadline: 7 February 2023
Notification: 14 March 2023

Event date: 29 August to 1 September 2023
Submission deadline: 9 March 2022
Notification: 23 May 2022

A distributed point function (DPF) (Gilboa-Ishai, Eurocrypt 2014) is a cryptographic primitive that enables compressed additive secret-sharing of a secret weight-1 vector across two or more servers. DPFs support a wide range of cryptographic applications, including efficient private information retrieval, secure aggregation, and more. Up to now, the study of DPFs was restricted to the computational security setting, relying on one-way functions. This assumption is necessary in the case of a dishonest majority.

We present the first statistically private 3-server DPF for domain size $N$ with subpolynomial key size $N^{o(1)}$. We also present a similar perfectly private 4-server DPF. Our constructions offer benefits over their computationally secure counterparts, beyond the superior security guarantee, including better computational complexity and better protocols for distributed key generation, all while having comparable communication complexity for moderate-sized parameters.

This paper describes a formalization of the specification and the algorithm of the cryptographic scheme CRYSTALS-KYBER as well as the verification of its (1 − δ)-correctness proof. During the formalization, a problem in the correctness proof was uncovered. In order to amend this issue, a necessary property on the modulus parameter of the CRYSTALS-KYBER algorithm was introduced. This property is already implicitly fulfilled by the structure of the modulus prime used in the number theoretic transform (NTT). The NTT and its convolution theorem in the case of CRYSTALS-KYBER was formalized as well. The formalization was realized in the theorem prover Isabelle.

We are applying Fermat’s factorization algorithm to sets of public RSA keys. Fermat’s factorization allows efficiently calculating the prime factors of a composite number if the difference between the two primes is small. Knowledge of the prime factors of an RSA public key allows efficiently calculating the private key. A flawed RSA key generation function that produces close primes can therefore be attacked with Fermat’s factorization. We discovered a small number of vulnerable devices that generate such flawed RSA keys in the wild. These affect devices from two printer vendors - Canon and Fuji Xerox. Both use an underlying cryptographic module by Rambus.

In this paper, we investigate the security of several recent MAC constructions with provable security beyond the birthday bound (called BBB MACs) in the quantum setting. On the one hand, we give periodic functions corresponding to targeted MACs (including PMACX, PMAC with parity, HPxHP, and HPxNP), and we can recover secret states using Simon algorithm, leading to forgery attacks with complexity O(n). This implies our results realize an exponential speedup compared with the classical algorithm. Note that our attacks can even break some optimally secure MACs, such as mPMAC+-f, mPMAC+-p1, mPMAC+-p2, mLightMAC+-f, etc. On the other hand, we construct new hidden periodic functions based on SUM-ECBC-like MACs: SUM-ECBC, PolyMAC, GCM-SIV2, and 2K-ECBC−Plus, where periods reveal the information of the secret key. Then, by applying Grover-meets-Simon algorithm to specially constructed functions, we can recover full keys with O(2^(n/2)n) or O(2^(m/2)n) quantum queries, where n is the message block size and m is the length of the key. Considering the previous best quantum attack, our key-recovery attacks achieve a quadratic speedup.

Functional Encryption (FE) is a modern cryptographic technique that allows users to learn only a specific function of the encrypted data and nothing else about its actual content. While the first notions of security in FE revolved around the privacy of the encrypted data, more recent approaches also consider the privacy of the computed function. While in the public key setting, only a limited level of function-privacy can be achieved, in the private-key setting privacy potential is significantly larger. However, this potential is still limited by the lack of rich function families. For this work, we started by identifying the limitations of the current state-of-the-art approaches which, in its turn, allowed us to consider a new threat model for FE schemes. To the best of our knowledge, we here present the first attempt to quantify the leakage during the execution of an FE scheme. By leveraging the functionality offered by Trusted Execution Environments, we propose a construction that given any message-private functional encryption scheme yields a function-private one. Finally, we argue in favour of our construction's applicability on constrained devices by showing that it has low storage and computation costs.

The Feistel construction is one of the most studied ways of building block ciphers. Several generalizations were proposed in the literature, leading to the Generalized Feistel Network (GFN) construction, in which the round function operates on each pair of blocks in parallel until all branches are permuted. At FSE'10, Suzaki and Minematsu studied the diffusion of such construction, raising the question of how many rounds are required so that each block of the ciphertext depends on all blocks of the plaintext. Exhausting all possible permutations up to 16 blocks, they observed that there were always optimal permutations mapping even-number input blocks to odd-number output blocks and vice versa. Recently, both Cauchois et al. and Derbez et al. proposed new algorithms to build optimal even-odd permutations for up to 36 blocks. In this paper, we present a new algorithm based on iterative path building to search for optimal Feistel permutation. This algorithm is much faster in exhausting optimal non-even-odd permutations than all the previous approaches. Our first result is a computational proof that no non-even-odd permutation reaches a better diffusion round than optimal even-odd permutations up to 32 blocks. Furthermore, it is well known that permutations with an optimal diffusion round do not always lead to optimal permutations against differential cryptanalysis. We investigate several new criteria to build permutations leading to more secure GFN.

Embedded systems are a cornerstone of the ongoing digitization of our society, ranging from expanding markets around IoT and smart-X devices over to sensors in autonomous driving, medical equipment or critical infrastructures. Since a vast amount of embedded systems are safety-critical (e.g., due to their operation site), security is a necessity for their operation. However, unlike mobile, desktop, and server systems, where adversaries typically only act have remote access, embedded systems typically face attackers with physical access. Thus embedded system require an additional set of defense techniques, preferably leveraging hardware acceleration to minimize the impact on their stringent operation constraints. Over the last decade numerous defenses have been explored, however, they have often been analyzed in isolation.

In this work, we first systematically analyze the state of the art in defenses for both software exploitation and fault attacks on embedded systems. We then carefully design a holistic instruction set extension to augment the RISC-V instruction set architecture with instructions to deter against the threats analyzed in this work. Moreover we implement our design using the gem5 simulator system and a binary translation approach to arm software with our instruction set extension. Finally, we evaluate performance overhead on the MiBench2 benchmark suite. Our evaluation demonstrates a ROM overhead increase of 20% to defeat the aforementioned attacks.

Deep learning techniques have been widely used in side-channel analysis (SCA) in recent years and shown better performance compared with traditional methods. However, there has been little research dealing with deep learning techniques in fault analysis to date. This article undertakes the first study to introduce deep learning into fault analysis. We investigate the application of multi-layer perceptron (MLP) and convolutional neural network (CNN) in persistent fault analysis (PFA) and propose deep learning-based persistent fault analysis (DLPFA). DLPFA is first applied to advanced encryption standard (AES) to verify its availability. Then, to push the study further, we extend DLPFA to PRESENT, which is a lightweight substitution–permutation network (SPN)-based block cipher. The experimental results show that DLPFA can handle random faults and provides outstanding performance with a suitable selection of hyper-parameters.

It is known that the Scholz conjecture on addition chains is true for all integers n with ℓ(2n) = ℓ(n) + 1. There exists infinitely many integers with ℓ(2n) ≤ ℓ(n) and we don’t know if the conjecture still holds for them. The conjecture is also proven to hold for integers n with v(n) ≤ 5 and for infinitely many integers with v(n) = 6. There is no specific results on integers with v(n) = 7. In [14], an infinite list of integers satisfying ℓ(n) = ℓ(2n) and v(n) = 7 is given by Thurber. In this paper, we prove that the conjecture holds for all of them.

Hyperparameter tuning represents one of the main challenges in deep learning-based profiling side-channel analysis. For each different side-channel dataset, the typical procedure to find a profiling model is applying hyperparameter tuning from scratch. The main reason is that side-channel measurements from various targets contain different underlying leakage distributions. Consequently, the same profiling model hyperparameters are usually not equally efficient for other targets. This paper considers autoencoders for dimensionality reduction to verify if encoded datasets from different targets enable the portability of profiling models and architectures. Successful portability reduces the hyperparameter tuning efforts as profiling model tuning is eliminated for the new dataset, and tuning autoencoders is simpler. We first search for the best autoencoder for each dataset and the best profiling model when the encoded dataset becomes the training set. Our results show no significant difference in tuning efforts using original and encoded traces, meaning that encoded data reliably represents the original data. Next, we verify how portable is the best profiling model among different datasets. Our results show that tuning autoencoders enables and improves portability while reducing the effort in hyperparameter search for profiling models. Lastly, we present a transfer learning case where dimensionality reduction might be necessary if the model is tuned for a dataset with fewer features than the new dataset. In this case, tuning of the profiling model is eliminated and training time reduced.

The Department of Computer Science (CS) and the Department of Mathematics (Math) at the University of Central Florida (UCF) are seeking three full-time, 9-month faculty positions at the rank of assistant professor (tenure-earning), associate professor or professor (tenured) in the area of cyber security and privacy, with concentrations in one of the areas described below. The anticipated start date is August 8, 2023. • Area A (Math): Cryptography, applied cryptography, and intersection of algorithm and cryptography (e.g., quantum cryptography, post-quantum crypto, etc.). One faculty position is anticipated for this area. • Area B (Computer Science): Cloud, Edge, and IoT security (e.g., serverless computing, container security, etc.), system software, software supply chain security, and the security of Cyber Physical System, etc. Two faculty positions are anticipated for this area. These positions will be expected to strengthen both the tenure home department (Math or CS, as applicable), as well as the Cyber Security and Privacy Cluster and may include a combination of secondary joint appointments. The ideal candidates will be in the rank of assistant professor, but exceptional candidates at the rank of associate professor or professor will be considered. The ideal candidates will have a strong background in the areas listed.

Closing date for applications:

Contact: Questions regarding this search may be directed to Dr. Yan Solihin (yan.solihin@ucf.edu) or Dr. Paul Gazzillo (paul.gazzillo@ucf.edu).

More information: https://ucf.wd1.myworkdayjobs.com/careers/job/Orlando-FL-Main-Campus/Assistant-Professor--Associate-Professor--or-Professor--Cyber-Security-and-Privacy-Areas--Computer-Science-or-Mathematics-_R103069

The department of Mathematics and Computer Science at TU Eindhoven has a postdoc vacancy for work on quantum cryptography.

The research will focus on
* quantum cryptography beyond QKD, e.g. key recycling, unclonable encryption, unclonable credentials, quantum PUFs and similar schemes.
* theory related to the Quantum Communication testbed under development in Eindhoven.

The research takes place in the EIPSI institute, which is a collaboration between the Security group and the Coding and Cryptology group.
This position is part of a large, long term, well-funded national program on quantum technologies (Quantum Delta NL). One of the three development lines (Catalyst-2, or CAT2) is fully dedicated to Quantum Key Distribution, Communication and Quantum internet.

Closing date for applications:

Contact: Boris Skoric (b dot lastname at tue dot nl)

More information: https://jobs.tue.nl/en/vacancy/postdoc-quantum-protocols-970990.html

As our Director of Research & Development, you have full ownership of the vision, architecture, and deployment of our research across the innovative products at Horizen Labs. You will work closely with our researchers and engineers being the critical bridge between both areas. As a leader of a cutting-edge team, you will be a champion of translating R&D into meaningful products that will change the world. In collaboration with engineering leadership and our product managers, you will shape the technical direction of the entire company, leveraging our research in applied cryptography across various landscapes, including the privacy space, blockchain scalability, and ground-breaking security solutions. You are also passionate about coaching and mentoring your team members to help them grow technically, enhance their ability to get things done, and guide them toward their career goals.

Requirements

• Spearhead the design, prototyping, and rollout of PoCs (Proof of Concepts) that focuses on the market’s needs and brings true innovation to the greater research community;
• Co-create both near-term and long term roadmaps with Engineering and Product leadership to bring ideas from academic papers to live production-ready systems;
• Be responsible for our cryptographic team, serving them with empathy, humility, and passion to deliver ground-breaking products to the world;
• Promote a culture of innovation and collaboration both within our internal team and our broader network of researchers, advisors, and partners;
• Facilitate conversations and decisions among senior leaders to identify where the business needs to be next and craft a path to get us there;
• Take a proactive role in aligning organizations and influencing the overall technical direction of a company;
• Collaborate with other industry-leading luminaries, from our investors (Digital Currencies Group, Kenetic Capital, Liberty City Ventures, Sound Ventures), world-class blockchain partner, and devoted security experts (NCC, Halborn).

  Closing date for applications:

  Contact:

  Apply to: https://horizenlabs.io/careers/job/?gh_jid=4759378004

  More information: https://horizenlabs.io/careers/job/?gh_jid=4759378004