International Association
for Cryptologic Research

In this paper, we present a protocol to compute a friendship network of n people without revealing the identities of the people involved. The final result is an unlabelled graph which doesn\'t disclose

the identity of the parties. As part of the protocol, we present and make use of a technique to compute a random assignment of the numbers

{1, 2, ..., n} to n people. Our work has direct applications in the data collection stage of Social Network Analysis, where, it is of vital importance to compute the underlying network without compromising on the personal information or identity of the parties involved.

We introduce a CUDA GPU library to accelerate evaluations with homomorphic schemes defined over polynomial rings enabled with a number of optimizations including algebraic techniques for efficient evaluation, memory minimization techniques, memory and thread scheduling and low level CUDA hand-tuned assembly optimizations to take full advantage of the mass parallelism and high memory bandwidth GPUs offer. The arithmetic functions constructed to handle very large polynomial operands using number-theoretic transform (NTT) and Chinese remainder theorem (CRT) based methods are then extended to implement the primitives of the leveled homomorphic encryption scheme proposed by L{\\\'o}pez-Alt, Tromer and Vaikuntanathan. To compare the performance of the proposed CUDA library we implemented two applications: the Prince block cipher and homomorphic sorting algorithms on two GPU platforms in single GPU and multiple GPU configurations. We observed a speedup of 25 times and 51 times over the best previous GPU implementation for Prince with single and triple GPUs, respectively. Similarly for homomorphic sorting we obtained 12-41 times speedup depending on the number and size of the sorted elements.

At CHES 2001, Walter introduced the Big Mac attack against an implementation of RSA. It is an horizontal collision attack, based on the detection of common operands in two multiplications. The attack is very powerful since one single power trace of an exponentiation permits to recover all bits of the secret exponent. Moreover, the attack works with unknown or blinded input. The technique was later studied and

improved by Clavier et alii and presented at INDOCRYPT 2012. At SAC 2013, Bauer et alii presented the rst attack based on the Big Mac principle on implementations based on elliptic curves with simulation results.

In this work, we improve the attack presented by Bauer et alii to considerably increase the success rate. Instead of comparing only two multiplications, the targeted implementation

permits to compare many multiplications. We give experiment results with traces taken from a real target to prove the soundness of our attack. In fact, the experimental results show that the original Big Mac technique given by Walter was better

that the technique given by Clavier et alii. With our experiments on a real target, we show that the theoretical improvements are not necessarily the more suitable methods depending on the targeted implementations.

KU Leuven - COSIC is looking for a motivated researcher (phd-candidate or postdoc) for a 2-year project on automated protocol optimisation and generation. The selected applicant will work on the construction of new methods and associated tools to automate the design of cryptographic protocols, especially with regard to finding optimal implementations whilst preserving the security properties. This research topic is at the intersection of cryptographic protocol design, provable security, formal methods for protocol verification and optimisation. The candidate is expected to have experience in at least one of these areas. The project will involve some experimental implementations, so programming skills are a plus. Ideally the candidate should be able to start around October 2015.

For the above position the candidates must hold a Master’s Degree in engineering, mathematics or computer science, have good grades and have a keen interest in cryptography. We prefer candidates who can demonstrate that they have developed their research skills during their Master’s studies. For postdocs a PhD degree in the relevant area is required.

Why working at KU Leuven COSIC?

COSIC is a top research group in the crypto and security field

KU Leuven is one of Belgium’s leading research institutions

the campus offers high-class educational and recreational facilities

both the research group and the university provide a dynamic and international environment

the working language is English, the knowledge of Dutch is not required

ample networking opportunities with people working in the security field

Good future job prospects

Leuven is a lively, friendly university city located near Brussels

In \'Turning Online Ciphers Off\', a class of constructions was defined based on layers of secure online ciphers interleaved with simple mixing layers (like reversing and block-shifting). Here we show that an SPRP construction proposed in the work cited is insecure. Howevewr, the same construction is secure under the assumption that the underlying construction is online-but-last ciphers. We include a simpler proof for beyond-birthday security of other constructions proposed in the same work.

Keyword search on encrypted data enables one to search keyword

ciphertexts without compromising keyword security. We further investigate this problem and propose a novel variant, dubbed certificateless keyword search on encrypted data (CLKS). CLKS not only supports keyword search on encrypted data, but also brings promising features due to the certificateless cryptography. In contrast to the certificated-based keyword search, CLKS requires no validation on the trustworthy of the public key before encrypting keywords; in contrast to the identity-based

keyword search, CLKS prevents the key issuer (e.g., key generator center) from penetrating any information on keyword ciphertexts by leveraging the capability of accessing all data users\' (partial) private keys. Specifically, we rigorously define the syntax and security definitions for CLKS, and present the construction that is provably secure in the standard model under the Decisional Linear assumption. We implemented the proposed CLKS scheme and evaluated its performance. To the best of our knowledge, this is the first attempt to integrate certificateless cryptography with keyword search on encrypted data.

We prove that there is no fully black-box construction of collision-resistant hash functions (CRH) from hierarchical identity-based encryption (HIBE) with arbitrary polynomial number of identity levels. As a corollary we obtain a series of separations showing that none of the primitives implied by HIBE in a black-box way (e.g., IBE, CCA-secure public-key encryption) can be used in a black-box way to construct fully homomorphic encryption or any other primitive that is known to imply CRH in a black-box way. To the best of our knowledge, this is the first limitation proved for the power of HIBE.

Our proof relies on the reconstruction paradigm of Gennaro and Trevisan (FOCS 2000) and Haitner et al (FOCS 2007) and extends their techniques for one-way and trapdoor permutations to the setting of HIBE. A technical challenge for our separation of HIBE stems from the adaptivity of the adversary who is allowed to obtain keys for different identities before she selects the attacked identity. Our main technical contribution is to show how to achieve compression/reconstruction in the presence of such adaptive adversaries.

Submission: 13 July 2015
From January 10 to January 13
Location: Tel Aviv, Israel
More Information: http://www.cs.tau.ac.il/conferences/tcc2016/call_for_papers.html

One Research Assistant position to work on Cyber Information Systems is available from September 2015 at iTrust, Singapore University of Technology and Design (SUTD).

Candidates should have a Master or Bachelor Degree (EE or CS) and preferably have networking and network simulation background. This position will give good opportunity to engage in the theoretical research and the implementation.

How to apply: Interested candidates kindly send their CV to Dr. Alfonso Iacovazzi (email: alfonso.iacovazzi (at) uniroma1.it) or to Prof. Yuval Elovici (email: yuval_elovici (at) sutd.edu.sg). Initial screening of applications will begin immediately and only shortlisted candidates will be notified. The position will remain open until filled.

About iTrust@SUTD:

iTrust is a multidisciplinary research centre located at the Singapore University of Technology and Design (SUTD), established collaboratively by SUTD and the Ministry of Defence, Singapore (MINDEF). iTrust researchers focus on the development of advanced tools and methodologies to ensure security and safety of current and future Cyber Physical Systems, Enterprise security and Internet of Things. The Singapore University of Technology and Design (SUTD) is established in collaboration with Massachusetts Institute of Technology (MIT) to advance knowledge and nurture technically grounded leaders and innovators to serve social needs.

The last hash function and block cipher standardized by the Russian standardization body (GOST) both use the same S-Box. It is also used by an independent CAESAR candidate. This transformation is only specified as a look up table and the reason behind its choice is unknown.

We managed to reverse-engineer this S-Box and describe its unpublished structure. Our decomposition allows a much more efficient hardware implementation but the choice of the components used is puzzling from a cryptographic perspective.

This extended abstract does not explain \\emph{how} we found this decomposition. We will describe our process in an extended version of this paper.

This paper presents a novel unifying framework for electronic voting in the universal composability model that includes a property which is new to universal composability but well-known to voting systems: universal verifiability. Additionally, we propose three new techniques for secure electronic voting and prove their security and universal verifiability in the universal composability framework.

1. A tally-hiding voting system, in which the tally that is released consists of only the winner without the vote count. Our proposal builds on a novel solution to the millionaire problem which is of independent interest.

2. A self-tallying vote, in which the tally can be calculated by any observer as soon as the last vote has been cast --- but before this happens, no information about the tally is leaked.

3. Authentication of voting credentials, which is a new approach for electronic voting systems based on anonymous credentials. In this approach, the vote authenticates the credential so that it cannot afterwards be used for any other purpose but to cast that vote. We propose a practical voting system that instantiates this high-level concept.

In [LS90] Lapidot and Shamir provide a 3-round witness-indistinguishable (WI) proof of knowledge for Graph Hamiltonicity (the LS proof) with a special property: the prover uses the statement to be proved only in the last round.

This property has been instrumental in constructing round-efficient protocols for various tasks [KO04,DPV04,YZ07,SV12]. In all such constructions, the WI proofs are used to prove the OR composition of statements that are specified at different stages of the main protocol. The special property of LS proofs is used precisely to allow a player of the main protocol to start a proof, even if only one of the statements of the OR relation is available, thus saving rounds of communication.

If, on the one hand, the usage of LS proofs saves rounds, on the other hand it necessarily requires \\NP-reductions to Graph Hamiltonicity. As such, even if each of the statements to be proved in the main protocol admits an efficient Sigma-protocol (e.g., if the statement consists in proving knowledge of a committed value or of a secret key), the reduced round complexity is paid for with a loss of efficiency. Hence, round-efficient constructions that rely on LS proofs are typically inefficient.

A natural question is why one would go through the NP-reduction to use LS proof, instead of composing the Sigma-protocols using the OR composition technique introduced in [CDS94]. The answer is that the CDS technique requires both statements to be available at the beginning of the protocol. Due to this limitation, constructions that use the CDS technique have in some cases a worse round complexity than the ones based on LS proofs.

In this paper we introduce a new OR composition technique for Sigma-protocols that needs only one statement to be fixed when the proof begins. This seemingly weaker property is sufficient to replace the use of LS proofs in many applications that do not need both theorems to be undefined when the proof starts. In fact, we show how the new OR composition technique can directly improve the round complexity of

the efficient perfectly simulatable argument of [Pass03] (from four to three rounds) and of efficient resettable WI arguments (from five to four rounds).

Our OR technique can not compose any arbitrary pair of Sigma-protocols.

Nevertheless, we provide a precise classification of the Sigma-protocols that can be composed and show that all the widely used Sigma-protocols can be composed with our technique.

Chaskey is a Message Authentication Code (MAC) for 32-bit microcontrollers proposed by Mouha et. al at SAC 2014. Its underlying blockcipher uses an Even-Mansour construction with a permutation

based on the ARX methodology. In this paper, we present key-recovery

attacks against Chaskey in the single and multi-user setting. These attacks are based on recent work by Fouque, Joux and Mavromati presented at Asiacrypt 2014 on Even-Mansour based constructions. We first

show a simple attack on the classical single-user setting which confirms

the security properties of Chaskey. Then, we describe an attack in the

multi-user setting and we recover all keys of 2^{43} users by doing 2^{43} queries

per user. Finally, we show a variant of this attack where we are able to

recover keys of two users in a smaller group of 2^{32} users.

This position in the Laboratories’ Security Group involves research and development in the areas of Cloud Security, Device Security, SDN Security and Software Security. Our work ranges from foundational research and IPR creation to prototype development.

A good understanding of most of the following areas is required:

- Distributed systems and protocols, especially secure management of distributed resources e.g. IoT devices, software, services and data

- Security technologies and protocols, including applied cryptography and Privacy Enhancing Technologies

- Operating system internals and software development including experience with programming languages, such as Java, Scala or C/C++

- Deep knowledge of Linux as a development platform. Experience with OpenStack is a plus.

We are looking for individuals with a broad background in Computer Science and Software Engineering and we expect a master’s degree with some relevant professional experience in development for the security area.

Symphony is looking for a Head of Security Product Management to lead our Product initiatives on Security, in partnership with our CSO. Security is the most critical component of the entire Symphony company. Our organization is doubling size every few months, we have among the most advanced enterprises as customers, and are in the most competitive and innovative spaces in all technology. This means the Security of our communication offerings has to be unparalleled and has to break new boundaries every day.

DUTIES

? Define the Product that solves needs of customers, involving Engineering and Design to craft a feasible, performing and delightful experience

? Partner with Engineering to define the development plan and implement the Product

REQUIRED

? BA/BS in computer science or related field; strong technical skills

? 3+ years as a software engineer in an enterprise software company

? 7+ years as Product Mgr

? Security domain expertise - at least one of the following: cloud and infrastructure security, cryptography, secure protocols, software hardening and mobile security

Full description on our website.

Seeking a highly technical penetration tester or ethical hacker with a software development background.

Reports to the CSO and is based in our HQ in Palo Alto, CA.

DUTIES

• Conduct advanced penetration tests to identify vulnerabilities in applications and computer systems for our corporate and SaaS environment, using automated tools, ad-hoc tools, and manual testing

• Conduct penetration testing against different technological domains including, but not limited to, web applications, web services, wireless networks, databases, virtualized environments

REQUIRED

?• BSCS

• 10+ years InfoSec

• Security certs (e.g., CISSP, GSEC, CEH, etc.)

• Exp w/ penetration testing and forensics tools/platforms such as AppScan, Fortify, Maltego. Kali Linux, Nessus, nmap, OpenVAS

• Exp w/ exploitation frameworks, such as Metasploit, w3af, Core Impact, Canvas

Salaried position with bonus, benefits, stock options

We present new algorithm-substitution attacks (ASAs) on symmetric encryption that improve over prior ones in two ways. First, while prior attacks only broke a sub-class of randomized schemes having a property called coin injectivity, our attacks break ALL randomized schemes. Second, while prior attacks are stateful, ours are stateless, achieving a notion of strong undetectability that we formalize. Together this shows that ASAs are an even more dangerous and powerful mass surveillance method than previously thought. Our work serves to increase awareness about what is possible with ASAs and to spur the search for deterrents and counter-measures.

Submission: 5 December 2015
Notification: 15 February 2016
From May 31 to May 31
Location: Xi'an, China
More Information: http://icsd.i2r.a-star.edu.sg/cpss16/

Abstract: This work defines the security intelligence of a system based on secure multiparty computation in terms of correctness, fairness, trust, transparency, accountability, reliability, consistency, confidentiality, data integrity, non-repudiation, authentication, authorization, correct identification, privacy, safety and audit. It defines the security intelligence of a system comprehensively with a novel concept of collective intelligence. The cryptographic notion of security is applied to assess, analyze and mitigate the risks of bio-terrorism today. This work also tries to resolve the conflict between the security intelligence and business intelligence in the context of bio-terrorism and highlights the new cryptographic challenges.

Keywords: Secure multi-party computation, Security intelligence, Threat analytics, Business intelligence, Cross border bio-terrorism

The GHS attack is known to solve discrete logarithm problems (DLP) in the Jacobian of a curve C_0 defined over the d degree extension field k_d of k:=GF(q) by mapping it to the DLP in the Jacobian of a covering curve C of C_0 over k. Recently, classifications for all elliptic curves and hyperelliptic curves C_0/k_d of genus 2,3 which possess (2,...,2)-covering C/k of P^1 were shown under an isogeny condition (i.e. when g(C) = d * g(C_0)). This paper presents a systematic classification procedure for hyperelliptic curves in the odd characteristic case. In particular, we show a complete classification of elliptic curves C_0 over k_d which have (2,...,2)-covering C/k of P^1 for d=2,3,5,7. It has been reported by Diem that the GHS attack fails for elliptic curves C_0 over odd characteristic definition field k_d with prime extension degree d greater than or equal to 11 since g(C) become very large. Therefore, for elliptic curves over k_d with prime extension degree d, it is sufficient to analyze cases of d=2,3,5,7. As a result, a complete list of all elliptic curves C_0/k which possess (2,...,2)-covering C/k of P^1 thus are subjected to the GHS attack with odd characteristic and prime extension degree d is obtained.