International Association
for Cryptologic Research

Cloud computing is delivery of services rather than a product and among different cloud deployment models, the public cloud provides improved scalability and cost reduction when compared to others. Security and privacy of data is one of the key factors in transitioning to cloud. Typically the cloud providers have a demilitarized zone protecting the data center along with a reverse proxy setup. The reverse proxy gateway acts as initial access point and provides additional capabilities like load balancing, caching, security monitoring capturing events, syslogs related to hosts residing in the cloud. The audit-trail logs captured by reverse proxy server comprise important information related to all the tenants. While the PKI infrastructure works in cloud scenario it becomes cumbersome from manageability point of view and they lack flexibility in providing controlled access to data. In this paper we evaluate risks associated with security and privacy of audit logs produced by reverse proxy server. We provide a two-phase approach for sharing the audit-logs with users allowing fine-grained access. In this paper we evaluate certain Identity-Based and AttributeBased Encryption schemes and provide detailed analysis on performance.

We revisit the different approaches used in the literature to estimate the data complexity of distinguishing attacks on stream ciphers and analyze their inter-relationships. In the process, we formally argue which approach is applicable (or not applicable) in what scenario. To our knowledge, this is the first kind of such an exposition. We also perform a rigorous statistical analysis of the message recovery attack that exploits a distinguisher and show that in practice there is a significant gap between the data complexities of a message recovery attack and the underlying distinguishing attack. This gap is not necessarily determined by a constant factor as a function of the false positive and negative rate, as one would expect. Rather this gap is also a function of the number of samples of the distinguishing attack. We perform a case study on RC4 stream cipher to demonstrate that the typical complexities for message recovery attack inferred in the literature are but under-estimates and the actual estimates are quite larger.

We present a unified framework for studying secure multi-party computation (MPC) with *arbitrarily restricted interaction patterns*. Our study generalizes both standard MPC and recent models for MPC with specific restricted interaction patterns (such as a chain or a star), which were studied by Halevi et al. (Crypto 2011), Goldwasser et al. (Eurocrypt 2014), and Beimel et al. (Crypto 2014).

Since restricted interaction patterns cannot always yield full security for MPC, we start by formalizing the notion of "best possible security" for any interaction pattern. We then obtain the following results:

* Completeness theorem. We prove that the star interaction pattern is *complete* for the problem of MPC with general interaction patterns.

* Positive results. We present both information-theoretic and computationally secure protocols for computing arbitrary functions with general interaction patterns. We also present more efficient protocols for computing symmetric functions and for computing arbitrary functions over a chain.

* Negative results. We give evidence that our information-theoretic protocols for general functions will be hard to substantially improve on.

All of our protocols rely on a correlated randomness setup, which is *necessary* for computing general functions in our setting. In the computational case, we also present a generic procedure to make any correlated randomness setup *reusable*, in the common random string model.

Although most of our information-theoretic protocols have exponential complexity, they may be practical for functions on small domains (e.g., {0,1}^20), where they are concretely faster than their computational counterparts.

The Niederreiter public-key cryptosystem is based on the security assumption that decoding generic linear binary codes is NP complete, and therefore, is regarded as an alternative post-quantum solution to resist quantum computing. Current hardware implementations for the Niederreiter cryptosystem focus on data encryption/decryption but few of them consider digital signature producing given that signature scheme is much different from encrytion/decrytion and complicated to be integrated. In this work, we address the problem of achieving efficient Niederreiter digital signature and extending it to execute encryption/decryption on reconfigurable hardware. We first present a new parameter selection method by which both encryption/decryption and signature are able to be performed with the same hardware configurations. Then we design a compact ASIP architecture with the proposed parameter selection and resource sharing elaboration. FGPA experiments show that the proposed unified architecture can achieve encryption, decryption and signature with $1.41~\mu s$, $798.57~\mu s$ and $14.07~s$ respectively while maintaining acceptable area tradeoffs ($4254\times$slices, $29\times$36Kb-BRAMs and $3\times$DSP48E1s) on Virtex-6 devices.

Secure group communication in wireless sensors networks (WSN) is a critical issue. Self-healing mechanism is that nodes in WSN can recover the lost session keys without requiring anything to the group manager (GM). Self-healing can be applied to key management, which can efficiently achieve the secure group communication. In 2015, Sun {\em et al.} proposed a self-healing group key distribution (SGKD) scheme based on access polynomial and sliding-window in WSN, and they claim that the proposed scheme can achieve any-wise backward secrecy, any-wise forward secrecy and $\delta$ collusion resistance. However, we find the scheme can not resist the collusion attack of new joined nodes and revoked nodes, and the legitimate cannot achieve session key recovery in some case.

The Department of Computer Science at North Carolina State University (NCSU) seeks to fill tenure-track faculty positions in the area of Security starting August 16, 2016.

Successful security candidates must have a strong commitment to academic and research excellence, and an outstanding research record commensurate with the expectations of a major research university. Required credentials include a doctorate in Computer Science or a related field. While the department expects to hire at the Assistant Professor level, candidates with exceptional research records are encouraged to apply for a senior position. The department is one of the largest and oldest in the country. It is part of a top US College of Engineering, and has excellent and extensive ties with industry and government laboratories. The department’s research expenditures and recognition have been growing steadily as has the recognition of our impact in the areas of security, systems, software engineering, educational informatics, networking, and games. For example, we have one of the largest concentrations of NSF Early Career Award winners (24 of our current or former faculty have received one).

NCSU is located in Raleigh, the capital of North Carolina, which forms one vertex of the world-famous Research Triangle Park (RTP). RTP is an innovative environment, both as a metropolitan area with one of the most diverse industrial bases in the world, and as a center of excellence promoting technology and science. The Research Triangle area is routinely recognized in nationwide surveys as one of the best places to live in the U.S. We enjoy outstanding public schools, affordable housing, and great weather, all in the proximity to the mountains and the seashore.

Closing date for applications: 15 December 2015

Contact: Security/Privacy Search Committee, security-search (at) csc.ncsu.edu

More information: https://jobs.ncsu.edu/postings/58679

Event date: 8 August to 12 August 2016
Submission deadline: 15 March 2016
Notification: 10 May 2016

In the early fifties, Claude Shannon initiated the theory of cryptographic primitives. He defined the notion of diffusion and confusion. However, this theory did not developed very much until nowadays. Recently, the differential cryptanalysis and the linear cryptanalysis gave a significant advance in the analysis of the primitives. Security criteria for confusion, essentially nonlinearity criteria, has been proposed. In this thesis, we show how to define a notion of complexity on the graph structure of the primitives and how to study it. This gives security criteria of the computational network. We propose new criteria for diffusion. Finally, we unify the two types of cryptanalysis, getting rid of their linear aspects by a statistical approach.

The cryptography group at the Institute of Computer Science of University of Tartu seeks a postdoctoral researcher and a PhD student in computer science. The positions will be supporting a EU H2020 project on mix-nets (PANORAMIX) for applications like electronic voting, secure messaging, and statistics gathering. The postdoctoral researcher should have a strong track record in cryptography, and in particular in the design of efficient zero knowledge proofs and/or e-voting and mix-nets. The PhD student is expected to have a MSc degree or equivalent, and strong background in mathematics and/or theoretical computer science, with some background in cryptography.

Successful candidates will help to design and evaluate cryptographically secure mix-nets and perform other research duties to help with the project, coordinate and advise partners on implementing research prototypes (the candidate may or may not participate in implementing), and ensure the smooth administration of the project including the timely delivery of research output. (Some of these duties apply only for the postdoctoral researcher.) We expect candidates to be able to develop and devote significant time to their own research agenda around the theme of the project.

The EU H2020 project PANORAMIX requires travel to and collaboration with colleagues throughout the European Union. Full travel and equipment budget is available to support the activities of the project.

For any inquiries or to apply for the positions, submit a full research curriculum-vitae (cv), names of two references, and a research statement (obligatory for the postdoctoral researcher) to Prof Helger Lipmaa (firstname.lastname (at) ut.ee) clearly indicating the position sought.

The call for expressions of interest will remain open until a suitable candidate is appointed. However, the project starts from September 1, 2015, and will last for three years. In the case of interest, the candidates may later seek further employment but this is not necessarily guaranteed.

Closing date for applications: 1 February 2016

Contact: Contact: Helger Lipmaa

lead research fellow

Institute of Computer Science

University of Tartu, Estonia

firstname.lastname (at) ut.ee

More information: http://crypto.cs.ut.ee/Main/Positions

There is a vacancy for a PhD position at the Department of Informatics, University of Bergen, Norway (www.uib.no/en/ii) within cryptology. The position is for a fixed term period of 3 years and funded by the project “Modern Methods and Tools for Theoretical and Applied Cryptology” (CryptoWorld) awarded by the Research Council of Norway.

About the project/work tasks

Analyze, design and implement symmetric cryptographic lightweight primitives. Establish new methods of algebraic cryptanalysis and implement them efficiently. Advance the theoretical understanding of the use of Nonlinear Feedback Shift Registers (NLFSRs) for the needs of symmetric key cryptography.

The research training

The PhD candidate should have a strong background in computer science or/and mathematics with relevance to cryptography and must participate in an approved educational program for a PhD degree within a period of 3 years.

Closing date for applications: 15 December 2015

Contact: Professor Tor Helleseth Tor.Helleseth (at) ii.uib.no or Professor Igor Semaev Igor.Semaev (at) ii.uib.no

More information: http://www.jobbnorge.no/en/available-jobs/job/119559/phd-position-in-cryptology

The School of Electrical Engineering and Computer Science is seeking a Lecturer in Cryptography. The successful candidate will have a strong theoretical background and familiarity with modern developments in mathematical cryptography, as well as demonstrated capacity for creative research. Women, Indigenous Australians and Torres Strait Islander people are strongly encouraged to apply. Open to Australian and International applicants.

Position Purpose: The successful candidate will teach and coordinate at both the undergraduate and postgraduate levels. This position will work closely with an ARC Future Fellow in the area of cryptographic protocol design, with a focus on lightweight, useable and human-driven cryptography. A strong theoretical background and familiarity with modern developments in mathematical cryptography, as well as demonstrated capacity for creative research are essential.

Direct URL:

https://qut.nga.net.au/cp/index.cfm?event=jobs.checkJobDetailsNewApplication&jobid=D6F541A7-4DD7-7835-AA6A-896F12623CB9

Closing date for applications: 13 December 2015

Contact: Associate Professor Xavier Boyen

HR Contact: Anya Levina, HR Advisor

Job ID: 15533

Please see the official page for contact and application details.

More information: https://qut.nga.net.au/cp/index.cfm?search=15533

The University of Luxembourg seeks to hire an outstanding post-doctoral researcher at its Interdisciplinary Centre for Security, Reliability and Trust (SnT). The successful candidate will participate in the activities of the Security and Trust of Software Systems (SaToSS) research group led by Prof. Dr. Sjouke Mauw. The SaToSS group is working on formalising and applying formal reasoning to real-world security problems and trust issues. The research topics of the group include: security protocols, security modeling, formal methods for security, socio-technical aspects of security, risk management, privacy, verification, etc.

The university offers a one year employment that may be extended up to five years. The successful candidates will be working in an exciting, international and multicultural environment. The university offers highly competitive salaries and is an equal opportunity employer.

We welcome applications from candidates who have completed a Ph. D. degree in Mathematics or Computer Science by March, 2016. Preference will be given to applicants with proven interest in security and graph theory.

Applications will be considered on receipt therefore applying before the deadline is encouraged.

For further information and to submit your application please visit:

http://emea3.mrted.ly/ved5

Deadline for applications:

7 Dec, 2015

Closing date for applications: 7 December 2015

Contact: Prof. Dr. Sjouke Mauw (sjouke.mauw (at) uni.lu) or

Dr. Rolando Trujillo Rasua (rolando.trujillo (at) uni.lu)

Submission: 13 January 2016
Notification: 26 February 2016
From May 30 to May 30
Location: Xi'an, China
More Information: http://icsd.i2r.a-star.edu.sg/cpss16/

State-of-the-art e-voting systems rely on voters to perform certain

actions to ensure that the election authorities are not manipulating the election result.

This so-called ``end-to-end (E2E) verifiability\'\' is the hallmark

of current e-voting protocols; nevertheless,

thorough analysis of current systems is still far from

being complete.

In this work, we initiate the study of

e-voting protocols as ceremonies.

A ceremony, as introduced by Ellison,

is an extension of the notion of a

protocol that includes human participants as separate nodes of the system that

should be taken into account when performing the security analysis.

We propose a model for secure e-voting ceremonies

that centers on the two properties of end-to-end verifiability

and privacy/receipt-freeness and allows the consideration of

arbitrary behavioral distributions for the human participants.

We then analyze the Helios system

as an e-voting ceremony. Security in the e-voting ceremony model

requires the specification of a class of human behaviors with respect

to which the security properties can be preserved. We show how

end-to-end verifiability is sensitive to human

behavior in the protocol by characterizing the set of behaviors under which

the security can be preserved and also showing explicit scenarios where it fails.

In a constrained pseudorandom function (PRF), the holder of the master secret key can derive constrained keys with respect to a boolean circuit C. The constrained key can be used to evaluate the PRF on all inputs x for which C(x) = 1. In almost all existing constructions of constrained PRFs, the constrained key itself reveals its constraints. We introduce the concept of private constrained PRFs, which are constrained PRFs with the additional property that the constrained keys do not reveal their constraints. Our main notion of privacy captures the intuition that an adversary, given a constrained key for one of two circuits $C_0$ and $C_1$, is unable to tell which circuit is associated with its key. As a primitive, private constrained PRFs have many natural applications in searchable symmetric encryption, deniable encryption, and more.

We then show how to instantiate private constrained PRFs. Our first construction uses indistinguishability obfuscation and achieves our strongest notions of functionality and privacy. We also give two constructions based on concrete assumptions on multilinear maps which achieve slightly weaker notions of privacy and for more limited classes of constraints: namely, for the class of bit-fixing constraints and puncturing constraints.

In this paper, we design a new blockchain Byzantine consensus protocol

SCP where the throughput scales nearly linearly with the

computation: the more computing power available, the more blocks

selected per unit time. SCP is also efficient that the number of

messages it requires is nearly linear in the network size. The {\\em

computational scalability} property offers the flexibility to tune

bandwidth consumption by adjusting computational parameters (e.g.

proof-of-work difficulty). The key ideas lie in securely establishing

identities for network participants, randomly placing them in several

committees and running a classical consensus protocol within each

committee to propose blocks in {\\em parallel}. We further design a

mechanism to allow reaching consensus on blocks without broadcasting

actual block data, while still enabling efficient block

verification. We prove that our protocol is secure, efficient and

applicable to several case studies. We conduct scalability experiments

on Amazon EC2 with upto 80 cores, and confirm that SCP matches

its theoretical scaling properties.

Side-channel attacks utilize information leakage in the implementation of an otherwise secure cryptographic algorithm to extract secret information. For example, adversaries can extract the secret key used in a cryptographic algorithm by observing cache-timing data. Threshold cryptography enables the division of private keys into shares, distributed among several nodes; the knowledge of a subset of shares does not leak information about the private key, thereby defending against memory disclosure and side-channel attacks. This work shows that applying threshold cryptography to ECDSA--the elliptic curve variant of DSA--yields a fully distributive signature protocol that does not feature a single point of failure. Our security analysis shows that Threshold ECDSA protects against a wide range of side-channel attacks, including cache attacks, and counteracts memory disclosure attacks. We further provide the first performance analysis of Threshold ECDSA, and provide a proof of concept of the protocol in practice.

The encryption scheme NTRU is designed over a quotient ring of a polynomial ring.

Basically, if the ring is changed to any other ring, NTRU-like cryptosystem is constructible.

In this paper, we propose a variant of NTRU using group ring, which is called GR-NTRU.

GR-NTRU includes NTRU as a special case.

Moreover, we analyze and compare the security of GR-NTRU for several concrete groups.

It is easy to investigate the algebraic structure of group ring by using group representation theory.

We apply this fact to the security analysis of GR-NTRU.

We show that the original NTRU and multivariate NTRU are most secure among several GR-NTRUs which we investigated.

Midori is a lightweight block cipher designed by Banik et al. at ASIACRYPT 2015. One version of Midori uses a 64-bit state, another uses a 128-bit state and we denote these versions Midori-64 and Midori-128. Each of these versions uses a 128-bit key. In this paper, we focus on the key-recovery attacks on reduced-round Midori-64 with meet-in-the-middle method. We use the differential enumeration technique and key-dependent sieve technique which are popular to analyze AES to attack Midori-64. We propose a 6-round distinguisher, and achieve a 10-round attack with time complexity of 2^{99.5} 10-round Midori-64 encryptions, data complexity of 2^{61.5} chosen-plaintexts and memory complexity of 2^{92.7} 64-bit blocks. After that, by adding one round at the end, we get an 11-round attack with time complexity of 2^{122} 11-round Midori-64 encryptions, data complexity of 2^{53} chosen-plaintexts, and memory complexity of 2^{89.2} 64-bit blocks. To the best of our knowledge, this is recently the best attack on Midori-64.

The IMDEA Software Institute (Madrid, Spain) invites applications for a postdoctoral position in the area of Cryptography.

The successful candidate will join the cryptography group led by Prof. Dario Fiore to work on a project within the area of homomorphic encryption and verifiable computation.

Applicants should have already completed, or be close to completing, a PhD in a relevant discipline. Applicants should have an excellent research track record in Cryptography, ideally with significant experience in homomorphic encryption, lattice-based and pairing-based cryptography. Solid programming skills and experience in implementing cryptographic protocols are required.

The position is based in Madrid, Spain where the IMDEA Software Institute is situated. Salaries are internationally competitive and are established on an individual basis within a range that guarantees fair and attractive conditions with adequate and equitable social security provision in accordance with existing national Spanish legislation. This includes access to an excellent public healthcare system. The working language at the institute is English.

The postdoctoral position is for 1 year with possibilities of renewal. The starting date is immediate starting from January 1, 2016.

Applicants interested in the position should apply at the link below. Review of applications starts immediately until the position is filled.