International Association
for Cryptologic Research

When talking about FHE, refresh process is a little different from bootstrapping process. Bootstrapping always means that a scheme homomorphic decrypting its process, while refresh imply that use another scheme, always in large scale, to perform its decryption process. In EUROCRYPT’2015, Ducas and Micciancio proposed a FHE which can perform refresh process in less than a second, called DM14, while the scheme only support bite plaintext space, which is cumbersome for many applications. Extending DM14 to a large plaintext space becomes an open problem. In order to solve it, we improved the msbExtract process to endure a large base, by mapping the element to position. As a result, we constructed an efficient FHE with large plaintext space and quickly refresh process. We implemented our scheme in computer, and made a comparison between our performance and DM14. The result is that the running time is almost same, when extend the plaintext space from 2 to 8.

Cryptographic identification protocols enable a prover to prove its identity to a verifier. A subclass of such protocols are shared-secret challenge-response identification protocols in which the prover and the verifier share the same secret and the prover has to respond to a series of challenges from the verifier. When the prover is a human, as opposed to a machine, such protocols are called human identification protocols. To make human identification protocols usable, protocol designers have proposed different techniques in the literature. One such technique is to make the challenges sparse, in the sense that only a subset of the shared secret is used to compute the response to each challenge. Coskun and Herley demonstrated a generic attack on shared-secret challenge-response type identification protocols which use sparse challenges. They showed that if the subset of the secret used is too small, an eavesdropper can learn the secret after observing a small number of challenge-response pairs. Unfortunately, from their results, it is not possible to find the safe number of challenge-response pairs a sparse-challenge protocol can be used for, without actually implementing the attack on the protocol and weeding out unsafe parameter sizes. Such a task can be time-consuming and computationally infeasible if the subset of the secret used is not small enough. In this work, we show an analytical estimate of the number of challenge-response pairs required by an eavesdropper to find the secret through the Coskun and Herley attack. Against this number, we also give an analytical estimate of the time complexity of the attack. Our results will help protocol designers to choose safe parameter sizes for identification protocols that employ sparse challenges.

The vacancy at the Department of Computer Science is open to outstanding individuals who hold a doctorate and have excellent potential for a successful scientific career. On the basis of their experience and competence, applicants will be placed at one of the four levels of the tenure track system: Assistant Professor (first-term), Assistant Professor (second-term), Associate Professor, and (Full) Professor. Successful candidates at the two first-mentioned levels will be appointed for a fixed term whereas appointments at the Associate Professor level are either permanent (tenured) or for a fixed term. The position of Full Professor is always tenured.

The call is targeted particularly to the field of algorithms, logic and complexity. The current research directions of the department within this field include combinatorial algorithms, computational logic, cryptography, distributed algorithms, formal methods and verification, and natural computation. The department is looking for a person to strengthen these directions or complement them with new ones.

Closing date for applications: 14 February 2016

Contact: Kaisa Nyberg, Professor, email: kaisa.nyberg (at) aalto.fi

More information: http://www.aalto.fi/en/about/careers/jobs/view/652

The Department of Mathematical Sciences at Florida Atlantic University invites applications for a tenure-track position at the assistant professor level, starting in August 2016. FAU is home to The Center for Cryptology and Information Security, which is dedicated to original, cutting-edge research in cryptology and information security and to education and training of research students and information technology professionals. FAU is recognized as a National Center of Academic Excellence in Information Assurance/Cyber Defense Research (CAE-R) for academic years 2014-2019.

Research areas of particular interest for this position include, but are not limited to, mathematical foundations of public key cryptography, post-quantum cryptography, computational algebra, and algorithmic number theory.

Applicants must possess a Ph.D. in Mathematics or a closely related field. Candidates in all areas of cryptology and information security will be considered.

For additional information, please contact us by email to mathsearch (at) fau.edu. This position is open until filled and may close without prior notice. Priority consideration will be given to applications received by January 31, 2016. To be considered for the position, all applicants must apply and complete the Faculty, Administrative, Managerial & Professional Position Application form available online through the Office of Human Resources at: https://jobs.fau.edu. Please submit a cover letter, vita, copy of your transcript, research statement and a teaching statement through this website.

In addition, please arrange to have three letters of recommendation sent by first class mail to: Chair of the Search Committee, Department of Mathematical Sciences, Florida Atlantic University, 777 Glades Rd., Boca Raton, FL 33431 or by email to mathsearch (at) fau.edu.

A background check will be required for the candidate selected for this position.

Florida Atlantic University is an Equal Opportunity/Equal Access Institution.

Closing date for applications: 31 January 2016

Contact: Search Committee Chair, Department of Mathematical Sciences, 777 Glades RD, Boca Raton, FL 33431
Email: mathsearch (at) fau.edu
Phone: (561) 297-3340
Fax: (561) 297-2436

More information: https://jobs.fau.edu

We introduce a new class of protocols called Proofs of Work or Knowledge (PoWorKs). In a PoWorK, a prover can convince a verifier that she has either performed work or that she possesses knowledge of a witness to a public statement without the verifier being able to distinguish which of the two has taken place.

We formalize PoWorK in terms of three basic properties, completeness, f-soundness and indistinguishability (where f is a function that determines the tightness of the proof of work aspect) and present a construction that transforms 3-move HVZK protocols into 3-move public-coin PoWorKs. To formalize the work aspect in a PoWorK protocol we define cryptographic puzzles that adhere to certain uniformity conditions, which may also be of independent interest. We instantiate our puzzles in the random oracle (RO) model as well as via constructing ``dense'' versions of suitably hard one-way functions.

We then showcase PoWorK protocols by presenting two applications. We first show how non-interactive PoWorKs can be used to reduce spam email by forcing users sending an e-mail to either prove to the mail server they are approved contacts of the recipient or to perform computational work. As opposed to previous approaches that applied proofs of work to this problem, our proposal of using PoWorKs is privacy-preserving as it hides the list of the receiver's approved contacts from the mail server. Our second application for PoWorK relates to zero-knowledge protocols. We show that PoWorK protocols imply straight-line quasi-polynomial simulatable arguments of knowledge; by applying this result to our construction we obtain an efficient straight-line concurrent 3-move statistically quasi-polynomial simulatable argument of knowledge, improving the round complexity of the previously known four-move protocols.

In this paper, we give an attack against a public key cryptosystem based on Diophantine equations of degree increasing type (DEC) proposed by the third author ([Oku15]). We show that the security of DEC depends on the difficulty of finding special (relatively) short vectors in some lattices obtained from a public key and a ciphertext. The most important target vector in our attack is not necessarily a shortest vector in a lattice of low rank but only some entries are relatively small. In our attack, the LLL algorithm does not work well for finding such vectors. The technical point of our method is to change a norm dealt with in the usual LLL algorithm from the Euclidean norm to a special norm called a weighted norm. We call the LLL algorithm with respect to a weighted norm the ``weighted LLL algorithm'' in this paper. Our heuristic analysis suggests that the most important target vector in our attack becomes a shorter vector with respect to a weighted norm for an appropriate weight among the vectors in the lattice of low rank. Our experimental results by a standard PC with Magma suggest that our attack with the weighted LLL algorithm can recover a plaintext without finding a secret key for 128 bit security proposed in [Oku15] with sufficiently high probability.

In [13.] Dutch government proposes an identity scheme supporting personal data exchange of pupils with private e-textbook publishers. This design propagates sharing personal numbers of pupils with private parties violating the data minimisation principle in privacy laws.

We describe a privacy friendly alternative, giving pupils (and parents) control on the exchange of their personal data. Three generic forms based on homomorphic encryption are used as building blocks. These forms do not yield personal numbers, or even personal data from a legal perspective, and have strong, unlinkability properties. Only if required a school provides a party with a party-specific {\em pseudonym} identifying a pupil. The school is provided an {\em encrypted pseudonym} by a central party based on a {\em polymorphic pseudonym} formed by the school. Only intended parties, not even schools, have access to pseudonyms. Publishers can send pupil test results to a school without being able to assess whether pupils are identical.

We also describe how the infrastructure can be supplemented with privacy friendly attributes and user inspection as required by law.

The Kalyna block cipher has recently been established as the Ukranian encryption standard in June, 2015. It was selected in a Ukrainian National Public Cryptographic Competition running from 2007 to 2010. Kalyna supports block sizes and key lengths of 128, 256 and 512 bits. Denoting the variants of Kalyna as Kalyna-$b/k$, where $b$ denotes the block size and $k$ denotes the keylength, the design specifies $k \in \{b, 2b\}$. In this work, we re-evaluate the security bound of some reduced round Kalyna variants, specifically Kalyna-$128/256$ and Kalyna-$256/512$ against key recovery attacks in the single key model. We first construct new 6-round distinguishers and then use these distinguishers to demonstrate 9-round attacks on these Kalyna variants. These attacks improve the previous best 7-round attacks on the same.\\ Our 9-round attack on Kalyna-128/256 has data, time and memory complexity of $2^{105}$, $2^{245.83}$ and $2^{226.86}$ respectively. For our 9-round attack on Kalyna-256/512, the data/time/memory complexities are $2^{217}$, $2^{477.83}$ and $2^{443.45}$ respectively. The time and data complexities for Kalyna-256/512 reported in this work improve upon the previous best 7-round attack complexities on the same. The attacks presented in this work are currently the best on Kalyna. We apply multiset attack - a variant of meet-in-the-middle attack to achieve these results.

The rapid expansion and increased popularity of cloud computing comes with no shortage of privacy concerns about outsourcing computation to semi-trusted parties. Leveraging the power of encryption, in this paper we introduce Cryptoleq: an abstract machine based on the concept of One Instruction Set Computer, capable of performing general-purpose computation on encrypted programs. The program operands are protected using the Paillier partially homomorphic cryptosystem, which supports addition on the encrypted domain. Full homomorphism over addition and multiplication, which is necessary for enabling general-purpose computation, is achieved by inventing a software re-encryption module written using Cryptoleq instructions and blended into the executing program. Cryptoleq is heterogeneous, allowing mixing encrypted and unencrypted instruction operands in the same program memory space. Programming with Cryptoleq is facilitated using an enhanced assembly language that allows development of any advanced algorithm on encrypted datasets. As a case study, we implemented and evaluated the performance of a typical Private Information Retrieval problem.

Lightweight implementation of Elliptic Curve Cryptography on FPGA has been a popular research topic due to the boom of ubiquitous computing. In this paper we propose a novel single instruction based ultra-light ECC crypto-processor coupled with dedicated hard-IPs of the FPGAs. We show that by using the proposed single instruction framework and using the available block RAMs and DSPs of FPGAs, we can design an ECC crypto-processor for NIST curve P-256, requiring only 81 and 72 logic slices on Virtes-5 and Spartan-6 devices respectively.To the best of our knowledge, this is the first implementation of ECC which requires less than 100 slices on any FPGA device family.

Polynomial hashing as an instantiation of universal hashing is a widely employed method for the construction of MACs and authenticated encryption (AE) schemes, the ubiquitous GCM being a prominent example. It is also used in recent AE proposals within the CAESAR competition which aim at providing nonce misuse resistance, such as POET. The algebraic structure of polynomial hashing has given rise to security concerns: At CRYPTO 2008, Handschuh and Preneel describe key recovery attacks, and at FSE 2013, Procter and Cid provide a comprehensive framework for forgery attacks. Both approaches rely heavily on the ability to construct forgery polynomials having disjoint sets of roots, with many roots (\weak keys") each. Constructing such polynomials beyond nave approaches is crucial for these attacks, but still an open problem. In this paper, we comprehensively address this issue. We propose to use twisted polynomials from Ore rings as forgery polynomials. We show how to construct sparse forgery polynomials with full control over the sets of roots. We also achieve complete and explicit disjoint coverage of the key space by these polynomials. We furthermore leverage this new construction in an improved key recovery algorithm. As cryptanalytic applications of our twisted polynomials, we develop the rst universal forgery attacks on GCM in the weak-key model that do not require nonce reuse. Moreover, we present universal weak-key forgery attacks for the recently proposed nonce-misuse resistant AE schemes POET, Julius, and COBRA.

We construct a public-key encryption (PKE) scheme whose security is polynomial-time equivalent to the hardness of the Subset Sum problem. Our scheme achieves the standard notion of indistinguishability against chosen-ciphertext attacks (IND-CCA) and can be used to encrypt messages of arbitrary polynomial length, improving upon a previous construction by Lyubashevsky, Palacio, and Segev (TCC 2010) which achieved only the weaker notion of semantic security (IND-CPA) and whose concrete security decreases with the length of the message being encrypted.

At the core of our construction is a trapdoor technique which originates in the work of Micciancio and Peikert (Eurocrypt 2012).

We provide for the first time an asymptotic comparison of all known algorithms for the search version of the Learning with Errors (LWE) problem. This includes an analysis of several lattice-based approaches as well as the combinatorial BKW algorithm. Our analysis of the lattice-based approaches defines a general framework, in which the algorithms of Babai, Lindner-Peikert and several pruning strategies appear as special cases. We show that within this framework, all lattice algorithms achieve the same asymptotic complexity.

For the BKW algorithm, we present a refined analysis for the case of only a polynomial number of samples via amplification, which allows for a fair comparison with lattice-based approaches. Somewhat surprisingly, such a small number of samples does not make the asymptotic complexity significantly inferior, but only affects the constant in the exponent.

As the main result we obtain that both, lattice-based techniques and \BKW with a polynomial number of samples, achieve running time $2^{\bigO(n)}$ for $n$-dimensional LWE, where we make the constant hidden in the big-$\bigO$ notion explicit as a simple and easy to handle function of all LWE-parameters. In the lattice case this function also depends on the time to compute a BKZ lattice basis with block size $\Theta(n)$. Thus, from a theoretical perspective our analysis reveals how LWE's complexity changes as a function of the LWE-parameters, and from a practical perspective our analysis is a useful tool to choose LWE-parameters resistant to all known attacks.

Unclonable Encryption is a technique similar to Quantum Key Distribution and authentication of quantum states; it quantum-protects classical ciphertext so that it cannot be copied by eavesdroppers. We propose an improved variant which has higher efficiency and better error tolerance. Our variant uses four cipherstate bases that are equally spaced on the Bloch sphere, instead of the usual "+" and "x" basis.

Secret-key authentication protocols have recently received a considerable amount of attention, and a long line of research has been devoted to devising efficient protocols with security based on the hardness of the learning-parity with noise (LPN) problem, with the goal of achieving low communication and round complexities, as well as highest possible security guarantees.

In this paper, we construct 2-round authentication protocols that are secure against sequential man-in-the-middle (MIM) attacks with tight reductions to LPN, Field-LPN, or other problems. The best prior protocols had either loose reductions and required 3 rounds (Lyubashevsky and Masny, CRYPTO'13) or had a much larger key (Kiltz et al., EUROCRYPT'11 and Dodis et al., EUROCRYPT'12). Our constructions follow from a new generic deterministic and round-preserving transformation enhancing actively-secure protocols of a special form to be sequentially MIM-secure while only adding a limited amount of key material and computation.

We are looking for an excellent, motivated, self-driven doctoral student to work in the area of information security and cryptography. The position is for five years at the Department of Computer Science and Engineering. The PhD student will join Katerina Mitrokotsa’s group and will be funded by a project funded by the Swedish research council focusing on security and privacy issues in resource constrained devices.

The PhD student is expected to have a MSc degree or equivalent, and strong background in mathematics and/or theoretical computer science, with some background in cryptography.

The position is fully funded for five years. The call for expressions of interest will remain open until a suitable candidate is appointed.

For any inquiries or to apply for the positions, submit a full research curriculum-vitae (cv), names of two references, and a research statement to Prof. Katerina Mitrokotsa (aikmitr@ chalmers.se) clearly indicating the position sought.

Successful candidates will help to design and evaluate cryptographically reliable and privacy-preserving authentication protocols.

Closing date for applications: 31 January 2016

Contact: Katerina Mitrokotsa,
Associate Professor,
Chalmers University of Technology,
Department of Computer Science and Engineering
Göteborg, Sweden

Applications are invited for one fixed-term studentship from suitably qualified candidates who wish to undertake a PhD in Computer Science at University College Cork, Ireland. The position is within the Insight Centre for Data Analytics, funded by Science Foundation Ireland and industry. The research will be on managing user-consent for security and privacy in big datasets.

Informal enquiries to Dr Simon Foley simon.foley (at) insight-centre.org

Further information on the Insight Centre and security research at UCC is available at http://www.insight-centre.org and http://security.ucc.ie

More information and application details at: http://www.ucc.ie/en/hr/vacancies/research/full-details-614093-en.html

Closing date for applications: 29 January 2016

Contact: Dr Simon Foley simon.foley (at) insight-centre.org

More information: http://www.ucc.ie/en/hr/vacancies/research/full-details-614093-en.html

Event date: 4 August to 5 August 2016
Submission deadline: 15 April 2016
Notification: 1 June 2016

The Cryptographic Algorithms group at the Center for IT-Security, Privacy, and Accountability at Saarland University has several opening for excellent and highly motivated PhD students and Postdocs. Possible research interests of our group include (but are not limited to)

• Cryptographic protocols
• Secure two/multi-party computation
• Verifiable computation
• Functional signatures
• Cryptography based on hardware assumptions
• Cryptocurrencies
• Foundations

We investigate these topics both from a theoretical and applied perspective. The Cryptographic Algorithms Group is part of the Center for IT-Security and Privacy (short: CISPA). The CISPA was founded in October 2011 as a competence center for IT security at Saarland University. It is a joint endeavor of Saarland University (UdS) and its on-site partner institutions: the Max Planck Institute for Informatics (MPI-INF), the Max Planck Institute for Software Systems (MPI-SWS), and the German Research Center for Artificial Intelligence (DFKI).

Interested PhD students are expected to have a very strong background in mathematics and/or computer science. Please send a motivation letter and your complete transcripts to Dominique Schröder ds (AT) ca.cs.uni-saarland.de. Starting date is negotiable. Review of applications starts immediately until the position is filled.

Postdocs applicants are expected to have a PhD in cryptography or related areas, excellence in research proven for example by publications in IACR conferences and workshops CRYPTO, EUROCRYPT, ASIACRYPT, TCC, PKC,... or IT security venues like IEEE S&P, ACM CCS, NDSS, USENIX Security,…. Postdoc applicants should contact Dominique Schröder ds (AT) ca.cs.uni-saarland.de. Starting date is negotiable. Review of applications starts immediately until the position is filled.

Closing date for applications: 31 January 2016

Contact: Dominique Schröder: ds (AT) ca.cs.uni-saarland.de

More information: http://www.ca.cs.uni-saarland.de

The Chair of Computer Engineering (Lehrstuhl für Technische Informatik) of the University of Passau’s Faculty of Computer Science and Mathematics seeks applications for the post of a research fellow in the broad area of hardware security. The position is suitable both for candidates with a University Master’s degree who wish to work towards a doctorate, and for post-doctoral researchers. The position comes with a teaching load of 5 hours per week. Since the language of instruction in our Bachelor’s program is German, sufficient German-language skills are a prerequisite for this position.

The successful candidate must be interested in highest-level fundamental research, conducted cooperatively with academic and industrial partners in Germany and abroad. He or she holds an outstanding university degree in Computer Science, Mathematics, Electrical/Computer Engineering or a related discipline. She or he must be fluent in oral and written English and German. Advanced knowledge of C/C++ is required, ideally with experience in cross-site software development. Prior experiences in either cryptography/cryptanalysis or in integrated circuit design are strongly desired.

When you join us, you will conduct world-class research in collaboration with the leading scientists in Germany and elsewhere; you will enjoy excellent work conditions in a publication-friendly environment, a competitive salary (TV-L E13) accompanied by the German public-service benefit package and attractive living conditions in Passau, a city of 50,000, located between Munich, Nuremberg and Vienna. The post is suitable for part-time employment upon request. Please check the official job description (in German) under http://www.uni-passau.de/fileadmin/dokumente/beschaeftigte/Stellenangebote/2016_01_WM_Prof_Polian.pdf for details how to apply. Please note that we expect a cover letter formulated in German, for an initial assessment of your language skills. Apply before February 1, 2016, for full consideration.

Closing date for applications: 1 February 2016

Contact: Professor Ilia Polian: ilia.polian (at) uni-passau.de

More information: http://www.uni-passau.de/fileadmin/dokumente/beschaeftigte/Stellenangebote/2016_01_WM_Prof_Polian.pdf