International Association
for Cryptologic Research

Event date: 10 November to 12 November 2016
Submission deadline: 3 June 2016
Notification: 3 August 2016

Event date: 6 July to 8 July 2016
Submission deadline: 15 March 2016

Job Responsibilities: Reporting to the Director of Security and Data Sciences, the Engineer is responsible for the following:

• Conduct research on advanced ethical hacking, penetration testing, reverse engineering.
• Conduct assessment on network infrastructure, web and mobile security.
• Assisting in IT security enforcement and enhancement.
• Design secure application testing approaches, integrate quality assurance testings with security functionalities.
• Candidate with strong programming background will also be involved in security tool/signature development.
• Design and implement preventive security controls, application code review and analysis, code scanning and testing tools, web application scanning and penetration tests.
• Manage vendor and service provider on security tools and technologies project engagement and delivery.

Requirements:

• Bachelor’s degree or above in Computer Science, Electrical Engineering or other relevant disciplines with a minimum of 5 years of experience in security assessment. Candidates with less experience will also be considered for the Engineer level.
• Experience in financial industry is preferred but not mandatory.
• Demonstrate wide working knowledge of application security.
• Experience in application development life cycle, application testing and code scanning, with exposure in penetration test, finding exploits, vulnerabilities, unauthorized access, or other malicious activities in computer systems.
• Proficient in English, spoken and written.
• High integrity and professional work practice.
• Appreciation of people and cultures of different countries.

Closing date for applications: 30 January 2016

Contact: Charlene Choo

More information: http://www.astri.org/careers/work-at-astri/jobs/senior-engineerengineer-cyber-security-assessment-multiple-openings/

Reporting to the Director of Security and Data Sciences, the Engineer is responsible for the following:

• Develop and implement secure cloud computing and secure software systems.
• Develop cryptographic and encryption technologies.
• Develop mobile security solutions.
• Develop and implement cyber-threat intelligence and defense technologies.
• Perform security review and assessment on information security and e-commerce systems.
• Conduct R&D in various areas which include but not limited to software, network, distributed system, database, and mobile security.

Requirements:

• Bachelor’s degree or above in Computer Science, Electrical Engineering or other relevant disciplines.
• More senior candidates with Master or PhD degree, or with minimum five years’ of experience in software development, i.e. design, implementation, test and documentation will be considered as Senior Engineer.
• Familiar with software development or testing, programming languages on C/C++/ObjC/Java/Javascript.
• Certificates or formal training in information security or with experience in security assessment is a plus, but not a necessity.
• Good knowledge of OS security and virtualization security, and implementation experience on the cloud an advantage.
• A team player with good analytical and communications skills.
• Good command of written and spoken English.

Closing date for applications: 30 January 2016

Contact: Charlene Choo

More information: http://www.astri.org/careers/work-at-astri/jobs/senior-engineerengineer-information-security/

Gentry’s bootstrapping technique is the most famous method of obtaining fully homomorphic encryption. In previous work I proposed a fully homomorphic encryption without bootstrapping which has the weak point in the plaintext. I also proposed a fully homomorphic encryption with composite number modulus which avoids the weak point by adopting the plaintext including the random numbers in it. In this paper I propose another fully homomorphic encryption with composite number modulus where the complexity required for enciphering and deciphering is smaller than the same modulus RSA scheme. In the proposed scheme it is proved that if there exists the PPT algorithm that decrypts the plaintext from the any ciphertexts of the proposed scheme, there exists the PPT algorithm that factors the given composite number modulus. In addition it is said that the proposed fully homomorphic encryption scheme is immune from the “p and -p attack”. Since the scheme is based on computational difficulty to solve the multivariate algebraic equations of high degree while the almost all multivariate cryptosystems proposed until now are based on the quadratic equations avoiding the explosion of the coefficients. Because proposed fully homomorphic encryption scheme is based on multivariate algebraic equations with high degree or too many variables, it is against the Grö;bner basis attack, the differential attack, rank attack and so on.

Recent research in the field of lattice-based cryptography, especially on the topic of the ring-based primitive ring-LWE, provided efficient and practical ring-based cryptographic schemes, which can compete with more traditional number-theoretic ones. In the case of ring-LWE these cryptographic schemes operated mainly in power-of-two cyclotomics, which vastly restricted the variety of possible applications. Due to the toolkit for ring-LWE of Lyubashevsky, Peikert and Regev, there are now cryptographic schemes that operate in arbitrary cyclotomics, with no loss in their underlying hardness guarantees, and only little loss computational efficiency.

Next to some further refinements and explanations of the theory and additional implementation notes, we provide the - as far as we know - first implementation of the toolkit of Lyubashevsky, Peikert and Regev. This includes a complete framework with fast and modular algorithms that can be used to build cryptographic schemes around ring-LWE. Our framework is easy to use, open source and has only little third party dependencies. For demonstration purposes we implemented two public-key cryptographic schemes using our framework. The complete source code is available at https://github.com/CMMayer/Toolkit-for-Ring-LWE.git.

We present techniques and protocols for the preprocessing of secure multiparty computation (MPC), focusing on the so-called SPDZ MPC scheme SPDZ and its derivatives. These MPC schemes consist of a so-called preprocessing or offline phase where correlated randomness is generated that is independent of the inputs and the evaluated function, and an online phase where such correlated randomness is consumed to securely and efficiently evaluate circuits. In the recent years, it has been shown that such protocols turn out to be very efficient in practice.

While much research has been conducted towards optimizing the online phase of the MPC protocols, there seems to have been less focus on the offline phase of such protocols. With this work, we want to close this gap and give a toolbox of techniques that aim at optimizing the preprocessing.

We support both instantiations over small fields and large rings using somewhat homomorphic encryption and the Paillier cryptosystem, respectively. In the case of small fields, we show how the preprocessing overhead can basically be made independent of the field characteristic and present a more efficient (amortized) zero-knowledge proof of plaintext knowledge. In the case of large rings, we present a protocol based on the Paillier cryptosystem which has a lower message complexity than previous protocols and employs more efficient zero-knowledge proofs that, to the best of our knowledge, were not presented in previous work.

AES-NI, or Advanced Encryption Standard New Instructions, is an extension of the x86 architecture proposed by Intel in 2008. With a pipelined implementation utilizing AES-NI, parallelizable modes such as AES-CTR become extremely efficient. However, out of the four non-trivial NIST-recommended encryption modes, three are inherently sequential: CBC, CFB, and OFB. This inhibits the advantage of using AES-NI significantly. Similar observations apply to CMAC, CCM and a great deal of other modes. We address this issue by proposing the comb scheduler -- a fast scheduling algorithm based on an efficient look-ahead strategy, featuring a low overhead -- with which sequential modes profit from the AES-NI pipeline in real-world settings by filling it with multiple, independent messages.

As our main target platform we apply the comb scheduler to implementations on Haswell, a recent Intel microarchitecture, for a wide range of modes. We observe a drastic speed-up of factor 5 for NIST's CBC, CFB, OFB and CMAC performing around 0.88 cpb. Surprisingly, contrary to the entire body of previous performance analysis, the throughput of the authenticated encryption (AE) mode CCM gets very close to that of GCM and OCB3, with about 1.64 cpb (vs. 1.63 cpb and 1.51 cpb, respectively), when message lengths are sampled according to a realistic distribution for Internet packets, despite Haswell's heavily improved binary field multiplication. This suggests CCM as an AE mode of choice as it is NIST-recommended, does not have any weak-key issues like GCM, and is royalty-free as opposed to OCB3. Among the CAESAR contestants, the comb scheduler significantly speeds up CLOC/SILC, JAMBU, and POET, with the mostly sequential nonce-misuse resistant design of POET, performing at 2.14 cpb, becoming faster than the well-parallelizable COPA. Despite Haswell being the target platform, we also include performance figures for the more recent Skylake microarchitecture, which provides further optimizations to AES-NI instructions. Finally, this paper provides the first optimized AES-NI implementations for the novel AE modes OTR, CLOC/SILC, COBRA, POET, McOE-G, and Julius.

One of the most fundamental notions of cryptography is that of \emph{simulation}. It stands behind the concepts of semantic security, zero knowledge, and security for multiparty computation. However, writing a simulator and proving security via the use of simulation is a non-trivial task, and one that many newcomers to the field often find difficult. In this tutorial, we provide a guide to how to write simulators and prove security via the simulation paradigm. Although we have tried to make this tutorial as stand-alone as possible, we assume some familiarity with the notions of secure encryption, zero-knowledge, and secure computation.

Outsourcing paradigm is one of the most attractive benefits of cloud computing, where computation workloads can be outsourced to cloud servers by the resource-constrained devices, such as RFID tags. With this paradigm, cloud users can avoid setting up their own infrastructures. As a result, some new challenges, such as security and checkability, are inevitably introduced. In this paper, we address the problem of secure outsourcing algorithm for modular exponentiations in the one-malicious version of two untrusted program model. We show that our proposed algorithm is more efficient than the state-of-the-art algorithms. On the other hand, we point out in this paper that the first outsource-secure algorithm for simultaneous modular exponentiations proposed recently is insecure, where the sensitive information can be leaked to the malicious servers. As a result, we propose a new and more efficient algorithm for simultaneous modular exponentiations. We also propose the constructions for outsource-secure Cramer-Shoup encryptions and Schnorr signatures which are also more efficient than the state-of-the-art algorithms.

The \emph{Algebraic Eraser Diffie--Hellman} (AEDH) protocol was introduced in 2005 and published in 2006 by I.~Anshel, M.~Anshel, D.~Goldfeld, and S.~Lemieux as a protocol suitable for use on platforms with constrained computational resources, such as FPGAs, ASICs, and wireless sensors. It is a group-theoretic cryptographic protocol that allows two users to construct a shared secret via a Diffie--Hellman-type scheme over an insecure channel.

Building on the refuted 2012 permutation-based attack of Kalka--Teichner--Tsaban (KKT), Ben-Zvi, Blackburn, and Tsaban (BBT) present a heuristic attack, published November 13, 2015, that attempts to recover the AEDH shared secret. In their paper BBT reference the AEDH protocol as presented to ISO for certification (ISO 29167-20) by SecureRF. The ISO 29167-20 draft contains two profiles using the Algebraic Eraser. One profile is unaffected by this attack; the second profile is subject to their attack provided the attack runs in real time. This is not the case in most practical deployments.

The BBT attack is simply a targeted attack that does not attempt to break the method, system parameters, or recover any private keys. Rather, its limited focus is to recover the shared secret in a single transaction. In addition, the BBT attack is based on several conjectures that are assumed to hold when parameters are chosen according to standard distributions, which can be mitigated, if not avoided. This paper shows how to choose special distributions so that these conjectures do not hold making the BBT attack ineffective for braid groups with sufficiently many strands. Further, the BBT attack assumes that certain data is available to an attacker, but there are realistic deployment scenarios where this is not the case, making the attack fail completely. In summary, the BBT attack is flawed (with respect to the SecureRF ISO draft) and, at a minimum, over-reaches as to its applicability.

A non-malleable encoding scheme is a key-less encoding scheme which is resilient to tampering attacks. Such a scheme is said to be continuously secure if the scheme is resilient to attacks containing more than one tampering procedure. Also, such a scheme is said to have tamper-detection property if any kind of tampering attack is detected. In [S. Faust, et al., Continuous nonmalleable codes, TCC Proc., LNCS Vol. 8349, 2014.] a general continuous non-malleable encoding scheme based on NIZK is introduced which is secure in a strong model for which the adversary receives a no-tamper as a response to its tampering query if the decoding of the tampered codeword is identical to the original message. In this article we introduce a new strongly secure continuous non-malleable encoding scheme with tamper-detection property whose security is based on the existence of secure MAC’s. Moreover, we introduce and justify the importance of an intermediate security model called semi-strong continuous non-malleability, while we provide a secure semi-strong continuous non-malleable encoding scheme whose security is based on the existence of CCA-secure public-key encryption. Considering the area of applications of encoding schemes in tamper-proof devices, it is instructive to note that our proposed schemes can be used to implement an algorithmic tamper-detection level as well as maintaining the security conditions.

RFID technology is one of the major applications of lightweight cryptography where security and cost both are equally essential or we may say that cost friendly cryptographic tools have given more weightage. In this paper, we propose a lightweight hash, Neeva-hash satisfying the very basic idea of lightweight cryptography. Neeva-hash is based on sponge mode of iteration with software friendly permutation which provides great efficiency and required security in RFID technology. The proposed hash can be used for many application based purposes.

This position requires a sound academic background in both analytical and theoretical fields. The positions will primarily focus on work such as characterizing secure data communications in terms of encryption, encoding and other signal modifications and then providing the necessary technical elaboration to help engineering teams develop and implement techniques to efficiently handle these signals.

In this position, it would be a requirement to develop mathematical techniques to find solutions and then implement the solutions as efficiently as possible in both computer hardware and software. These techniques will also be used to evaluate cryptographic algorithms and protocols as well as provide guidance on the design and development of cryptographic systems. Areas of mathematics particularly applicable to this position at CipherQ include:

• Abstract algebra (especially finite field theory)
• Computational number theory
• Linear algebra and numerical methods
• Statistics
• Combinatorics
• Cryptography and Applied Cryptanalysis
• Theoretical computer science

Expertise and applied knowledge of modern cryptographic algorithms and protocols is a mandatory requirement. Additional capabilities in cryptography that will be an asset include but are not limited to:

• Lattice-based
• Multivariate
• Hash-based
• Code-based
• Discrete Finite Fields and Elliptic Curves
• Quantum key distribution

Other areas of knowledge that would be considered key assets:

• Strong knowledge of computer programming languages: C/C++, Java, Python, Octave/Mathematica/Maple/Matlab environments.
• Knowledge of telecommunications and networking principles
• An understanding of modern computer architectures and information technology architectures including cloud computing

Education: Doctoral degree in Mathematics, or equivalent degree in other mathematical sciences or engineering fields with a strong mathematical background.

Closing date for applications: 30 April 2016

Contact: Dr. Christian Weedbrook: info@CipherQ.com

Secret handshakes (SH) scheme is a key agreement protocol between two members of the same group. Under this scheme two members share a common key if and only if they both belong to the same group. If the protocol fails none of the parties involved get any idea about the group affiliation of the other. Moreover if the transcript of communication is available to a third party, she/he does not get any information about the group affiliation of communicating parties. The concept of SH was given by Balfanz in 2003 who also gave a practical SH scheme using pairing based cryptography. The protocol proposed by Balfanz uses one time credential to insure that handshake protocol performed by the same party cannot be linked. Xu and Yung proposed SH scheme that achieve unlinkability with reusable credentials. In this paper, a new unlinkable secret handshakes scheme is presented. Our scheme is constructed from the ZSS signature and inspired on an identity based authenticated key agreement protocol, proposed by McCullagh et al. In recently proposed work most of unlinkable secret handshake schemes have either design flaw or security flaw, we proved the security of proposed scheme by assuming the intractability of the bilinear inverse Diffie-Hellman and k-CAA problems.

A method of network intrusion detection is proposed based on Bayesian topic models. The method employs tcpdump packets and extracts multiple features from the packet headers. A topic model is trained using the normal traffic in order to learn feature patterns of the normal traffic. Then the test traffic is analyzed against the learned normal feature patterns to measure the extent to which the test traffic resembles the learned feature patterns. Since the feature patterns are learned using only the normal traffic, the test traffic is likely to be normal if its feature pattern resembles the learned feature patterns. An attack alarm is raised when the test traffic's resemblance to the learned feature patterns is lower than a threshold. Experiment shows that our method is efficient in attack detection. It answers the open question how to detect network intrusions using topic models.

Currently, it is believed in the literature that unconditionally secure bit commitment is impossible in non-relativistic quantum cryptography while only a weaker notion of bit commitment with finite commitment time is achievable in relativistic quantum setting. Moreover, relativistic classical bit commitment protocols allow arbitrary long commitment time but such protocols are not practically feasible; either because of multiple rounds of communication that result in exponential increase in communication complexity or due to asymptotic nature of security argument. The impossibility of practically feasible standard bit commitment leaves an obvious skepticism on the completeness of Hilbert space quantum cryptography and its claims of unconditional security. Contrary to the previously proposed results, we demonstrate here that an information-theoretic standard bit commitment scheme can be devised by using rules of purely non-relativistic quantum mechanics only; neither additional resources from theory of relativity nor multiple rounds of communications are required. The proposed bit commitment scheme can be applied efficiently with existing quantum technologies without long term quantum memory; quantum entanglement is required only for time t+&#948; where t is the communication time between the committer and receiver while &#948; << t is the processing time at laboratory.

Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user's friends can collect and potentially misuse her own personal data inflicting \textit{collateral damage} on the user herself while leaving her without proper means of control. In this paper, we present a study on the \textit{collateral information collection} of apps in social networks. Based on real data, we compute the proportion of exposed user attributes including the case of profiling, when several apps are offered by the same provider.

Event date: 6 June to 10 June 2016
Submission deadline: 29 February 2016
Notification: 1 April 2016

Event date: 31 August to 2 September 2016
Submission deadline: 8 April 2016
Notification: 30 May 2016