International Association
for Cryptologic Research

One of the most promising innovations offered by the cryptographic currencies (like Bitcoin) are the so-called \emph{smart contracts}, which can be viewed as financial agreements between mutually distrusting participants. Their execution is enforced by the mechanics of the currency, and typically has monetary consequences for the parties. The rules of these contracts are written in the form of so-called ``scripts'', which are pieces of code in some ``scripting language''. Although smart contracts are believed to have a huge potential, for the moment they are not widely used in practice. In particular, most of Bitcoin miners allow only to post standard transactions (i.e.: those without the non-trivial scripts) on the blockchain. As a result, it is currently very hard to create non-trivial smart contracts in Bitcoin.

Motivated by this, we address the following question: ``is it possible to create non-trivial efficient smart contracts using the standard transactions only?'' We answer this question affirmatively, by constructing efficient Zero-Knowledge Contingent Payment protocol for a large class of NP-relations. This includes the relations for which efficient sigma protocols exist. In particular, our protocol can be used to sell a factorization $(p,q)$ of an RSA modulus $n=pq$, which is an example that we implemented and tested its efficiency in practice.

As another example of the ``smart contract without scripts'' we show how our techniques can be used to implement the contract called ``trading across chains''.

Concurrent signatures allow two entities to generate two signatures in such a way that both signatures are ambiguous till some information is revealed by one of the parties. This kind of signature is useful in auction protocols and a wide range of scenarios in which involving participants are mutually distrustful. In this paper, to have quantum-attack-resistant concurrent signatures as recommended by National Institute of Standards and Technology (NISTIR 8105), the first concurrent signature scheme based on coding theory is proposed. Then, its security is proved under Goppa Parameterized Bounded Decoding and the Goppa Code Distinguishing assumptions in the random oracle model. We should highlight that our proposal can be a post-quantum candidate for fair exchange of signatures without a trusted third party in an efficient way (without a highly degree of interactions).

The CableLabs Cryptographic Summer HARd Problems Program (C2SHARP) will bring in a small number of developing experts to consider cryptography and cryptanalysis as it relates to the cable industry. The goals will be to foster awareness of the cable industry’s cryptographic needs, to foster research and development for cryptographic algorithm and implementation improvements, and to better understand cryptographic vulnerabilities specific to our industry. Other topics of related to hard network or application security may be considered as well.

The program will run for two months in Louisville, Colorado. Researchers will be paid as consultants for the duration of their project and will receive relocation compensation for their extended stay. Researchers are to submit their CV or resume and a brief research proposal outlining the problem they want to research, their method and approach, and modest resource requirements to conduct the work. While the format and structure of proposals is left to the imagination of candidates, Dr. Karen Kelsky describes an excellent approach to compiling research proposals on her blog at http://theprofessorisin.com/2011/07/05/dr-karens-foolproof-grant-template/. The program will culminate with presentations to a panel at a special session at the CableLabs Summer Conference where findings will be presented.

Accepted proposals will be notified in early June. Participants will be given two to three weeks to arrive in Louisville and will be provided an orientation and experts to help you understand how your research applies to the cable industry. A mentor will support the researcher, but work must be conducted independently. All research will be novel; reworking previously conducted research is not acceptable.

Closing date for applications: 31 August 2016

Contact: Steve Goeringer

More information: https://www.smartrecruiters.com/CableLabs/92009588-software-cryptographic-researcher

Reporting to the Director of Security and Data Sciences, the Director of Cyber Security is responsible for the following:

•Lead the team to conduct research and development projects in the area of cyber security.

•Lead and develop cyber threat intelligence and defense technologies.

•Transfer knowledge to relevant domains and/or partners for product realization and commercialization.

•To study new security threats and cloud computing security.

•To perform security review and assessment on information security and e-commerce systems.

Key Requirements:

•PhD/Master’s Degree in Computer Science, Computer Engineering, Electronic Engineering, Information Engineering or related discipline.

•10+ years experience in hands-on R&D projects, especially on software system.

•5+ years in planning, organizing, leading and implementing novel R&D projects, especially on information security and data analytics related areas.

•Sound knowledge of OS security and virtualization security.

•Experience in financial technologies such as algorithm trading, blockchain, etc. is a big plus.

•Strong interpersonal and communications skills.

•Good team player and passionate about producing quality software and enhancing user experience.

•Good command of both written and spoken English and Chinese.

Closing date for applications: 18 May 2016

Contact: charlenechoo (at) astri.org

More information: http://www.astri.org/careers/work-at-astri/jobs/director-cyber-security/

As the advent of general-purpose quantum computers appears to be drawing closer, agencies and advisory bodies have started recommending that we prepare the transition away from factoring and discrete logarithm-based cryptography, and towards postquantum secure constructions, such as lattice-based schemes. Almost all primitives of classical cryptography (and more!) can be realized with lattices, and the efficiency of primitives like encryption and signatures has gradually improved to the point that key sizes are competitive with RSA at similar security levels, and fast performance can be achieved both in software and hardware. However, little research has been conducted on physical attacks targeting concrete implementations of postquantum cryptography in general and lattice-based schemes in par- ticular, and such research is essential if lattices are going to replace RSA and elliptic curves in our devices and smart cards. In this paper, we look in particular at fault attacks against some instances of the Fiat-Shamir family of signature scheme on lattices (BLISS, GLP, TESLA and PASSSign) and on the GPV scheme, member of the Hash’n Sign family. Some of these schemes have achieved record-setting efficiency in software and hardware. We present several possible fault attacks, one of which allows a full key recovery with as little as a single faulty signature, and discuss possible countermeasures to mitigate these attacks.

We remark that the Lei et al.'s scheme [IEEE Transactions on Cloud Computing, 1 (1), 78-87, 2013] fails, because the verifying equation does not hold over the infinite field R. For the field R, the computational errors should be considered seriously.

We give a survey of existing attacks against end-to-end verifiable voting systems in the academic literature. We discuss attacks on the integrity of the election, attacks on the privacy of voters, and attacks aiming at coercion of voters. For each attack, we give a brief overview of the voting system and a short description of the attack and its consequences.

Current quantum key distribution schemes depend either on a form of conjugate coding or on the principle of putting more information into a quantum state than can possibly be read out with a measurement. We construct a scheme that combines both these approaches. It has the advantage that it needs less privacy amplification and hence can be operated at higher noise levels.

Sharing the medical records of individuals among healthcare providers and researchers around the world can accelerate advances in medical research. While the idea seems increasingly practical due to cloud data services, maintaining patient privacy is of paramount importance. Standard encryption algorithms help protect sensitive data from outside attackers but they cannot be used to compute on this sensitive data while being encrypted. Homomorphic Encryption (HE) presents a very useful tool that can compute on encrypted data without the need to decrypt it. In this work, we describe an optimized NTRU-based implementation of the GSW homomorphic encryption scheme. Our results show a factor of $58\times$ improvement in CPU performance compared to other recent work on encrypted medical data under the same security settings. Our system is built to be easily portable to GPUs resulting in an additional speedup of up to a factor of 104x (and 410x) to offer an overall speedup of 6085x (and 24011x) using a single GPU (or four GPUs), respectively.

We introduce and analyse a family of Almost MDS matrices defined over a ring with zero divisors that allows us to encode rotations in its operation while maintaining the minimal latency associated to $\{0,1\}$-matrices. We also describe new S-Box search heuristics aimed at minimising the critical path.

These techniques are used to define some components of QARMA, a new family of lightweight tweakable block ciphers. QARMA is targeted to a very specific set of use cases, such as memory encryption, generation of very short tags by truncation, and the construction of keyed hash functions, in fully unrolled hardware implementations.

The structure of the cipher is inspired by PRINCE. However, it differs from reflector constructions in that it is a three-round Even-Mansour scheme with a non-involutory keyed middle permutation designed to thwart various classes of attacks. QARMA aims a providing conservative security margins while still achieving best-in-class latency.

QARMA exists in 64- and 128-bit block sizes, with 128- and 256-bit keys, respectively. Implementors are also offered a reduced set of S-Boxes to choose from.

We introduce “thrifty” zero-knowledge protocols, or TZK.

These protocols are constructed by introducing a bias in the challenge send by the prover. This bias is chosen so as to maximize the security versus effort trade-off. We illustrate the benefits of this approach on several well-known zero-knowledge protocols.

We propose Blind Password Registration (BPR), a new class of cryptographic protocols that is instrumental for secure registration of client passwords at remote servers with additional protection against unwitting password disclosures on the server side that may occur due to the lack of the state-of-the-art password protection mechanisms implemented by the server or due to common server-compromise attacks. The dictionary attack resistance property of BPR protocols guarantees that the only information available to the server during and after the execution of the protocol cannot be used to reveal the client password without performing an offline dictionary attack on a password verifier (e.g. salted hash value) that is stored by the server at the end of the protocol. In particular, at no point in time the server is supposed to work with plain passwords. Our BPR model allows servers to enforce password policies and the requirement on the client to obey them during the execution of the BPR protocol is covered by the policy compliance property.

We construct an efficient BPR protocol in the standard model for ASCII-based password policies using some techniques underlying the recently introduced Zero-Knowledge Password Policy Checks (ZKPPC). However, we do not rely on the full power of costly ZKPPC proofs and in fact show that BPR protocols can be modelled and realised simpler and significantly faster (as supported by our implementation) without using them as a building block. Our BPR protocol can directly be used to replace ZKPPC-based registration procedure for existing VPAKE protocols.

Event date: 5 March to 8 March 2017
Submission deadline: 1 June 2016
Notification: 1 August 2016

About IOHK

IOHK is a company developing new cryptocurrencies and related applications. The goals of IOHK Research, our research division, are to advance the science behind cryptocurrencies and to attest the security of our products by careful analysis of their underlying protocols. Our team at IOHK Research focuses on the analysis of protocol specifications and on theoretical research while programming and implementation are handled by a separate team. At IOHK Research you will be responsible for investigating current cryptocurrencies, formalising security models, proposing new techniques, constructing new schemes and analysing their security.

We want the results of our research to impact both our products and the community, so we highly encourage our researchers to collaborate with other institutions and to publish papers in top conferences and journals. Moreover, we intend to open source most of our software, which will be developed based on techniques investigated by the IOHK Research team. We offer a flexible work style with a chance to work in a very dynamic team with talented people from all around the world, including partners from academia and the open source community.

Full-time Positions in Japan and Remote Part-time Positions

We are currently looking for talented cryptographers to join our team in Japan in full-time positions. We also offer part-time positions to outstanding students who are interested in joining our team while working remotely from their current locations. Knowledge specific to cryptocurrencies is not mandatory at the start, as the candidate is expected to spend 1-2 months developing it.

Requirements

Master’s degree or above with a focus on cryptography.

Strong background in theoretical or practical aspects of cryptographic protocols.

A good record of peer-reviewed publications in relevant conferences and journals.

This call does not have a definite closing date. You are welcome to apply at any moment.

Closing date for applications: 31 December 2016

Contact: Please send your CV to recruitment (at) iohk.io

More information: https://iohk.io/careers/

Reporting to the Director of Security and Data Sciences, the Engineer is responsible for the following:

•Develop and implement secure cloud computing and secure software systems.

•Develop cryptographic and encryption technologies.

•Develop mobile security solutions.

•Develop and implement cyber-threat intelligence and defense technologies.

•Perform security review and assessment on information security and e-commerce systems.

•Conduct R&D in various areas which include but not limited to software, network, distributed system, database, and mobile security.

Requirements

•Bachelor’s degree or above in Computer Science, Electrical Engineering or other relevant disciplines.

•More senior candidates with Master or PhD degree, or with minimum five years’ of experience in software development, i.e. design, implementation, test and documentation will be considered as Senior Engineer.

•Familiar with software development or testing, programming languages on C/C++/ObjC/Java/Javascript.

•Certificates or formal training in information security or with experience in security assessment is a plus, but not a necessity.

•Good knowledge of OS security and virtualization security, and implementation experience on the cloud an advantage.

•A team player with good analytical and communications skills.

•Good command of written and spoken English.

Closing date for applications: 15 May 2016

Contact: charlenechoo (at) astri.org

More information: http://www.astri.org/careers/work-at-astri/jobs/senior-engineerssoftware-engineers-information-security-multiple-opening

Reporting to the Director of Security and Data Sciences, the Engineer is responsible for the following:

•Conduct research on advanced ethical hacking, penetration testing, reverse engineering.

•Conduct assessment on network infrastructure, web and mobile security.

•Assisting in IT security enforcement and enhancement.

•Design secure application testing approaches, integrate quality assurance testings with security functionalities.

•Candidate with strong programming background will also be involved in security tool/signature development.

•Design and implement preventive security controls, application code review and analysis, code scanning and testing tools, web application scanning and penetration tests.

•Manage vendor and service provider on security tools and technologies project engagement and delivery.

Requirements:

•Bachelor’s degree or above in Computer Science, Electrical Engineering or other relevant disciplines with a minimum of 5 years of experience in security assessment. Candidates with less experience will also be considered for the Engineer level.

•Experience in financial industry is preferred but not mandatory.

•Demonstrate wide working knowledge of application security.

•Experience in application development life cycle, application testing and code scanning, with exposure in penetration test, finding exploits, vulnerabilities, unauthorized access, or other malicious activities in computer systems.

•Proficient in English, spoken and written.

•High integrity and professional work practice.

•Appreciation of people and cultures of different countries.

Closing date for applications: 15 May 2016

Contact: charlenechoo (at) astri.org

More information: http://www.astri.org/careers/work-at-astri/jobs/senior-engineerengineer-cyber-security-assessment-multiple-openings-8/

We are looking for an excellent, motivated, self-driven doctoral student to work in the area of information security and cryptography. The position is for five years at the Department of Computer Science and Engineering. The PhD student will join Katerina Mitrokotsa’s group and will be funded by a project funded by the Swedish research council focusing on security and privacy issues in resource constrained devices.

The PhD student is expected to have a MSc degree or equivalent, and strong background in mathematics and/or theoretical computer science, with some background in cryptography.

The position is fully funded for up to five years. The call for expressions of interest will remain open until a suitable candidate is appointed.

Successful candidates will help to design and evaluate cryptographically reliable and privacy-preserving authentication protocols.

Closing date for applications: 31 May 2016

Contact: Katerina Mitrokotsa

Associate Professor

Chalmers University of Technology

Department of Computer Science and Engineering

Chalmers University of Technology

More information: http://www.chalmers.se/en/about-chalmers/vacancies/?rmpage=job&rmjob=4044

Event date: 24 October to 28 October 2016
Submission deadline: 27 July 2016
Notification: 10 September 2016

At least one and maybe several post-doc positions on lattices (e.g., lattice-based crypto, cryptanalysis, algorithms), for up to 2.5 years.

Interested applicants should provide a detailed resume and references.

Closing date for applications: 30 June 2016

Contact: Damien Stehle (damien.stehle (at) ens-lyon.fr)

Linear Secret Sharing Scheme (LSSS) matrices are commonly used for implementing monotone access structures in highly expressive Ciphertext-Policy Attribute-Based Encryption (CP-ABE) schemes. However, LSSS matrices are much less intuitive to use when compared with other approaches such as boolean formulas or access trees. To bridge the gap between the usability of an access structure representation method and the implementation technique required in a concrete CP-ABE construction, Lewko and Waters proposed an algorithm which can convert any monotone boolean formulas to LSSS matrices. This algorithm is very useful in practice as a ciphertext policy can now be intuitively expressed using a monotone boolean formula, which has good usability, and the corresponding LSSS for an actual CP-ABE construction can then be generated accordingly using this algorithm. However, in this algorithm, the non-leaf nodes of a monotone boolean formula, when viewed as an access tree, can only be \textsf{AND} or \textsf{OR} gates. For general monotone access structures, for example, in a $(t, n)$-threshold access tree, the threshold gates of the tree have to be converted to \textsf{AND} and \textsf{OR} gates before we can apply the algorithm on this access tree. This results in generating a large LSSS matrix, and entailing a large CP-ABE ciphertext. To address this problem, in this paper, we propose a new algorithm which, in addition to \textsf{AND} and \textsf{OR} gates, can directly support threshold gates, and obtain much smaller LSSS matrices (or the same in the worst case when only \textsf{AND} and \textsf{OR} gates exist). This will particularly be useful for reducing the size of all ciphertexts with policies in the typical $(t, n)$-threshold type. Furthermore, as \textsf{AND} and \textsf{OR} gates are the special cases of the general $(t, n)$-threshold gates, not only an optimization, but also is this new algorithm a generalization of the Lewko-Waters algorithm.