International Association
for Cryptologic Research

Starting this year, FSE has moved to a new open-access journal/conference hybrid model. Submitted articles undergo a journal-style reviewing process. Accepted papers are published in Gold Open Access (free availability from day one) by the Ruhr University of Bochum in an issue of the newly established journal IACR Transactions on Symmetric Cryptology.

The yearly FSE event will consist of presentations of the articles accepted to the journal IACR Transactions on Symmetric Cryptology, as well as invited talks and social activities. This new model has been established as a way to improve reviewing and publication quality while retaining the highly successful community event FSE.

For this first conference FSE 2017 on the new model, authors can submit papers to the IACR Transactions on Symmetric Cryptology three times, every three months on a predictable schedule (the following years will include four rounds). Authors are notified of the decisions about two months after submission. In addition to accept and reject decisions, papers may be provided with "minor revision" decisions, in which case the paper is conditionally accepted and an assigned shepherd will verify if the changes are applied, or "major revision" decisions, in which case authors are invited to revise and resubmit their article to one of the following two submission deadlines, otherwise the paper will be treated as a new submission. We endeavor to assign the same reviewers to revised versions.

Papers accepted for publication before the end of January 2017 will be presented at that year’s conference. Note that it is mandatory that accepted papers at the IACR Transactions on Symmetric Cryptology journal are presented at the corresponding FSE event.

The next deadlines are:

• First round: June 1, 2016
• Second round: September 1, 2016
• Third round: November 23, 2016

For more information, see the call for papers.

The School of Computing and Information Technology is seeking a full time permanent Lecturer (Level B) to provide development, teaching and research within the Bachelor of Computer Science (Digital Systems Security and Cyber Security majors) and the Master of Computer Science (Network Security major). The candidate is expected to be a research active in the area of cryptography and information security, and he/she is equipped with sufficient experience for teaching undergraduate and postgraduate studies.

UOW is a leading Australian university with a history of outstanding achievements in teaching and learning, research and community engagement. It is fundamentally committed to providing our diverse body of students with an engaging world class and internationally oriented learning experience. The University has also established a strong research profile and an outstanding record of achievement in research performance and intensity over the last decade.

The successful candidate will have a national reputation in cryptography or information security research field, innovative teaching experience, an established research profile and demonstrable commitment to positive change. You may be required to teach outside of standard business hours and offshore delivery.

To apply you must address the selection criteria which is located within the position description.

For further enquiries, please contact Head of School, Professor Willy Susilo on +61-2-4221-5535 or wsusilo (at) uow.edu.au

Closing date for applications: 5 June 2016

Contact: Professor Willy Susilo

More information: http://uow.employment.com.au/dspJobView.cfm?jobID=2141

•Conduct research on advanced ethical hacking, penetration testing, reverse engineering.

•Conduct assessment on network infrastructure, web and mobile security.

•Assisting in IT security enforcement and enhancement.

•Design secure application testing approaches, integrate quality assurance testings with security functionalities.

•Candidate with strong programming background will also be involved in security tool/signature development.

•Design and implement preventive security controls, application code review and analysis, code scanning and testing tools, web application scanning and penetration tests.

•Manage vendor and service provider on security tools and technologies project engagement and delivery.

Requirements:

•Bachelor’s degree or above in Computer Science, Electrical Engineering or other relevant disciplines with a minimum of 5 years of experience in security assessment. Candidates with less experience will also be considered for the Engineer level.

•Experience in financial industry is preferred but not mandatory.

•Demonstrate wide working knowledge of application security.

•Experience in application development life cycle, application testing and code scanning, with exposure in penetration test, finding exploits, vulnerabilities, unauthorized access, or other malicious activities in computer systems.

•Proficient in English, spoken and written.

•High integrity and professional work practice.

•Appreciation of people and cultures of different countries.

Closing date for applications: 30 May 2016

Contact: charlenechoo (at) astri.org

More information: http://www.astri.org/careers/work-at-astri/jobs/senior-engineerengineer-cyber-security-assessment-multiple-openings-8/

•Develop and implement secure cloud computing and secure software systems.

•Develop cryptographic and encryption technologies.

•Develop mobile security solutions.

•Develop and implement cyber-threat intelligence and defense technologies.

•Perform security review and assessment on information security and e-commerce systems.

•Conduct R&D in various areas which include but not limited to software, network, distributed system, database, and mobile security.

•Conduct R&D in various areas which include but not limited to software, network, distributed system, database, and mobile security.

Requirements:

•Bachelor’s degree or above in Computer Science, Electrical Engineering or other relevant disciplines.

•More senior candidates with Master or PhD degree, or with minimum five years’ of experience in software development, i.e. design, implementation, test and documentation will be considered as Senior Engineer.

•Familiar with software development or testing, programming languages on C/C++/ObjC/Java/Javascript.

•Certificates or formal training in information security or with experience in security assessment is a plus, but not a necessity.

•Good knowledge of OS security and virtualization security, and implementation experience on the cloud an advantage.

•A team player with good analytical and communications skills.

•Good command of written and spoken English.

Closing date for applications: 30 May 2016

Contact: charlenech00 (at) astri.org

More information: http://www.astri.org/careers/work-at-astri/jobs/senior-engineerssoftware-engineers-information-security-multiple-opening

Memory and disk encryption is a common measure to protect sensitive information in memory from adversaries with physical access. However, physical access also comes with the risk of physical attacks. As these may pose a threat to memory confidentiality, this paper investigates contemporary memory and disk encryption schemes and their implementations with respect to Differential Power Analysis (DPA) and Differential Fault Analysis (DFA). It shows that DPA and DFA recover the keys of all the investigated schemes, including the tweakable block ciphers XEX and XTS. This paper also verifies the feasibility of such attacks in practice. Using the EM side channel, a DPA on the disk encryption employed within the ext4 file system is shown to reveal the used master key on a Zynq Z-7010 system on chip. The results suggest that memory and disk encryption secure against physical attackers is at least four times more expensive.

Many pairing-based protocols require the computation of the product and/or of a quotient of n pairings where n > 1 is a natural integer. Zhang et al.[1] recently showed that the Kachisa-Schafer and Scott family of elliptic curves with embedding degree 16 denoted KSS16 at the 192-bit security level is suitable for such protocols comparatively to the Baretto- Lynn and Scott family of elliptic curves of embedding degree 12 (BLS12). In this work, we provide important corrections and improvements to their work based on the computation of the optimal Ate pairing. We focus on the computation of the nal exponentiation which represent an important part of the overall computation of this pairing. Our results improve by 864 multiplications in Fp the computations of Zhang et al.[1]. We prove that for computing the product or the quotient of 2 pairings, BLS12 curves are the best solution. In other cases, specially when n > 2 as mentioned in [1], KSS16 curves are recommended for computing product of n pairings. Furthermore, we prove that the curve presented by Zhang et al.[1] is not resistant against small subgroup attacks. We provide an example of KSS16 curve protected against such attacks.

In this work we show how to use Graphics Processing Units (GPUs) with Compute Unified Device Architecture (CUDA) to accelerate a lattice based signature scheme, namely, the NTRU modular lattice signature (NTRU-MLS) scheme. Lattice based schemes require operations on large vectors that are perfect candidates for GPU implementations. In addition, similar to most lattice based signature schemes, NTRU-MLS provides transcript security with a rejection sampling technique. With a GPU implementation, we are able to generate many candidates simultaneously, and hence mitigate the performance slowdown from rejection sampling. Our implementation results show that for the original NTRU-MLS parameter sets, we obtain a 2x improvement in the signing speed; for the revised parameter sets, where acceptance rate of rejection sampling is down to around 1%, our implementation can be as much as 47x faster than a CPU implementation.

Private database query (PDQ) processing has received much attention from the fields of both cryptography and databases. While previous approaches to design PDQ protocols exploit several cryptographic tools concurrently, recently the appearance of fully homomorphic encryption (FHE) schemes enables us to design PDQ protocols without the aid of additional tools. However, to the best of our knowledge, all currently existing FHE-based PDQ protocols focus on protecting only constants in query statements, together with the client's data stored in the database server.

In this paper, we provide a FHE-based PDQ protocol achieving better security, protecting query types as well as constants in query statements for conjunctive, disjunctive, and threshold queries with equality comparison. Our contributions are three-fold: First, we present a new security definition that reflects our enhanced security model which additionally protects query types in query statements. Second, we provide a new design for PDQ protocols using FHE schemes. To do this, we come up with a method to homomorphically evaluate our encrypted target queries on the encrypted database. Thereafter, we apply it to construct a protocol and show its security under our enhanced security definition in the semi-honest model. Finally, we provide proof-of-concept implementation results of our PDQ protocol. According to our rudimentary experiments, it takes 40 seconds to perform a query on 2352 elements consisting of 11 attributes of 40-bit using Brakerski-Gentry-Vaikuntanathan's leveled FHE with SIMD techniques for 80-bit security, yielding an amortized rate of just 0.12 seconds per element.

In this short technical summary, the authors describe how the mathematical primitives of Ring Confidential Transactions may be used to provide anonymous identity authentication services in a similar manner to "Anonrep" but in a trustless (or permissioned), distributed manner, and with the additional security and resilience provided by a blockchain. The use of the mathematics in the RingCT paper additionally, and importantly, allows for combining different types of authentication in a seamless manner, in essence if the Bitcoin or Monero blockchain is a single "thread," then the protocol here allows one to "weave" such threads together. The resulting protocol is dubbed an "Identity Chain" and provides anonymous authentication working in a lightweight and interoperable manner between any number of different service providers running different identity chains.

In this paper we describe a theoretical model of \underline{chaos machine}, which combines the benefits of hash function and pseudo-random function, forming flexible \textit{one-way} \underline{push-pull interface}. It presents the idea to create a universal tool (design pattern) with modular design and customizable parameters, that can be applied where \textit{randomness} and \textit{sensitiveness} is needed (random oracle), and where appropriate construction determines case of application and selection of parameters provides preferred properties and security level. Machine can be used to implement many cryptographic primitives, including cryptographic hashes, message authentication codes and pseudo-random number generators. Additionally, document includes sample implementation of chaos machine named Naive Czyzewski Generator, abbreviated NCG, that passes all the Dieharder, NIST and TestU01 test sets. Algorithm was designed and evaluated to be a cryptographically strong, inasmuch as indistinguishable from a uniform random function. The generator was developed to work as cryptographically secure pseudo-random number generator, collision resistance hash function or a cryptographic module. One can target a given period length by choosing the appropriate space parameter, i.e., for a given parameter $m$, algorithm is claimed to have period between $2^{8m}$ to $2^{16m}$.

Post-quantum cryptography has attracted increased attention in the last couple of years, due to the threat of quantum computers breaking current cryptosystems. In particular, the key size and performance of post-quantum algorithms became a significant target for optimization. In this spirit, Alkim \etal have recently proposed a significant optimization for a key exchange scheme that is based on the R-LWE problem. In this paper, we build on the implementation of Alkim \etal, and focus on improving the algorithm for generating a uniformly random polynomial. We optimize three independent directions: efficient pseudorandom bytes generation, decreasing the rejection rate during sampling, and vectorizing the sampling step. When measured on the latest Intel processor Architecture Codename Skylake, our new optimizations improve over Alkim \etal by up to 1.59x on the server side, and by up to 1.54x on the client side.

Event date: 28 October 2016
Submission deadline: 25 July 2016
Notification: 1 September 2016

Event date: 22 September to 24 September 2016
Submission deadline: 22 August 2016
Notification: 22 September 2016

Event date: 2 November to 4 November 2016
Submission deadline: 10 June 2016
Notification: 22 June 2016

Event date: 26 September to 30 September 2016
Submission deadline: 23 June 2016
Notification: 29 July 2016

CableLabs leads technology innovation, research, and development of cryptography in the broadband industry. We need a researcher to help us look at very hard cryptography problems this summer! Our goals are to foster awareness of the cable industry’s cryptographic needs, to foster research and development for cryptographic algorithm and implementation improvements, and to better understand cryptographic vulnerabilities specific to our industry. This will be a high paced activity and will allow the research to investigate a cryptographic problem of their choosing!

In addition to a resume or CV, the researcher must submit a research proposal inspired by a list of topics as described below. CableLabs will select the candidate based on the most compelling proposal supported by a resume or CV that demonstrates reason to believe the research can be completed.

The selected researcher will be provided an orientation and experts will be made available to help understand how their research applies to the cable industry. A mentor will support the researcher, but work must be conducted independently. All research must be original.

The key deliverable for this project is a final report and presentation at the completion of research in August. If suitable, we may have the researcher present this work at CableLab’s Summer Conference.

The work must be performed in Louisville, CO at CableLabs. A modest relocation allowance will be provided.

Closing date for applications: 15 June 2016

Contact: Please apply at the link provided

More information: https://www.smartrecruiters.com/CableLabs/92180353-software-cryptographic-researcher

AnoNotify is a service for private, timely and low-cost on-line notifications. We present the design and security arguments behind AnoNotify, as well as an evaluation of its cost. AnoNotify is based on mix-networks, Bloom filters and shards. We present a security definition and security proofs for AnoNotify. We then discuss a number of applications, including notifications for incoming messages in anonymous communications, updates to private cached web and Domain Name Service (DNS) queries and finally, a private presence mechanism.

Statistical analysis of attacks on block ciphers have mostly used normal approximations. A few recent works have proposed doing away with normal approximations and instead use Chernoff and Hoeffding bounds to obtain rigorous bounds on data complexities of several attacks. This opens up the question of whether even better general bounds can be obtained using the statistical theory of large deviations. In this note we examine this question. Our conclusion is that while in theory this is indeed possible, in general obtaining meaningful expressions for data complexity presents several difficulties. This leaves open the question of whether this can be done for specific attacks.

Reputation systems play a crucial role in establishing trust online, especially in e-commerce settings. Users in reputation systems provide feedback for other users, thereby incentivizing good behavior and disincentivizing bad behavior. With growing concerns of government surveillance and corporate data sharing, it is increasingly common that users on the web demand tools for preserving their privacy without placing trust in a third party. Unfortunately, existing centralized reputation systems need to be trusted for either privacy, correctness, or both. Existing decentralized approaches, on the other hand, are either vulnerable to Sybil attacks, present inconsistent views of the network, or leak critical information about the actions of its users.

In this paper, we present Beaver, a decentralized anonymous marketplace that is resistant against Sybil attacks on vendor reputation, while preserving the anonymity of its customers. Beaver allows its participants to enjoy free open enrollment, and provides every user with the same global view of the reputation of other users through public ledger based consensus. Our use of various cryptographic primitives allow Beaver to offer high levels of usability and practicality, along with strong anonymity guarantees.

In conventional authenticated-encryption (AE) schemes, the ciphertext expansion, a.k.a. stretch or tag length, is a constant or a parameter of the scheme that must be fixed per key. However, using variable-length tags per key can be desirable in practice or may occur as a result of a misuse. The RAE definition by Hoang, Krovetz, and Rogaway (Eurocrypt 2015), aiming at the "best-possible" AE security, supports variable stretch among other strong features, but achieving the RAE goal incurs a particular inefficiency: neither encryption nor decryption can be online. The problem of enhancing the well-established nonce-based AE (nAE) model and the standard schemes thereof to support variable tag lengths per key, without sacrificing any desirable functional and efficiency properties such as online encryption, has recently regained interest as evidenced by extensive discussion threads on the CFRG forum and the CAESAR competition. Yet there is a lack of formal definition for this goal. First, we show that several recently proposed heuristic measures trying to augment the known schemes by inserting the tag length into the nonce and/or associated data fail to deliver any meaningful security in this setting. Second, we provide a formal definition for the notion of nonce-based variable-stretch AE (nvAE) as a natural extension to the traditional nAE model. Then, we proceed by showing a second modular approach to formalizing the goal by combining the nAE notion and a new property we call key-equivalent separation by stretch(kess). It is proved that (after a mild adjustment to the syntax) any nAE scheme which additionally fulfills the kess property will achieve the nvAE goal. Finally, we show that the nvAE goal is efficiently and provably achievable; for instance, by simple tweaks to off-the-shelf schemes such as OCB.