International Association
for Cryptologic Research

With increasing digitization, the amount of archived data that requires long-term protection of confidentiality and integrity increases rapidly. Examples include electronic health records, genome data bases, and tax data. In this paper we present the first archiving solution that provides everlasting confidentiality and, at the same time, maintains a proof that the data were not changed since they were archived. For confidentiality protection, our solution combines quantum key distribution (QKD) for data in transit and proactive secret sharing for data at rest. Proofs of existence are generated using sequences of timestamped unconditionally hiding commitments. In addition to a security and performance analysis, we present a proof-of-concept implementation and an experimental evaluation. It uses the QKD platform of the National Institute of Information and Communication Technology of Japan.

The Deutsche Telekom Chair of Mobile Business & Multilateral Security at Goethe University Frankfurt is looking for a committed,creative and flexible PhD candidate in the area of security, privacy and identity management.

Closing date for applications: 16 August 2016

Contact: Prof. Dr. Kai Rannenberg

More information: https://m-chair.de/images/documents/career/The_Deutsche_Telekom_Chair_of_Mobile_Business.pdf

We introduce a Markov-model-based framework for Moving Target Defense (MTD) analysis. The framework allows modeling of broad range of MTD strategies, provides general theorems about how the probability of a successful adversary defeating an MTD strategy is related to the amount of time/cost spent by the adversary, and shows how a multi-level composition of MTD strategies can be analyzed by a straightforward combination of the analysis for each one of these strategies. Within the proposed framework we define the concept of security capacity which measures the strength or effectiveness of an MTD strategy: the security capacity depends on MTD specific parameters and more general system parameters. We apply our framework to two concrete MTD strategies.

The software performance of cryptographic schemes is an important factor in the decision to include such a scheme in real-world protocols like TLS, SSH or IPsec. In this paper, we develop a benchmarking framework to perform software performance measurements on authenticated encryption schemes. In particular, we apply our framework to independently benchmark the 29 remaining 2$^\text{nd}$ round candidates of the CAESAR competition. Many of these candidates have multiple parameter choices, or deploy software optimised versions raising our total number of benchmarked implementations to 207. We illustrate our results in various diagrams and hope that our contribution helps developers to find an appropriate cipher in their selection choice.

Dear IACR members,

With the annual CRYPTO conference coming up soon, I would like to inform you about some recent developments in the IACR.

Journal of Cryptology - Reviewers of the Year

Ivan Damgaard as the current Editor-in-Chief of the journal has awarded the title of "Reviewer of the Year" at Eurocrypt. He actually designated two colleagues for being his most reliable and helpful reviewers, with the following details:

• Vincent Rijmen, 9/9 accepted invitations, 7 completed on time, 1 late, 1 ongoing
• Jens Groth, 8/8 accepted invitations, 6 completed on time, 1 late, 1 ongoing

Congratulations!

Journal of Cryptology - Kenny Paterson new Editor-in-Chief

Ivan Damgaard is resigning from the position of Editor-in-Chief of the Journal of Cryptology. On behalf of all IACR members I would like to thank Ivan for his dedication to the journal and for his work with moving to the online submission and reviewing system.

To replace him, the Board has recently appointed Kenny Paterson as Editor in Chief for the Journal of Cryptology, for a 3-year period starting in January 2017. Congratulations!

IACR Transactions on Symmetric Cryptology (ToSC)

Earlier this year the IACR has also decided to change the publication format for the yearly FSE conference to a conference-journal hybrid. The newly established IACR Transactions on Symmetric Cryptology (ToSC) will be a journal with a rapid and strict reviewing schedule.

Publication of a paper in ToSC during the year will give the authors an opportunity to present the result at the next FSE. Publication will be online and all content is available freely (Gold Open-Access). There will be four submission deadlines, four review periods, and four issues yearly.

For more information about ToSC, please visit the temporary website: iacr.org/transactions/tosc/.

IACR Cryptology Schools

The IACR schools program sponsors educational schools aimed at graduate students. The grants allow organizers to invite speakers or pay for fixed costs. Proposals can be submitted by Dec. 31 and by June 30; a description of the schools program appears at iacr.org/schools.

As there were no proposals received by the recent deadline of June 30 this year, we extend this deadline to August 31, 2016. Details about submissions are explained on the website.

Conference locations and appointments

At its meeting during Eurocrypt 2016 in Vienna, the Board has received two very strong proposals for future Eurocrypts. Exceptionally it has decided to fix the location of a Eurocrypt conference three years ahead:

• Eurocrypt 2018, 29 Apr-3 May, Tel Aviv (IL), with Orr Dunkelman as General Chair
• Eurocrypt 2019, Apr/May, Darmstadt (DE), with Marc Fischlin as General Chair

Furthermore, the Board has appointed as Program Co-Chairs:

• Thomas Peyrin as Program Co-Chair of Asiacrypt 2017-18
• Hovav Shacham as Program Co-Chair of CRYPTO 2017-18

Awards for cryptographers

Excellent people from our discipline continue to be recognized by prominent awards, which cover researchers from a much broader domain. After several ACM Turing Awards, the most recent one this year, it is my pleasure to congratulate two colleagues:

• Tal Rabin has been elected to the American Academy of Arts & Sciences.
• Brent Waters has received the 2015 Grace Murray Hopper Award for the introduction and development of the concepts of attribute-based and functional encryption.

Asiacrypt 2016

Last but not least, the planning for this year's Asiacrypt in Hanoi (4-8 Dec) is progressing well. See the website for all further information: www.asiacrypt2016.com.

I am looking forward to seeing many of you in Santa Barbara or in Hanoi.

Best regards,

Christian Cachin
President, IACR

ARM\'s Internet of Things Business Unit are looking for a talented individual to join the team responsible for development of the mbed TLS library. As an open source project, the mbed TLS library provides support for the TLS/SSL protocol and the necessary cryptographic primitives to provide a complete TLS solution for embedded devices, servers and the emerging field of Internet of Things.

We are open to offer the possibility to work from home internationally.

You will have a strong interest in security and cryptography as well as in helping secure the emerging market for Internet of Things type devices. You will have the opportunity to help us deliver a vital part of future Internet of Things devices, helping to ensure they will stay secure and robust.

The role offers unique challenges working in a new business space where you can help shape the future of Internet of Things and the security of these emerging technologies and devices.

Description of Role:

* Contribute to system and architectural designs, from server to device, providing security input

* Perform risk analysis, as well as vulnerability and security assessments

* Write and develop high assurance software in C and assembly

* Participate in code reviews, testing and architectural planning of new products

* To work with the open source community in the development of the library

* To contribute to project planning of new features, design and implementation

* To mentor and coach others in security best practices

* Provide support to both internal and external customers

* Participate in standards meetings

* To keep pace with the fast moving fields of cryptography and software security

Closing date for applications: 30 October 2016

Contact: Applications should be made directly through ARM\'s online application system.

More information: http://careers.peopleclick.com/careerscp/client_arm/external/jobDetails.do?functionName=getJobDetail&jobPostId=26010

Hong Kong Applied Science and Technology Research Institute (ASTRI) was founded by the Government of the Hong Kong Special Administrative Region in 2000 with the mission of enhancing Hong Kong’s competitiveness in technology-based industries through applied research

Job Responsibilities

•Research on latest security threat and cloud computing security.

•Develop and implement secure software systems.

•Develop cryptographic, encryption technologies, and mobile security solutions.

•Develop and implement cyber-threat intelligence and defense technologies.

•Be able to perform security investigation on cyber security and e-commerce systems.

•Conduct R&D in various areas which include but not limited to software, network, distributed systems, database, reverse engineering, malware analysis and mobile security.

Requirements

•Bachelor’s degree in Computer Science, Electrical Engineering or other relevant discipline with 6 years relevant experience. Master’s degree with 3+ years’ experience, or PhD holder with less experience. Candidates with less experience will be considered as Engineer.

•Solid experience in software and system development (C/C++, C#, Java, Python, Android, iPhone or Java Script).

•Experience in hands-on R&D projects, especially on software systems.

•Experience in planning, organizing, leading and implementing novel R&D projects, especially on information security and data analytics related areas.

•Preferably with certificates or formal training in information security or with experience in security assessment, but not a must.

•Experience in well-known data analysis challenge or ACM competition is a big plus.

•Experience in financial technologies such as algorithm trading, blockchain, etc. is a big plus.

•Good team player and passionate about producing quality software and enhancing user experience.

•Good interpersonal communication and presentation skills.

•Good command of both written and spoken English and Chinese.

Closing date for applications: 15 August 2016

Contact: charlenechoo (at) astri.org

More information: http://www.astri.org/careers/work-at-astri/jobs/principal-engineer-senior-engineer-engineer-cyber-security/

Hong Kong Applied Science and Technology Research Institute (ASTRI) was founded by the Government of the Hong Kong Special Administrative Region in 2000 with the mission of enhancing Hong Kong’s competitiveness in technology-based industries through applied research

Job Responsibilities

•Conduct research on advanced ethical hacking, penetration testing, reverse engineering.

•Conduct assessment on network infrastructure, web and mobile security.

•Assisting on IT security enforcement and enhancement.

•Design secure application testing approaches, integrate quality assurance testings with security functionalities.

•Candidate with strong programming background will also be involved in security tool/signature development.

•Design and implement preventive security controls, application code review and analysis, code scanning and testing tools, web application scanning and penetration tests.

•Manage vendor and service provider on security tools and technologies project engagement and delivery.

Qualification/Required Experience & Skills

•Bachelor’s degree or above in Computer Science, Electrical Engineering or other relevant disciplines with a minimum of 5 years of experience in security assessment, less experience will also be considered for the Engineer level.

•Experience in financial industry is preferred but not mandatory.

•Demonstrate wide working knowledge of application security.

•Experience in application development life cycle, application testing and code scanning, with exposure in penetration test, finding exploits, vulnerabilities, unauthorized access, or other malicious activities in computer systems.

•Proficient in English, spoken and written.

•High integrity and professional work practice.

•Appreciation of people and cultures of different countries.

Closing date for applications: 15 August 2016

Contact: charlenechoo (at) astri.org

More information: http://www.astri.org/careers/work-at-astri/jobs/senior-engineerengineer-cyber-security-assessment-4/

The IMDEA Software Institute (Madrid, Spain) invites applications for one PhD position in the area of Cryptography and four Postdoc positions in the areas of Cryptography, Anonymity, Privacy, Programming Languages, Verification, and Side-channel Attacks.

The positions are based in Madrid, Spain where the IMDEA Software Institute is situated. Salaries are internationally competitive and include attractive conditions such as access to an excellent public healthcare system. The working language at the institute is English.

PhD applicants should have completed, or be close to completing, a Masters degree in computer science, mathematics or a related discipline. The successful PhD applicant will do research in cryptography. Knowledge of cryptography (in particular public key cryptography and provable security) is required, and proven experience in the form of theses or published papers will be considered positively. The application requires: curriculum vitae, a motivation letter, and names of 3 persons that can provide reference about you and your work. For further enquiries on the PhD position, please contact Dario Fiore.

Postdoc applicants should have already completed, or be close to completing, a PhD in computer science, mathematics, or a related discipline, and should have an excellent research track record. The application requires: curriculum vitae, a research statement, and names of 3 persons that can provide reference about you and your work. The postdoctoral positions are available from September 2016 for the duration of up to two years.

Applicants interested in the position should send an email to the faculty members they would like to work with, and submit the application documents at https://careers.imdea.org/software/. Review of applications starts immediately until the positions are filled.

Closing date for applications: 31 December 2016

Contact: For enquiries about the positions, please contact:

Gilles Barthe gilles.barthe (at) imdea.org

Dario Fiore, dario.fiore (at) imdea.org

Boris Koepf, boris.koepf (at) imdea.org

Carmela Troncoso, carmela.troncoso (at) imdea.org

To apply: https://careers.imdea.org/software/

More information: https://software.imdea.org/open_positions.html

Context

Safran Identity and Security and the computer science department of École polytechnique will conduct a study on the manipulation of centrally issued documents on blockchains.

Object of the study

There already exist various protocols designed for manipulating sensitive documents on blockchains, from straightforward ones (hashes), to advanced protocols (ZeroCash).

Objectives

The objective is to sort out the various proposition for anonymising transactions or data on blockchains, and to design a new one relevant to our application domain. Since the application domain is concerned with documents issued by a trusted third party (a government in case of a passport), our application domain may not be well fitted by existing approaches. Some software developments may be conducted.

Profile

The candidate should have either a rather good knowledge of a few advanced cryptographic protocols, or have a very good understanding of bitcoin (or ethereum) and in particular its programmable features (smart contracts, OP_RETURN).

The candidate will spend 20% of his research time within Safran Identity and Security, (Issy-les-Moulineaux), and 40% in the computer science department of École polytechnique (Palaiseau), within INRIA project-team Grace.

Safran Identity and Security

Safran Identity & Security is a global leader in security and identity solutions, deploying solutions in more than 100 countries, and employing more than 8,700 people in 57 countries. Its solutions manage identities, secure payments and transactions and safeguard privacy, for an increasingly digital and connected world.

École polytechnique

École Polytechnique is a leading French institute which combines top-level research, academics, and innovation at the cutting-edge of science and technology. Its curriculum promotes a culture of excellence  with a strong emphasis on science, anchored in humanist traditions.

Closing date for applications: 31 December 2016

Contact: Daniel Augot, INRIA senior researcher, Daniel.Augot (at) inria.fr

More information: https://team.inria.fr/grace/

Post-Doc Position in Cryptography, NTT Labs, Tokyo, Japan.

A postdoctoral research position in cryptography is available in NTT Secure Platform Laboratories, Tokyo, Japan. The position is initially for one year, and could be extended up to three years on year-by-year basis.

Candidates must hold a PhD in mathematics or computer science, and publications in major conferences related to cryptography. The research topics include foundation and applications in public-key cryptography. Interest in two-party / multi-party computation is an advantage.

Applications (CV, list of publications, and at least two letters of recommendations with contact details) and requests for more information should be directed to all of:

Saho Uchida (Secretary) uchida.saho (at) lab.ntt.co.jp ,

Koutarou Suzuki (Senior Researcher) suzuki.koutarou (at) lab.ntt.co.jp , and

Kazumaro Aoki (Research Group Leader) aoki.kazumaro (at) lab.ntt.co.jp .

Closing date: October 1st, 2016.

Preferred starting date: January-March, 2017.

Closing date for applications: 1 October 2016

The University of Luxembourg invites applications for a doctoral candidate (PhD student) in the field of cryptography.

The PhD student will be a member of the Computer Science and Communications Research Unit (CSC) research unit within the Faculty of Science, Technology and Communication at the University of Luxembourg.

He/she will work under supervision of Prof. Dr. Jean-Sebastien Coron on one of the following topics :

* Fully Homomorphic encryption and multilinear maps

* Side-channel attacks and countermeasures

The candidate must have a master’s degree or diploma in computer science or mathematics. We offer:

* Personal work space at the University

* Highly competitive salary

* Dynamic and multicultural environment.

For further information please contact:

Jean-Sebastien Coron: jean-sebastien.coron - at - uni.lu

To apply:

http://emea3.mrted.ly/1503l

Closing date for applications: 15 September 2016

Digital signatures are one of the most important cryptographic primitives. In this work we construct an information-theoretically secure signature scheme which, unlike prior schemes, enjoys a number of advantageous properties such as short signature length and high generation efficiency, to name two. In particular, we extend symmetric-key message authentication codes (MACs) based on universal hashing to make them transferable, a property absent from traditional MAC schemes. Our main results are summarised as follows.

- We construct an unconditionally secure signature scheme which, unlike prior schemes, does not rely on a trusted third party or anonymous channels. In our scheme, a sender shares with each of the remaining protocol participants (or recipients) a set of keys (or hash functions) from a family of universal hash functions. Also, the recipients share with each other a random portion of the keys that they share with the sender. A signature for a message is a vector of tags generated by applying the hash functions to the message. As such, our scheme can be viewed as an extension of MAC schemes, and therefore, the practical implementation of our scheme is straightforward.

- We prove information-theoretic security of our scheme against forging, repudiation, and non-transferability.

- We compare our schemes with existing both "classical" (not employing quantum mechanics) and quantum unconditionally secure signature schemes. The comparison shows that our new scheme has a number of unparalleled advantages over the previous schemes.

- Finally, although our scheme does not rely on trusted third parties, we discuss this, showing that having a trusted third party makes our scheme even more attractive.

In this paper I propose the fully homomorphic public-key encryption(FHPKE) scheme with zero norm noises that is based on the discrete logarithm assumption(DLA) and computational Diffie–Hellman assumption(CDH) of multivariate polynomials on octonion ring. Since the complexity for enciphering and deciphering become to be small enough to handle, the cryptosystem runs fast.

Several cryptographic methods have been developed based on the difficulty to determine the set of solutions of a polynomial system over a given field. We build a polynomial ideal whose algebraic set is related to the set of isomorphisms between two graphs. The problem {\sc isomorphism}, posed in the context of Graph Theory, has been extensively used in zero knowledge authentication protocols. Thus, any cryptographic method based on {\sc isomorphism} can be translated into an equivalent method based on the problem of finding rational points in algebraic sets associated to polynomial ideals.

Many data-driven personalized services require that private data of users is scored against a trained machine learning model. In this paper we propose a novel protocol for privacy-preserving classification of decision trees, a popular machine learning model in these scenarios. Our solutions are composed out of building blocks, namely a secure comparison protocol, a protocol for obliviously selecting inputs, and a protocol for evaluating polynomials. By combining some of the building blocks for our decision tree classification protocol, we also improve previously proposed solutions for classification of support vector machines and logistic regression models. Our protocols are information theoretically secure and, unlike previously proposed solutions, do not require modular exponentiations. We show that our protocols for privacy-preserving classification lead to more efficient results from the point of view of computational and communication complexities. We present accuracy and runtime results for 7 classification benchmark datasets from the UCI repository.

Threshold secret sharing is a protocol that allows a dealer to share a secret among $n$ players so that any coalition of $t$ players learns nothing about the secret, but any $t+1$ players can reconstruct the secret in its entirety.

Robust secret sharing (RSS) provides the additional guarantee that even if $t$ malicious players mangle their shares, they cannot cause the honest players to reconstruct an incorrect secret.

When $t < \frac{n}{3}$, Shamir sharing is known to be robust, and when $t > \frac{n}{2}$, RSS is known to be impossible, but for $\frac{n}{3} < t < \frac{n}{2}$ much less is known.

When $\frac{n}{3} < t < \frac{n}{2}$ previous RSS protocols could either achieve optimal share size with inefficient (exponential time) reconstruction procedures, or sub-optimal share size with polynomial time reconstruction.

In this work, we construct a simple RSS protocol for $t = \left\{ \frac{1}{2} - \epsilon\right\}n$ that achieves logarithmic overhead in terms of share size and simultaneously allows efficient reconstruction. Our shares size increases by an additive term of $O(\kappa + \log n)$, and reconstruction succeeds except with probability at most $2^{-\kappa}$.

This provides a partial solution to a problem posed by Cevallos et al. in Eurocrypt 2012. Namely, when $t = \left\{ \frac{1}{2} - O(1) \right\}n$ we show that the share size in RSS schemes do not require an overhead that is linear in $n$.

Previous efficient RSS protocols like that of Rabin and Ben-Or (STOC '89) and Cevallos et al. (Eurocrypt '12) use MACs to allow each player to check the shares of each other player in the protocol. These checks provide robustness, but require significant overhead in share size. Our construction identifies the $n$ players as nodes in an expander graph, each player only checks its neighbors in the expander graph.

When $t = \left\{ \frac{1}{2} - O(1) \right\}n$, the concurrent, independent work of Cramer et al. (Eurocrypt '16) shows how to achieve shares that \emph{decrease} with the number of players using completely different techniques.

Oblivious transfer protocol is an important cryptographic primitive having numerous applications and particularly playing an essential role in secure multiparty computation protocols. On the other hand existing oblivious transfer protocols are based on computationally expensive public-key operations which remains the main obstacle for employing such protocols in practical applications. In this paper a novel approach for designing oblivious transfer protocols is introduced based on the idea of replacing public-key operations by white-box cryptography techniques. As a result oblivious transfer protocols based on white-box cryptography run several times faster and require less communication bandwidth compared with the existing protocols.

Over the past decade, the hybrid lattice reduction and meet-in-the middle attack (called the Hybrid Attack) has been used to evaluate the security of many lattice-based cryprocraphic schemes such as NTRU, NTRU prime, BLISS, and more. However, unfortunately none of the previous analyses of the Hybrid Attack is entirely satisfactory: they are based on simplifying assumptions that may distort the security estimates. Such simplifying assumptions include setting probabilities equal to $1$, which, for the parameter sets we analyze in this work, are in fact as small as $2^{-92}$. Many of these assumptions yield more conservative security estimates. However, some lead to overestimating the scheme's security, and without further analysis, it is not clear which is the case. Therefore, the current security estimates against the Hybrid Attack are not reliable and the actual security levels of many lattice-based schemes are unclear.

In this work we present an improved runtime analysis of the Hybrid Attack that gets rid of incorrect simplifying assumptions. Our improved analysis can be used to derive reliable and accurate security estimates for many lattice-based schemes. In addition, we reevaluate the security against the Hybrid Attack for the NTRU, NTRU prime, and R-BinLWEEnc encryption schemes as well as for the BLISS and GLP signature schemes. Our results show that there exist both over- and underestimates of up to $80$ bits of security in the literature. Our results further show that the common claim that the Hybrid Attack is the best attack on all NTRU parameter sets is in fact a misconception based on incorrect analyses of the attack.

In this paper we introduce a new type of attack, called nonlinear invariant attack. As application examples, we present new attacks that are able to distinguish the full versions of the (tweakable) block ciphers Scream, iScream and Midori64 in a weak-key setting. Those attacks require only a handful of plaintext-ciphertext pairs and have minimal computational costs. Moreover, the nonlinear invariant attack on the underlying (tweakable) block cipher can be extended to a ciphertext-only attack in well-known modes of operation such as CBC or CTR. The plaintext of the authenticated encryption schemes SCREAM and iSCREAM can be practically recovered only from the ciphertexts in the nonce-respecting setting. This is the first result breaking a security claim of SCREAM. Moreover, the plaintext in Midori64 with well-known modes of operation can practically be recovered. All of our attacks are experimentally verified.