IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
02 August 2016
Johannes Braun, Johannes Buchmann, Denise Demirel, Mikio Fujiwara, Matthias Geihs, Shiho Moriai, Masahide Sasaki, Atsushi Waseda
30 July 2016
Goethe University Frankfurt, Frankfurt am Main , Germany
Closing date for applications: 16 August 2016
Contact: Prof. Dr. Kai Rannenberg
More information: https://m-chair.de/images/documents/career/The_Deutsche_Telekom_Chair_of_Mobile_Business.pdf
29 July 2016
Mohammad Hadi Valizadeh, Hoda Maleki, William Koch, Azer Bestavros, Marten van Dijk
Ankele, Ralph, Ankele, Robin
With the annual CRYPTO conference coming up soon, I would like to inform you about some recent developments in the IACR.
Journal of Cryptology - Reviewers of the Year
Ivan Damgaard as the current Editor-in-Chief of the journal has awarded the title of "Reviewer of the Year" at Eurocrypt. He actually designated two colleagues for being his most reliable and helpful reviewers, with the following details:
- Vincent Rijmen, 9/9 accepted invitations, 7 completed on time, 1 late, 1 ongoing
- Jens Groth, 8/8 accepted invitations, 6 completed on time, 1 late, 1 ongoing
Journal of Cryptology - Kenny Paterson new Editor-in-Chief
Ivan Damgaard is resigning from the position of Editor-in-Chief of the Journal of Cryptology. On behalf of all IACR members I would like to thank Ivan for his dedication to the journal and for his work with moving to the online submission and reviewing system.
To replace him, the Board has recently appointed Kenny Paterson as Editor in Chief for the Journal of Cryptology, for a 3-year period starting in January 2017. Congratulations!
IACR Transactions on Symmetric Cryptology (ToSC)
Earlier this year the IACR has also decided to change the publication format for the yearly FSE conference to a conference-journal hybrid. The newly established IACR Transactions on Symmetric Cryptology (ToSC) will be a journal with a rapid and strict reviewing schedule.
Publication of a paper in ToSC during the year will give the authors an opportunity to present the result at the next FSE. Publication will be online and all content is available freely (Gold Open-Access). There will be four submission deadlines, four review periods, and four issues yearly.
For more information about ToSC, please visit the temporary website: iacr.org/transactions/tosc/.
IACR Cryptology Schools
The IACR schools program sponsors educational schools aimed at graduate students. The grants allow organizers to invite speakers or pay for fixed costs. Proposals can be submitted by Dec. 31 and by June 30; a description of the schools program appears at iacr.org/schools.
As there were no proposals received by the recent deadline of June 30 this year, we extend this deadline to August 31, 2016. Details about submissions are explained on the website.
Conference locations and appointments
At its meeting during Eurocrypt 2016 in Vienna, the Board has received two very strong proposals for future Eurocrypts. Exceptionally it has decided to fix the location of a Eurocrypt conference three years ahead:
- Eurocrypt 2018, 29 Apr-3 May, Tel Aviv (IL), with Orr Dunkelman as General Chair
- Eurocrypt 2019, Apr/May, Darmstadt (DE), with Marc Fischlin as General Chair
- Thomas Peyrin as Program Co-Chair of Asiacrypt 2017-18
- Hovav Shacham as Program Co-Chair of CRYPTO 2017-18
Excellent people from our discipline continue to be recognized by prominent awards, which cover researchers from a much broader domain. After several ACM Turing Awards, the most recent one this year, it is my pleasure to congratulate two colleagues:
- Tal Rabin has been elected to the American Academy of Arts & Sciences.
- Brent Waters has received the 2015 Grace Murray Hopper Award for the introduction and development of the concepts of attribute-based and functional encryption.
Last but not least, the planning for this year's Asiacrypt in Hanoi (4-8 Dec) is progressing well. See the website for all further information: www.asiacrypt2016.com.
I am looking forward to seeing many of you in Santa Barbara or in Hanoi.
Best regards,
Christian Cachin
President, IACR
ARM Ltd
We are open to offer the possibility to work from home internationally.
You will have a strong interest in security and cryptography as well as in helping secure the emerging market for Internet of Things type devices. You will have the opportunity to help us deliver a vital part of future Internet of Things devices, helping to ensure they will stay secure and robust.
The role offers unique challenges working in a new business space where you can help shape the future of Internet of Things and the security of these emerging technologies and devices.
Description of Role:
* Contribute to system and architectural designs, from server to device, providing security input
* Perform risk analysis, as well as vulnerability and security assessments
* Write and develop high assurance software in C and assembly
* Participate in code reviews, testing and architectural planning of new products
* To work with the open source community in the development of the library
* To contribute to project planning of new features, design and implementation
* To mentor and coach others in security best practices
* Provide support to both internal and external customers
* Participate in standards meetings
* To keep pace with the fast moving fields of cryptography and software security
Closing date for applications: 30 October 2016
Contact: Applications should be made directly through ARM\'s online application system.
More information: http://careers.peopleclick.com/careerscp/client_arm/external/jobDetails.do?functionName=getJobDetail&jobPostId=26010
Hong Kong Applied Science and Technology Research Institite Company Limited
Job Responsibilities
•Research on latest security threat and cloud computing security.
•Develop and implement secure software systems.
•Develop cryptographic, encryption technologies, and mobile security solutions.
•Develop and implement cyber-threat intelligence and defense technologies.
•Be able to perform security investigation on cyber security and e-commerce systems.
•Conduct R&D in various areas which include but not limited to software, network, distributed systems, database, reverse engineering, malware analysis and mobile security.
Requirements
•Bachelor’s degree in Computer Science, Electrical Engineering or other relevant discipline with 6 years relevant experience. Master’s degree with 3+ years’ experience, or PhD holder with less experience. Candidates with less experience will be considered as Engineer.
•Solid experience in software and system development (C/C++, C#, Java, Python, Android, iPhone or Java Script).
•Experience in hands-on R&D projects, especially on software systems.
•Experience in planning, organizing, leading and implementing novel R&D projects, especially on information security and data analytics related areas.
•Preferably with certificates or formal training in information security or with experience in security assessment, but not a must.
•Experience in well-known data analysis challenge or ACM competition is a big plus.
•Experience in financial technologies such as algorithm trading, blockchain, etc. is a big plus.
•Good team player and passionate about producing quality software and enhancing user experience.
•Good interpersonal communication and presentation skills.
•Good command of both written and spoken English and Chinese.
Closing date for applications: 15 August 2016
Contact: charlenechoo (at) astri.org
More information: http://www.astri.org/careers/work-at-astri/jobs/principal-engineer-senior-engineer-engineer-cyber-security/
Hong Kong Applied Science and Technology Research Institute Company Limited
Job Responsibilities
•Conduct research on advanced ethical hacking, penetration testing, reverse engineering.
•Conduct assessment on network infrastructure, web and mobile security.
•Assisting on IT security enforcement and enhancement.
•Design secure application testing approaches, integrate quality assurance testings with security functionalities.
•Candidate with strong programming background will also be involved in security tool/signature development.
•Design and implement preventive security controls, application code review and analysis, code scanning and testing tools, web application scanning and penetration tests.
•Manage vendor and service provider on security tools and technologies project engagement and delivery.
Qualification/Required Experience & Skills
•Bachelor’s degree or above in Computer Science, Electrical Engineering or other relevant disciplines with a minimum of 5 years of experience in security assessment, less experience will also be considered for the Engineer level.
•Experience in financial industry is preferred but not mandatory.
•Demonstrate wide working knowledge of application security.
•Experience in application development life cycle, application testing and code scanning, with exposure in penetration test, finding exploits, vulnerabilities, unauthorized access, or other malicious activities in computer systems.
•Proficient in English, spoken and written.
•High integrity and professional work practice.
•Appreciation of people and cultures of different countries.
Closing date for applications: 15 August 2016
Contact: charlenechoo (at) astri.org
More information: http://www.astri.org/careers/work-at-astri/jobs/senior-engineerengineer-cyber-security-assessment-4/
IMDEA Software Institute, Madrid, Spain
The positions are based in Madrid, Spain where the IMDEA Software Institute is situated. Salaries are internationally competitive and include attractive conditions such as access to an excellent public healthcare system. The working language at the institute is English.
PhD applicants should have completed, or be close to completing, a Masters degree in computer science, mathematics or a related discipline. The successful PhD applicant will do research in cryptography. Knowledge of cryptography (in particular public key cryptography and provable security) is required, and proven experience in the form of theses or published papers will be considered positively. The application requires: curriculum vitae, a motivation letter, and names of 3 persons that can provide reference about you and your work. For further enquiries on the PhD position, please contact Dario Fiore.
Postdoc applicants should have already completed, or be close to completing, a PhD in computer science, mathematics, or a related discipline, and should have an excellent research track record. The application requires: curriculum vitae, a research statement, and names of 3 persons that can provide reference about you and your work. The postdoctoral positions are available from September 2016 for the duration of up to two years.
Applicants interested in the position should send an email to the faculty members they would like to work with, and submit the application documents at https://careers.imdea.org/software/. Review of applications starts immediately until the positions are filled.
Closing date for applications: 31 December 2016
Contact: For enquiries about the positions, please contact:
Gilles Barthe gilles.barthe (at) imdea.org
Dario Fiore, dario.fiore (at) imdea.org
Boris Koepf, boris.koepf (at) imdea.org
Carmela Troncoso, carmela.troncoso (at) imdea.org
To apply: https://careers.imdea.org/software/
More information: https://software.imdea.org/open_positions.html
École polytechnique, Palaiseau, France
Safran Identity and Security and the computer science department of École polytechnique will conduct a study on the manipulation of centrally issued documents on blockchains.
Object of the study
There already exist various protocols designed for manipulating sensitive documents on blockchains, from straightforward ones (hashes), to advanced protocols (ZeroCash).
Objectives
The objective is to sort out the various proposition for anonymising transactions or data on blockchains, and to design a new one relevant to our application domain. Since the application domain is concerned with documents issued by a trusted third party (a government in case of a passport), our application domain may not be well fitted by existing approaches. Some software developments may be conducted.
Profile
The candidate should have either a rather good knowledge of a few advanced cryptographic protocols, or have a very good understanding of bitcoin (or ethereum) and in particular its programmable features (smart contracts, OP_RETURN).
The candidate will spend 20% of his research time within Safran Identity and Security, (Issy-les-Moulineaux), and 40% in the computer science department of École polytechnique (Palaiseau), within INRIA project-team Grace.
Safran Identity and Security
Safran Identity & Security is a global leader in security and identity solutions, deploying solutions in more than 100 countries, and employing more than 8,700 people in 57 countries. Its solutions manage identities, secure payments and transactions and safeguard privacy, for an increasingly digital and connected world.
École polytechnique
École Polytechnique is a leading French institute which combines top-level research, academics, and innovation at the cutting-edge of science and technology. Its curriculum promotes a culture of excellence with a strong emphasis on science, anchored in humanist traditions.
Closing date for applications: 31 December 2016
Contact: Daniel Augot, INRIA senior researcher, Daniel.Augot (at) inria.fr
More information: https://team.inria.fr/grace/
NTT Secure Platform Laboratories, Tokyo, Japan
A postdoctoral research position in cryptography is available in NTT Secure Platform Laboratories, Tokyo, Japan. The position is initially for one year, and could be extended up to three years on year-by-year basis.
Candidates must hold a PhD in mathematics or computer science, and publications in major conferences related to cryptography. The research topics include foundation and applications in public-key cryptography. Interest in two-party / multi-party computation is an advantage.
Applications (CV, list of publications, and at least two letters of recommendations with contact details) and requests for more information should be directed to all of:
Saho Uchida (Secretary) uchida.saho (at) lab.ntt.co.jp ,
Koutarou Suzuki (Senior Researcher) suzuki.koutarou (at) lab.ntt.co.jp , and
Kazumaro Aoki (Research Group Leader) aoki.kazumaro (at) lab.ntt.co.jp .
Closing date: October 1st, 2016.
Preferred starting date: January-March, 2017.
Closing date for applications: 1 October 2016
University of Luxembourg
The PhD student will be a member of the Computer Science and Communications Research Unit (CSC) research unit within the Faculty of Science, Technology and Communication at the University of Luxembourg.
He/she will work under supervision of Prof. Dr. Jean-Sebastien Coron on one of the following topics :
* Fully Homomorphic encryption and multilinear maps
* Side-channel attacks and countermeasures
The candidate must have a master’s degree or diploma in computer science or mathematics. We offer:
* Personal work space at the University
* Highly competitive salary
* Dynamic and multicultural environment.
For further information please contact:
Jean-Sebastien Coron: jean-sebastien.coron - at - uni.lu
To apply:
http://emea3.mrted.ly/1503l
Closing date for applications: 15 September 2016
28 July 2016
Ryan Amiri, Aysajan Abidin, Petros Wallden, Erika Andersson
- We construct an unconditionally secure signature scheme which, unlike prior schemes, does not rely on a trusted third party or anonymous channels. In our scheme, a sender shares with each of the remaining protocol participants (or recipients) a set of keys (or hash functions) from a family of universal hash functions. Also, the recipients share with each other a random portion of the keys that they share with the sender. A signature for a message is a vector of tags generated by applying the hash functions to the message. As such, our scheme can be viewed as an extension of MAC schemes, and therefore, the practical implementation of our scheme is straightforward.
- We prove information-theoretic security of our scheme against forging, repudiation, and non-transferability.
- We compare our schemes with existing both "classical" (not employing quantum mechanics) and quantum unconditionally secure signature schemes. The comparison shows that our new scheme has a number of unparalleled advantages over the previous schemes.
- Finally, although our scheme does not rely on trusted third parties, we discuss this, showing that having a trusted third party makes our scheme even more attractive.
Masahiro Yagisawa
Edgar González, Guillermo Morales-Luna, Feliú D. Sagols
Martine De Cock, Rafael Dowsley, Caleb Horst, Raj Katti, Anderson C. A. Nascimento, Stacey C. Newman, Wing-Sea Poon
Brett Hemenway, Rafail Ostrovsky
Robust secret sharing (RSS) provides the additional guarantee that even if $t$ malicious players mangle their shares, they cannot cause the honest players to reconstruct an incorrect secret.
When $t < \frac{n}{3}$, Shamir sharing is known to be robust, and when $t > \frac{n}{2}$, RSS is known to be impossible, but for $\frac{n}{3} < t < \frac{n}{2}$ much less is known.
When $\frac{n}{3} < t < \frac{n}{2}$ previous RSS protocols could either achieve optimal share size with inefficient (exponential time) reconstruction procedures, or sub-optimal share size with polynomial time reconstruction.
In this work, we construct a simple RSS protocol for $t = \left\{ \frac{1}{2} - \epsilon\right\}n$ that achieves logarithmic overhead in terms of share size and simultaneously allows efficient reconstruction. Our shares size increases by an additive term of $O(\kappa + \log n)$, and reconstruction succeeds except with probability at most $2^{-\kappa}$.
This provides a partial solution to a problem posed by Cevallos et al. in Eurocrypt 2012. Namely, when $t = \left\{ \frac{1}{2} - O(1) \right\}n$ we show that the share size in RSS schemes do not require an overhead that is linear in $n$.
Previous efficient RSS protocols like that of Rabin and Ben-Or (STOC '89) and Cevallos et al. (Eurocrypt '12) use MACs to allow each player to check the shares of each other player in the protocol. These checks provide robustness, but require significant overhead in share size. Our construction identifies the $n$ players as nodes in an expander graph, each player only checks its neighbors in the expander graph.
When $t = \left\{ \frac{1}{2} - O(1) \right\}n$, the concurrent, independent work of Cramer et al. (Eurocrypt '16) shows how to achieve shares that \emph{decrease} with the number of players using completely different techniques.
Aram Jivanyan, Gurgen Khachatryan, Andriy Oliynyk, Mykola Raievskyi
Thomas Wunderer
In this work we present an improved runtime analysis of the Hybrid Attack that gets rid of incorrect simplifying assumptions. Our improved analysis can be used to derive reliable and accurate security estimates for many lattice-based schemes. In addition, we reevaluate the security against the Hybrid Attack for the NTRU, NTRU prime, and R-BinLWEEnc encryption schemes as well as for the BLISS and GLP signature schemes. Our results show that there exist both over- and underestimates of up to $80$ bits of security in the literature. Our results further show that the common claim that the Hybrid Attack is the best attack on all NTRU parameter sets is in fact a misconception based on incorrect analyses of the attack.