International Association
for Cryptologic Research

In this work we consider the closest vector problem (CVP) ---a problem also known as maximum-likelihood decoding--- in the tensor of two root lattices of type A ($A_m \otimes A_n$), as well as in their duals ($A^*_m \otimes A^*_n$). This problem is mainly motivated by {\em lattice based cryptography}, where the cyclotomic rings $\mathbb Z[\zeta_c]$ (resp. its co-different $\mathbb Z[\zeta_c]^\vee$) play a central role, and turn out to be isomorphic as lattices to tensors of $A^*$ lattices (resp. $A$ root lattices). In particular, our results lead to solving CVP in $\mathbb Z[\zeta_c]$ and in $\mathbb Z[\zeta_c]^\vee$ for conductors of the form $c = 2^\alpha p^\beta q^\gamma$ for any two odd primes $p,q$.

For the primal case $A_m \otimes A_n$, we provide a full characterization of the Voronoi region in terms of simple cycles in the complete directed bipartite graph $K_{m+1,n+1}$. This leads ---relying on the Bellman-Ford algorithm for negative cycle detection--- to a CVP algorithm running in *polynomial time*. Precisely, our algorithm performs $O(l\ m^2 n^2 \min\{m,n\})$ operations on reals, where $l$ is the number of bits per coordinate of the input target. For the dual case, we use a gluing-construction to solve CVP in sub-exponential time $O(n m^{n+1})$.

Elliptic Curve Cryptography (ECC) is gaining popularity in recent years. Having short keys and short signatures in particular makes ECC likely to be adopted in numerous internet-of-things (IoT) devices. It is therefore critical to optimize ECC well for both speed and power consumption. Optimization opportunities exist on several different levels: algorithm, architecture, and/or implementation. We combine optimizations at every level in an efficient multi-core FPGA implementation. The core building block for our implementation is a Montgomery multiplier capable of modular additions and multiplications with an arbitrary prime modulus. The size of the prime modulus can also be changed easily, for which we have implemented and tested up to 528-bits used in the NIST P-521 curve. Based on this building block, we have developed a multi-core architecture that supports multiple parallel modular additions, multiplications, and inverses. Efficient ECC group addition and doubling are then built from this foundation. To support a wide variety of curves and at the same time resist timing/power-based side-channel attacks, our scalar multiplication is implemented using the Co-Z ladder due to Hutter, Joye, and Sierra. This approach also allows us to trade off between speed and power consumption by using a different number of Montgomery cores.

We consider a setting where there are two parties, each party holds a private graph and they wish to jointly compute the structural dissimilarity between two graphs without revealing any information about their private input graph. Graph edit distance (GED) is a widely accepted metric for measuring the dissimilarity of graphs. It measures the minimum cost for transforming one graph into the other graph by applying graph edit operations. In this paper we present a framework for securely computing approximated GED and as an example, present a protocol based on threshold additive homomorphic encryption scheme. We develop several new sub-protocols such as private maximum computation and optimal assignment protocols to construct the main protocol. We show that our protocols are secure against semi-honest adversaries. The asymptotic complexity of the protocol is $O(n^5\ell\log^*(\ell))$ where $\ell$ is the bit length of ring elements and $n$ is the number of nodes in the graph.

The purpose of this role is to conduct high impact research and deliver outstanding teaching and student experience in the area of cyber security, and to play a significant leadership role in supporting the achievement of the teaching and service missions of the School and Faculty.

The appointment would be:

• at level D ($143k – $157k per annum) or level E ($183k per annum), plus 17% superannuation and leave loading, commensurate with academic qualifications and experience,

• full time,

• to a Convertible Tenure Track Employment Contract for an initial fixed term period, with conversion to continuing appointment based on satisfactory performance and there being sufficient productive work available.

The Faculty reserves the right to offer an appointment on a continuing basis or to directly appoint to advertised positions.

About you

We are looking for an exceptional candidate to provide academic leadership and foster excellence in research, innovative teaching and professional activities. Applicants with industry experience are especially welcome.

As the successful candidate, you will have:

• A PhD in Cyber Security or a related field

• A significant track record of high impact international research

• Demonstrated leadership in building engagement and partnerships with the profession and industry

• Record of outstanding delivery of high quality teaching and student experience

UNSW desires to be the exemplar Australian university and employer of choice for people from diverse backgrounds. UNSW aspires to ensure equality in recruitment, development, retention and promotion of staff, paying particular attention to ensuring no-one is disadvantaged on the basis of their gender, cultural background, disability or Indigenous origin.

Engineering strongly encourages female applicants and actively supports women to succeed through specific Faculty and UNSW initiatives and generous parental leave provisions and flexible work practices.

Closing date for applications: 9 October 2016

Contact: Any enquiries can be forwarded to Professor Maurice Pagnucco, Head of School:

E: morri (at) cse.unsw.edu.au

T: +61 9385 5518

More information: https://www.engineering.unsw.edu.au/about-us/careers/academic-positions

Garbled RAM, introduced by Lu and Ostrovsky (Eurocrypt 2013), provides a novel method to garble RAM (Random Access Machine) programs directly. It can be seen as a RAM analogue of Yao's garbled circuits such that, the size of the garbled program and the time it takes to create and evaluate it, is proportional only to the running time of the RAM program, avoiding the inefficient process of first converting it into a circuit. Secure RAM computation for two parties is a key application of garbled RAM. However, this construction is secure only against semi-honest adversaries.

In this paper we provide a cut-and-choose technique for garbled RAM. This gives the first constant round two-party secure computation protocol for RAM programs secure against malicious adversaries that makes only black-box use of the underlying cryptographic primitives. Our protocol allows for garbling multiple RAM programs being executed on a persistent database. Security of our construction is argued in the random oracle model.

The possibility of basing cryptography on the minimal assumption $\textbf{NP}\nsubseteq \textbf{BPP}$ is at the very heart of complexity-theoretic cryptography. The closest we got so far was lattice-based cryptography whose average-case security is based on the worst-case hardness of approximate shortest vector problems on integer lattices. The state-of-the-art is the construction of a one-way function (and collision-resistant hash function) based on the hardness of the $\tilde{O}(n)$-approximate shortest independent vector problem $\textsf{SIVP}_{\tilde O(n)}$.

Although $\textsf{SIVP}$ is hard in its exact version, Guruswami, et al (CCC 2004) showed that $\textsf{gapSIVP}_{\sqrt{n/\log n}}$ is in $\textbf{NP} \cap \textbf{coAM}$ and thus unlikely to be $\textbf{NP}$-hard. Indeed, any language that can be reduced to $\textsf{gapSIVP}_{\tilde O(\sqrt n)}$ (under general probabilistic polynomial-time adaptive reductions) is in $\textbf{AM} \cap \textbf{coAM}$ by the results of Peikert and Vaikuntanathan (CRYPTO 2008) and Mahmoody and Xiao (CCC 2010). However, none of these results apply to reductions to search problems, still leaving open a ray of hope: can $\textbf{NP}$ be reduced to solving search SIVP with approximation factor $\tilde O(n)$?

We show that any language that can be reduced to solving search $\textsf{SIVP}$ with approximation factor $\tilde O(n)$ lies in $\textbf{AM}$ intersect $\textbf{coAM}$, eliminating the possibility of basing current constructions on NP-hardness.

Tian et al. proposed a permutation based authentication protocol entitled RAPP. However, it came out very soon that it suffers from several security treats such as desynchronization attack. Following RAPP, several protocols have been proposed in literature to defeat such attacks. Among them, some protocols suggested to keep a record of old parameters by both the reader and the tag. In this paper we present a genrilized version of all such protocols, named GUMAP, and present an efficent desynchronization attack against it. The complexity of our attack is 5 consequences sessions of protocol and the success probability is almost 1. Our attack is applicable as it is to recently proposed protocols entitled RCIA, KMAP, SASI$^{+}$ and SLAP. To the best of our knowledge, it is the first report on the vulnerability of these protocols.

This paper presents expressive predicate encryption (PE) systems, namely non-zero inner-product-predicate encryption (NIPPE) and attribute-based encryption (ABE) supporting monotone span programs achieving best known parameters among existing similar schemes under well-studied static complexity assumptions. Both the constructions are built in composite order bilinear group setting and involve only 2 group elements in the ciphertexts. More interestingly, our NIPPE scheme, which additionally features only 1 group element in the decryption keys, is the first to attain succinct ciphertexts and decryption keys simultaneously. For proving selective security of these constructions under the Subgroup Decision assumptions, which are the most standard static assumptions in composite order bilinear group setting, we apply the extended version of the elegant D´ej`a Q framework, which was originally proposed as a general technique for reducing the q-type complexity assumptions to their static counter parts. Our work thus demonstrates the power of this framework in overcoming the need of q-type assumptions, which are vulnerable to serious practical attacks, for deriving security of highly expressive PE systems with compact parameters. We further introduce the concept of online-offline multi-input functional encryption (OO-MIFE), which is a crucial advancement towards realizing this highly promising but computationally intensive cryptographic primitive in resource bounded and power constrained devices. We also instantiate our notion of OO-MIFE by constructing such a scheme for the multi-input analog of the inner product functionality, which has a wide range of application in practice. Our OO-MIFE scheme for multiinput inner products is built in asymmetric bilinear groups of prime order and is proven selectively secure under the well-studied k-Linear (k-LIN) assumption.

The concept of indifferentiability of systems, a generalized form of indistinguishability, was proposed in 2004 to provide a simplified and generalized explanation of impossibility results like the non-instantiability of random oracles by hash functions due to Canetti, Goldreich, and Halevi (STOC 1998). But indifferentiability is actually a constructive notion, leading to possibility results. For example, Coron {\em et al.} (Crypto 2005) argued that the soundness of the construction $C(f)$ of a hash function from a compression function $f$ can be demonstrated by proving that $C(R)$ is indifferentiable from a random oracle if $R$ is an ideal random compression function.

The purpose of this short paper is to describe how the indifferentiability notion was a precursor to the theory of constructive cryptography and thereby to provide a simplified and generalized treatment of indifferentiability as a special type of constructive statement.

In cryptographic access control sensitive data is protected by cryptographic primitives and the desired access structure is enforced through appropriate management of the secret keys. In this paper we study rigorous security definitions for the cryptographic enforcement of Role Based Access Control (RBAC). We propose the first simulation-based security definition within the framework of Universal Composability (UC). Our definition is natural and intuitively appealing, so we expect that our approach would carry over to other access models.

Next, we establish two results that clarify the strength of our definition when compared with existing ones that use the game-based definitional approach. On the positive side, we demonstrate that both read and write-access guarantees in the sense of game-based security are implied by UC security of an access control system. Perhaps expected, this result serves as confirmation that the definition we propose is sound.

Our main technical result is a proof that simulation-based security requires impractical assumptions on the encryption scheme that is employed. As in other simulation-based settings, the source of inefficiency is the well known ``commitment problem'' which naturally occurs in the context of cryptographic access control to file systems.

Distance Bounding (DB) is designed to mitigate relay attacks. This paper provides a complete study of the DB protocol of Kleber et al. based on Physical Unclonable Functions (PUFs). We contradict the claim that it resists to Terrorist Fraud (TF). We propose some slight modifications to increase the security of the protocol and formally prove TF-resistance, as well as resistance to Distance Fraud (DF), and Man-In-the-Middle attacks (MiM) which include relay attacks.

Web advertisements, an integral part of today's web browsing experience, financially support countless websites. Meaningful advertisements, however, require behavioral targeting, user tracking and profile fingerprinting that raise serious privacy concerns. To counter privacy issues and enhance usability, adblockers emerged as a popular way to filter web requests that do not serve the website's main content. Despite their popularity, little work has focused on quantifying the privacy provisions of adblockers.

In this paper, we develop a quantitative approach to objectively compare the privacy of adblockers. We propose a model based on a set of privacy metrics that captures not only the technical web architecture, but also the underlying corporate institutions of the problem across time and geography.

We investigate experimentally the effect of various combinations of ad-blocking software and browser settings on 1000 Web sites. Our results highlight a significant difference among adblockers in terms of filtering performance, in particular affected by the applied configurations. Besides the ability to judge the filtering capabilities of existing adblockers and their particular configurations, our work provides a general framework to evaluate new adblocker proposals.

This paper presents parallel scalar multiplication techniques for elliptic curve cryptography using q-based addition-subtraction k-chain which can also effectively resist side-channel attack. Many techniques have been discussed to improve scalar multiplication, for example, double-and-add, NAF, w-NAF, addition chain and addition-subtraction chain. However, these techniques cannot resist side-channel attack. Montgomery ladder, random w-NAF and uniform operation techniques are also widely used to prevent side-channel attack, but their operations are not efficient enough comparing to those with no side-channel attack prevention. We have found a new way to use k-chain for this purpose. In this paper, we extend the definition of k-chain to q-based addition-subtraction k-chain and modify an algorithm proposed by Jarvinen et al. to generate the q-based addition-subtraction k-chain. We show the upper and lower bounds of its length which lead to the computation time using the new chain techniques. The chain techniques are used to reduce the cost of scalar multiplication in parallel ways. Comparing to w-NAF, which is faster than double-and-add and Montgomery ladder technique, the maximum computation time of our q-based addition-subtraction k-chain techniques can have up to 25.92% less addition costs using only 3 parallel computing cores. We also discuss on the optimization for multiple operand point addition using hybrid-double multiplier which is proposed by Azarderakhsh and Reyhani-Masoleh. The proposed parallel chain techniques can also tolerate side-channel attack efficiently.

You are expected to support and strengthen our research activities in the area of security and privacy. You will contribute to ongoing projects, as well as new project proposals. You will be involved in project management and support the supervision of PhD candidates.

The ideal candidate brings expertise in one or more of the topics listed below, documented by high-quality publications, a Ph.D. degree in computer science, or a closely related discipline, from an internationally-renowned university, and a strong motivation to become part of our team. Proficient knowledge of written and spoken English is required. Conversational German skills are an advantage.

Topics of interest include:

• System security of cyber-physical-systems, Internet-of-Things, and vehicular networks

• Machine learning in security & privacy

• Applied cryptography

Our group has a broad range of activities and projects in security and privacy of cyber-physical-systems. Please check our website for details and address in your application, how your research can complement our expertise. We offer a unique environment for your research with excellent facilities and highly competitive salary.

If you are interested, please send us your application including your CV with publication list, a list of up to three references, and a motivational letter that specifically addresses this job offer. If you have a public Google Scholar author profile, please also provide the URL.

Please submit your application immediately but not later than 31. October 2016. The position is available immediately. The appointment will be for an initial duration of two years with the option of being extended.

Ulm University is committed to increasing the share of women in research and teaching positions and therefore explicitly encourages female candidates to apply. Job sharing is always possible for full time positions. Physically disabled applicants receive favourable consideration when equally qualified. The appointment to this position is made by the central university administration.

Closing date for applications: 31 October 2016

Contact: Candidates are invited to submit their application via email to vs-jobs (at) uni-ulm.de. Please start your subject line with “[VS-PD]”. In case of questions on this position, feel free to contact Prof. Dr. Frank Kargl (frank.kargl (at) uni-ulm.de) and Dr. Christoph Bösch (christoph.boesch (at) uni-ulm.de). 

More information: https://www.uni-ulm.de/in/vs/

This is a full-time, permanent post and the successful candidate will join a Department with a widely recognised reputation for teaching Computer Science in the heart of London. The Department hosts several well-established undergraduate and postgraduate courses for both full-time and part-time students.

The appointee will be expected to join an energetic and innovative team of academic staff who deliver undergraduate and postgraduate teaching. In collaboration with our current team in cyber security, the applicant will contribute to teaching in our postgraduate courses and embed cyber security in all levels of our undergraduate courses. The cyber security curriculum in our programmes was recently redesigned around the CISSP themes so they are kept aligned with (ICS)2 both in current state and in the way our modules get updated. Supervision of student projects forms an important component of our staff’s professional practice.

Staff are also encouraged to develop their external research profile and the appointee to this post will be expected to contribute to one or more of the Faculty of Science and Technology’s multidisciplinary Research Groups that include the Cyber Security research group, the Centre for Parallel Computing, Distributed and Intelligent Systems, Software Systems Engineering.

Closing date for applications: 2 October 2016

Contact:

For an informal discussion on the post please contact: Dr Aleka Psarrou, Head of Department of Computer Science at psarroa (at) westminster.ac.uk or telephone 020 7911 4846.

More information: https://vacancies.westminster.ac.uk/Hrvacancies/default.aspx?id=50045128

Physical unclonable functions (PUFs) are promising hardware security primitives suitable for low-cost cryptographic applications.Ring oscillator (RO) PUF is a well-received silicon PUF solution due to its ease of implementation and entropy evaluation. However, the responses of RO-PUFs are susceptible to environmental changes, in particular, to temperature variations. Additionally, a conventional RO-PUF implementation is usually more power-hungry than other PUF alternatives. This paper explores circuit-level techniques to design low-power RO-PUFs with enhanced thermal stability. We introduce a power-efficient approach based on a phase/frequency detector (PFD) to perform pairwise comparisons of ROs. We also propose a temperature compensated bulk-controlled oscillator and investigate its feasibility and usage in PFD-based RO-PUFs. Evaluation results demonstrate that the proposed techniques can effectively reduce the thermally induced errors in PUF responses while imposing a very low power overhead.

Surprisingly, most of existing provably secure FHE or SWHE schemes are lattice-based constructions. It is legitimate to question whether there is a mysterious link between homomorphic encryptions and lattices. This paper can be seen as a first (partial) negative answer to this question. We propose a very simple private-key (partially) homomorphic encryption scheme whose security relies on factorization. This encryption scheme deals with a secret multivariate rational function $\phi_D$ defined over $\mathbb{Z}_n$, $n$ being an RSA-modulus. An encryption of $x$ is simply a vector $c$ such that $\phi_D(c)=x+\textsf{noise}$. To get homomorphic properties, nonlinear operators are specifically developed. We first prove IND-CPA security in the generic ring model assuming the hardness of factoring. We then extend this model in order to integrate lattice-based cryptanalysis and we reduce the security of our scheme (in this extended model) to an algebraic condition. This condition is extensively discussed for several choices of parameters. Some of these choices lead to competitive performance with respect to other existing homomorphic encryptions. While quantum computers are not only dreams anymore, designing factorization-based cryptographic schemes might appear as irrelevant. But, it is important to notice that, in our scheme, the factorization of $n$ is not required to decrypt. The factoring assumption simply ensures that solving nonlinear equations or finding non-null polynomials with many roots is difficult. Consequently, the ideas behind our construction could be re-used in rings satisfying these properties.

Logic encryption protects integrated circuits (ICs) against intellectual property (IP) piracy and over- building attacks by encrypting the IC with a key. A Boolean satisfiability (SAT) based attack breaks all existing logic encryption technique within few hours. Recently, a defense mechanism known as Anti-SAT was presented that protects against SAT attack, by rendering the SAT-attack effort exponential in terms of the number of key gates. In this paper, we highlight the vulnerabilities of Anti-SAT and propose signal probability skew (SPS) attack against Anti-SAT block. SPS attack leverages the structural traces in Anti-SAT block to identify and isolate Anti-SAT block. The attack is 100% successful on all variants of Anti-SAT block. SPS attack is scalable to large circuits, as it breaks circuits with up to 22K gates within two minutes.

Order-preserving encryption and its generalization order-revealing encryption (OPE/ORE) are used in a variety of settings in practice in order to allow sorting, performing range queries, and filtering data — all while only having access to ciphertexts. But OPE and ORE ciphertexts necessarily leak information about plaintexts, and what level of security they provide has been unclear. In this work, we introduce new leakage-abuse attacks that show how to recover plaintexts from OPE/ORE-encrypted databases. Underlying our new attacks against practically-used schemes is a framework in which we cast the adversary’s challenge as a non- crossing bipartite matching problem. This allows easy tailoring of attacks to a specific scheme’s leakage profile. In a case study of customer records, we show attacks that recover 99% of first names, 97% of last names, and 90% of birthdates held in a database, despite all values being encrypted with the OPE scheme most widely used in practice. We also show the first attack against the recent frequency- hiding Kerschbaum scheme, to which no prior attacks have been demonstrated. Our attack recovers frequently occurring plaintexts most of the time.

We revisit the Even-Mansour (EM) scheme with random oracle key derivation previously considered by Andreeva et al. (CRYPTO 2013). For this scheme, Andreeva et al. provided an indifferentiability (from an ideal $(k,n)$-cipher) proof for 5 rounds while they exhibited an attack for 2 rounds. Left open is the (in)differentiability of 3 and 4 rounds.

We present a proof for the indifferentiability of 3 rounds and thus closing the aforementioned gap. This also separates EM ciphers with non-invertible key derivations from those with invertible ones in the full indifferentiability setting. Prior work only established such a separation in the weaker sequential-indifferentiability setting (DCC, 2015). Our results also imply 3-round EM indifferentiable under multiple random known-keys, partially settling a problem left by Cogliati and Seurin (FSE 2016).

The key point for our indifferentiability simulator is to pre-emptively obtain some chains of ideal-cipher-queries to simulate the structures due to the related-key boomerang property in the 3-round case. The length of such chains have to be as large as the number of queries issued by the distinguisher. Thus the situation somehow resembles the context of hash-of-hash $H^2$ considered by Dodis et al. (CRYPTO 2012). Besides, a technical novelty of our proof is the absence of the so-called distinguisher that completes all chains.