International Association
for Cryptologic Research

Advancements in quantum computing have spurred the development of new asymmetric cryptographic primitives that are conjectured to be secure against quantum attackers. One promising class of these primitives is based on lattices, leading to encryption protocols based on the Learning With Errors (LWE) problem. Key exchange algorithms based on this problem are computationally efficient and enjoy on a strong worst-case hardness guarantee. However, despite recent improvements, the resulting handshake sizes are still significantly larger than those in use today. This thesis looks at the possibility of applying the Leech lattice code to one such scheme, with the goal of decreasing the size of the resulting handshake. We also look at the feasibility of a cryptographically safe implementation of a Leech lattice decoder, and the resulting impact on efficiency.

The call for papers for Crypto 2017 is now online. The submission deadline is February 8. The conference will be held August 20-24 in Santa Barbara.

We are looking for post doctoral researcher working on topics related to applied cryptography. Applicants should be able to show solid expertise in applied cryptography/security illustrated in form of scientific publications at major crypto/security venues such as CRYPTO, EUROCRYPT, ASIACRYPT, TCC, PKC, CHES, HOST, ACM CCS, IEEE S&P, USENIX Security, etc. Topics of particular interest include but are not limited to secure cryptographic implementations (both in hardware and software), side-channel countermeasures, leakage/tamper resilient cryptography, automated security analysis, multiparty computation, cryptocurrencies and verifiable computation. Implementation knowledge of cryptographic schemes in software and/or hardware is an advantage.

The position is initially for 2 years, and you will be working in a vibrant group at the Horst-Görtz Institute at Ruhr-University Bochum. Founded in 2001, the Horst-Görtz Institute at Ruhr-University Bochum is a leading interdisciplinary research center dedicated to research and education covering all aspects of IT security, with an excellent record of research in cryptography. The Horst-Görtz Institute has 15 professors and over 80 PhD students.

The application should include a curriculum vitae, a short research statement, and names of 3 persons that can provide reference about the applicant and her/his work. Review of applications starts immediately until the position is filled.

Closing date for applications: 15 January 2017

Contact: Sebastian Faust, sebastian.faust (at) rub.de

The well-known forking lemma by Pointcheval and Stern has been used to prove the security of the so-called generic signature schemes. These signature schemes are obtained via the Fiat-Shamir transform from three-pass identication schemes. A number of five-pass identification protocols have been proposed in the last few years. Extending the forking lemma and the Fiat-Shamir transform would allow to obtain new signature schemes since, unfortunately, these newly proposed schemes fall outside the original framework. In this paper, we provide an extension of the forking lemma in order to assess the security of what we call n-generic signature schemes. These include signature schemes that are derived from certain (2n + 1)-pass identication schemes. We thus obtain a generic methodology for proving the security of a number of signature schemes derived from recently published ve-pass identication protocols, and eventually for (2n+1)-pass identication schemes to come. Finally, we propose a similar extension of the forking lemma for ring signatures originally proposed by Herranz and Sáez.

The NYU Abu Dhabi Program in Computer Science has several open tenure and tenure-track faculty positions. Applicants are expected to be outstanding scholars with excellent track records in their field and participate in teaching at all levels from undergraduate to doctoral. New appointees will be offered competitive salaries and startup packages.

One focus area is Cyber Security. We are looking for excellent researchers with a strong experience building and deploying large-scale security solutions in the real world with a focus on systems security, network security, privacy, cryptography, and formal methods.

Appointments can begin as soon as September 1, 2017, but candidates may elect to start as late as September 1, 2018. Review of applications will begin December 15, 2016.

Closing date for applications: 15 December 2016

Contact: nyuad.science (at) nyu.edu

More information: https://apply.interfolio.com/38844

Event date: 29 April 2017
Submission deadline: 13 December 2016
Notification: 13 January 2017

Are you looking for an opportunity to expand your expertise and explore the full potential that Blockchain technology has to offer across all types of environments and industries? At DarkMatter, you’ll be working at the bleeding edge of this emerging technology, building exceptionally performing products for important, high-impact real world applications.

You will be developing software in an environment where governments have made strategic commitments to widespread Blockchain implementation across government services, smart-city and other critical infrastructure and the wider economy.

You will help design and implement distributed software systems, including decentralized protocols such as consensus.

You’ll have the opportunity to work across DarkMatter peer groups that include some of the world’s best cryptographers, cryptanalysts and other experts. There’s no room for individuals happy to simply follow orders, as you use clean coding practices to test, refactor, and iteratively and incrementally develop constantly improved software.

With many of our customers committed to putting all the resources necessary into developing and deploying the latest, most advanced Blockchain, cryptographic and other cyber security technologies, at DarkMatter you’ll have a chance to test your abilities, build your skills, and expand your horizons by designing for ‘impossible’, next-generation projects.

Technical Skills

- Minimum 5 years of experience working on large software projects (preferably including open-source projects)

- Experience with programming languages such as C, C++ or Go, and with RDBMS or NoSQL databases

- Proven expertise in implementing Blockchain frameworks and business applications, as well as cryptographic protocols and crypto libraries

- Knowledge of symmetric and asymmetric cryptographic principles, hierarchical key management and identity management schemes, FinTech

- Deep understanding of Hyperledger, Ethereum or other Blockchain community technical issues

Closing date for applications: 31 March 2017

Contact: If you are interested to work with us on exciting projects then please click on the link below -

https://darkmatter.ae/en/careers/?p=job%2FoZMf4fwO#vacancies

Event date: 18 August to 22 August 2019

This is an excellent opportunity to join an innovative international Cyber Security practice based in the United Arab Emirates (UAE) who are providing cutting edge services and solutions across the Cyber Security space.

The organisation is currently experiencing rapid growth and has been successful in recruiting the world’s elite Cyber experts.

They are seeking applications for high calibre candidates to head their Cryptanalysis lab.

Successful candidates will be PhD qualified with experience in leading and developing teams coupled with experience in training/teaching others.

Please note this is a permanent opportunity which requires the successful candidate to be based in the United Arab Emirates. Assistance with relocation will be provided.

On offer is an attractive tax free expatriate package (with family benefits), the opportunity to learn from some of the most highly qualified, well renowned Cyber figures in the business and genuine career opportunities.

To apply for this role please forward a copy of your CV in English to hilary (at) talentboutique.ae.

Closing date for applications: 29 January 2017

Contact: Hilary Watson

The Department of Combinatorics and Optimization (C&O) at the University of Waterloo is inviting applications for two tenure-track faculty positions at the rank of Assistant Professor, and in special cases that enhances the research and teaching needs of the Department, Associate or Full Professor with tenure. Applicants with research interests in cryptography will be given full consideration.

The University of Waterloo is home to the Centre for Applied Cryptographic Research (CACR) and the Institute for Quantum Computing (IQC).

Closing date for applications: 1 December 2016

More information: https://uwaterloo.ca/combinatorics-and-optimization/career-opportunities

Event date: 12 February to 16 February 2017

Event date: 8 June to 9 June 2017
Submission deadline: 17 March 2017
Notification: 21 April 2017

Temasek Laboratories at Nanyang Technological University in Singapore is seeking highly motivated candidates for one research fellow position (from fresh post-doc to senior research fellow) in the area of symmetric-key cryptography.

Applicants are expected to have a PhD degree in Mathematics/Computer Science/Engineering and a strong background in cryptography.

Salaries are competitive and are determined according to the successful applicant accomplishments, experience and qualifications. Interested candidates should send their detailed CVs, cover letter and references to Thomas Peyrin (thomas.peyrin (at) ntu.edu.sg).

Review of applications will start immediately until position is filled.

Closing date for applications: 1 March 2017

Contact: Prof. Thomas Peyrin, thomas.peyrin (at) ntu.edu.sg

Conventionally, key-scheduling algorithm (KSA) of a cryptographic scheme runs for predefined number of steps. We suggest a different approach by utilization of randomized stopping rules to generate permutations which are indistinguishable from uniform ones. We explain that if the stopping time of such a shuffle is a Strong Stationary Time and bits of the secret key are not reused then these algorithms are immune against timing attacks.

We also revisit the well known paper of Mironov~\cite{Mironov2002} which analyses a card shuffle which models KSA of RC4. Mironov states that expected time till reaching uniform distribution is $2n H_n - n$ while we prove that $n H_n+ n$ steps are enough (by finding a new strong stationary time for the shuffle).

Nevertheless, both cases require $O(n \log^2 n)$ bits of randomness while one can replace the shuffle used in RC4 (and in Spritz) with a better shuffle which is optimal and needs only $O(n \log n)$ bits.

Bitcoin’s innovative and distributedly maintained blockchain data structure hinges on the adequate degree of difficulty of so-called “proofs of work,” which miners have to produce in order for transactions to be inserted. Importantly, these proofs of work have to be hard enough so that miners have an opportunity to unify their views in the presence of an adversary who interferes but has bounded computational power, but easy enough to be solvable regularly and enable the miners to make progress. As such, as the miners’ population evolves over time, so should the difficulty of these proofs. Bitcoin provides this adjustment mechanism, with empirical evidence of a constant block generation rate against such population changes.

In this paper we provide the first (to our knowledge) formal analysis of Bitcoin’s target (re)calculation function in the cryptographic setting, i.e., against all possible adversaries aiming to subvert the protocol’s properties. We extend the q-bounded synchronous model of the Bitcoin backbone protocol [Eurocrypt 2015], which posed the basic properties of Bitcoin’s underlying blockchain data structure and shows how a robust public transaction ledger can be built on top of them, to environments that may introduce or suspend parties in each round. We provide a set of necessary conditions with respect to the way the population evolves under which the “Bitcoin backbone with chains of variable difficulty” provides a robust transaction ledger in the presence of an actively malicious adversary controlling a fraction of the miners strictly below 50% in each instant of the execution. Our work introduces new analysis techniques and tools to the area of blockchain systems that may prove useful in analyzing other blockchain protocols.

Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform. The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack. To demonstrate the risks involved, we use results from percolation theory to estimate the critical mass of installed devices for a typical city such as Paris whose area is about 105 square kilometers: The chain reaction will fizzle if there are fewer than about 15,000 randomly located smart lights in the whole city, but will spread everywhere when the number exceeds this critical mass (which had almost certainly been surpassed already).

To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates. We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test. To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key (for each device type) that Philips uses to encrypt and authenticate new firmware. We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product.

Isogeny based post-quantum cryptography is one of the most recent addition to the family of quantum resistant cryptosystems. In this paper, we propose an efficient modular multiplication algorithm for primes of the form $p = 2 \cdot 2^a \cdot 3^b - 1$ with b even, typically used in such cryptosystem. Our modular multiplication algorithm exploits the special structure present in such primes. We compare the efficiency of our technique with Barrett reduction and Montgomery multiplication. Our C implementation shows that our algorithm is approximately 3 times faster than the normal Barrett reduction.

Addition chain calculations play a critical role in determining the efficiency of cryptosystems based on isogenies on elliptic curves. However, finding a minimal length addition chain is not easy; a generalized version of the problem, in which one must find a chain that simultaneously forms each of a sequence of values, is NP-complete. For the special primes used in such cryptosystems, finding fast addition chains for finite field arithmetic such as inversion and square root is also not easy. In this paper, we investigate the shape of smooth isogeny primes and propose new methods to calculate fast addition chains. Further, we also provide techniques to reduce the temporary register consumption of these large exponentials, applicable to both software and hardware implementations utilizing addition chains. Lastly, we utilize our procedures to compare multiple isogeny primes by the complexity of the addition chains.

In this paper, we present a constant-time hardware implementation that achieves new speed records for the supersingular isogeny Diffie-Hellman (SIDH), even when compared to highly optimized Haswell computer architectures. We employ inversion-free projective isogeny formulas presented by Costello et al. at CRYPTO 2016 on an FPGA. Modern FPGA's can take advantage of heavily parallelized arithmetic in $\mathbb{F}_{p^{2}}$, which lies at the foundation of supersingular isogeny arithmetic. Further, by utilizing many arithmetic units, we parallelize isogeny evaluations to accelerate the computations of large-degree isogenies by approximately 57\%. On a constant-time implementation of 124-bit quantum security SIDH on a Virtex-7, we generate ephemeral public keys in 10.6 and 11.6 ms and generate the shared secret key in 9.5 and 10.8 ms for Alice and Bob, respectively. This improves upon the previous best time in the literature for 768-bit implementations by a factor of 1.48. Our 83-bit quantum security implementation improves upon the only other implementation in the literature by a speedup of 1.74 featuring fewer resources and constant-time.

We propose a new framework for concurrently composable security that relaxes the security notion of UC security. As in previous frameworks, our notion is based on the idea of providing the simulator with super-polynomial resources. However, in our new framework simulators are only given restricted access to the results computed in super-polynomial time. This is done by modeling the super-polynomial resource as a stateful oracle that may directly interact with a functionality without the simulator seeing the communication. We call these oracles shielded oracles.

Our notion is fully compatible with the UC framework, i.e., protocols proven secure in the UC framework remain secure in our framework. Furthermore, our notion lies strictly between SPS and Angel-based security, while being closed under protocol composition.

Shielding away super-polynomial resources allows us to apply new proof techniques where we can replace super-polynomial entities by indistinguishable polynomially bounded entities. This allows us to construct secure protocols in the plain model using weaker primitives than in previous composable frameworks involving simulators with super-poly resources. In particular, we only use non-adaptive-CCA-secure commitments as a building block in our constructions. As a feasibility result, we present a constant-round general MPC protocol in the plain model based on standard assumptions that is secure in our framework.