International Association
for Cryptologic Research

The Department of Informatics is now recruiting 3 PhD students in informatics/computer science. The positions are for a fixed term of 4 years, of which 25 % will comprise mandatory work such as teaching and/or administrative tasks.

One of the research groups at the department is the Reliable Communication Group with main research directions of Boolean functions, coding, cryptography, information security, quantum information theory.

http://www.uib.no/en/rg/selmer

Candidates with strong background in above mentioned areas are particularly welcome to apply.

For further information and for application to positions:

https://www.jobbnorge.no/en/available-jobs/job/131983/research-fellow-phd-candidates-in-informatics-computer-science-3-positions

Closing date for applications: 1 March 2017

Contact: Professor Petter E. Bjørstad, Head of Department, e-mail: Petter.Bjorstad (at) uib.no

More information: https://www.jobbnorge.no/en/available-jobs/job/131983/research-fellow-phd-candidates-in-informatics-computer-science-3-p

Fully-funded PhD Position Available

at University College London (UCL)

on Genomic Privacy

Application Deadline: 31 January 2017

Starting Date: 1 April 2017 or sooner

Apply at: https://www.prism.ucl.ac.uk/#!/?project=196

We are happy to announce the availability of a fully-funded PhD position, sponsored by a Google Research Award, on genomic privacy. Please find more details at https://www.prism.ucl.ac.uk/#!/?project=196

Closing date for applications: 31 January 2017

Contact: Emiliano De Cristofaro, me (at) emilianodc.com

More information: https://www.prism.ucl.ac.uk/#!/?project=196

There are many realistic settings where two mutually suspicious parties need to share some specific information while keeping everything else private. Various privacy-preserving techniques (such as Private Set Intersection) have been proposed as general solutions.

Based on timely real-world examples, this paper motivates the need for a new privacy tool, called Private Set Intersection with Projection (PSI-P). In it, Server has (at least) a two-attribute table and Client has a set of values. At the end of the protocol, based on all matches between Client's set and values in one (search) attribute of Server’s database, Client should learn the set of elements corresponding to the second attribute, and nothing else. In particular the intersection of Client's set and the set of values in the search attribute must remain hidden.

We construct several efficient (linear complexity) protocols that approximate privacy required by PSI-P and suffice in many practical scenarios. We also provide a new construction for PSI-P with full privacy, albeit slightly less efficient. Its key building block is a new primitive called Existential Private Set Intersection (PSI-X) which yields a binary flag indicating whether the intersection of two private sets is empty or non-empty.

SCA(Side-channel analysis) is a well-known method to recover the sensitive data stored in security products. Meanwhile numerous countermeasures for hardware implementation of cryptographic algorithms are proposed to protect the internal data against this attack fortunately. However, some designs are not aware that the protection of the plaintext and ciphertext is also crucial. In this work, we attack an implementation TDES(triple DES) by taking advantage of such leakages detected in a widely used commercial product which is based on the hardware platform that passed the EAL5+ certification. In particular, we guess entire DES keys to construct hypotheses for the intermediate outputs in a TDES calculation. The time cost for this approach is nearly $\frac{1}{2^{32}}$ of that by a brute force. Furthermore, if in addition leakage about the key becomes available, the attack costs become practical. That is, reducing the key entropy of every DES key to $2^{28}$ allows an enumeration of the entire TDES in 21.6 hours.

The single cycle T-function is a particular permutation function with complex algebraic structures, maximum period and efficient implementation in software and hardware. In this paper, on the basis of existing methods, we present a new construction using a class of single cycle T-functions meeting certain conditions to construct a family of new single cycle T-functions, and we also give the numeration lower bound for the newly constructed single cycle T- functions.

Oblivious RAM (ORAM) is a cryptographic primitive that allows a client to access memory locations from a server without revealing its access patterns. Oblivious Parallel RAM (OPRAM) is a PRAM counterpart of Oblivious RAM, i.e., it allows $m$ clients that trust each other to simultaneously access data from a server without revealing their access patterns. The best known OPRAM scheme achieves amortized client-server bandwidth of $O(\log^2 N)$ per lookup, but they do not achieve perfectly linear access time speedup with clients. In fact, for each access, the blowup for the slowest client (also known as parallel runtime blowup) is $O(f(m)\log m\log^2 N), f(m) = \omega(1)$. This implies that, for most accesses, some clients remain idle while others are accessing data. In this work, we show an OPRAM scheme that has parallel runtime blowup of $O(\log^2 N)$ while maintaining $O(\log^2 N)$ client-server bandwidth blowup for each client.

A Ciphertext-Policy Attribute-Based Encryption (CP-ABE) allows users to specify the access policies without having to know the identities of users. In this paper, we contribute by proposing an ABE scheme which enables revoking corrupted users. Given a key-like blackbox, our system can identify at least one of the users whose key must have been used to construct the blackbox and can revoke the key from the system. This paper extends the work of Liu and Wong to achieve traitor revocability. We construct an Augmented Revocable CP-ABE (AugR-CP-ABE) scheme, and describe its security by message-hiding and index-hiding games. Then we prove that an AugR-CP-ABE scheme with message-hiding and index-hiding properties can be transferred to a secure Revocable CP-ABE with fully collusion-resistant blackbox traceability. In the proof for index-hiding, we divide the adversary's behaviors in two ways and build direct reductions that use adversary to solve the D3DH problem. Our scheme achieves the sub-linear overhead of $O(\sqrt{N})$, where $N$ is the number of users in the system. This scheme is highly expressive and can take any monotonic access structures as ciphertext policies.

In CT-RSA 2016, Chen, Mu, Yang, Susilo and Guo proposed a strongly leakage-resilient authenticated key exchange (AKE) protocol. In a rencent work, Chakraborty et al. claimed that they identified a flaw in the security analysis of Chen et al.’s protocol. In the letter, we point out that the flaw identified by Chakraborty et al. is invalid and does not exist in the original proof presented in Chen et al.’s paper.

We put forth a new mathematical framework called Isogenous Pairing Groups (IPG) and new intractable assumptions in the framework, the Isogenous DBDH (Isog-DBDH) assumption and its variants. Three operations, i.e., exponentiation, pairing and isogeny on elliptic curves are treated under a unified notion of trapdoor homomorphisms, and combinations of the operations have potential new cryptographic applications, in which the compatibility of pairing and isogeny is a main ingredient in IPG. As an example, we present constructions of (small and large universe) key-policy attribute-based encryption (KP-ABE) schemes secure against pre-challenge quantum adversaries in the quantum random oracle model (QROM). Note that our small universe KP-ABE has asymptotically the same efficiency as Goyal et al.'s small universe KP-ABE, which has only classical security. As a by-product, we also propose practical (hierarchical) identity-based encryption ((H)IBE) schemes secure against pre-challenge quantum adversaries in the QROM from isogenies, which are based on the Boneh-Franklin IBE and the Gentry-Silverberg HIBE, respectively.

Impossible differential attack is one of powerful methods for analyzing encryption algorithms. When designing cryptographic algorithms, it must be safe for impossible differential attacks. In case of impossible differential attack, the attack starts from finding the impossible difference characteristic. However, in the case of the ARX base block cipher, these analyzes were difficult due to the addition of modulus. In this paper, we introduce 150 new six-round inability difference characteristics of ARX password, SPECK 64, using Mixed Integer Linear Programming (MILP) base impossible difference characteristic search proposed by Cui [3] etc.

Event date: 23 October to 25 October 2017
Submission deadline: 15 June 2017

The Computer Science & Engineering (CSE) Department at the University of Connecticut invites applications for a tenure-track faculty position at full professor level. The position has an expected start date of August 23, 2017. This position is in cybersecurity, with responsibilities to advance education and research in computer security and possibly drawing from closely related or emerging fields. In addition, the successful candidate is eligible for the Synchrony Financial Chair for Cybersecurity, an endowed chair in cybersecurity to advance education and research in cryptography, security engineering, security architecture, secure coding, network and cloud security, malware detection and other emerging security fields. For more information and to apply, please click on the link and follow the instructions https://academicjobsonline.org/ajo/jobs/8559

As an Affirmative Action/Equal Employment Opportunity employer, UConn encourages applications from women, veterans, people with disabilities and members of traditionally underrepresented populations.

Closing date for applications: 22 August 2017

More information: https://academicjobsonline.org/ajo/jobs/8559

The University of Connecticut invites applications for two tenure-track faculty positions in the Computer Science & Engineering Department. Candidates must have an earned Ph.D. in Computer Science, Computer Engineering or a related field by the time of appointment; an established record of research in computing sciences with a specialty in Cryptography, Computer Security, or Security Engineering; demonstrated potential for excellence in teaching; and a commitment to promoting diversity through their academic and research programs. Exceptional senior candidates will be considered for the named Comcast Chair in Cybersecurity. For full job description please visit our website at http://www.cse.uconn.edu/current-job-listings/. UConn is an EEO/AA Employer.

Closing date for applications: 31 May 2017

More information: https://academicjobsonline.org/ajo/jobs/6635

The Institute for Logic, Language & Computation (ILLC) at the University of Amsterdam is looking for a postdoctoral researcher in the area of quantum cryptography, as part of Christian Schaffner’s NWO VIDI Project “Cryptography in the Quantum Age”.

Staff members at ILLC as well as the next-door research center for quantum software QuSoft (Jop Briet, Harry Buhrman, Serge Fehr, Stacey Jeffery, Ronald de Wolf, Christian Schaffner) do research on a variety of topics in quantum information processing including quantum cryptography, quantum algorithms, cryptographic protocols and complexity theory.

The aim of the project is to develop new quantum-cryptographic protocols (beyond the task of key distribution) and explore their limitations. Examples of active research are position-based quantum cryptography and quantum homomorphic encryption. Another aspect is to investigate the security of classical cryptographic schemes against quantum adversaries (post-quantum cryptography).

The full-time appointment (38 hours per week) will be on a temporary basis, initially for one year with an extension for a further two years on positive evaluation. Depending on experience, the gross monthly salary will range from €2,552 to €4,028 (scale 10), excl. 8% holiday allowance and 8,3% annual allowance.

Prospective candidates should:

• hold or be about to obtain a PhD degree in computer science, mathematics or physics;

• have a proven track record of excellence in cryptography and/or quantum information, as witnessed by a strong publication list in relevant first-tier conference proceedings or journals;

• in-depth knowledge of one of the following fields is a plus: parallel repetition, limited-quantum-storage models, continuous variables, quantum security notions, post-quantum security;

• have strong passion for research, a drive to publish and the wish to learn new skills through working with or assisting in guiding PhD and MSc students;

• have good communication skills in English, both oral and written.

Closing date for applications: 31 January 2017

Contact: Christian Schaffner, http://homepages.cwi.nl/~schaffne

More information: http://goo.gl/rdzIkJ

The researcher will work on a project entitled “Securing emerging network technologies with homomorphic encryption”. The overall aim of the project is to design methods for secure processing of network data in emerging networks using practical variants of homomorphic encryption. Recent advances in cryptography will be applied to secure the virtualization of the ICT infrastructure (such as cloud processing and storage) and new flexible networking technologies such as software defined networks (SDN) and network function virtualization (NFV). Work tasks will include: analysis of suitable network functions for homomorphic processing; analysis of practical homomorphic encryption algorithms; secure protocol design and analysis; and experimental implementations.

Closing date for applications: 1 February 2017

Contact: Prof Colin Boyd, colin.boyd (at) item.ntnu.no.

Applications must be made through the jobbnorge site (URL below)

More information: https://www.jobbnorge.no/en/available-jobs/job/131846/

We are looking for a top early career academic to join our diverse and internationally renowned Department of Computer Science as a Lecturer in Digital Security. The position is part of an appealing environment of existing competencies within digital security which include undergraduate courses and a postgraduate programme and an internationally respected group of academics undertaking pure and applied research in this domain.

The successful appointee will have a PhD, demonstrated excellence in research, and a commitment to high quality research-informed teaching. The ideal candidate would have a research program that complements and builds on existing areas of strength within the department (http://www.cs.auckland.ac.nz).

The scope of the search encompasses candidates conducting research in the field of digital security broadly defined (e.g. including but not limited to Cloud Computing (with emphasis on privacy and confidentiality); Digital forensics, Security Testing; Mobile devices; Cyber-physical systems focusing on Internet of Things; Machine-to-Machine systems; Software Obfuscation; and Big Data).

The main criteria for candidates are excellence in research as well as the ability to be a highly effective teacher of both undergraduate and graduate students.

The appointee will be expected to teach at undergraduate and postgraduate levels in their specialist area, at introductory levels more widely, and to engage in research and publication both personally and through the supervision of research students. The appointee would also be expected to seek research funding, to engage with the profession, to engage with industry, and to contribute to departmental service.

This is a full-time, permanent position based on the University of Auckland\'s city campus. The start date for this position will be mid-2017.

The University has an equity policy and welcomes applications from all qualified persons.

Closing date for applications: 15 January 2017

Contact: recruitment (at) auckland.ac.nz

More information: https://www.opportunities.auckland.ac.nz/psp/ps/EMPLOYEE/HRMS/c/HRS_HRAM.HRS_CE.GBL?Page=HRS_CE_JOB_DTL&Action=A&JobOpen

Job Responsibilities:

1. To design and develop cryptographic protocols and schemes

2. To design, analyze and implement cryptographic systems and related systems such as blockchain

3. To study the latest cryptographic algorithms and protocols

Requirements:

- Master degree in computer science, electronic engineering or other relevant disciplines with 3+ years experience; less experience for PhD holders.

- Experience on cryptographic system design and cryptanalysis

- Deep knowledge on number theory and security proofs

- Hands-on experience with C/C++ and Java

- Preferably having experiences on using cryptographic libraries such as OpenSSL, MIRACL, PBC, etc.

- Experience on developing cloud computing systems an advantage, but not a must

- Strong interpersonal and communications skills

- Good command of both written and spoken English

Closing date for applications: 15 December 2016

Contact: charlenechoo (at) astri.org

More information: http://www.astri.org/careers/work-at-astri/jobs/senior-software-engineer-software-engineer-applied-cryptography-5/

Software engineers and researches at Polyas develop the next-generation electronic voting technologies to change the way people can participate in democracy. Electronic voting is an exciting and challenging technology and to address the challenges of this field we use a combination of techniques from modern cryptography and advanced software engineering.

As a researcher at Polyas, you will help us apply modern cryptographic techniques and transform them into viable e-voting solution. You will explore approaches to open problems, validate them and find ways to transform them into useful products.

Responsibilities

• Keep track on new development in academic research on cryptography, e-voting, and the block-chain technology.

• Validate techniques and methods related to electronic voting.

• Conduct and publish research on electronic voting.

• Develop technical solution based on the results of the research and integrate them into our product portfolio.

Qualification

Minimum qualifications:

• MS degree in Computer Science or Mathematics.

• Familiarity with modern cryptography.

• Familiarity with one or more general purpose programming languages and with Java in particular.

Preferred qualifications:

• Experience in research on cryptography confirmed by original publications.

• Knowledge of the techniques used in electronic voting is a plus.

• Strong programming skills. Knowledge of Scala (or other functional languages) is a plus.

• PhD degree in Computer Science or Mathematics is a plus.

Closing date for applications: 1 March 2017

Contact: Tomasz Truderung, t.truderung (at) polyas.com

More information: http://polyas.com

After Vietnam's Declaration of Independence on 2 September 1945, the country had to suffer through two long, brutal wars, first against the French and then against the Americans, before finally in 1975 becoming a unified country free of colonial domination. Our purpose is to examine the role of cryptography in those two wars. Despite the far greater technological resources of their opponents, the communications intelligence specialists of the Viet Minh, the National Liberation Front, and the Democratic Republic of Vietnam had considerable success in both protecting Vietnamese communications and acquiring tactical and strategic secrets from the enemy. Perhaps surprisingly, in both wars there was a balance between the sides. Generally speaking, cryptographic knowledge and protocol design were at a high level at the central commands, but deployment for tactical communications in the field was difficult, and there were many failures on all sides.

The static power consumption of modern CMOS devices has become a substantial concern in the context of the side-channel security of cryptographic hardware. The continuous growth of the leakage power dissipation in nanometer-scaled CMOS technologies is not only inconvenient for effective low power designs, but does also create a new target for power analysis adversaries. In this paper, we present the first experimental results of a static power side-channel analysis targeting an ASIC implementation of a provably first-order secure hardware masking scheme. The investigated 150 nm CMOS prototype chip realizes the PRESENT-80 lightweight block cipher as a threshold implementation and allows us to draw a comparison between the information leakage through its dynamic and static power consumption. By employing a sophisticated measurement setup dedicated to static power analysis, including a very low-noise DC amplifier as well as a climate chamber, we are able to recover the key of our target implementation with significantly less traces compared to the corresponding dynamic power analysis attack. In particular, for a successful third-order attack exploiting the static currents, less than 200 thousand traces are needed. Whereas for the same attack in the dynamic power domain around 5 million measurements are required. Furthermore, we are able to show that only-first-order resistant approaches like the investigated threshold implementation do not significantly increase the complexity of a static power analysis. Therefore, we firmly believe that this side channel can actually become the target of choice for real-world adversaries against masking countermeasures implemented in advanced CMOS technologies.