International Association
for Cryptologic Research

In 2005 I. Anshel, M. Anshel, D. Goldfeld, and S. Lemieux introduced E-Multiplication, a quantum-resistant group-theoretic one-way function which can be used as a basis for many different cryptographic applications. For example, Anshel and Goldfeld recently introduced AEHash, a cryptographic hash function constructed from E-Multiplication and later defined an instance thereof called Hickory Hash.

This paper introduces a new public key method based on E-Multiplication, called WalnutDSA. WalnutDSA provides efficient verification, allowing low-power and constrained devices to more quickly and inexpensively validate digital signatures (e.g. a certificate or authentication). This paper introduces the construction of the digital signature algorithm, analyzes the security of the scheme, and discusses the practical results from an implementation.

A new template attack on the DES key scheduling is demonstrated that allows recovery of a sufficiently large portion of the DES key of a recent and widely deployed smart card chip with a {\it single} EM (electromagnetic) trace during the Exploitation Phase. Depending on the use case, the remainder of the key may then be found with reasonable brute--force effort on a PC. Remaining rest entropies as low as $\approx 19$ bits have been found for some single--trace attacks, meaning that effectively 37 bits were recovered in a single trace. The nature of single--trace attacks has it that conventional software countermeasures are rendered useless by this attack, and thus the only remaining remedy is a hardware redesign.

Classroom voting is an important pedagogical technique in which students learn by voting on the answers to questions. The same voting platform is also often used for exercises such as rating lecturer performance and voting for prizes. In this paper, we present VCV, an end-to-end (E2E) verifiable classroom voting system built based on the DRE-i protocol. Our system provides E2E verifiability without tallying authorities; it supports voting through mobile phones with constrained computing resources; it reports the tallying results instantly after voting is finished along with cryptographic proofs that enable the public to verify the tallying integrity. Since 2013, the VCV system has been used regularly in real classroom teaching, as well as academic prize competitions, in Newcastle University with positive user feedback. Our experience suggests that E2E verifiable voting through the internet and using mobile phones is feasible for daily routine activities such as classroom voting.

In this paper, a new algorithm to solve the discrete logarithm problem is presented which is similar to the usual baby-step giant-step algorithm. Our algorithm exploits the order of the discrete logarithm in the multiplicative group of a finite field. Using randomization with parallelized collision search, our algorithm indicates some weakness in NIST curves over prime fields which are considered to be the most conservative and safest curves among all NIST curves.

In this short paper we formally prove that designing attribute-based encryption schemes cannot be easier than designing identity-based encryption schemes. In more detail, we show how an attribute-based encryption scheme which admits, at least, AND policies can be combined with a collision-resistant hash function to obtain an identity-based encryption scheme.

Even if this result may seem natural, not surprising at all, it has not been explicitly written anywhere, as far as we know. Furthermore, it may be an unknown result for some people: Odelu and Das have proposed an attribute-based encryption scheme in the Discrete Logarithm setting, without bilinear pairings, admitting AND policies. If this scheme was secure, then by using the implication that we prove in this paper, we would obtain a secure identity-based encryption scheme in the Discrete Logarithm setting, without bilinear pairings, which would be a breakthrough in the area. Unfortunately, we present here a complete attack of the scheme proposed by Odelu and Das.

Fix an ordinary abelian variety defined over a finite field. The ideal class group of its endomorphism ring acts freely on the set of isogenous varieties with same endomorphism ring, by complex multiplication. Any subgroup of the class group, and generating set thereof, induces an isogeny graph on the orbit of the variety for this subgroup. We compute (under the Generalized Riemann Hypothesis) some bounds on the norms of prime ideals generating it, such that the associated graph has good expansion properties.

We use these graphs, together with a recent algorithm of Dudeanu, Jetchev and Robert for computing explicit isogenies in genus 2, to prove random self-reducibility of the discrete logarithm problem within the subclasses of principally polarizable ordinary abelian surfaces with fixed endomorphism ring. In addition, we remove the heuristics in the complexity analysis of an algorithm of Galbraith for explicitly computing isogenies between two elliptic curves in the same isogeny class, and extend it to a more general setting including genus 2.

Round-Robin Differential Phase-Shift (RRDPS) is a Quantum Key Distribution (QKD) scheme proposed by Sasaki, Yamamoto and Koashi in 2014. It works with high-dimensional quantum digits (qudits). Its main advantage is that it tolerates more noise than qubit-based schemes while being easy to implement.

The security of RRDPS has been discussed in several papers. However, these analyses do not have the mathematical rigor that is customary in cryptology. In this short note we prove a simple result regarding the min-entropy of the distributed key; this may serve as a step towards a full security proof.

Recently, Bitansky [Bit17] and Goyal et.al [GHKW17] gave generic constructions of selec- tively secure verifiable random functions(VRFs) from non-interactive witness indistinguishable proofs (NIWI) and injective one way functions. In this short note, we give an alternate construc- tion of selectively secure VRFs based on the same assumptions as an application of the recently introduced notion of verifiable functional encryption [BGJS16]. Our construction and proof is much simpler than the ones in [Bit17, GHKW17], given previous work (most notably given the constructions of verifiable functional encryption in [BGJS16]).

Event date: 21 June to 23 June 2017
Submission deadline: 23 February 2017
Notification: 22 April 2017

Privacy for arbitrary encrypted remote computation in the cloud depends on the running code on the server being obfuscated from the standpoint of the operator in the computer room. This paper shows formally as well as practically that that may be arranged on a platform with the appropriate machine code architecture, given the obfuscating compiler described.

Statement from the International Association of Cryptologic Research (IACR)
Condemning the U.S. President’s 2017-01-27 Executive Order Barring Entry into the U.S. of Citizens from Seven Muslim-Majority Countries

Approved by the IACR board of directors, January 29, 2017

The International Association of Cryptologic Research (IACR) is the scientific organization dedicated to advancing the theory and practice of cryptology worldwide. Our members contribute to the advance of critical information security techniques. These work toward making the Internet safe, protecting e-commerce, securing computer storage, and enabling the safe use of mobile phones. Members of the IACR, who come from around the world, developed many of the cryptographic methods that have been standardized by the USA’s National Institute of Standards and Technology (NIST) and which are in use worldwide, such as the Advanced Encryption Standard (AES).

The IACR strongly opposes U.S. President Donald Trump’s Executive Order suspending visas to nationals of seven Muslim-majority countries. We declare such actions, which hurt international collaboration, to pose a concrete and direct threat to our mission, and to the continued international contributions of our members to society, industry, and government.

The open exchange of ideas is essential to the work the IACR does, and to the advance of scientific knowledge and technology more broadly. The open exchange of ideas requires freedom of movement — as when non-U.S. citizens attend IACR-sponsored conferences held in the USA, a completely routine activity.

All individuals are entitled to participate in IACR conferences, regardless of their country of origin. Barring citizens of out-of-favor countries from entering the United States sunders basic scientific and community norms. These norms were strained even before the executive action, with many scholars facing untoward barriers to getting U.S. visas.

The United States itself benefits from participation in the international academic community, as when international graduate students and postdoctoral scholars study at U.S. universities, and when non-U.S. professors visit the U.S. to collaborate on research or share their knowledge. Our community’s work, which often involves teams from many countries, directly contributes to the successful efforts of U.S. industry.

Running an international scientific society that contributes to innovations in science and technology is not easy. The implications of this executive order are unpredictable. In response to it, other nations may take similar actions, making it impossible for U.S. scientists to attend conferences in other countries.

In the end, this unhelpful and destructive executive order only hurts the United States. The IACR calls for it to be immediately rescinded.

We are looking for Research Fellow (Post-Doc), to join our group.

Candidates for research fellow/associate should have completed (or close to completing) a PhD in computer science, mathematics, or a related discipline with solid publication record. He/she should have solid experience in any of the following areas:

1. Public Key/Private key Cryptography and Provable Security.

2. Information and Network Security.

3.Privacy and Authentication

Successful candidates are expected to contribute to one of the following topics:

- Security in Decentralized application

- IoT Security

- network security

The post has a flexible starting date. The initial appointment will be for one year, with a strong possibility for further appointment.

Review of applications will start immediately until the positions are filled.

Closing date for applications: 25 April 2017

Contact: How to apply:

Interested candidates kindly send their CV to Dr. Prosanta Gope (email: gope_prosanta (at) sutd.edu.sg) or Dr. Jemin Lee (email: jmnlee (at) ieee.org). Initial screening of applications

will begin immediately and the position will remain open until

filled. Only shortlist will be notified.

Closing Date for Applications: 2017-04-25

Event date: 18 September to 22 September 2017
Submission deadline: 17 March 2017
Notification: 17 May 2017

The Cyber Security (CSec) research group at the University of Westminster is looking for a PhD student to join the group and conduct research in the area of Security and Privacy in Cloud Computing and Software Defined Networks (SDN).

We expect candidates to have a strong background in computer science and/or mathematics and sufficient knowledge in applied cryptography. Proven research in areas such as trusted computing, cloud security, safety verification, security verification, data privacy, cyber-physical and internet of things security and cloud or mobile security will be considered as a plus.

Candidates should fulfill the following requirements:

• A Masters degree in Computer Science or mathematics;
• Knowledge of Cryptographic Protocols;
• Familiar with existing threat models;
• Experience in analyzing existing schemes and/or security protocols in order to identify possible flaws;
• Good programming skills;
• Good Academic Writing and Presentation Skills;
• Good Social and Organizational Skills;

The succesfull candidate will join an established research environment comprising of several PhD students and research associates that will provide student with a suitable and stimulating working environment.

The primary objective of CSec is to bring together expertise in education, research and practice in the field of information security and privacy. The group members conduct research in areas spanning from the theoretical foundations of cryptography to the design and implementation of leading edge efficient and secure communication protocols.

• Who Can Apply: Funded PhD Project (European/UK Students Only)
• Salary: £16,000 annual stipend and fee waiver - Full Studentship
• Contact: For an informal discussion contact Dr Antonis Michalas (a.michalas (at) westminster.ac.uk)

Closing date for applications: 24 February 2017

Contact: Head of CSec, Dr Antonis Michalas: a.michalas (at) westminster.ac.uk

More information: https://www.westminster.ac.uk/courses/research-degrees/research-areas/electronics-and-computer-science/research-students

Founded in 2015, ISARA Corporation builds quantum resistant cryptographic solutions for today’s computing ecosystems. The ISARA Corporation vision is a world where consumers, enterprises and governments can benefit from the power of quantum computing with protection against quantum attacks. Our team has expertise building high performance cryptographic systems for constrained environments. We’re proud to be part of a collaborative effort with academic and standards institutions to raise awareness of the potential for quantum threats, and design and implement quantum resistant solutions for classical data security systems that will work globally.

We are looking for cryptographic researchers, with a PhD in Mathematics or Computer Science, to join our team. The ISARA Research Department is a group of dedicated individuals who focus on researching the latest advances in cryptography and pushing the envelope of what is possible. They are responsible for understanding the current state of the art and focusing on improvements in security and efficiency.

Closing date for applications: 1 June 2017

Contact: info (at) isara (dot) com with your resume

More information: https://www.isara.com

The Computer Security and Industrial Cryptography group (COSIC) belongs to the Department of Electrical Engineering-ESAT; it was founded in 1978 and counts about 80 members who perform fundamental, applied and contract research in the area of cryptology, information security and privacy. Because of the extended expertise in discrete mathematics, cryptology, hard-and software implementations and network and computer systems, the group is able to adopt an integrated approach to problem solving, which has led to important successes: AES (Rijndael algorithm that was selected as the US Advanced Encryption Standard, ECRYPT (coordination of European Networks of Excellence, Coordination and Support Action, and Marie-Curie ITN in Cryptology,), … Through a long history of participation in European projects; COSIC gained thorough experience in privacy-enhancing technologies, identity management, and the design and analysis of cryptographic algorithms, protocols and architectures.

You will work closely with the professors, researchers and administrative support and you will coordinate with KU Leuven Research and Development (LRD) and with the imec Smart Applications Business Unit in the area of Distributed Trust.

https://www.esat.kuleuven.be//cosic/

Offer

A challenging job in a dynamic and international environment that offers ample opportunities to develop further as researcher.

Closing date for applications: 20 February 2017

Contact: For more information please contact Prof. dr. ir. Bart Preneel, tel.: +32 16 32 11 48, mail: bart.preneel (at) kuleuven.be.

More information: https://icts.kuleuven.be/apps/jobsite/vacatures/54017280

Event date: 29 June to 30 June 2017
Submission deadline: 19 March 2017
Notification: 9 April 2017

Event date: 9 October to 11 October 2017
Submission deadline: 14 April 2017
Notification: 23 June 2017

Event date: 18 September to 22 September 2017
Submission deadline: 17 March 2017
Notification: 17 May 2017

Singapore University of Technology and Design (SUTD) is a young university established in collaboration with MIT. Cyber security is one of its most important areas and grows very fast with rich research funding. It has the world’s best facilities in cyber physical systems including testbeds for Secure Water Treatment (SWaT), Electric Power and Intelligent Control (EPIC), Water Distribution (WADI), and IoT.

I am looking for promising PhD students who are interested in working in the area of cyber security. The position is fully funded up to 4 years with very competitive scholarship. Candidates should have an excellent background (with Bachelor or Master degree) in mathematics, computer science or electrical engineering and the ability to work on inter-disciplinary research projects. Acquaintance with cryptography and network/system security concepts as well as some programming skills will be considered as strong assets. More information of the PhD program is available at https://istd.sutd.edu.sg/phd/phd-overview/.

Interested candidates please send your CV with a cover letter to Jianying Zhou. Please also provide the names of two referees. The application will close by 30 March 2017.

Closing date for applications: 30 March 2017

Contact: Contact: Prof. Jianying Zhou

Email: zhou_jianying (at) yahoo.com

Home: http://jianying.space/

More information: https://istd.sutd.edu.sg/phd/phd-overview/