International Association
for Cryptologic Research

In this paper we study space-scarce economy in massively replicated open blockchain systems. In these systems, such as Bitcoin, memory to hold a current state snapshot needed to validate transactions becomes the most scarce resource eventually. The issue is even more critical for blockchain systems used to store data~(votes, certificates, logs etc.). Uncontrolled state size growth could lead to security issues, such as denial-of-service attacks. Only technical solutions, not economic, have been proposed to tackle this problem to the moment. In contrast, we propose to add a new component to a transaction fee scheme based on how much additional space will be needed for new objects created in result of transaction processing and for how long they will live in the state. We provide three possible options towards implementing the new fee component, namely prepaid outputs, postpaid outputs and scheduled payments. We provide an analysis of the model with respect to all the three options. We show that the state growth could be bounded by a fee factor, miners are getting additional stable rewards and lost coins are being taken back into circulation eventually.

We provide a practical solution to performing cross-user machine learning through aggregation on a sensitive dataset distributed among privacy-concerned users.

We focus on a scenario in which a single company wishes to obtain the distribution of aggregate features, while ensuring a high level of privacy for the users. We are interested in the case where users own devices that are not necessarily powerful or online at all times, like smartphones or web browsers. This premise makes general solutions, such as general multiparty computation (MPC), less applicable.

We design an efficient special-purpose MPC protocol that outputs aggregate features to the company, while keeping online presence and computational complexity on the users’ side at a minimum. This basic protocol is secure against a majority of corrupt users, as long as they do not collude with the company. If they do, we still guarantee security, as long as the fraction of corrupt users is lower than a certain, tweakable, parameter. We propose different enhancements of this solution: one guaranteeing some degree of active security, and one that additionally ensures differential privacy.

Finally, we report on the performance of our implementation on several realistic real-world use-cases across different devices.

The aim of a secret sharing scheme is to share a secret among a group of participants in such a way that while authorized subsets of participants are able to recover the secret, non-authorized subsets of them obtain no information about it. Multi-secret sharing is the natural generalization of secret sharing for situations in which the simultaneous protection of more than one secret is required. However, there exist some secret sharing schemes for which there are no secure or efficient multi-secret sharing counterparts. In this paper, using cellular automata, an efficient general method is proposed to reduce the problem of sharing k secrets (all assigned with the same access structure and needed to be reconstructed at once) under a certain secret sharing scheme (S), to the problem of sharing one secret under S such that none of the properties of S are violated. Using the proposed approach, any secret sharing scheme can be converted to a multi-secret sharing scheme. We provide examples to show the applicability of the proposed approach.

In this work, we describe an integer version of ring-LWE over the polynomial rings and prove that its hardness is equivalent to one of the polynomial ring-LWE. Moreover, we also present a public key cryptosystem using this variant of the polynomial ring-LWE.

RSA public keys are central to many cryptographic applications; hence their validity is of primary concern to the scrupulous cryptographer. The most relevant properties of an RSA public key $(n, e)$ depend on the factors of $n$: are they properly generated primes? are they large enough? is $e$ co-prime with $\phi(n)$? etc. But of course, it is out of question to reveal $n$'s factors.

Generic non-interactive zero-knowledge (NIZK) proofs can be used to prove such properties. However, generic NIZK proofs are not practical at all. For some very specific properties, specialized proofs exist but such \emph{ad hoc} proofs are naturally hard to generalize.

This paper proposes a new type of general-purpose compact non-interactive proofs, called attestations, allowing the key generator to convince any third party that $n$ was properly generated. The proposed construction applies to any prime generation algorithm, and is provably secure in the Random Oracle Model.

As a typical implementation instance, for a 138-bit security, verifying or generating an attestation requires $k=1024$ prime generations. For this instance, each processed message will later need to be signed or encrypted 14 times by the final users of the attested moduli.

Event date: 16 July to 20 July 2018

The cryptography group at the Institute of Computer Science of the University of Tartu seeks a postdoctoral researcher. The position will be supporting an EU H2020 project on mix-nets (PANORAMIX) for applications like electronic voting, secure messaging, and statistics gathering. The postdoctoral researcher should have a strong track record in cryptography, and in particular in the design of efficient zero-knowledge proofs and/or e-voting and mix-nets, although all strong candidates will be given a consideration.

The successful candidate will help to design and evaluate cryptographically secure mix-nets and perform other research duties to help with the project, coordinate and advise partners on implementing research prototypes (the candidate may or may not participate in implementing) and ensure the smooth administration of the project including the timely delivery of research output. We expect the candidate to be able to develop and devote significant time to their own research agenda around the theme of the project.

The EU H2020 project PANORAMIX requires travel to and collaboration with colleagues throughout the European Union. Full travel and equipment budget is available to support the activities of the project.

For any inquiries or to apply for the positions, submit a full research curriculum vitae (cv), names of two references, and a research statement to Prof Helger Lipmaa clearly indicating the position sought.

The call for expressions of interest will remain open until a suitable candidate is appointed. However, the project will finish on September 1, 2018, so early applications are encouraged. In the case of interest, the candidates may later seek further employment but this is not necessarily guaranteed.

Closing date for applications: 1 November 2017

Contact: Helger Lipmaa

Research Professor

firstname.lastname (at) ut.ee

More information: http://crypto.cs.ut.ee/Projects/Panoramix

About us

Working in our headquarters located in the iconic Aldar HQ building in Abu Dhabi you will be joining a firm that is constantly looking to push boundaries. We have launched a full suite of cyber products and services including Governance, Risk & Compliance, Cyber Network Defense, Managed Security Services, Infrastructure & Systems Integration, as well as Secure Communications.

About the Job

You will be responsible for research and analysis of new system attacks/threats, zero-day vulnerability discovery and, where appropriate, provide valuable research findings with vendors, bug bounty programs or publish them on our GitHub / website or through our publications, conference talks and white papers. This research also feeds into DarkMatter’s own product development, as well as the services and solutions we provide across the entire cyber security value chain.

About you

The ideal candidate will be passionate about security, vulnerabilities, and exploits. You possess the aptitude to analyze, find and exploit vulnerabilities, researching exploit techniques and mitigations, and build systems / tools to streamline reverse engineering analysis tasks. You are expected to be an expert in any one of the following domains: failure analysis, hardware reverse engineering, micro-probing, circuit editing.

Essential requirements:

• PhD or a Master\'s degree in Physics, Computer Engineering or Electrical Engineering or equivalent

• 5+ years of experience in Hardware Security Research or Semiconductor Failure Analysis

• Deep understanding of various hardware security vulnerabilities and threats, reverse engineering, circuit editing, and exploitation of test features

• Research experience in failure analysis and/or security products (access controls, application security, data security, anti-tampering mechanisms)

- Strong foundations in semiconductors, computer architecture and embedded systems

Please click on this link to apply - https://app.jobvite.com/j?cj=okAP4fwx&s=Career_Portal

Closing date for applications: 30 November 2017

Contact: Talent Acquisition Team

About us

Working in our headquarters located in the iconic Aldar HQ building in Abu Dhabi you will be joining a firm that is constantly looking to push boundaries. We have launched a full suite of cyber products and services including Governance, Risk & Compliance, Cyber Network Defense, Managed Security Services, Infrastructure & Systems Integration, as well as Secure Communications.

About the Job

You will be responsible for research and analysis of new system attacks/threats, zero-day vulnerability discovery and, where appropriate, provide valuable research findings with vendors, bug bounty programs or publish them on our GitHub / website or through our publications, conference talks and white papers. This research also feeds into DarkMatter’s own product development, as well as the services and solutions we provide across the entire cyber security value chain.

About you

The ideal candidate will be passionate about security, vulnerabilities, and exploits.

You possess the aptitude to analyze, find and exploit vulnerabilities, researching exploit techniques and mitigations, and build systems / tools to streamline reverse engineering analysis tasks. You are expected to be an expert in the wide field of hardware security, in particular in any one of the following domains: side-channel analysis (DPA/DEMA/cache-timing), glitching (voltage/clock), fault injection (laser/EM), hardware reverse engineering, chip-off forensics, micro-probing.

Essential requirements:

• PhD or a Master\'s degree in Physics, Computer Science, Computer Engineering or Electrical Engineering or equivalent

• 5+ years of experience in Security Research

• Deep understanding of various Embedded / hardware security vulnerabilities and threats, reverse engineering and exploitation of test features

• Research experience in security products (vulnerability detection, side-channel and fault countermeasures, etc.)

Please click on this link to apply - https://app.jobvite.com/j?cj=oJBP4fwX&s=Career_Portal

Closing date for applications: 30 November 2017

Contact: Talent Acquisition Team

The Trusted Platform Module (TPM) is an international standard for a security chip that can be used for the management of cryptographic keys and for remote attestation. The specification of the most recent TPM 2.0 interfaces for direct anonymous attestation unfortunately has a number of severe shortcomings. First of all, they do not allow for security proofs (indeed, the published proofs are incorrect). Second, they provide a Diffie-Hellman oracle w.r.t. the secret key of the TPM, weakening the security and preventing forward anonymity of attestations. Fixes to these problems have been proposed, but they create new issues: they enable a fraudulent TPM to encode information into an attestation signature, which could be used to break anonymity or to leak the secret key. Furthermore, all proposed ways to remove the Diffie-Hellman oracle either strongly limit the functionality of the TPM or would require significant changes to the TPM 2.0 interfaces. In this paper we provide a better specification of the TPM 2.0 interfaces that addresses these problems and requires only minimal changes to the current TPM 2.0 commands. We then show how to use the revised interfaces to build q-SDH- and LRSW-based anonymous attestation schemes, and prove their security. We finally discuss how to obtain other schemes addressing different use cases such as key-binding for U-Prove and e-cash.

We show how to construct secret-key functional encryption (SKFE) supporting unbounded polynomially many functional decryption keys, that is, collusion-resistant SKFE solely from SKFE supporting only one functional decryption key. The underlying single-key SKFE scheme needs to be weakly succinct, that is, the size of its encryption circuit is sub-linear in the size of functions.

We can transform any quasi-polynomially secure single-key weakly-succinct SKFE into quasi-polynomially secure collusion-resistant one. In addition, if the underlying single-key SKFE scheme is sub-exponentially secure, then so does the resulting scheme in our construction.

Some recent results shows the power and usefulness of collusion-resistant SKFE. From our result, we see that succinct SKFE is also a powerful and useful primitive. In particular, by combining our result and the result by Bitansky, Nishimaki, Passel¥`egue, and Wichs (TCC 2016 B), we can obtain indistinguishability obfuscation from sub-exponentially secure weakly succinct SKFE that supports only a single functional decryption key if we additionally assume sub-exponentially secure plain public key encryption.

In this paper, we study the performances and security of recent masking algorithms specialized to parallel implementations in a 32-bit embedded software platform, for the standard AES Rijndael and the bitslice cipher Fantomas. By exploiting the excellent features of these algorithms for bitslice implementations, we first extend the recent speed records of Goudarzi and Rivain (presented at Eurocrypt 2017) and report realistic timings for masked implementations with 32 shares. We then observe that the security level provided by such implementations is uneasy to quantify with current evaluation tools. We therefore propose a new ``multi-model" evaluation methodology which takes advantage of different (more or less abstract) security models introduced in the literature. This methodology allows us to both bound the security level of our implementations in a principled manner and to assess the risks of overstated security based on well understood parameters. Concretely, it leads us to conclude that these implementations withstand worst-case adversaries with >2^64 measurements under falsifiable assumptions.

Multivariate Public Key Cryptosystems (MPKCs) are often touted as future-proofing against Quantum Computers. In 2009, it was shown that hardware advances do not favor just ``traditional'' alternatives such as ECC and RSA, but also makes MPKCs faster and keeps them competitive at 80-bit security when properly implemented. These techniques became outdated due to emergence of new instruction sets and higher requirements on security.

In this paper, we review how MPKC signatures changes from 2009 including new parameters (from a newer security level at 128-bit), crypto-safe implementations, and the impact of new AVX2and AESNI instructions. We also present new techniques on evaluating multivariate polynomials, multiplications of large finite fields by additive Fast Fourier Transforms, and constant time linear solvers.

The Laboratory of Computer Networks and Architecture at the University of São Paulo is currently hiring researchers with background in cryptography for a 1-year post-doc position. The project is the result of a partnership with Intel (see http://www.fapesp.br/en/9719 for the CFP), and is focused on the analysis and design of hardware-friendly post-quantum cryptographic algorithms.

The main requirements for the application are (1) a solid background in cryptography, preferably (but not necessarily) with post-quantum primitives, (2) good design/programming skills, preferably (but not necessarily) in programming languages such as C and/or hardware description languages such as VHDL, (3) a track record of strong R&D capability, with relevant publications on top conferences/journals, and (4) be able to work with little supervision and to work well with other researchers, as well as have good presentation and communication skills in English (ability to speak Portuguese is considered a plus, but it is not mandatory). The candidates are expected to work closely with the industry partners in the project (mainly researchers from Intel) and produce valuable research material in time and with the required quality.

The application requires: an academic curriculum vitae, a motivation letter, and the contact information of at least 2 people that can provide reference about the candidate’s work. Applicants that have already completed or that are close to complete their PhDs are both welcome.

The post-doc fellowship is granted by FAPESP, following the rules that can be found at http://www.fapesp.br/en/5427. Applications will be reviewed as soon as they are received, and only selected candidates will be contacted for interview. The process will remain open until the positions are filled or up to July 31st, 2017.

Closing date for applications: 31 July 2017

Contact: Prof. Marcos A. Simplicio Jr -- msimplicio (at) larc.usp.br

More information: http://www.larc.usp.br/en/content/security-group/

Event date: 24 April to 26 April 2018
Submission deadline: 15 August 2017
Notification: 20 November 2017

Norway aims to strengthen the research and education in cyber and information security. Information Security is a strategic research area of the Faculty of Information Technology and Electrical Engineering (IE), and NTNU announces 10 PhD positions in response to the national aim. The positions are at the Faculty of Information Technology and Electrical Engineering, hosted by three departments:

Department of Information Security and Communication Technology (IIK), see http://www.ntnu.edu/iik

Department of Computer Science (IDI), see http://www.ntnu.edu/idi

Department of Engineering Cybernetics (ITK), see http://www.ntnu.edu/itk

Closing date for applications: 15 August 2017

Contact: For the PhD position in post-quantum cryptography under the code \"IIK-01: Cryptography\" contact Professor Danilo Gligoroski, danilog (at) ntnu.no. For the other areas contact the professors given at the link with more information

More information: https://www.jobbnorge.no/en/available-jobs/job/139951/10-phd-research-fellow-positions-in-information-security

The Cryptography Research group at the Computer Science and Engineering Department of Indian Institute of Technology Kharagpur invites strong PostDoc applications from highly motivated candidates working in the field of Cryptography. The candidate should hold a Ph.D. in Cryptography and/or related areas from a reputed institute. The candidate will work in the \"Secured Embedded Architecture Laboratory\" (SEAL), with focus in the area of secured system design. The research will be aimed at developing efficient cryptographic protocols with applications in emerging fields such as Cloud computing and Internet of Things (IoT). Knowledge in public key cryptography, cryptographic pairings, functional encryption, multi-party computation, and post-quantum cryptography topics is desirable. The candidate should have excellent publication track record in IACR conferences/workshops, as well as top journals (such as IEEE/ACM Transactions or IACR journals). The candidate will be expected to collaborate with and lead a team of excellent and highly motivated Ph.D. candidates for implementation of the protocols. The protocols designed would be tested w.r.t. robustness against side-channel attacks and other implementation-specific attacks by a separate team of research associates. The candidate is expected to work in conjunction with them and also disseminate the necessary knowledge among the group via suitable course material, tutorials and regular group talks. Good communication skills in English are hence desirable. The position is available to both Indian and foreign candidates. More Information about the SEAL research group activities are available at: http://cse.iitkgp.ac.in/resgrp/seal.

Remuneration: Up to INR 50,000 per month (consolidated), based on experience and expertise. Other perks include: furnished office space, subsidized in-campus housing, subsidized food in IIT cafeteria, free healthcare at IIT hospital, travel funding to present research papers accepted in top international conferences, etc.

Closing date for applications: 31 August 2017

Contact: Debdeep Mukhopadhyay

Singapore University of Technology and Design (SUTD) is a young university established in collaboration with MIT. Cyber security is one of its most important areas and grows very fast with rich research funding. SUTD is the proud host of world-class testbeds in cyber-physical systems (CPS) including testbeds for Secure Water Treatment (SWaT), Water Distribution (WADI), Electric Power and Intelligent Control (EPIC), and IoT.

I am looking for PhD interns on cyber-physical system security (IoT, autonomous vehicle, power grid, and water treatment etc.), especially on the topics such as 1) Lightweight and low-latency crypto algorithms for CPS devices, 2) Resilient authentication of devices and data in CPS, 3) Advanced SCADA firewall to filter more sophisticated attacking packets in CPS, 4) Big data based threat analytics for detection of both known and unknown threats, 5) Attack mitigation to increase the resilience of CPS. The attachment will be at least 3 months. Allowance will be provided for local expenses.

Interested candidates please send your CV with a research statement to Prof. Jianying Zhou.

,

Closing date for applications: 31 July 2017

Contact: jianying_zhou (at) sutd.edu.sg

More information: http://jianying.space/

Event date: 10 September 2017

Payment channels emerged recently as an efficient method for performing cheap micropayment transactions in cryptographic currencies. In contrast to the traditional on-chain transactions, payment channels have the advantage that they allow nearly unlimited number of transactions between parties without involving the blockchain. In this work, we introduce Perun, a new system for payment and state channels over cryptographic currencies, that has several advantages over the existing proposals. In particular, Perun offers a new method for connecting channels that is more efficient than the existing technique of ``routing transactions'' over multiple channels. That is, in contrast to prominent existing solutions such as the Lightning Network, Perun does not require involvement of the intermediary over which payments are routed. To achieve this, Perun introduces a new technique that we call channel virtualization, which allows to build virtual payment channels over so-called multistate channels. Multistate channels are a new primitive that we introduce as an independent concept in this work and generalizes the notion of ``state channels''. Our schemes can work over any cryptocurrency that provides Turing-complete smart contracts. As a proof of concept, we implemented Perun in Ethereum.