IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
05 July 2017
Alexander Chepurnoy, Dmitry Meshkov
Morten Dahl, Valerio Pastro, Mathieu Poumeyrol
We focus on a scenario in which a single company wishes to obtain the distribution of aggregate features, while ensuring a high level of privacy for the users. We are interested in the case where users own devices that are not necessarily powerful or online at all times, like smartphones or web browsers. This premise makes general solutions, such as general multiparty computation (MPC), less applicable.
We design an efficient special-purpose MPC protocol that outputs aggregate features to the company, while keeping online presence and computational complexity on the users side at a minimum. This basic protocol is secure against a majority of corrupt users, as long as they do not collude with the company. If they do, we still guarantee security, as long as the fraction of corrupt users is lower than a certain, tweakable, parameter. We propose different enhancements of this solution: one guaranteeing some degree of active security, and one that additionally ensures differential privacy.
Finally, we report on the performance of our implementation on several realistic real-world use-cases across different devices.
Nasrollah Pakniat, Mahnaz Noroozi, Ziba Eslami
Gu Chunsheng
04 July 2017
Fabrice Benhamouda, Houda Ferradi, Rémi Géraud, David Naccache
Generic non-interactive zero-knowledge (NIZK) proofs can be used to prove such properties. However, generic NIZK proofs are not practical at all. For some very specific properties, specialized proofs exist but such \emph{ad hoc} proofs are naturally hard to generalize.
This paper proposes a new type of general-purpose compact non-interactive proofs, called attestations, allowing the key generator to convince any third party that $n$ was properly generated. The proposed construction applies to any prime generation algorithm, and is provably secure in the Random Oracle Model.
As a typical implementation instance, for a 138-bit security, verifying or generating an attestation requires $k=1024$ prime generations. For this instance, each processed message will later need to be signed or encrypted 14 times by the final users of the attested moduli.
Madison, WI, U.S.A., 16 July - 20 July 2018
University of Tartu, Estonia
The successful candidate will help to design and evaluate cryptographically secure mix-nets and perform other research duties to help with the project, coordinate and advise partners on implementing research prototypes (the candidate may or may not participate in implementing) and ensure the smooth administration of the project including the timely delivery of research output. We expect the candidate to be able to develop and devote significant time to their own research agenda around the theme of the project.
The EU H2020 project PANORAMIX requires travel to and collaboration with colleagues throughout the European Union. Full travel and equipment budget is available to support the activities of the project.
For any inquiries or to apply for the positions, submit a full research curriculum vitae (cv), names of two references, and a research statement to Prof Helger Lipmaa clearly indicating the position sought.
The call for expressions of interest will remain open until a suitable candidate is appointed. However, the project will finish on September 1, 2018, so early applications are encouraged. In the case of interest, the candidates may later seek further employment but this is not necessarily guaranteed.
Closing date for applications: 1 November 2017
Contact: Helger Lipmaa
Research Professor
firstname.lastname (at) ut.ee
More information: http://crypto.cs.ut.ee/Projects/Panoramix
DarkMatter LLC, Abu Dhabi, UAE
Working in our headquarters located in the iconic Aldar HQ building in Abu Dhabi you will be joining a firm that is constantly looking to push boundaries. We have launched a full suite of cyber products and services including Governance, Risk & Compliance, Cyber Network Defense, Managed Security Services, Infrastructure & Systems Integration, as well as Secure Communications.
About the Job
You will be responsible for research and analysis of new system attacks/threats, zero-day vulnerability discovery and, where appropriate, provide valuable research findings with vendors, bug bounty programs or publish them on our GitHub / website or through our publications, conference talks and white papers. This research also feeds into DarkMatter’s own product development, as well as the services and solutions we provide across the entire cyber security value chain.
About you
The ideal candidate will be passionate about security, vulnerabilities, and exploits. You possess the aptitude to analyze, find and exploit vulnerabilities, researching exploit techniques and mitigations, and build systems / tools to streamline reverse engineering analysis tasks. You are expected to be an expert in any one of the following domains: failure analysis, hardware reverse engineering, micro-probing, circuit editing.
Essential requirements:
• PhD or a Master\'s degree in Physics, Computer Engineering or Electrical Engineering or equivalent
• 5+ years of experience in Hardware Security Research or Semiconductor Failure Analysis
• Deep understanding of various hardware security vulnerabilities and threats, reverse engineering, circuit editing, and exploitation of test features
• Research experience in failure analysis and/or security products (access controls, application security, data security, anti-tampering mechanisms)
- Strong foundations in semiconductors, computer architecture and embedded systems
Please click on this link to apply - https://app.jobvite.com/j?cj=okAP4fwx&s=Career_Portal
Closing date for applications: 30 November 2017
Contact: Talent Acquisition Team
DarkMatter LLC, Abu Dhabi, UAE
Working in our headquarters located in the iconic Aldar HQ building in Abu Dhabi you will be joining a firm that is constantly looking to push boundaries. We have launched a full suite of cyber products and services including Governance, Risk & Compliance, Cyber Network Defense, Managed Security Services, Infrastructure & Systems Integration, as well as Secure Communications.
About the Job
You will be responsible for research and analysis of new system attacks/threats, zero-day vulnerability discovery and, where appropriate, provide valuable research findings with vendors, bug bounty programs or publish them on our GitHub / website or through our publications, conference talks and white papers. This research also feeds into DarkMatter’s own product development, as well as the services and solutions we provide across the entire cyber security value chain.
About you
The ideal candidate will be passionate about security, vulnerabilities, and exploits.
You possess the aptitude to analyze, find and exploit vulnerabilities, researching exploit techniques and mitigations, and build systems / tools to streamline reverse engineering analysis tasks. You are expected to be an expert in the wide field of hardware security, in particular in any one of the following domains: side-channel analysis (DPA/DEMA/cache-timing), glitching (voltage/clock), fault injection (laser/EM), hardware reverse engineering, chip-off forensics, micro-probing.
Essential requirements:
• PhD or a Master\'s degree in Physics, Computer Science, Computer Engineering or Electrical Engineering or equivalent
• 5+ years of experience in Security Research
• Deep understanding of various Embedded / hardware security vulnerabilities and threats, reverse engineering and exploitation of test features
• Research experience in security products (vulnerability detection, side-channel and fault countermeasures, etc.)
Please click on this link to apply - https://app.jobvite.com/j?cj=oJBP4fwX&s=Career_Portal
Closing date for applications: 30 November 2017
Contact: Talent Acquisition Team
03 July 2017
Jan Camenisch, Liqun Chen, Manu Drijvers, Anja Lehmann, David Novick, Rainer Urian
Fuyuki Kitagawa, Ryo Nishimaki, Keisuke Tanaka
We can transform any quasi-polynomially secure single-key weakly-succinct SKFE into quasi-polynomially secure collusion-resistant one. In addition, if the underlying single-key SKFE scheme is sub-exponentially secure, then so does the resulting scheme in our construction.
Some recent results shows the power and usefulness of collusion-resistant SKFE. From our result, we see that succinct SKFE is also a powerful and useful primitive. In particular, by combining our result and the result by Bitansky, Nishimaki, Passel¥`egue, and Wichs (TCC 2016 B), we can obtain indistinguishability obfuscation from sub-exponentially secure weakly succinct SKFE that supports only a single functional decryption key if we additionally assume sub-exponentially secure plain public key encryption.
Anthony Journault, François-Xavier Standaert
Ming-Shing Chen, Wen-Ding Li, Bo-Yuan Peng, Bo-Yin Yang, Chen-Mou Cheng
In this paper, we review how MPKC signatures changes from 2009 including new parameters (from a newer security level at 128-bit), crypto-safe implementations, and the impact of new AVX2and AESNI instructions. We also present new techniques on evaluating multivariate polynomials, multiplications of large finite fields by additive Fast Fourier Transforms, and constant time linear solvers.
30 June 2017
University of São Paulo, Escola Politecnica, São Paulo, Brazil
The main requirements for the application are (1) a solid background in cryptography, preferably (but not necessarily) with post-quantum primitives, (2) good design/programming skills, preferably (but not necessarily) in programming languages such as C and/or hardware description languages such as VHDL, (3) a track record of strong R&D capability, with relevant publications on top conferences/journals, and (4) be able to work with little supervision and to work well with other researchers, as well as have good presentation and communication skills in English (ability to speak Portuguese is considered a plus, but it is not mandatory). The candidates are expected to work closely with the industry partners in the project (mainly researchers from Intel) and produce valuable research material in time and with the required quality.
The application requires: an academic curriculum vitae, a motivation letter, and the contact information of at least 2 people that can provide reference about the candidate’s work. Applicants that have already completed or that are close to complete their PhDs are both welcome.
The post-doc fellowship is granted by FAPESP, following the rules that can be found at http://www.fapesp.br/en/5427. Applications will be reviewed as soon as they are received, and only selected candidates will be contacted for interview. The process will remain open until the positions are filled or up to July 31st, 2017.
Closing date for applications: 31 July 2017
Contact: Prof. Marcos A. Simplicio Jr -- msimplicio (at) larc.usp.br
More information: http://www.larc.usp.br/en/content/security-group/
London, United Kingdom, 24 April - 26 April 2018
Submission deadline: 15 August 2017
Notification: 20 November 2017
The Norwegian University of Science and Technology (NTNU)
Department of Information Security and Communication Technology (IIK), see http://www.ntnu.edu/iik
Department of Computer Science (IDI), see http://www.ntnu.edu/idi
Department of Engineering Cybernetics (ITK), see http://www.ntnu.edu/itk
Closing date for applications: 15 August 2017
Contact: For the PhD position in post-quantum cryptography under the code \"IIK-01: Cryptography\" contact Professor Danilo Gligoroski, danilog (at) ntnu.no. For the other areas contact the professors given at the link with more information
More information: https://www.jobbnorge.no/en/available-jobs/job/139951/10-phd-research-fellow-positions-in-information-security
Indian Institute of Technology
Remuneration: Up to INR 50,000 per month (consolidated), based on experience and expertise. Other perks include: furnished office space, subsidized in-campus housing, subsidized food in IIT cafeteria, free healthcare at IIT hospital, travel funding to present research papers accepted in top international conferences, etc.
Closing date for applications: 31 August 2017
Contact: Debdeep Mukhopadhyay
Singapore University of Technology and Design (SUTD)
I am looking for PhD interns on cyber-physical system security (IoT, autonomous vehicle, power grid, and water treatment etc.), especially on the topics such as 1) Lightweight and low-latency crypto algorithms for CPS devices, 2) Resilient authentication of devices and data in CPS, 3) Advanced SCADA firewall to filter more sophisticated attacking packets in CPS, 4) Big data based threat analytics for detection of both known and unknown threats, 5) Attack mitigation to increase the resilience of CPS. The attachment will be at least 3 months. Allowance will be provided for local expenses.
Interested candidates please send your CV with a research statement to Prof. Jianying Zhou.
,
Closing date for applications: 31 July 2017
Contact: jianying_zhou (at) sutd.edu.sg
More information: http://jianying.space/