IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
07 August 2017
Riham AlTawy, Raghvendra Rohit, Morgan He, Kalikinkar Mandal, Gangqiang Yang, Guang Gong
ePrint ReportMichel Abdalla, Fabrice Benhamouda, David Pointcheval
ePrint ReportBurton S. Kaliski Jr.
ePrint ReportVirendra Kumar, Jonathan Petit, William Whyte
ePrint ReportMike Hamburg
ePrint ReportHere we show that this trick is dangerous by presenting a distinguisher for reduced-round Gimli. Our distinguisher takes the form of an attack on a simple and practical PRF that should be nearly 192-bit secure. Gimli has 24 rounds. Against 15.5 of those rounds, our distinguisher uses two known plaintexts, takes about $2^{64}$ time and uses enough memory for a set with $2^{64}$ elements. Against 19$\frac12$ rounds, the same attack uses three non-adaptively chosen plaintexts, and uses twice as much memory and about $2^{128}$ time. Against $22\frac12$ rounds, it requires about $2^{138.5}$ work, $2^{129}$ bits of memory and $2^{10.5}$ non-adaptively chosen plaintexts. The same attack would apply to 23$\frac12$ rounds if Gimli had more rounds.
Our attack does not use the structure of the SP-box at all, other than that it is invertible, so there may be room for improvement. On the bright side, our toy PRF puts keys and data in different positions than a typical sponge mode would do, so the attack might not work against sponge constructions.
Jonathan Bootle, Mehdi Tibouchi
ePrint ReportIn this note, we show that this particularly aggressive choice of parameters fails to achieve the stated security level. More precisely, we show that ciphertexts in the new encryption scheme can be decrypted using the public key alone with >99.9% probability in a fraction of a second on a standard PC, which is not quite as fast as legitimate decryption, but not too far off.
Peng Xu, Xia Gao, Wei Wang, Willy Susilo, Qianhong Wu, Hai Jin
ePrint ReportEleonora Cagli, C\'ecile Dumas, Emmanuel Prouff
ePrint Report06 August 2017
NXP Semiconductors
Job PostingPlease go to https://nxp.wd3.myworkdayjobs.com/en-US/careers and browse through the various positions which you find under keyword ‘security’.
Closing date for applications: 31 December 2017
Contact: Marc Joye, NXP Fellow
More information: https://nxp.wd3.myworkdayjobs.com/en-US/careers/
National University of Singapore, Singapore
Job Posting
NUS currently has two research fellow positions with competitive pay and available to (fresh) PhD graduates in computer science/engineering from Singapore or overseas.
Position 1: To conduct R&D work in cloud and data security. Design and implement secure cloud computing services, including practical privacy-preserving computation (e.g. for healthcare and finance related use cases) in a cloud environment. Topics like practical partially homomorphic encryption or practical secure multi-party computation are within our key focus.
Position 2: To conduct R&D work in key management, authentication, and trusted computing, using cryptography and secure hardware (e.g. Intel SGX, TPM, PUF).
Applicants should have strong background in applied cryptography or trusted computing. Applicants are also expected to be self-motivated and good team players. To apply for any of the above positions, please send a copy of your recent CV to comxj (at) nus.edu.sg with an email subject “Application for RF”.
Closing date for applications: 31 December 2017
Contact: comxj (at) nus.edu.sg
More information: http://nus-singtel.nus.edu.sg
04 August 2017
Graz University of Technology
Job PostingWe are looking for a scientifically excellent candidate who will represent the field Information Security in research and teaching. The successful candidate will complement existing strengths at the Institute for Applied Information Processing and Communications (IAIK) and be an engaged teacher in the Computer Science programs at the Bachelor’s, Master’s, and PhD level. Graz University of Technology offers excellent possibilities for interdisciplinary collaborations within the university and with other universities.
TU Graz is committed to increase the number of female employees, especially in executive and research positions. We therefore explicitly encourage qualified women to apply. Preference is given to female applicants with equivalent qualifications until the balanced proportion between men and women is achieved. We explicitly invite qualified applicants with disabilities to apply.
Candidates should submit an application by 31 October 2017. For details, refer to https://www.tugraz.at/go/professorships-vacancies/.
Closing date for applications: 31 October 2017
Contact: Stefan Mangard, Stefan.Mangard (at) iaik.tugraz.at
More information: https://www.tugraz.at/go/professorships-vacancies/
University of Bristol
Job PostingClosing date for applications: 31 December 2017
Contact: Nigel Smart
More information: http://www.bristol.ac.uk/jobs/find/details.html?nPostingID=5521&nPostingTargetID=25254
CipherCloud Inc, San Jose
Job PostingCryptography Architect will lead and contribute to our core technology. This senior engineering position requires demonstrated capabilities in cryptography, encryption, programming, and the associated computational sciences, while also serving the role of cryptography lead for the product teams. The position also requires leading associated research and patent activities and staging of foundational cryptographic technologies for security products.
DESIRED SKILLS & EXPERIENCE
• MS or PhD with at least few credits in advanced cryptography, mathematics and computer science combined with at least 2 years of software development experience in a related discipline is required
• In-depth hands-on implementation experience of at least few cryptography algorithms from scratch is required
• A very good understanding of symmetric and asymmetric key cryptography, key management techniques, PKI, SSL, X.509 Certificates and all the related technologies is needed
• Strong theoretical bend and academic connections is a plus
• Understanding of latest cryptographic techniques such as as Homomorphic and Split Key Encryption, Function and Format preserving Encryption techniques is a big plus
• Experience with various character sets and character encoding techniques is required
• Hands-on programming experience in C or Java. Java development experience is a plus
• Entrepreneurial drive and work ethic, self-motivated, results oriented and demonstrated ability to add value and succeed in a fast paced environment.
• Team player with strong communications and writing skills.
Closing date for applications: 30 September 2017
Contact: Harshiika Upadhyay Sahu
Mananger - Recruitment
husahu (at) ciphercloud.com
More information: https://ciphercloud.com/
03 August 2017
STMicroelectonics, Rousset, France (close to Aix-en-Provence)
Job PostingST\"\'\"s Advanced System Technology security R&D team is looking for a crypto and security hardware engineer.
As a member of an R&D team supporting product groups throughout ST making integrated circuits for a very broad spectrum of end-applications, your mission will be to
- Deploy security expertise and help ST product divisions shape the right security solutions for their products (ICs)
- Develop hardware security IPs
- Stay on top of security needs and state-of-the-art evolution, anticipating/identifying, developing or making available the security competences, IPs or partners that will be needed by the Company 3-5 years down the road>/il>
The candidate should have
- A solid cryptography, mathematics and statistics theoretical background
- Hardware design (VHDL/Verilog, ASIC, FPGA, etc.) skills
- Teamwork, networking, customer-orientation & communication skills
- Motivation for bridging research outcomes and product design
Closing date for applications: 30 November 2017
Contact: Bernard Kasser
02 August 2017
Real World Crypto
Royal Holloway, University of London
Job PostingApplications are invited for a postdoctoral research assistant position in the Information Security Group (ISG) at Royal Holloway, University of London, to work in the area of post-quantum cryptography The goal of this industry-funded two-year project is to investigate and propose novel methods and techniques for hardware implementation of popular and promising post-quantum cryptographic schemes.
The post is based at Royal Holloway’s main campus in Egham, Surrey, within commuting distance from London. The successful applicant will work with Prof Carlos Cid, Dr Martin Albrecht and other members of the ISG, in the research of efficient and secure hardware implementations of post-quantum cryptographic schemes. The researcher will consider the specific mathematical structure and features of these schemes, and will investigate the most suitable algorithmic and parameter choices for FPGA implementations. Moreover, potential trade-offs involving implementation costs, speed and scalability will be evaluated, considering for example the deployment in particular environments.
We are looking for a candidate with a PhD degree in a relevant subject and strong background and experience in FPGA implementation, ideally of cryptographic algorithms. The post will last for two years and the ideal candidate should be able to start on or near the 1st of October 2017.
Established in 1990, the Information Security Group at Royal Holloway was one of the first dedicated academic groups in the world to conduct research and teaching in information security. The ISG is today a world-leading interdisciplinary research group with 20 full-time members of staff, 10 post-doctoral research assistants and over 50 PhD students working on a range of subjects in cyber security, in particular cryptography.
Closing date for applications: 3 September 2017
Contact: Carlos Cid (carlos.cid (at) rhul.ac.uk), Martin Albrecht (martin.albrecht (at) rhul.ac.uk)
More information: https://jobs.royalholloway.ac.uk/vacancy.aspx?ref=0817-306
DarkMatter LLC, Abu Dhabi, UAE
Job PostingAs a Vice President of Cryptography, you will:
- Spearhead the creation of new crypto algorithms to protect our clients, our company and our Secure Communication Suite
- Anticipate threats and client needs to develop algorithms that solve the cyber security problems of the future.
- Lead, develop and inspire a team of research scientists to consistently produce high-quality results
- Have the freedom to develop and prove crypto algorithms in-house for a cyber security leader in a dynamic region
Essential Requirements -
- PhD in Related Security field Cryptography, Applied Cryptography, Information Theory and Mathematics, IT, Computer Science
- Minimum 5-8 years of experience managing cryptography teams in a university research or corporate setting
- Experience in overseeing the development of cryptographic algorithms for enterprise-grade cyber security products in mobile, cloud and web
- Ability to set clear, deliverable goals and to motivate and inspire teams to accomplish them
- Deep understanding and experience with symmetric, asymmetric and post-quantum cryptography
- Tenacity, accountability and commitment to anticipate problems and deliver new solutions
Please click on this link to apply - https://darkmatter.ae/en/careers?gh_jid=748951
Closing date for applications: 31 December 2017
Contact: Talent Acquisition Team at DarkMatter
DarkMatter LLC, Abu Dhabi, UAE
Job PostingAs a Crypto Developer, you will:
- Work closely with the secure communications team and other teams in the organization to design end-to-end secure communication protocols using state-of-the art and customized cryptographic algorithms and primitives
- Design, implement and deploy customized cryptographic algorithms covering symmetric and asymmetric key crypto, covering but not limited to: key exchange algorithms, digital signature schemes, symmetric and asymmetric block and stream ciphers, Key Generation Functions.
- Implement cryptographic protocols and parameters and their integration within DarkMatter products
- Conduct research and development in emerging areas such as quantum-based cryptography and homomorphic encryption
- Develop and update methods for efficient handling of cryptic processes
Essential Requirements:
- PhD or Master’s degree in Related Security field Cryptography, Applied Cryptography, Information Theory and Mathematics, IT, Computer Science
- Five to eight years of specialized experience in the following areas: Cryptography, Applied Cryptography, End-to-end secure protocols design, PKI Management, Application Security, etc
- Extensive experience in Data Protection, Cryptography and Application Security Management
Please click on this link to apply - https://darkmatter.ae/en/careers?gh_jid=761240
Closing date for applications: 31 December 2017
Contact: Talent Acquisition Team @ DarkMatter
DarkMatter LLC, Abu Dhabi, UAE
Job PostingAbout the Job
You will be responsible for research and analysis of new system attacks/threats, zero-day vulnerability discovery and, where appropriate, provide valuable research findings with vendors, bug bounty programs or publish them on our GitHub / website or through our publications, conference talks and white papers. This research also feeds into DarkMatter’s own product development, as well as the services and solutions we provide across the entire cyber security value chain.
About you
The ideal candidate will be passionate about security, vulnerabilities, and exploits. You possess the aptitude to analyze, find and exploit vulnerabilities, researching exploit techniques and mitigations, and build systems / tools to streamline reverse engineering analysis tasks. You are expected to be an expert in any one of the following domains: failure analysis, hardware reverse engineering, micro-probing, circuit editing.
Essential requirements:
- PhD or a Master\'s degree in Physics, Computer Engineering or Electrical Engineering or equivalent
- 5+ years of experience in Hardware Security Research or Semiconductor Failure Analysis
- Deep understanding of various hardware security vulnerabilities and threats, reverse engineering, circuit editing, and exploitation of test features
- Research experience in failure analysis and/or security products (access controls, application security, data security, anti-tampering mechanisms)
- Strong foundations in semiconductors, computer architecture and embedded systems
Please click on this link to apply - https://darkmatter.ae/en/careers?gh_jid=754026
Closing date for applications: 31 December 2017
Contact: Talent Acquisition
DarkMatter LLC, Abu Dhabi, UAE
Job PostingWorking in our headquarters located in the iconic Aldar HQ building in Abu Dhabi you will be joining a firm that is constantly looking to push boundaries. We have launched a full suite of cyber products and services including Governance, Risk & Compliance, Cyber Network Defense, Managed Security Services, Infrastructure & Systems Integration, as well as Secure Communications.
About the Job
You will be responsible for research and analysis of new system attacks/threats, zero-day vulnerability discovery and, where appropriate, provide valuable research findings with vendors, bug bounty programs or publish them on our GitHub / website or through our publications, conference talks and white papers. This research also feeds into DarkMatter’s own product development, as well as the services and solutions we provide across the entire cyber security value chain.
About you
The ideal candidate will be passionate about security, vulnerabilities, and exploits.
You possess the aptitude to analyze, find and exploit vulnerabilities, researching exploit techniques and mitigations, and build systems / tools to streamline reverse engineering analysis tasks. You are expected to be an expert in the wide field of hardware security, in particular in any one of the following domains: side-channel analysis (DPA/DEMA/cache-timing), glitching (voltage/clock), fault injection (laser/EM), hardware reverse engineering, chip-off forensics, micro-probing.
Essential requirements:
- PhD or a Master\'s degree in Physics, Computer Science, Computer Engineering or Electrical Engineering or equivalent.
- 5+ years of experience in Security Research.
- Deep understanding of various Embedded / hardware security vulnerabilities and threats, reverse engineering and exploitation of test features.
- Research experience in security products (vulnerability detection, side-channel and fault countermeasures, etc.)
Please click on this link to apply - https://darkmatter.ae/en/careers?gh_jid=749972
Closing date for applications: 31 December 2017
Contact: Talent Acquisition