International Association
for Cryptologic Research

In this paper, we propose a family of lightweight cryptographic permutations called sLiSCP, with the sole aim to provide a realistic minimal design}that suits a variety of lightweight device applications. More precisely, we argue that for such devices the chip area dedicated for security purposes should, not only be consumed by an encryption or hashing algorithm, but also provide as many cryptographic functionalities as possible. Our main contribution is the design of a lightweight permutation employing a 4-subblock Type-2 Generalized-like Structure (GFS) and round-reduced unkeyed Simeck with either 48 or 64-bit block length as the two round functions, thus resulting in two lightweight instances of the permutation, sLiSCP-192 and sLiSCP-256. We leverage the extensive security analysis on both Simeck (Simon-like functions) and Type-2 GFSs and present bounds against differential and linear cryptanalysis. In particular, we provide an estimation on the maximum differential probability of the round-reduced Simeck and use it for bounding the maximum expected differential/linear characteristic probability for our permutation. Due to the iterated nature of the Simeck round function and the simple XOR and cyclic shift mixing layer of the GFS that fosters the propagation of long trails, the long trail strategy}is adopted to provide tighter bounds on both characteristics. Moreover, we analyze sLiSCP against a wide range of distinguishing attacks, and accordingly, claim that there exists no structural distinguishers for sLiSCP with a complexity below $2^{b/2}$ where $b$ is the state size. We demonstrate how sLiSCP can be used as a unified round function in the duplex sponge construction to build (authenticated) encryption and hashing functionalities. The parallel hardware implementation area of the unified duplex mode of sLiSCP-192 (resp. sLiSCP-256) in CMOS $65\,nm$ ASIC is 2289 (resp. 3039) GEs with a throughput of 29.62 (resp. 44.44) kbps, and their areas in CMOS $130\, nm$ are 2498 (resp. 3319) GEs.

In this paper, we revisit the security of factoring-based signature schemes built via the Fiat-Shamir transform and show that they can admit tighter reductions to certain decisional complexity assumptions such as the quadratic-residuosity, the high-residuosity, and the $\phi$-hiding assumptions. We do so by proving that the underlying identification schemes used in these schemes are a particular case of the lossy identification notion recently introduced by Abdalla et al. at Eurocrypt 2012. Next, we show how to extend these results to the forward-security setting based on ideas from the Itkis-Reyzin forward-secure signature scheme. Unlike the original Itkis-Reyzin scheme, our construction can be instantiated under different decisional complexity assumptions and has a much tighter security reduction. Moreover, we also show that the tighter security reductions provided by our proof methodology can result in concrete efficiency gains in practice, both in the standard and forward-security setting, as long as the use of stronger security assumptions is deemed acceptable. Finally, we investigate the design of forward-secure signature schemes whose security reductions are fully tight.

In their foundational paper on pseudorandom bit generation, Blum and Micali showed that the discrete logarithm problem could be solved efficiently given a ``magic box'' oracle that computes the most significant bit of the discrete logarithm with a slight advantage over guessing. This magic box can be realized on a quantum computer with a new, simplified variant of Shor's algorithm. The resulting combination of Blum and Micali's reduction and this new quantum magic box offers an intriguing hybrid approach to solving the discrete logarithm problem with a quantum computer. Because the only requirement on the quantum portion of the algorithm is that it provide an approximate estimate of a single bit of the discrete logarithm, the new algorithm may be easier to implement, more resilient to errors, and more amenable to optimization than previous approaches. Further analysis is needed to quantify the extent of these benefits in practice. The result applies to the discrete logarithm problem over both finite fields and elliptic curves. (The views expressed are my own and do not necessarily reflect those of my employer.)

We present a certificate access management system to support the USDOT's proposed rule on Vehicle-to-Vehicle (V2V) communications, Federal Motor Vehicle Safety Standard (FMVSS) No.~150. Our proposal, which we call Binary Hash Tree based Certificate Access Management (BCAM) eliminates the need for vehicles to have bidirectional connectivity with the Security Credential Management System (SCMS) for certificate update. BCAM significantly improves the ability of the SCMS to manage large-scale software and/or hardware compromise events. Vehicles are provisioned at the start of their lifetime with all the certificates they will need. However, certificates and corresponding private key reconstruction values are provided to the vehicle encrypted, and the keys to decrypt them are only made available to the vehicles shortly before the start of the validity periods of those certificates. Vehicles that are compromised can be effectively removed from the V2V system by preventing them from decrypting the certificates. We demonstrate that the system is feasible with a broadcast channel for decryption keys and other revocation information, even if that channel has a relatively low capacity.

Bernstein et al. have proposed a new permutation, Gimli, which aims to provide simple and performant implementations on a wide variety of platforms. One of the tricks used to make Gimli performant is that it processes data mostly in 96-bit columns, only occasionally swapping 32-bit words between them.

Here we show that this trick is dangerous by presenting a distinguisher for reduced-round Gimli. Our distinguisher takes the form of an attack on a simple and practical PRF that should be nearly 192-bit secure. Gimli has 24 rounds. Against 15.5 of those rounds, our distinguisher uses two known plaintexts, takes about $2^{64}$ time and uses enough memory for a set with $2^{64}$ elements. Against 19$\frac12$ rounds, the same attack uses three non-adaptively chosen plaintexts, and uses twice as much memory and about $2^{128}$ time. Against $22\frac12$ rounds, it requires about $2^{138.5}$ work, $2^{129}$ bits of memory and $2^{10.5}$ non-adaptively chosen plaintexts. The same attack would apply to 23$\frac12$ rounds if Gimli had more rounds.

Our attack does not use the structure of the SP-box at all, other than that it is invertible, so there may be room for improvement. On the bright side, our toy PRF puts keys and data in different positions than a typical sponge mode would do, so the attack might not work against sponge constructions.

As an invited speaker of the ACISP 2017 conference, Dongxi Liu recently introduced a new lattice-based encryption scheme (joint work with Li, Kim and Nepal) designed for lightweight IoT applications, and announced plans to submit it to the NIST postquantum competition. The new scheme is based on a variant of standard LWE called Compact-LWE, but is claimed to achieve high security levels in considerably smaller dimensions than usual lattice-based schemes. In fact, the proposed parameters, allegedly suitable for 138-bit security, involve the Compact-LWE assumption in dimension only 13.

In this note, we show that this particularly aggressive choice of parameters fails to achieve the stated security level. More precisely, we show that ciphertexts in the new encryption scheme can be decrypted using the public key alone with >99.9% probability in a fraction of a second on a standard PC, which is not quite as fast as legitimate decryption, but not too far off.

Public-key encryption with keyword search (PEKS) allows a sender to generate keyword-searchable ciphertexts using a receiver’s public key and upload them to a server. Upon receiving a keyword-search trapdoor from the receiver, the server finds all matching ciphertexts. Due to the characteristics of public-key encryption, PEKS is inherently suitable for the application of numerous senders. Hence, PEKS is a well-known method to achieve secure keyword search over the encrypted email system. However, we find that without a keyword-search trapdoor, the traditional concept of PEKS still allows the server to have the obvious advantage to distinguish ciphertexts in practice. In other words, the traditional PEKS cannot guarantee the well-recognized semantic security in practice. To solve this problem, this paper defines a new concept called dynamic searchable public-key encryption (DSPE). It can hide the relationships between keyword-searchable ciphertexts and their corresponding encrypted files, and guarantee semantic security in both theory and practice. In addition, it allows the server to delete the intended ciphertexts according to the receiver’s requirement. Then, we construct a DSPE instance with provable semantic security in the random oracle model. In terms of performance, the proposed instance also has the advantage that it only requires sublinear complexity to determine all matching ciphertexts or to delete the intended ciphertexts. Finally, we experimentally demonstrate the practicability of the instance.

In the context of the security evaluation of cryptographic implementations, profiling attacks (aka Template Attacks) play a fundamental role. Nowadays the most popular Template Attack strategy consists in approximating the information leakages by Gaussian distributions. Nevertheless this approach suffers from the difficulty to deal with both the traces misalignment and the high dimensionality of the data. This forces the attacker to perform critical preprocessing phases, such as the selection of the points of interest and the realignment of measurements. Some software and hardware countermeasures have been conceived exactly to create such a misalignment. In this paper we propose an end-to-end profiling attack strategy based on the Convolutional Neural Networks: this strategy greatly facilitates the attack roadmap, since it does not require a previous trace realignment nor a precise selection of points of interest. To significantly increase the performances of the CNN, we moreover propose to equip it with the data augmentation technique that is classical in other applications of Machine Learning. As a validation, we present several experiments against traces misaligned by different kinds of countermeasures, including the augmentation of the clock jitter effect in a secure hardware implementation over a modern chip. The excellent results achieved in these experiments prove that Convolutional Neural Networks approach combined with data augmentation gives a very efficient alternative to the state-of-the-art profiling attacks.

NXP is hiring 13 security experts in various domains (security architecture, vulnerability analysis, innovation, evaluation & certification, assessment, business development, ...) in various locations, such as Gratkorn, Hamburg, Glasgow, Eindhoven, Mougins, San Jose, San Diego, Austin or Shanghai.

Please go to https://nxp.wd3.myworkdayjobs.com/en-US/careers and browse through the various positions which you find under keyword ‘security’.

Closing date for applications: 31 December 2017

Contact: Marc Joye, NXP Fellow

More information: https://nxp.wd3.myworkdayjobs.com/en-US/careers/

“NUS-Singtel Cyber Security R&D Lab” (http://nus-singtel.nus.edu.sg/) is a 5 years joint project with about SGD 43 mil (approximately USD 31 mil) of funds contributed by Singapore Telecommunications Limited (SingTel), National University of Singapore (NUS), and National Research Foundation (NRF) of Singapore. The R&D Lab will conduct research in four broad areas of cyber security having strategic relevance to Singtel’s business: (1) Predictive Security Analytics; (2) Network, Data and Cloud Security; (3) Internet-of-Things and Industrial Control Systems; (4) Future-Ready Cyber Security Systems.

NUS currently has two research fellow positions with competitive pay and available to (fresh) PhD graduates in computer science/engineering from Singapore or overseas.

Position 1: To conduct R&D work in cloud and data security. Design and implement secure cloud computing services, including practical privacy-preserving computation (e.g. for healthcare and finance related use cases) in a cloud environment. Topics like practical partially homomorphic encryption or practical secure multi-party computation are within our key focus.

Position 2: To conduct R&D work in key management, authentication, and trusted computing, using cryptography and secure hardware (e.g. Intel SGX, TPM, PUF).

Applicants should have strong background in applied cryptography or trusted computing. Applicants are also expected to be self-motivated and good team players. To apply for any of the above positions, please send a copy of your recent CV to comxj (at) nus.edu.sg with an email subject “Application for RF”.

Closing date for applications: 31 December 2017

Contact: comxj (at) nus.edu.sg

More information: http://nus-singtel.nus.edu.sg

The faculty of Computer Science and Biomedical Engineering at Graz University of Technology is seeking applicants for a tenured Professorship in Information Security.

We are looking for a scientifically excellent candidate who will represent the field Information Security in research and teaching. The successful candidate will complement existing strengths at the Institute for Applied Information Processing and Communications (IAIK) and be an engaged teacher in the Computer Science programs at the Bachelor’s, Master’s, and PhD level. Graz University of Technology offers excellent possibilities for interdisciplinary collaborations within the university and with other universities.

TU Graz is committed to increase the number of female employees, especially in executive and research positions. We therefore explicitly encourage qualified women to apply. Preference is given to female applicants with equivalent qualifications until the balanced proportion between men and women is achieved. We explicitly invite qualified applicants with disabilities to apply.

Candidates should submit an application by 31 October 2017. For details, refer to https://www.tugraz.at/go/professorships-vacancies/.

Closing date for applications: 31 October 2017

Contact: Stefan Mangard, Stefan.Mangard (at) iaik.tugraz.at

More information: https://www.tugraz.at/go/professorships-vacancies/

We are looking for Post-Docs to work on theory, implementation and applications of MPC. We are looking for different individuals to contribute to each of these three areas. The positions are multi-year, and you will be working in a vibrant group working on trying to make MPC a reality; with strong links with both other research groups, and industrial applications.

Closing date for applications: 31 December 2017

Contact: Nigel Smart

More information: http://www.bristol.ac.uk/jobs/find/details.html?nPostingID=5521&nPostingTargetID=25254

Job Description

Cryptography Architect will lead and contribute to our core technology. This senior engineering position requires demonstrated capabilities in cryptography, encryption, programming, and the associated computational sciences, while also serving the role of cryptography lead for the product teams. The position also requires leading associated research and patent activities and staging of foundational cryptographic technologies for security products.

DESIRED SKILLS & EXPERIENCE

• MS or PhD with at least few credits in advanced cryptography, mathematics and computer science combined with at least 2 years of software development experience in a related discipline is required

• In-depth hands-on implementation experience of at least few cryptography algorithms from scratch is required

• A very good understanding of symmetric and asymmetric key cryptography, key management techniques, PKI, SSL, X.509 Certificates and all the related technologies is needed

• Strong theoretical bend and academic connections is a plus

• Understanding of latest cryptographic techniques such as as Homomorphic and Split Key Encryption, Function and Format preserving Encryption techniques is a big plus

• Experience with various character sets and character encoding techniques is required

• Hands-on programming experience in C or Java. Java development experience is a plus

• Entrepreneurial drive and work ethic, self-motivated, results oriented and demonstrated ability to add value and succeed in a fast paced environment.

• Team player with strong communications and writing skills.

Closing date for applications: 30 September 2017

Contact: Harshiika Upadhyay Sahu

Mananger - Recruitment

husahu (at) ciphercloud.com

More information: https://ciphercloud.com/

ST\"\'\"s Advanced System Technology security R&D team is looking for a crypto and security hardware engineer.

As a member of an R&D team supporting product groups throughout ST making integrated circuits for a very broad spectrum of end-applications, your mission will be to

• Deploy security expertise and help ST product divisions shape the right security solutions for their products (ICs)
• Develop hardware security IPs

• Stay on top of security needs and state-of-the-art evolution, anticipating/identifying, developing or making available the security competences, IPs or partners that will be needed by the Company 3-5 years down the road>/il>

The candidate should have

• A solid cryptography, mathematics and statistics theoretical background
• Hardware design (VHDL/Verilog, ASIC, FPGA, etc.) skills
• Teamwork, networking, customer-orientation & communication skills
• Motivation for bridging research outcomes and product design

Closing date for applications: 30 November 2017

Contact: Bernard Kasser

The call for contributed talks for Real World Crypto has now been posted: https://rwc.iacr.org/2018/contributed.html. RWC 2018 will be held Jan 10-12 in Zurich.

Applications are invited for a postdoctoral research assistant position in the Information Security Group (ISG) at Royal Holloway, University of London, to work in the area of post-quantum cryptography The goal of this industry-funded two-year project is to investigate and propose novel methods and techniques for hardware implementation of popular and promising post-quantum cryptographic schemes.

The post is based at Royal Holloway’s main campus in Egham, Surrey, within commuting distance from London. The successful applicant will work with Prof Carlos Cid, Dr Martin Albrecht and other members of the ISG, in the research of efficient and secure hardware implementations of post-quantum cryptographic schemes. The researcher will consider the specific mathematical structure and features of these schemes, and will investigate the most suitable algorithmic and parameter choices for FPGA implementations. Moreover, potential trade-offs involving implementation costs, speed and scalability will be evaluated, considering for example the deployment in particular environments.

We are looking for a candidate with a PhD degree in a relevant subject and strong background and experience in FPGA implementation, ideally of cryptographic algorithms. The post will last for two years and the ideal candidate should be able to start on or near the 1st of October 2017.

Established in 1990, the Information Security Group at Royal Holloway was one of the first dedicated academic groups in the world to conduct research and teaching in information security. The ISG is today a world-leading interdisciplinary research group with 20 full-time members of staff, 10 post-doctoral research assistants and over 50 PhD students working on a range of subjects in cyber security, in particular cryptography.

Closing date for applications: 3 September 2017

Contact: Carlos Cid (carlos.cid (at) rhul.ac.uk), Martin Albrecht (martin.albrecht (at) rhul.ac.uk)

More information: https://jobs.royalholloway.ac.uk/vacancy.aspx?ref=0817-306

Working in our headquarters located in the iconic Aldar HQ building in Abu Dhabi you will be joining a firm that is constantly looking to push boundaries. We have launched a full suite of cyber products and services including Governance, Risk & Compliance, Cyber Network Defense, Managed Security Services, Infrastructure & Systems Integration, as well as Secure Communications.

As a Vice President of Cryptography, you will:

- Spearhead the creation of new crypto algorithms to protect our clients, our company and our Secure Communication Suite

- Anticipate threats and client needs to develop algorithms that solve the cyber security problems of the future.

- Lead, develop and inspire a team of research scientists to consistently produce high-quality results

- Have the freedom to develop and prove crypto algorithms in-house for a cyber security leader in a dynamic region

Essential Requirements -

- PhD in Related Security field Cryptography, Applied Cryptography, Information Theory and Mathematics, IT, Computer Science

- Minimum 5-8 years of experience managing cryptography teams in a university research or corporate setting

- Experience in overseeing the development of cryptographic algorithms for enterprise-grade cyber security products in mobile, cloud and web

- Ability to set clear, deliverable goals and to motivate and inspire teams to accomplish them

- Deep understanding and experience with symmetric, asymmetric and post-quantum cryptography

- Tenacity, accountability and commitment to anticipate problems and deliver new solutions

Please click on this link to apply - https://darkmatter.ae/en/careers?gh_jid=748951

Closing date for applications: 31 December 2017

Contact: Talent Acquisition Team at DarkMatter

Working in our headquarters located in the iconic Aldar HQ building in Abu Dhabi you will be joining a firm that is constantly looking to push boundaries. We have launched a full suite of cyber products and services including Governance, Risk & Compliance, Cyber Network Defense, Managed Security Services, Infrastructure & Systems Integration, as well as Secure Communications.

As a Crypto Developer, you will:

- Work closely with the secure communications team and other teams in the organization to design end-to-end secure communication protocols using state-of-the art and customized cryptographic algorithms and primitives

- Design, implement and deploy customized cryptographic algorithms covering symmetric and asymmetric key crypto, covering but not limited to: key exchange algorithms, digital signature schemes, symmetric and asymmetric block and stream ciphers, Key Generation Functions.

- Implement cryptographic protocols and parameters and their integration within DarkMatter products

- Conduct research and development in emerging areas such as quantum-based cryptography and homomorphic encryption

- Develop and update methods for efficient handling of cryptic processes

Essential Requirements:

- PhD or Master’s degree in Related Security field Cryptography, Applied Cryptography, Information Theory and Mathematics, IT, Computer Science

- Five to eight years of specialized experience in the following areas: Cryptography, Applied Cryptography, End-to-end secure protocols design, PKI Management, Application Security, etc

- Extensive experience in Data Protection, Cryptography and Application Security Management

Please click on this link to apply - https://darkmatter.ae/en/careers?gh_jid=761240

Closing date for applications: 31 December 2017

Contact: Talent Acquisition Team @ DarkMatter

Working in our headquarters located in the iconic Aldar HQ building in Abu Dhabi you will be joining a firm that is constantly looking to push boundaries. We have launched a full suite of cyber products and services including Governance, Risk & Compliance, Cyber Network Defense, Managed Security Services, Infrastructure & Systems Integration, as well as Secure Communications.

About the Job

You will be responsible for research and analysis of new system attacks/threats, zero-day vulnerability discovery and, where appropriate, provide valuable research findings with vendors, bug bounty programs or publish them on our GitHub / website or through our publications, conference talks and white papers. This research also feeds into DarkMatter’s own product development, as well as the services and solutions we provide across the entire cyber security value chain.

About you

The ideal candidate will be passionate about security, vulnerabilities, and exploits. You possess the aptitude to analyze, find and exploit vulnerabilities, researching exploit techniques and mitigations, and build systems / tools to streamline reverse engineering analysis tasks. You are expected to be an expert in any one of the following domains: failure analysis, hardware reverse engineering, micro-probing, circuit editing.

Essential requirements:

- PhD or a Master\'s degree in Physics, Computer Engineering or Electrical Engineering or equivalent

- 5+ years of experience in Hardware Security Research or Semiconductor Failure Analysis

- Deep understanding of various hardware security vulnerabilities and threats, reverse engineering, circuit editing, and exploitation of test features

- Research experience in failure analysis and/or security products (access controls, application security, data security, anti-tampering mechanisms)

- Strong foundations in semiconductors, computer architecture and embedded systems

Please click on this link to apply - https://darkmatter.ae/en/careers?gh_jid=754026

Closing date for applications: 31 December 2017

Contact: Talent Acquisition

About us

Working in our headquarters located in the iconic Aldar HQ building in Abu Dhabi you will be joining a firm that is constantly looking to push boundaries. We have launched a full suite of cyber products and services including Governance, Risk & Compliance, Cyber Network Defense, Managed Security Services, Infrastructure & Systems Integration, as well as Secure Communications.

About the Job

You will be responsible for research and analysis of new system attacks/threats, zero-day vulnerability discovery and, where appropriate, provide valuable research findings with vendors, bug bounty programs or publish them on our GitHub / website or through our publications, conference talks and white papers. This research also feeds into DarkMatter’s own product development, as well as the services and solutions we provide across the entire cyber security value chain.

About you

The ideal candidate will be passionate about security, vulnerabilities, and exploits.

You possess the aptitude to analyze, find and exploit vulnerabilities, researching exploit techniques and mitigations, and build systems / tools to streamline reverse engineering analysis tasks. You are expected to be an expert in the wide field of hardware security, in particular in any one of the following domains: side-channel analysis (DPA/DEMA/cache-timing), glitching (voltage/clock), fault injection (laser/EM), hardware reverse engineering, chip-off forensics, micro-probing.

Essential requirements:

- PhD or a Master\'s degree in Physics, Computer Science, Computer Engineering or Electrical Engineering or equivalent.

- 5+ years of experience in Security Research.

- Deep understanding of various Embedded / hardware security vulnerabilities and threats, reverse engineering and exploitation of test features.

- Research experience in security products (vulnerability detection, side-channel and fault countermeasures, etc.)

Please click on this link to apply - https://darkmatter.ae/en/careers?gh_jid=749972

Closing date for applications: 31 December 2017

Contact: Talent Acquisition