International Association
for Cryptologic Research

I am inviting Ph.D. applications in cryptography (in particular, formal models and proofs for post-quantum cryptography, quantum cryptanalysis) starting Fall 2018, in the Computer Science Department at Portland State University. Other areas of interest include quantum algorithms, quantum complexity, and generally theoretical computer science (TCS). Competitive financial supports are available.

Portland State U is located in the heart of Portland, Oregon, one of America’s most dynamic cities. It gives unmatched access to career connections (e.g., Intel) and an internationally acclaimed culture scene. Recently, it’s becoming an emerging hub for IT industry and quantum computing.

A solid math background and strong interest in TCS are preferred. Suitable students from majors other than computer science (Math, Physics, Electrical Engineering etc.) are also encouraged to apply. Official deadline: March 1, 2018. However, review starts immediately upon receiving your complete application, so please start early.

More information can be found at http://fangsong.info/recruit/. Feel free to email me for any questions at: fsong (at) pdx.edu. (Please include PhD application in your subject)

Closing date for applications: 1 March 2018

Contact: Fang Song

Web: www.fangsong.info

Email: fsong (at) pdx.edu

More information: http://fangsong.info/recruit/

The CRYPTO Research Group of LMV (Laboratoire de Mathématiques de Versailles), part of Versailles-St-Quentin-en-Yvelines University (UVSQ), invites applications for:

- 1 postdoctoral researcher position in the area of Fully Homomorphic Encryption and its applications;

- 1 postdoctoral researcher position in the area of Post-Quantum Cryptography.

The positions are available immediately for one year, and are renewable, based on mutual interest and availability of funding. The starting date can be arranged as convenient.

The candidates are expected to:

- have completed their PhD degree in cryptography;

- have adequate cryptography research experience demonstrated through a strong publication record.

Applications should be sent via email and should include a CV, a list of publications, a short research proposal, and contact information for one or two persons who are willing to give references.

Closing date for applications: 30 November 2017

Contact: Prof. Louis Goubin, Louis.Goubin (at) uvsq.fr

More information: http://lmv.math.cnrs.fr/equipes/crypto/

Faculty of Science, Agriculture & Engineering

Computing

Newcastle upon Tyne

Salary: £27,285 to £28,936 (without PhD awarded)

£29,799 to £38,833 (PhD Awarded/Equivalent substantial research experience)

Closing Date: 05 December 2017

CASCAde (Confidentiality-Preserving Security Assurance) is an ambitious project to establish the capacity to certify complex data structures and system topologies, such that their security properties can be proven in zero-knowledge. It involves a team of cryptography, system security and usable security researchers.

As part of CASCAde, the group is seeking a researcher either with PhD awarded or a PhD thesis about to be submitted to investigate novel digital signatures on graph data structures and the certification of system topologies for subsequent proofs of knowledge.

The post is available fixed term for 3 years and is full time.

Click here for further details

For informal enquiries, please email Thomas.gross (at) ncl.ac.uk

The University holds a silver Athena SWAN award in recognition of our good employment practices for the advancement of gender equality, and the University holds the HR Excellence in Research award for our work to support the career development of our researchers. We are also a member of the Euraxess network.

Please be advised that due to a new minimum salary threshold of £30,000 per annum imposed by the UKVI, this post may not qualify for University sponsorship under Tier 2 of the points based system.

Closing date for applications: 5 December 2017

Contact: Dr Thomas Gross

Thomas.gross (at) ncl.ac.uk

More information: http://www.ncl.ac.uk/vacancies/

We have two PhD / PostDoc positions in the field of functional encryption. The positions are funded by a EU H2020 RIA grant called FENTEC. The goal of the project is to research and implement novel functional encryption schemes which can help to bootstrap future emerging technologies in the areas like IoT, Cloud computing or Blockchains.

PhD candidates ideally have finished (around January 2018) a masters’ degree in computer science, mathematics or electronic engineering. A background in cryptography is a plus. PostDocs should have a proven track record suitable for the position.

Please send your CV with a covering letter. PostDocs are asked to add two letters of recommendation. The positions are vacant until they are filled.

Closing date for applications: 1 February 2018

Contact: Prof. Dr. Sebastian Gajek

Flensburg University of Applied Sciences

IT Security and Cryptography

Kanzleistr. 91 - 93

24939 Flensburg, Germany

sebastian.gajek (at) hs-flensburg.de

More information: https://www.itsc.inf.hs-flensburg.de

The Department of Combinatorics and Optimization at the University of Waterloo invites applications for two tenure-track faculty positions at the rank of Assistant Professor. Associate or Full Professors with tenure will be considered in special cases that enhance the research and teaching needs of the Department. Emphasis will be given to candidates in the areas of Continuous Optimization and Cryptography.

The University of Waterloo respects, appreciates and encourages diversity and is committed to accessibility for persons with disabilities. We welcome applications from all qualified individuals including women, members of visible minorities, Aboriginal peoples and persons with disabilities. All qualified candidates are encouraged to apply; however, Canadian citizens and permanent residents will be given priority in the recruitment process.

Closing date for applications: 1 December 2017

Contact:

Jochen Koenemann

Chair, Department of Combinatorics and Optimization

University of Waterloo

combopt (at) uwaterloo.ca

More information: https://uwaterloo.ca/combinatorics-and-optimization/career-opportunities

The Computer Science Department at the University of Victoria is seeking applications for up to four tenure track faculty positions at the assistant professor level with an expected start date of July 1, 2018. Among the research areas being considered are cyber security, which includes secure cloud computing, networks, blockchain and applied cryptography.

Closing date for applications: 15 December 2017

More information: https://www.uvic.ca/engineering/computerscience/assets/docs/employment/CSC-Faculty-Posting-ResearchTrack-final2.pdf

We have a number of positions due to the appointment of Prof. Smart to KU Leuven in the area of secure computation based on multi-party computation (MPC). The positions are funded by two projects; an ERC grant called IMPaCT and a DARPA grant called Brandeis. The goal of the research is to develop innovative MPC solutions which solve real world problems. We are looking for applicants who can work on practice inspired theoretical work in MPC, applicants who can work on implementation research in MPC, and applicants who can bring domain knowledge in application areas (such as machine learning) to the arena of secure computation. Applicants will be expected to build demonstrators of their research within our existing MPC system.

Strong background in mathematics and preferably experience with implementing advanced mathematical structures in C or C++. For the postdoc researcher experience or interests in working on MPC or machine learning on private data would be an advantage.

Closing date for applications: 30 March 2018

Contact: For enquries contact nigel.paul.smart (at) gmail.com

To apply email jobs-cosic (at) esat.kuleuven.be with the documents detailed in the link below

More information: https://www.esat.kuleuven.be/cosic/wp-content/uploads/2017/06/Open_Position_secure_computation.pdf

We show a general framework for constructing non-malleable codes against tampering families with average-case hardness bounds. Our framework adapts ideas from the Naor-Yung double encryption paradigm such that to protect against tampering in a class F, it suffices to have average-case hard distributions for the class, and underlying primitives (encryption and non-interactive, simulatable proof systems) satisfying certain properties with respect to the class.

We instantiate our scheme in a variety of contexts, yielding efficient, non-malleable codes (NMC) against the following tampering classes:

1. Computational NMC against AC0 tampering, in the CRS model, assuming a PKE scheme with decryption in AC0 and NIZK.

2. Computational NMC against bounded-depth decision trees (of depth $t^\epsilon$, where $t$ is the number of input variables and constant $0<\epsilon<1$), in the CRS model and under the same computational assumptions as above.

3. Information theoretic NMC (with no CRS) against a streaming, space-bounded adversary, namely an adversary modeled as a read-once branching program with bounded width.

Ours are the first constructions that achieve each of the above in an efficient way, under the standard notion of non-malleability.

After the development of practical searchable encryption constructions, allowing for secure searches over an encrypted dataset outsourced to an untrusted server, at the expense of leaking some information to the server, many new attacks have recently been developed, targeting this leakage in order to break the confidentiality of the dataset or of the queries, through leakage abuse attacks. These works helped to understand the importance of considering leakage when analyzing the security of searchable encryption schemes, but did not explain why these attacks were so powerful despite the existence of rigorous security definitions and proofs, or how they could be efficiently and provably mitigated. This work addresses these questions by first proposing an analysis of existing leakage abuse attacks and a way to capture them in new security definitions. These new definitions also help us to devise a way to thwart these attacks and we apply it to the padding of datasets, in order to hide the number of queries’ results, and to provide provable security of some schemes with specific leakage profile against some common classes of leakage abuse attacks. Finally, we give experimental evidence that our countermeasures can be implemented efficiently, and easily applied to existing searchable encryption schemes.

Bitcoin, the first decentralized cryptocurrency, achieves great success but also encounters many challenges. In this paper, we mainly focus on Bitcoin's five challenges: low network synchronization; poor throughput; high information propagation delay; vulnerabilities to fork-based attacks and consumption of a large amount of computational power to maintain the blockchain. To address these challenges, we present the CP-consensus, a blockchain protocol based on synchronous timestamps of the Compass satellite. Firstly, CP-consensus provides a quasi-synchronous network for nodes. Specifically, nodes synchronously begin or end in each phase. Secondly, the block propagation delay is significantly reduced by adopting cache-nodes. Moreover, the block verification delay is significantly reduced since it is limited only by the size of block-header. Thirdly, CP-consensus has a high throughput with a larger block size since that the block size does not influence the consistency of CP-consensus. Fourthly, CP-consensus resists fork-based attacks and consumes a small amount of computational power. Finally, parameters setting and the security of CP-consensus are discussed.

In this work, we abstract some key ingredients in previous key exchange protocols based on LWE and its variants, by introducing and formalizing the building tool, referred to as key consensus (KC) and its asymmetric variant AKC. KC and AKC allow two communicating parties to reach consensus from close values obtained by some secure information exchange. We then discover upper bounds on parameters for any KC and AKC. KC and AKC are fundamental to lattice based cryptography, in the sense that a list of cryptographic primitives based on LWE and its variants (including key exchange, public-key encryption, and more) can be modularly constructed from them. As a conceptual contribution, this much simplifies the design and analysis of these cryptosystems in the future.

We then design and analyze both general and highly practical KC and AKC schemes, which are referred to as OKCN and AKCN respectively for presentation simplicity. Based on KC and AKC, we present generic constructions of key exchange (KE) from LWR, LWE, RLWE and MLWE. The generic construction allows versatile instantiations with our OKCN and AKCN schemes, for which we elaborate on evaluating and choosing the concrete parameters in order to achieve a well-balanced performance among security, computational cost, bandwidth efficiency, error rate, and operation simplicity.

This chapter describes Peter L. Montgomery's modular multiplication method and the various improvements to reduce the latency for software implementations on devices which have access to many computational units.

Secure multi-party computation (MPC) is a central cryptographic task that allows a set of mutually distrustful parties to jointly compute some function of their private inputs where security should hold in the presence of a malicious adversary that can corrupt any number of parties. Despite extensive research, the precise round complexity of this ``standard-bearer'' cryptographic primitive is unknown. Recently, Garg, Mukherjee, Pandey and Polychroniadou, in Eurocrypt 2016 demonstrated that the round complexity of any MPC protocol relying on black-box proofs of security in the plain model must be at least four. Following this work, independently Ananth, Choudhuri and Jain, CRYPTO 2017 and Brakerski, Halevi, and Polychroniadou, TCC 2017 made progress towards solving this question and constructed four-round protocols based on non-polynomial time assumptions. More recently, Ciampi, Ostrovsky, Siniscalchi and Visconti in TCC 2017 closed the gap for two-party protocols by constructing a 4-round protocol from polynomial-time assumptions. In another work, Ciampi, Ostrovsky, Siniscalchi and Visconti TCC 2017 showed how to design a 4-round multi-party protocol for the specific case of multi-party coin-tossing.

In this work, we resolve this question by designing a 4-round actively secure multi-party (two or more parties) protocol for general functionalities under standard polynomial-time hardness assumptions.

The design of Substitution Boxes (S-boxes) with good cryptographic properties represents an interesting problem. In this paper, we investigate how to evolve cellular automata (CA) rules that can be then translated into S-boxes. We first prove some upper bounds for the nonlinearity and differential uniformity of S-boxes generated by CA rules. Next, we employ a heuristic technique called Genetic Programming in order to generate CA based S-boxes with good cryptographic properties. Finally, we use the same heuristic paradigm in order to investigate whether a certain S-box is obtainable by a single CA rule.

Design of ultra-lightweight authentication protocols for RFID systems conformed with the EPC Class-1 Generation-2 standard is still a challenging issue in RFID security. Recently, Maurya et al. have proposed a CRC based authentication protocol and claimed that their protocol can resist against all known attacks in RFID systems. However, in this paper we show that their protocol is vulnerable to tag impersonation attack. Moreover, we show that how an attacker can easily trace a target RFID tag. Our analyses show that the success probability of our attacks is “1” while the complexity is only one session eavesdropping, two XORs and one CRC computation.

Zhang, Qiu and Zhou propose two optimised masked algorithms for computing functions of the form $x \mapsto x \cdot \ell(x)$ for any linear function $\ell$. They claim security properties.

We disprove their first claim by exhibiting a first order flaw that is present in their first proposed algorithm scheme at all orders.

We put their second claim into question by showing that their proposed algorithm, as published, is not well-defined at all orders, making use of variables before defining them. We then also exhibit a counterexample at order 2, that we believe generalises to all even orders.

In order to be useful in the real world, efficient cryptographic constructions often reveal, or ``leak,'' more information about their plaintext than one might desire. Up until now, the approach for addressing leakage when proposing a new cryptographic construction has focused entirely on qualifying exactly what information is leaked. Unfortunately there has been no way to predict what the real-world impact of that leakage will be.

In this paper, we argue in favor of an analytical approach for quantifying the vulnerability of leaky cryptographic constructions against attacks that use leakage to recover the plaintext or other sensitive information. In contrast to the previous empirical and ad-hoc approach for identifying and assessing such vulnerabilities, analytical techniques can be integrated much earlier in the design lifecycle of a new construction, and the results of the analysis apply much more broadly across many different kinds of data.

We applied the proposed framework to evaluate the leakage profiles of five recent constructions for deterministic and order-revealing encryption. Our analysis discovered powerful attacks against every construction that we analyzed, and with only one possible exception, the attack allows the adversary to recover virtually any plaintext with only an exponentially small probability of error. We hope that these results, together with the proposed analytical framework, will help spur the development of new efficient constructions with improved leakage profiles that meaningfully limit the power of leakage abuse attacks in the real world.

Distinguishers play an important role in Side Channel Analysis (SCA), where real world leakage information is compared against hypothetical predictions in order to guess at the underlying secret key. However, the direct relationship between leakages and predictions can be disrupted by the mathematical combining of $d$ random values with each sensitive intermediate value of the cryptographic algorithm (a so-called ``$d$-th order masking scheme''). In the case of software implementations, as long as the masking has been correctly applied, the guessable intermediates will be independent of any one point in the trace, or indeed of any tuple of fewer than $d+1$ points. However, certain $d+1$-tuples of time points may jointly depend on the guessable intermediates. A typical approach to exploiting this data dependency is to pre-process the trace -- computing carefully chosen univariate functions of all possible $d+1$-tuples -- before applying the usual univariate distinguishers. This has a computational complexity which is exponential in the order $d$ of the masking scheme. In this paper, we propose a new distinguisher based on Kernel Discriminant Analysis (KDA) which directly exploits properties of the mask implementation without the need to exhaustively pre-process the traces, thereby distinguishing the correct key with lower complexity.

Zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs) have emerged as a valuable tool for verifiable computation and privacy preserving protocols. Currently practical schemes require a common reference string (CRS) to be constructed in a one-time setup for each statement. Ben-Sasson, Chiesa, Green, Tromer and Virza devised a multi-party protocol to securely compute such a CRS, and an adaptation of this protocol was used to construct the CRS for the Zcash cryptocurrency. The scalability of these protocols is obstructed by the need for a "precommitment round" which forces participants to be defined in advance and requires them to secure their secret randomness throughout the duration of the protocol.

Our primary contribution is a more scalable multi-party computation (MPC) protocol, secure in the random beacon model, which omits the precommitment round. We show that security holds even if an adversary has limited influence on the beacon. Next, we apply our main result to obtain a two-round protocol for computing an extended version of the CRS of Groth's SNARK. We show that knowledge soundness is maintained in the generic group model when using this CRS.

We also contribute a more secure pairing-friendly elliptic curve construction and implementation, tuned for use in zk-SNARKs, in light of recent optimizations to the Number Field Sieve algorithm which reduced the security estimates of existing pairing-friendly curves used in zk-SNARK applications.

An identity-based encryption scheme enables the efficient distribution of keys in a multi-user system. Such schemes are particularly attractive in resource constrained environments where critical resources such as processing power, memory and bandwidth are severely limited. This research examines the first pragmatic lattice-based IBE scheme pre- sented by Ducas, Lyubashevsky and Prest in 2014 and brings it into the realm of practicality for use on small devices. This is the first standalone ANSI C implementation of all the software elements of the scheme with improved performance. User Key Extraction demonstrates a 180% speed increase and Encrypt and Decrypt demonstrate increases of over 500% and 1200% respectively for 80-bit security on an Intel Core i7-6700 CPU at 4.0 GHz, with similar accelerations for 192-bit security, compared with Prest’s NTL proof-of-concept implementation on an Intel Core i5-3210M CPU at 2.5GHz. In addition, we provide a range of suggestions to further enhance performance.