International Association
for Cryptologic Research

Proof-of-Work (PoW) schemes allow to limit access to resources or to share rewards for crypto-currency mining. The MTP-Argon2 PoW by Biryukov and Khovratovich is loosely based on the Argon2 memory-hard password hashing function. Several attacks have been published. We introduce a new transposed parallel implementation attack which achieves higher performance by circumventing apparent bandwidth requirements. We then present Itsuku, a new scheme that fixes known issues by changing MTP-Argon2 parameters and adds new operations to improve memory hardness. Our scheme is built on a simple security criterion: any implementation which requires half the memory or less should induce at least a times-64 computation cost for difficulty d <= 100. The Itsuku proof size is typically 1/16 th of the initial scheme, while providing better memory hardness. We also describe high-end hardware designs for MTP-Argon2 and Itsuku.

This work shows that weighted majority voting games occur in cryptocurrencies. In particular, two such games are highlighted. The first game, which we call the Rule Game, pertains to the scenario where the entities in the system engage in a voting procedure to accept or reject a change of rules. The second game, which we call the Attack Game, refers to the scenario where a group of entities in a cryptocurrency system can form a coalition to engage in double spending. For the Rule Game we provide analysis to argue that the Coleman’s preventive power measure is the appropriate tool for measuring a player’s influence in the game while for the Attack Game, we define a notion of stability based on the notion of minimal winning coalitions. For both the Rule Game and the Attack Game, we show how to analyse the games based on a snapshot of real world data for Bitcoin which is presently the most popular of all the cryptocurrencies.

Bit permutations are a common choice for diffusion function in lightweight block ciphers, owing to their low implementation footprint. In this paper, we present a novel Side-Channel Assisted Differential-Plaintext Attack (SCADPA), exploiting specific vulnerabilities of bit permutations. SCADPA is a chosen-plaintext attack, knowledge of the ciphertext is not required. Unlike statistical methods, commonly used for distinguisher in standard power analysis, the proposed method is more differential in nature. The attack shows that diffusion layer can play a significant role in distinguishing the internal cipher state. We demonstrate how to practically exploit such vulnerability to extract the secret key. Results on microcontroller-based PRESENT-80 cipher lead to full key retrieval using as low as 17 encryptions. It is possible to automate the attack by using a thresholding method detailed in the paper. Several case studies are presented, using various attacker models and targeting different encryption modes (such as CTR and CBC). We provide a discussion on how to avoid such attack from the design point of view.

Adaptive security embodies one of the strongest notions of security that allows an adversary to corrupt parties at any point during protocol execution and gain access to its internal state. Since it models real-life situations such as "hacking", adaptively-secure multiparty computation (MPC) protocols are desirable. Such protocols demand primitives such as oblivious transfer (OT) and commitment schemes that are adaptively-secure as building blocks. Efficient realisations of these primitives have been found to be challenging when no erasures is assumed. In this paper, we provide efficient constructions for these primitives that are Universally-Composable.

$Adaptively-Secure$ $Oblivious$ $Transfer.$ We present the first $round$ $optimal$ adaptively-secure OT based on the 2-round static OT protocol of $Peikert$ et al. (Crypto 2008). Our protocol is in the programmable random oracle (PRO) model. It incurs a minimal communication overhead of one $\kappa$ bit string and computational overhead of 5 random oracle queries over its static counterpart, where $\kappa$ is the security parameter. Additionally, we present a construction of adaptively-secure 1-out-of-$N$ OT by extending the result of $Naor$ et al. (Journal of Cryptology 2005) that transforms $\log N$ copies of 1-out-of-2 OTs to one 1-out-of-$N$ OT. Based on PRO assumption, we prove that the transformation is adaptively-secure at the expense of $\mathcal{O}(\log N)$ exponentiations whereas, the existing state-of-the-art protocols for adaptively-secure 1-out-of-$N$ OT incur at least $\mathcal{O}(N)$ exponentiations. Interestingly, it can be established that our transformation continues to be adaptively-secure, despite replacing the adaptively-secure 1-out-of-2 OTs in the above result with statically-secure OTs, that support equivocation of receiver's view irrespective of equivocation of sender's view.

$Adaptively-Secure$ $Commitment$ $Scheme.$ We provide a $round$ $optimal$ non-interactive commitment scheme (NICOM) based on the observable random oracle (ORO) assumption in the CRS model. Our construction incurs communication of 4$\kappa$ bit strings and computation of 4 exponentiations and 2 random oracle queries for committing to an arbitrary length message. Additionally, we present a statically-secure scheme for one-time generation of CRS that can be reused for multiple commitments. This eliminates the need of a trusted CRS setup for the commitment scheme, thereby reducing the assumptions solely to ORO. The static version of our NICOM finds applications in secure two-party computation (2PC) protocols that adopt offline-online paradigm, where the CRS can be generated in the offline phase.

We present Chameleon, a novel hybrid (mixed-protocol) framework for secure function evaluation (SFE) which enables two parties to jointly compute a function without disclosing their private inputs. Chameleon combines the best aspects of generic SFE protocols with the ones that are based upon additive secret sharing. In particular, the framework performs linear operations in the ring $\mathbb{Z}_{2^l}$ using additively secret shared values and nonlinear operations using Yao's Garbled Circuits or the Goldreich-Micali-Wigderson protocol. Chameleon departs from the common assumption of additive or linear secret sharing models where three or more parties need to communicate in the online phase: the framework allows two parties with private inputs to communicate in the online phase under the assumption of a third node generating correlated randomness in an offline phase. Almost all of the heavy cryptographic operations are precomputed in an offline phase which substantially reduces the communication overhead. Chameleon is both scalable and significantly more efficient than the ABY framework (NDSS'15) it is based on. Our framework supports signed fixed-point numbers. In particular, Chameleon's vector dot product of signed fixed-point numbers improves the efficiency of mining and classification of encrypted data for algorithms based upon heavy matrix multiplications. Our evaluation of Chameleon on a 5 layer convolutional deep neural network shows 110x and 3.5x faster executions than Microsoft CryptoNets (ICML'16) and MiniONN (CCS'17), respectively.

The inclusion of ChaCha20 and Poly1305 into the list of supported ciphers in TLS 1.3 necessitates a security evaluation of those ciphers with all the state-of-the-art tools and innovative cryptanalysis methodologies. Mixed Integer Linear Programming (MILP) has been successfully applied to find more accurate characteristics of several ciphers such as SIMON and SPECK. In our research, we use MILP-aided cryptanalysis to search for differential characteristics, linear approximations and integral properties of ChaCha. We are able to find differential trails up to 2 rounds and linear trails up to 1 round. However, no integral distinguisher has been found, even for 1 round.

Public-key solutions based on number theory, including RSA, ECC, and Diffie-Hellman, are subject to various quantum attacks, which makes such solutions less attractive long term. Certain group theoretic constructs, however, show promise in providing quantum-resistant cryptographic primitives because of the infinite, non-cyclic, non-abelian nature of the underlying mathematics. This paper introduces Kayawood Key Agreement protocol (Kayawood, or Kayawood KAP), a new group-theoretic key agreement protocol, that leverages the known NP-Hard shortest word problem (among others) to provide an Elgamal-style, Diffie-Hellman-like method. This paper also (i) discusses the implementation of and behavioral aspects of Kayawood, (ii) introduces new methods to obfuscate braids using Stochastic Rewriting, and (iii) analyzes and demonstrates Kayawood's security and resistance to known quantum attacks.

4-bit Linear Relations play an important role in Cryptanalysis of 4-bit Bijective Crypto S-boxes. 4-bit finite differences also a major part of cryptanalysis of 4-bit substitution boxes. Count of existence of all 4-bit linear relations, for all of 16 input and 16 output 4-bit bit patterns of 4-bit bijective crypto S-boxes said as S-boxes has been reported in Linear Cryptanalysis of 4-bit S-boxes. Count of existing finite differences from each element of output S-boxes to distant output S-boxes have been noted in Differential Cryptanalysis of S-boxes. In this paper a brief review of these cryptanalytic methods for 4-bit S-boxes has been introduced in a very lucid and conceptual manner. Two new Analysis Techniques, one to search for the existing Linear Approximations among the input Boolean Functions (BFs) and output BFs of a particular 4-bit S-Box has also been introduced in this paper. The search is limited to find the existing linear relations or approximations in the contrary to count the number existent linear relations among all 16 4-bit input and output bit patterns within all possible linear approximations. Another is to find number of balanced 4-bit BFs in difference output S-boxes. Better the number of Balanced BFs, Better the security.

We present a practical cryptanalysis of WalnutDSA, a digital signature algorithm trademarked by SecureRF. WalnutDSA uses techniques from permutation groups, matrix groups, and braid groups, and is designed to provide post-quantum security in lightweight IoT device contexts. The attack given in this paper bypasses the E-Multiplication and cloaked conjugacy search problems at the heart of the algorithm and forges signatures for arbitrary messages in approximately two minutes. We also discuss potential countermeasures to the attack.

Secure Systems group in University of Helsinki, Department of Computer Science, seeks Ph.D. students and Post-Docs to research optimisations of functional encryption schemes for hardware based implementations and to develop hardware (FPGA) designs for their efficient computation.

A candidate applying for a Ph.D. student position is expected to have completed a Master degree in computer science, electrical engineering or other relevant fields. Experience in cryptology, cryptographic engineering and/or hardware design are major advantages. Additionally, Post-Docs are expected to have finished their Ph.D. degrees by the beginning of the work contract and to have a good publication record in cryptography and/or hardware cryptographic engineering. Your host will be Dr. Kimmo Järvinen, Senior Researcher in Secure Systems group in Department of Computer Science.

The positions are part of Functional ENcryption TEChnology (FENTEC) which is a project within the Horizon 2020 Research Innovation Action that begins in January 2018 for a duration of 3 years. The project aims to advance the state of art in functional encryption and make the paradigm ready for a wide-spread integration in emerging technologies. The consortium consists of the academic partners Edinburg University, ENS Paris, Flensburg University, Helsinki University and KU Leuven as well as the industrial partners ATOS, Kudelski Group (former Nagravision), WALLIX and XLAB.

Please send your CV with a cover letter. Post-Docs are asked to add two letters of recommendation. The positions are vacant until they are filled.

Closing date for applications: 28 February 2018

Contact: Dr. Kimmo Järvinen (kimmo.u.jarvinen (at) helsinki.fi)

Grenoble Institute of Technology and LIG Laboratory invite applications for a PhD Student position in the area of measurements for cybersecurity and Domain Name System (DNS) abuse.

- Position: PhD Student Grenoble INP

- Contract: fixed-term 36 months

- Start date: ASAP

- Location: Grenoble, Rhône-Alpes, France

- Hosting institution: LIG laboratory, Université Grenoble Alpes, Grenoble Institute of Technology

- Scientific advisors: Maciej Korczynski and Andrzej Duda @LIG/UGA

- Project partners: SIDN (.nl registry) and AFNIC (.fr registry)

- Application deadline: 31/12/2017

Job description

The candidate will join a research project about cybersecurity and domain name abuse. The goal of the project is to develop large-scale Internet measurement and classification methods in the fight against Internet-scale attacks, such as phishing, drive-by-downloads, and spam. The successful candidate will collect and study empirical data, and will work on real-world security problems that will help operators such as domain registries and hosting providers to effectively mitigate security incidents.

Skills & Expertise

The position requires strong competences in programming (Python, C/C++) and excellent written and oral communication skills in English. Research experience in the field of network security and data analytics is considered as a plus.

The candidate must have a master’s degree (or equivalence) in network or information security, computer science, telecommunication engineering or in a related study with excellent results. The candidate must have a high motivation for research, and enjoy working in an international team.

How to Apply

Applicants should send a detailed curriculum vitae along with a letter of application, transcripts for undergraduate and graduate studies to maciej.korczynski (at) univ-grenoble-alpes.fr. Email subject must start with [DNS abuse]. References or letters of recommendation are appreciated.

Closing date for applications: 31 December 2017

Contact: Maciej Korczynski, maciej.korczynski (at) univ-grenoble-alpes.fr

More information: http://drakkar.imag.fr/spip.php?article504

Singapore University of Technology and Design (SUTD) is a young university which was established in collaboration with MIT. iTrust is a Cyber Security Research Center with about 15 multi-discipline faculty members from SUTD. It has the world\'s best facilities in cyber-physical systems (CPS) including testbeds for Secure Water Treatment (SWaT), Water Distribution (WADI), Electric Power and Intelligent Control (EPIC), and IoT. (See more info at https://itrust.sutd.edu.sg/research/testbeds/.)

I am looking for PhD interns with interest in cyber-physical system security (IoT, water, power grid, transportation, and autonomous vehicle etc.), including the topics such as 1) Lightweight and resilient authentication of devices and data in CPS, 2) Advanced SCADA firewall to filter more sophisticated attacking packets in CPS, 3) AI-based threat analytics for detection of attacks to CPS, 4) Securing maritime navigation systems. The attachment will be at least 3 months. Allowance will be provided for local expenses.

Interested candidates please send your CV with a research statement to Prof. Jianying Zhou.

Contact: Prof. Jianying Zhou

Email:  jianying_zhou (at) sutd.edu.sg

Home: http://jianying.space/

Closing date for applications: 31 January 2018

Contact: jianying_zhou (at) sutd.edu.sg

More information: http://jianying.space/

Applications are invited for a PhD position in the field of cryptography at the Department of Information and Communication Technologies at Universitat Pompeu Fabra in Barcelona, Spain, to be co-supervised by Dr. Vanesa Daza and Dr. Carla Ràfols. Research in cryptographic protocols for blockchain technologies, with a special focus on Zero-Knowledge Proofs. The starting date will be around September 2017.

Only outstanding candidates which satisfy international mobility criteria will be considered (i.e. the applicant should not have resided or carried out their main activity in Spain for more than 12 months in the 3 years immediately prior to the recruitment date).

The contract will be for 3 years with a gross salary of €34,800, plus other advantages.

The candidate should hold or be about to receive a master\'s degree by September 2018 in computer science, mathematics or a related area. Specialization in cryptography (demonstrated by a relevant MSc) will be positively evaluated.

Further enquiries about the project and conditions should be sent to cryptophdapplications (at) upf.edu.

Closing date for applications: 15 January 2018

Contact: Carla Ràfols, Universitat Pompeu Fabra

Responsibilities:

• Define security tests for backend, Smartphone & Connectivity

• Develop countermeasures for detected vulnerabilities

• Develop tools to demonstrate the efficiency of the security mechanisms

• Develop and refine the Security and Privacy concept for connected services between vehicle and backend services

• Implementation of novel Security & Privacy mechanisms

Requirements:

• University degree in computer science, electrical engineering or mathematics with a deep focus on security, privacy, cryptology, or similar

• In-­depth Experiences with projects related to cloud security, smartphone security and backend security

• Knowledge of Security Risk Analysis methods (e.g. STRIDE)

• Knowledge of Security Source Code Analysis methods

• Knowledge of Quantum cryptography is preferred

• An application with several years of experience in the field of Automotive Security and Privacy is preferred

• Good & open communication

• Mobility to collaborate creatively in international teams

Closing date for applications: 31 March 2018

More information: http://www.continental-jobs.com/index.php?ac=jobad&id=596247

Recently, Albrecht, Davidson, Larraia, and Pellet-Mary constructed a variant of the GGH13 without ideals and presented the distinguishing attacks in simplified branching program and obfuscation security models. However, it is not clear whether a variant of the CGH annihilation attack can be used to break an IO candidate using this new variant. This paper adaptively extends the CGH attack into the branch program obfuscator based on GGH13 without ideals. To achieve this goal, we introduce approximate eigenvalue of matrix and build a relationship between the determinant and the rank of a matrix with perturbation. Our result shows that the structural vulnerability of GGH13 encodings are beyond the presence of ideal.

Dynamic Searchable Symmetric Encryption (DSSE) allows to delegate search/update operations over encrypted data via an encrypted index. However, DSSE is known to be vulnerable against statistical inference attacks, which exploits information leakages from access patterns on encrypted index and files. Although generic Oblivious Random Access Machine (ORAM) can hide access patterns, it has been shown to be extremely costly to be directly used in DSSE setting.

We developed a series of Oblivious Distributed DSSE schemes that we refer to as \ODSE, which achieve oblivious access on the encrypted index with a high security and improved efficiency over the use of generic ORAM. Specifically, \ODSE schemes are 3-57 $\times$ faster than applying the state-of-the-art generic ORAMs on encrypted dictionary index in real network settings. One of the proposed \ODSE schemes offers desirable security guarantees such as information-theoretic security with robustness against malicious servers. These properties are achieved by exploiting some of the unique characteristics of searchable encryption and encrypted index, which permits us to harness the computation and communication efficiency of multi-server PIR and Write-Only ORAM simultaneously. We fully implemented \ODSE and conducted extensive experiments to assess the performance of our proposed schemes in a real cloud environment.

We present ARM2GC, a novel secure function evaluation framework based on Yao’s Garbled Circuit (GC) protocol and the ARMprocessor. It allows users to develop privacy-preserving applications using high-level programming languages (e.g., C) and compile them using standard ARM compilers (e.g., gcc-arm). In our framework, the underlying Boolean circuit is that of an ARM processor to which the compiled binary of the function is input as a non-private instruction code. The main enabler of this construction is the introduction of SkipGate, an algorithm that omits the communication and encryption cost of a Boolean gate when its output is independent of the private data. SkipGate greatly enhances the performance of ARM2GC by omitting costs of the gates associated with the instructions in the compiled binary, thus making it practical and efficient. Our evaluation on benchmark functions demonstrates thatARM2GC not only outperforms the current GC frameworks that support high-level languages, it also achieves efficiency comparable to the best prior results which were achieved using conventional logic synthesis tools and hardware description language.

We provide new two-round multiparty secure computation (MPC) protocols assuming the minimal assumption that two-round oblivious transfer (OT) exists. If the assumed two-round OT protocol is secure against semi-honest adversaries (in the plain model) then so is our two-round MPC protocol. Similarly, if the assumed two-round OT protocol is secure against malicious adversaries (in the common random/reference string model) then so is our two-round MPC protocol. Previously, two-round MPC protocols were only known under relatively stronger computational assumptions. Finally, we provide several extensions.

Applications are invited for a Post-doctoral research fellow to undertake research into the application of advanced machine learning techniques for use in side channel analysis attacks, in partnership with Cryptography Research and Riscure, as part of the EPSRC-funded DeepSecurity project. This project is a core research project of the £5M UK Research Institute in Secure Hardware and Embedded Systems (RISE).

RISE, under the directorship of Professor Máire O’Neill, is one of four multi-institution UK Research Institutes in Cyber Security funded by NCSC and EPSRC. The vision for RISE is to create a global centre for research and innovation in hardware security with close engagement with leading industry partners and stakeholders. The aim is to bring together the hardware security community in the UK and build a strong network of national and international research partnerships. RISE involves four initial component projects that include DeepSecurity and others from the University of Cambridge, University of Bristol and University of Birmingham. An advisory board involving industry partners has been created to engage with the research and to inform future funding calls around the Institute’s research challenges.

RISE is being hosted by CSIT. In 2012 CSIT was recognised by NCSC as an Academic Centre of Excellence in Cyber Security Research with this recognition renewed in 2017. CSIT has strong links to industry and over 20 industrial partners, large global companies and SMEs, have committed to supporting the centre through the provision of funding and market intelligence.

Applicants must have at least a 2:1 Honours Degree (or equivalent) in Electrical and Electronics Engineering, Computer Science, Mathematics or closely related discipline and a PhD, or expect, within 6 months, to obtain a PhD, in a relevant subject. At least 3 years relevant research experience in side channel analysis and/or FPGA/ASIC/Embedded systems design is essential.

Closing date for applications: 19 December 2017

Contact: Professor Máire O\'Neill at m.oneill (at) ecit.qub.ac.uk

More information: https://hrwebapp.qub.ac.uk/tlive_webrecruitment/wrd/run/ETREC107GF.open?VACANCY_ID=7550368poZ&WVID=6273090Lgx&LANG=USA

Event date: 23 March 2018
Submission deadline: 10 December 2017
Notification: 20 December 2017