IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
01 December 2017
Fabien Coelho, Arnaud Larroche, Baptiste Colin
30 November 2017
Sanjay Bhattacherjee, Palash Sarkar
Jakub Breier, Dirmanto Jap, Shivam Bhasin
Megha Byali, Arpita Patra, Divya Ravi, Pratik Sarkar
$Adaptively-Secure$ $Oblivious$ $Transfer.$ We present the first $round$ $optimal$ adaptively-secure OT based on the 2-round static OT protocol of $Peikert$ et al. (Crypto 2008). Our protocol is in the programmable random oracle (PRO) model. It incurs a minimal communication overhead of one $\kappa$ bit string and computational overhead of 5 random oracle queries over its static counterpart, where $\kappa$ is the security parameter. Additionally, we present a construction of adaptively-secure 1-out-of-$N$ OT by extending the result of $Naor$ et al. (Journal of Cryptology 2005) that transforms $\log N$ copies of 1-out-of-2 OTs to one 1-out-of-$N$ OT. Based on PRO assumption, we prove that the transformation is adaptively-secure at the expense of $\mathcal{O}(\log N)$ exponentiations whereas, the existing state-of-the-art protocols for adaptively-secure 1-out-of-$N$ OT incur at least $\mathcal{O}(N)$ exponentiations. Interestingly, it can be established that our transformation continues to be adaptively-secure, despite replacing the adaptively-secure 1-out-of-2 OTs in the above result with statically-secure OTs, that support equivocation of receiver's view irrespective of equivocation of sender's view.
$Adaptively-Secure$ $Commitment$ $Scheme.$ We provide a $round$ $optimal$ non-interactive commitment scheme (NICOM) based on the observable random oracle (ORO) assumption in the CRS model. Our construction incurs communication of 4$\kappa$ bit strings and computation of 4 exponentiations and 2 random oracle queries for committing to an arbitrary length message. Additionally, we present a statically-secure scheme for one-time generation of CRS that can be reused for multiple commitments. This eliminates the need of a trusted CRS setup for the commitment scheme, thereby reducing the assumptions solely to ORO. The static version of our NICOM finds applications in secure two-party computation (2PC) protocols that adopt offline-online paradigm, where the CRS can be generated in the offline phase.
M. Sadegh Riazi, Christian Weinert, Oleksandr Tkachenko, Ebrahim M. Songhori, Thomas Schneider, Farinaz Koushanfar
Najwa Aaraj, Florian Caullery, Marc Manzano
Iris Anshel, Derek Atkins, Dorian Goldfeld, Paul E Gunnells
Sankhanil Dey, Ranjan Ghosh
Daniel Hart, DoHoon Kim, Giacomo Micheli, Guillermo Pascual Perez, Christophe Petit, Yuxuan Quek
University of Helsinki, Finland
Secure Systems group in University of Helsinki, Department of Computer Science, seeks Ph.D. students and Post-Docs to research optimisations of functional encryption schemes for hardware based implementations and to develop hardware (FPGA) designs for their efficient computation.
A candidate applying for a Ph.D. student position is expected to have completed a Master degree in computer science, electrical engineering or other relevant fields. Experience in cryptology, cryptographic engineering and/or hardware design are major advantages. Additionally, Post-Docs are expected to have finished their Ph.D. degrees by the beginning of the work contract and to have a good publication record in cryptography and/or hardware cryptographic engineering. Your host will be Dr. Kimmo Järvinen, Senior Researcher in Secure Systems group in Department of Computer Science.
The positions are part of Functional ENcryption TEChnology (FENTEC) which is a project within the Horizon 2020 Research Innovation Action that begins in January 2018 for a duration of 3 years. The project aims to advance the state of art in functional encryption and make the paradigm ready for a wide-spread integration in emerging technologies. The consortium consists of the academic partners Edinburg University, ENS Paris, Flensburg University, Helsinki University and KU Leuven as well as the industrial partners ATOS, Kudelski Group (former Nagravision), WALLIX and XLAB.
Please send your CV with a cover letter. Post-Docs are asked to add two letters of recommendation. The positions are vacant until they are filled.
Closing date for applications: 28 February 2018
Contact: Dr. Kimmo Järvinen (kimmo.u.jarvinen (at) helsinki.fi)
Grenoble Institute of Technology, LIG Laboratory
- Position: PhD Student Grenoble INP
- Contract: fixed-term 36 months
- Start date: ASAP
- Location: Grenoble, Rhône-Alpes, France
- Hosting institution: LIG laboratory, Université Grenoble Alpes, Grenoble Institute of Technology
- Scientific advisors: Maciej Korczynski and Andrzej Duda @LIG/UGA
- Project partners: SIDN (.nl registry) and AFNIC (.fr registry)
- Application deadline: 31/12/2017
Job description
The candidate will join a research project about cybersecurity and domain name abuse. The goal of the project is to develop large-scale Internet measurement and classification methods in the fight against Internet-scale attacks, such as phishing, drive-by-downloads, and spam. The successful candidate will collect and study empirical data, and will work on real-world security problems that will help operators such as domain registries and hosting providers to effectively mitigate security incidents.
Skills & Expertise
The position requires strong competences in programming (Python, C/C++) and excellent written and oral communication skills in English. Research experience in the field of network security and data analytics is considered as a plus.
The candidate must have a master’s degree (or equivalence) in network or information security, computer science, telecommunication engineering or in a related study with excellent results. The candidate must have a high motivation for research, and enjoy working in an international team.
How to Apply
Applicants should send a detailed curriculum vitae along with a letter of application, transcripts for undergraduate and graduate studies to maciej.korczynski (at) univ-grenoble-alpes.fr. Email subject must start with [DNS abuse]. References or letters of recommendation are appreciated.
Closing date for applications: 31 December 2017
Contact: Maciej Korczynski, maciej.korczynski (at) univ-grenoble-alpes.fr
More information: http://drakkar.imag.fr/spip.php?article504
Singapore University of Technology and Design (SUTD)
I am looking for PhD interns with interest in cyber-physical system security (IoT, water, power grid, transportation, and autonomous vehicle etc.), including the topics such as 1) Lightweight and resilient authentication of devices and data in CPS, 2) Advanced SCADA firewall to filter more sophisticated attacking packets in CPS, 3) AI-based threat analytics for detection of attacks to CPS, 4) Securing maritime navigation systems. The attachment will be at least 3 months. Allowance will be provided for local expenses.
Interested candidates please send your CV with a research statement to Prof. Jianying Zhou.
Contact: Prof. Jianying Zhou
Email: jianying_zhou (at) sutd.edu.sg
Home: http://jianying.space/
Closing date for applications: 31 January 2018
Contact: jianying_zhou (at) sutd.edu.sg
More information: http://jianying.space/
Universitat Pompeu Fabra, Barcelona, Spain
Only outstanding candidates which satisfy international mobility criteria will be considered (i.e. the applicant should not have resided or carried out their main activity in Spain for more than 12 months in the 3 years immediately prior to the recruitment date).
The contract will be for 3 years with a gross salary of €34,800, plus other advantages.
The candidate should hold or be about to receive a master\'s degree by September 2018 in computer science, mathematics or a related area. Specialization in cryptography (demonstrated by a relevant MSc) will be positively evaluated.
Further enquiries about the project and conditions should be sent to cryptophdapplications (at) upf.edu.
Closing date for applications: 15 January 2018
Contact: Carla Ràfols, Universitat Pompeu Fabra
Continental Automotive Singapore
• Define security tests for backend, Smartphone & Connectivity
• Develop countermeasures for detected vulnerabilities
• Develop tools to demonstrate the efficiency of the security mechanisms
• Develop and refine the Security and Privacy concept for connected services between vehicle and backend services
• Implementation of novel Security & Privacy mechanisms
Requirements:
• University degree in computer science, electrical engineering or mathematics with a deep focus on security, privacy, cryptology, or similar
• In-depth Experiences with projects related to cloud security, smartphone security and backend security
• Knowledge of Security Risk Analysis methods (e.g. STRIDE)
• Knowledge of Security Source Code Analysis methods
• Knowledge of Quantum cryptography is preferred
• An application with several years of experience in the field of Automotive Security and Privacy is preferred
• Good & open communication
• Mobility to collaborate creatively in international teams
Closing date for applications: 31 March 2018
More information: http://www.continental-jobs.com/index.php?ac=jobad&id=596247
29 November 2017
Gu Chunsheng
Thang Hoang, Attila A. Yavuz, Betul F. Durak, Jorge Guajardo
We developed a series of Oblivious Distributed DSSE schemes that we refer to as \ODSE, which achieve oblivious access on the encrypted index with a high security and improved efficiency over the use of generic ORAM. Specifically, \ODSE schemes are 3-57 $\times$ faster than applying the state-of-the-art generic ORAMs on encrypted dictionary index in real network settings. One of the proposed \ODSE schemes offers desirable security guarantees such as information-theoretic security with robustness against malicious servers. These properties are achieved by exploiting some of the unique characteristics of searchable encryption and encrypted index, which permits us to harness the computation and communication efficiency of multi-server PIR and Write-Only ORAM simultaneously. We fully implemented \ODSE and conducted extensive experiments to assess the performance of our proposed schemes in a real cloud environment.
Ebrahim M. Songhori, M. Sadegh Riazi, Siam U. Hussain, Ahmad-Reza Sadeghi, Farinaz Koushanfar
Sanjam Garg, Akshayaram Srinivasan
28 November 2017
Centre for Secure Information Technologies (CSIT), Queen's University Belfast
RISE, under the directorship of Professor Máire O’Neill, is one of four multi-institution UK Research Institutes in Cyber Security funded by NCSC and EPSRC. The vision for RISE is to create a global centre for research and innovation in hardware security with close engagement with leading industry partners and stakeholders. The aim is to bring together the hardware security community in the UK and build a strong network of national and international research partnerships. RISE involves four initial component projects that include DeepSecurity and others from the University of Cambridge, University of Bristol and University of Birmingham. An advisory board involving industry partners has been created to engage with the research and to inform future funding calls around the Institute’s research challenges.
RISE is being hosted by CSIT. In 2012 CSIT was recognised by NCSC as an Academic Centre of Excellence in Cyber Security Research with this recognition renewed in 2017. CSIT has strong links to industry and over 20 industrial partners, large global companies and SMEs, have committed to supporting the centre through the provision of funding and market intelligence.
Applicants must have at least a 2:1 Honours Degree (or equivalent) in Electrical and Electronics Engineering, Computer Science, Mathematics or closely related discipline and a PhD, or expect, within 6 months, to obtain a PhD, in a relevant subject. At least 3 years relevant research experience in side channel analysis and/or FPGA/ASIC/Embedded systems design is essential.
Closing date for applications: 19 December 2017
Contact: Professor Máire O\'Neill at m.oneill (at) ecit.qub.ac.uk
More information: https://hrwebapp.qub.ac.uk/tlive_webrecruitment/wrd/run/ETREC107GF.open?VACANCY_ID=7550368poZ&WVID=6273090Lgx&LANG=USA
Dresden, Germany, 23 March 2018
Submission deadline: 10 December 2017
Notification: 20 December 2017