International Association
for Cryptologic Research

We invite applications for a Postdoctoral Research Assistant position to join the Cryptography Group at the Mathematical Institute, University of Oxford in association with the Oxford-Emirates Data Science Lab (OEDSL). This is a fixed-term position, funded via the Emirates-Oxford Data Science Lab, which will terminate on 1 January 2021 and is available from 1 February 2018 or as soon as possible thereafter.

Candidates should have a PhD in computer science or a mathematical science related subject, with a strong cryptography/security background and a proven publication record. Candidates with experience in distributed ledger/blockchain technology/financial cryptography (Bitcoin, Ethereum, cryptocurrencies and smart contracts) are encouraged to apply. Experience in privacy enhancing technologies is also desirable.

Closing date for applications: 10 January 2018

Contact: Ali El Kaafarani (ali.elkaafarani (at) maths.ox.ac.uk)

More information: http://www.maths.ox.ac.uk/node/27252

The CSEE department of UMBC is seeking one or two postdocs/scientists to work on either 1) cloud computing, cloud storage, and cloud security, focusing on OpenStack re-design and implementation, and/or 2) ANY distributed systems design and implementation, e.g., blockchains, software-defined networking. The salary will be highly competitive. The title is negotiable.

Our group has a strong background in building permissioned blockchains (BChain, ByzID, CBFT, CPBFT) and building OpenStack systems (Nova, Neutron, Swift, Keystone).

Closing date for applications: 1 April 2018

Contact: Haibin Zhang: hbzhang (at) umbc.edu

More information: https://www.csee.umbc.edu/~hbzhang/

The CSEE/IS department of UMBC is seeking 4 or more PhD to work on security, cryptography (e.g., ORAM), distributed systems, cloud computing (OpenStack), permissioned blockchains (BFT), food safety, SDN, or high-performance computing. The candidates are expected to have a strong programming ability and a strong desire to work with real systems. UMBC is in a nice location nearby many funding agencies and industrial companies.

Our group has a strong background in building permissioned blockchains (BChain, ByzID, CBFT, CPBFT) and building OpenStack systems (Nova, Neutron, Swift, Keystone).

UMBC is ranked 70 in CS/IS according to US News, and places 7th in a new ranking of \"Most Innovative\" national universities. At UMBC, we have 6 HPC, have access to D-Wave 2X quantum, and the NSF CHMPR center which has more than 30 industry and government partners (e.g., IBM, Northrop Grumman, Lexis Nexis, Dwave Systems Inc, Seagate, Collab Med Tech, GE, Morgan Stanley, NIST/ ISL, NSA/Lab for Phys. Sci., NSA/Central Sec. Services, NASA/GSFC, DHS) and a big and energetic cybersecurity center.

CSEE application deadline is 1/1/2018, and IS deadline is 2/1/18. Please let us know if you could not make the deadlines.

Closing date for applications: 1 February 2018

Contact:

Haibin Zhang: hbzhang (at) umbc.edu

Sisi Duan: sduan (at) umbc.edu

The department of CA at Aarhus University has an open position as full professor in Cryptology and Security.

For more information, follow the link below and look for [Professor in Cryptography and Security 950389] in the table.

Closing date for applications: 5 January 2018

Contact: ivan (at) cs.au.dk

More information: http://scitech.au.com/om-science-and-technology/stillinger/videnskabelige-stillinger

The department of CS at Aarhus University has an opening for one or more positions on tenure-track or associate professor level in all areas of computer science, including of course cryptology and security in general.

For more information, follow link below and look for [Assistant Professor (tenure-track) or Associate Professor in Computer Science 934877] in the table.

Closing date for applications: 5 January 2018

Contact: Ivan Damgard, ivan (at) cs.au.dk

More information: http://scitech.au.com/om-science-and-technology/stillinger/videnskabelige-stillinger

L’Institut de Mathématiques de l’Université de Neuchâtel annonce la mise au concours de

Deux postes de maître-assistant(e) à 80%

Entrée en fonction : 1er août 2018

Durée d’engagement: 4 ans

Exigences légales : être titulaire d’un doctorat, depuis au plus 10 ans. (Une expérience post-doctorale, bien que souhaitée, n’est pas exigée).

Cahier des charges :

- enseignement en Bachelor et Master (en moyenne 3 heures/semaine). Non French speakers will be given one year to reach a level sufficient to teach in French.

- encadrement de thèses de Master en Mathématiques

- recherche intégrée dans une des six équipes de recherches de l’Institut : voir les thématiques sur

https://www.unine.ch/math/home/recherche.html

- participation à la vie de l’Institut (organisation de séminaires…)

Le dossier de candidature comprendra : un CV avec liste de publications, et un projet de recherches limité à 5 pages. Les candidatures seront adressées à Prof. Alain Valette, directeur de l’Institut : alain.valette (at) unine.ch . Délai de candidature : 31 décembre 2017. Les candidat(e)s feront également envoyer deux lettres de références à la même adresse, avant le 15 janvier 2018.

Closing date for applications: 31 December 2017

Contact: Alain Valette (institute director) alain.valette (at) unine.ch

More information: https://www.unine.ch/math/

A PhD student position with scholarship is available at the Department of Computer Science, University of York, UK, to work on Secure and Usable Human Verification of Machine-Assisted Cryptography.

The project aims to explore solutions with applications in various domains such as electronic voting systems (e.g. using direct recording electronic (DRE) machines) and end-to-end encrypted instant messaging protocols such as Signal (deployed widely, e.g. in WhatsApp, Facebook Messenger, and Google Allo).

The project is expected to investigate solutions from both the security and usability perspectives, and therefore students with background in at least one, and interest in both areas of cryptography and human-computer interaction, are sought.

Scholarships are available for both UK/EU and non-UK/EU students (under two different schemes) and are decided through a competitive process within the department.

The project will be supervised jointly by Dr. Siamak F. Shahandashti and Prof. Helen Petrie, and will start in October 2018. Deadline for applications is 19 January 2018.

More information about the project, the scholarship schemes, and the application process is available through the link provided below. For any further enquiries please get in touch.

Closing date for applications: 19 January 2018

Contact: Dr. Siamak F. Shahandashti: siamak.shahandashti (at) york.ac.uk

More information: https://www-users.cs.york.ac.uk/~siamak/supervision.html

Applications are invited for a PhD position in the field of cryptography at the Department of Information and Communication Technologies at Universitat Pompeu Fabra in Barcelona, Spain, to be co-supervised by Dr. Vanesa Daza and Dr. Carla Ràfols. The topic of research are cryptographic protocols for blockchain technologies, with a special focus on Zero-Knowledge Proofs. The starting date will be around September 2018.

Only outstanding candidates which satisfy international mobility criteria will be considered (i.e. the applicant should not have resided or carried out their main activity in Spain for more than 12 months in the 3 years immediately prior to the recruitment date).

The contract will be for 3 years with a gross salary of €34,800, plus other advantages.

The candidate should hold or be about to receive a master\'s degree by September 2018 in computer science, mathematics or a related area. Specialization in cryptography (demonstrated by a relevant MSc) will be positively evaluated.

Interested candidates should send a motivation letter, a short CV, the grade transcripts of  undergraduate studies and master (if finished)  and two names of references at cryptophdapplications (at) upf.edu.

Closing date for applications: 15 January 2018

Contact: Carla Ràfols, Universitat Pompeu Fabra.

This paper presents a new hard problem for use in cryptography, called Short Solutions to Nonlinear Equations (SSNE). This problem generalizes the Multivariate Quadratic (MQ) problem by requiring the solution be short; as well as the Short Integer Solutions (SIS) problem by requiring the underlying system of equations be nonlinear. The joint requirement causes common solving strategies such as lattice reduction or Gröbner basis algorithms to fail, and as a result SSNE admits shorter representations of equally hard problems. We show that SSNE can be used as the basis for a provably secure hash function. Despite failing to find public key cryptosystems relying on SSNE, we remain hopeful about that possibility.

Following the emergence of Kim and Barbulescu's new number field sieve (exTNFS) algorithm at CRYPTO'16 [21] for solving discrete logarithm problem (DLP) over the finite field; pairing-based cryptography researchers are intrigued to find new parameters that confirm standard security levels against exTNFS. Recently, Barbulescu and Duquesne have suggested new parameters [3] for well-studied pairing-friendly curves i.e., Barreto-Naehrig (BN) [5], Barreto-Lynn-Scott (BLS-12) [4] and Kachisa-Schaefer-Scott (KSS-16) [19] curves at 128-bit security level (twist and sub-group attack secure). They have also concluded that in the context of Optimal-Ate pairing with their suggested parameters, BLS-12 and KSS-16 curves are more efficient choices than BN curves. Therefore, this paper selects the atypical and less studied pairing-friendly curve in literature, i.e., KSS-16 which offers quartic twist, while BN and BLS-12 curves have sextic twist. In this paper, the authors optimize Miller's algorithm of Optimal-Ate pairing for the KSS-16 curve by deriving efficient sparse multiplication and implement them. Furthermore, this paper concentrates on the Miller's algorithm to experimentally verify Barbulescu et al.'s estimation. The result shows that Miller's algorithm time with the derived pseudo 8-sparse multiplication is most efficient for KSS-16 than other two curves. Therefore, this paper defends Barbulescu and Duquesne's conclusion for 128-bit security.

We address the problem of secure and verifiable delegation of general pairing computation. We first analyze some recently proposed pairing delegation schemes and present several attacks on their security and/or verifiability properties. In particular, we show that none of these achieve the claimed security and verifiability properties simultaneously. We then provide a fully verifiable secure delegation scheme ${\sf VerPair}$ under one-malicious version of a two-untrusted-program model (OMTUP). ${\sf VerPair}$ not only significantly improves the efficiency of all the previous schemes, such as fully verifiable schemes of Chevallier-Mames et al. and Canard {\em et al.} by eliminating the impractical exponentiation- and scalar-multiplication-consuming steps, but also offers for the first time the desired full verifiability property unlike other practical schemes. Furthermore, we give a more efficient and less memory consuming invocation of the subroutine ${\sf Rand}$ for ${\sf VerPair}$ by eliminating the requirement of offline computations of modular exponentiations and scalar-multiplications. In particular, ${\sf Rand}$ includes a fully verifiable partial delegation under the OMTUP assumption. The partial delegation of ${\sf Rand}$ distinguishes ${\sf VerPair}$ as a useful lightweight delegation scheme when the delegator is resource-constrained (e.g. RFID tags, smart cards or sensor nodes).

Time-memory-data tradeoff (TMD-TO) attacks limit the security level of many classical stream ciphers (like $E_0$, A5/1, Trivium, Grain) to $n/2$, where $n$ denotes the inner state length of the underlying keystream generator. This implies that to withstand TMD tradeoff attacks, the state size should be at least double the key size. In 2015, Armknecht and Mikhalev introduced a new line of research, which pursues the goal of reducing the inner state size of lightweight stream ciphers below this boundary by deploying a key-dependent state update function in a Grain-like stream cipher. Although their design Sprout was broken soon after publication, it has raised interest in the design principle, and a number of related ciphers have been suggested since, including Plantlet, a follow-up of Sprout, and the cipher Fruit.

In 2017, Hamann et al. showed that the initial hope of achieving full security against TMD-TO attacks by continuously using the secret key has failed. In particular, they demonstrated that there are generic distinguishing attacks against such ciphers with a complexity significantly smaller than that of exhaustive key search. However, by studying the assumptions underlying the applicability of these attacks, they came up with a new design idea for small-state stream ciphers, which is based on also continuously using the public IV as part of the state update. The authors conjectured that this design principle might allow to finally achieve full security against TMD-TO attacks.

In this note, we take their idea one step further. While Hamann et al. aimed for improving the security of small-state stream ciphers that continuously use the secret key against distinguishing, we explain here that also other stream cipher constructions can benefit from continuously using the IV. In particular, our approach allows for thwarting the well-known TMD-TO inner state recovery attacks of Babbage and Biryukov and Shamir without using the secret key more than once.

Aggarwal, Joux, Prakash and Santha recently introduced a new potentially quantum-safe public-key cryptosystem, and suggested that a brute-force attack is essentially optimal against it. They consider but then dismiss both Meet-in-the-Middle attacks and LLL-based attacks. Very soon after their paper appeared, Beunardeau et al.\ proposed a practical LLL-based technique that seemed to significantly reduce the security of the AJPS system. In this paper we do two things. First, we show that a Meet-in-the-Middle attack can also be made to work against the AJPS system, using locality-sensitive hashing to overcome the difficulty that Aggarwal et al.\ saw for such attacks. We also present a quantum version of this attack. Second, we give a more precise analysis of the attack of Beunardeau et al., confirming and refining their results.

Logic encryption is a hardware security technique that uses extra key inputs to prevent unauthorized use of a circuit. With the discovery of the SAT-based attack, new encryption techniques such as SARLock and Anti-SAT are proposed, and further combined with traditional logic encryption techniques, to guarantee both high error rates and resilience to the SAT-based attack. In this paper, the SAT-based bit-flipping attack is presented. It first separates the two groups of keys via SAT-based bit-flippings, and then attacks the traditional encryption and the SAT-resilient encryption, by conventional SAT-based attack and by-passing attack, respectively. The experimental results show that the bit-flipping attack successfully returns a circuit with the correct functionality and significantly reduces the executing time compared with other advanced attacks.

A range of zero-permission sensors are found in modern smartphones to enhance user experience. These sensors can lead to unintentional leakage of user private data. In this paper, we combine leakage from a pool of zero-permission sensors, to reconstruct user's secret PIN. By harvesting the power of machine learning algorithms, we show a practical attack on the full four-digit PIN space. Able to classify all 10,000 PIN combinations, results show up to 83.7\% success within 20 tries in a single user setting. Latest previous work demonstrated 74\% success on a reduced space of 50 chosen PINs, where we report 99.5\% success with a single try in a similar setting. Moreover, we extend the PIN recovery attack from a single user to a cross-user scenario. Firstly, we show that by training on several users, the PIN recovery success can be boosted, when a target user is part of the training pool. On the other hand, PIN recovery is still possible when training pool is mutually exclusive to the target user, albeit with low success rate.

The cryptography group (more precisely, the group of cryptographic protocols, led by Helger Lipmaa) at the Institute of Computer Science of the University of Tartu seeks a research fellow in cryptography. The position will be permanent, but initially, the salary is guaranteed for five years (up to the end of the year 2022). The person, once hired, will be expected to help the group leader to apply for additional grants. The teaching load will be minimal. In the case of an excellent candidate, an early promotion is possible.

The successful candidate must have a Ph.D. and a strong track record in cryptography, but there are no other formal requirements. The salary will depend on the experience and strength of the applicant. We expect research experience in cryptographic protocol design (including but not only zero knowledge, e-voting, privacy-preserving data mining and machine learning, blockchain, secure computation). Interests in various codes used in cryptographic contexts (e.g., non-malleable, locally decodable, locally recoverable, locally testable, batch, PIR, or just error-correction codes) are appreciated.

The group of Lipmaa currently hires 5 more researchers, and more people will be hired in the near future. The department also has a quantum cryptography group (led by Dominique Unruh).

For any inquiries or to apply for the position, submit a full research curriculum vitae (cv), names of two references, and a research statement to Prof Helger Lipmaa starting your email subject line with [Research fellow].

The call for expressions of interest will remain open end of January, but we encourage to contact us before January 15.

Closing date for applications: 26 January 2018

Contact: Helger Lipmaa, lead research fellow, helger.lipmaa (at) ut.ee

More information: https://crypto.cs.ut.ee/index.php/Main/2018researcher

Temasek Laboratories at National University of Singapore, Singapore is seeking highly motivated professionals in conducting research in the area of post-quantum cryptography.

Applicants are expected to have a PhD degree in Mathematics/Computer Science and a strong background in algebra and number theory in Bachelor degree or higher degree courses.

A preferred candidate is expected to be proficient in Magma or SAGE package, a team worker and able to conduct independent research.

Interested candidates kindly email their CV to Dr Chik How Tan tsltch (at) nus.edu.sg.

Closing date for applications: 28 February 2018

Contact: Dr Tan Chik How tsltch (at) nus.edu.sg

We are looking for hardworking and self-driven PhD students to work in the areas of applied cryptography beginning from Fall 2018. OSU offers a competitive salary with an excellent working environment, all within a close proximity of high-tech industry and natural beauties of Oregon. Portland area (closeby) is known as Silicon Forest, and harbors major tech and research companies (e.g., Intel, HP, Galois, Siemens, Google, etc.). The qualified candidate will have opportunities for research internship and joint-projects with lead-industrial companies. Potential topics include:

Trustworthy Unmanned Aerial Systems

• New cryptographic frameworks to protect aerial drones

• Cryptographic policy enforcement for lawful interception via trusted execution environments and OS security mechanisms

Trustworthy Machine Learning (TML)

• Privacy-Preserving Machine Learning

• Harnessing trusted-hardware and hardware-acceleration for TML

Breach-Resilient Cyber-Infrastructures:

• New searchable encryption and Oblivious RAM schemes

• Augmentation of privacy enhancing technologies with trusted execution environments

Secure and Reliable Internet of Things and Systems (IoTs)

• Post-Quantum public key infrastructure for IoT

• Light-weight cryptography for medical devices

The candidate should fulfill the following requirements:

• A BS degree in computer science, electrical engineering or mathematics with a high-GPA.

• Very good programming skills (e.g., C, C++), familiarity with OS/Systems.

• Good Academic Writing and Presentation Skills.

• MS degree in computer science, electrical engineering or mathematics is a big plus. Publications in security and privacy are highly desirable.

Please send (by e-mail) the following documents: (i) Transcripts, (ii) Curriculum vitae , (iii) Three reference letters, (iv) Research statement, (v) GRE and TOEFL/IELTS scores

Please see:

http://web.engr.oregonstate.edu/~yavuza/

Closing date for applications: 15 January 2018

Contact: Dr. Attila A. Yavuz

attila.yavuz (at) oregonstate.edu

SYmmetric and Lightweight cryptography Lab (SYLLAB) at Nanyang Technological University (NTU), Singapore, is seeking highly motivated candidates for 2 research fellow positions (from fresh post-docs to senior research fellows) in the areas of symmetric key cryptography and machine learning. The research team will be supported by a Temasek Laboratories funding from Singapore. Salaries are competitive and are determined according to the successful applicants accomplishments, experience and qualifications. Interested applicants should send their detailed CVs, cover letter and references to Prof. Thomas Peyrin (thomas.peyrin (at) ntu.edu.sg).

Candidates are expected to have a strong backgroung in symmetric-key cryptography and/or machine learning, with good experience in programming with C/C++ and/or Python.

Review of applications starts immediately and will continue until positions are filled (ideally, the positions would start early 2018).

Closing date for applications: 31 March 2018

Contact: Thomas Peyrin - thomas.peyrin (at) ntu.edu.sg

SYmmetric and Lightweight cryptography Lab (SYLLAB) at Nanyang Technological University (NTU), Singapore, is seeking highly motivated candidates for 2 Ph.D. student positions in the areas of symmetric key cryptography and machine learning. Interested applicants should send their detailed CVs, cover letter and references to Prof. Thomas Peyrin (thomas.peyrin (at) ntu.edu.sg) preferably as soon as possible and before end of March 2018 (the 4-year PhD scholarships are to start in August 2018).

Candidates are expected to have a strong backgroung in computer science and mathematics, with some experience in programming with C/C++ and/or Python. Experience with machine learning software libraries is a plus.

More information about graduate admissions at NTU can be found here: http://admissions.ntu.edu.sg/graduate/Pages/home.aspx

Closing date for applications: 31 March 2018

Contact: Thomas Peyrin - thomas.peyrin (at) ntu.edu.sg