International Association
for Cryptologic Research

The purpose of the work is to estimate the resistance of lightweight block ciphers Speck, Simon, Simeck, HIGHT, LEA to a distinguishing attack. (This attack is a form of cryptanalysis on data encrypted by a cipher that allows an attacker to distinguish the encrypted data from random data.) Modern lightweight block ciphers must be designed to be immune to such an attack. It turned out that Speck, Simon, HIGHT and LEA showed a sufficient resistance to the distinguishing attack, but Simeck with 48-bit block size and 96-bit key size was not immune to this attack.

Event date: 5 April to 6 April 2018
Submission deadline: 15 February 2018

Human dignity demands that personal information, like medical and forensic data, be hidden from the public. But veils of secrecy designed to preserve privacy may also be abused to cover up lies and deceit by parties entrusted with Data, unjustly harming citizens and eroding trust in central institutions.

Zero knowledge (ZK) proof systems are an ingenious cryptographic solution to the tension between the ideals of personal privacy and institutional integrity, enforcing the latter in a way that does not compromise the former. Public trust demands transparency from ZK systems, meaning they be set up with no reliance on any trusted party, and have no trapdoors that could be exploited by powerful parties to bear false witness. For ZK systems to be used with Big Data, it is imperative that the public verification process scale sublinearly in data size. Transparent ZK proofs that can be verified exponentially faster than data size were first described in the 1990s but early constructions were impractical, and no ZK system realized thus far in code (including that used by crypto-currencies like Zcash) has achieved both transparency and exponential verification speedup, simultaneously, for general computations.

Here we report the first realization of a transparent ZK system (ZK-STARK) in which verification scales exponentially faster than database size, and moreover, this exponential speedup in verification is observed concretely for meaningful and sequential computations, described next. Our system uses several recent advances on interactive oracle proofs (IOP), such as a “fast” (linear time) IOP system for error correcting codes.

Our proof-of-concept system allows the Police to prove to the public that the DNA profile of a Presidential Candidate does not appear in the forensic DNA profile database maintained by the Police. The proof, which is generated by the Police, relies on no external trusted party, and reveals no further information about the contents of the database, nor about the candidate’s profile; in particular, no DNA information is disclosed to any party outside the Police. The proof is shorter than the size of the DNA database, and verified faster than the time needed to examine that database naively.

The work of Bootle et al. (EUROCRYPT 2016) constructs an extremely efficient zero-knowledge argument for arithmetic circuit satisfiability in the discrete logarithm setting. However, the argument does not treat relations involving commitments, and furthermore, for simple polynomial relations, the complex machinery employed is unnecessary.

In this work, we give a framework for expressing simple relations between commitments and field elements, and present a zero-knowledge argument which is considerably more efficient than Bootle et al. in the case where the polynomials in the relation have low degree. Our method also directly yields a batch protocol, which allows many copies of the same relation to be more efficiently proved and verified in a single argument.

We instantiate our protocol with concrete polynomial relations to construct zero-knowledge arguments for membership proofs, polynomial evaluation proofs, and range proofs. Our work can be seen as a unified explanation of the underlying ideas of these protocols. In some of these instantiations we also achieve better efficiency than the state of the art.

The hardness of the shortest vector problem for lattices is a fundamental assumption underpinning the security of many lattice-based cryptosystems, and therefore, it is important to evaluate its difficulty. Here, recent advances in studying the hardness of problems in large-scale lattice computing have pointed to need to study the design and methodology for exploiting the performance of massive parallel computing environments. In this paper, we propose a lattice basis reduction algorithm suitable for massive parallelization. Our parallelization strategy is an extension of the Fukase-Kashiwabara algorithm~(J. Information Processing, Vol. 23, No. 1, 2015). In our algorithm, given a lattice basis as input, variants of the lattice basis are generated, and then each process reduces its lattice basis; at this time, the processes cooperate and share auxiliary information with each other to accelerate lattice basis reduction. In addition, we propose a new strategy based on our evaluation function of a lattice basis in order to decrease the sum of squared lengths of orthogonal basis vectors. We applied our algorithm to problem instances from the SVP Challenge. We solved a 150-dimension problem instance in about 394 days by using large clusters, and we also solved problem instances of dimensions 134, 138, 140, 142, 144, 146, and 148. Since the previous world record is the problem of dimension 132, these results demonstrate the effectiveness of our proposal.

Zero-knowledge (ZK) protocols are undoubtedly among the central primitives in cryptography, lending their power to numerous applications such as secure computation, voting, auctions, and anonymous credentials to name a few. The study of efficient ZK protocols for non-algebraic statements has seen rapid progress in recent times, relying on the techniques from secure computation. The primary contribution of this work lies in constructing efficient UC-secure constant round ZK protocols from garbled circuits that are secure against $adaptive$ corruptions, with communication linear in the size of the statement. We begin by showing that the practically efficient ZK protocol of Jawurek et al. (CCS 2013) is adaptively secure when the underlying oblivious transfer (OT) satisfies a mild adaptive security guarantee. We gain adaptive security with little to no overhead over the static case. A conditional verification technique is then used to obtain a three-round adaptively secure zero-knowledge argument in the non-programmable random oracle model (NPROM).

We draw motivation from state-of-the-art non-interactive secure computation protocols and leveraging specifics of ZK functionality show a two-round protocol that achieves static security. It is a proof, while most known efficient ZK protocols and our three round protocol are only arguments.

Structure Preserving Signatures (SPS) allow the signatures and the messages signed to be further encrypted while retaining the ability to be proven valid under zero-knowledge. In particular, SPS are tailored to have structure suitable for Groth-Sahai NIZK proofs. More precisely, the messages, signatures, and verification keys are required to be elements of groups that support efficient bilinear-pairings (bilinear groups), and the signature verification consists of just evaluating one or more bilinear-pairing product equations. Since Groth-Sahai NIZK proofs can (with zero-knowledge) prove the validity of such pairing product equations, it leads to interesting applications such as blind signatures, group signatures, traceable signatures, group encryption, and delegatable credential systems.

In this paper, we further improve on the SPS scheme of Abe, Hofheinz, Nishimaki, Ohkubo and Pan (CRYPTO 2017) while maintaining only an $O(\lambda)$-factor security reduction loss to the SXDH assumption. In particular, we compress the size of the signatures by almost 40%, and reduce the number of pairing-product equations in the verifier from fifteen to seven. Recall that structure preserving signatures are used in applications by encrypting the messages and/or the signatures, and hence these optimizations are further amplified as proving pairing-product equations in Groth-Sahai NIZK system is not frugal. While our scheme uses an important novel technique introduced by Hofheinz (EuroCrypt 2017), i.e., structure-preserving adaptive partitioning, our approach to building the signature scheme is different and this leads to the optimizations mentioned. Thus we make progress towards an open problem stated by Abe et al (CRYPTO 2017) to design more compact SPS-es with smaller number of group elements.

Whenever you communicate with someone electronically there are intermediaries that process and carry your communication, helping it reliably get to the intended destination, or storing it until the recipient goes online to collect it. We hope that these intermediaries behave properly, but sometimes they get hacked, or the people running them act maliciously, and your communications can then be tampered with and eavesdropped, with potentially severe consequences.

End-to-end encryption is designed to protect against such threats and has been available for decades, but it’s still rarely used because it interferes with modern ways of working. For example, if the company that provides your email service can’t read it, you can’t search it without downloading it all; with collaboration applications, like Google Docs or chat applications, current end-to-end encryption approaches won\'t even work. Even if data is encrypted end-to-end, analysis of the meta-data can still violate privacy, for example disclosing who is working with whom. Anonymous communication systems like Tor can help protect meta-data but the delay that the most secure systems (e.g. Loopix) introduce would prevent standard collaboration technologies from working properly.

This project will develop techniques to build collaboration applications that are end-to-end secure, and protect privacy. We will quantify how secure and effective they are, working with investigative journalists who need high levels of security in their collaboration applications.

Funding is available for a 4-year PhD studentship working on this project, providing a standard stipend and fees (at UK/EU rate). The project will be supervised by Dr Steven Murdoch and will start in October 2018 (unless agreed otherwise).

Closing date for applications: 27 April 2018

Contact: Steven Murdoch (s.murdoch (at) ucl.ac.uk)

More information: http://www.cs.ucl.ac.uk/prospective_students/phd_programme/funded_scholarships/#c31028

Ph.D. student positions are available starting Fall 2018 (all documents submitted soon) to work on different aspects of Cryptographic Engineering in the CSE department at USF.

USF is an R1 university and among the leading institutions in Florida. We are looking for motivated, talented, and hardworking applicants who have background and are interested in working on different aspects of Cryptographic Engineering with emphasis on:

- Cryptographic hardware systems

- Side-channel attacks, particularly fault and power analysis attacks

The required expertise includes:

- Masters (or Bachelors with outstanding background) in Computer Engineering or Electrical Engineering

- Solid background in digital design, VLSI, computer arithmetic, and ASIC/FPGA implementations

- Solid HDL expertise

- Outstanding English (if English tests are taken) to be eligible for department funding

- Motivation to work beyond the expectations from an average Ph.D. student and publish in top tier venues

Please closely observe the admission requirement details here before emailing:

http://www.usf.edu/engineering/cse/graduate/phd-program.aspx

Please send me your updated CV (including list of publications, language test marks, and references), transcripts for B.Sc. (and/or M.Sc.), and a statement of interest at mehran2 (at) usf.edu as soon as possible.

NOTE: At this time, I consider only the applicants who have already taken TOEFL/IELTS and GRE exams with excellent marks. The successful candidate will be asked to apply formally very soon to the USF CSE department, so all the material has to be ready.

Mehran Mozaffari-Kermani

Assistant Professor, CSE @ USF

College of Engineering

University of South Florida

Tampa, FL 33620

Website: http://www.csee.usf.edu/~mehran2/

Contact: Mehran Mozaffari-Kermani

Closing Date for Applications: 2018-02-01

Closing date for applications: 15 February 2018

University College Cork (UCC) and the China Scholarship Council (CSC) have an agreement to jointly fund a number of PhD scholarships. The scholarship will support Chinese students willing to undertake a PhD in UCC for up to 4 years, including payment of registration and tuition fees, a monthly living allowance and a return ticket.

The Department of Computer Science in UCC is particularly interested in hosting PhD students in the areas of cryptography, privacy, and security. Topics of particular interest are cryptographic protocols, privacy-enhancing technologies, and location privacy, but all proposals relevant to security will be considered. Interested candidates are encouraged to contact Dr. Paolo Palmieri (e-mail address below) to discuss a potential application.

University College Cork (UCC) is an internationally competitive, research-led institution. Cork, Ireland\'s second-largest city, is a thriving, international hub for technological innovation, hosting companies such as Apple, Amazon, EMC, IBM and McAfee.

Please note that, due to eligibility requirements, this opportunity is restricted to Chinese nationals.

Closing date for applications: 31 January 2018

Contact: Dr. Paolo Palmieri, Lecturer in Cyber Security, UCC

E-mail: p.palmieri (at) cs.ucc.ie

Motivated by the history of randomness failures in practical systems, Paterson, Schuldt, and Sibborn (PKC 2014) introduced the notion of related randomness security for public key encryption. In this paper, we firstly show an inherent limitation of this notion: if the family of related randomness functions is sufficiently rich to express the encryption function of the considered scheme, then security cannot be achieved. This suggests that achieving security for function families capable of expressing more complex operations, such as those used in random number generation, might be difficult. The current constructions of related randomness secure encryption in the standard model furthermore reflect this; full security is only achieved for function families with a convenient algebraic structure. We additionally revisit the seemingly optimal random oracle model construction by Paterson et al. and highlight its limitations.

To overcome this difficulty, we propose a new notion which we denote related refreshable randomness security. This notion captures a scenario in which an adversary has limited time to attack a system before new entropy is added. More specifically, the number of encryption queries with related randomness the adversary can make before the randomness is refreshed, is bounded, but the adversary is allowed to make an unbounded total number of queries. Furthermore, the adversary is allowed to influence how entropy is added to the system. In this setting, we construct an encryption scheme which remains secure in the standard model for arbitrary function families of size $2^p$ (where $p$ is polynomial in the security parameter) that satisfy certain collision-resistant and output-unpredictability properties. This captures a rich class of functions, which includes, as a special case, circuits of polynomial size. Our scheme makes use of a new construction of a (bounded) related-key attack secure pseudorandom function, which in turn is based on a new flavor of the leftover hash lemma. These technical results might be of independent interest.

The standard acceptance policy for a cryptocurrency transaction at most exchanges is to wait until the transaction is placed in the blockchain and followed by a certain number of blocks. However, as noted by Sompolinsky and Zohar, the amount of time for blocks to arrive should also be taken into account as it affects the probability of double spending. Specifically, they propose a dynamic policy for transaction acceptance that depends on both the number of confirmations and the amount of time since transaction broadcast.

In this work we study the implications of using such a policy compared with the standard option that ignores block timing information. Using an exact expression for the probability of double spend, via numerical results, we analyze time to transaction acceptance (performance) as well as the time and cost to perform a double spend attack (security). We show that while expected time required for transaction acceptance is improved using a dynamic policy, the time and cost to perform a double spend attack for a particular transaction is reduced.

Constant-time polynomial multiplication is one of the most time-consuming operations in many lattice-based cryptographic constructions. For schemes based on the hardness of Ring-LWE in power-of-two cyclotomic fields with completely splitting primes, the AVX2 optimized implementation of the Number-Theoretic Transform (NTT) from the NewHope key-exchange scheme is the state of the art for fast multiplication. It uses floating point vector instructions. We show that by using a modification of the Montgomery reduction algorithm that enables a fast approach with integer instructions, we can improve on the polynomial multiplication speeds of NewHope and Kyber by a factor of $4.2$ and $6.3$ on Skylake, respectively.

Event date: 4 June 2018
Submission deadline: 31 January 2018
Notification: 1 March 2018

The NUS-Singtel Cyber Security Corporate Lab (http://nus-singtel.nus.edu.sg/) is hiring a Research Assistant. The candidate should be passionate about applied research and development of cutting-edge security technologies. With a strong desire to work on problems with real-world impact and commercial value, the candidate is expected to conduct high-quality applied research by working closely with a team of security domain experts.

Duties & Responsibilities:

- Evaluation of current-state-of-the-art security products and technologies

- Formulate security research problems based on real-world requirements and industry needs

- Assist and support the NUS-Singtel Corp Lab R&D team in conducting high-quality applied research and development of innovative solutions that results in new intellectual properties

- Design, develop and test research prototypes

Requirements:

- M.Sc/B.Sc in Computer Science, Computer Engineering, Electrical Engineering, or related field, preferably with at least 1-2 years of experience in security research and development

- Strong interest and familiar with one or more of the following areas: data encryption, data privacy protection, cloud security, key management, applied cryptography

- Strong software development skills in Java, C/C++, Python

- Excellent written and verbal communications skills

- Highly motivated, independent and resourceful team player

- Strong analytical thinking, interpersonal and problem solving skills

Closing date for applications: 1 May 2018

Contact: Dr Xu Jia (comxj (at) nus.edu.sg)

The mathematics department of USF invites applications to its PhD program in mathematics. Students who plan to specialize in cryptology are particularly encouraged to apply.

Topics of interest are:

• Computational number theory
• Lattice and ring-based cryptosystems
• Isogeny-based cryptosystems
• Quantum cryptanalysis
• Fully homomorphic encryption
• Crytocurrencies

Information on how to apply can be found here: http://math.usf.edu/grad/apply/

Important remark: for full consideration, both domestic and international applicants should submit their application by February 15th 2018.

Successful candidates will be supervised by Dr. Jean-François Biasse. Contact usf.crypto.phd.2018 (at) gmail.com prior to sending the application to assess eligibility (provide a CV and a brief description of your research interests).

Closing date for applications: 1 June 2018

More information: http://math.usf.edu/grad/apply/

As part of our continued strategy for growth, the Department of Computer Science is seeking to appoint one Professor and one Senior Lecturer/Reader with expertise in the field of cybersecurity.

The Department has a large secure systems research group, led by Professor Steve Schneider, with expertise in security by design, authentication, verification, distributed ledger technologies, trusted systems and cloud security.

Candidates will demonstrate an excellent research record in cybersecurity. Suitable areas of expertise that complement current strengths of the group include (but are not limited to): anti-malware security, adversarial machine learning, risk management and threat modelling, trusted systems, verification, and distributed systems.

The University and the Department specifically are committed to building a culturally diverse organisation and strongly encourages applications from female, minority candidates and industry experts.

Interested candidates may find details of these (and other) posts at: http://jobs.surrey.ac.uk/106517 and http://jobs.surrey.ac.uk/106617

For an informal discussion about the position, please contact the Head of Department of Computer Science, Dr Helen Treharne on h.treharne (at) surrey.ac.uk, Professor Steve Schneider or Professor Liqun Chen ( s.schneider (at) surrey.ac.uk, liqun.chen (at) surrey.ac.uk ).

Closing date for applications: 5 March 2018

Contact: Helen Treharne (h.treharne (at) surrey.ac.uk)

More information: http://jobs.surrey.ac.uk

We are looking for Research Fellow (PostDoc), Research Associate, Research Assistant, PhD student (several positions) to join our group to work on applications of blockchain technology.

Candidates for research fellow/associate should have completed (or close to completing) a PhD in computer science, mathematics, or a related discipline. Research assistant are expected to have an honours degree or an equivalent qualification. Post-secondary students will be considered for the position of research administrative assistant.

Applicants should have solid experience in any of the following areas:

- Public key cryptography and provable security.

- Software engineering

- Cloud computing

Successful candidates are expected to contribute to the research or development blockchain applications

The post has a flexible starting date. The initial appointment will be for 12 months, with a strong possibility for further appointment.

Review of applications will start immediately until the positions are filled.

Closing date for applications: 30 June 2018

Contact: Allen Au

http://www4.comp.polyu.edu.hk/~csallen

csallen at comp dot polyu dot edu dot hk

More information: http://www4.comp.polyu.edu.hk/~csallen

We study the minimal number of point-to-point messages required for general secure multiparty computation (MPC) in the setting of computational security against semi-honest, static adversaries who may corrupt an arbitrary number of parties.

We show that for functionalities that take inputs from $n$ parties and deliver outputs to $k$ parties, $2n+k-3$ messages are necessary and sufficient. The negative result holds even when given access to an arbitrary correlated randomness setup. The positive result can be based on any 2-round MPC protocol (which can in turn can be based on 2-message oblivious transfer), or on a one-way function given a correlated randomness setup.

Structure-preserving signatures on equivalence classes, or equivalence-class signatures for short (EQS), are signature schemes defined over bilinear groups whose messages are vectors of group elements. Signatures are perfectly randomizable and given a signature on a vector, anyone can derive a signature on any multiple of the vector; EQS thus sign projective equivalence classes. Applications of EQS include the first constant-size anonymous attribute-based credentials, efficient round-optimal blind signatures without random oracles and efficient access-control encryption. To date, the only existing instantiation of EQS is proven secure in the generic-group model. In this work we show that by relaxing the definition of unforgeability, which makes it efficiently verifiable, we can construct EQS from standard assumptions, namely the Matrix-Diffie-Hellman assumptions. We then show that our unforgeability notion is sufficient for most applications.