International Association
for Cryptologic Research

Deep Learning has recently been introduced as a new alternative to perform Side-Channel analysis. Until now, studies have been focused on applying Deep Learning techniques to perform Profiled Side-Channel attacks where an attacker has a full control of a profiling device and is able to collect a large amount of traces for different key values in order to characterize the device leakage prior to the attack. In this paper we introduce a new method to apply Deep Learning techniques in a Non-Profiled context, where an attacker can only collect a limited number of side-channel traces for a fixed unknown key value from a closed device. We show that by combining key guesses with observations of Deep Learning metrics, it is possible to recover information about the secret key. The main interest of this method, is that it is possible to use the power of Deep Learning and Neural Networks in a Non-Profiled scenario. We show that it is possible to exploit the translation-invariance property of Convolutional Neural Networks against de-synchronized traces and use Data Augmentation techniques also during Non-Profiled side-channel attacks. Additionally, the present work shows that in some conditions, this method can outperform classic Non-Profiled attacks as Correlation Power Analysis. We also highlight that it is possible to target masked implementations without leakages combination pre-preprocessing and with less assumptions than classic high-order attacks. To illustrate these properties, we present a series of experiments performed on simulated data and real traces collected from the ChipWhisperer board and from the ASCAD database. The results of our experiments demonstrate the interests of this new method and show that this attack can be performed in practice.

Motivated by the problem of data breaches, we formalize a notion of security for dynamic structured encryption (STE) schemes that guarantees security against a snapshot adversary; that is, an adversary that receives a copy of the encrypted structure at various times but does not see the transcripts related to any queries. In particular, we focus on the construction of dynamic encrypted multi-maps which are used to build efficient searchable symmetric encryption schemes, graph encryption schemes and encrypted relational databases. Interestingly, we show that a form of snapshot security we refer to as breach resistance implies previously-studied notions such as a (weaker version) of history independence and write-only obliviousness. Moreover, we initiate the study of dual-secure dynamic STE constructions: schemes that are forward-private against a persistent adversary and breach-resistant against a snapshot adversary. The notion of forward privacy guarantees that updates to the encrypted structure do not reveal their association to any query made in the past. As a concrete instantiation, we propose a new dual-secure dynamic multi-map encryption scheme that outperforms all existing constructions; including schemes that are not dual-secure. Our construction has query complexity that grows with the selectivity of the query and the number of deletes since the client executed a linear-time rebuild protocol which can be de-amortized. We implemented our scheme (with the de-amortized rebuild protocol) and evaluated its concrete efficiency empirically. Our experiments show that it is highly efficient with queries taking less than 1 microsecond per label/value pair.

Proofs of space (PoS) [DFKP15] are proof systems where a prover can convince a verifier that he ``wastes" disk space. PoS were introduced as a more ecological and economical replacement for proofs of work which are currently used to secure blockchains like Bitcoin. In this work we investigate extensions of PoS which allow the prover to embed useful data into the dedicated space, which later can be recovered.

The first contribution of this paper is a security proof for the PoS from [DFKP15] in the random oracle model (the original proof only applied to a restricted class of adversaries which can store a subset of the data an honest prover would store). When this PoS is instantiated with recent constructions of maximally depth robust graphs, our proof implies basically optimal security.

As a second contribution we introduce and construct proofs of catalytic space (PoCS), which are defined like classical PoS, but most of the space required by the prover can at the same time be used to store useful data. Our first construction has almost no overhead (i.e., the useful data is almost as large as the dedicated space), whereas our second construction has a slightly larger overhead, but allows for efficient updates of the data. Our constructions are extensions of the [DFKP15] PoS, and our tight proof for the PoS extends (non-trivially) to the PoCS.

As our last contribution we construct a proof of replication (PoR), coming up with such an object has recently been stated as an open problem in the Filecoin paper. Also this construction (and its proof) are extensions of the [DFKP15] PoS.

There have been recent advances in solving the finite extension field discrete logarithm problem as it arises in the context of pairing-friendly elliptic curves. This has lead to the abandonment of approaches based on super-singular curves of small characteristic, and to the reconsideration of the field sizes required for implementation based on non-supersingular curves of large characteristic. This has resulted in a revision of recommendations for suitable curves, particularly at a higher level of security. Indeed for AES-256 levels of security the BLS48 curves have been suggested, and demonstrated to be superior to other candidates. These curves have an embedding degree of 48. The well known taxonomy of Freeman, Scott and Teske only considered curves with embedding degrees up to 50. Given some uncertainty around the constants that apply to the best discrete logarithm algorithm, it would seem to be prudent to push a little beyond 50. In this note we announce the discovery of a new family of pairing friendly elliptic curves with an embedding degree of 54.

The cryptography group at the Ruhr-Universität Bochum invites applications for a three years Ph.D. position in the PROMETHEUS project \"PRivacy preserving pOst-quantuM systEms from advanced crypTograpHic mEchanisms Using latticeS\". The topics include provable security in general and post-quantum secure cryptography from lattices in particular.

The crypto group is part of the Horst Görtz Institute for IT Security (HGI) which currently hosts 21 professors and their teams, conducting research in electrical engineering and information technology, mathematics as well as the humanities and social sciences. This interdisciplinary environment covers nearly all aspects of IT security, from basic research in cryptography to internet security, security for the Internet of Things, usability and data protection. With some 200 scientists, the HGI is one of the largest and most highly respected university institutes for IT security in Europe.

A PhD student in Germany is employed, pays no fees related to the PhD position, and has a decent monthly salary based on the German TVL-E13 scale (100%).

Applicants should hold a Master in IT-security, mathematics, computer science or related disciplines, with excellent marks. There should be good knowledge in theoretical cryptography.

Application material: CV, Masters diploma and transcripts with grades, letter of motivation, 2 names for letters of reference.

Closing date for applications: 4 March 2018

Contact: Eike Kiltz

More information: https://www.stellenwerk-bochum.de/jobboerse/wissenschaftl-mitarbeiterin-wiss-mitarbeiterin-3983-stdwoche-3-jahre-bo-2018

IoTeX is a young blockchain startup located at Silicon Valley, USA. IoTeX is building the next generation blockchain platform for IoT (Internet-of-Things) with focus on scalability, privacy and enabling of autonomous device coordination. IoTeX, while still in stealth mode, is a well-funded company in blockchain sector and has partnered with leading players in IoT space.

We are looking for a talent cryptography and distributed systems engineer to work on various aspects of the core IoTeX blockchain technologies, with emphasis on the design, analysis and implementation of innovative and efficient cryptographic algorithms and protocols that improve on the scalability, security and privacy of existing blockchain methodologies and pave the way for securing a wide range of Internet of Things (IoT) applications with IoTex blockchains.

Requirements

• Eligible to work in the US
• Master’s or PhD in cryptography, mathematics, computer science, or related fields
• Solid background in cryptographic algorithms and protocols such as elliptic curve cryptography, digital signature, commitment scheme, zero-knowledge proof, secure multiparty computation, etc.
• Experience designing novel cryptographic primitives and protocols
• Experience drafting and validating security specification and proofs
• Experience implementing cryptographic primitives and protocols in various platforms using C/C++, Golang or Python

Bonus

• Cryptocurrency and blockchain technology
• Smart contracts
• Security and privacy for distributed systems
• Experience designing novel cryptographic primitives and protocols
• Security and privacy for various IoT systems (e.g., wireless sensor networks, RFID systems, smart grid, vehicular ad-hoc networks, etc.)

Review of applications will start immediately and will continue until positions are filled.

Closing date for applications: 31 May 2018

Contact: To apply, please send your CV and in English to hello (at) iotex.io

More information: https://www.iotex.io/article/careers

As Senior Vice President of Cryptographic Algorithms and Systems, realisation of your dream will secure the businesses of today from the threats of tomorrow. Whether leading security efforts on our own secure communications suite and blockchain ecosystem, or for outside clients, it pays to keep your guard up at DarkMatter

As SVP Cryptographic Algorithms and Systems, you will:

Manage research and development of crypto-dependent systems for authentication and authorization platforms that leverage blockchain technology designed for constrained devices and critical infrastructure

Anticipate threats and client needs to design and combine algorithms that solve emerging cyber security problems and defend against attack vectors of the future

Lead, develop and inspire a dedicated team of research scientists and engineers to consistently produce high-quality results

Work with potential clients to gather requirements towards commercialization and productizing of our research output

You will lead clients to the cryptographic solutions they’ll need in the future while leading your team in developing libraries and services for their existing algorithms. Our commitment to end-to-end solutions gives you the freedom to make your dreams come to life. Create your own algorithms for enhanced security in each area of our business. Our Test & Validation Labs and Innovation Center are being built to provide both depth of knowledge and a collaborative approach to research and development.

To guard against the threats of the future, you’ll need:

20+ years of technical and leadership experience, including extensive industry experience managing teams of cybersecurity researchers and engineers

Eagerness to oversee the development of cryptographic algorithms, protocols and systems for enterprise-grade cyber security products in mobile, cloud and web

Bachelor’s degree in Engineering, Computer Science, Mathematics or Physics, with a Masters or Ph.D. preferred

Closing date for applications: 18 November 2018

Contact: Sheila Morjaria

More information: https://grnh.se/2wr6cqjn1

DTU Compute invites talented candidates who have obtained remarkable results during their M.Sc. studies and who have demonstrated promise and potential in their field of study, to apply for PhD scholarships. The starting date is expected to be in the fall 2018 or as soon as possible thereafter.

You can apply for fully funded or partially funded scholarships from DTU Compute. For partially funded DTU Compute scholarships, documentation for the remaining funding must be provided with the application. The purpose of the co-funded scholarships is to increase the total volume of scholarships and to promote innovation in collaboration with external parties.

Our department is an internationally unique academic environment spanning the science disciplines mathematics, statistics and computer science. At the same time, we are an engineering department developing informatics and communication technologies in their broadest sense.

DTU Compute strives to achieve research excellence in its basic science disciplines, to achieve technological leadership in research and innovation, and to address societal challenges in collaboration with partners at DTU and other academic institutions, nationally and internationally, and, equally important, with industries and organizations.

We play a central role in education at all levels of the engineering programs at DTU - both in terms of our scientific disciplines and our didactic innovation.

Projects

Cyber Security - Cyber security examines the methods, techniques and tools for securing computer systems that are accessible through a network, typically the Internet, which is often known as cyberspace.

Qualifications

The ideal PhD student is curious, creative, independent and yet able to collaborate as a team player in a research group. Candidates must hold a M.Sc. degree in engineering or an equivalent degree. Furthermore, good command of the English language is essential.

Closing date for applications: 13 April 2018

Contact: Dr. Christian D. Jensen (cdje (at) dtu.dk), or Dr. Weizhi Meng (weme (at) dtu.dk)

More information: http://www.dtu.dk/job/job?id=9bbc3ae7-6dec-45ed-8e5c-bffbda1099d6

Event date: 25 September to 27 September 2018
Submission deadline: 1 April 2018
Notification: 25 May 2018

Event date: 15 October to 19 October 2018
Submission deadline: 8 May 2018
Notification: 23 July 2018

Albeit the primary usage of Bitcoin is to exchange currency, its blockchain and consensus mechanism can also be exploited to securely execute some forms of smart contracts. These are agreements among mutually distrusting parties, which can be automatically enforced without resorting to a trusted intermediary. Over the last few years a variety of smart contracts for Bitcoin have been proposed, both by the academic community and by that of developers. However, the heterogeneity in their treatment, the informal (often incomplete or imprecise) descriptions, and the use of poorly documented Bitcoin features, pose obstacles to the research. In this paper we present a comprehensive survey of smart contracts on Bitcoin, in a uniform framework. Our treatment is based on a new formal specification language for smart contracts, which also helps us to highlight some subtleties in existing informal descriptions, making a step towards automatic verification. We discuss some obstacles to the diffusion of smart contracts on Bitcoin, and we identify the most promising open research challenges.

We introduce a new cryptographic primitive called signatures with flexible public key. We divide the key space into equivalence classes induced by a relation $\mathcal{R}$. A signer can efficiently change his key pair to a different representative of the same class, but without a trapdoor it is hard to distinguish if two public keys are related.

This primitive offers a unified approach to the modular construction of signature schemes with privacy-preserving components. Namely, we show how to build the first ring signature scheme in the plain model without trusted setup, where signature size depends only sub-linearly on the number of ring members. Moreover, we show how to combine our primitive with structure-preserving signatures on equivalence classes (SPSEQ) to construct static group signatures and self-blindable certificates. When properly instantiated, the result is a group signature scheme that has a shorter signature size than the current state-of-the-art scheme by Libert, Peters, and Yung from Crypto'15.

In its own right, our primitive has stand-alone applications in the cryptocurrency domain. In particular it enables the straightforward implementation of so-called stealth addresses.

We present function private public-key predicate encryption schemes from standard cryptographic assumptions, that achieve new lower bounds on the min-entropy of underlying predicate distributions. Existing function private predicate encryption constructions in the public-key setting can be divided into two broad categories. The first category of constructions are based on standard assumptions, but impose highly stringent requirements on the min-entropy of predicate distributions, thereby limiting their applicability in the context of real-world predicates. For example, the statistically function private constructions of Boneh, Raghunathan and Segev (CRYPTO'13 and ASIACRYPT'13) are inherently restricted to predicate distributions with min-entropy roughly proportional to the security parameter $\lambda$. The second category of constructions mandate more relaxed min-entropy requirements, but are either based on non-standard assumptions (such as indistinguishability obfuscation) or are secure in the generic group model. In this paper, we affirmatively bridge the gap between these categories by presenting new public-key constructions for identity-based encryption, hidden-vector encryption, and subspace-membership encryption~(a generalization of inner-product encryption) that are both data and function private under variants of the well-known DBDH, DLIN and matrix DDH assumptions, while relaxing the min-entropy requirement on the predicate distributions to $\omega(\log\lambda)$. In summary, we establish that the minimum predicate entropy necessary for any meaningful notion of function privacy in the public-key setting, is in fact, sufficient, for a fairly rich class of predicates.

Masking is one of the predominantly deployed countermeasures in order to prevent side-channel analysis (SCA) attacks. Over the years, various masking schemes have been proposed. However, the implementation of Boolean masking schemes has proven to be difficult in particular for embedded devices due to undisclosed architecture details and device internals. In this article, we investigate the application of Threshold Implementation (TI) in terms of Boolean masking in software using the PRESENT cipher as a case study. Since TI has proven to be a proper solution in order to implement Boolean masking for hardware circuits, we apply the same concept for software implementations and compare it to classical first- and second-order Boolean masking schemes. Eventually, our practical security evaluations reveal that amongst all our considered implementation variants only the TI can provide first-order security while all others still exhibit detectable first-order leakage.

We generalize Banaszczyk's seminal tail bound for the Gaussian mass of a lattice to a wide class of test functions. We therefore obtain quite general transference bounds, as well as bounds on the number of lattice points contained in certain bodies. As examples, we bound the lattice kissing number in $\ell_p$ norms by $e^{(n+o(n))/p}$ for $0 < p \leq 2$, and also give a proof of a new transference bound in the $\ell_1$ norm.

We alter the zk-SNARK construction of Groth[Eurocrypt 2016] to obtain a simulation-extractable zk-SNARK with almost identical prover running time. (Simulation extractability is a strong form of adaptive non-malleability.) Our construction requires outputting 5 group elements rather than 3 as in [Groth], and requires the random oracle model.

An ECDSA modification with signing equation $s=rk+hd$ has the properties that the signer avoids modular inversion and that passive universal forgery is equivalent to inverting a sum of two functions with freely independent inputs.

Let $\sigma:s\mapsto sG$ and $\rho:R\mapsto -rR$ where $r$ is an integer representation of the point $R$. The free sum of $\rho$ and $\sigma$ is $\nu: (R,s) \mapsto \rho(R)+\sigma(s)$. A RKHD signature $(R,s)$ verifies if and only if $\nu(R,s) = hQ$, where $h$ is the hash of the message and $Q$ is the public key. So RKHD security relies upon, among other things, the assumption that free sum $\nu$ is 1-way (or unforgoable, to be precise).

Other free sums are 1-way under plausible assumptions: elliptic curve discrete logs, integer factoring, and secure small-key Wegman--Carter--Shoup authentication. Yet other free sums of 1-way functions (integer-factoring based) fail to be 1-way. The ease with which these free sums arise hints at the ease determining RKHD security.

RKHD signatures are very similar to ECGDSA (an elliptic curve version Agnew--Mullin--Vanstone signatures): variable-$G$ forgers of the two schemes are algorithmically equivalent. But ECGDSA requires the signer to do one modular inversion, a small implementation security risk.

Vehicular communication (V2X) technologies are expected to become increasingly common in the future. Although they enable improvements on transportation safety and efficiency, the large scale deployment of V2X requires addressing some challenges. In particular, to prevent abuse by drivers and by the system itself, V2X architectures must: (1) ensure the authenticity of messages, which is usually accomplished by means of digital certification; and (2) preserve the privacy of honest users, so owners of non-revoked certificates cannot be easily identified and tracked by eavesdroppers. A promising design to address these requirements is the Security Credential Management System (SCMS), which is currently among the main candidates for protecting V2X communications in the United States. Even though SCMS provides efficient, scalable and privacy-preserving mechanisms for managing V2X-oriented certificates, in this article we show that its certificate revocation process can be further enhanced. Namely, we present two birthday attacks against SCMS's revocation process, both of which degrade the system's security as time passes and more certificates are revoked. We then describe an alternative design to prevent such security degradation with minimal computational overhead. In complement to these security gains, we also describe a mechanism for improving the flexibility of the revocation procedure, allowing certificates (as well as their owner's privacy) to be temporarily revoked in an efficient manner. This should be useful, for example, to implement suspension mechanisms or to aid in investigations by law-enforcement authorities.

Private set-intersection (PSI) allows a client to only learn the intersection between his/her set $C$ and the set $S$ of another party, while this latter party learns nothing. We aim to enhance PSI in different dimensions, motivated by the use cases of increasingly popular online matchmaking --- Meeting "the one" who possesses all desired qualities and free from any undesirable attributes may be a bit idealistic. Meanwhile, the criteria should be expressed in a succinct form. In this paper, we realize $\mathit{over-}$ (resp. $\mathit{below-}$) threshold PSI, such that the client learns the intersection (or other auxiliary private data) only when $|C \cap S| > t$ (resp. $\leq t$). The threshold corresponds to tunable criteria for (mis-)matching, without marking all possible attributes as desired or not. To the best of our knowledge, our constructions are the very first solution for these two open problems posed by Bradley et al. (SCN '16) and Zhao and Chow (PoPETS '17), without resorting to the asymptotically less efficient generic approach from garbled circuits.

Moreover, we consider an ``outsourced'' setting with a service provider coordinating the PSI execution, instead of having two strangers to be online simultaneously for executing a highly-interactive PSI directly with each other. Outsourcing our two protocols are arguably optimal, namely, the two users perform $O(|C|)$ and $O(1)$ decryptions, for unlocking the private set $C$ and the outcome whether a match has been found.

With this call Technical University of Denmark (DTU) invites highly talented experienced researchers who have achieved outstanding results in their research while demonstrating excellence and potential in their field to apply for one of the fellowships under the H.C. Ørsted Postdoc programme, co-funded by Marie Sklodowska-Curie Actions.

The programme is named after Hans Christian Ørsted, discoverer of electro-magnetism and founder of the University and achieves the goals of Marie Sklodowska-Curie COFUND by increasing the European-wide mobility possibilities for training and career development of experienced researchers. The Programme will contribute to the researcher’s career development, broadening and deepening individual competencies through exposure to an international and multidisciplinary environment. The Programme is based on incoming mobility and will enable experienced researchers from all over the world to carry out curiosity-driven, bottom-up research projects within all branches of engineering science at DTU.

To enable the unique identification of each application, applicants must assign their application with an acronym.

DTU fully acknowledges the importance of equal opportunities and welcomes applications from all interested candidates irrespective of age, gender, disability, religion or ethnicity.

To further promote equal opportunities, DTU will implement gender blinded reviews. Applicants should refrain from using their names and gender specific pronouns in the research plan (he/she, his/hers etc.). Names and nationality listed in the templates for the research plan and CV will be hidden by the secretariat prior to the external peer review.

Closing date for applications: 23 February 2018

Contact: Dr. Christian D. Jensen (cdje (at) dtu.dk), or Dr. Weizhi Meng

More information: http://www.dtu.dk/english/Research/Research-at-DTU/Postdoc-programmes/H-C-Oersted-COFUND-Postdoc