IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
26 May 2018
Singapore, Singapore, 17 November 2018
Submission deadline: 7 August 2018
Notification: 4 September 2018
Buenos Aires, Argentina, 30 July - 3 August 2018
25 May 2018
Nilanjan Datta, Avijit Dutta, Mridul Nandi, Kan Yasuda
Old Dominion University
The incumbent is expected to participate in the cybersecurity research lab at VMASC led by Dr. Sachin Shetty
Responsibilities include conducting fundamental research in Blockchain for IoT security and publishing in leading conferences and journals, participation in proposal development, and some supervision of graduate students. This position is ideally suited for a recent Ph.D. graduate who plans to pursue a future research career. A completed Ph.D. degree in ECE or CS is required by the time of the appointment. Solid background in network security, distributed systems, protocols and algorithms, is highly desirable.
Closing date for applications: 30 July 2018
Contact: Sachin Shetty, Ph.D.
Associate Professor
Virginia Modeling, Analysis and Simulation Center
Center for Cybersecurity Education and Research
Dept. of Modeling, Simulation and Visualization Engineering
Old Dominion University
1030 University Blvd
Suffolk, VA 23435
Email- sshetty (at) odu.edu
Web: https://www.odu.edu/~sshetty
More information: http://www.lions.odu.edu/~sshetty/PostDoc_ODU_2018.htm
Norwegian University of Science and Technology (NTNU)
The applicants should have a master’s degree in mathematics, computer science, communications technology or related areas with an average grade of B or better. Candidates completing their MSc degree in the Spring 2018 are encouraged to apply.
Knowledge in cryptography and strong programming skills is desirable.
Closing date for applications: 10 June 2018
Contact: For further information about the position, please contact Professor Danilo Gligoroski, danilog (at) ntnu.no
More information: https://www.jobbnorge.no/en/available-jobs/job/153395/
24 May 2018
Barcelona, Spain, 6 September - 7 September 2018
Submission deadline: 16 June 2018
Notification: 16 July 2018
San Francisco, USA, 4 March - 8 March 2019
Submission deadline: 14 September 2018
Notification: 19 November 2018
23 May 2018
University of Surrey, Surrey Centre for Cyber Security, UK
Successful applicants will have core skills in key management and network authentication standards (e.g. IPSEC) and wireless communications. Experience in tunnelling techniques is advantageous (e.g. L2TP or GRE). A PhD and/or industrial experience would be desirable since the project is research oriented and in collaboration with industry. A graduate with an appropriate background would also be considered.
The successful applicant will be working under supervision of Dr Helen Treharne and Dr Mark Manulis and will benefit from the environment provided by the Surrey Centre for Cyber Security, an Academic Centre of Excellence in Cyber Security Research recognized by the British Government.
Salary: 31604 GBP – 34520 GBP depending on qualifications
Expected start date: 1 August 2018
Applicants should submit their applications through the University portal via: https://jobs.surrey.ac.uk/vacancy.aspx?ref=038718
Closing date for applications: 20 June 2018
Contact: Dr. Mark Manulis --- m.manulis (at) surrey.ac.uk
More information: https://jobs.surrey.ac.uk/vacancy.aspx?ref=038718
Norwegian University of Science and Technology (NTNU)
We are entering the era of the Internet of Things (IoT). The IoT connects not only classical computing and communication devices, but all kinds of other gadgets that we use in our everyday lives. For IoT, security concerns go beyond traditional privacy or denial of service; also the immediate physical security of humans is at stake, and the cost of security failures becomes much more severe. Moreover, the IoT will be comprised of heterogeneous and lightweight devices, many of which may be unable to perform the complex computations required by modern security protocols.
The constrained IoT environment poses novel challenges for cryptographic protocol design and analysis. The PhD fellow will study protocols implementing either traditional trusted third party trust mechanism and/or newer (but less well-understood) notions of distributed trust. In both cases the protocols will rely on quantum-safe primitives. Of particular interest is the construction of security proofs for such light-weight protocols, requiring tight proofs as well as high assurance (e.g. automatic verification of security proofs).
Closing date for applications: 18 June 2018
Contact: Professor Kristian Gjøsteen (kristian.gjosteen (at) ntnu.no)
More information: https://www.jobbnorge.no/ledige-stillinger/stilling/153293/
Norwegian University of Science and Technology
Traditional voting has some significant limitations. From a security viewpoint, it has relied heavily on trust in the election officials, which in turn restricts independent verifiability and high assurance regarding confidentiality of votes. In addition, traditional voting has problems regarding errors in counting, accessibility, and timeliness.
Although cryptographic voting systems have been proposed almost 30 years ago, and deployed in many countries more recently, there remain major obstacles to their widespread adoption. As we have seen in recent years, voting systems sometimes fail and they are susceptible to a range of attacks, even in established democracies.
This project will investigate the security of voting systems and increase our assurance in state-of-the-art voting systems. In particular, the project will study user confidence in cryptographic voting systems, security proofs for such systems, as well as options for long-term security (including post-quantum security).
Security proofs will be a particular focus for one PhD fellow, while long-term security will be a particular focus for the other PhD fellow.
Closing date for applications: 18 June 2018
Contact: Professor Kristian Gjøsteen (kristian.gjosteen (at) ntnu.no), or Professor Colin Boyd (colin.boyd (at) ntnu.no).
More information: https://www.jobbnorge.no/ledige-stillinger/stilling/153300/
Norwegian University of Science and Technology
Traditional voting has some significant limitations. From a security viewpoint, it has relied heavily on trust in the election officials, which in turn restricts independent verifiability and high assurance regarding confidentiality of votes. In addition, traditional voting has problems regarding errors in counting, accessibility, and timeliness.
Although cryptographic voting systems have been proposed almost 30 years ago, and deployed in many countries more recently, there remain major obstacles to their widespread adoption. As we have seen in recent years, voting systems sometimes fail and they are susceptible to a range of attacks, even in established democracies.
This project will investigate the security of voting systems and increase our assurance in state-of-the-art voting systems. In particular, the project will study user confidence in cryptographic voting systems, security proofs for such systems, as well as options for long-term security (including post-quantum security).
Closing date for applications: 18 June 2018
Contact: Professor Kristian Gjøsteen (kristian.gjosteen (at) ntnu.no) or Professor Colin Boyd (colin.boyd (at) ntnu.no).
More information: https://www.jobbnorge.no/ledige-stillinger/stilling/153320/
University of Surrey, Surrey Centre for Cyber Security & Surrey Space Centre, UK
The project is funded by the NCC Group and aims to develop understanding of security risks and requirements associated with the use of commercial off-the-shelf components (incl. operating systems and software) in satellites and ground control systems, identify weaknesses and vulnerabilities in existing single and multi-satellite architectures and communication protocols, and propose mitigating countermeasures. An appropriate test-bed facility will be developed as part of this project.
Successful applicants are expected to be familiar with:
• Linux-based OS systems, incl. kernel programming
• System- / network-level attacks (e.g. buffer overflows, command injection), penetration testing
• Programming languages: C/C++, Assembly, or Python
We particularly welcome applications from ongoing students who are projected to complete their degree in 2018.
This PhD studentship includes a tax-free PhD stipend of GBP 20,000 per year for 3.5 years of PhD studies. This stipend is significantly higher than an average PhD stipend in the UK. Additional funding is available to support conference travel, etc.
Closing and starting dates: This is a “rolling advert” with a nominal closing date. Applications are welcome at any time and the timing of the selection process will be dependent on the applications received. Planned start date is October 2018.
Applications should be sent via https://jobs.surrey.ac.uk/Vacancy.aspx?id=4966
Closing date for applications: 30 September 2018
Contact: Informal inquiries can be directed to Dr Mark Manulis (m.manulis (at) surrey.ac.uk)
More information: https://jobs.surrey.ac.uk/Vacancy.aspx?id=4966
University of Maryland Baltimore County (UMBC)
Ph.D. student positions are available (start date: Fall 2018) in the field of hardware security, reliability, VLSI Testing and VLSI in the CSEE Department of University of Maryland, Baltimore County.
UMBC is ranked 55 in Computer Engineering according to US News, and places 7th in the ranking of Most Innovative national universities.
Our group has a strong background in hardware security, reliability, and trust, and in particular in side-channel analysis and fault analysis attacks, IC Counterfeiting, Trojan detection, IP/IC protection, Physically Unclonable Functions (PUFs) and Crypto devices as well as testing and reliability of secure devices and VLSI.
Requirements:
- M.Sc./B.Sc. in Computer Engineering or Electrical Engineering
- Solid knowledge in Hardware Description Languages (HDL)
- Solid Knowledge in digital design
Please contact me with your CV and Statement of Purpose by June 30th.
Naghmeh Karimi, Assistant Professor
Department of Computer Science and Electrical Engineering
University of Maryland, Baltimore County
Baltimore, MD 21250
Web: http://www.csee.umbc.edu/~nkarimi/
Closing Date for Applications: 2018-06-30
Closing date for applications: 30 June 2018
Contact: Naghmeh Karimi, Ph.D.
E-mail: nkarimi (at) umbc.edu
Jack Doerner, Yashvanth Kondi, Eysa Lee, abhi shelat
We propose new protocols for multi-party ECDSA key-generation and signing with a threshold of two, which we prove secure against malicious adversaries in the random oracle model using only the Computational Diffie-Hellman Assumption and the assumptions already relied upon by ECDSA itself. Our scheme requires only two messages, and via implementation we find that it outperforms the best prior results in practice by a factor of 56 for key generation and 11 for signing, coming to within a factor of 18 of local signatures. Concretely, two parties can jointly sign a message in just over three milliseconds.
Qian Guo, Vincent Grosso, François-Xavier Standaert
Xiangfu Song, Changyu Dong, Dandan Yuan, Qiuliang Xu, Minghao Zhao
Aydin Abadi, Sotirios Terzis, Roberto Metere, Changyu Dong
Changyu Dong, Grigorios Loukides
Zvika Brakerski, Renen Perlman
The focus of this work is RLWE with non-uniform distribution on secrets. A legal RLWE secret is (roughly) a uniform element in the ring of integers of a number field, modulo an integer $q$. We consider two main classes of "illegal" distributions of secrets.
The first is sampling from a subring of the intended domain. We show that this translates to a generalized form of RLWE that we call Order-LWE, we provide worst case hardness results for this new problem, and map out regimes where it is secure and where it is insecure. Two interesting corollaries are a (generalization of) the known hardness of RLWE with secrets sampled from the ring of integers of a subfield, and a new hardness results for the Polynomial-LWE (PLWE) problem, with different parameters than previously known.
The second is sampling from a $k$-wise independent distribution over the CRT representation of the secret. We cannot show worst case hardness in this case, but instead present a single average case problem (specifically, bounded distance decoding on a fixed specific distribution over lattices) whose hardness implies the hardness of RLWE for all such distributions of secrets.
Lior Rotem, Gil Segev
We initiate the study of out-of-band authentication in the group setting, extending the user-to-user setting where messaging platforms (e.g., Telegram and WhatsApp) protect against man-in-the-middle attacks by assuming that users have access to an external channel for authenticating one short value (e.g., two users who recognize each other's voice can compare a short value). Inspired by the frameworks of Vaudenay (CRYPTO '05) and Naor et al. (CRYPTO '06) in the user-to-user setting, we assume that users communicate over a completely-insecure channel, and that a group administrator can out-of-band authenticate one short message to all users. An adversary may read, remove, or delay this message (for all or for some of the users), but cannot undetectably modify it.
Within our framework we establish tight bounds on the tradeoff between the adversary's success probability and the length of the out-of-band authenticated message (which is a crucial bottleneck given that the out-of-band channel is of low bandwidth). We consider both computationally-secure and statistically-secure protocols, and for each flavor of security we construct an authentication protocol and prove a lower bound showing that our protocol achieves essentially the best possible tradeoff.
In particular, considering groups that consist of an administrator and $k$ additional users, for statistically-secure protocols we show that at least $(k+1)\cdot (\log(1/\epsilon) - \Theta(1))$ bits must be out-of-band authenticated, whereas for computationally-secure ones $\log(1/\epsilon) + \log k$ bits suffice, where $\epsilon$ is the adversary's success probability. Moreover, instantiating our computationally-secure protocol in the random-oracle model yields an efficient and practically-relevant protocol (which, alternatively, can also be based on any one-way function in the standard model).