International Association
for Cryptologic Research

The Computer Science Institute of Charles University in Prague, Czech Republic invites applications for a postdoctoral position in cryptography hosted by Pavel Hubacek (https://iuuk.mff.cuni.cz/~hubacek).

Potential research topics may include (but are not limited to):

- cryptographic hardness of total search problems,

- verifiable delegation of computation,

- applications of game theory in cryptography.

The position is funded by the Primus Research Programme of Charles University. The funding is available for one year with a flexible starting date from October 2018, a competitive salary and a possibility of extension. The applicants should hold a PhD degree (or be near its completion) in computer science, mathematics or a related field.

Applications should include a CV and a research statement and may be sent directly to Pavel Hubacek (informal inquiries are welcome).

The applications will be considered until the position is filled.

Closing date for applications: 30 November 2018

Contact: Pavel Hubacek, hubacek (at) iuuk.mff.cuni.cz

The Chair of Applied Cryptography at Friedrich-Alexander-University in Nuremberg is offering a postdoctoral researcher position. Applicants are expected to have research interests in both foundational and applied research topics. Application should demonstrate their ability to perform excellent research through publications in venues like CRYPTO, EUROCRYPT, ASIACRYPT, CCS, S&P, USENIX, NDSS, PKC,… The salary is based on state tariff A 13 (“Akademischer Rat auf Zeit”), 100% position, according to the current tariff in the German state Bavaria (around 4000 EUR - 4700 EUR net per month, depending on family status, experience etc.).

The city of Nuremberg is very international with over 20% of foreigners and the teaching language for our MSc courses is English. Therefore, there is no need to speak/learn German.

The position is initially offered for one year, with the option of an extension to two or more years (up to six years). The starting date is December 1st or later. There is no closing date for applications, the position remains open until filled.

To apply for this position, please send a single pdf document with the following content:

- Cover letter

- research and teaching statement

- CV and a list of publications

- Optional: one or two letter(s) of recommendation

- Optional: further supporting material

Incomplete applications or obvious mass applications that do not specifically address the offered position can not be considered.

Please submit applications by e-mail to Dominique Schröder and using the tag [POSTDOC] in the subject.

Closing date for applications: 1 November 2018

Contact: Dominique Schröder

dominique.schroeder (at) fau.de

More information: http://chaac.tf.fau.de

New York University (NYU) Abu Dhabi’s Program in Computer Science invites applications for a faculty position in computer science at the rank of assistant professor, tenure track. All areas of computer science are welcome to apply. However, one specific area of research interest is cyber-security, with experience building and deploying large-scale security solutions in the real world that focus on systems security, network security, privacy, cryptography, and formal methods.

Closing date for applications: 15 October 2018

Contact: Christina Pöpper

More information: https://apply.interfolio.com/52873

Dear Aplicant,

At ING, increasing the pace of innovation is a strategic priority of the Think Forward strategy. We need to get faster and better at innovating so we can stay abreast of the pace of change around us. Blockchain technology is one of the innovation enablers at ING and the Blockchain program encompasses all of our efforts to explore and unlock its business value. As such, the Blockchain program at ING is directly responsible for all DLT related initiatives at ING globally.

The Blockchain program is also responsible for identifying and piloting the most promising use cases. To do so, we constantly scope the environment for relevant opportunities, actively engage with and educate the organization about the technology’s potential as well as researching trends within the industry. This allows us to have a comprehensive approach in our delivery of business value.

We are looking for a cryptographer to strengthen the team. Your main tasks that you will be performing are:

Research:

- Follow the developments in cryptography, with a focus on subjects important to DLT, such as zero-knowledge protocols, secret sharing, ring signatures, homomorphic encryption, etc.

- Implement interesting protocols in a proof-of-concept fashion

- Present interesting advances/protocols to the DLT team

Experimenting:

Participate in projects that experiment with DLT solutions, with a focus on cryptography, security and privacy components

- Advise on the cryptographic solutions to be used and how these should be used

Analysis:

- Analyse solutions and implementations thereof to verify if the implementation is correct and the privacy and/or security requirements ING has are met

Relevant stakeholders: you will be working with the DLT team, and reporting to the Chapter Lead and squad’s Customer Journey Expert / Product Owner.

You will be fully part of an enthusiastic multi-disciplinary team that has a willingness to help you grow and learn as much as possible throughout your position.

Closing date for applications: 22 December 2018

Contact: Mariana Gómez de la Villa

Global Program Manager Distributed Ledger Technology

ING Wholesale Banking Innovation

AMP G.04, Bijlmerplein 888, 1102 MG Amsterdam Zuidoost

P.O. Box 1800, 1000 BV Amsterdam, The Netherlands

M +31649420406

E mariana.gomez.de.la.villa (at) ing.nl

More information: https://www.ing.jobs/Global/Careers/Job-opportunities/Vacancy/DLT-Blockchain-Engineer-4.htm?org=searchresult

We are looking for three research fellows / postdocs for the Future-proof Public Distributed Ledger project. We offer a competitive salary (S$5.5k-7k+/month) with benefits, very low income tax (3-4%), and a collaboration on other security and blockchain-related projects. Preferable starting date: January 2019 (negotiable).

Candidates should have a strong interest in the blockchain technology and an excellent background in at least one of the following fields: cryptography, security protocol analysis, network or system security, distributed systems, networking, or related. If you are interested, please send your CV to Pawel Szalachowski.

Closing date for applications: 1 January 2019

Contact: Pawel Szalachowski

pawel (at) sutd.edu.sg

The fellowship provides full financial cover to get a doctorate in Computer Science at New York University (at the Courant Institute or at the Tandon School of Engineering). The first year is spent in New York taking classes; the rest of the degree in the NYU Abu Dhabi campus. One possible focus area is cyber security and privacy.

Deadline coming up soon: Dec 12 (through Courant) and Dec 15 (through Tandon).

Closing date for applications: 12 December 2018

Contact: Christina Pöpper

More information: https://nyuad.nyu.edu/en/academics/graduate/global-phd-student-fellowship-in-computer-science.html

New York University (NYU) Abu Dhabi’s Program in Computer Science invites applications for a faculty position at the rank of associate professor or professor, each with tenure. Applicants from all areas of computer science are welcome to apply. One specific research areas of interest is cyber-security, with experience building and deploying large-scale security solutions in the real world that focus on systems security, network security, privacy, cryptography, and formal methods.

Closing date for applications: 15 November 2018

More information: https://apply.interfolio.com/52873

We apply Scholten's construction to give explicit isogenies between the Weil restriction of supersingular Montgomery curves with full rational 2-torsion over $GF(p^2)$ and corresponding abelian surfaces over $GF(p)$. Subsequently, we show that isogeny-based public key cryptography can exploit the fast Kummer surface arithmetic that arises from the theory of theta functions. In particular, we show that chains of 2-isogenies between elliptic curves can instead be computed as chains of Richelot (2,2)-isogenies between Kummer surfaces. This gives rise to new possibilities for efficient supersingular isogeny-based cryptography.

We construct the first (almost) tightly-secure unbounded-simulation-sound quasi-adaptive non-interactive zero-knowledge arguments (USS-QA-NIZK) for linear-subspace languages with compact (number of group elements independent of the security parameter) common reference string (CRS) and compact proofs under standard assumptions in bilinear-pairings groups. In particular, under the SXDH assumption, the USS-QA-NIZK proof size is only seventeen group elements with a factor $O(\log{Q})$ loss in security reduction to SXDH. The USS-QA-NIZK primitive has many applications, including structure-preserving signatures (SPS), CCA2-secure publicly-verifiable public-key encryption (PKE), which in turn have applications to CCA-anonymous group signatures, blind signatures and unbounded simulation-sound Groth-Sahai NIZK proofs. We show that the almost tight security of our USS-QA-NIZK translates into constructions of all of the above applications with (almost) tight-security to standard assumptions such as SXDH and, more generally, $\mathcal D_k$-MDDH. Thus, we get the first publicly-verifiable (almost) tightly-secure multi-user/multi-challenge CCA2-secure PKE with practical efficiency under standard bilinear assumptions. Our (almost) tight SPS construction is also improved in the signature size over previously known constructions.

Email communication is amongst the most prominent online activities, and as such, can put sensitive information at risk. It is thus of high importance that internet email applications are designed in a privacy-aware manner and analyzed under a rigorous threat model. The Snowden revelations (2013) suggest that such a model should feature a global adversary, in light of the observational tools available. Furthermore, the fact that protecting metadata can be of equal importance as protecting the communication context implies that end-to-end encryption may be necessary, but it is not sufficient.

With this in mind, we utilize the Universal Composability framework [Canetti, 2001] to introduce an expressive cryptographic model for email ``ecosystems'' that can formally and precisely capture various well-known privacy notions (unobservability, anonymity, unlinkability, etc.), by parameterizing the amount of leakage an ideal-world adversary (simulator) obtains from the email functionality.

Equipped with our framework, we present and analyze the security of two email constructions that follow different directions in terms of the efficiency vs. privacy tradeoff. The first one achieves optimal security (only the online/offline mode of the users is leaked), but it is mainly of theoretical interest; the second one is based on parallel mixing [Golle and Juels, 2004] and is more practical, while it achieves anonymity with respect to users that have similar amount of sending and receiving activity.

We provide generic and black box transformations from any chosen plaintext secure Attribute-Based Encryption (ABE) or One-sided Predicate Encryption system into a chosen ciphertext secure system. Our transformation requires only the IND-CPA security of the original ABE scheme coupled with a pseudorandom generator (PRG) with a special security property.

In particular, we consider a PRG with an $n$ bit input $s \in {0,1}^n$ and $n\cdot \ell$ bit output $y_1, ..., y_n$ where each $y_i$ is an $\ell$ bit string. Then for a randomly chosen $s$ the following two distributions should be computationally indistinguishable. In the first distribution $r_{i,s_i} = y_i$ and $r_{i, \bar{s}_i}$ is chosen randomly for $i \in [n]$. In the second distribution all $r_{i,b}$ are chosen randomly for $i \in [n], b \in {0,1}$.

Leakage-resilient encryption is a powerful tool to protect data confidentiality against side channel attacks. In this work, we introduce a new and strong leakage setting to counter backdoor (or trojan horse) plus covert channel attack, by relaxing the restrictions on leakage. We allow bounded leakage (e.g. 10000 bits) at anytime and anywhere and over anything. Our leakage threshold could be much larger than typical secret key (e.g. AES key or RSA private key) size. Under such a strong leakage setting, we propose an efficient encryption scheme which is semantic secure in standard setting (i.e. without leakage) and can tolerate strong continuous leakage. We manage to construct such a secure scheme under strong leakage setting, by hiding partial (e.g. $1\%$) ciphertext as secure as we hide the secret key using a small amount of more secure hardware resource, so that it is almost equally difficult for any adversary to steal information regarding this well-protected partial ciphertext or the secret key. We remark that, the size of such well-protected small portion of ciphertext is chosen to be much larger than the leakage threshold. We provide concrete and practical examples of such more secure hardware resource for data communication and data storage. We also introduce a new notion of computational entropy, as a sort of computational version of Kolmogorov complexity. Our quantitative analysis shows that, hiding partial ciphertext is a powerful countermeasure, which enables us to achieve higher security level than existing approaches in case of backdoor plus covert channel attacks. We also show the relationship between our new notion of computational entropy and existing relevant concepts, including Shannon-Entropy, Yao-Entropy, Hill-Entropy, All-or-Nothing Transform, and Exposure Resilient Function. This new computation entropy formulation may have independent interests.

We propose a framework for achieving a public-key encryption (PKE) scheme that satisfies key dependent message security against chosen ciphertext attacks (KDM-CCA security) based on projective hash function. Our framework can be instantiated under the decisional diffie-hellman (DDH), quadratic residuosity (QR), and decisional composite residuosity (DCR) assumptions. The constructed schemes are KDM-CCA secure with respect to affine functions and compatible with the amplification method shown by Applebaum (EUROCRYPT 2011). Thus, they lead to PKE schemes satisfying KDM-CCA security for all functions computable by a-priori bounded size circuits. They are the first PKE schemes satisfying such a security notion in the standard model using neither non-interactive zero knowledge proof nor bilinear pairing.

The above framework based on projective hash function captures only KDM-CCA security in the single user setting. However, we can prove the KDM-CCA security in the multi user setting of our concrete instantiations by using their algebraic structures explicitly. Especially, we prove that our DDH based scheme satisfies KDM-CCA security in the multi user setting with the same parameter setting as in the single user setting.

Ever since the foundational work of Goldwasser and Micali, simulation has proven to be a powerful and versatile construct for formulating security in various areas of cryptography. However security definitions based on simulation are generally harder to work with than game based definitions, often resulting in more complicated proofs. In this work we challenge this viewpoint by proposing new simulation-based security definitions for secure channels that in many cases lead to simpler proofs of security. We are particularly interested in definitions of secure channels which reflect real-world requirements, such as, protecting against the replay and reordering of ciphertexts, accounting for leakage from the decryption of invalid ciphertexts, and retaining security in the presence of ciphertext fragmentation. Furthermore we show that our proposed notion of channel simulatability implies a secure channel functionality that is universally composable. To the best of our knowledge, we are the first to study universally composable secure channels supporting these extended security goals. We conclude, by showing that the Dropbear implementation of SSH-CTR is channel simulatable in the presence of ciphertext fragmentation, and therefore also realises a universally composable secure channel. This is intended, in part, to highlight the merits of our approach over prior ones in admitting simpler security proofs in comparable settings.

In this work we develop a new theory for concretely efficient, large-scale MPC with active security. Current practical techniques are mostly in the strong setting of all-but-one corruptions, which leads to protocols that scale badly with the number of parties. To work around this issue, we consider a large-scale scenario where a small minority out of many parties is honest and design scalable, more efficient MPC protocols for this setting. Our results are achieved by introducing new techniques for information-theoretic MACs with short keys and extending the work of Hazay et al. (CRYPTO 2018), which developed new passively secure MPC protocols in the same context. We further demonstrate the usefulness of this theory in practice by analyzing the concrete communication overhead of our protocols, which improve upon the most efficient previous works.

Attribute-based signature (ABS) schemes are advanced signature schemes that simultaneously provide fine-grained authentication while protecting privacy of the signer. Previously known expressive ABS schemes support either the class of deterministic finite automata and circuits from standard assumptions or Turing machines from the existence of indistinguishability obfuscations.

In this paper, we propose the first ABS scheme for a very general policy class, all deterministic Turin machines, from a standard assumption, namely, the Symmetric External Diffie-Hellman (SXDH) assumption. We also propose the first ABS scheme that allows nondeterministic finite automata (NFA) to be used as policies. Although the expressiveness of NFAs are more restricted than Turing machines, this is the first scheme that supports nondeterministic computations as policies.

Our main idea lies in abstracting ABS constructions and presenting the concept of history of computations; this allows a signer to prove possession of a policy that accepts the string associated to a message in zero-knowledge while also hiding the policy, regardless of the computational model being used. With this abstraction in hand, we are able to construct ABS for Turing machines and NFAs using a surprisingly weak NIZK proof system. Essentially we only require a NIZK proof system for proving that a (normal) signature is valid. Such a NIZK proof system together with a base signature scheme are, in turn, possible from bilinear groups under the SXDH assumption, and hence so are our ABS schemes.

We present hash functions that are almost optimally one-way in the quantum setting. Our hash functions are based on the Merkle-Damgård construction iterating a Davies-Meyer compression function, which is built from a block cipher. The quantum setting that we use is a natural extention of the classical ideal cipher model. Recent work has revealed that symmetric-key schemes using a block cipher or a public permutation, such as CBC-MAC or the Even-Mansour cipher, can get completely broken with quantum superposition attacks, in polynomial time of the block size. Since many of the popular schemes are built from a block cipher or a permutation, the recent findings motivate us to study such schemes that are provably secure in the quantum setting. Unfortunately, no such schemes are known, unless one relies on certain algebraic assumptions. In this paper we present hash constructions that are provably one-way in the quantum setting without algebraic assumptions, solely based on the assumption that the underlying block cipher is ideal. To do this, we reduce one-wayness to a problem of finding a fixed point and then bound its success probability with a distinguishing advantage. We develop a generic tool that helps us prove indistinguishability of two quantum oracle distributions.

We put forward the notion of universal proxy re-encryption (UPRE). A UPRE scheme enables us to convert a ciphertext under a (delegator) public key of any existing public-key encryption (PKE) scheme into another ciphertext under a (delegatee) public key of any existing PKE scheme (possibly different from the delegator one). Such a conversion is executed by a third party called proxy that has a re-encryption key generated from the delegator's secret key and the delegatee public key. Proxy re-encryption is a related notion, but it can neither convert ciphertexts into ones of possibly different PKE schemes nor treat general PKE schemes.

Our contributions are twofold. One is a definitional work. We define the syntax and security of UPRE. The other is showing the feasibility of UPRE. More precisely, we present three generic constructions of UPRE. One is a UPRE based on probabilistic indistinguishability obfuscation (PIO). It can re-encrypt ciphertexts polynomially many times. Another is a relaxed variant of UPRE based on function secret sharing (FSS). It can re-encryption ciphertexts constant times. The relaxed variant means that decryption algorithms for re-encrypted ciphertext are slightly modified though we use only original delegatee secret keys for decryption. The other is the relaxed variant of UPRE based on oblivious transfer and garbled circuits. It can re-encryption ciphertexts polynomially many times.

The supported PKE schemes by the first and second generic constructions vary in the underlying hard problems or cryptographic tools. The third generic construction supports any CPA-secure PKE. The security levels of our UPRE schemes vary in the underlying hard problems or cryptographic tools that they rely on.

Worcester Polytechnic Institute (WPI) is inviting applications for a tenure track faculty position in the Department of Electrical and Computer Engineering at the Assistant, Associate, or Full Professor level.

The successful candidate will have a strong background in the broad area of Cybersecurity and privacy, with expertise subdomains including Blockchains and decentralized trust, secure computation, hardware security and side-channel analysis, adversarial learning, and security in the cloud and IoT devices.

Candidates must have a Ph.D. degree in Electrical Engineering, Computer Engineering or related areas with outstanding academic credentials that clearly demonstrate their ability to conduct independent and successful research in their areas of expertise and to build cross-disciplinary research programs. Applicants must show potential for an innovative and sustainable research and teaching career. WPI expects faculty to be involved in a balance of research, teaching and service activities, including mentoring student project and thesis work at the undergraduate, master’s and doctoral levels.

Applications should include curriculum vitae, statements of teaching and research interests, and a list of five professional references. This search will remain open until the position is filled.

Closing date for applications: 1 July 2019

Contact: Berk Sunar, sunar\'at\'wpi.edu

More information: https://careers.wpi.edu/postings/6131

Overview

ALIBABA GROUP’S MISSION IS TO MAKE IT EASY TO DO BUSINESS ANYWHERE. Our businesses are comprised of core commerce, cloud computing, digital media and entertainment, and innovation initiatives. An ecosystem has developed around our platforms and businesses that consists of consumers, merchants, brands, retailers, other businesses, third-party service providers and strategic alliance partners.

The Group

We are a cryptography research group that aim to secure data sharing in Alibaba. We do research in state-of-the-art cryptographic techniques, and integrate them in Alibaba’s daily business. Our group is looking for talented developers to join our team as (senior) cryptography engineers. The job involves studying advanced cryptography techniques and developing libraries and applications based on them.

Requirement and responsibilities:

1. Good knowledge of C/C++/Java/Python (at least one of them)
2. Solid cryptography background, e.g., good knowledge of symmetric/asymmetric encryption, hash algorithms, etc.
3. Enthusiastic in learning advanced crypto schemes, and able to apply them in practice.
4. Strong interest in information security, and willingness to devote into the business of data privacy protection in the big data era.

Any knowledge below is a strong plus (but not required):

1. Publication in top-tier security conferences
2. Experience in secure processing of big data
3. Knowledge of machine learning
4. Knowledge and practice in state-of-the-art crypto techniques: homomorphic encryption, multiparty computation, post-quantum cryptography, differential privacy, etc.

Location:

Hangzhou or Beijing in China (strong applicants can be based in US depending on the interviews)

Closing date for applications: 1 July 2019

Contact: Cheng Hong (Email: vince.hc (at) alibaba-inc.com)