International Association
for Cryptologic Research

We use extensions of tropical algebras as platforms for very efficient public key exchange protocols.

In this paper we study a problem which emerged during an attempt to apply a differential cryptanalysis method to the <<Magma>> algorithm. We obtained a general formula of distribution in the difference distribution table of addition modulo $2^n$ and provided an efficient method for computing the distribution in a row with given index. Moreover, an exact formula that may be used to solve the task of counting all the distributions was obtained, and an asymptotically accurate approximation of number of distinct distributions was proved. Finally, we designed an algorithm to generate all distributions in $2^{O(\sqrt{(n)})}$ operations (whereas the corresponding brute-force method takes $2^{\Omega(n)}$).

Several appealing features of cloud computing such as cost-effectiveness and user-friendliness have made many users and enterprises interested to outsource their sensitive data for sharing via cloud. However, it causes many new challenges toward data confidentiality, access control , scalability, and flexibility. Ciphertext-policy Hierarchical attribute-based encryption (CP-HABE) can be a promising solution to the mentioned problems. But, the existing HABE schemes have several limitations in their key delegation and user revocation mechanisms. In this work, to solve these problems, we introduce the concept of \textit{fully distributed revocable } CP-HABE (FDR-CP-HABE) system and propose the first FDR-CP-HABE scheme. The proposed scheme provides a high level of flexibility and scalability in the key delegation and user revocation mechanisms. Moreover, our proposed system is pairing-free and realizes lightweight computing in decryption phase. Indeed, by exploiting the computational operation outsourcing technique, most of the operations have been done by the powerful cloud service provider and very few computations have been leaved to the data user. Also, in our scheme the storage cost on the data user side has been decreased, compared to the other similar works. Moreover, using the hardness assumption of Decisional Bilinear Diffie-Hellman (DBDH) problem, we show that the proposed scheme is adaptively semantically secure in the standard model.

Recently, Karati et al. presented a lightweight certificateless signature scheme for industrial Internet of Things (IIoT) environments, and claimed the scheme was provably secure in the standard model. In this paper, it is indicated that the scheme is not secure by showing two concrete attacks.

At the IEEE Workshop on Information Forensics and Security in 2012, Veugen introduced two ways of improving a well-known secure comparison protocol by Damg{\aa}rd, Geisler and Kr{\o}igaard, which uses additively homomorphic encryption. The first new protocol reduced the computational effort of one party by roughly $50\%$. The second one showed how to achieve perfect security towards one party without additional costs, whereas the original version with encrypted inputs only achieved statistical security. However, the second protocol contained a mistake, leading to incorrect outputs in some cases. We show how to correct this mistake, without increasing its computational complexity.

Decision trees and random forests are widely used classifiers in machine learning. Service providers often host classification models in a cloud service and provide an interface for clients to use the model remotely. While the model is sensitive information of the server, the input query and prediction results are sensitive information of the client. This motivates the need for private decision tree evaluation, where the service provider does not learn the client's input and the client does not learn the model except for its size and the result.

In this work, we identify the three phases of private decision tree evaluation protocols: feature selection, comparison, and path evaluation. We systematize protocols for each of these phases to identify the best available instantiations using the two main paradigms for secure computation: garbling techniques and homomorphic encryption. There is a natural tradeoff between runtime and communication considering these two paradigms: garbling techniques use fast symmetric-key operations but require a large amount of communication, while homomorphic encryption is computationally heavy but requires little communication.

Our contributions are as follows: Firstly, we systematically review and analyse state-of-the-art protocols for the three phases of private decision tree evaluation. Our methodology allows us to identify novel combinations of these protocols that provide better tradeoffs than existing protocols. Thereafter, we empirically evaluate all combinations of these protocols by providing communication and runtime measures, and provide recommendations based on the identified concrete tradeoffs.

The ZK-STARK technology, published by Ben-Sasson et al. in ePrint 2018/046 is hailed by many as being a viable, efficient solution to the scaling problem of cryptocurrencies. In essence, a ZK-STARK proof uses a Merkle-tree to compress the data that needs to be verified, thus greatly reduces the communication overhead between the prover and the verifier. We propose MARVELlous a family of cryptographic algorithms specifically designed for STARK efficiency. The family currently includes the block cipher Jarvis and the hash function Friday. The design of Jarvis is inspired by the design of Rijndael, better known as the AES. By doing so we create a cipher with similar properties to those of Rijndael which allows us to reuse the wide-trail strategy to argue the resistance of the design against differential and linear cryptanalysis and focus our efforts on resistance against algebraic attacks. Friday is a Merkle-Damgard based hash function instantiated with Jarvis as its compression function thus it inherits its security properties up to the birthday bound. Jarvis and Friday have been suggested to be used in the Ethereum protocol by Ben-Sasson in Ethereum's Devcon IV. In this paper, we instantiate versions of Jarvis offering 128, 160, 192 and 256-bit security (both state- and key-size) which are used to implement Friday. We warmly invite the community to study and assess the security of the designs.

In this paper, we describe Mobile CoWPI, a deployable, end-to-end secure mobile group messaging application with proofs of security. Mobile CoWPI allows dynamic groups of users to participate in, join, and leave private, authenticated conversations without requiring the participants to be simultaneously online or maintain reliable network connectivity. We identify the limitations of mobile messaging and how they affect conversational integrity and deniability. We define strong models of these security properties, prove that Mobile CoWPI satisfies these properties, and argue that no protocol that satisfies these properties can be more scalable than Mobile CoWPI. We also describe an implementation of Mobile CoWPI and show through experiments that it is suitable for use in real-world messaging conditions.

A $k$-collision for a compressing hash function $H$ is a set of $k$ distinct inputs that all map to the same output. In this work, we show that for any constant $k$, $\Theta\left(N^{\frac{1}{2}(1-\frac{1}{2^k-1})}\right)$ quantum queries are both necessary and sufficient to achieve a $k$-collision with constant probability. This improves on both the best prior upper bound (Hosoyamada et al., ASIACRYPT 2017) and provides the first non-trivial lower bound, completely resolving the problem.

Whereas it is widely deemed an impossible task to scale One-Time Pad (OTP) without sacrificing information theoretic security or network traffic, this paper presents a paradigm of Scalable OneTime Pad (S-OTP) ciphers based on information conservational computing/cryptography (ICC). Applicability of the new paradigm is analysed. It is shown that ICC enables data compression with quantumfuzzy collective precision to reduce key length to a minimum that used to be deemed impossible. Based on ICC, it is shown that, with a local IEEE binary64 standard computer associated with quantum key distribution (QKD), S-OTP enables secure transmission of long messages or large data sets with significant traffic reduction for post-quantum cryptography. Quantum crypto machinery is proposed. Some open topics are identified for further investigation

The Cryptography Research Group at Microsoft Research seeks outstanding graduate students for summer internships in Redmond in the areas of Homomorphic Encryption, Compilers, Verifiable Computation, Oblivious RAM, Zero-knowledge Proofs, Private Set Intersection, Privacy for ML, Blockchain based applications, privacy preserving systems, applied Secure Multi Party Computation, Differential Privacy, and other areas of applied cryptography.

Interested candidates please send cover letter and resume to CryptIntCV@microsoft.com. Applications will be considered through the spring until all positions are filled, but for full consideration please apply by January 15, 2019.

Closing date for applications: 1 June 2019

Contact: CryptIntCV@microsoft.com

There is vacancy for four PhD positions in computer science at the Department of Informatics. The positions are for a fixed-term period of 3 years with the possibility of a 4th year. A PhD degree in computer science is highly requested by corporate organizations and academia.

Although the positions are intended for the whole department, the Reliable and Secure Communication group is interested in candidates in domains of cryptography and cryptographic Boolean functions.

For more information check

https://www.jobbnorge.no/en/available-jobs/job/160197/phd-position-4-in-computer-science

Closing date for applications: 9 December 2018

Contact: For applicants in cryptography please contact Prof. Tor Helleseth tor.helleseth (at) uib.no

For applicants in cryptographic Boolean functions please contact Dr. habil. Lilya Budaghyan lilya.budaghyan (at) uib.no

More information: https://www.jobbnorge.no/en/available-jobs/job/160197/phd-position-4-in-computer-science

There is a vacancy for a position as a researcher in Cryptology at the Department of Informatics in the Selmer Center for secure and reliable communications. The position is for a period of 2 years and is connected to the project Modern Methods and Tools for Theoretical and Applied Cryptology (CryptoWorld) funded by the Norwegian Research Council.

For more details see

https://www.jobbnorge.no/en/available-jobs/job/160195/researcher-position-in-cryptology

Closing date for applications: 1 December 2018

Contact: Prof. Tor Helleseth

More information: https://www.jobbnorge.no/en/available-jobs/job/160195/researcher-position-in-cryptology

The Information Security & Cryptography Group led by Prof. Michael Backes at the CISPA Helmholtz Center for Information Security is looking for multiple fully-funded Ph.D. students working on machine learning privacy and/or biomedical privacy.

The Information Security & Cryptography group is one of the world-leading research groups concentrating on cutting-edge research in security and privacy. As part of CISPA, the group is located at Saarbruecken, Germany. CISPA is the newest member of the Helmholtz Association, the largest scientific organization in Germany fully committed to scientific excellence and to tackling the grand research challenges in their respective fields. CISPA as the first investment of Helmholtz in computer science is one of the top research centers in information security, it is constantly ranked top-3 in the field worldwide, see, e.g., CSrankings.org (http://csrankings.org/#/index?sec&world).

Requirements:

• A bachelor/master degree in Computer Science, Information Security, Mathematics with excellent grades
• Excellent English
• Excellent programming skills
• Good knowledge about machine learning and/or cryptography

What we offer:

• Full-time working contract
• Excellent research environment
• Strong supervision
• World-class collaborations

To apply, please send your

• CV
• Transcripts
• Motivation letter
• Contact information of two references

to yang.zhang (at) cispa.saarland

Closing date for applications: 1 April 2019

Contact: Yang Zhang, yang.zhang (at) cispa.saarland

We are looking for hardworking and self-driven PhD students to work in the areas of applied cryptography beginning from Fall 2019 (August 2019). University of South Florida is a Rank 1 Research University and offers a competitive salary with an excellent working environment, all within a close proximity of high-tech industry and beautiful beaches of Sunny Florida. Tampa/Orlando area is a key part of Florida High Technology Corridor, and harbors major tech and research companies. The qualified candidate will have opportunities for research internship and joint-projects with lead-industrial companies.

Topics: Secure and Reliable Blockchain and Cryptocurrencies

• Post-quantum secure blockchains

• Use of blockchains to enhance cyber-security of critical infrastructures

Secure and Reliable Internet of Things and Systems

• Post-quantum secure IoTs and secure voting systems

• Cryptographic primitives for IoTs

Trustworthy Machine Learning (TML)

• Privacy-preserving machine learning

• Adversarial machine learning

Breach-Resilient Cyber-Infrastructures:

• New searchable encryption and Oblivious RAM schemes

• Privacy Enhancing Technologies for genomic and medical data

Requirements:

• A BS degree in computer science, electrical engineering or mathematics with a high-GPA.

• Very good programming skills (e.g., C, C++), familiarity with OS/Systems.

• Good Academic Writing and Presentation Skills.

• MS degree in computer science, electrical engineering or mathematics is a big plus. Publications in security and privacy are highly desirable.

Please send (by e-mail): (i) Transcripts, (ii) Curriculum vitae, (iii) Three reference letters, (iv) Research statement, (v) GRE and TOEFL scores,

Closing date for applications: 1 February 2019

Contact: Dr. Attila A. Yavuz is an Assistant Professor and the Director of Applied Cryptography Research Laboratory in the Department of Computer Science and Engineering at University of South Florida.

http://www.csee.usf.edu/~attilaayavuz/

attilaayavuz (at) usf.edu

More information: http://www.csee.usf.edu/~attilaayavuz/article/PositionDescrption_at_USF_Fall2019.pdf

Singapore University of Technology and Design (SUTD) is a young university which was established in collaboration with MIT. I am looking for promising PhD students who are interested in working in the area of cyber security. The position is fully funded up to 4 years with very competitive scholarship and overseas research attachment opportunities.

Candidates should have an excellent background (with Bachelor or Master degree and CGPA>80%) in mathematics or computer science/engineering and the ability to work on inter-disciplinary research projects. Acquaintance with cryptography and network/system security concepts as well as some programming skills will be considered as strong assets.

For the Sept 2019 intake, the application deadline is 31st Dec 2018. More information of the PhD program is available at https://istd.sutd.edu.sg/phd/phd-overview/.

Interested candidates please send your CV to Prof. Jianying Zhou

Closing date for applications: 31 December 2018

Contact: Jianying Zhou

More information: http://jianying.space/

Within the Faculty of Electrical Engineering, Mathematics and Computer Science, the Services and Cyber-Security (SCS) research group is looking for a highly motivated Assistant Professor in Digital Security & Privacy (broadly conceived).

For more information, please check the link provided below.

Closing date for applications: 1 December 2018

More information: https://www.utwente.nl/en/organization/careers/vacancy/!/562764/assistant-professor-in-digital-security-privacy

The Faculty of Mathematics, Informatics and Mechanics at University of Warsaw (MIM UW) invites applications for assistant professor (“adiunkt” in Polish) positions in computer science with specialization “computer systems”, starting on 1st Feb 2019 or on 1st Oct 2019.

The successful candidate will be required to conduct research and teach in some of the following areas: concurrent programming, operating systems, computer networks, web applications, security of computer systems or cryptography. The contract is for 4 years, with a possible extension to indefinite employment after a positive result of an employee evaluation.

MIM UW is one of the strongest computer science faculties in Europe. It is known for talented students (e.g., two wins and 13 times in top ten at the ACM International Collegiate Programming Contest) and strong research teams, especially in theoretical aspects of computer science like algorithms, logic and automata, cryptography (e.g., 9 ERC grants in these fields). For an overview of research areas represented in the Faculty, see http://www.mimuw.edu.pl/en/dziedziny-badan

Requirements:

- PhD degree in computer science or mathematics

- Strong publication record in international computer science journals/conferences

- Teaching experience

- Mobility record (participation in conferences, postdoc positions, etc.)

Deadline for applications: 30th November 2018.

Closing date for applications: 30 November 2018

Contact: Lukasz Kowalik (kowalik (at) mimuw.edu.pl) or Aleksy Schubert (alx (at) mimuw.edu.pl)

More information: https://www.mimuw.edu.pl/rozne/konkursy-pliki/2018/praca-adiunkt-nauk-sys-komp-II-30-11-2018-en.pdf

The Network and Information Security Group (NISEC) is currently looking for up to 2 motivated and talented researchers (Postdoctoral Researchers) to contribute to research projects related to applied cryptography, security and privacy.

The successful candidates will be working on the following topics (but not limited to):

• Analysis and design of Searchable Encryption schemes and data structures enabling efficient search operations on encrypted data;
• Restricting the type of access given when granting access to search over one\'s data;
• Processing of encrypted data in outsourced and untrusted environments;
• Applying encrypted search techniques to SGX environments;
• Revocable Attribute-Based Encryption schemes and their application to cloud services;
• Privacy-Preserving Analytics;
• IoT Security.

The positions are strongly research focused. Activities include conducting both theoretical and applied research, the design of secure and/or privacy-preserving protocols, software development and validation, reading and writing scientific articles, presentation of the research results at seminars and conferences in Finland and abroad, acquiring (or assisting in acquiring) further funding.,

Closing date for applications: 20 November 2018

Contact:

Antonis Michalas

antonis.michalas (at) tut.fi

www.amichalas.com

Project Description

In the last decade, the energy sector has been undertaking a significant shift in the way electricity is generated, traded and consumed. With the introduction of smart meters - devices that can measure and communicate users\' electricity consumption every several minutes - more and more innovative services become available to users.

One of these services is the peer-to-peer (p2p) electricity trading that allows users to trade electricity among themselves (via trading platforms), rather than buying from (or selling to) their suppliers. For example, a user with a solar panel can sell directly his/her excess electricity to another user, and vice versa. Such markets have huge potentials as, apart from bringing extra profit to their participants, they can also contribute to increasing the uptakes of renewables.

However, such p2p trading requires complex interactions and data exchanges among various existing and new market players, inevitably introducing several security and privacy issues. Considering the time and computational constraints of the market operations, as well as the interconnectedness and interdependence between different market players, ensuring secure data exchanges in p2p markets is not trivial. Entities need to authenticate each other and be assured of the integrity of the messages they receive. Similarly, ensuring that personal data of users are not revealed to any party is not straightforward. Examples of personal data are users\' names, addresses, electricity consumption, preferences, monthly bills, etc.

The aim of this project is to apply (a combination of) various (computationally-demanding) advanced cryptographic technologies, such as blockchain, smart contracts and secure multiparty computation, to design p2p electricity trading solutions that achieve a good balance between security, user privacy, usability and energy efficiency.

Funding

Fully funded PhD opportunity for an UK/EU student: untaxed stipend of £14,777 per annum + tuition fees

Closing date for applications: 30 November 2018

Contact: Dr Mustafa A. Mustafa email: mustafa.mustafa(at)manchester.ac.uk

More information: http://www.cs.manchester.ac.uk/study/postgraduate-research/projects/description/?projectid=18311