International Association
for Cryptologic Research

This paper proposes Functional Analysis attacks on state of the art Logic Locking algorithms (abbreviated as FALL attacks). FALL attacks have two stages. The first stage identifies nodes involved in the locking functionality and analyzes functional properties of these nodes to shortlist a small number of candidate locking keys. In many cases, this shortlists exactly one locking key, so no further analysis is needed. However, if more than one key is shortlisted, the second stage introduces a SAT-based algorithm to identify the correct locking key from a list of alternatives using simulations on an unlocked circuit.

In comparison to past work, the FALL attack is more practical as it can often succeed (90% of successful attempts in our experiments) by only analyzing the locked netlist, without requiring oracle access to an unlocked circuit. Further, FALL attacks successfully defeat Secure Function Logic Locking (SFLL), the only locking algorithm that is resilient to known attacks on logic locking. Our experimental evaluation shows that FALL is able to defeat 65 out of 80 (81%) circuits locked using SFLL.

With the rapid development of information technology and the continuous evolution of personalized services, huge amounts of data are accumulated by the large Internet company in the process of serving users. Moreover, dynamic data interactions increase the intentional/unintentional privacy persistence in different information systems. However, the following problems such as the short board effect of privacy information preservation among different information systems and the difficulty of tracing the source of privacy violations are becoming more and more serious. Therefore, existing privacy preserving schemes cannot provide a systematic preservation. In this paper, we pay attention to the links of information lifecycle, such as information collection, storage, processing, distribution and destruction. Then we propose the theory of privacy computing and the key technology system, including privacy computing framework, formal definition of privacy computing, four principles that should be followed in privacy computing, algorithm design criteria, evaluation of privacy preserving effect, privacy computing language and so on. Finally, we employ four application scenarios to describe the universal application of privacy computing and prospect of the future research trends. It is expected to guide the theoretical research on user's privacy preservation under open environments.

A threshold secret sharing scheme (with threshold $t$) allows a dealer to share a secret among a set of parties such that any group of $t$ or more parties can recover the secret and no group of at most $t-1$ parties learn any information about the secret. A non-malleable threshold secret sharing scheme, introduced in the recent work of Goyal and Kumar (STOC'18), additionally protects a threshold secret sharing scheme when its shares are subject to tampering attacks. Specifically, it guarantees that the reconstructed secret from the tampered shares is either the original secret or something that is unrelated to the original secret.

In this work, we continue the study of threshold non-malleable secret sharing against the class of tampering functions that tamper each share independently. We focus on achieving greater efficiency and guaranteeing a stronger security property. We obtain the following results:

- Rate Improvement. We give the first construction of a threshold non-malleable secret sharing scheme that has rate $> 0$. Specifically, for every $n,t \geq 4$, we give a construction of a $t$-out-of-$n$ non-malleable secret sharing scheme with rate $\Theta(\frac{1}{t\log ^2 n})$. In the prior constructions, the rate was $\Theta(\frac{1}{n\log m})$ where $m$ is the length of the secret and thus, the rate tends to 0 as $m \rightarrow \infty$. Furthermore, we also optimize the parameters of our construction and give a concretely efficient scheme.

- Multiple Tampering. We give the first construction of a threshold non-malleable secret sharing scheme secure in the stronger setting of bounded tampering wherein the shares are tampered by multiple (but bounded in number) possibly different tampering functions. The rate of such a scheme is $\Theta(\frac{1}{k^3t\log^2 n})$ where $k$ is an apriori bound on the number of tamperings. We complement this positive result by proving that it is impossible to have a threshold non-malleable secret sharing scheme that is secure in the presence of an apriori unbounded number of tamperings.

- General Access Structures. We extend our results beyond threshold secret sharing and give constructions of rate-efficient, non-malleable secret sharing schemes for more general monotone access structures that are secure against multiple (bounded) tampering attacks.

Data Science Program Director

Yeshiva University’s Katz School seeks a dynamic director to serve as academic and administrative lead for its graduate initiatives in Data Science and related programs.

Position Responsibilities:

• Provide transformative direction and oversight in teaching, research and community

• Oversee curriculum development, academic policies, and assessment

• Ensure student academic and professional success

• Lead faculty recruitment, hiring, development, and evaluation

• Recruit highly qualified students, with an expectation of significant program growth

• Obtain relevant industry affiliations and designations

• Raise the visibility of the Katz School and University

• Establish partnerships with local, regional, national, and international organizations

• Develop grants, contracts, philanthropy, and research development

• Manage budgets and resources

Required Experience & Educational Background:

• Master’s degree in data science, computer science, or related field

• Professional experience in data science or related fields

To apply, visit: http://apptrkr.com/1336277

About Us:

Founded in 1886, Yeshiva University (YU) has a strong tradition of combining Jewish scholarship with academic excellence and achievement in the liberal arts, sciences, medicine, law, business, social work, Jewish studies, education, psychology, and more. We seek to attract and retain engaged and committed individuals who contribute to an exciting working environment, where there is a sense of community and belonging, balanced with a significant cross section of people from diverse backgrounds working and studying together.

Yeshiva University is an equal opportunity employer committed to hiring minorities, women, individuals with disabilities and protected veterans.

Closing date for applications:

More information: http://apptrkr.com/1336277

We are looking for a bright post-doctoral researcher focusing in theoretical cryptography and more precisely verifiable delegation of computation to work on a collaborative project on cloud-assisted computing.

The position is fully funded for 2 years and it would be extended under conditions for 2 more.

The post-doc will be hired at the department of Computer Science and Engineering at Chalmers and will be working under the supervision of Prof. Katerina Mitrokotsa.

The preferred starting date is in April 2019.

To apply send an email with subject: post-doc in cryptography and the following documents:

- CV, research statement, list of publications and names of at least two referees

Closing date for applications: 5 January 2019

Contact: Katerina Mitrokotsa

Associate Professor,

Chalmers University of Technology

Department of Computer Science and Engineering,

Gothenburg, Sweden

More information: http://www.cse.chalmers.se/~aikmitr/

Applications are invited for a post-doctoral fellow (PDF) and a doctoral (PhD) student in one or more of these areas: cryptographic engineering or applied cryptography as they relate to blockchain technologies, cryptocurrencies and digital payments. The successful candidates will be working in Professor Anwar Hasan’s research group in the Department of Electrical and Computer Engineering at the University of Waterloo.

PDF applicants with a recent PhD in Computer/Electrical Engineering or Computer Science and publications at premium venues are encouraged to send their CVs and cover letters via email to ahasan at uwaterloo.ca.

PhD student applicants with mathematical maturity and research experience in cryptographic engineering or applied cryptography, who meet the admission requirements for the PhD program in Electrical and Computer Engineering at the University of Waterloo, are encouraged to apply online following this link https://uwaterloo.ca/electrical-computer-engineering/future-graduate-students/programs

Closing date for applications: 11 January 2019

The Canadian Institute for Cybersecurity (CIC) is a comprehensive multidisciplinary training, research and development, and entrepreneurial unit that draws on the expertise of researchers in the social sciences, business, computer science, engineering, law and science.

Position Description:

We are currently looking for PhD and Post-doc researchers to fill various roles within our cyber security research and projects.

Required skills and experience:

- A computer science degree (Master for PhD candidates, PhD for Post-doc candidates) with expertise in network and information security, networking, and other relevant research area. (completed by the start of appointment)

- Strong communication and writing skills.

- Ability to do independent research, as well as to work collaboratively with other team members.

Helpful skills and experience:

- Application development using Java and Python

- Technical abilities in systems design, coding, testing, debugging, and maintenance.

- Demonstrated experience with the design and implementation of large networked and security systems.

Applications will be considered until the available positions are filled. To apply please include your curriculum vitae and the following:

- Research experience (projects, publications, etc.)

- Two representative publications (post-doc candidates)

- Proof of language proficiency (international applicants)

- Contact information (email, address, phone) of three references

Closing date for applications: 30 April 2019

Contact:

Arash Habibi Lashkari, PhD

Assistant Professor and Research Coordinator

Canadian Institute for Cybersecurity (CIC)

University of New Brunswick (UNB)

Fredericton, NB, Canada

A.habibi.l (at) unb.ca

More information: http://www.unb.ca/cic

We are looking for a postdoctoral researcher to work on isogeny-based cryptography.

Previous work in this field would be a plus but is not required. Generally, a strong background in algorithmic number theory, cryptographic protocols, cryptanalysis and/or applied cryptography is sought.

The position is for up to 30 months.

Informal inquiries are welcome.

Closing date for applications: 3 January 2019

Contact: Christophe Petit christophe.f.petit (at) gmail.com

More information: https://atsv7.wcn.co.uk/search_engine/jobs.cgi?SID=amNvZGU9MTc2OTA5NiZ2dF90ZW1wbGF0ZT03Njcmb3duZXI9NTAzMjUyMSZvd25lcnR5c

A PhD position is available to work on isogeny-based cryptography.

The ideal candidate will have a master in Mathematics, Computer Science or Electrical Engineering. Previous knowledge in cryptography and/or number theory is a plus.

Informal inquiries welcome.

Closing date for applications: 14 January 2019

Contact: Christophe Petit christophe.f.petit (at) gmail.com

More information: https://www.birmingham.ac.uk/postgraduate/courses/findaphd.aspx

The program for Real World Crypto 2019 is now published at https://rwc.iacr.org/2019/program.html.

RWC 2019 will be held January 9-11 in San Jose, California, USA.

We prove beyond-birthday-bound security for the well-known types of generalized Feistel networks, including: (1) unbalanced Feistel networks, where the $n$-bit to $m$-bit round functions may have $n\ne m$; (2) alternating Feistel networks, where the round functions alternate between contracting and expanding; (3) type-1, type-2, and type-3 Feistel networks, where $n$-bit to $n$-bit round functions are used to encipher $kn$-bit strings for some $k\ge2$; and (4) numeric variants of any of the above, where one enciphers numbers in some given range rather than strings of some given size. Using a unified analytic framework we show that, in any of these settings, for any $\varepsilon>0$, with enough rounds, the subject scheme can tolerate CCA attacks of up to $q\sim N^{1-\varepsilon}$ adversarial queries, where $N$ is the size of the round functions' domain (the size of the larger domain for alternating Feistel). This is asymptotically optimal. Prior analyses for generalized Feistel networks established security to only $q\sim N^{0.5}$ adversarial queries.

In this paper we are proposing a new member in the SNOW family of stream ciphers, called SNOW-V. The motivation is to meet an industry demand of very high speed encryption in a virtualized environment, something that can be expected to be relevant in a future 5G mobile communication system. We are revising the SNOW 3G architecture to be competitive in such a pure software environment, making use of both existing acceleration instructions for the AES encryption round function as well as the ability of modern CPUs to handle large vectors of integers (e.g. the Advanced Vector Extensions AVX from Intel). We have kept the general design from SNOW 3G, in terms of linear feedback shift register (LFSR) and Finite State Machine (FSM), but both entities are updated to better align with vectorized implementations. The LFSR part is new and operates 8 times the speed of the FSM. We have furthermore increased the total state size by using 128-bit registers in the FSM, we use the full AES encryption round function in the FSM update, and, finally, the initialization phase includes a masking with key bits at its end. The result is an algorithm generally much faster than AES-256 and with expected security not worse than AES-256.

Braid groups are infinite non-abelian groups naturally arising from geometric braids that have been used in cryptography for the last two decades. In braid group cryptography public braids often contain secret braids as a factor and it is hoped that rewriting the product of braid words hides the individual factors. We provide experimental evidence that this is in general not the case and argue that under certain conditions parts of the Garside normal form of factors can be found in the Garside normal form of their product. This observation can be exploited to decompose products in braid groups of the form $ABC$ when only $B$ is known.

Our decomposition algorithm yields a universal forgery attack on WalnutDSA^TM, which is one of the 20 proposed signature schemes that are being considered by NIST for standardization of quantum-resistant public-key cryptographic algorithms. Our attack on WalnutDSA^TM can universally forge signatures within seconds for both the 128-bit and 256-bit security level, given one random message-signature pair. The attack worked on 99.8% and 100% of signatures for the 128-bit and 256-bit security levels in our experiments.

Furthermore, we show that the decomposition algorithm can be used to solve instances of the conjugacy search problem and decomposition search problem in braid groups. These problems are at the heart of other cryptographic schemes based on braid groups.

An attempt to derive signer-efficient digital signatures from aggregate signatures was made in a signature scheme referred to as Structure-free Compact Rapid Authentication (SCRA) (IEEE TIFS 2017). In this paper, we first mount a practical universal forgery attack against the NTRU instantiation of SCRA by observing only 8161 signatures. Second, we propose a new signature scheme (FAAS), which transforms any single-signer aggregate signature scheme into a signer-efficient scheme. We show two efficient instantiations of FAAS, namely, FAAS-NTRU and FAAS-RSA, both of which achieve high computational efficiency. Our experiments confirmed that FAAS schemes achieve up to 100x faster signature generation compared to their underlying schemes. Moreover, FAAS schemes eliminate some of the costly operations such as Gaussian sampling, rejection sampling, and exponentiation at the signature generation that are shown to be susceptible to side-channel attacks. This enables FAAS schemes to enhance the security and efficiency of their underlying schemes. Finally, we prove that FAAS schemes are secure (in random oracle model), and open-source both our attack and FAAS implementations for public testing purposes.

In a recent paper Faonio, Nielsen and Venturi (ICALP 2015) gave new constructions of leakage-resilient signature schemes. The signature schemes proposed remain unforgeable against an adversary leaking arbitrary information on the entire state of the signer, including the random coins of the signing algorithm. The main feature of their signature schemes is that they offer a graceful degradation of security in situations where standard existential unforgeability is impossible. The notion, put forward by Nielsen, Venturi, and Zottarel (PKC 2014), defines a slack parameter $\gamma$ which, roughly speaking, describes how gracefully the security degrades. Unfortunately, the standard-model signature scheme of Faonio,Nielsen and Venturi has a slack parameter that depends on the number of signatures queried by the adversary.

In this paper we show two new constructions in the standard model where the above limitation is avoided. Specifically, the first scheme achieves slack parameter $O(1/\lambda)$ where $\lambda$ is the security parameter and it is based on standard number theoretic assumptions, the second scheme achieves optimal slack parameter (i.e. $\gamma = 1$) and it is based on knowledge of the exponent assumptions. Our constructions are efficient and have leakage rate $1 - o(1)$, most notably our second construction has signature size of only 8 group elements which makes it the leakage-resilient signature scheme with the shortest signature size known to the best of our knowledge.

Proofs of liabilities are used for applications, function like banks or Bitcoin exchanges, to prove the sums of money in their dataset that they should owe. The Maxwell protocol, a cryptographic proof of liabilities scheme which relies on a data structure well known as the summation Merkle tree, utilizes a Merkle approach to prove liabilities in the decentralized setting, i.e., clients independently verify they are in the dataset with no trusted auditor. In this paper, we go into the Maxwell protocol and the summation Merkle tree. We formalize the Maxwell protocol and show it is not secure. We present an attack with which the proved liabilities using the Maxwell protocol are less than the actual value. This attack can have significant consequences: A Bitcoin exchange controlling a total of $n$ client accounts can present valid liabilities proofs including only one account balance in its dataset. We suggest two improvements to the Maxwell protocol and the summation Merkle tree, and present a formal proof for the improvement that is closest in spirit to the Maxwell protocol. Moreover, we show the DAM scheme, a micropayment scheme of Zerocash which adopts the Maxwell protocol as a tool to disincentivize double/multiple spending, is vulnerable to an multi-spending attack. We show the Provisions scheme, which adopts the Maxwell protocol to extend its privacy-preserving proof of liabilities scheme, is also infected by a similar attack.

In this work, we consider the natural goal of designing secret sharing schemes that ensure security against a powerful adaptive adversary who may learn some ``leaked'' information about all the shares. We say that a secret sharing scheme is $p$-party leakage-resilient, if the secret remains statistically hidden even after an adversary learns a bounded amount of leakage, where each bit of leakage can depend jointly on the shares of an adaptively chosen subset of $p$ parties. A lot of works have focused on designing secret sharing schemes that handle individual and (mostly) non-adaptive leakage for (some) threshold secret sharing schemes [DP07,DDV10,LL12,ADKO15,GK18,BDIR18].

We give an unconditional compiler that transforms any standard secret sharing scheme with arbitrary access structure into a $p$-party leakage-resilient one for $p$ logarithmic in the number of parties. This yields the first secret sharing schemes secure against adaptive and joint leakage for more than two parties.

As a natural extension, we initiate the study of leakage-resilient non-malleable secret sharing} and build such schemes for general access structures. We empower the computationally unbounded adversary to adaptively leak from the shares and then use the leakage to tamper with each of the shares arbitrarily and independently. Leveraging our $p$-party leakage-resilient schemes, we also construct such non-malleable secret sharing schemes: any such tampering either preserves the secret or completely `destroys' it. This improves upon the non-malleable secret sharing scheme of Goyal and Kumar (CRYPTO 2018) where no leakage was permitted. Leakage-resilient non-malleable codes can be seen as 2-out-of-2 schemes satisfying our guarantee and have already found several applications in cryptography [LL12,ADKO15,GKPRS18,GK18,CL18,OPVV18].

Our constructions rely on a clean connection we draw to communication complexity in the well-studied number-on-forehead (NOF) model and rely on functions that have strong communication-complexity lower bounds in the NOF model (in a black-box way). We get efficient $p$-party leakage-resilient schemes for $p$ upto $O(\log n)$ as our share sizes have exponential dependence on $p$. We observe that improving this dependence from $2^{O(p)}$ to $2^{o(p)}$ will lead to progress on longstanding open problems in complexity theory.

We construct a genus 2 curve inside the product of 2 elliptic curves. The formula for this construction has appeared in a previous paper. The current paper discusses how this formula arises naturally by using some theory of elliptic Kummer surfaces

Proxy re-encryption (PRE) enables delegation of decryption rights by entrusting a proxy server with special information, that allows it to transform a ciphertext under one public key into a ciphertext of the same message under a different public key. It is important to note that, the proxy which performs the re-encryption learns nothing about the message encrypted under either public keys. Due to its transformation property, proxy re-encryption schemes have practical applications in distributed storage, encrypted email forwarding, Digital Rights Management (DRM) and cloud storage. From its introduction, several proxy re-encryption schemes have been proposed in the literature, and a majority of them have been realized using bilinear pairing. In Africacrypt 2010, the first PKI-based collusion resistant CCA secure PRE scheme without pairing was proposed in the random oracle model. In this paper, we point out an important weakness in the scheme. We also present the first collusion-resistant pairing-free unidirectional proxy re-encryption scheme which meets CCA security under a variant of the computational Diffie-Hellman hardness assumption in the random oracle model.

Proof-of-Stake (PoS) protocols have been actively researched for the past few years. PoS finds direct applicability in permissionless blockchain platforms and emerges as one of the strongest candidates to replace the largely inefficient Proof of Work mechanism that is currently plugged in the majority of existing permissionless blockchain systems. Although a number of PoS variants have been proposed, these protocols suffer from a number of security shortcomings. Namely, most existing PoS variants are either subject to the nothing at stake, the long range, or the stake grinding attacks which considerably degrade security in the blockchain. These shortcomings do not result from a lack of foresight when designing these protocols, but are inherently due to the ease of manipulating "stake" when compared to other more established variants, such as "work". In this paper, we address these problems and propose a secure Proof of Stake protocol, PoTS, that leverages Trusted Execution Environments (TEEs), such as Intel SGX, to ensure that each miner can generate at most one block per "height" for strictly increasing heights—thus thwarting the problem of nothing at stake and a large class of long-range attacks. In combination with TEEs, PoTS additionally uses cryptographic techniques to also prevent grinding attacks and protect against posterior corruption. We show that our protocol is secure, in the sense of well-established cryptographic notions for blockchain protocols, down to realistic hardware assumptions on TEE and well-established cryptographic assumptions. Finally, we evaluate the performance of our proposal by means of implementation. Our evaluation results show that PoTS offers a strong tradeoff between security of performance of the underlying PoS protocol.