International Association
for Cryptologic Research

Implementing cryptographic algorithms in a tamper resistant way is an extremely complex task as the algorithm used and the target platform have a significant impact on the potential leakage of the implementation. In addition the quality of the tools used for the attacks is of importance. In order to evaluate the resistance of a certain design against electromagnetic emanation attacks – as a highly relevant type of attacks – we discuss the quality of different electromagnetic (EM) probes as attack tools. In this paper we propose to use the results of horizontal attacks for comparison of measurement setup and for determining the best suitable instruments for measurements. We performed horizontal differential electromagnetic analysis (DEMA) attacks against our ECC design that is an im-plementation of the Montgomery kP algorithm for the NIST elliptic curve B-233. We experimented with 7 different EM probes under same conditions: attacked FPGA, design, inputs, measurement point and measurement equipment were the same, excepting EM probes. The used EM probe influences the success rate of performed attack significantly. We used this fact for the comparison of probes and for determining the best suitable one.

In this work, we present generalization and optimization of Dilithium, which is one of the promising lattice-based signature candidates for NIST postquantum cryptography (PQC) standardization. This is enabled by new insights in interpreting the design of Dilithium, in terms of key consensus presented in the KCL key encapsulation mechanism (KEM) proposal to NIST PQC standardization. Based on OKCN developed in KCL, we present a generic and modular construction of lattice-based signature, and make analysis as it is deployed in reality. We thoroughly search and test a large set of parameters in order to achieve better trade-offs among security, efficiency, and bandwidth. On the recommended parameters for about 128-bit quantum security, compared with Dilithium, our scheme is more efficient both in computation and in bandwidth. This work also further justifies and highlights the desirability of OKCN as the same routine can be used for both KEM and signatures, which is useful to simplify system complexity of lattice-based cryptography. Of independent interest is a new estimation of the security against key recovery attacks in reality.

This paper introduces elliptic curves in generalized Huff's model. These curves endowed with addition are shown to be a group over a finite field. We present formulae for point addition and doubling point on the curves and evaluate computational cost of point addition and doubling point using projective, Jacobian and Lopez-Dahab coordinates. It is noted that the computational cost for point addition and doubling on the curves is lower on the projective coordinates than the other mentioned above coordinates.

You have the experience, education and drive to lead. What you\'re missing is the freedom to create your dream. When you join DarkMatter, you\'ll find that freedom and build the future of cyber security in the UAE.

As a Cryptanalyst, you will:

- Analyze, evaluate and target any weaknesses security systems which range from single crypto-primitives to entire protocols, from classical ciphers to the newest lightweight or post-quantum schemes.

- Develop mathematical and statistical models to analyze and solve security data problems.

- Be involved in the analysis of developed cryptosystems within DarkMatter products.

- Collaborate with skillful software, hardware, and telecommunication engineers.

- Work closely with the secure communications team and other teams in the organization.

- Work with latest software and test your code on state-of-the-art High-Performance Devices.

- Conduct research in theoretical and practical cryptanalysis.

- Attend personalized in-house trainings with top cryptographers and international conferences and workshops.

- Enjoy all the cultural, educational and travel opportunities Abu Dhabi offers

- Your personal dream could be the world\'s reality

To bring your dream to life, you\'ll need some of the followings:

- PhD degree in Cryptography, Applied Cryptography, Information Theory and Mathematics, Computer Science or any relevant Engineering degree.

- Extensive experience in theoretical and practical cryptanalysis

Valuable publications in the field of cryptanalysis

- Extensive experience in performing side-channel attacks.

- Deep understanding of various hardware security vulnerabilities and threats.

- Extensive experience developing in various programming languages.

- A passion for solving complex puzzles

Closing date for applications: 12 March 2019

Contact: Mehdi Messaoudi

mehdi.messaoudi (at) darkmatter.ae

More information: https://careers.darkmatter.ae/jobs/cryptanalyst-abu-dhabi-united-arab-emirates

At DarkMatter, we are building an organisation of specialists to provide the ultimate integrated cyber security protection available. Whatever the scope, scale or sensitivity of our clients’ work, we\'ll assess their risks, resolve their vulnerabilities and always keep them ahead of the threat, offering them the best possible products and solutions.

As a Cryptography Embedded Systems Engineer, you will:

- Design, implement and deploy cryptographic algorithms tailored for resource-constrained devices.

- Conduct research and development in lightweight cryptography.

- Perform security assessments of crypto-primitives and cryptosystems suitable for resource-constrained devices at the theoretical and implementation level.

- Work closely with the other teams in the organization to deploy secure embedded systems.

- Be involved in the integration of developed cryptosystems within DarkMatter products.

- Enjoy all the cultural, educational and travel opportunities Abu Dhabi offers.

To bring your dream to life, you’ll need:

- MS or PhD degree in Computer Science, Computer Engineering, Electrical Engineering, Cryptography or related field.

- Development experience within embedded systems, RFID and sensor networks.

- Knowledge of Unix/Linux environments and kernel development.

- Knowledge of one or more of the following: Microcontrollers, SoC, TrustZone, ARM processors, performance optimization, bootloading, firmware, x86 assembly, system BIOS or hardware/software integration.

- Knowledge of side-channel attacks and countermeasures.

- Experience coding in C/C++.

- A desire to innovate in the UAE

Closing date for applications: 12 March 2019

Contact: Mehdi Messaoudi

mehdi.messaoudi (at) darkmatter.ae

More information: https://careers.darkmatter.ae/jobs/cryptography-embedded-systems-engineer-abu-dhabi-united-arab-emirates-8f4ed143-57d6-4

You have the experience, education and drive to lead. What you\'re missing is the freedom to create your dream. When you join DarkMatter, you\'ll find that freedom and build the future of cyber security in the UAE.

As a Cryptography Hardware Engineer, you will:

- Design, implement and deploy cryptographic algorithms on hardware covering but not limited to: post-quantum cryptosystems and stream ciphers.

- Conduct research and development in hardware implementation and optimization and side-channel analysis and countermeasures.

- Perform security assessments of either crypto-primitives or cryptosystems at the theoretical and implementation level.

- Work closely with the secure communications team and other teams in the organization to design end-to-end secure communication protocols using state-of-the art and customized cryptographic algorithms and primitives.

- Be involved in the integration of developed cryptosystems within DarkMatter products.

- Enjoy all the cultural, educational and travel opportunities Abu Dhabi offers

- Your personal dream could be the world\'s reality

To bring your dream to life, you\'ll need:

- PhD degree in Cryptography, Applied Cryptography, Information Theory and Mathematics, Computer Science or any relevant Engineering degree.

- Extensive experience developing in FPGA and/or ASIC.

- Strong foundations in semiconductors, computer architecture and embedded systems.

- Deep understanding of various hardware security vulnerabilities and threats.

- A desire to innovate in the UAE

Closing date for applications: 12 March 2019

Contact: Mehdi Messaoudi

mehdi.messaoudi (at) darkmatter.ae

More information: https://careers.darkmatter.ae/jobs/cryptography-hardware-engineer-abu-dhabi-united-arab-emirates

Abu Dhabi | United Arab Emirates

You have the experience, education and drive to lead. What you’re missing is the freedom to create your dream. When you join DarkMatter, you’ll find that freedom and build the future of cyber security in the UAE.

As a Post-Quantum Crypto Researcher, you will:

- Design, implement and deploy quantum-safe cryptographic algorithms covering both but not limited to: key exchange algorithms and digital signature schemes.

- Conduct research and development in lattice-based, code-based or hash-based cryptosystems.

- Perform security assessments of either crypto-primitives or cryptosystems at the theoretical and implementation level.

- Work closely with the secure communications team and other teams in the organization to design end-to-end secure communication protocols using state-of-the art and customized cryptographic algorithms and primitives.

- Be involved in the integration of developed cryptosystems within DarkMatter products.

- Enjoy all the cultural, educational and travel opportunities Abu Dhabi offers

To bring your dream to life, you’ll need:

- PhD degree in Cryptography, Applied Cryptography, Information Theory and Mathematics or Computer Science.

- Extensive experience developing in various programming languages.

- A desire to innovate in the UAE

Closing date for applications: 12 March 2019

Contact: Mehdi Messaoudi

mehdi.messaoudi (at) darkmatter.ae

More information: https://careers.darkmatter.ae/jobs/post-quantum-crypto-researcher-abu-dhabi-united-arab-emirates

At DarkMatter, we are building an organization of specialists to provide the ultimate integrated cyber security protection available. Whatever the scope, scale or sensitivity of our clients’ work, we\'ll assess their risks, resolve their vulnerabilities and always keep them ahead of the threat, offering them the best possible products and solutions.

As a Senior Cryptography Engineer - Cloud Engineer, you will:

-Design, implement and deploy cryptographic algorithms tailored for a cloud environment.

-Conduct research and development in differential privacy, secret sharing, multi-party secure computation and fully homomorphic encryption.

-Perform security assessments of crypto-primitives, cryptosystems and cloud security solutions at the theoretical and implementation level.

-Work closely with the other teams in the organization to design and deploy safe cloud-based solutions .

-Be involved in the integration of developed cryptosystems within DarkMatter products.

To bring your dream to life, you’ll need:

-PhD degree in Cryptography, Applied Cryptography, Information Theory and Mathematics or Computer Science.

-Extensive experience developing in various programming languages.

-A desire to innovate in the UAE

Closing date for applications:

Contact: Mehdi Messaoudi

Talent Sourcing Specialist

mehdi.messaoudi (at) darkmatter.ae

More information: https://careers.darkmatter.ae/jobs/senior-cryptography-engineer-cloud-engineer-abu-dhabi-united-arab-emirates

The Department of Computer Science at University College London (UCL) invites applications for three faculty positions at all levels in the area of Information Security. We seek world-class talent; candidates must have an outstanding research track record. Appointments will be made at the rank of Lecturer, Associate Professor, or Professor, depending on seniority.

The closing date for applications is 10 January 2019.

We seek applicants with expertise and experience that complements or builds on our current strengths, including but not limited to, the areas of cybercrime, human factors in security, systems and network security, verification and embedded systems security, and software security.

Since we are an experimental Computer Science department, and UCL is strongly committed to multi-disciplinary research, we are looking for researchers who are interested in collaboration with colleagues in the Faculty of Engineering (e.g., Crime Science) and with other research groups and centres within the Computer Science department, e.g., Systems and Networks, Computational Statistics & Machine Learning (CSML), UCL Interaction Centre (UCLIC). The main purpose of this new role is to support the growth of the Computer Department through conducting research, teaching, outreach and entrepreneurial activities in the area of Information Security as well as the supervision of undergraduate, taught graduate and/or research graduate students.

Closing date for applications: 10 January 2019

Contact: Emiliano De Cristofaro, e.decristofaro (at) ucl.ac.uk

More information: https://tinyurl.com/ucl-infosec-positions-2018

Three industrial funded PhD studentships (3-3.5 years) are available at Department of Computer Science, Surrey Centre for Cyber Security, University of Surrey. These studentships are related to industrial blockchain projects. The ideal PhD candidates (holding MSc. degree of Math, Computer Science, Engineering) should be equipped with (at least be interested in) adequate knowledge of programming (e.g., Python, C++, Java), basic knowledge of applied cryptography(e.g., signature, encryption, zero-knowledge proof)/machine learning/formal method, have good communication skill, teamwork awareness, and be willing to work with industries.

The start date of these PhDs will be in January or April 2019.

About SCCS: SCCS was established by the University of Surrey to consolidate and organise its cyber security activities across the University. SCCS is one of the 17 Academic Centres of Excellence in Cyber Security Research (ACEs-CSR) recognised by the UK National Cyber Security Centre (NCSC) in partnership with the Engineering and Physical Sciences Research Council (EPSRC).

Closing date for applications: 31 March 2019

Contact: Dr. Kaitai Liang

k.liang (at) surrey.ac.uk

The Secure embedded system & hardware security team (https://laboratoirehubertcurien.univ-st-etienne.fr/en/teams/secure-embedded-systems-hardware-architectures.html) at Université Jean Monnet (Saint-Etienne, France) is seeking one motivated post-doctoral researcher in the area of hardware security.

The post-doctoral researcher will work with researcher of the group on topic of side-channel analysis and/or random numbers generation. The project aims to scale down randomness requirement for side-channel protected implementations.

Candidates should ideally have already completed, or close to completing a Ph.D. degree in electrical engineering, computer sciences, mathematics, or related disciplines, with strong research track record in relevant area.

This is a full-time, 1-year fixed-term position based in Saint-Etienne; starting date is negotiable from March 2019.

Since the laboratory is located in a restricted area, background of the successful candidate need to be checked by authorities, this step can last 3 months, please consider applying well in advance. There are no nationality restrictions for candidates.

Review of application will start immediately until position is filed.

Please send a CV, a list of publications and contact information for two references.

Closing date for applications: 30 September 2019

Contact: Vincent Grosso, vincent.grosso (at) univ-st-etienne.fr

Applications are invited for a PhD student (Research Assistant) position in Applied Cryptography and Network Security. The position is funded through CRISP, the Center for Research in Security and Privacy (https://www.crisp-da.de).

Job Description

The Candidate is expected to perform scientific research in the areas of cryptography and network security. The position is based in Darmstadt and will involve international travel to conduct and present research. We provide an optimal working environment and support the researcher to publish results at leading international conferences and journals.

The position is initially offered for three years but can be extended to a longer duration. The starting date is as soon as possible.

Your Profile

• Completed a Master’s degree (or equivalent) with good grades in computer science, mathematics, electrical engineering, or a closely related field.

• Solid background in information security, cryptography, discrete mathematics, and algorithms.

• Fluent in English, both verbal and written, and good communication skills.

• Motivated to conduct research work and ability to work independently.

• Proficiency in computer programming, computer networks, Latex, and system administration are considered beneficial but not necessary.

How To Apply

Please submit your application in English consisting of a motivation letter stating why you are interested and qualify for the position, your current curriculum vitae including two references, and copies of relevant certificates and detailed transcripts with grades. Please send your application in a single PDF file to Jean Paul Degabriele (jeanpaul [dot] degabriele [at] crisp-da [dot] de) with the subject line “PhD Application”. Review of applications will start immediately and continue until the position is filled.

Closing date for applications:

Applications are invited for a one-year, full-time doctoral student position starting at the earliest on 01.02.2019 in an Academy of Finland project at the CWC-NS research unit. A trial period of 6 months is applied in the position.

The student selected for the task will be working on the design of secure and/or privacy-preserving protocols and architectures for 5G and beyond 5G networks. The main application area will be network Software Defined Networking (SDN), Network Function Virtualization (NFV) and Network Slicing based 5G and Industrial IoT networks where applications are typically latency-sensitive and produce high amounts of data requiring fast processing and refining. During the studies, the student should be applying (a combination of) various advanced cryptographic technologies, such as light weight authentication mechanisms, encryption algorithms, machine learning and novel technologies such as blockchain, secure transaction methods and smart contracts to design secure communication solutions that achieve a good balance between security, user privacy and usability. The work will include real-world prototyping with relevant technologies. Good knowledge in applied mathematics and experience in software implementations highly required.

The position is supervised by Adj. Prof. Madhusanka Liyanage (technical supervision) and. Assoc. Prof. Mika Ylianttila (responsible supervisor).

Closing date for applications: 31 December 2018

Contact: Contact: Adj. Prof. Madhusanka Liyanage, madhusanka.liyanage(at)oulu.fi;

More information: https://rekry.saima.fi/certiahome/open_job_view.html?did=5600&jc=1&id=00006567&lang=en

This PhD project will investigate implementation aspects of lattice-based cryptography on hardware and software platforms.

Required skills and experience:

Honours undergraduate degree and/or postgraduate degree with Distinction (or an international equivalent) in Electrical/Electronics Engineering or Computer Science or Mathematical Engineering or closely related discipline.

Familiar with cryptography, low-level programming or hardware architecture design using VHDL/Verilog.

More information: https://www.findaphd.com/phds/project/implementation-of-lattice-based-cryptography/?p104419

Closing date for applications: 14 January 2019

Contact: Sujoy Sinha Roy (s.sinharoy (AT) cs.bham.ac.uk)

The TCC steering committee is holding a straw poll regarding some TCC policy issues (see below). You can participate in this straw poll by visiting the form at:

• https://docs.google.com/forms/d/e/1FAIpQLSdG4W8Yy-x8o1g1R3TKLyW49d3nlRizV2AJYjVkJSTmgmU5AA/viewform

The deadline for participating in this straw poll is December 21, 2018.

Event date: 8 July 2019
Submission deadline: 1 March 2019
Notification: 10 April 2019

Let $\Omega$ be a finite set of operation symbols. We initiate the study of (weakly) pseudo-free families of computational $\Omega$-algebras in arbitrary varieties of $\Omega$-algebras. Most of our results concern (weak) pseudo-freeness in the variety $\mathfrak O$ of all $\Omega$-algebras. A family $(H_d)_{d\in D}$ of computational $\Omega$-algebras (where $D\subseteq\{0,1\}^*$) is called polynomially bounded (resp., having exponential size) if there exists a polynomial $\eta$ such that for all $d\in D$, the length of any representation of every $h\in H_d$ is at most $\eta(\lvert d\rvert)$ (resp., $\lvert H_d\rvert\le2^{\eta(\lvert d\rvert)}$). First, we prove the following trichotomy: (i) if $\Omega$ consists of nullary operation symbols only, then there exists a polynomially bounded pseudo-free family in $\mathfrak O$; (ii) if $\Omega=\Omega_0\cup\{\omega\}$, where $\Omega_0$ consists of nullary operation symbols and the arity of $\omega$ is $1$, then there exist an exponential-size pseudo-free family and a polynomially bounded weakly pseudo-free family (both in $\mathfrak O$); (iii) in all other cases, the existence of polynomially bounded weakly pseudo-free families in $\mathfrak O$ implies the existence of collision-resistant families of hash functions. Second, assuming the existence of collision-resistant families of hash functions, we construct a polynomially bounded weakly pseudo-free family and an exponential-size pseudo-free family of computational $m$-ary groupoids (both in $\mathfrak O$), where $m\ge1$. In particular, for arbitrary $m\ge2$, polynomially bounded weakly pseudo-free families of computational $m$-ary groupoids in $\mathfrak O$ exist if and only if collision-resistant families of hash functions exist. Moreover, we present some simple constructions of cryptographic primitives from pseudo-free families satisfying certain additional conditions. These constructions demonstrate the potential of pseudo-free families.

Public-key cryptography applications often require structuring decryption rights according to some hierarchy. This is typically addressed with re-encryption procedures or relying on trusted parties, in order to avoid secret-key transfers and leakages. Using a novel approach, Goubin and Vial-Prado (2016) take advantage of the Multikey FHE-NTRU encryption scheme to establish decryption rights at key-generation time, thus preventing leakage of all secrets involved (even by powerful key-holders). Their algorithms are intended for two parties, and can be composed to form chains of users with inherited decryption rights. In this article, we provide new protocols for generating Excalibur keys under any DAG-like hierarchy, and present formal proofs of security against semi-honest adversaries. Our protocols are compatible with the homomorphic properties of FHE-NTRU, and the base case of our security proofs may be regarded as a more formal, simulation-based proof of said work.

In Identity-based cryptography, in order to generalize one receiver encryption to multi-receiver encryption, wildcards were introduced: WIBE enables wildcard in receivers' pattern and Wicked-IBE allows one to generate a key for identities with wildcard. However, the use of wildcard makes the construction of WIBE, Wicked-IBE more complicated and significantly less efficient than the underlying IBE. The main reason is that the conventional identity's binary alphabet is extended to a ternary alphabet $\{0,1,*\}$ and the wildcard $*$ is always treated in a convoluted way in encryption or in key generation. In this paper, we show that when dealing with multi-receiver setting, wildcard is not necessary. We introduce a new downgradable property for IBE scheme and show that any IBE with this property, called DIBE, can be efficiently transformed into WIBE or Wicked-IBE.

While WIBE and Wicked-IBE have been used to construct Broadcast encryption, we go a step further by employing DIBE to construct Attribute-based Encryption of which the access policy is expressed as a boolean formula in the disjunctive normal form.

Mobile communications are used by more than two thirds of the world population who expect security and privacy guarantees. The 3rd Generation Partnership Project (3GPP) responsible for the worldwide standardization of mobile communication has designed and mandated the use of the AKA protocol to protect the subscribers' mobile services. Even though privacy was a requirement, numerous subscriber location attacks have been demonstrated against AKA, some of which have been fixed or mitigated in the enhanced AKA protocol designed for 5G.

In this paper, we reveal a new privacy attack against all variants of the AKA protocol, including 5G AKA, that breaches subscriber privacy more severely than known location privacy attacks do. Our attack exploits a new logical vulnerability we uncovered that would require dedicated fixes. We demonstrate the practical feasibility of our attack using low cost and widely available setups. Finally we conduct a security analysis of the vulnerability and discuss countermeasures to remedy our attack.