International Association
for Cryptologic Research

As surveillance systems are popular, the privacy of the recorded video becomes more important. On the other hand, the authenticity of video images should be guaranteed when used as evidence in court. It is challenging to satisfy both (personal) privacy and authenticity of a video simultaneously, since the privacy requires modifications (e.g., partial deletions) of an original video image while the authenticity does not allow any modifications of the original image. This paper proposes a novel method to convert an encryption scheme to support partial decryption with a constant number of keys and construct a privacy-aware authentication scheme by combining with a signature scheme. The security of our proposed scheme is implied by the security of the underlying encryption and signature schemes. Experimental results show that the proposed scheme can handle the UHD video stream with more than 17 fps on a real embedded system, which validates the practicality of the proposed scheme.

Algorithm substitution attack (ASA) on signatures should be treated seriously as the authentication services of numerous systems and applications rely on signature schemes and compromising them has a significant impact on the security of users. We present a somewhat alarming result in this regard: a highly efficient ASA on the Digital Signature Algorithm (DSA) and its implementation. Compared with the generic ASAs on signature schemes proposed in the literature, our attack provides fast and undetectable subversion, which will extract the user's private signing key by collecting maximum three signatures arbitrarily. Moreover, our ASA is proven to be robust against state reset. We implemented the proposed ASA by replacing the original DSA in Libgcrypt (a popular cryptographic library used in many applications) with our subverted DSA. Experiment shows that the user's private key can readily be recovered once the subverted DSA is used to sign messages. In our implementation, various measures have been considered to significantly reduce the possibility of detection through comparing the running time of the original DSA and the subverted one (i.e. timing analysis). To our knowledge, this is the first implementation of ASA in practice, which shows that ASA is a real threat rather than only a theoretical speculation.

A repair of the Faure-Loidreau (FL) public-key code-based cryptosystem is proposed.The FL cryptosystem is based on the hardness of list decoding Gabidulin codes which are special rank-metric codes. We prove that the recent structural attack on the system by Gaborit et al. is equivalent to decoding an interleaved Gabidulin code. Since all known polynomial-time decoders for these codes fail for a large constructive class of error patterns, we are able to construct public keys that resist the attack. It is also shown that all other known attacks fail for our repair and parameter choices. Compared to other code-based cryptosystems, we obtain significantly smaller key sizes for the same security level.

In this short note we give a polynomial-time quantum reduction from the vectorization problem (DLP) to the parallelization problem (CDHP) for group actions. Combined with the trivial reduction from parallelization to vectorization, we thus prove the quantum equivalence of both problems.

The recently proposed CSIDH primitive is a promising candidate for post quantum static-static key exchanges with very small keys. However, until now there is only a variable-time proof-of-concept implementation by Castryck, Lange, Martindale, Panny, and Renes, recently optimized by Meyer and Reith, that can leak various information about the private key. Therefore, we present a constant-time implementation that samples key elements only from intervals of nonnegative numbers and uses dummy isogenies, which prevents certain kinds of side-channel attacks. We apply several optimizations, e.g. SIMBA and Elligator, in order to get a more efficient implementation.

We present an approach and a tool to answer the need for effective, generic and easily applicable protections against side-channel attacks. The protection mechanism is based on code polymorphism, so that the observable behaviour of the protected component is variable and unpredictable to the attacker. Our approach combines lightweight specialized runtime code generation with the optimization capabilities of static compilation. It is extensively configurable. Experimental results show that programs secured by our approach present strong security levels and meet the performance requirements of constrained systems.

Past few years have seen the emergence of Machine Learning and Deep Learning algorithms as promising tools for profiling attacks, especially Convolutional Neural Networks (CNN). The latters have indeed been shown to overcome countermeasures such as de-synchronization or masking. However, CNNs are not widely used yet and Gaussian Templates are usually preferred. Though their efficiency is highly impacted by the countermeasures previously mentioned, their relevance relies on theoretical and physical justifications fairly recognized among the Side Channel community. Instead, the efficiency of CNNs still raises a certain scepticism as they act as a black-box tool. This scepticism is not specific to the Side Channel Analysis context: understanding to what extent CNNs would be so powerful and how they learn to recognize discriminative features for classification problems is still an open problem. Some methods have been proposed by the computer vision community, without satisfying performance in this field. However, methods based on Sensitivity Analysis particularly fit our problem. We propose to apply one of them called Gradient Visualization that uses the derivatives of a CNN model with respect to an input trace in order to accurately identify temporal moments where sensitive information leaks. In this paper, we theoretically show that this method may be used to efficiently localize Points of Interest in the SCA context. The efficiency of the proposed method does not depend on the particular countermeasure that may be applied to the measured traces as long as the profiled CNN can still learn in presence of such difficulties. In addition, the characterization can be made for each trace individually. We verified the soundness of our proposed method on simulated data and on experimental traces from a public Side Channel database. Eventually we empirically show that Sensitivity Analysis is at least as well as state-of-the-art characterization methods, in presence (or not) of countermeasures.

Cryptographic implementations on embedded systems need to be protected against physical attacks. Today, this means that apart from incorporating countermeasures against side-channel analysis, implementations must also withstand fault attacks and combined attacks. Recent proposals in this area have shown that there is a big tradeoff between the implementation cost and the strength of the adversary model. In this work, we introduce a new combined countermeasure M&M that combines Masking with information-theoretic MAC tags and infective computation. It works in a stronger adversary model than the existing scheme ParTI, yet is a lot less costly to implement than the provably secure MPC-based scheme CAPA. We demonstrate M&M with a SCA- and DFA-secure implementation of the AES block cipher. We evaluate the side-channel leakage of the second-order secure design with a non-specific t-test and use simulation to validate the fault resistance.

A set $S \subseteq \mathbb{F}_2^n$ is called degree-$d$ zero-sum if the sum $\sum_{s \in S} f(s)$ vanishes for all $n$-bit Boolean functions of algebraic degree at most $d$. Those sets correspond to the supports of the $n$-bit Boolean functions of degree at most $n-d-1$. We prove some results on the existence of degree-$d$ zero-sum sets of full rank, i.e., those that contain $n$ linearly independent elements, and show relations to degree-1 annihilator spaces of Boolean functions and semi-orthogonal matrices. We are particularly interested in the smallest of such sets and prove bounds on the minimum number of elements in a degree-$d$ zero-sum set of rank $n$.

The motivation for studying those objects comes from the fact that degree-$d$ zero-sum sets of full rank can be used to build linear mappings that preserve special kinds of \emph{nonlinear invariants}, similar to those obtained from orthogonal matrices and exploited by Todo, Leander and Sasaki for breaking the block ciphers Midori, Scream and iScream.

Seminal results by Luby and Rackoff show that the 3-round Feistel cipher is secure against chosen-plaintext attacks (CPAs), and the 4-round version is secure against chosen-ciphertext attacks (CCAs). However, the security significantly changes when we consider attacks in the quantum setting, where the adversary can make superposition queries. By using Simon's algorithm that detects a secret cycle-period in polynomial-time, Kuwakado and Morii showed that the 3-round version is insecure against quantum CPA by presenting a polynomial-time distinguisher. Since then, Simon's algorithm has been heavily used against various symmetric-key constructions. However, its applications are still not fully explored.

In this paper, based on Simon's algorithm, we first formalize a sufficient condition of a quantum distinguisher against block ciphers so that it works even if there are multiple collisions other than the real period. This distinguisher is similar to the one proposed by Santoli and Schaffner, and it does not recover the period. Instead, we focus on the dimension of the space obtained from Simon's quantum circuit. This eliminates the need to evaluate the probability of collisions, which was needed in the work by Kaplan et al. at CRYPTO 2016. Based on this, we continue the investigation of the security of Feistel ciphers in the quantum setting. We show a quantum CCA distinguisher against the 4-round Feistel cipher. This extends the result of Kuwakado and Morii by one round, and follows the intuition of the result by Luby and Rackoff where the CCA setting can extend the number of rounds by one. We also consider more practical cases where the round functions are composed of a public function and XORing the subkeys. We show the results of both distinguishing and key recovery attacks against these constructions.

We describe a variation of the Schnorr-Lyubashevsky approach to devising signature schemes that is adapted to rank based cryptography. This new approach enables us to obtain a randomization of the signature, which previously seemed difficult to derive for code-based cryptography. We provide a detailed analysis of attacks and an EUF-CMA proof for our scheme. Our scheme relies on the security of the Ideal Rank Support Learning and the Ideal Rank Syndrome problems and a newly introduced problem: Product Spaces Subspaces Indistinguishability, for which we give a detailed analysis. Overall the parameters we propose are efficient and comparable in terms of signature size to the Dilithium lattice-based scheme, with a signature size of less than 4kB for a public key of size less than 20kB.

The website for Crypto 2019 is now live at crypto.iacr.org/2019. The call for papers can be found at crypto.iacr.org/2019/callforpapers.html.

The conference will take place in Santa Barbara, USA on August 18-22, 2019.

Event date: 4 November to 6 November 2019

The Department of Computer Science at the University of Warwick is seeking to recruit an assistant professor in the broad areas of systems and security. Preferably the candidate should have expertise in at least one of the following: system security, applied cryptography, computational science and engineering, real-time and embedded systems. Candidates with interest and a track record in solving real-world problems and/or experience of working with industry are particularly encouraged to apply.

The Department is one of the UK’s most prominent and research-active Computer Science departments, and is an international leader in research and teaching. Ranked 2nd in the most recent Research Excellence Framework out of all UK departments in the CS subject, and ranked top in the 2018 National Student Survey within the Russell Group of research intensive UK universities, the Department is 3rd in the Times and Sunday Times Good University Guide 2019 league table for Computer Science.

Closing date for applications: 10 January 2019

Contact: Informal enquires can be addressed to Professor Ranko Lazic (R.S.Lazic (at) warwick.ac.uk), Professor Stephen Jarvis (Stephen.Jarvis (at) warwick.ac.uk), or Professor Feng Hao (Feng.Hao (at) warwick.ac.uk).

More information: https://atsv7.wcn.co.uk/search_engine/jobs.cgi?owner=5062452&ownertype=fair&jcode=1786691&vt_template=1457&adminview=1

The Computer Science & Engineering (CSE) Department at the University of Connecticut invites applications for the Synchrony-Financial Endowed Chair in Cybersecurity, a tenure-track faculty position at the associate or full professor level. The position has an expected start date of August 23, 2019. This position seeks to advance education and research in Computer Science with a particular emphasis in Cybersecurity or related specialties.

The successful candidate will be expected to develop and sustain an internationally-recognized and externally-funded research program in at least one established or emerging cybersecurity field. The position offers the successful candidate the Synchrony Financial Chair for Cybersecurity, an endowed chair in cybersecurity. The individual appointed to the Chair will be a nationally or internationally recognized researcher, scholar, and teacher, and will have made significant contributions to security fields.

The successful candidate must also share a deep commitment to effective instruction at the undergraduate and graduate levels, development of innovative courses and mentoring of students in research, outreach, and professional development. It is the expectation that the candidate will broaden participation among members of under-represented groups; demonstrate through their teaching, research, and/or public engagement the richness of diversity in the learning experience; integrate multicultural experiences into instructional methods and research tools; and provide leadership in developing pedagogical techniques designed to meet the needs of diverse learning styles and intellectual interests.

This is a full-time, 9-month, tenure track position. Employment is conditional upon the timely completion of an approved I-9 (Employment Eligibility Verification Form). Salary and rank will be commensurate with qualifications.

Closing date for applications: 21 March 2019

More information: https://academicjobsonline.org/ajo/jobs/12084

Applications are open for a PhD studentship looking at Post-Quantum Cryptography.

Research supervision

If successful, you will conduct your research under the supervision of the Chair of Cyber Security Professor Delaram Kahrobaei: https://sites.google.com/a/nyu.edu/delaram-kahrobaei/ at University of York.

Award funding

If successful, you will be supported for three years. Funding includes:

? £14,777 (2018/19 rate) per year stipend

? UK/EU tuition fees

? RTSG (training/consumables/travel) provision

Funding requirements

To be considered for this funding you must:

? meet the entrance requirements for a PhD in Computer Science

? be eligible to pay UK/EU fees

We will look favourably on applicants that can demonstrate knowledge of cryptography, algebra, quantum computation, and who have strong programming and mathematical skills.

Apply for this studentship

1. Apply to study

? You must apply online for a full-time PhD in Computer Science.

? You must quote the project title (Post-Quantum Cryptography Studentship) in your application.

? There is no need to write a full formal research proposal (2,000-3,000 words) in your application to study as this studentship is for a specific project.

2. Provide a personal statement. As part of your application please provide a personal statement of 500-1,000 words with your initial thoughts on the research topic.

Interviews are expected to take place within approximately 14 days of the closing date.

The studentship must begin as soon as possible.

Closing date for applications: 7 January 2019

Contact: Project enquiries

Professor Delaram Kahrobaei, Chair of Cyber Security (delaram.kahrobaei (at) york.ac.uk):

https://sites.google.com/a/nyu.edu/delaram-kahrobaei/

Application enquiries

cs-pg-admissions (at) york.ac.uk

More information: https://www.cs.york.ac.uk/postgraduate/research-degrees/phdstudentships/

The University of Bristol’s Department of Computer Science is seeking to recruit up to two faculty members at the Lecturer, Senior Lecturer, or Reader level in the field of Cryptography. These positions are similar to (tenured) Assistant/ Associate Professor positions in North America and are on full-time, open-ended contracts.

The University of Bristol is a UK Academic Centre of Excellence in Cyber Security Research. The successful candidates will be expected to play a major role in strengthening and growing cryptography research and teaching at Bristol.

Our current expertise spans much of cryptography with emphasis on protocol-level security and secure implementations of cryptography (in particular, side-channel resistance, compiler techniques and microarchitectural support). Academics with expertise in any area of cryptography are encouraged to apply, and we are particularly interested in those specialising in

Symmetric-key cryptography

Post-quantum cryptography

High-assurance cryptography

Applicants with expertise that covers more than one of these areas and/or intersects with our existing strengths are also strongly encouraged.

The application should include:

a cover letter

your CV (including contact information for two references)

a one-page Research Statement detailing your research plans and their impact on the research profile of the Department; and

a one-page Teaching Statement detailing how you intend to contribute to teaching in the Department

The closing date to apply is 31st January 2019. Interviews are expected to take place in the first half of March 2019

Closing date for applications: 31 January 2019

Contact: Bogdan Warinschi (Professor of Computer Science, Department of Computer Science, csxbw (at) bristol.ac.uk) or

Seth Bullock (Head of Department, Department of Computer Science, bullock (at) bristol.ac.uk)

More information: https://bit.do/eCPzo

Event date: 7 July to 12 July 2019
Submission deadline: 15 January 2019
Notification: 3 April 2019

Event date: 5 June to 7 June 2019
Submission deadline: 30 March 2019
Notification: 30 April 2019

Event date: 18 May to 19 May 2019
Submission deadline: 2 February 2019
Notification: 1 April 2019