International Association
for Cryptologic Research

We introduce a new technique for compressing the public keys of the UOV signature scheme that makes use of block-anti-circulant matrices. These matrices admit a compact representation as for every block, the remaining elements can be inferred from the first row. This space saving translates to the public key, which as a result of this technique can be shrunk by a small integer factor. We propose parameters sets that take into account several important attacks.

We propose new constructions of leakage-resilient public-key encryption (PKE) and identity-based encryption (IBE) schemes in the bounded retrieval model (BRM). In the BRM, adversaries are allowed to obtain at most $\ell$-bit leakage from a secret key and we can increase $\ell$ only by increasing the size of secret keys without losing efficiency in any other performance measure. We call $\ell/|\textsf{sk}|$ leakage-ratio where $|\textsf{sk}|$ denotes a bit-length of a secret key. Several PKE/IBE schemes in the BRM are known. However, none of these constructions achieve a constant leakage-ratio under a standard assumption in the standard model. Our PKE/IBE schemes are the first schemes in the BRM that achieve leakage-ratio $1-\epsilon$ for any constant $\epsilon>0$ under standard assumptions in the standard model. As previous works, we use identity-based hash proof systems (IB-HPS) to construct IBE schemes in the BRM. It is known that a parameter for IB-HPS called the universality-ratio is translated into the leakage-ratio of the resulting IBE scheme in the BRM. We construct an IB-HPS with universality-ratio $1-\epsilon$ for any constant $\epsilon>0$ based on any inner-product predicate encryption (IPE) scheme with compact secret keys. Such IPE schemes exist under the $d$-linear, subgroup decision, learning with errors, or computational bilinear Diffie-Hellman assumptions. As a result, we obtain IBE schemes in the BRM with leakage-ratio $1-\epsilon$ under any of these assumptions. Our PKE schemes are immediately obtained from our IBE schemes.

TOHA is Key Hardened Function designed in the general spirit of sequential memory- hard function which based on secure cryptographic hash function, the idea behind its design is to make it harder for an attacker to perform some generic attacks and to make it costly as well, TOHA can be used for deriving keys from a master password or generating keys with length of 256-bit to be used in other algorithm schemes, general approach is to use a password and a salt like a normal scheme plus other parameters, and you can think of the salt as an index into a large set of keys derived from the same password, and of course you don’t need to hide the salt to operate.

We propose a simple and general framework for constructing oblivious transfer (OT) protocols that are \emph{efficient}, \emph{universally composable}, and \emph{generally realizable} from a variety of standard number-theoretic assumptions, including the decisional Diffie-Hellman assumption, the quadratic residuosity assumption, and \emph{worst-case} lattice assumptions.

Our OT protocols are round-optimal (one message each way), quite efficient in computation and communication, and can use a single common string for an unbounded number of executions. Furthermore, the protocols can provide \emph{statistical} security to either the sender or receiver, simply by changing the distribution of the common string. For certain instantiations of the protocol, even a common \emph{random} string suffices.

Our key technical contribution is a simple abstraction that we call a \emph{dual-mode} cryptosystem. We implement dual-mode cryptosystems by taking a unified view of several cryptosystems that have what we call ``messy'' public keys, whose defining property is that a ciphertext encrypted under such a key carries \emph{no information} (statistically) about the encrypted message.

As a contribution of independent interest, we also provide a multi-bit version of Regev's lattice-based cryptosystem (STOC 2005) whose time and space efficiency are improved by a linear factor in the security parameter $n$. The amortized encryption and decryption time is only $\tilde{O}(n)$ bit operations per message bit, and the ciphertext expansion can be made as small as a constant; the public key size and underlying lattice assumption remain essentially the same.

We are looking for PhD interns with interest on blockchain and PKC. The attachment will be at least 3 months. Allowance will be provided for local expenses.

Interested candidates please send your CV with a research statement to Prof. Jianying Zhou . Only short-listed candidates will be contacted for interview.

Closing date for applications: 31 March 2019

Contact: Prof. Jianying Zhou

More information: http://jianying.space/

Event date: 5 June to 7 June 2019
Submission deadline: 30 March 2019
Notification: 30 April 2019

Event date: 16 June 2019
Submission deadline: 1 March 2019
Notification: 1 April 2019

Event date: 23 September to 27 September 2019
Submission deadline: 22 April 2019
Notification: 21 June 2019

PhD and Postdoc positions are available in the new research group in Applied Cryptography being set up by Kenny Paterson in the Department of Computer Science at ETH Zurich, Switzerland.

Candidates for PhD positions should already have, or be near to completing, a Masters in Computer Science and/or Mathematics. They should have a demonstrable interest in Applied Cryptography.

Candidates for Postdoc positions should additionally be able to demonstrate creativity, independence and excellence in Applied Cryptography research. Applications from people with interests in all areas of the field are welcome.

Positions are available from Spring 2019. The selection process will run until suitable candidates have been found.

Initial enquiries should be sent by email, with subject line *Application for Postdoc* or *Application for PhD*, and addressed directly to Prof. Kenny Paterson.

Closing date for applications: 1 December 2019

Contact: Kenny Paterson - kenny.paterson (at) inf.ethz.ch

More information: https://www.inf.ethz.ch/

The Department of Computer Science at the University of Hong Kong is looking for Postdoc Research Fellow/Research Assistants. He/she should possess experience or interest in at least some of the following research areas:

• Public Key Cryptography

• Privacy-enhancing technologies

• Blockchain security and privacy

• Applied cryptography, especially in the area of Fintech

Job requirements:

• Strong publication record in cryptography and cyber security area

• Good communication skills, self-motivated and good team players

• Some experience in programming is a plus

The funding is available for one year with a flexible starting date, a very competitive salary and a possibility of extension upon successful performance. Doing research in Hong Kong, an international financial center, allows you to have more collaboration opportunities with the industry and to apply your knowledge in the real world.

To apply for the above position, please send a copy of your recent CV to “thyuen at cs dot hku dot hk” with an email subject “Application for PDF/RA”.

Closing date for applications: 30 June 2019

Contact: Name: John Yuen

Email: thyuen at cs dot hku dot hk

The Coding Theory and Cryptology (CC) group of the Discrete Mathematics (DM) section of the Department of Mathematics and Computer Science (M&CS) at Eindhoven University of Technology (TU/e) intends to fill a full-time position for a (tenure-track) assistant professor in Coding Theory.

Closing date for applications: 14 March 2019

Contact: Tanja Lange, TU/e, t.lange (at) tue.nl

More information: https://jobs.tue.nl/en/vacancy/tt-assistant-professor-coding-theory-449061.html

The symmetric crypto group at the Ruhr University Bochum is looking for Ph.D. students and postdoctoral researchers in the area of symmetric crypto.

The group is part of the Horst Görtz Institute for IT Security. It is regarded as one of the top research institutions, has Europe\'s largest IT security training programs, maintains extensive networks with the scientific communication and industry, and has produced numerous successful cyber security start-ups. This outstanding environment offers excellent working conditions in an extremely topical and exciting field.

The symmetric crypto group is looking for excellent M.Sc. graduates with outstanding grades and degrees in computer science, mathematics, or related disciplines.

In addition, we are looking for outstanding postdoctoral candidates with a strong track record in symmetric cryptography.

We offer three-year positions for M.Sc. graduates. Postdoctoral positions are limited to two years. The salary will be according to the remuneration group E 13 TV-L (full-time).

Are you interested?

Please send your complete application documents in one single pdf file (max. 10 MB) by January 31, 2019 to: gregor.leander (at) rub.de

Required documents are:

- Letter of motivation

- Curriculum vitae,

- Master\'s certificate,

- Doctoral certificate, if applicable.

At Ruhr University Bochum, we seek to promote the careers of women particularly in those areas in which they are underrepresented, and we are therefore particularly pleased to receive applications from female candidates. Applications by suitable candidates with severe disabilities and other applicants with equal legal status are likewise most welcome.

Closing date for applications: 31 January 2019

We are looking for outstanding Post doctoral researchers working on topics related to cryptography and IT Security.

Current topics of interest include (but are not limited to):

- Blockchains and cryptocurrencies

- Secure cryptographic implementations

- Leakage/tamper resilient cryptography

- Distributed cryptography

The application must include a curriculum vitae, a short research statement, and names of 2 contacts that can provide reference about the applicant and her/his work. The candidate shall be able to show solid expertise in cryptography/IT Security illustrated in form of publications at major crypto/security venues such as CRYPTO, EUROCRYPT, ASIACRYPT, TCC, PKC, CHES, FC, ACM CCS, IEEE S&P, USENIX Security, NDSS etc.

The position can be partially funded by the Ethereum Foundation and hence offers an internationally competitive salary including social benefits, and the opportunity for close collaboration with one of the leading cryptocurrencies.

TU Darmstadt offers excellent working environment in the heart of the Rhein-Main area, and has a strong institute for research on IT security with more than 300 researchers working on all aspects of cybersecurity.

Review of applications starts immediately until the position is filled.

Contact: Prof. Sebastian Faust, Contact: sebastian.faust(at)cs(dot)tu-darmstadt(dot)de

Closing date for applications: 20 March 2019

The Security & Privacy group at TU Wien and the blockchain R&D lab CoBloX are currently looking for outstanding Ph.D. candidates, with a particular focus on:

• security and privacy

• cryptography

• distributed systems

Outstanding candidates in other disciplines are also encouraged to apply. The successful candidates will conduct research in the area of blockchain and distributed ledger technologies. Research topics may cover (but are not limited to):

• formal cryptographic models for security and privacy in blockchain

• cryptographic protocols for blockchain applications

• implementation and evaluation of off-chain protocols in the COMIT network

The employment is a full-time position (40 hrs/week) and the salary is internationally competitive. The working language will be English, knowledge of German is not required.

Interested candidates should send

• a motivation letter

• a transcript of records

• a curriculum vitae

• a publication list

• contact information for two referees

to pedro.sanchez (at) tuwien.ac.at.

TU Wien offers an outstanding research environment and numerous professional development opportunities. The Faculty of Informatics is the largest one in Austria and is consistently ranked among the best in Europe. Vienna features a vibrant and excellence-driven research landscape, with a special focus on blockchain technologies. Finally, Vienna has been consistently ranked by Mercer over the last years the best city for quality of life worldwide.

CoBloX is a research and development (R&D) lab with a goal to make cryptocurrencies instantly spendable anytime anywhere. The mission of CoBloX is to connect anyone and anything to decentralized services in order to build the very fabric of the decentralized future. CoBloX is the creator of the COMIT network which is a completely open source and free to use the network. It is powered by unique cryptographic protocols which allow seamless and trustless cross-blockchain transactions.

Closing date for applications: 31 March 2019

Contact: Pedro Moreno-Sanchez

More information: https://secpriv.tuwien.ac.at/thesis_and_job_opportunities

Hard learning problems are central topics in recent cryptographic research. Many cryptographic primitives relate their security to difficult problems in lattices, such as the shortest vector problem. Such schemes include the possibility of decryption errors with some very small probability. In this paper we propose and discuss a generic attack for secret key recovery based on generating decryption errors. In a standard PKC setting, the model first consists of a precomputation phase where special messages and their corresponding error vectors are generated. Secondly, the messages are submitted for decryption and some decryption errors are observed. Finally, a phase with a statistical analysis of the messages/errors causing the decryption errors reveals the secret key. The idea is that conditioned on certain secret keys, the decryption error probability is significantly higher than the average case used in the error probability estimation. The attack is demonstrated in detail on one NIST Post-Quantum Proposal, ss-ntru-pke, that is attacked with complexity below the claimed security level.

A verifiable random function (VRF) is a pseudorandom function, where outputs can be publicly verified. That is, given an output value together with a proof, one can check that the function was indeed correctly evaluated on the corresponding input. At the same time, the output of the function is computationally indistinguishable from random for all non-queried inputs. We present the first construction of a VRF which meets the following properties at once: It supports an exponential-sized input space, it achieves full adaptive security based on a non-interactive constant-size assumption and its proofs consist of only a logarithmic number of group elements for inputs of arbitrary polynomial length. Our construction can be instantiated in symmetric bilinear groups with security based on the decision linear assumption. We build on the work of Hofheinz and Jager (TCC 2016), who were the first to construct a verifiable random function with security based on a non-interactive constant-size assumption. Basically, their VRF is a matrix product in the exponent, where each matrix is chosen according to one bit of the input. In order to allow verification given a symmetric bilinear map, a proof consists of all intermediary results. This entails a proof size of Omega(L) group elements, where L is the bit-length of the input. Our key technique, which we call hunting and gathering, allows us to break this barrier by rearranging the function, which - combined with the partitioning techniques of Bitansky (TCC 2017) - results in a proof size of l group elements for arbitrary l in omega(1).

We propose an authenticated encryption scheme for the VMPC-R stream cipher. VMPC-R is an RC4-like algorithm proposed in 2013. It was created in a challenge to find a bias-free cipher within the RC4 design scope and to the best of our knowledge no security weakness in it has been published to date. The contribution of this paper is an algorithm to compute Message Authentication Codes (MACs) along with VMPC-R encryption. We also propose a simple method of transforming the MAC computation algorithm into a hash function.

We present NTTRU -- an IND-CCA2 secure NTRU-based key encapsulation scheme that uses the number theoretic transform (NTT) over the cyclotomic ring $Z_{7681}[X]/(X^{768}-X^{384}+1)$ and produces public keys and ciphertexts of approximately $1.25$ KB at the $128$-bit security level. The number of cycles on a Skylake CPU of our constant-time AVX2 implementation of the scheme for key generation, encapsulation and decapsulation is approximately $6.4$K, $6.1$K, and $7.9$K, which is more than 30X, 5X, and 8X faster than these respective procedures in the NTRU schemes that were submitted to the NIST post-quantum standardization process. These running times are also, by a large margin, smaller than those for all the other schemes in the NIST process. We also give a simple transformation that allows one to provably deal with small decryption errors in OW-CPA encryption schemes (such as NTRU) when using them to construct an IND-CCA2 key encapsulation.

Protean Signatures (PS), recently introduced by Krenn et al. (CANS '18), allow a semi-trusted third party, named the sanitizer, to modify a signed message in a controlled way. The sanitizer can edit signer-chosen parts to arbitrary bitstrings, while the sanitizer can also redact admissible parts, which are also chosen by the signer. Thus, PSs generalize both redactable signature (RSS) and sanitizable signature (SSS) into a single notion. However, the current definition of invisibility does not prohibit that an outsider can decide which parts of a message are redactable - only which parts can be edited are hidden. This negatively impacts on the privacy guarantees provided by the state-of-the-art definition.

We extend PSs to be fully invisible. This strengthened notion guarantees that an outsider can neither decide which parts of a message can be edited nor which parts can be redacted. To achieve our goal, we introduce the new notions of Invisible RSSs and Invisible Non-Accountable SSSs (SSS'), along with a consolidated framework for aggregate signatures. Using those building blocks, our resulting construction is significantly more efficient than the original scheme by Krenn et al., which we demonstrate in a prototypical implementation.

Identity-based broadcast encryption (IBBE) is an effective method to protect the data security and privacy in multi-receiver scenarios, which can make broadcast encryption more practical. This paper further expands the study of scalable revocation methodology in the setting of IBBE, where a key authority releases a key update material periodically in such a way that only non-revoked users can update their decryption keys. Following the binary tree data structure approach, a concrete instantiation of revocable IBBE scheme is proposed using asymmetric pairings of prime order bilinear groups. Moreover, this scheme can withstand decryption key exposure, which is proven to be semi-adaptively secure under chosen plaintext attacks in the standard model by reduction to static complexity assumptions. In particular, the proposed scheme is very efficient both in terms of computation costs and communication bandwidth, as the ciphertext size is constant, regardless of the number of recipients. To demonstrate the practicality, it is further implemented in Charm, a framework for rapid prototyping of cryptographic primitives.