International Association
for Cryptologic Research

The new Hardware Security lab at TalTech (https://www.taltech.ee/en/), led by Prof. Samuel Pagliarini (https://www.researchgate.net/profile/Samuel_Pagliarini), invites applications for a postdoctoral position. The lab will conduct research in the area of Hardware Security focusing on trustworthy integrated circuit (IC) design, electronic design automation (EDA) for secure systems, Hardware Trojans, reverse engineering, circuit obfuscation, crypto implementation in hardware and other related topics.

Requirements: We are looking for motivated individuals with a strong background in circuit design. Having a PhD degree is mandatory for this position, but candidates close to the completion of a PhD are also encouraged to apply. Previous expertise on Hardware Security is desirable. The candidates are expected to have the following core skills: Ability to describe digital circuitry (preferably in Verilog), Ability to write C++/python scripts for building small EDA tools, Familiarity w/ Cadence tools for IC design (Genus, Innovus, Tempus, Virtuoso, etc.), Strong writing and communicating skills (English) that are compatible with an entry-level research position.

Other skills are considered a plus: Familiarity with EDA tools from other vendors (Calibre, ICC, DC, etc.), Hands-on experience with tapeouts of digital ICs, In-depth understanding of hardware/software boundaries and security implications, In-depth understanding of crypto algorithms and their hardware implementations, Publication(s) in topics related to IC design and security, Experience on writing grant proposals and managing research projects

Closing date for applications:

Contact: Please submit your CV to Prof. Pagliarini by email (sanasc@ttu.ee) using the subject ‘Postdoc in Hardware Security’. Candidates with adequate backgrounds will be invited to interview over Skype. This position has an immediate start date. 

More information: https://www.mendeley.com/careers/job/7310393/postdoctoral-researcher-in-hardware-security/

The new Hardware Security lab at TalTech (https://www.taltech.ee/en/), led by Prof. Samuel Pagliarini (https://www.researchgate.net/profile/Samuel_Pagliarini), invites applications for several fully-funded PhD positions. The lab will conduct research in the area of Hardware Security, focusing on trustworthy integrated circuit (IC) design, electronic design automation (EDA) for secure systems, Hardware Trojans, reverse engineering, circuit obfuscation, crypto implementation in hardware and other similar topics. Requirements: We are looking for motivated PhD students with a strong background in circuit design. Previous expertise on Hardware Security is not required but is desirable. The candidates are expected to hold a master's degree and have the following core skills: - Ability to describe digital circuitry (preferably in Verilog) - Ability to write C++/python scripts for building small EDA tools - Some familiarity w/ Cadence tools for IC design (Genus, Innovus, Tempus, Virtuoso, etc.) - Strong writing skills (English) that are compatible with doctoral-level requirements, i.e., writing academic papers and articles. - In-depth understanding of hardware/software boundaries and security implications - In-depth understanding of crypto algorithms and their hardware implementations All positions have an immediate start date. The nominal duration of a PhD degree is 4 years at TalTech. Salaries are competitive for European PhD scholarships standards.

Closing date for applications:

Contact: Please submit your CV and transcripts to Prof. Pagliarini by email (sanasc@ttu.ee) using the subject ‘PhD in Hardware Security’. Candidates with adequate backgrounds will be invited to interview over Skype.

More information: https://www.jobs.ac.uk/job/BTY880/phd-positions-in-hardware-security

Location: One European capital (to be determined shortly) Available positions: - Team Leader (1): Lead a small cryptography team in the local European office and contribute to research activities as part of the team. The team leader is an established researcher with rich experience in research-related management. - Team Members (6-10): Well-motivated researchers to contribute to research activities performed by the research team. Duties & Responsibilities: - For these positions, the candidates should be prepared to research at the cutting-edge, in areas including but not limited to: Post-quantum cryptography Multi-party computation Fully homomorphic encryption Functional encryption Zero-knowledge proofs Threshold schemes for cryptographic primitives Custom protocol & solutions based on security hardware and cryptography for specific use cases - Publish research results in the top conferences and professional journals. - Formulate research problems based on real-world security requirements and independently conduct high-quality research. Design innovative solutions according to requirements from Huawei’s product lines, while fulfilling various constraints imposed by aspects such as compliance, manufacturing process, hardware capability, performance, cost, etc. Design and develop prototypes; deliver research results and provide a competitive solution to the product lines. - Work on Intellectual Property (i.e. patents) and in standardization activities. - Develop collaborations with industry peers and academia. - Participate and contribute in corporate direction and strategy planning for security technologies. Skills / Qualifications: - Ph.D. in Mathematics, Cryptography, Computer Science, Computer Engineering, Electrical Engineering, or related field with more than 5 years of experience in information security and applied cryptography. - Solid skills in at least one programming language: C, C++, Java, GO, etc. - Good written and verbal communication skills, including fluency in English and/or Chinese languages. - Self-motivated with a strong sense of responsibility. - Strong interpersonal and problem-solving skill

Closing date for applications:

Contact: Dr. Wu Shuang email: wu.shuang@huawei.com

More information: https://www.huawei.com/en/

The School of Business Informatics and Mathematics at the University of Mannheim and the Faculty of Social Sciences, Department of Sociology, at the University of Duisburg-Essen are in total looking for

Two Research Assistants

for a collaboration project on

Privacy-Preserving Record Linkage.

Your key responsibilities: Scientific collaboration within the project of the German Research Foundation (DFG) Development of realistic attack scenarios for the combination of personal data and algorithms to prevent such attacks. In this interdisciplinary project between the two universities, methods for privacy-preserving linkage of sensitive personal data, such as patient data, are investigated and improved. The opportunity for further scientific qualification with the possibility of acquiring a PhD is offered.

Your profile: University degree in Computer Science, Computational Social Science or Statistics of at least 8 semesters. Required are programming skills, interest in the development of algorithms and discrete mathematics. In-depth knowledge of cryptography, computer security or mathematical game theory is of advantage.

• Occupation date: As soon as possible
• Duration of contract: 36 months
• Working time: Full-time position
• Payment: Pay group E 13 TV-L (min. 3800€/month)

The University of Mannheim and the University of Duisburg-Essen pursue the goal of promoting the diversity of their members. They aim to increase the proportion of women in scientific staff and therefore invite women with relevant qualifications to apply. Women with the same qualifications will be given preferential treatment in accordance with the state equality laws. Applications from suitable severely disabled and similar persons within the meaning of § 2 Para. 3 SGB IX are welcome.

Closing date for applications: 31 December 2019

Contact: Please send your application with the usual documents by e-mail to:

Prof. Dr. Rainer Schnell, e-mail: sekretariat.schnell (at) uni-due.de

PQShield Ltd. is a University of Oxford spin-out specialising in Post-Quantum Cryptography (PQC). As an active participant in the NIST PQC standardisation process, our mission is to provide industry-leading implementations and solutions for transition from current standard cryptography to quantum-resistant algorithms.

We invite established Cryptography Engineers to join our development team. Candidates are expected to have a minimum of 3 years of experience in designing, implementing (production quality code), evaluating, and benchmarking various types of cryptosystems (i.e. public and symmetric key algorithms and cryptographic protocols).

You are not afraid to learn new mathematical concepts and have instincts for solid security engineering and elegant architectural design. Since our work is groundbreaking in many ways, our engineering roles require an inquisitive and creative mind (textbooks on post-quantum cryptographic engineering are yet to be written). Enthusiastic and skilful computer programmers are welcome and we encourage new research.

Experience with cryptographic libraries (e.g. OpenSSL and derivatives) is essential. Skills related to systems programming (Rust, C), network programming, mobile and embedded systems (ARM, RISC-V), hardware-software codesign (Verilog, VHDL), and even web application frameworks are beneficial.

The company is offering very competitive packages (including share option scheme, relocation, private health insurance, etc.).

To apply, please send your CV to jobs (at) pqshield.com

Deadline for applications is 15th of August 2019.

Closing date for applications: 15 August 2019

Contact: For informal enquiries, please contact Ali El Kaafarani on elkaafarani (at) pqshield.com

More information: https://pqshield.com

PQShield Ltd. is a University of Oxford spin-out specialising in Post-Quantum Cryptography (PQC). As an active participant in NIST PQC standardisation process, our mission is to provide industry-leading implementations and solutions for transition from current standard cryptography to quantum-resistant algorithms.

We invite established Cryptography Engineers to join our development team. Candidates are expected to have a minimum of 3 years of experience in designing, implementing (production quality code), evaluating, and benchmarking various types of cryptosystems (i.e. public and symmetric key algorithms and cryptographic protocols).

You are not afraid to learn new mathematical concepts and have instincts for solid security engineering and elegant architectural design. Since our work is groundbreaking in many ways, our engineering roles require an inquisitive and creative mind (textbooks on post-quantum cryptographic engineering are yet to be written). Enthusiastic and skilful computer programmers are welcome and we encourage new research.

Experience with cryptographic libraries (e.g. OpenSSL and derivatives) is essential. Skills related to systems programming (Rust, C), network programming, mobile and embedded systems (ARM, RISC-V), hardware-software codesign (Verilog, VHDL), and even web application frameworks are beneficial.

The company is offering very competitive packages (including share option scheme, relocation, private health insurance, etc.).

To apply, please send your CV to jobs (at) pqshield.com

Multiple vacancies are available and deadline for applications is 7th of August 2019.

Closing date for applications: 7 August 2019

Contact: For informal enquiries, contact Ali El Kaafarani on elkaafarani (at) pqshield.com

One fully funded PhD position in symmetric-key cryptography on the topic of “Cryptanalysis of Lightweight Symmetric-key Algorithms”.

Overview of the Project

In this project the candidate will analyse the security of lightweight symmetric-key algorithms such as block ciphers, stream ciphers and hash functions. The targets for analysis will be selected from the following groups: candidates for standardization submitted to the NIST lightweight cryptography (LC) competition, LC algorithms used in existing IoT applications, algorithms based on modular addition.

Candidate’s profile

• Bachelors or Masters degree in computer science, mathematics or related area
• Proficiency in English (both oral and written)
• Strong algorithmic skills and programming experience (C/C++, Python)
• Experience in competitive programming (IOI, CodeForces) and/or Capture-the-Flag competitions is a definite advantage

Studentship and eligibility

The studentship starting in 2019/20 covers:

• Full time PhD tuition fees for a student with UK/EU nationality (£4,327 per annum, subject to annual increment).
• A tax free stipend of GBP £15,009 per year for 3 years.
• Additional programme costs of £1000 per year.

Application Information

Applicants should apply via the University’s admissions portal (EUCLID) by 26 July 2019. After that date applications will be considered until the position is filled. Detailed application instructions including a list of required documents and a link to EUCLID are available on the university website:

https://www.ed.ac.uk/informatics/postgraduate/fees/research-scholarships/research-grant-funding/phd-in-cryptanalysis-of-lightweight-symmetric-key

Closing date for applications: 26 July 2019

Contact: Dr. Vesselin Velichkov, vvelichk (at) ed.ac.uk

More information: https://bit.ly/2XmVygw

The Department of Computer Science at Technische Universität Darmstadt, Germany

Applications are invited for a PhD student (Research Assistant) position in Symmetric-Key Cryptographic Design and/or Network Protocol Analysis. The position is funded through CRISP, the Center for Research in Security and Privacy (https://www.crisp-da.de).

Job Description

The Candidate is expected to perform scientific research in the areas of Symmetric-Key Cryptographic Design and/or Network Protocol Analysis. Specifically the design of Authenticated Encryption schemes (AEAD) that are lightweight or that offer resistance to side channels, and the analysis of cryptographic network protocols like Tor and Signal. The position is based in Darmstadt and will involve international travel to conduct and present research. We provide an optimal working environment and support the researcher to publish results at leading international conferences and journals.

The position is initially offered for three years but can be extended to a longer duration. The starting date is as soon as possible.

Your Profile

• Completed a Master’s degree (or equivalent) with good grades in computer science, mathematics, electrical engineering, or a closely related field.

• Solid mathematical background and good problem-solving skills.

• Fluent in English, both verbal and written, and good communication skills.

• Motivated to conduct research work and able to work independently.

• Proficiency in computer programming, computer networks, Latex, and system administration are considered beneficial but not necessary.

How To Apply

Please submit your application in English consisting of a motivation letter stating why you are interested and qualify for the position, your current curriculum vitae including two references, and copies of relevant certificates and detailed transcripts with grades.

Closing date for applications: 31 August 2019

Contact: Please send your application in a single PDF file to Jean Paul Degabriele (jeanpaul [dot] degabriele [at] crisp-da [dot] de) with the subject line “PhD Application”. Review of applications will start immediately and continue until the position is filled.

The ERC project QUASYModo, started in 2017, has as aim preparing symmetric cryptology for a quantum world.

Our main topics are classical and quantum cryptanalysis of symmetric primitives, quantum algorithms for cryptanalysis and design of quantum-safe symmetric primitives.

QUASYModo is currently formed by 6 members, with regular visits of collaborators.

We have an available Post-doc position for 2 or 3 years for working on the project (the exact subject can be discussed and is flexible). Previous knowledge of cryptanalysis or of quantum algorithms is a requirement (the knowledge of both would be much appreciated, but it is not necessary).

Please, contact María for more information if interested.

Closing date for applications:

Contact: María Naya-Plasencia,

maria.naya_plasencia at inria.fr

More information: https://project.inria.fr/quasymodo/

The positions are for three (3) years, starting in early-mid 2019.

The first position is for Mitigation of Cyberattacks in Wearable Devices and the second position is for Decentralized Privacy-preserving Data Sharing.

The positions are funded by the European Commission under the Marie Curie Initial Training Network (ITN) program RAIS, which focuses on the design of decentralized, scalable and secure collective awareness platforms for real-time data analytics and machine learning, which preserve end-user privacy and information ownership.

Closing date for applications: 31 July 2019

Contact: Prof. Evangelos Markatos

More information: https://bit.ly/2XJgfUZ

Multiple Post-Docs in Post-Quantum Cryptography

Academia Sinica, at the very edge of Taipei, is the national research institute of Taiwan.

Here we have an active group of cryptography researchers, including Dr. Bo-Yin Yang, Dr. Kai-Min Chung, Dr. Tung Chou (joining soon), and Prof. Chen-Mou Cheng (adjunct with National Taiwan University), covering wide research topics in cryptography and actively collaborating with researchers from related research areas such as program verification.

We are looking for Post-Docs in PQC (Post-Quantum Cryptography). Here PQC is broadly defined. Starting date is late 2019 to early 2020, for terms of 1 year, renewable.

Potential PQC research topics include cryptanalysis, implementation, and theory. Bo-Yin is in particular interested in people who have hands on experience with the design, implementation and/or analysis of cryptosystems submitted to NIST\'s post-quantum standardization project, and Kai-Min is looking for people interested in theoretical aspects of Post-Quantum Cryptography, such as security in the QROM model and novel (post-)quantum primitives and protocols. We are also particularly interested in people with diverse background to facilitate collaboration among our group members.

Requires background in mathematics, computer science and cryptography. We desire a research track record in some aspects of post-quantum cryptography, but are especially looking for researchers with a broad research spectrum going from mathematical aspects to the practical side such as implementation aspects.

We offer about 2200 USD (~2000 EUR) per month (commensurate with what a starting assistant professor makes locally) in salary and include a 5000 USD per year personal academic travel budget.

Closing date for applications: 31 December 2019

Contact: Bo-Yin Yang by at crypto dot tw

Kai-Min Chung at kmchung at iis dot sinica dot edu dot tw

Event date: 9 May 2020
Submission deadline: 20 March 2020
Notification: 10 April 2020

Event date: 15 June to 19 June 2020

An exciting new development in differential privacy is the shuffled model, in which an anonymous channel enables circumventing the large errors that are necessary in the local model, while relying on much weaker trust assumptions than in the central model. In this paper, we study basic counting problems in the shuffled model and establish separations between the error that can be achieved in the single-message shuffled model and in the shuffled model with multiple messages per user. For the frequency estimation problem with $n$ users and for a domain of size $B$, we obtain:

- A nearly tight lower bound of $\tilde{\Omega}( \min(n^{1/4}, \sqrt{B}))$ on the error in the single-message shuffled model. This implies that the protocols obtained from the amplification via shuffling work of Erlingsson et al. (SODA 2019) and Balle et al. (Crypto 2019) are essentially optimal for single-message protocols. - A nearly tight lower bound of $\Omega\left(\frac{\log{B}}{\log\log{B}}\right)$ on the sample complexity with constant relative error in the single-message shuffled model. This improves on the lower bound of $\Omega(\log^{1/17} B)$ obtained by Cheu et al. (Eurocrypt 2019).

- Protocols in the multi-message shuffled model with $\mathrm{poly}(\log{B}, \log{n})$ bits of communication per user and $\mathrm{poly}\log{B}$ error, which provide an exponential improvement on the error compared to what is possible with single-message algorithms. They also imply protocols with similar error and communication guarantees for several well-studied problems such as heavy hitters, d-dimensional range counting, and M-estimation of the median and quantiles.

For the related selection problem, we also show a nearly tight sample complexity lower bound of $\Omega(B)$ in the single-message shuffled model. This improves on the $\Omega(B^{1/17})$ lower bound obtained by Cheu et al. (Eurocrypt 2019), and when combined with their $\tilde{O}(\sqrt{B})$-error multi-message algorithm, implies the first separation between single-message and multi-message protocols for this problem.

Given the links between nonlinearity properties and the related tables such as LAT, DDT, BCT and ACT that have appeared in the literature, the boomerang connectivity table BCT seems to be an outlier as it cannot be derived from the others using Walsh-Hadamard transform. In this paper, a brief unified summary of the existing links for general vectorial Boolean functions is given first and then a link between the autocorrelation and boomerang connectivity tables is established.

In 2008, Drimer et al. proposed different AES implementations on a Xilinx Virtex-5 FPGA, making efficient use of the DSP slices and BRAM tiles available on the device. Inspired by their work, in this paper, we evaluate the feasibility of extending AES with the popular GCM mode of operation, still concentrating on the optimal use of DSP slices and BRAM tiles. We make use of a Xilinx Zynq UltraScale+ MPSoC FPGA with improved DSP features. For the AES part, we implement Drimer’s round-based and unrolled pipelined architectures differently, still using DSPs and BRAMs efficiently based on the AES Tbox approach. On top of AES, we append the GCM mode of operation, where we use DSP slices to support the GCM finite field multiplication. This allows us to implement AES-GCM with a small amount of FFs and LUTs. We propose two implementations: a relatively compact round-based design and a faster unrolled design.

Obtaining compact, while cryptographically strong, S-boxes is a challenging task required for hardware implementations of lightweight cryptography. Contrarily to 4-bit permutations design which is somewhat well understood, 8-bit permutations have mainly been investigated only through structured S-boxes built from 4-bit ones by means of Feistel, MISTY or SPN schemes. In this paper, we depart from this common habit and search for compact designs directly in the space of 8-bit permutations. We propose two methods for searching good and compact 8-bit S-boxes. One is derived from an adaptation to 8-bit circuits of a systematic bottom-up exploration already used in previous works for 4-bit permutations. The other is the use of a genetic algorithm that samples solutions in the 8-bit permutations space and makes them evolve toward predefined criteria. Contrarily to similar previous attempts, we chose to encode permutations by their circuits rather than by their tables, which allows to optimize non only w.r.t the cryptographic quality but also w.r.t. compactness. We obtain results which show competitive compared to structured designs and we provide an overview of the relation between quality and compactness in the range of rather small 8-bit circuits. Beside, we also exhibit a 8-gate circuit made of only AND and XOR gates that represents a 4-bit permutation belonging to an optimal equivalence class. This shows that such optimal class can be instantiated by threshold implementation friendly circuits with no extra cost compared to previous works.

S-boxes are the only source of non-linearity in many symmetric primitives. While they are often defined as being functions operating on a small space, some recent designs propose the use of much larger ones (e.g., 32 bits). In this context, an S-box is then defined as a subfunction whose cryptographic properties can be estimated precisely.

In this paper, we present a 64-bit ARX-based S-box called Alzette, which can be evaluated in constant time using only 12 instructions on modern CPUs. Its parallel application can also leverage vector (SIMD) instructions. One iteration of Alzette has differential and linear properties comparable to those of the AES S-box, while two iterations are at least as secure as the AES super S-box.

Since the state size is much larger than the typical 4 or 8 bits, the study of the relevant cryptographic properties of Alzette is not trivial.

Abstract. We present a construction for hash-based one-time group signature schemes, and develop a traceable post-quantum multi-time group signature upon it. A group signature scheme allows group members to anonymously sign a message on behalf of the whole group. The signatures are unforgeable and the scheme enables authorized openers to trace the signature back to the original signer when needed. Our construction utilizes three nested layers to build the group signature scheme. The first layer is key management; it deploys a transversal design to assign keys to the group members and the openers, providing the construction with traceability. The second layer utilizes hash pools to build the group public verification key, to connect group members together, and to provide anonymity. The final layer is a post-quantum hash-based signature scheme, that adds unforgeability to our construction. We extend our scheme to multi-time signatures by using Merkle trees, and show that this process keeps the scalability property of Merkle-based signatures, while it supports the group members signing any number of messages. Keywords: Post Quantum Signatures, Hash-based Signatures, Group Signatures, Transversal Designs, τ−traceability

Revocable identity-based encryption (RIBE) is an extension of IBE which can support a key revocation mechanism, and it is important when deploying an IBE system in practice. Boneh and Franklin (Crypto'01) presented the first generic construction of RIBE, however, their scheme is not scalable where the size of key updates is linear in the number of users in the system. The first generic construction of RIBE is presented by Ma and Lin with complete subtree (CS) method by combining IBE and hierarchical IBE (HIBE) schemes. Recently, Lee proposed a new generic construction using the subset difference (SD) method by combining IBE,identity-based revocation (IBR), and two-level HIBE schemes.

In this paper, we present a new primitive called Identity-Based Encryption with Ciphertext Delegation (CIBE) and propose a generic construction of RIBE scheme via subset difference method using CIBE and HIBE as building blocks. CIBE is a special type of Wildcarded IBE (WIBE) and Identity-Based Broadcast Encryption (IBBE). Furthermore, we show that CIBE can be constructed from IBE in a black-box way. Instantiating the underlying building blocks with different concrete schemes, we can obtain a RIBE scheme with constant-size public parameter, ciphertext, private key and $O(r)$ key updates in the selective-ID model. Additionally, our generic RIBE scheme can be easily converted to a sever-aided RIBE scheme which is more suitable for lightweight devices.