International Association
for Cryptologic Research

Efficient implementations of software masked designs constitute both an important goal and a significant challenge to Side Channel Analysis attack (SCA) security. In this manuscript we discuss the shortfall between generic C implementations and optimized (inline-)assembler versions while providing a large spectrum of efficient and generic implementations, and exemplifying cryptographic algorithms and masking gadgets with reference to the state of the art. We show the prime performance gaps we can expect between different implementations and suggest how to harness the underlying hardware efficiently, a daunting task for any masking-order or masking algorithm (multiplications, refreshing etc.). This paper focuses on implementations targeting wide vector bitsliced designs such as the ISAP algorithm. We explore concrete instances of implementations utilizing processors enabled by wide-vector capability extensions of the Instruction Set Architecture (ISA); namely, the SSE2/3/4.1, AVX-2 and AVX-512 Streaming Single Instruction Multiple Data (SIMD) extensions. These extensions mainly enable efficient memory level parallelism and provide a gradual reduction in computation-time as a function of the level of extensions and the hardware support for instruction-level parallelism. We also evaluate the disparities between $\mathit{generic}$ high-level language masking implementations for optimized (inline) assemblers and conventional single execution path data-path architectures such as the ARM architecture. We underscore the crucial trade-off between state storage in the data-memory as compared to keeping it in the register-file (RF). This relates specifically to masked designs, and is particularly difficult to resolve because it requires inline-assembler manipulations and is not naively supported by compilers. Moreover, as the masking order ($d$) increases and the state gets larger, there must be an increase in data memory access for state handling since the RF is simply not large enough. This requires careful optimization which depends to a considerable extent on the underlying algorithm to implement. We discuss how full utilization of SSE extensions is not always possible; i.e. when $d$ is not a power of two, and pin-point the optimal $d$ values and very sub-optimal values of $d$ which aggressively under-utilize the hardware. More generally, this manuscript presents several different fully generic masked implementations for any order or multiple highly optimized (inline-)assembler instances which are quite generic (for a wide spectrum of ISAs), and provide very specific implementations targeting specific extensions. The goal is to promote open-source availability, research, improvement and implementations relating to SCA security and masked designs. The building blocks and methodologies provided here are portable and can be easily adapted to other algorithms.

Payment Channel Networks or PCNs solve the problem of scalability in Blockchain by executing payments off-chain. Due to a lack of sufficient capacity in the network, high-valued payments are split and routed via multiple paths. Existing multi-path payment protocols either fail to achieve atomicity or are susceptible to wormhole attack. We propose a secure and privacy-preserving atomic multi-path payment protocol CryptoMaze. Our protocol avoids the formation of multiple off-chain contracts on edges shared by the paths routing partial payments. It also guarantees unlinkability between partial payments. We provide a formal definition of the protocol in the Universal Composability framework and analyze the security. We implement CryptoMaze on several instances of Lightning Network and simulated networks. Our protocol requires 11s for routing a payment of 0.04 BTC on a network instance comprising 25600 nodes. The communication cost is less than 1MB in the worst-case. On comparing the performance of CryptoMaze with several state-of-the-art payment protocols, we observed that our protocol outperforms the rest in terms of computational cost and has a feasible communication overhead.

Quantum mechanical effects have enabled the construction of cryptographic primitives that are impossible classically. For example, quantum copy-protection allows for a program to be encoded in a quantum state in such a way that the program can be evaluated, but not copied. Many of these cryptographic primitives are two-party protocols, where one party, Bob, has full quantum computational capabilities, and the other party, Alice, is only required to send random BB84 states to Bob. In this work, we show how such protocols can generically be converted to ones where Alice is fully classical, assuming that Bob cannot efficiently solve the LWE problem. In particular, this means that all communication between (classical) Alice and (quantum) Bob is classical, yet they can still make use of cryptographic primitives that would be impossible if both parties were classical. We apply this conversion procedure to obtain quantum cryptographic protocols with classical communication for unclonable encryption, copy-protection, computing on encrypted data, and verifiable blind delegated computation.

The key technical ingredient for our result is a protocol for classically-instructed parallel remote state preparation of BB84 states. This is a multi-round protocol between (classical) Alice and (quantum polynomial-time) Bob that allows Alice to certify that Bob must have prepared $n$ uniformly random BB84 states (up to a change of basis on his space). Furthermore, Alice knows which specific BB84 states Bob has prepared, while Bob himself does not. Hence, the situation at the end of this protocol is (almost) equivalent to one where Alice sent $n$ random BB84 states to Bob. This allows us to replace the step of preparing and sending BB84 states in existing protocols by our remote-state preparation protocol in a generic and modular way.

Consider a non-synchronous distributed protocol whose processes solve a decision task by (1) starting with their input values, (2) communicating with each other without synchrony, and (3) producing admissible output values despite arbitrary (Byzantine) failures. Examples of such tasks are broad and range from consensus to reliable broadcast to state machine replication. Unfortunately, it has been known that such distributed protocols cannot ensure safety as soon as more than $t_0$ processes fail.

By contrast, only recently did the community discover that some of these distributed protocols can be made accountable by ensuring that correct processes irrevocably detect at least $t_0 + 1$ faulty processes responsible for any safety violation. This realization is particularly surprising (and positive) given that accountability is a powerful tool to mitigate safety violations in distributed protocols. Indeed, exposing crimes and introducing punishments naturally incentivize exemplarity.

In this paper, we propose a generic transformation of any distributed protocol that solves a decision task into its accountable version. To this end, we first demonstrate that accountability in non-synchronous distributed protocols implies the ability to detect commission faults. Specifically, we show that (1) detections not based on committed commission faults can be wrong (i.e., "false positives''), and (2) (luckily!) whenever safety is violated, "enough'' processes have committed commission faults.

Then, we illustrate why some of these faults, called equivocation faults, are easier to detect than some others, called evasion faults, thus concluding that equivocation faults are preferable causes of safety violations. Finally, we observe that the approach exploited by the well-studied simulation of crash failures on top of Byzantine ones can be slightly modified in order to ensure that the safety of a protocol could only be violated due to equivocation faults. Hence, we base the transformation on the aforementioned approach. Our transformation increases the communication and message complexities of the original distributed protocol by a quadratic multiplicative factor.

Trifork is a family of pseudo-random number generators described in 2010 by Orue et al. It is based on Lagged Fibonacci Generators and has been claimed as cryptographically secure. In 2017 was presented a new family of lightweight pseudo-random number generators: Arrow. These generators are based on the same techniques as Trifork and designed to be light, fast and secure, so they can allow private communication between resource-constrained devices. The authors based their choices of parameters on NIST standards on lightweight cryptography and claimed these pseudo-random number generators were of cryptographic strength. We present practical implemented algorithms that reconstruct the internal states of the Arrow generators for different parameters given in the original article. These algorithms enable us to predict all the following outputs and recover the seed. These attacks are all based on a simple guess-and-determine approach which is efficient enough against these generators. We also present an implemented attack on Trifork, this time using lattice-based techniques. We show it cannot have more than 64 bits of security, hence it is not cryptographically secure.

In this work, we present a hardware implementation of the lightweight Authenticated Encryption with Associated Data (AEAD) SpoC-128. Designed by AlTawy, Gong, He, Jha, Mandal, Nandi and Rohit; SpoC-128 was submitted to the Lightweight Cryptography (LWC) competition being organised by the National Institute of Standards and Technology (NIST) of the United States Department of Commerce. Our implementation follows the Application Programming Interface (API) specified by the cryptographic engineering research group in the George Mason University (GMU). The source codes are available over the public internet as an open-source project.

Security of the many keyed hash-based cryptographic constructions (such as HMAC) depends on the fact that the underlying compression function $g(H,M)$ is a pseudorandom function (PRF). This paper presents key-recovery algorithms for 7 rounds (of 12) of Streebog compression function. Two cases were considered, as a secret key can be used: the previous state $H$ or the message block $M$. The proposed methods implicitly show that Streebog compression function has a large security margin as PRF in the above-mentioned secret-key settings.

Payment channels have been a promising solution to blockchain scalability. While payment channels for script-empowered blockchains (such as Bitcoin and Ethereum) have been well studied, developing payment channels for scriptless blockchains (such as Monero) is considered challenging. In particular, enabling bidirectional payment on scriptless blockchains remains an open challenge. This work closes this gap by providing AuxChannel, the first bi-directional payment channel protocol for scriptless blockchains, meaning that building payment channels only requires the support of verifiably encrypted signature (aka adaptor signature) on the underlying blockchain. AuxChannel leverages verifiably encrypted signature to create a commitment for each off-chain payment and deploys a verifiable decentralised key escrow service to resolve dispute. To enable efficient construction of AuxChannel, we introduce a new cryptographic primitive, named Consecutive Verifiably Encrypted Signature (CVES), as a core building block and it can also be of independent interest for other applications. We provide and implement a provably secure instantiation on Schnorr-based CVES. We also provide a formal security analysis on the security of the proposed AuxChannel.

The Department of Mathematical Sciences at NTNU is looking for a postdoc in public-key cryptography. The position is hosted by Jiaxin Pan. This position is funded by a project from the Research Council of Norway with focus on provable security. Potential topics are, but not limited to, digital signatures, zero-knowledge proofs, and post-quantum cryptography.

The candidate will work on theoretical aspects of public-key cryptography and is expected to publish at IACR conferences (such as Crypto, Eurocrypt, Asiacrypt, etc.) and renowned security conferences (such as IEEE S&P, ACM CCS, etc.). Thus, a track record of publications at these conferences is preferrable for the successful candidate.

Further details: The position holder will participate in many activities of the Cryptology Lab at NTNU which has 9 faculty members working on both applied and theoretical aspects of cryptology. The working place is in Trondheim, Norway. Trondheim is a modern European city with a rich cultural scene. It offers great opportunities for education (including international schools) and possibilities to enjoy nature, culture and family life and has low crime rates and clean air quality.

Application: More details are given here: https://www.jobbnorge.no/en/available-jobs/job/220131/postdoctoral-fellow-in-cryptography. We only accept applications from this jobbnorge.no page.

The deadline for application is the 31st of March, 2022.

Closing date for applications:

Contact: Jiaxin Pan

More information: https://www.jobbnorge.no/en/available-jobs/job/220131/postdoctoral-fellow-in-cryptography

Event date: 13 July to 17 July 2022
Submission deadline: 21 February 2022
Notification: 15 April 2022

Event date: 6 June 2022
Submission deadline: 4 March 2022
Notification: 8 April 2022

Project: Next Generation Wireless Research and Standardization on 5G and Beyond

Applications are invited from Indian nationals for the positions of “Junior Research Fellow.”

Number of Positions: One (1)

Salary : 31,000 per month + 24% HRA

Qualifications:
1ST class Post Graduate Degree in Basic Science with NET* qualification or Graduate Degree in Professional Course with NET* qualification or Post Graduate Degree in Professional Course with NET* qualification.

Desired Qualifications:

a. Degree in computer Science with coding proficiency and any other working experience relevant to the projects.

b. Have some familiarity with one or more of the following: Cryptography, UAS, 5G Security.

c. Special preference will given to people who have prior experience working with 5G standard.

*The requirement of qualifying NET/GATE examination for the selection to the post of JRF/SRF may be relaxed for the candidates who have graduate from Centrally Funded Technical Institute (CFTIs) with a CGPA of more than 8.000 (80% aggregate marks)

How to Apply: Candidates should only apply using the application form download the given link.(https://ird.iitd.ac.in/sites/default/files/ird_nforms/ird_rec_4.pdf)

A duly completed application form along with the candidate’s detailed CV must be mailed at: 5g.bhartischool@gmail.com

The last date for submitting the completed applications by e-mail is 10/02/2022 by 5.00 pm

Closing date for applications:

Contact:
Dr. Dhiman Saha
Assistant Professor
Department of EECS, IIT Bhilai
Email: decipheredlab@iitbhilai.ac.in, get@de.ci.phe.red
For more info on the research group visit: http://de.ci.phe.red

More information: https://lnkd.in/gNfMQ7PB

limited to 2 years, full time, with possibility for extension

Our chair performs research and teaching in the area of IT Security with a strong focus on Network Security and Online Privacy. Our goal is to advance the state of the art in research and to educate qualified computer scientists in the area of IT Security who are able to meet the challenges of the growing demand on securing IT Systems and provide data protection in various areas of our life and society

Tasks:
- Active research in the area of intrusion detection systems (IDS) for critical infrastructures, secure cyber-physical systems, and artificial intelligence / machine learning for traffic analysis
- Implementation and evaluation of new algorithms and methods
- Cooperation and knowledge transfer with industrial partners
- Publication of scientific results
- Assistance with teachingy

The employment takes place with the goal of doctoral graduation (obtaining a PhD degree).

Requirements:
- Master’s degree (or equivalent) in Computer Science or related disciplines
- Strong interest in IT security and/or networking and distributed systems
- Knowledge of at least one programming language (C++, Java, etc.) and one scripting language (Perl, Python, etc.) or strong willingness to quickly learn new programming languages
- Linux/Unix skills
- Knowledge of data mining, machine learning, statistics and result visualization concepts is of advantage
- Excellent working knowledge of English; German is of advantage Excellent communication skills

Applications containing the following documents:
- A detailed Curriculum Vitae
- Transcript of records from your Master studies
- An electronic version of your Master thesis, if possible should be sent in a single PDF file as soon as possible, but not later than 20.02.2022 at itsec-jobs.informatik@lists.b-tu.de.

Closing date for applications:

Contact: Andriy Panchenko

More information: https://www.b-tu.de/en/fg-it-sicherheit

The Safety-Security-Interaction (SSI) group at the Carl von Ossietzky University of Oldenburg invites applications for a full-time position as Doctoral Researcher (Research Assistant/Ph.D. Student) in the domain of Cybersecurity for an initial period of 3 years.

More information: https://uol.de/en/jobs?stelle=68597

Deadline for applications: 21 February 2022, 23:59 CET

Closing date for applications:

Contact: Prof. Dr. Andreas Peter (andreas.peter@uol.de)

More information: https://uol.de/en/jobs?stelle=68597

Event date: 10 June 2022
Submission deadline: 4 March 2022
Notification: 8 April 2022

Event date: 18 September to 21 September 2022

Event date: to
Submission deadline: 15 June 2022
Notification: 24 August 2022

Event date: 25 April to 29 April 2022
Submission deadline: 18 February 2022
Notification: 4 March 2022

PKC 2022 will be held virtually on March 8-11, 2022.

The registration for PKC 2022 is now open: https://pkc.iacr.org/2022/registration.php

Registration is free for IACR members; non-IACR members will be asked to pay the IACR membership fee during registration.

The School of Computer Science & Information Technology (CSIT) seeks to appoint a lecturer (assistant professor) in Computer Science (Cybersecurity) to complement and strengthen the Schools’ research and teaching interests. Computer security has been a topic of research and teaching in the School for over thirty years. The school continues to grow with the appointment of new staff with cyber security expertise, introduction of new courses, and significant development of our cybersecurity research portfolio.

The school strategy is to expand its research and teaching in the area of Cybersecurity and candidates with such expertise are encouraged to apply. The School seeks to appoint a committed computer science academic, a dynamic and thoughtful individual who will contribute to its research-led teaching ethos and research agenda.

The School of CSIT has 32 full-time academic staff and offers degrees at bachelors, masters and doctoral level. It offers a welcoming and open working environment, with excellent administrative and technical support, and an inclusive collegiate experience. Academic staff in the school have leadership roles in major national and international research initiatives, including the SFI funded research centers CONNECT (Centre for Future Networks and Communications), CONFIRM (Centre for Smart Manufacturing), Insight (Centre for Data Analytics), LERO (Irish Software Research Centre), and the SFI research spokes BAV (Blended Autonomous Vehicles) and ENABLE (Smart Communities). In addition, school academics lead and host the SFI Centre for Research Training in Advanced Networks for Sustainable Societies and the SFI Centre for Research Training in Artificial Intelligence. The Cork area is home to a cybersecurity cluster of about 25 companies, including multinationals that are well-known for their security products and services, many of whom the School engages with for student internships, research sponsorship and collaboration.

Candidates should apply before 12 noon (Irish Local Time) on Tuesday, 22nd February 2022

Closing date for applications:

Contact: Informal enquiries can be made, in confidence, to the Head of School, Professor Utz Roedig: u.roedig@ucc.ie

Applications must be submitted online via the University College Cork vacancy portal: https://ore.ucc.ie/

More information: https://www.ucc.ie/en/compsci/vacancies/