International Association
for Cryptologic Research

We are looking for an excellent, motivated, self-driven doctoral student to work in the area of information security and cryptography. The position is for five years at the Department of Computer Science and Engineering.

The PhD student will join the Chalmers Systems Security group, working in the area of information and communication security with a focus on security and privacy issues in wearable computing devices. More precisely, the student shall be working on investigating efficient authentication mechanisms for wearable computing devices (RFID tags, sensors connected with mobile phones or other wireless devices) that provide: i) accurate and transparent authentication, ii) rigorous privacy guarantees, even if multiple wearable devices are involved in the authentication. The overall aim of the announced PhD position will be to develop nearly optimal algorithms for achieving security while minimising resource use and guaranteeing privacy-preservation.

More concretely, part of the research will involve the analysis and development of authentication protocols in specific settings. This will include investigating resistance of both existing and novel protocols against different types of attacks, theoretically and experimentally. The project should result in the development of theory and authentication mechanisms for noisy, constrained settings that strike an optimal balance between reliable authentication, privacy-preservation and resource consumption.

The PhD student will be supervised by Prof. Katerina Mitrokotsa. Some previous research related to this research project can be found here: http://www.cse.chalmers.se/~aikmitr/

The Institute for Logic, Language & Computation at the University of Amsterdam is looking for a postdoctoral researcher in the area of quantum cryptography, as part of Christian Schaffner’s NWO VIDI Project Cryptography in the Quantum Age.

The aim of the project is to develop new quantum-cryptographic protocols (beyond the task of key distribution) and explore their limitations. An example of an active research is position-based quantum cryptography. Another aspect is to investigate the security of classical cryptographic schemes against quantum adversaries (post-quantum cryptography).

The full-time appointment (38 hours per week) will be on a temporary basis, initially for one year with an extension for a further two years on positive evaluation. Depending on experience, the gross monthly salary will range from €2,476 to €3,908 (scale 10), excl. 8% holiday allowance and 8,3% annual bonus.

Prospective candidates should:

• hold or be about to obtain a PhD degree in computer science, mathematics or physics;

• have a proven track record of excellence in cryptography and/or quantum information, as witnessed by a strong publication list in relevant first-tier conference proceedings or journals;

• have in-depth knowledge of one of the following fields is a plus: parallel repetition, limited-quantum-storage models, continuous variables, quantum security notions;

• have strong passion for research, a drive to publish and the wish to learn new skills through working with or assisting in guiding PhD and MSc students;

• have good communication skills in English, both oral and written.

The Institute for Logic, Language & Computation at the University of Amsterdam is looking for a PhD candidate in the area of quantum cryptography, as part of Christian Schaffner’s NWO VIDI Project Cryptography in the Quantum Age.

The aim of the PhD project is to develop new quantum-cryptographic protocols (beyond the task of key distribution) and explore their limitations. An example of an active research is position-based quantum cryptography. Another aspect is to investigate the security of classical cryptographic schemes against quantum adversaries (post-quantum cryptography).

The full-time appointment at ILLC will be on a temporary basis for a maximum period of four years (18 months plus a further 30 months after a positive evaluation) and should lead to a dissertation (PhD thesis). On the basis of a full-time appointment (38 hours per week), the gross monthly salary amounts to €2,125 during the first year, rising to €2,717 during the fourth year.

Requirements:

• A Master\'s degree with excellent grades in computer science, mathematics or physics with outstanding results or a comparable degree;

• candidates with a strong background in cryptography or quantum information are preferred;

• demonstrated research abilities by completion of an (undergraduate) research project;

• good academic writing and presentation skills;

• good social and organisational skills.

Submission: 1 September 2015
From December 9 to December 11
Location: Beijing, China
More Information: http://icics2015.org/

In this work, we provide a new algebraic framework for pseudorandom functions which encompasses many of the existing algebraic constructions, including the ones by Naor and Reingold (FOCS\'97), by Lewko and Waters (CCS\'09), and by Boneh, Montgomery, and Raghunathan (CCS\'10), as well as the related-key-secure pseudorandom functions by Bellare and Cash (Crypto\'10) and by Abdalla et al. (Crypto\'14). To achieve this goal, we introduce two versions of our framework. The first, termed linearly independent polynomial security, states that the values $(g^{P_1(\\vec{a})}, \\ldots, g^{P_q(\\vec{a})})$ are indistinguishable from a random tuple of the same size, when $P_1, \\ldots, P_q$ are linearly independent multivariate polynomials of the secret key vector $\\vec{a}$. The second, which is a natural generalization of the first framework, additionally deals with constructions based on the decision linear and matrix Diffie-Hellman assumptions. In addition to unifying and simplifying proofs for existing schemes, our framework also yields new results, such as related-key security with respect to arbitrary permutations of polynomials. Our constructions are in the standard model and do not require the existence of multilinear maps.

An Attribute-Based Signcryption (ABSC) is a natural extension of Attribute-Based Encryption (ABE) and Attribute-Based Signature (ABS), where we have the message confidentiality and authenticity together. Since the signer privacy is captured in security of ABS, it is quite natural to expect that the signer privacy will also be preserved in ABSC. In this paper, first we propose an ABSC scheme which is \\textit{weak existential unforgeable, IND-CCA2} secure in \\textit{adaptive-predicates} attack and achieves \\textit{signer privacy}. Secondly, by applying strongly unforgeable one-time signature (OTS), the above scheme is lifted to an ABSC scheme to attain \\textit{strong existential unforgeability} in \\textit{adaptive-predicates} model. Both the ABSC schemes are constructed on common setup, i.e the public parameters and key are same for both the encryption and signature modules. Our first construction is in the flavor of $\\mathcal{C}{t}\\mathcal{E}\\&\\mathcal{S}$ paradigm, except one extra component that will

be computed using both signature components and ciphertext components. The second proposed construction follows a new paradigm (extension of $\\mathcal{C}{t}\\mathcal{E}\\&\\mathcal{S}$), we call it ``Commit then Encrypt and Sign then Sign\" ($\\mathcal{C}{t}\\mathcal{E}\\&\\mathcal{S}{t}\\mathcal{S}$). The last signature is done using a strong OTS scheme. Since the non-repudiation is achieved by $\\mathcal{C}{t}\\mathcal{E}\\&\\mathcal{S}$ paradigm, our systems also achieve the same.

We propose a lightweight coprocessor for 16-bit microcontrollers that implements high security elliptic curve cryptography. It uses a 283-bit Koblitz curve and offers 140-bit security. Koblitz curves offer fast point multiplications if the scalars are given as specific $\\tau$-adic expansions, which results in a need for conversions between integers and $\\tau$-adic expansions. We propose the first lightweight variant of the conversion algorithm and, by using it, introduce the first lightweight implementation of Koblitz curves that includes the scalar conversion. We also include countermeasures against side-channel attacks making the coprocessor the first lightweight coprocessor for Koblitz curves that includes a set of countermeasures against timing attacks, SPA, DPA and safe-error fault attacks. When the coprocessor is synthesized for 130 nm CMOS, it has an area of only 4,323 GE. When clocked at 16 MHz, it computes one 283-bit point multiplication in 98 ms with a power consumption of 97.70 $\\mu$W, thus, consuming 9.56 $\\mu$J of energy.

The all-subkeys recovery (ASR) attack is an extension of the meet-in-the-middle

attack, which allows evaluating the security of a block cipher without analyzing its key

scheduling function. Combining the ASR attack with some advanced techniques such as the

function reduction and the repetitive ASR attack, we show the improved ASR attacks on the

7-round reduced FOX64 and FOX128. Moreover, the improved ASR attacks on the 119-, 105-

and 99-round reduced KATAN32, KATAN48 and KATAN64, and the 42-round reduced SHACAL-2

are also presented, respectively. As far as we know, all of those attacks are the best single-key

attacks with respect to the number of attacked rounds in literature.

In this paper, we study the Learning With Errors problem and its binary variant, where

secrets and errors are binary or taken in a small interval. We introduce a new variant of the Blum,

Kalai and Wasserman algorithm, relying on a quantization step that generalizes and fine-tunes modulus

switching. In general this new technique yields a significant gain in the constant in front of the exponent

in the overall complexity. We illustrate this by solving

p within half a day a LWE instance with dimension

n = 128, modulus q = n^2 , Gaussian noise alpha = 1/(sqrt(n/pi)log^2 n) and binary secret, using 2^28 samples,

while the previous best result based on BKW claims a time complexity of 2^74 with 2^60 samples for the

same parameters.

We then introduce variants of BDD, GapSVP and UniqueSVP, where the target point is required to lie

in the fundamental parallelepiped, and show how the previous algorithm is able to solve these variants

in subexponential time. Moreover, we also show how the previous algorithm can be used to solve the

BinaryLWE problem with n samples in subexponential time 2^((ln 2/2+o(1))n/log log n) . This analysis does

not require any heuristic assumption, contrary to other algebraic approaches; instead, it uses a variant

of an idea by Lyubashevsky to generate many samples from a small number of samples. This makes

it possible to asymptotically and heuristically break the NTRU cryptosystem in subexponential time

(without contradicting its security assumption). We are also able to solve subset sum problems in

subexponential time for density o(1), which is of independent interest: for such density, the previous

best algorithm requires exponential time. As a direct application, we can solve in subexponential time

the parameters of a cryptosystem based on this problem proposed at TCC 2010.

In [Eurocrypt 2004] Katz and Ostrovsky establish the exact round complexity of secure two-party computation with respect to black-box proofs of security. They prove that 5 rounds are necessary for secure two-party protocols (4-round are sufficient if only one party receives the output) and provide a protocol that matches such lower bound. The main challenge when designing such protocol is to parallelize the proofs of consistency provided by both parties - necessary when security against malicious adversaries is considered- in 4 rounds. Toward this goal they employ specific proofs in which the statement can be unspecified till the last round but that require non-black-box access to the underlying primitives.

A rich line of work [IKLP06, Hai08, CDSMW09, IKOS07, PW09] has shown that the non- black-box use of the cryptographic primitive in secure two-party computation is not necessary by providing black-box constructions matching basically all the feasibility results that were previously demonstrated only via non-black-box protocols.

All such constructions however are far from being round optimal. The reason is that they are based on cut-and-choose mechanisms where one party can safely take an action only after the other party has successfully completed the cut-and-choose phase, therefore requiring additional rounds.

A natural question is whether round-optimal constructions do inherently require non-black- box access to the primitives, and whether the lower bound shown by Katz and Ostrovsky can only be matched by a non-black-box protocol.

In this work we show that round-optimality is achievable even with only black-box access to the primitives. We provide the first 4-round black-box oblivious transfer based on any enhanced trapdoor permutation. Plugging a parallel version of our oblivious transfer into the black- box non-interactive secure computation protocol of [IKO+11] we obtain the first round-optimal black-box two-party protocol in the plain model for any functionality.

The IACR has recently started sponsoring select Cryptology Schools. If you would like to propose an IACR-sponsored school that takes place on/before February 2016, then your last chance to submit proposals is June 30. The next round of proposals is not until December 31. More information about the application process can be found at http://www.iacr.org/schools/.

Fully homomorphic encryption is an encryption method with the property that any computation on the plaintext can be performed by a party having access to the ciphertext only.

Here, we formally define and give schemes for \\emph{quantum} homomorphic encryption, which is the encryption of \\emph{quantum} information such that \\emph{quantum} computations can be performed given the ciphertext only. Our schemes allow for arbitrary Clifford group gates, but become inefficient for circuits with

large complexity, measured in terms of the non-Clifford portion of the circuit (we use the ``$\\pi/8$\'\' non-Clifford group gate, also known as the $T$-gate).

More specifically, two schemes are proposed: the first scheme has a decryption procedure whose complexity scales with the square of the \\emph{number} of $T$-gates (compared with a trivial scheme in which the complexity scales with the total number of gates); the second scheme

uses a quantum evaluation key of length given by a polynomial of degree exponential in the circuit\'s

$T$-gate depth, yielding a homomorphic scheme for quantum circuits with constant $T$-depth. Both schemes build on a classical fully homomorphic encryption scheme.

A further contribution of ours is to formally define the security of encryption schemes for quantum messages: we define \\emph{quantum indistinguishability under chosen plaintext attacks} in both the public- and private-key settings. In this context, we show the equivalence of several definitions.

Our schemes are the first of their kind that are secure under modern cryptographic definitions, and can be seen as a quantum analogue of classical results establishing homomorphic encryption for circuits with a limited number of \\emph{multiplication} gates. Historically, such results appeared as precursors to the breakthrough result establishing classical fully homomorphic encryption.

Submission: 30 June 2015
Notification: 20 July 2015
From September 8 to September 8
Location: Tokyo, Japan
More Information: http://aistcrypt.github.io/Privacy-Aware-Computational-Genomics/

From: 2015-11-06 21:11:12 (UTC)

From June 30 to July 2
Location: PHILADELPHIA, United States
More Information: https://petsymposium.org/2015/

Two 0.5 full-time equivalent (FTE) positions are offered as part of the DFG funded project Algebraic Fault Attacks.

These positions are remunerated pro rata at salary band E13 of the German public-sector wage agreement (TV-L E13). Candidates may combine these positions with one 0.25 FTE teaching assistantship each.

The successful candidates will participate in an area of the project which uses Computer Algebra techniques and their integration with SAT solvers to break cryptographic hardware primitives based on the information obtained from fault attacks. The interdisciplinary, state-of-the-art approach requires rigorous and broad-based mathematical knowledge and an openness towards computer science methods.

Detailed job requirements are listed in the link below.

The Ruhr University Bochum is offering a 2-year post-doc position in theoretical cryptography, working on the ERC project \"Efficient Resource Constrained Cryptography\". Required is a PhD in cryptography and excellence in research, proven for example by publications in IACR conferences and workshops.

Applicants interested in the positions should provide the following information in pdf format with the application:

- Motivation letter

- CV

- List of publications, mark your top 2

This position will be filled as soon as possible, late applications will be considered.

The researcher will work on a project entitled “Securing emerging network technologies with homomorphic encryption”. The overall aim of the project is to design methods for secure processing of network data in emerging networks using practical variants of homomorphic encryption. Recent advances in cryptography will be applied to secure the virtualization of the ICT infrastructure (such as “cloud” processing and storage) and new flexible networking technologies such as software defined networks (SDN) and network function virtualization (NFV). Work tasks will include: analysis of suitable network functions for homomorphic processing; analysis of practical homomorphic encryption algorithms; secure protocol design and analysis; and experimental implementations.

Submission: 7 September 2015
Notification: 12 November 2015
From February 29 to March 4
Location: San Francisco, USA
More Information: https://jpn.nec.com/rd/event/ct-rsa16.html

Submission: 9 September 2015
Notification: 26 November 2015
From January 19 to February 21
Location: Rome, Italy
More Information: http://www.icissp.org/