International Association
for Cryptologic Research

Applications are invited for the post of Postdoctoral Research Assistant in the Information Security Group.

The Postdoctoral Research Assistant will join a team consisting of Professor Kenny Paterson (PI), Dr. Martin Albrecht, Dr Enrique Larraia, and the Visiting Researchers Professor Dennis Hofheinz (TU Karlsruhe) and Professor Steven Galbraith (Auckland) on topics within the following areas:

- the construction and analysis of multilinear maps;

- the development of sound abstractions of current and future proposals for multilinear maps that are suitable for use by cryptographers;

- the development of cryptographic schemes making use of multilinear maps; and

- the formal security analyses of these schemes.

Applicants should have already completed, or be close to completing, a PhD in a relevant discipline. Applicants should have an outstanding research track record in Cryptography, ideally with significant experience in cryptanalysis of lattice-based schemes and/or the analysis of cryptographic schemes using provable security techniques. Applicants should be able to demonstrate scientific creativity, research independence, and the ability to communicate their ideas effectively in written and verbal form.

This is a time post, immediately available until the 31st July 2017. This post is based in Egham, Surrey where the College is situated in a beautiful, leafy campus near to Windsor Great Park and within commuting distance from London.

For an informal discussion about the post, please contact Professor Kenny Paterson on Kenny.Paterson (at) rhul.ac.uk

Salary: £33,476 to £39,528 per annum - including London Allowance

Closing Date: Wednesday 04 November 2015

We are looking for an excellent, motivated, post-doctoral researcher to work in the area of information security and cryptography.

The post-doctoral researcher will join Katerina Mitrokotsa\'s research group, working in the area of information and communication security with a focus on authentication protocols, verifiable delegation of computation, and secure multi-party computation.

The post-doc position is available for one year which will be extended for one more year after a successful review.

The post-doctoral researcher is expected to have a PhD degree and strong background in theoretical computer science and cryptography.

Contact: Katerina Mitrokotsa, Assistant Professor, aikmitr (at) chalmers.se

More Information: http://www.chalmers.se/en/about-chalmers/vacancies/Pages/default.aspx?rmpage=job&rmjob=3362

Closing Date for Applications: 2015-10-31

The WPI department of Mathematical Sciences invites applications for a Tenure Track position to begin in Fall 2016. The broad focus is in those areas of mathematics which can support WPI\'s research and education initiatives in cybersecurity. Examples of areas of interest include applied algebra, logic, number theory and combinatorics; topological data analysis; quantum information theory; compressed sensing and mathematics of signal processing. We seek candidates who show mathematical strength as well as great promise to contribute to WPI\'s growing interdisciplinary security initiative. Outstanding candidates in other areas will also receive full consideration.

The successful applicant is expected to lead a high quality research program and collaborate with other departmental faculty to further develop WPI’s cybersecurity programs. He/she will be expected to contribute to the teaching mission of the department both at the undergraduate and graduate levels. Applicants must have a Ph.D. in Mathematics, or in a related area. Salary, benefits and start-up funding are competitive and commensurate with research experience and accomplishments.

Qualified applicants should submit a detailed curriculum vitae, a statement of specific teaching and research objectives, and four letters of recommendation at least one of which addresses teaching experience or potential, via mathjobs. Review of applications will begin on November 1, 2015 and will continue until the position is filled.

WPI is an equal opportunity employer, committed to enriching education by increasing diversity of its faculty, and students. We encourage applications from individuals from underrepresented minorities in the Mathematical Sciences.

Based within Lancaster University’s institution-wide research centre, Security Lancaster, which is one of the UK’s Academic Centres of Excellence in Cyber Security Research. You will join a major programme of work on cyber security of industrial control systems currently in progress through a number of research projects. Specifically, you will be part of the EPSRC-Chist-ERA programme funded project DYPOSIT: Dynamic Policies for Shared Cyber-Physical Infrastructures Under Attack. The project will commence on 1 December 2015 and is being undertaken in collaboration with Katholieke Universiteit Leuven, Belgium and University College Cork, Ireland.

You will conduct in depth research into security policy models for CPS under attack. Working in collaboration with project partners, develop a dynamic policies model and associated reasoning techniques and policy instantiation mechanisms. You will also develop a framework which enables collection of information to reason about the security state of a CPS and enforcement of dynamic policies. You will also take a leading role in the evaluation of the research outcomes. An extensive real-world testbed for security of industrial control systems (representing complex CPS in such settings) is already available within Security Lancaster. The postholder will utilise and configure the testbed with suitable scenarios and configurations for use in experimental work within the project. S/he will also take a leading role in the design and execution of experiments within the testbed.

In the paper about the cryptosystem MST3, Svaba and Trung pro-

posed a way to build a cryptosystem based on the concept of logarithmic signa-

tures, and they choose Suzuki\'s group, which is not abelian for implementing.

Recently, to reason why these methods cannot be applied to abelian groups; Sv-

aba, Trung and Wolf developed some algorithms to factorize the fused transver-

sal logarithmic signatures (FTLS). Their attacks can be avoided by some mod-

ications, which is the aim of this paper, where we will use the weakness of the

discrete logarithm problem (DLP) to propose two cryptosystems. The rst one

is based on the new concept about quasi-logarithmic signature of nite solvable

groups, which is the generalization of logarithmic signatures. The second is

built on the logarithmic signatures of nite cyclic 2-groups, which include two

interesting examples on Pell\'s curves and elliptic curves over nite elds.

This paper describes the forensic analysis of what the authors believe to be the most sophisticated smart card fraud encountered to date. In 2010, Murdoch et al. [7] described a man-in-the-middle attack against EMV cards. [7] demonstrated the attack using a general purpose FPGA board, noting that \"miniaturization is mostly a mechanical challenge, and well within the expertise of criminal gangs\". This indeed happened in 2011, when about 40 sophisticated card forgeries surfaced in the field.

These forgeries are remarkable in that they embed two chips wired top-to-tail. The first chip is clipped from a genuine stolen card. The second chip plays the role of the man-in-the-middle and

communicates directly with the point of sale (PoS) terminal. The entire assembly is embedded in the plastic body of yet another stolen card.

The forensic analysis relied on X-ray chip imaging, side-channel analysis, protocol analysis, and microscopic optical inspections.

From August 10 to August 12
Location: St. John's, Canada
More Information: http://www.engr.mun.ca/~sac2016

Bilinear maps are popular cryptographic primitives which have been commonly used in various modern cryptographic protocols. However, the cost of computation for bilinear maps is expensive because of their realization using variants of Weil and Tate pairings of elliptic curves. Due to increasing availability of cloud computing services, devices with limited computational resources can outsource this heavy computation to more powerful external servers. Currently, the checkability probability of the most efficient outsourcing algorithm is $1/2$ and the overall computation requires $4$ point addition in the preimage and $3$ multiplications in the image of the bilinear map under the one-malicious version of a two-untrusted-program model. In this paper, we propose two efficient new algorithms which decrease not only the memory requirement but also the overall communication overhead.

We construct a new structure-preserving signature scheme in the efficient Type-III asymmetric bilinear group setting with signatures shorter than all existing schemes.

Our signatures consist of 3 group elements from the first source group and therefore have shorter size than all existing schemes as existing ones have at least one component of the signature in the second source group whose elements bit size is at least double their first group counterparts.

Besides enjoying short signatures, our scheme is fully re-randomizable which is a useful property for many applications. Our result also constitutes a proof that the impossibility of unilateral structure-preserving signatures in the Type-III setting result of Abe et al.~(Crypto 2011) does not apply to constructions in which the message space is dual in both source groups.

Besides checking the well-formedness of the message, verifying a signature in our scheme requires checking $2$ Pairing Product Equations (PPE) and require the evaluation of only $5$ pairings in total which matches the best existing scheme and outperforms many other existing ones.

Reducing The number of pairings in the verification equations is very important when combining structure-preserving signature schemes with Groth-Sahai proofs as the number of pairings required for verifying Groth-Sahai proofs for PPE equations grows linearly with the number of pairing monomials in the source equations.

We give some examples of how using our new scheme instead of existing

ones improves the efficiency of some existing cryptographic protocols such as direct anonymous attestation and group signature related constructions.

The Faculty of Electrical Engineering and Computer Science invites applications for a

University Professorship in IT-Security

(Salary Scale W 3 NBesO)

starting August 1, 2016.

The applicant should have a strong research and publication record in IT security, for example in data security and data protection, cryptography, security and privacy on the Web, security of mobile systems, security in distributed systems and networks, security and usability, or privacy by design.

There are excellent cooperation opportunities with the research groups for distributed systems, theoretical computer science, software engineering, human-computer interaction, the L3S Research Center, and the faculty focus areas Digital Society, Biomedical Engineering, and Energy.

The applicant should have experience in the acquisition of third-party funds as well as working in international cooperations. Within the Faculty, the professorship should contribute to the BSc and MSc programmes of Computer Science.

Please submit your full application by December 11, 2015 to

Gottfried Wilhelm Leibniz Universität Hannover
Dekan der Fakultät für Elektrotechnik und Informatik
Appelstraße 11
30167 Hannover

Offer for a post-doctorate position at CEA Grenoble, in the field of compilation and code generation applied to the security of software embedded components.

The successful candidate has a significant experience in compilation or code generation for embedded systems, and/or in topics related to the security of embedded systems, especially physical attacks. The successful candidate does not need to have an experience in all of these fields, the research activities can be adjusted to the expertise of the candidate.

This is a fixed-term position of 12 months, with possibilities of prolongation to other funding projects.

You will find more information on the web page of the project funding the position :

http://www.cogito-anr.fr/posts/post-doc-CEA2.html

In the setting of cloud computing a user wishes to delegate its data, as well as computations over this data, to a cloud provider. Each computation may read and modify the data, and these modifications should persist between computations. Minding the computational resources of the cloud, delegated computations are modeled as RAM programs. In particular, the delegated computations\' running time may be sub-linear, or even exponentially smaller than the memory size.

We construct a two-message protocol for delegating RAM computations to an untrusted cloud. In our protocol, the user saves a short digest of the delegated data. For every delegated computation, the cloud returns, in addition to the computation\'s output, the digest of the modified data, and a proof that the output and digest were computed correctly.

When delegating a T-time RAM computation P with security parameter k, the cloud runs in time $T \\cdot \\poly(k)$ and the user in time $\\poly(|P|, \\log T, k)$.

Our protocol is secure assuming super-polynomial hardness of the Learning with Error (LWE) assumption. Security holds even when the delegated computations are chosen adaptively as a function of the data and output of previous computations.

We note that RAM delegation schemes are an improved variant of memory delegation schemes [Chung et al. CRYPTO 2011]. In memory delegation, computations are modeled as Turing machines, and therefore, the cloud\'s work always grows with the size of the delegated data.

MACs (Message Authentication Codes) are widely adopted in communication systems to ensure data integrity and data origin authentication, e.g. CBC-MACs in the ISO standard 9797-1. However, all the current designs either suffer from birthday attacks or require long key sizes. In this paper, we focus on designing beyond-birthday-bound MAC modes with a single key, and investigate their design

principles. First, we review the current proposals, e.g. 3kf9 and PMAC\\_Plus,

and identify that the security primarily comes from the construction of a cover-free function and the advantage of the sum of PRPs. The main challenge in

reducing their key size is to find a mechanism to carefully separate the block cipher inputs to the cover-free construction and the sum of PRPs that work in

cascade with such a construction. Secondly, we develop several tools on sampling distributions that are quite useful in analysis of the MAC mode of operations and by which we unify the proofs for three/two-key beyond-birthday-bound MACs. Thirdly, we establish our main theorem that upper-bounds the PRF security of the one-key constructions by extended-cover-free, pseudo-cover-free, block-wise universal and the normal PRP assumption on block ciphers. Finally, we apply our main theorem to 3kf9 and PMAC\\_Plus, and successfully reduce their key sizes to the minimum possible. Thus, we solve a long-standing open problem in designing beyond-birthday-bound MAC with a single key.

The Kupyna hash function was selected as the new Ukrainian standard DSTU 7564:2014 in 2015. It is designed to

replace the old Independent States (CIS) standard GOST 34.311-95. The Kupyna hash function is an AES-based primitive, which uses Merkle-Damg\\r{a}rd compression function based on Even-Mansour design. In this paper, we show the first cryptanalytic attacks on the round-reduced Kupyna hash function. Using the rebound attack, we present a collision attack on 5-round of the Kupyna-256 hash

function. The complexity of this collision attack is ($2^{120},2^{64}$) (in time and memory). Furthermore, we use guess-and-determine MitM attack to construct pseudo-preimage attacks on 6-round Kupyna-256 and Kupyna-512 hash function, respectively. The complexity of these preimage attacks are ($2^{250.33},2^{250.33}$) and ($2^{498.33},2^{498.33}$) (in time and memory), respectively.

The Engineering Cryptographic Protocols (ENCRYPTO) Group at TU Darmstadt is looking for a doctoral student in Engineering Scalable Cryptographic Protocols.

Our group was established within the two main research centers for IT security in Darmstadt, the European Center for Security and Privacy by Design (EC SPRIDE) and the Center for Advanced Security Research Darmstadt (CASED). We develop new methods and tools to optimize and automatically generate cryptographic protocols. See http://encrypto.de for details.

The candidate will do cutting-edge research on privacy-preserving protocols that scale to real-world problem sizes, in particular for protocols such as secure multi-party computation, private set intersection or private information retrieval.

The candidate is expected to have a completed Master (or equivalent) degree with excellent grades in IT security, computer science, electrical engineering, mathematics, or a closely related field. Solid knowledge in IT security, applied cryptography, efficient algorithms and programming skills are required. Additional knowledge in cryptographic protocols, parallel computing, compiler construction, programming languages, and software engineering is a plus.

Review of applications starts immediately until the position is filled.

Please consult the webpage given below for more details and how to apply.

PATRIOT (PUFs: Anchors of Trust in Resource-Constrained Environments)

Electr. Engin. Departm., TU/e, 1.0 FTE, 2 years, Start: October 2015

Description

Eindhoven University of Technology (TU/e) is situated in the heart of one of Europe’s largest high-tech innovation ecosystems. Research at TU/e is characterized by a combination of academic excellence and real-world impact. This impact is often obtained via close collaboration with regional high-tech institutes and enterprises. TU/e collaborates with Intrinsic ID through PATRIOT, a EuroStars project. There is a vacancy in PATRIOT for a PostDoc appointed by TU/e, focusing on hardware-based security.

Passwords are not secure and not user-friendly. The PATRIOT project provides an alternative for outdated password-based security and costly secure elements. The solution is 2-factor authentication using unclonable hardware. For this, Physical Unclonable Functions (PUFs) that provide unique fingerprints for chips will be ported to resource-constrained devices, e.g. mobile phones, where they will provide strong authentication and key storage.

Three signal-processing steps will be investigated within PATRIOT. The first two techniques are entropy extraction and error correction. In mobile phone settings there are typically many applications that each need their own secret key. Multi-key extraction is therefore the third signal-processing method that needs to be addressed. The PostDoc will focus on these three signal-processing steps, and will also be active in the dissemination of the scientific results and project outcomes.

Candidates should have a PhD degree in Hardware-Based Security or a related field. We particularly mention Signal Processing Theory, Coding Theory, and Information Theory, as research areas that the PostDoc should be familiar with. Strong analytic and simulation skills are required. Since the project involves collaboratio

The hash function Kupyna was recently published as the Ukrainian standard DSTU 7564:2014. It is structurally very similar to the SHA-3 finalist Gr{\\o}stl, but differs in details of the round transformations. Most notably, some of the round constants are added with a modular addition, rather than bitwise xor. This change prevents a straightforward application of some recent attacks, in particular of the rebound attacks on the compression function of similar AES-like hash constructions. However, we show that it is actually possible to mount rebound attacks, despite the presence of modular constant additions. More specifically, we describe collision attacks on the compression function for 6 (out of 10) rounds of Kupyna-256 with an attack complexity of 2^{70}, and for 7 rounds with complexity 2^{125.8}. In addition, we have been able to use the rebound attack for creating collisions for the round-reduced hash function itself. This is possible for 4 rounds of Kupyna-256 with complexity 2^{67} and for 5 rounds with complexity 2^{120}.

Applications are invited for a. Industrial doctorate position in the field of security at the Universitat Pompeu Fabra in Barcelona, in conjunction with ENEO company (Redborder.net). More information about the conditions of this program can be found in http://doctoratsindustrials.gencat.cat/en

The topic of research will be the automatic analysis of data gathered in cybersecurity scenarios using state-of-the-art machine learning techniques.

The applicant will join the research group in Wireless Communications and will be co-supervised by Dr. Rafael Ramírez and Dr. Vanesa Daza.

The candidate should have completed his/her master\'s degree in computer science, mathematics or a related area. The starting date will be either November 2015 or January 2016.

Applications should include a motivation letter, a full CV, a copy of grades transcript(s) of completed studies and the name and contact information of one reference.

In the bounded storage model the memory of the adversary is restricted, instead of its computational power. With this different restriction it is possible to design protocols with information-theoretical (instead of only computational) security. We present the first protocols for commitment and oblivious transfer in the bounded storage model with errors, i.e., the model where the public random sources available to the two parties are not exactly the same, but instead are only required to have a small Hamming distance between themselves. Commitment and oblivious transfer protocols were known previously only for the error-free variant of the bounded storage model, which is harder to realize.

Security parameters and attack countermeasures for Lattice-based

cryptosystems have not yet matured nearly to the level that we now expect

from RSA, Elliptic Curve implementations.

Many modern Ring-LWE and other lattice-based public key algorithms

require high precision random sampling from the Discrete Gaussian

distribution. We examine stated requirements of precision of Gaussian

samplers, where statistical distance to the theoretical discrete

Gaussian distribution is expected to be below $2^{-90}$. We note that

for lightweight targets the sampling procedure often represents the

biggest implementation bottleneck due to its memory and computational

requirements. We argue that this precision is excessive and give precise

arguments from distribution identity testing theory why a square root

precision of the security parameter is almost always sufficient.

We also observe that many of the proposed algorithms for discrete Gaussian

sampling are not constant-time or straight-line programs, and leak

significant amounts of secret information in easily exploitable timing

attacks.