International Association
for Cryptologic Research

In this paper, we consider three very important issues namely detection, identification and robustness of $k$-out-of-$n$ secret sharing schemes against rushing cheaters who are allowed to submit (possibly forged) shares {\\em after} observing shares of the honest users in the reconstruction phase. Towards this we present five different schemes. Among these, first we present two $k$-out-of-$n$ secret sharing schemes, the first one being capable of detecting $(k-1)/3$ cheaters such that $|V_i|=|S|/\\epsilon^3$ and the second one being capable of detecting $n-1$ cheaters such that $|V_i|=|S|/\\epsilon^{k+1}$, where $S$ denotes the set of all possible secrets, $\\epsilon$ denotes the successful cheating probability of cheaters and $V_i$ denotes set all possible shares. Next we present two $k$-out-of-$n$ secret sharing schemes, the first one being capable of identifying $(k-1)/3$ rushing cheaters with share size $|V_i|$ that satisfies $|V_i|=|S|/\\epsilon^k$. This is the first scheme whose size of shares does not grow linearly with $n$ but only with $k$, where $n$ is the number of participants. For the second one, in the setting of public cheater identification, we present an efficient optimal cheater resilient $k$-out-of-$n$ secret sharing scheme against rushing cheaters having the share size $|V_i|= (n-t)^{n+2t}|S|/\\epsilon^{n+2t}$. The proposed scheme achieves {\\em flexibility} in the sense that the security level (i.e. the cheater(s) success probability) is independent of the secret size. Finally, we design an efficient $(k, \\delta)$ robust secret sharing secure against rushing adversary with optimal cheater resiliency.

Each of the five proposed schemes has the smallest share size having the mentioned properties among the existing schemes in the respective fields.

Recent techniques to reduce ORAM communication complexity down to constant in the number of blocks N. However, they induce expensive additively homomorphic encryption on both the server and the client. We present two new hybrid ORAM constructions that combine ORAM with Private Information Storage. We store and access individual ORAM buckets with PIS. As a result, our first ORAM features widetilde{O}(log N) communication complexity and a small block size of Omega(log^3 N) bit. The second ORAM features optimal O(1) communication complexity and Omega(log^4 N) bit block size. Both ORAMs have constant client-side memory complexity. A highlight of our approach is that neither client nor server are required to perform any encryption. The above properties make our ORAMs extremely lightweight, suitable for deployment even on resource-constrained devices. In addition to a theoretical analysis, we also implement our ORAMs to show their practicality and compare to related work.

In the last few years several practitioners have proposed different strategies for implementing Attribute-based credentials (ABCs) on smart cards [3, 4, 20-23]. ABCs allow citizens to prove certain properties about themselves without necessarily revealing their full identity. The Idemix ABC [10] is the most versatile ABC system proposed in the literature, supporting pseudonyms, equality proof of representation, verifiable encryption of attributes [12] and proving properties of attributes via the AND, NOT and OR operators as described in [8]. Vullers et al. and De La Piedra et al. addressed the implementation of the selective disclosure operations, pseudonyms and multi-credential proofs such as equality proofs of representation [21, 23]. In this manuscript, we present implementation strategies for proving properties of user attributes via these operator and show how to combine them via external and internal commitment reordering.

Due to the demand for low-cost cryptosystems from industry, there spring up a lot of lightweight block ciphers which are excellent for some different implementation features. An innovative design is the block cipher PRINCE. To meet the requirement for low-latency and instantaneously encryption, NXP Semiconductors and its academic partners cooperate and design the low-latency block cipher PRINCE. Another good example is the block cipher LED which is very compact in hardware, and whose designers also aim to maintain a reasonable software performance. In this paper, we demonstrate how to achieve high software performance of these two ciphers on the AVR 8-bit microcontrollers using bitslice technique. Our bitsliced implementations speed up the execution of these two ciphers several times with less memory usage than previous work. In addition to these two nibble-oriented ciphers, we also evaluate the software performance of a newly proposed lightweight block cipher RECTANGLE, whose design takes bitslicing into consider. Our results show that RECTANGLE has very high performance ranks among the existing block ciphers in the real-world usage scenarios on 8-bit microcontrollers.

Submission: 30 November 2015
Notification: 10 December 2015
From February 15 to February 17
Location: Jeju Island, Republic of Korea
More Information: http://www.platcon.org/workshops/fsp-16

We are looking for an excellent, motivated, self-driven PhD student to work in the area of privacy in cloud computing. The position is for three years and the main aim of the PhD project is to design and develop privacy-preserving protocols for cloud environments.

The successful candidate is expected to perform research on the aforementioned areas based on their experience and research interests. They must have strong background in Computer Science and/or Mathematics. They are expected to publish articles in well-known security related conferences and journals. Although all applications will be carefully evaluated, candidates with prior publications as well as research experience in the following areas are specifically encouraged to apply: cloud computing, security and privacy in cloud environments, trusted computing, applied cryptography, privacy in participatory sensing applications, and privacy in eHealth, secure e-Voting schemes and reputation systems.

Candidates should fulfill the following requirements:

• A Master degree in Computer Science or mathematics;
• Knowledge of Cryptographic Protocols;
• Cloud Computing Architecture;
• Good Academic Writing and Presentation Skills;
• Good Social and Organizational Skills;

Publications in security and privacy will be regarded as an additional merit.

The Cybersecurity group at the University of Westminster intends to increase the number of women in those areas where they are underrepresented. Therefore women are explicitly encouraged to apply.

To apply please send by e-mail the following documents:

• Curriculum vitae
• Motivation letter
• Research statement

To have an efficient asymmetric key encryption scheme, such as elliptic

curves, hyperelliptic curves, pairing ... etc we have to go through

arithmetic optimization then hardware optimization. Regarding restricted

environments\' compromises, we should strike a balance between efficiency

and memory resources. For this reason, we studied the mathematical aspect

of pairing computation and gave new development of the methods

that compute the hard part of the final exponentiation in [1]. They prove

that these new methods save an important number of temporary variables

and they are certainly faster than the existing one. In this paper, we will

also present a new way of computing Miller loop, more precisely in the

doubling algorithm, so we will use this result and the arithmetic optimization

presented in [1], then we will apply hardware optimization to find a

satisfactory design which give the best compromise between area occupation

and execution time. Our hardware implementation, on a Virtex-6

FPGA(XC6VHX250T), used only 9476 Slices, which is less resources used

compared with state-of-the-art hardware implementations, so we can say

that our

An important shortcoming of client-side cryptography on consumer devices is the poor protection of secret keys. Encrypting the keys under a human-memorizable password hardly offers any protection when the device is stolen. Trusted hardware tokens such as smart cards can provide strong protection of keys but are cumbersome to use. We consider the case where secret keys are used for digital signatures and propose a password-authenticated server-aided signature Pass2Sign protocol, where signatures are collaboratively generated by a device and a server, while the user authenticates to the server with a (low-entropy) password. Neither the server nor the device store enough information to create a signature by itself or to perform an offline attack on the password. The signed message remains hidden from the server. We argue that our protocol offers comparable security to trusted hardware, but without its inconveniences. We prove it secure in the universal composability (UC) framework in a very strong adaptive corruption model where, unlike standard UC, the adversary does not obtain past inputs and outputs upon corrupting a party. This is crucial to hide previously entered passwords and messages from the adversary when the device gets corrupted. The protocol itself is surprisingly simple: it is round-optimal, efficient, and relies exclusively on standard primitives such as hash functions and RSA. The security proof involves a novel random-oracle programming technique that may be of independent interest.

Anshel, Anshel, Goldfeld and Lemieaux introduced the Colored Burau Key Agreement Protocol (CBKAP) as the concrete instantiation of their Algebraic Eraser scheme. This scheme, based on techniques from permutation groups, matrix groups and braid groups, is designed for lightweight environments such as RFID tags and other IoT applications. It is proposed as an underlying technology for ISO/IEC~29167-20. SecureRF, the company owning the trademark Algebraic Eraser, has presented the scheme to the IRTF with a view towards standardisation.

We present a novel cryptanalysis of this scheme. For parameter sizes corresponding to claimed 128-bit security, our implementation recovers the shared key using less than 8 CPU hours, and less than 64MB of memory.

We contribute to the knowledge of linear codes with few weights from special polynomials and functions. Substantial efforts (especially due to C. Ding) have been directed towards their study in the last past years. Such codes have several applications in secret sharing, authentication codes, association schemes and strongly

regular graphs. Based on a generic construction of linear codes from mappings and by employing weakly regular bent functions, we provide new class of linear $p$-ary codes with three weights given with its weight distribution. The class of codes presented in this paper is different from those known in the literature. Also, it contains some optimal codes meeting certain bound on linear codes

Jacobi\'s \\theta function has numerous applications in mathematics and computer science; a naive algorithm allows the computation of \\theta(z, \\tau), for z, \\tau verifying certain conditions, with precision P in O(M(P) \\sqrt{P}) bit operations, where M(P) denotes the number of operations needed to multiply two complex P-bit numbers. We generalize an algorithm which computes specific values of the \\theta function (the theta-constants) in asymptotically faster time; this gives us an algorithm to compute \\theta(z, \\tau) with precision P in O(M(P) log P) bit operations, for any \\tau \\in F and z reduced using the quasi-periodicity of \\theta.

End-to-end verifiable voting schemes typically involves voters handling an encrypted ballot in order to confirm that their

vote is accurately included in the tally. While this may be technically valid, from a public acceptance standpoint is

may be problematic: many voters may not really understand the purpose of the encrypted ballot and the various checks that they

can perform. In this paper we take a different approach and

revisit an old idea: to provide each voter with a private tracking number. Votes are posted on a bulletin board in

the clear along with their associated

tracking number.

This is appealing in that it provides voters with a very simple, intuitive way to verify their

vote, in the clear.

However, there are obvious drawbacks: we must ensure that no two voters are assigned the same tracker and we need to keep the trackers private.

In this paper, we propose a scheme that addresses both of these problems: we ensure that voters get unique

trackers and we close

off the coercer\'s window of opportunity by ensuring that the voters only learn their tracking numbers after

votes have been posted. The resulting

scheme provides receipt-freeness, and indeed a good level of coercion-resistance while also providesinga more immediately understandable form of

verifiability. The cryptographyis under the bonnet as far as the voter is concerned.

The basic scheme still has a problem in some contexts: if the coercer is himself a voter there is a chance

that the coerced voter might light on the coercer\'s tracker, or the coercer simply claims that it is his.

We argue that in many contexts this may be an acceptable threat when weighed against the more transparent verification

provided by the scheme. Nonetheless, we

describe some elaborations of the basic scheme to mitigate such threats.

Submission: 8 January 2016
Notification: 25 February 2016
From May 9 to May 11
Location: Cairo, Egypt
More Information: http://infos2016.fci.cu.edu.eg/INFOS2016/

Submission: 7 March 2016
Notification: 25 April 2015
From June 6 to June 8
Location: Yaroslavl, Russia
More Information: http://www.ctcrypt.ru/

The Research School of Computer Science at the Australian National University (ANU) is one of the premier computer science research institutions in the country with a worldwide reputation for excellence.

The School is seeking applications from ambitious researchers for two or more positions at academic level B or C. These \"tenure track\" positions will be offered under the College\'s Ongoing Position Program (OPP), with an initial appointment of five years and a commitment to convert to continuing subject only to performance. During this period, and particularly at level B, the teaching workload will initially be reduced in order for the appointee to establish their research career.

Exceptional candidates in all areas related to computer science will be considered. However, candidates whose appointment would strengthen the School in the areas of software engineering, cyber security, or at the interface between computer science and biomedical science or social science, are particularly encouraged to apply. In addition, the School puts a strong emphasis on enhancing diversity in our staff and students, and is particularly keen for candidates in under-represented demographic groups to apply.

Three positions are available at Norwegian University of Science and Technology (NTNU) and University of Bergen. Two positions at NTNU are either as a PhD Candidate, 100% position, or as a Postdoctoral Researcher, 100% position. One position at University of Bergen is for a Postdoctoral Researcher, 100% position. Postdoctoral appointments are for a term of 3 years. PhD appointments are for a term of 3 years without teaching assistance and up to 4 years with 25% teaching assistance.

All of the researchers will work on a project entitled “Cryptographic Tools for Cloud Security” funded by the Norwegian Research Council. The project is a collaboration between the Departments of Telematics and Mathematical Sciences at NTNU, Trondheim, and the Department of Informatics at the University of Bergen. The overall aim of the project is to develop new cryptographic algorithms and protocols suitable for securing cloud computing against pervasive adversaries.

Further information, and instructions for how to apply are available at:

NTNU positions: http://www.jobbnorge.no/en/available-jobs/job/118739/

Bergen position: http://www.jobbnorge.no/en/available-jobs/job/119264/

In this work we consider a setting, that we call Device-Enhanced PAKE (DE-PAKE), where PAKE (password-authenticated key exchange) protocols are strengthened against online and offline attacks through the use of an auxiliary device that aids the user in the authentication process. We build such schemes and show that their security, properly formalized, achieves maximal-attainable resistance to online and offline attacks in both PKI and PKI-free settings. Notably, our solutions do not require secure channels, and nothing (in an information-theoretic sense) is learned about the password by the device (or a malicious software running on the device) or over the client-device channel, even without any external protection of this channel. An attacker taking over the device still requires a full online attack to impersonate the user. Importantly, our DE-PAKE schemes can be deployed at the user end without need to modify the server and without the server having to be aware that the user is using a DE-PAKE scheme. In particular, the schemes can work with standard servers running the usual password-over-TLS authentication.

The Physical Analysis and Cryptographic Engineering (PACE), Temasek Laboratories @ Nanyang Technological University, Singapore is seeking one motivated researcher to fulfill the post-doctoral research scientist position, in the area of hardware security.

The candidate will perform the research of hardware design/analysis within cryptosystems in FPGA and ASIC, specific to side-channel attacks. This position is available from February 2015. The initial contract will be one year. There are possibilities for extensions upon successful performance.

- Candidates should have already completed, or be close to completing a PhD degree in mathematics, computer science, electrical engineering, or related disciplines, with strong background in design/analysis of side-channel attack relevant hardware security in FPGA/ASIC environment.

- The candidate should have track record in R&D (publications in international journals and conferences.)

- Creative, curious, self-motivated and a team player with good analytical skills.

- The candidate needs to speak fluent in written and spoken English

- The competent candidate is expected to be experienced in FPGA/ASIC developments, crypto-core implementation and optimization with coding background in VHDL/Verilog/System Verilog and FPGA EDA tools is required. The candidate should be acquainted with high-level tools/languages like MATLAB, Python, TCL or Perl for automation and analysis.

- The candidate should have previous lab experience in developing prototypes, manipulating oscilloscopes, writing device drivers and communication interfaces which are used in analysis of implemented designs.

- Previous experience either in cryptographic development for critical application (automotive/aerospace/medical) or signal processing is a plus.

We are looking for an excellent, motivated, self-driven doctoral student to work in the area of information security and cryptography. The position is for five years at the Department of Computer Science and Engineering. The PhD student will join Katerina Mitrokotsa’s group and will be funded by a project funded by the Swedish research council focusing on security and privacy issues in resource constrained devices.

The PhD student is expected to have a MSc degree or equivalent, and strong background in mathematics and/or theoretical computer science, with some background in cryptography. Successful candidates will help to design and evaluate cryptographically reliable and privacy-preserving authentication protocols.

The position is fully funded for five years. The call for expressions of interest will remain open until a suitable candidate is appointed.

The postdoctoral fellow will carry out research and experimental work in the field of cryptographic protocol technology applied to wireless and mobile communication systems. The candidate will participate in the development of instrumentation and research projects in our new wireless security lab.

The candidate will collaborate in research projects with the professors affiliated with the NTNU Applied Cryptology Research Lab, and will be able to supervise Master thesis students specializing in wireless security.

We seek a highly motivated and qualified individual with a strong publication record, holding a Ph.D. degree in communication networks or related fields by the time of appointment. Key requirements include:

• Documented research activity and publications in information and communication security, in particular with a focus on cryptographic technology

• In depth knowledge of wireless and mobile communication systems
• Expressed and documented interests and ability to perform experimental studies
• At least a Masters level of computer engineering skills in software or hardware
• Excellent communication skills in English (written and spoken)