International Association
for Cryptologic Research

CryptoExperts (www.cryptoexperts.com) is looking for an excellent postdoctoral fellow to work on the design, the analysis, and the implementation of Homomorphic Encryption and lattice-based cryptography.

In this position, the candidate will be primarily involved in two projects on homomorphic encryption: HEAT (a H2020 project) and CryptoComp (a French project). The focus of these projects is to produce a step change on the practical as well as theoretical aspects of homomorphic encryption. Challenging industrial use-cases will allow to ground the research in practical issues. The candidate will be able to carry research according to its research interests (theoretical and/or practical), and will be offered multiple travel opportunities and interactions with scientists all over Europe. Participation to open-source libraries on homomorphic encryption and proof-of-concept demonstrators will be expected.

Applicants should have a Ph.D. in a relevant subject or equivalent, have a strong publication record and interest in practical protocols. Implementation and coding experience are required.

The position is fully funded for two years (with a flexible starting date). Review of applications will begin immediately until the position has been filled. Knowledge of French is _not_ mandatory. To apply, please send by e-mail the following documents:

- Curriculum vitae with publication list

- Reference letters

Closing date for applications: 30 June 2016

Contact: Pascal Paillier, jobs (at) cryptoexperts.com

More information: https://www.cryptoexperts.com/people/#jobs

DEPARTMENTAL LECTURER IN SECURITY (Software Engineering Programme)

Department of Computer Science, University of Oxford

Grade 8: Salary £38,896–£46,414 p.a.

An excellent opportunity has arisen to appoint a full-time Departmental Lecturer in Security on the Software Engineering Programme until 30 September 2020.  This would be an ideal opportunity to gain teaching experience in an academic role, and to undertake world-class research in an area of significance. You would be a full member of the team responsible for teaching in a variety of topics in Systems Security, and you should have a track record of research in this area.

The main responsibilities include:

• engaging in excellent research within the discipline of Security, including applying for funding to support your research activities, and getting involved in the supervision of doctoral students;
• participating in the teaching and administrative work of the Department;
• examining for the University when required to do so;
• supervising, or assisting in the supervision of graduate students as required.

You should hold a relevant doctoral degree, with teaching and research experience, with sufficient depth and breadth of knowledge in Security to develop modules.  A strong publication record and knowledge of existing research in Security, and aptitude for, or experience of, teaching are also required.

Whilst the role is a grade 8 position, we would be willing to consider candidates with potential but less experience who are seeking a development opportunity, for which an initial appointment would be at grade 7 (£30,738-£37,768 p.a.) with the responsibilities adjusted accordingly. This would be discussed with applicants at interview/appointment where appropriate.

The closing date for applications is 12 noon on 22 April 2016. Interviews are expected to be held on 17 or 19 May 2016.

Vacancy ID: 122838

Closing date for applications: 22 April 2016

Contact: Monica Wilson

recruitmentenquiries (at) cs.ox.ac.uk

More information: https://www.recruit.ox.ac.uk/pls/hrisliverecruit/erq_jobspec_version_4.jobspec?p_id=122838

The notion of universal re-encryption is an established primitive used in the design of many anonymity protocols. It allows anyone to randomize a ciphertext without changing its size, without decrypting it, and without knowing the receiver's public key. By design it prevents the randomized ciphertext from being correlated with the original ciphertext. We revisit and analyze the security foundation of universal re-encryption and show that to date it has not had a satisfactory definition of security, in spite of its numerous uses. We then analyze the anonymity arguments for the ElGamal-based universal cryptosystem and show that it has not been proven to be anonymous under DDH (and does not meet the standards of modern cryptography), and that such a proof is non-trivial given existing reduction techniques. This analysis is a type of cryptanalysis of provably secure systems, where reductions and exact assumptions have certain gaps in them that need to be detected and corrected. The notion of an incomparable public key cryptosystem is closely related to universal re-encryption; we similarly cryptanalyze the security foundation of the ElGamal-based incomparable public key cryptosystem as well and show that it was not proven to be secure. To correct the lack of foundation, we introduce a definition of what properties are needed for a re-encryption cryptosystem that needs to provide anonymity. We then introduce a new generalization of the well-known Decision Diffie-Hellman (DDH) random self-reduction and use it, in turn, to prove that the ElGamal-based universal cryptosystem is secure under DDH. We apply our new DDH reduction technique to incomparable public key systems as well and prove that it is secure.

Randomness extractors and error correcting codes are fundamental objects in computer science. Recently, there have been several natural generalizations of these objects, in the context and study of tamper resilient cryptography. These are \emph{seeded non-malleable extractors}, introduced by Dodis and Wichs \cite{DW09}; \emph{seedless non-malleable extractors}, introduced by Cheraghchi and Guruswami \cite{CG14b}; and \emph{non-malleable codes}, introduced by Dziembowski, Pietrzak and Wichs \cite{DPW10}. Besides being interesting on their own, they also have important applications in cryptography, e.g, privacy amplification with an active adversary, explicit non-malleable codes etc, and often have unexpected connections to their non-tampered analogues \cite{Li12b} \cite{CZ15}. %For example, seeded non-malleable extractors are closely related to privacy amplification with an active adversary, non-malleable codes are related to non-malleable secret sharing, and seedless non-malleable extractors provide a universal way to construct explicit non-malleable codes.

However, the known constructions are far behind their non-tampered counterparts. Indeed, the best known seeded non-malleable extractor requires min-entropy rate at least $0.49$ \cite{Li12b}; while explicit constructions of non-malleable two-source extractors were not known even if both sources have full min-entropy, and was left as an open problem in \cite{CG14b}.

In this paper we make progress towards solving the above problems and other related generalizations. Our contributions are as follows.

\begin{itemize} \item We construct an explicit seeded non-malleable extractor for min-entropy $k \geq \log^2 n$. This dramatically improves all previous results and gives a simpler 2-round privacy amplification protocol with optimal entropy loss, matching the best known result in \cite{Li15b}. In fact, we construct more general seeded non-malleable extractors (that can handle multiple adversaries) which were used in the recent construction of explicit two-source extractors for polylogarithmic min-entropy \cite{CZ15}.

\item We construct the first explicit non-malleable two-source extractor for min-entropy $k \geq n-n^{\Omega(1)}$, with output size $n^{\Omega(1)}$ and error $2^{-n^{\Omega(1)}}$, thus resolving the open question in \cite{CG14b}.

\item We motivate and initiate the study of two natural generalizations of seedless non-malleable extractors and non-malleable codes, where the sources or the codeword may be tampered many times. For this, we construct the first explicit non-malleable two-source extractor with tampering degree $t$ up to $n^{\Omega(1)}$. %which works for min-entropy $k \geq n-n^{\Omega(1)}$, with output size $n^{\Omega(1)}$ and error $2^{-n^{\Omega(1)}}$. By using the connection in \cite{CG14b} and providing efficient sampling algorithms, we obtain the first explicit non-malleable codes with tampering degree $t$ up to $n^{\Omega(1)}$, relative rate $n^{\Omega(1)}/n$, and error $2^{-n^{\Omega(1)}}$. We call these stronger notions \emph{one-many} and \emph{many-many} non-malleable codes. This provides a stronger information theoretic analogue of a primitive known as continuous non-malleable codes. \end{itemize}

Our basic technique used in all of our constructions can be seen as inspired, in part, by the techniques previously used to construct \emph{cryptographic non-malleable commitments}.

We present a multi-key fully homomorphic encryption scheme that supports an unbounded number of homomorphic operations for an unbounded number of parties. Namely, it allows to perform arbitrarily many computational steps on inputs encrypted by an a-priori unbounded (polynomial) number of parties. Inputs from new parties can be introduced into the computation dynamically, so the final set of parties needs not be known ahead of time. Furthermore, the length of the ciphertexts, as well as the space complexity of an atomic homomorphic operation, grow only linearly with the current number of parties.

Prior works either supported only an a-priori bounded number of parties (Lopez-Alt, Tromer and Vaikuntanthan, STOC '12), or only supported single-hop evaluation where all inputs need to be known before the computation starts (Clear and McGoldrick, Crypto '15, Mukherjee and Wichs, Eurocrypt '16). In all aforementioned works, the ciphertext length grew at least quadratically with the number of parties.

Technically, our starting point is the LWE-based approach of previous works. Our result is achieved via a careful use of Gentry's bootstrapping technique, tailored to the specific scheme. Our hardness assumption is that the scheme of Mukherjee and Wichs is circular secure (and thus bootstrappable). A leveled scheme can be achieved under standard LWE.

Inspired by Fu et al. work on modeling the exclusive-or differential property of the modulo addition as an mixed-integer programming problem, we propose a method with which any finite automaton can be formulated as an mixed-integer programming model. Using this method, we show how to construct a mixed integer programming model whose feasible region is the set of all differential patterns $(\alpha, \beta, \gamma)$'s, such that ${\rm adp}^\oplus(\alpha, \beta \rightarrow \gamma) = {\rm Pr}_{x,y}[((x + \alpha) \oplus (y + \beta))-(x \oplus y) = \gamma] > 0$. We expect that this may be useful in automatic differential analysis with additive difference.

We provide an improved complexity analysis of backtracking-based state recovery attacks on RC4 and Spritz. Comparing new estimates with known results on Spritz, our analysis shows a significantly lower complexity estimate for simple state recovery attack as well as special state recovery attack. We validated the estimates by performing experiments for selected feasible parameters.

We also propose a prefix check optimization for simple state recovery attack on Spritz. We believe that the simple state recovery attack with this optimization and so-called ``change order'' optimization inspired by Knudsen et al. attack on RC4 constitutes currently the best state recovery attack on Spritz (when no special state is observed).

Recent advances in Deep Learning (DL) allow for solving complex AI problems that used to be very hard. While this progress has advanced many fields, it is considered to be bad news for CAPTCHAs (Completely Automated Public Turing tests to tell Computers and Humans Apart), the security of which is based on the hardness of learning problems.

In this paper we introduce DeepCAPTCHA, a new and secure CAPTCHA scheme based on adversarial examples, an inherit limitation of the current Deep Learning networks. These adversarial examples are constructed inputs, computed by adding a small and specific perturbation called adversarial noise to correctly classified items, causing the targeted DL network to misclassify them. We show that plain adversarial noise is insufficient to achieve secure CAPTCHA schemes, which leads us to introduce immutable adversarial noise - an adversarial noise resistant to removal attempts.

We implement a proof of concept system and its analysis shows that the scheme offers high security and good usability compared to the best existing CAPTCHAs.

In this paper we investigate properties of generalized bent Boolean functions and 2k-bent (i.e., negabent, octabent, hex- adecabent, et al.) Boolean functions in a uniform framework. We generalize the work of Stˇ anicˇ a et al., present necessary and sufficient conditions for generalized bent Boolean functions and 2k-bent Boolean functions in terms of classical bent functions, and completely characterize these functions in a combinatorial form. The result of this paper further shows that all generalized bent Boolean functions are regular.

In 1849, Dirichlet[5] proved that the probability that two positive integers are relatively prime is 1/zeta(2). Later, it was generalized into the case that positive integers has no nontrivial kth power common divisor. In this paper, we further generalize this result: the probability that the gcd of m products of n positive integers is B-smooth is prod_{p>B}[1-{1-(1-1/p)^n}^m] for m\ge2. We show that it is lower bounded by 1/zeta(s) for some s>1 if B>n^{m/(m-1)}, which completes the heuristic proof in the cryptanalysis of cryptographic multilinear maps by Cheon et al.[2]. We extend this result to the case of k-gcd: the probability is prod_{p>B}[1-{1-(1-1/p)^n(1+_{n}H_{1}/p+...+_{n}H_{k-1}p^{k-1})}^{m}], where _{n}H_{i}={n+i-1\choose i}.

Event date: 21 July to 22 July 2016
Submission deadline: 20 June 2016

Reporting to the Director of Security and Data Sciences, the Engineer is responsible for the following:

• Develop and implement secure cloud computing and secure software systems.
• Develop cryptographic and encryption technologies.
• Develop mobile security solutions.
• Develop and implement cyber-threat intelligence and defense technologies.
• Perform security review and assessment on information security and e-commerce systems.
• Conduct R&D in various areas which include but not limited to software, network, distributed system, database, and mobile security.

Requirements

• Bachelor’s degree or above in Computer Science, Electrical Engineering or other relevant disciplines.
• More senior candidates with Master or PhD degree, or with minimum five years’ of experience in software development, i.e. design, implementation, test and documentation will be considered as Senior Engineer.
• Familiar with software development or testing, programming languages on C/C++/ObjC/Java/Javascript.
• Certificates or formal training in information security or with experience in security assessment is a plus, but not a necessity.
• Good knowledge of OS security and virtualization security, and implementation experience on the cloud an advantage.
• A team player with good analytical and communications skills.
• Good command of written and spoken English

Closing date for applications: 15 April 2016

Contact: charlenechoo (at) astri.org

More information: http://www.astri.org/careers/work-at-astri/jobs/senior-engineerssoftware-engineers-information-security-multiple-opening

Visiting Assistant Professorships

The Department of Mathematical Sciences at the University of Cincinnati is seeking applicants for several Visiting Assistant Professorships in mathematics or statistics. Appointments will begin on August 15th, 2016 and will initially be for one year, with the possibility of renewal for a second year. Teaching load will nominally be two (3-4 credit) undergraduate courses per semester. Candidates must have a PhD in mathematics or statistics by the start date. The Department of Mathematical Sciences is dedicated to excellence in both research and teaching. The department has a graduate program offering MS and PhD degrees in mathematics and statistics. The department is looking for candidates with high-quality teaching and research and a strong potential for collaboration in areas of expertise of current faculty.

One of the positions is expected to be in the area of Algebra/Cryptography and the Department is specially interested in people with expertise in the area of multivariate polynomials or lattices.

Completed applications consisting of a cover letter, vita, description of research, description of teaching experience, and three letters of recommendation, at least one of which addresses teaching expertise, should be submitted on MathJobs.org at https://www.mathjobs.org/jobs/jobs/8650.

Applicants should also submit a CV and cover letter to UC’s recruitment system at https://jobs.uc.edu/job/Cincinnati-Assistant-Professor-Visiting-%28Mathematical-Sciences%29-OH-45201/333089700/. Review of applicants will begin immediately and applications will be accepted until the positions are filled.

The University of Cincinnati is an equal opportunity/affirmative action employer with a strong commitment to diversity. We actively seek a broad spectrum of candidates including women, people of color, people with disabilities and veterans.

Closing date for applications: 1 May 2016

Contact: Jintai.Ding (at) uc.edu

More information: https://www.mathjobs.org/jobs/jobs/8650

The Computer Security Division, National Institute of Standards and Technology (NIST) seeks cryptographic researchers to join the team. We will consider candidates at various stages of their career, including new PhD graduates and experienced researchers.

Particular areas of interest include, but are not limited to: Post-quantum cryptography, lightweight cryptography, security proofs of cryptosystems, cryptanalysis, secure protocols, hardware/software implementations, and cryptographic applications.

For employment with NIST, the candidates must be US citizens. We also host guest researchers through the NIST Foreign Guest Researcher Program.

Closing date for applications: 31 August 2016

Contact: Dr. Lily Chen (Lily dot Chen at NIST dot gov)

The Department of Computer Science within the Faculty of Engineering and Physical Sciences at the University of Surrey has an international reputation for research and teaching. In the National Student Survey, overall student satisfaction was 95%. Research in the department is focussed on two main areas - Nature Inspired Computing and Engineering, and Secure Systems, with Surrey hosting one of only 13 Academic Centres of Excellence recognised by GCHQ.

This post offers an exciting opportunity for a Professorial appointment in the Secure Systems group.

The successful candidate will provide leadership in research in security at the highest level and develop strategic partnerships. We are open to a variety of security specialisms that are related to, or complement current strengths of the group including (but not limited to): trusted systems, privacy preserving security, verification of secure systems, IoT security, and human factors in security. It is expected that the post-holder will also contribute to high quality teaching at undergraduate and post-graduate level.

The initial focus of the post is working as part of the senior team to drive forward secure systems research within the Department, across the University and internationally with academia and industry. It offers the unique opportunity to grow cyber security research involving the Institute for Communication Systems and the 5G Innovation Centre, within Surrey, and interdisciplinary research with the Faculty of Health and Medical Sciences. There is potential for the candidate to take on the role of Head of Department in the future. The Department has prioritised growth in the area of security research and immediately after the appointment to this Chair the Department intends to appoint a further faculty member at Senior Lecturer level alongside this post.

Closing date for applications: 3 May 2016

Contact: For an informal discussion about the positions, please contact the Head of Department of Computer Science, Dr Helen Treharne on h.treharne (at) surrey.ac.uk.

More information: http://jobs.surrey.ac.uk/021216

Applications are invited at Lecturer, Senior Lecturer, Reader and Professor level to undertake research in Information and Cyber Security within the Institute of Electronics Communications and Information Technology (ECIT).

We seek to recruit highly qualified candidates for multiple academic posts to commence in 2016 or 2017 who can build and grow innovative, mission-led research programmes. Candidates should also demonstrate an ability to inspire students and facilitate motivational learning within core undergraduate and specialist postgraduate curricula. Successful candidates will benefit from additional resources such as studentships, engineering and commercial support and will have access to state of the art facilities.

Current research is based around Data Security, Authentication, Cloud and Network Security, IoT and Embedded Systems Security and Cyber-Physical and Industrial Control Systems Security. Moving forward we plan to further strengthen and extend these activities. Candidates with a strong research track record and expertise in one of the following areas of interest are strongly encouraged to apply - post-quantum cryptography, side channel analysis, hardware security, multi-factor authentication technologies for data and device security, cloud and virtualised datacentres security, software defined network security, software security, embedded systems security and secure industrial control systems - including SCADA, Smart Grid and automotive systems.

Applicants must have at least a 2:1 Honours Degree (or equivalent) in Electrical and Electronics Engineering, Computer Science, Mathematics or closely related discipline and a PhD in a relevant subject. Evidence of high quality research in a relevant field commensurate with stage of academic career is essential.

Closing date for applications: 18 April 2016

Contact: Professor Dimitrios S. Nikolopoulos

Email: eeecs-hos (at) qub.ac.uk

More information: http://www.ecit.qub.ac.uk/Aboutus/Recruitment/

This report presents a proof of space protocol based on pebble games on stacked bipartite graphs.

Electronic financial transactions in the US, even those enabled by Bitcoin, have relatively high transaction costs. As a result, it becomes infeasible to make \emph{micropayments}, i.e. payments that are pennies or fractions of a penny.

To circumvent the cost of recording all transactions, Wheeler (1996) and Rivest (1997) suggested the notion of a \emph{probabilistic payment}, that is, one implements payments that have \emph{expected} value on the order of micro pennies by running an appropriately biased lottery for a larger payment. While there have been quite a few proposed solutions to such lottery-based micropayment schemes, all these solutions rely on a trusted third party to coordinate the transactions; furthermore, to implement these systems in today's economy would require a a global change to how either banks or electronic payment companies (e.g., Visa and Mastercard) handle transactions.

We put forth a new lottery-based micropayment scheme for any ledger-based transaction system, that can be used today without any change to the current infrastructure. We implement our scheme in a sample web application and show how a single server can handle thousands of micropayment requests per second. We analyze how the scheme can work at Internet scale.

We propose a new Direct-Recording Electronic (DRE)-based voting system that we call TRVote. The reliability of TRVote is ensured during the vote generation phase where the random challenges are generated by the voters instead of utilizing the random number generator of the machine. Namely, the challenges of voters are utilized to prevent and detect a malicious behavior of a corrupted voting machine. Due to the unpredictability of the challenges, the voting machine cannot cheat voters without being detected. TRVote provides two kinds of verification; ``cast-as-intended'' is ensured during the vote generation phase and ``recorded-as-cast'' is ensured through a secure Web Bulletin Board (WBB). More concretely, voters can verify that their votes are cast as intended via a zero-knowledge proof on a printed receipt using QR codes. After the election, the central server broadcasts all receipts in a secure WBB where the voters (or, perhaps proxies) can check whether their receipts appear correctly. In order to implement the voting process, the proposed voting machine has simple components such as a transparent coverage, a touchscreen, color recognition boxes and a printer. In this system, each candidate is represented by a color recognition box which is equipped within the voting machine. The machine has a flexible structure in the sense that the candidate boxes can be placed and removed as plug-ins depending on the number of candidates which allows to support arbitrary number of candidates. We show that the proposed system is robust and guarantees the privacy of voters. We further analyze that it is universally verifiable and secure against coercion.

This paper presents a low-resource hardware implementation of the widely used crypto_box function of the Networking and Cryptography library (NaCl). It supports the X25519 Diffie-Hellman key exchange using Curve25519, the Salsa20 stream cipher, and the Poly1305 message authenticator. Our targeted application is a secure communication between devices in the Internet of Things (IoT) and Internet servers. Such devices are highly resource-constrained and require carefully optimized hardware implementations. We propose the first solution that enables 128-bit-secure public-key authenticated encryption on passively-powered IoT devices like WISP nodes. From a cryptographic point of view we thus make a first step to turn these devices into fully-fledged participants of Internet communication. Our crypto processor needs a silicon area of 14.6 kGEs and less than 40 uW of power at 1MHz for a 130nm low-leakage CMOS process technology.