International Association
for Cryptologic Research

The only known two-round multi-party computation protocol that withstands adaptive corruption of all parties is the ingenious protocol of Garg and Polychroniadou [TCC 15]. We present protocols that improve on the GP protocol in a number of ways. First, concentrating on the semi-honest case and taking a different approach, we show a two-round, adaptively secure protocol where:

- Only a global (i.e., non-programmable) reference string is needed;

- The communication complexity depends only on the size of RAM description of the evaluated function (and not on its circuit size). The work of each party depends on RAM complexity of the function;

- Even not well-formed randomized functionalities can be evaluated securely;

- Only polynomially-secure indistinguishability obfuscation for circuits and injective one way functions are assumed.

Second, we modify the GP protocol to have only RAM complexity even in the case of Byzantine corruptions. For this we construct the first statistically-sound non-interactive Zero-Knowledge scheme with RAM complexity.

Microarchitectural timing channels expose hidden hardware state though timing. We survey recent attacks that exploit microarchitectural features in shared hardware, especially as they are relevant for cloud computing. We classify types of attacks according to a taxonomy of the shared resources leveraged for such attacks. Moreover, we take a detailed look at attacks used against shared caches. We survey existing countermeasures. We finally discuss trends in the attacks, challenges to combating them, and future directions, especially with respect to hardware support.

The Department of Information and Communication Systems at Mid Sweden University invites applications for a full-time postdoctoral research position in the area of network security and data mining. The candidate must obtain his/her Ph.D. degree before joining MIUN, and should have adequate security research experience demonstrated through publications in top-tier international conferences and journals. Good verbal and written skills in English are required. The candidate is expected to pursue research on various aspects of network security, especially in the areas of wireless security and advanced features of mobile devices and networks. The candidate should also be interested in extending its research to machine learning/data mining. The position is available immediately (starting date is flexible) for one year and extensible for up to one year based on performance and availability of funds.

Application: Please submit your application electronically, including proven curriculum vitae to registrator (at) miun.se or by regular mail to Registrar, Mid Sweden University, 851 70 Sundsvall, Sweden. Mark your application with ref no MIUN 2016/1185. Applications must be received by Mid Sweden University by 2016-06-30.

Closing date for applications: 30 June 2016

More information: http://www.miun.se/en/university/jobs/postdoctoral-fellow-in-computer-science2

We prove that every key agreement protocol in the random oracle model in which the honest users make at most $n$ queries to the oracle can be broken by an adversary who makes $O(n^2)$ queries to the oracle. This improves on the previous $\Omega(n^6)$ query attack given by Impagliazzo and Rudich (STOC '89) and resolves an open question posed by them.

Our bound is optimal up to a constant factor since Merkle proposed a key agreement protocol in 1974 that can be easily implemented with $n$ queries to a random oracle and cannot be broken by any adversary who asks $o(n^2)$ queries.

In the last few years, there has been much interest in developing methods to search over encrypted data. In the case of range queries, a simple solution is to encrypt the contents of the database using an order-preserving encryption (OPE) scheme (i.e., an encryption scheme that supports comparisons over encrypted values). However, Naveed et al. (CCS 2015) recently showed that OPE-encrypted databases are extremely vulnerable to "inference attacks."

In this work, we consider a related primitive called order-revealing encryption (ORE), which is a generalization of OPE that allows for stronger security. We begin by constructing a new ORE scheme for small message spaces which achieves the best-possible notion of security for ORE. Next, we introduce a domain-extension technique and apply it to our small-message-space ORE. While our domain-extension technique does incur a loss in security, the resulting ORE scheme we obtain is more secure than all existing (stateless and non-interactive) OPE and ORE schemes which are practical. All of our constructions rely only on symmetric primitives. As part of our analysis, we also give a tight lower bound for OPE and show that no efficient OPE scheme can satisfy best-possible security if the message space contains just three messages. Thus, achieving strong notions of security for even small message spaces requires moving beyond OPE.

Finally, we examine the properties of our new ORE scheme and show how to use it to construct an efficient range query protocol that is robust against the inference attacks of Naveed et al. We also give a full implementation of our new ORE scheme, and show that not only is our scheme more secure than existing OPE schemes, it is also faster: encrypting a 32-bit integer requires just 55 microseconds, which is more than 65 times faster than existing OPE schemes.

Secure multi-party computation (MPC) protocols do not completely prevent malicious parties from cheating and disrupting the computation. A coalition of malicious parties can repeatedly cause the computation to abort or provide an input that does not correspond to reality. In this work, we augment MPC with two new properties to discourage cheating. The first of these is a strengthening of identifiable abort where all parties who do not follow the protocol will be identified as cheaters by each honest party. The second is openability, which means that if a computation output is discovered to be untrue (e.g. by a real-world event contradicting it), a distinguished coalition of parties can recover the MPC inputs. We provide the first efficient MPC protocol achieving both of those properties. Our scheme extends the SPDZ protocol (Damgard et al., Crypto 2012). SPDZ leverages an offline (computation- independent) pre-processing phase to speed up the online computation. Our protocol is optimistic: it has the same communication and computation complexity in the online phase as SPDZ when no parties cheat. If cheating does occur, each honest party can additionally perform a local computation to identify all cheaters. We achieve identifiable abort by using a new locally identifiable secret sharing scheme (as defined by Ishai, Ostrovsky, and Zikas (TCC 2012)) which we call commitment enhanced secret sharing, or CESS. In CESS, each SPDZ input share is augmented with a linearly homomorphic commitment. When cheating occurs, each party can use the linear homomorphism to compute a commitment to the corresponding share of the output value. Parties whose claimed output share does not match their output share commitments are identified as cheaters. We achieve openability through the use of verifiable encryption and specialized zero-knowledge proofs. Openability relies on the availability of an auditable public transcript of the MPC execution, as introduced by Baum, Damgard, and Orlandi (SCN 2014).

We give the first demonstration of a cryptographic hardness property of the Goldreich-Goldwasser-Micali (GGM) pseudo-random function family when the secret key is exposed. We prove that for any constant $\epsilon>0$, the GGM family is a $1/n^{2+\epsilon}$-weakly one-way family of functions, when the lengths of seeds, inputs, and outputs are equal. Namely, any efficient algorithm fails to invert GGM with probability at least $1/n^{2+\epsilon}$ -- even when given the secret key. We additionally state a natural condition under which the GGM family is strongly one-way. Along the way, we prove a purely combinatorial lemma for 'GGM-like' functions, relating the size of the image of such functions to the statistical distance between certain 'sub-functions'.

Side-channel analysis techniques can be used to construct key recovery attacks by observing a side-channel medium such as the power consumption or electromagnetic radiation of a device while is it performing cryptographic operations. These attack results can be used as auxiliary information in an enhanced brute-force key recovery attack, enabling the adversary to \emph{enumerate} the most likely keys first.

We use algorithmic and implementation techniques to implement a time- and memory-efficient key \emph{enumeration} algorithm, and in tandem identify how to optimise throughput when bulk-verifying quantities of candidate AES-128 keys. We then explore how to best distribute the workload so that it can be deployed across a significant number of CPU cores and executed in parallel, giving an adversary the capability to enumerate a very large number of candidate keys.

We introduce the tool \textsc{labynkyr}, developed in C++11, that can be deployed across any number of CPUs and workstations to enumerate keys in parallel. We conclude by demonstrating the effectiveness of our tool by successfully enumerating $2^{48}$ AES-128 keys in approximately 30 hours using a modest number of CPU cores, at an expected cost of only 700 USD using a popular cloud provider.

Radio-Frequency Identification (RFID) tags have been widely used as a low-cost wireless method for detection of counterfeit product injection in supply chains. In order to adequately perform authentication, current RFID monitoring schemes need to either have a persistent online connection between supply chain partners and the back-end database or have a local database on each partner site. A persistent online connection is not guaranteed and local databases on each partner site impose extra cost and security issues. We introduce a new method in which we use 2-3kb Non-Volatile Memory (NVM) in RFID tags themselves to function as a very small “encoded local database”. Our method allows us to get rid of local databases and there is no need to have any connection between supply chain partners and the back-end database except when they want to verify products. We formally define black-box software unclonability and prove our scheme to satisfy this property. To this purpose, we introduce a simple “XOR-ADD” function and prove it is hard to predict its challenge-response behavior if given only one challenge response pair. The XOR-ADD function with control logic can be implemented using at most 170 gates. This implies that our scheme is compatible with the strict power consumption constraints of cheap EPC Class 1 Gen 2 RFIDs.

Oblivious transfer (OT) is a basic building block in many cryptographic protocols. In this paper, we exploit some well-known authenticated Diffie-Hellman-based key exchange protocols to build three authenticated 1-out-of-2 oblivious transfers. We show that our proposed protocols are secure in the semi-honest model. We also compare our schemes with three similar 1-out-of-2 OT protocols and show that authentication in our schemes costs only up to either two more exponentiations or one message signing, compared to those with no authentication.

Although numerous attacks revealed the vulnerability of different PUF families to non-invasive Machine Learning (ML) attacks, the question is still open whether all PUFs might be learnable. Until now, virtually all ML attacks rely on the assumption that a mathematical model of the PUF functionality is known a priori. However, this is not always the case, and attention should be paid to this important aspect of ML attacks. This paper aims to address this issue by providing a provable framework for ML attacks against a PUF family, whose underlying mathematical model is unknown. We prove that this PUF family is inherently vulnerable to our novel PAC (Probably Approximately Correct) learning framework. We apply our ML algorithm on the Bistable Ring PUF (BR-PUF) family, which is one of the most interesting and prime examples of a PUF with an unknown mathematical model. We practically evaluate our ML algorithm through extensive experiments on BR-PUFs implemented on Field-Programmable Gate Arrays (FPGA). In line with our theoretical findings, our experimental results strongly confirm the effectiveness and applicability of our attack. This is also interesting since our complex proof heavily relies on the spectral properties of Boolean functions, which are known to hold only asymptotically. Along with this proof, we further provide the theorem that all PUFs must have some challenge bit positions, which have larger influences on the responses than other challenge bits.

Event date: 7 August to 12 August 2016

Event date: 28 September to 30 September 2016

Event date: 25 September to 27 September 2016
Submission deadline: 2 September 2016

Event date: 13 June to 1 August 2016
Submission deadline: 1 August 2016

Description: Cryptography, Security & Privacy Research Group at Koç University has multiple openings at every level. All accepted applicants will receive competitive scholarships including tuition waiver, housing, monthly stipend, computer, travel support, etc.

• For more information about our group and projects, visit

  https://crypto.ku.edu.tr

• For applying online, and questions about the application-process for M.Sc. and Ph.D. positions, visit

  https://gsse.ku.edu.tr/en/admissions/application-process/

  Note that we do NOT accept Ph.D./M.Sc. applications via email. All applications must be completed online with all the required documents.

  For Ph.D. applicants from China and Hong Kong, we have the prestigious Fung scholarship:

  https://crypto.ku.edu.tr/fung_phd_scholarship_for_china_hong_kong

• For postdoctoral researcher positions, contact Asst. Prof. Alptekin Küpçü directly, including full CV, sample publications, a research proposal, and 3 reference letters sent directly by the referees.

  http://home.ku.edu.tr/~akupcu

Late applications will be accepted, though early applications will be given precedence. Ph.D. / M.Sc. application deadline is June 12, 2016. Post-doctoral researcher application deadline is end of summer.

Closing date for applications: 31 August 2016

Contact: gsse (at) ku.edu.tr

More information: https://gradapp.ku.edu.tr/login.php

Research Assistant in iTrust@SUTD

One research assistant position to work on the system implementation of D2D communication Security.

Qualification and skills:

- Candidates should have a B.S. or M.E. degree

- Android and Java programming

- Networking programming, i.e., device-to-device (D2D) or peer-to-peer (P2P) protocols

- Strong programming experience

- Device or service discovery protocols programming is preferable

- Background on Wireless Security and Cryptography is prefereable

The initial appointment will be for 1 year but it can be extended depending on the availability of funding and the candidate\'s performance. These positions come with attractive salary and benefits.

How to apply:

Interested candidates kindly send their CV to Dr. Jemin Lee (email: jmnlee (at) ieee.org). Initial screening of applications will begin immediately and the position will remain open until filled. Only shortlist will be notified.

About iTrust@SUTD

iTrust is a multidisciplinary research centre located at the Singapore University of Technology and Design (SUTD), established collaboratively by SUTD and the Ministry of Defence, Singapore (MINDEF). iTrust researchers focus on the development of advanced tools and methodologies to ensure security and safety of current and future Cyber Physical Systems, Enterprise security and Internet of Things. The Singapore University of Technology and Design (SUTD) is established in collaboration with Massachusetts Institute of Technology (MIT) to advance knowledge and nurture technically grounded leaders and innovators to serve social needs.

Closing date for applications: 31 August 2016

Research Assistant in iTrust@SUTD

One research assistant position to work on the system implementation smart-grid, and fog computing security.

Qualification and skills:

? Candidates should have a B.S/B-Tech or M.S/ M.Tech or M.E degree

? Android and Java programming

? Matlab programming

? Sound knowledge in Networking (especially in wireless communication)

? Strong programming experience

? Background on some networking simulators (like NS2).

? Background on Wireless Security and Cryptography is preferable

The initial appointment will be for 1 year but it can be extended depending on the availability of funding and the candidate\'s performance. These positions come with attractive salary and benefits.

How to apply:

Interested candidates kindly send their CV to Dr. Prosanta Gope (gope_prosanta (at) sutd.edu.sg) or Dr. Jemin Lee (email: jmnlee (at) ieee.org). Initial screening of applications will begin immediately and the position will remain open until filled. Only shortlist will be notified.

Closing date for applications: 31 July 2016

Responsibilities:

We are looking for a capable and responsible individual to work on a R&D project in cyber security.

The successful candidate will be placed on a two-year contract and will play an active role in designing and developing a security solution that provides protection at the communication layer against tampering of energy usage in the smart metering infrastructure. The candidate will also work closely with our collaborators in developing the security libraries for end-to-end communication security.

Requirements:

• Relevant qualifications Computer Science, Engineering or Applied Mathematics, with strong interest in applied cryptography, secure efficient cryptographic implementations. Fresh graduates are welcome to apply.

• Knowledge in hashing, discrete logarithm and elliptic curve cryptography is a plus.

• Experience in networking, embedded system development and integration.

• Ability to conduct high-quality research with excellent analytical, technical and problem solving skills.

• Possess good oral, technical writing, presentation skills along with a high degree of self-motivation and ability to work effectively in a team environment.

Closing date for applications: 25 September 2016

Contact: david_leong (at) rp.edu.sg.

More information: http://www.rp.edu.sg/careers.aspx

Event date: 26 October to 28 October 2016
Submission deadline: 1 July 2016
Notification: 1 August 2016