International Association
for Cryptologic Research

We welcome applications for a position as postdoctoral researcher in cryptography. The successful candidate will work with Sarah Meiklejohn, George Danezis and Jens Groth on zero-knowledge proofs and privacy enhancement of distributed ledgers. The post has a flexible starting date and an initial duration of 2 years. Candidates must have (or be about to receive) a PhD.

University College London is one of Europe\'s highest ranked universities and recognized by the EPSRC and GCHQ as an Academic Centre of Excellence in Cyber Security Research. The Department of Computer Science is ranked as the best in the UK and is located at UCL\'s main campus in the centre of London.

Closing date for applications: 5 August 2016

Contact: Informal enquiries can be sent to Jens at j.groth AT ucl.ac.uk

More information: http://www.cs.ucl.ac.uk/staff/J.Groth/openings.html

Associate professor position in the field of Computer Security, offered by the Universitat Rovira i Virgili (Dept. Computer Engineering and Mathematics) within the Serra Húnter Programme (http://serrahunter.gencat.cat/en/index.html)

Description:

The Serra Húnter Programme (SHP) will offer 71 contracts in Catalan public universities (Spain). Associate professor: Implies proven ability to teach and undertake research. This is the first of the upper-level categories under permanent contract. In order to be hired as such, one must hold a doctoral qualification, three years of accredited teaching and research activity, and an accreditation in research from the Catalan University Quality Assurance Agency.

Nr of positions available : 1

Research Fields: Computer science - Other

Career Stage: Experienced researcher or 4-10 yrs (Post-Doc)

Research Profiles: Established Researcher (R3)and Leading Researcher (R4)

Benefits: Successful candidates will be hired by a Catalan university, and they are expected to cooperate with existing research groups or to develop new lines of research, complementary to those already in place. Salaries will be set according to Catalan university regulations. However, subject to negotiation, a salary supplement may be considered for those candidates with outstanding scientific experience, or start-up grants may be awarded in those cases where it is deemed appropriate.

Other job details

Type of Contract: Permanent

Status: Full-time

Working Hours (hours per week or free text): 37,5

Company/Institute: Universitat Rovira i Virgili

Country: SPAIN

City: Tarragona

Postal Code: 43003

Street: C. de l\'Escorxador, s/n

Closing date for applications: 15 September 2016

Contact: Serra Húnter Programme

Via Laietana, 2

08005 - Barcelona

SPAIN

More information: http://serrahunter.gencat.cat/en

Associate professor position in the field of Computer Security, offered by the Universitat Rovira i Virgili (Dept. of Computer Engineering and Mathematics) within the Serra Húnter Programme (http://serrahunter.gencat.cat/en/index.html)

Description:

The Serra Húnter Programme (SHP) will offer 71 contracts in Catalan public universities (Spain). Associate professor: Implies proven ability to teach and undertake research. This is the first of the upper-level categories under permanent contract. In order to be hired as such, one must hold a doctoral qualification, three years of accredited teaching and research activity, and an accreditation in research from the Catalan University Quality Assurance Agency.

Nr of positions available : 1

Research Fields: Computer science - Other

Career Stage: Experienced researcher or 4-10 yrs (Post-Doc)

Research Profiles: Established Researcher(R3)and Leading Researcher (R4)

Benefits:

Successful candidates will be hired by a Catalan university, and they are expected to cooperate with existing research groups or to develop new lines of research, complementary to those already in place. Salaries will be set according to Catalan university regulations. However, subject to negotiation, a salary supplement may be considered for those candidates with outstanding scientific experience, or start-up grants may be awarded in those cases where it is deemed appropriate.

Type of Contract: Permanent

Status: Full-time

Working Hours (hours per week): 37,5

Company/Institute: Universitat Rovira i Virgili

Country: SPAIN

City: Tarragona

Postal Code: 43003

Street: C. de l\'Escorxador, s/n

Closing date for applications: 15 September 2016

Contact: Serra Húnter Programme

Via Laietana, 2

08005 - Barcelona

SPAIN

email serrahunter (at) gencat.cat

http://serrahunter.gencat.cat/en/index.html

More information: http://serrahunter.gencat.cat/en

Tenure-track associate professor position in Computer Science, offered by the University of Barcelona (Dept. of Mathematics and Computer Science) within the Serra Húnter Programme (http://serrahunter.gencat.cat/en/index.html).

Description

The Serra Húnter Programme (SHP) will offer 71 contracts in Catalan public universities (Spain). Tenure-track associate professor: this is the introductory category to a teaching career, and a fixed-term contract is given. The contract is full-time and for a period of up to no more than five years. In order to be hired as such, one must hold a doctoral qualification and have a favourable report from the Catalan University Quality Assurance Agency.

Nr of positions available : 1

Research Fields: Computer science

Career Stage: Early stage researcher or 0-4 yrs (Post graduate)

Research Profiles:

First Stage Researcher (R1)

Recognised Researcher (R2)

Benefits:

Successful candidates will be hired by a Catalan university, and they are expected to cooperate with existing research groups or to develop new lines of research, complementary to those already in place. Salaries will be set according to Catalan university regulations. However, subject to negotiation, a salary supplement may be considered for those candidates with outstanding scientific experience, or start-up grants may be awarded in those cases where it is deemed appropriate.

Type of Contract: Temporary

Status: Full-time

Working Hours (hours per week: 37,5

Company/Institute: University of Barcelona

Country: SPAIN

State/Province: Barcelona

Postal Code: 08007

Street: Gran Via de les Corts Catalanes, 585

Closing date for applications: 15 September 2016

Contact: Serra Húnter Programme

Via Laietana, 2

08005 - Barcelona

Barcelona - SPAIN

email serrahunter (at) gencat.cat

http://serrahunter.gencat.cat/en/index.html

More information: http://serrahunter.gencat.cat/en

Event date: 19 October to 21 October 2016

Event date: 4 November to 6 November 2016
Submission deadline: 10 August 2016
Notification: 8 October 2016

Event date: 26 September to 27 September 2016
Submission deadline: 31 July 2016
Notification: 14 August 2016

Funded studentship for an EU or UK student in Privacy Preserving Continuous Authentication. Supervised Dr Steven Murdoch in the Information Security Group at University College London, in collaboration with VASCO Data Security.

Authentication technology plays a critical role in securing access to online services, such as banking, email and social networking. Session authentication schemes establish the identity of the user only at the beginning of the session so are vulnerable to attacks which tamper with communications after the authenticated session has been established. Transaction authentication schemes defend against such attacks by performing an additional authentication step at critical parts of the session, but are unpopular with users due to repeated authentication. Continuous authentication schemes, in contrast, verify user identity and intent throughout the session. So far, such schemes have had limited use in practice due to two primary weaknesses of existing approaches: privacy concerns and risk of false positives/false negatives.

This project aims to address these limitations by designing and evaluating new approaches for continuous authentication, based on a solid theoretical underpinning so as to give a high degree of confidence that the resulting decisions match expectations and requirements. Furthermore the project will focus on ways to preserve user privacy by processing behavioural measurements on the user’s computer such that sensitive information is not sent to the online service. The evaluation to be performed will consider the false-positive/false-negative rates, privacy impact, user acceptance and costs of deployment and operation.

The successful applicant will have their fees paid in full at the home/EU rate at UCL and receive a tax-free stipend at standard EPSRC rates. The project is to start in January 2017.

Please note that due to the funding provider of this project we are unable to offer this studentship to applicants who are categorised as overseas fee status.

Closing date for applications: 22 August 2016

Contact: Submit applications online using the PRiSM (the UCL application system). Contact Dr Steven Murdoch (s.murdoch (at) ucl.ac.uk) for queries about the position

More information: https://www.prism.ucl.ac.uk/#!/?project=185

Event date: 14 February to 17 February 2017
Submission deadline: 3 September 2016
Notification: 7 November 2016

``Mirror Theory'' is the theory that evaluates the number of solutions of affine systems of equalities (=) and non equalities ($\neq$) in finite groups. It is deeply related to the security and attacks of many generic cryptographic secret key schemes, for example random Feistel schemes (balanced or unbalanced), Misty schemes, Xor of two pseudo-random bijections to generate a pseudo-random function etc. In this paper we will assume that the groups are abelian. Most of time in cryptography the group is $((\mathbb{Z}/2\mathbb{Z})^n, \oplus)$ and we will concentrate this paper on these cases. We will present here general definitions, some theorems, and many examples and computer simulations.

Bitcoin owes it success to the fact that transactions are transparently recorded in the blockchain, a global public ledger that removes the need for trusted parties. While Bitcoin has achieved remarkable success, recording every transaction in the blockchain causes privacy, latency, and scalability issues. Building on recent proposals for "micropayment channels" --- two party associations that use the ledger only for dispute resolution --- we introduce techniques for constructing anonymous payment channels. Our proposals allow for secure, instantaneous and private payments that substantially reduce the storage burden on the payment network. Specifically, we introduce three channel proposals, including a technique that allows payments via an untrusted intermediary. Most importantly, each of our proposals can be instantiated efficiently using well-studied techniques.

Over the past few years, the microprocessor industry has introduced accelerated cryptographic capabilities through instruction set extensions. Although powerful and resistant to side-channel analysis such as cache and timing attacks, these instructions do not implicitly protect against power-based side-channel attacks, such as DPA. This paper provides a specific example with Intel's AES-NI cryptographic instruction set extensions, detailing a DPA, along with results, showing two ways to extract AES keys by simply placing a magnetic field probe beside two capacitors on a motherboard hosting an Intel Core i7 Ivy Bridge microprocessor. Based on the insights of the DPA, methods are then presented on how to mitigate the leaks, in software, providing a dial for diverting the optimal amount of resources required for a prescribed security requirement.

We show that the scheme [IEEE TPDS, 25(1), 2014, 222-233] fails, because the introduced similarity scores do not represent the true similarities between the indexing vectors and the querying vector. The returned documents by the cloud server are not indeed related to the queried keywords.

We remark that the scheme [IEEE TPDS, 27(1), 2016, 40-50] is flawed because the group manager cannot complete his computational task in the registration phase. Actually, they have misunderstood the concept of public key which is usually associated with an asymmetric encryption algorithm. Besides, the mechanism that the group manager has to re-encrypt all data stored in the cloud after a member is revoked, is somewhat infeasible because of its inefficiency.

HANUMAN is a mode of operation of a keyless cryptographic permutation for nonce-based authenticated encryption with associated data, included among the modes bundled in the PRIMATEs candidate in the currently ongoing CAESAR competition. HANUMAN is a sponge-like mode whose design and security argument are inspired by the SpongeWrap construction. We identify a flaw in the domain separation of HANUMAN, and show how to exploit it to efficiently produce ciphertext forgeries.

Existing cloud storage systems receive the data in its plain form and perform conventional (server-side) deduplication mechanisms. However, disclosing the data to the cloud can potentially threaten the security and privacy of users, which is of utmost importance for a real-world cloud storage. This can be solved by secure deduplication mechanisms which enables the user to encrypt the data on the client-side (or via an encryption-as-a-service module) before uploading it to the cloud storage. Conventional client-side encryption solutions unfortunately make the deduplication more challenging because of the offline dictionary attacks by which the key is derived from the data. Additionally, encryptions become computationally indistinguishable when each owner possess different encryption keys. Hence, trivial encryption solutions may either lead to high storage or bandwidth costs on both the client and the server sides. Privacy-preserving public auditing schemes, on the other hand, is also crucial because the clients outsource their data to the cloud providers and then permanently deletes the data from their local storages. In this paper, we consider the problem of secure deduplication over encrypted data stored in the cloud while supporting a privacy-preserving public auditing mechanism. We show that existing solutions cannot support both goals simultaneously due to the conflict of their security and efficiency requirements. In this respect, we present an efficient and secure deduplication scheme that supports client-side encryption and privacy-preserving public auditing. We finally show that our scheme provides better security and efficiency with respect to the very recently proposed existing schemes.

We propose a new protocol, nicknamed TinyTable, for maliciously secure 2-party computation in the preprocessing model. One version of the protocol is useful in practice and allows, for instance, secure AES encryption with latency about 1ms and amortized time about 0.5 $\mu$s per AES block on a fast cloud set-up. Another version is interesting from a theoretical point of view: we achieve a maliciously and unconditionally secure 2-party protocol in the preprocessing model for computing a Boolean circuit, where both the communication complexity and preprocessed data size needed is $O(s)$ where $s$ is the circuit size, while the computational complexity is $O(k^\epsilon s)$ where $k$ is the statistical security parameter and $\epsilon <1$ is a constant. For general circuits with no assumption on their structure, this is the best asymptotic performance achieved so far in this model.

We present a Matrix-vector form of Karatsuba multiplication over $GF(2^m)$ generated by an irreducible trinomial. Based on shifted polynomial basis (SPB), two Mastrovito matrices for different Karatsuba multiplication parts are studied. Then related multiplier architecture is proposed. This design effectively exploits the overlapped entries of the Mastrovito matrices to reduce the space complexity even further. We show that this new type of Karatsuba multiplier is only one $T_X$ slower than the fastest bit-parallel multiplier for all trinomials, where $T_X$ is the delay of one 2-input XOR gate. Meanwhile its space complexity is roughly reduced by $O(\frac{m^2}{4})$ logic gates. Compared with previously proposed bit-parallel Karatsuba multipliers, it is the first time to achieve such time delay bound, while maintain nearly the same space complexity.

The key-aggregate cryptosystem~(KAC) proposed by Chu et al. in 2014 offers a solution to the flexible access delegation problem in shared data environments such as the cloud. KAC allows a data owner, owning $N$ classes of encrypted data, to securely grant access to any subset $S$ of these data classes among a subset $\hat{S}$ of data users, via a single low overhead \emph{aggregate key} $K_{\mathcal{S}}$. Existing constructions for KAC are efficient in so far they achieve constant size ciphertexts and aggregate keys. But they resort to a public parameter that has size linear in the number of data classes $N$, and require $O(M'M)$ secure channels for distribution of aggregate keys in a system with $M'$ data owners and $M$ data users. In this paper, we propose three different multilinear-map based KAC constructions that have at most polylogarithmic overhead for both ciphertexts and public parameters, and generate constant size aggregate keys. We further demonstrate how the aggregate keys may be efficiently broadcast among any arbitrary size subset of $M$ data users using only $O(M'+M)$ secure channels, in a system with $M'$ data owners. Our constructions are secure in the generic multilinear group model and are fully collusion resistant against any number of colluding parties. In addition, they naturally give rise to \emph{identity based} secure access delegation schemes.

Secure aggregate signature schemes have attracted more concern due to their wide application in resource constrained environment. Recently, Horng et al. [S. J. Horng et al., An efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks, Information Sciences 317 (2015) 48-66] proposed an efficient certificateless aggregate signature with conditional privacy-preserving for vehicular sensor networks. They claimed that their scheme was provably secure against existential forgery on adaptively chosen message attack in the random oracle model. In this paper, we show that their scheme is insecure against a malicious-but-passive KGC under existing security model. Further, we propose an improved certificateless aggregate signature.