International Association
for Cryptologic Research

Privacy issues in recommender systems have attracted the attention of researchers for many years. So far, a number of solutions have been proposed. Unfortunately, most of them are far from practical as they either downgrade the utility or are very inefficient. In this paper, we aim at a more practical solution (particularly in the sense of relieving the tension between utility and privacy), by proposing a privacy-preserving hybrid recommender system which consists of an incremental matrix factorization (IMF) component and a user-based collaborative filtering (UCF) component. The IMF component provides the fundamental utility while allows the service provider to efficiently learn feature vectors in plaintext domain, and the UCF component improves the utility while allows users to carry out their computations in an offline manner. Leveraging somewhat homomorphic encryption (SWHE) schemes, we provide privacy-preserving candidate instantiations for both components. Interestingly, as a side effect of the hybrid design, individual components can enhance each other's privacy guarantees. With respect to efficiency, our experiments demonstrate that the hybrid solution is much more efficient than existing solutions.

This work revisits the recent complete addition formulas for prime order elliptic curves of Renes, Costello and Batina in light of parallelization. We introduce the first hardware implementation of the new formulas on an FPGA based on three arithmetic units performing Montgomery multiplication. Our results are competitive with current literature and show the potential of the new complete formulas in hardware design. Furthermore, we present algorithms to compute the formulas using anywhere between two and six processors, using the minimum number of parallel field multiplications.

In this paper we obtain a weakness in the design specification of ACORN, which is a competitor of CAESAR competition. We show that there exists a probabilistic linear relation between message bits and ciphertext bits, which holds with probability greater than $\frac{1}{2}$. This is the first paper which finds a probabilistic linear relation between message and corresponding ciphertext bits of ACRON, and which holds with probability greater than $\frac{1}{2}$. We also propose a new type of CPA attack on ACORN. By our attack method, it is possible to recover full initial state of the encryption phase of the cipher, and the attack has complexity $\approx 2^{40}$. After obtaining the initial state of the encryption phase, one can invert the associated data loading phase and key-IV initialization phase to recover the secret key bits.

For 4x4 circulant MDS matrices over GL(4; F2), they have at least 12 XOR operations. In this paper we firstly investigate the utterly construction and the numeration of circulant MDS matrices with 12 XORs, then the overall structure of these matrices are given, finally we find the characteristics of permutation group in the lightest circulant MDS matrices above.

Security and privacy concerns have been growing with the increased usage of the RFID technology in our daily lives. To mitigate these issues, numerous privacy-friendly authentication protocols have been published in the last decade. Random number generators (RNGs) are commonly used in RFID tags to provide security and privacy of RFID protocols. RNGs might be weak spot of a protocol scheme and misusing of RNGs causes security and privacy problems. However, having a secure RNG with large entropy might be a trade-off between security and cost for low-cost RFID tags. Furthermore, a RNG used in RFID tag may not work properly in time. Therefore, we claim that vulnerability of using a RNG may deeply influence the security and privacy level of the system. To the best of our knowledge, this concern has not been considered in RFID literature. Motivated by this need, in this study, we first revisit Vaudenay's privacy model which combines the early models and presents a new mature and elegant privacy model with different adversary classes. Then, we enhance the model by introducing a new oracle, which allows analyzing the usage of RNGs in RFID protocols. We also analyze a couple of proposed protocols under our improved model.

In this paper, we propose the concept of certificateless public key encryption with equality test (CL-PKEET) to solve the key escrow problem in IBEET. More in details, we first give the definition of CL-PKEET and define the security model. Finally, we propose a concrete CL-PKEET scheme based on the Decision Bilinear Diffie-Hellman (DBDH) assumption and prove its security.

We revisit Shor's algorithm for computing discrete logarithms in the multiplicative group of GF(p) on a quantum computer and modify it to compute logarithms d in groups <g> of prime order q in the special case where d <<< q. As a stepping stone to performing this modification, we first introduce a modified algorithm for computing logarithms on the general interval 0 < d < q for comparison.

We demonstrate conservative lower bounds on the success probability of our algorithms in both the general and the special case. In both cases, our algorithms initially set the index registers to a uniform superposition of all states, compared to p-1 states in Shor's original algorithm.

In the special case where d <<< q, our algorithm uses 3 ceil(log d) qubits for the two index registers and computes two QFTs of size 2^(ceil(log d)) and 2^(2 ceil(log d)), compared to 2 floor(log q) qubits for the index registers and two QFTs both of size 2^(floor(log q)) in the general case.

A quantum circuit for computing [a - bd] g is furthermore required, where 0 <= a < 2^(2 ceil(log d)) and 0 <= b < 2^(ceil(log d)) in the special case, compared to 0 <= a, b < 2^(floor(log q)) in the general case.

This implies that the complexity of computing discrete logarithms on a quantum computer can be made to depend not only on the choice of group, and on its order q, but also on the logarithm d.

In the special case where d <<< q, our algorithm does not require q to be prime. It may hence be generalized to finite abelian groups.

The candidate will work on areas of research that include mathematical cryptology including hardware and software implementations of cryptographic primitives, analysis of certain cryptographic structures and designing new constructions under the supervision of Hoda A.alkhzaimi.

The PhD project will be conducted in the department of engineering in NYUAD in collaboration with Tendon School of engineering in NYU. The position is fully funded by NYUAD global fellowship program.

The deadline of application is on 15th December 2015 start date is in Q1 of 2017. Candidates should provide pre-application documents to the contact email provided below this include

1. CV

2. Cover letter and research statement

3. Two recommendation letter

An interview is expected pre-applying to the program.

The main features of this fellowship are:

1. NYU Tandon School of Engineering Ph.D. upon graduation

2. Graduate coursework at the School of Engineering in New York

3. Cutting edge research opportunities in one of NYU Abu Dhabi\'s research labs

4. Tuition, fees, and health insurance provided throughout doctoral studies

5. Competitive salary and allowances

6. Degree-related travel between Abu Dhabi and New York

7. Career development opportunities

A separate application will be provided by chosen candidate to NYUAD graduate program in Department of Engineering http://engineering.nyu.edu/admissions/graduate/apply

(All interested candidates regardless of gender, disability, race, religion or ethnic background are encouraged to apply)

Closing date for applications: 15 December 2016

Contact: Director for Center for Cyber Security NYUAD and assistant professor in NYUAD.

hoda.alkhzaimi (at) nyu.edu

More information: http://nyuad.nyu.edu/en/academics/graduate-programs/engineering.html

The Cyber Security (CSec) research group and the Centre for Parallel Computing (CPC) at the University of Westminster are looking for one Research Associate in Cloud Security to carry out research within the EU funded H2020 COLA (Cloud Orchestration at the Level of Application) project. COLA will define and provide a reference implementation of a generic and pluggable framework that supports the optimal and secure deployment and run-time orchestration of cloud applications. The successful candidate will carry out tasks in relation to the design and development of novel secure and privacy-preserving cloud orchestration solutions, specifically targeting and supporting application developers. In addition to that, the successful candidate will be also expected to contribute in writing project deliverables and research papers related to the project.

We expect candidates to have a strong research background in network security and/or applied cryptography. Proven research in areas such as trusted computing, cloud security, safety verification, security verification, data privacy, cyber-physical and internet of things security and cloud or mobile security will be considered as a plus.

The primary objective of the Cyber Security Research Group at the University of Westminster is to bring together expertise in education, research and practice in the field of information security and privacy. The group members conduct research in areas spanning from the theoretical foundations of cryptography to the design and implementation of leading edge efficient and secure communication protocols. To this end, we welcome applications from candidates whose research areas complement the existing research of the group.

• Job reference number: 5004699
• Salary: £33,387 to £38,489 per annum
• Contract: Fixed Term until June 2019
• Closing date: 9th January 2017

Closing date for applications: 9 January 2017

Contact: For an informal discussion contact Dr Antonis Michalas (a.michalas (at) westminster.ac.uk) or Dr Tamas Kiss (T.Kiss (at) westminster.ac.uk).

More information: https://vacancies.westminster.ac.uk/hrvacancies/default.aspx?id=50046999

Schibsted Media Group is an international media group with 6800 employees in 31 countries. From Mexico to Malaysia, from Brazil to Norway – millions of people interact with Schibsted companies every day.

We’re reinventing ourselves. We’re completely rethinking our publishing products and global components in order to better engage with our users and provide amazing experiences across different Schibsted applications and across any device. We have access to the biggest and best brands in publishing in Scandinavia, a dynamic user base that numbers in the millions, and the freedom to break away from any and all technical legacy. There’s a blank page in front of us. We want you to come help us fill it.

Users are expecting more personalized services and we need to collect users data in order to provide those services, and we need to do this in a way that the user is in control. In order to accelerate and pave the way for new privacy functionality we are building a set of privacy enhancing technologies (PETs). We aim to build these technologies in conjunction with our privacy goal of maximizing the information utility while minimizing the privacy risks and being compliant with data protection laws.

As a member of the privacy engineering team, you will design, implement, test and launch PETs that can be reused or integrated across various components and Schibsted sites. These PETs are built in collaboration with other engineering, legal and privacy product teams. Examples of these PETs include privacy policy engine, user managed access, automated data inventories, automated privacy reviews and differential privacy as well as anonymization processes.

Closing date for applications: 15 February 2017

Contact: Rafik Laatiaoui

Technical Recruiter at SPT

rafik.laatiaoui (at) schibsted.com

Mobile: 0047 413 71 266

More information: https://jobs.lever.co/schibsted/522739a7-1e0f-4e75-ab46-e0206b5e4aaf

To conduct original research in the area of distributed acquisition, estimation, and adaptive learning for security and privacy in the context of networked embedded cyber-physical systems and Internet-of-Things which are engineering systems with integrated computational and communication capabilities that interact with humans through cyber space. One important aspect of CPS is the real-time processing and monitoring of the underlying system in a secure and privacy preserving manner while avoiding degradation of the processing performance and preserving the valuable resources. The job includes theoretical analysis, algorithm design and implementation via software based simulations, as well as documentation in the form of technical papers and reports. Teaching and writing research applications may be included at a level not exceeding 20%. Requirements: To qualify for employment as a post-doctor, applicants must hold a PhD degree or a foreign qualification deemed equivalent to a PhD. The PhD degree must have been obtained no more than three years prior to the application date; however, periods of, for example, sick leave or parental leave are deducted from the three-year period. A requirement for this position is a PhD in Computer Engineering, Signal Processing or Wireless Communications with applications to networked systems or a closely related subject with high quality publications in the related area of security, computer networks, distributed systems, wireless communications and signal processing. Particular emphasis will be placed on a strong mathematical background and documented research experience in security and privacy for distributed systems.

Closing date for applications: 17 January 2017

Contact: Prof. Mikael Gidlund

Mid Sweden University

Dept. of Information and Communication Systems

SE-851 70 Sundsvall, Sweden

More information: https://www.miun.se/en/University/career/jobs/vacancy/postdoktor-sakerhet-och-integritet-for-natverkande-cyberfysikalisk

Event date: 20 March to 24 March 2017

Asiacrypt 2016 is hosting live streams of conference talks. Live and archived streams can be found at the conference Youtube channel. Program information is available here, with times listed in Hanoi local time.

At CRYPTO'16, Beierle et al. presented SKINNY, a family of lightweight tweakable block ciphers intended to compete with SIMON. SKINNY can be implemented efficiently in both soft- and hardware, possesses a Substitution-Permutation-Network structure, and supports block sizes of 64 and 128 bits as well as key and tweak sizes of 64, 128, 192, and 256 bits. This paper outlines a related-key impossible-differential attack on 21 and 22 rounds of SKINNY-64/128.

The Learning with Errors (LWE) is one of the most promising primitive for post-quantum cryptography due to its strong security reduction from the worst-case of NP-hard problems and its lightweight operations. The Public Key Encryption (PKE) scheme based on LWE has a simple and fast decryption, but its encryption is rather slow due to large parameter sizes for Leftover Hash Lemma or expensive Gaussian samplings.

In this paper, we propose a novel PKE without relying on either of them. For encryption, we first combine several LWE instances as in the previous LWE-based PKEs. However, the following step to re-randomize this combination before adding a message is different: remove several least significant bits of ciphertexts rather than inserting errors. We prove that our scheme is IND-CPA secure under the hardness of LWE and can be converted into an IND-CCA scheme in the quantum random oracle model.

Our approach accelerates encryption speed to a large extent and also reduces the size of ciphertexts. The proposed scheme is very competitive for all applications requiring both of fast encryption and decryption. In our single-core implementation in Macbook Pro, encryption and decryption of a 128-bit message for quantum 128-bit security take 7 and 6 microseconds that are 3.4 and 4.2 times faster than those of NTRU PKE, respectively. To achieve these results, we further take some advantage of sparse small secrets, under which the security of our scheme is also proved.

After the Estonian Parliamentary Elections held in 2011, an additional verication mechanism was integrated into the i-voting system in order to resist corrupted voting devices, including the so called Student's Attack where a student practically showed that the voting system is indeed not veriable by developing several versions of malware capable of blocking or even changing the vote. This mechanism gives voters the opportunity to verify whether the vote they cast is stored in the central system correctly. However, the verication phase ends by displaying the cast vote in plain form on the verication device. In other words, the device on which the verication is done learns the voter's choice. In this work, our aim is to investigate this verication phase in detail and to point out that leaking the voter's choice to the verication application may harm the voter privacy. Additionally, when applied in a wide range, this would even compromise the fairness and the overall secrecy of the elections. In this respect, we propose an alternative verication mechanism for the Estonian i-voting system to overcome this vulnerability. Not only is the proposed mechanism secure and resistant against corrupted verication devices, so does it successfully verify whether the vote is correctly stored in the system. We also highlight that our proposed mechanism brings only symmetric encryptions and hash functions on the verication device, thereby mitigating these weaknesses in an ecient way with a negligible cost. More concretely, it brings only m additional symmetric key decryptions to the verication device, where m denoting the number of candidates. Finally, we prove the security of the proposed verication mechanism and compare the cost complexity of the proposed method with that of the current mechanism.

Event date: 2 April 2017
Submission deadline: 20 January 2017
Notification: 15 February 2017

Applications are invited for a PhD position in the field of cryptography at the Department of Information and Communication Technologies at Universitat Pompeu Fabra in Barcelona, Spain, to be co-supervised by Dr. Vanesa Daza and Dr. Carla Ràfols. Research in cryptographic protocols for blockchain technologies, with a special focus on Zero-Knowledge Proofs. The starting date will be around September 2017.

The successful candidate will be funded by the INPhINIT  “la Caixa” Marie Curie PhD Fellowships Programme. Only outstanding candidates which satisfy international mobility criteria will be considered (i.e. the applicant should not have resided or carried out their main

activity in Spain for more than 12 months in the 3 years immediately prior to the recruitment date).

The contract will be for 3 years with a gross salary of €34,800, plus other advantages.

The candidate should hold or be about to receive a master\'s degree by September 2017 in computer science, mathematics or a related area. Specialization in cryptography (demonstrated by a relevant MSc) will be positively evaluated.

Further enquiries about the project and conditions should be sent to cryptophdapplications (at) upf.edu. Applicants are required to fill the application form in the link below.

Closing date for applications: 31 January 2017

Contact: Dr. Vanesa Daza and Dr. Carla Ràfols

Department of Information and Communication Technologies

Pompeu Fabra University

cryptophdapplications (at) upf.edu

More information: https://docs.google.com/forms/d/e/1FAIpQLSc4eBYAxoyx2Tt_O1NOehQAzrnDl2X9M30FokD1yO8pjCPs0g/viewform

Event date: 30 August to 1 September 2017
Submission deadline: 3 March 2017
Notification: 10 May 2017

We study the security of authenticated encryption based on a stream cipher and a universal hash function. We consider ChaCha20-Poly1305 and generic constructions proposed by Sarkar, where the generic constructions include 14 AEAD (authenticated encryption with associated data) schemes and 3 DAEAD (deterministic AEAD) schemes. In this paper, we analyze the integrity of these schemes both in the standard INT-CTXT notion and in the RUP (releasing unverified plaintext) setting called INT-RUP notion. We present INT-CTXT attacks against 3 out of the 14 AEAD schemes and 1 out of the 3 DAEAD schemes. We then show INT-RUP attacks against 1 out of the 14 AEAD schemes and the 2 remaining DAEAD schemes. We next show that ChaCha20-Poly1305 is provably secure in the INT-RUP notion. Finally, we show that 4 out of the remaining 10 AEAD schemes are provably secure in the INT-RUP notion.