International Association
for Cryptologic Research

Lattice-based encryption schemes still suffer from a low message throughput per ciphertext and inefficient solutions towards realizing enhanced security characteristics such as CCA1- or CCA2-security. This is mainly due to the fact that the underlying schemes still follow a traditional design concept and do not tap the full potentials of LWE. In particular, many constructions still encrypt data in an one-time-pad manner considering LWE instances as random vectors added to a message, most often encoded bit vectors. The desired security features are also often achieved by costly approaches or less efficient generic transformations.\\ Recently, a novel encryption scheme based on the A-LWE assumption (relying on the hardness of LWE) has been proposed, where data is embedded into the error term without changing its target distributions. By this novelty it is possible to encrypt much more data as compared to the classical approach. Combinations of both concepts are also possible. In this paper we revisit this approach and propose amongst others a standard model variant of the scheme as well as several techniques in order to improve the message throughput per ciphertext. Furthermore, we introduce a new discrete Gaussian sampler, that is inherently induced by the encryption scheme itself, and present a very efficient trapdoor construction of reduced storage size. More precisely, the secret and public key sizes are reduced to just 1 polynomial, as opposed to $O( \log q)$ polynomials following previous constructions. Finally, we give a security analysis as well as an efficient implementation of the scheme instantiated with the new trapdoor construction. In particular, we attest high message throughputs (message expansion factors close to 1-2) at running times comparable to the CPA-secure encryption scheme from Lindner and Peikert (CT-RSA 2011). Our scheme even ensures CCA (or RCCA) security, while entailing a great deal of flexibility to encrypt arbitrary large messages or signatures by use of the same secret key. This feature is naturally induced by the characteristics of LWE.

Intel SGX isolates the runtime memory of protected applications (enclaves) from the OS and allows enclaves to encrypt and authenticate (seal) data for persistent storage. Sealing prevents an untrusted OS from reading or arbitrarily modifying stored data. However, rollback attacks, where the adversary replays an old seal, remain possible. Data integrity violations through rollback can have severe consequences, especially for enclaves that operate on financial data. The SGX architecture was recently updated to support monotonic counters that may be used for rollback prevention, but we show that these counters have significant performance and security limitations.

In this paper we propose a new approach for rollback protection on SGX. The intuition behind our approach is simple. A single platform cannot efficiently prevent rollback, but in many practical scenarios multiple processors can be enrolled to assist each other. We design and implement a rollback protection system called ROTE that realizes integrity protection as a distributed system among participating enclaves. We construct a model that captures the ability of the adversary to schedule the execution of protected applications, and show that our solution achieves a strong security property that we call all-or-nothing rollback: the only way to violate data integrity is to reset all participating platforms to their initial state. We implement ROTE and demonstrate that such a distributed rollback protection mechanism can be very fast.

Our Engineers are involved in building products based on Blockchain Technology. Increasingly we are seeing our projects include technologies like Blockchain, AI, IoT.

Responsibilities

1. Keep track on new development in academic research in Blockchain technology and related technologies
2. Validate techniques and methods related to these new ideas
3. Develop technical solution based on integrating these technologies into our products

Qualifications

1. BS / MS degree in Computer Science or Mathematics
2. Understanding and some work in Blockchain Technology
3. Familiarity with one or more general purpose programming languages or stacks like MEAN

Closing date for applications: 31 March 2017

Contact:

hr (at) kottackal.org

We are looking for Research Fellow (Post-Doc), Research Associate, PhD student (several positions) to join our group.

Candidates for research fellow/associate should have completed (or close to completing) a PhD in computer science, mathematics, or a related discipline. He/she should have solid experience in any of the following areas:

1. public key cryptography and provable security.

2. system and network security

3. software engineering

Successful candidates are expected to contribute to one of the following topics:

- applications of blockchain technology

- lattice-based cryptography

- mobile security

- network security

The post has a flexible starting date. The initial appointment will be for 12 months, with a strong possibility for further appointment.

Applicants for PhD studentship should possess:

- a bachelor degree in computer science with good programming skills; or

- a bachelor degree in mathematics with strong interest in cryptography.

Review of applications will start immediately until the positions are filled.

Closing date for applications: 30 June 2017

Contact: Daniel Xiapu Luo (http://www4.comp.polyu.edu.hk/~csxluo) (csxluo at comp dot polyu dot edu dot hk)

Man Ho Allen Au (http://www4.comp.polyu.edu.hk/~csallen/) (csallen at comp dot polyu dot edu dot hk)

The Cryptolux team of the University of Luxembourg is offering a 30 months Post-doc position in Applied aka Real World Cryptography. The candidate should have expertise and a strong publication record in one (or several) of the following areas:

- Applied symmetric cryptography

- Crypto-currencies, blockchains, financial cryptography

- Privacy enhancing technologies

The position is available from the 1-February 2017. Applications (CV+motivation)will be considered upon receipt, therefore applying before the deadline is encouraged. We offer exciting international research environment and competitive salary.

Closing date for applications: 15 March 2017

Contact: Alex Biryukov

More information: https://www.cryptolux.org

ECRYPT-NET is a research network of 6 universities and 2 companies developing advanced cryptographic techniques for the Internet of Things and the Cloud and creating efficient and secure implementations of those techniques on a broad range of platforms. ECRYPT-NET is funded by a prestigious Marie Sk?odowska-Curie ITN (Integrated Training Network) grant. The network is educating a group of 15 PhD students with a set of interdisciplinary skills in the areas of mathematics, computer science and electrical engineering. The training is provided in an international context, that includes Summer Schools, workshops, internships, and complementary skills. Participants are expected to spend at least 6 months abroad in a network partner or in one of the 7 associated companies. We are looking for one highly motivated candidate with a strong academic track record, ideally with some background on cryptology and with proven research abilities.

We offer an exciting working environment in an international network with top scientists that is geared towards cutting-edge research. The financial conditions are very attractive. The project offers an opportunity to travel and interact with other PhD students and scientists all over Europe.

Two of the ECRYPT-NET PhD students will be based at the Coding Theory and Cryptology (CC) and the Cryptographic Implementations (CI) groups at TU/e. At this moment we are looking for one PhD student who will perform research on lattice-based cryptography. Lattice-based cryptosystems are a hot area of research but their concrete security is not well understood. This research will explore attack algorithms such as enumeration, sieving, and quantum walks with the goal of providing security advice to designers.

The CC and CI groups together currently have 2 full professors, 1 associate professor, 2 assistant professors, 2 postdocs, and 9 PhD students working on all aspects of cryptography, with special focus on algorithms for cryptography and cryptanalysis and secure and efficient implementations. For more information on these groups see https://www.win.tue.nl/cc/ and https://eindhoven.cr.yp.to/ .

Closing date for applications: 11 February 2017

Contact: Tanja Lange.

Please use

Application TUE-20170117

as your subject line.

Note:

Candidates may have resided in the host country for at most 1 year in the 3 years preceding the application. They can have at most 2 years of research experience at the doctoral level.

More information: https://euraxess.ec.europa.eu/jobs/172143

Description: We are looking for Post-Docs to work on theory, implementation and applications of MPC. We are looking for different individuals to contribute to each of these three areas. The positions are multi-year, and you will be working in a vibrant group working on trying to make MPC a reality; with strong links with both other research groups, and industrial applications.

Closing date for applications: 31 December 2017

Contact: Nigel Smart

More information: http://www.bristol.ac.uk/jobs/find/details.html?nPostingID=5521&nPostingTargetID=20779&option=28&sort=DESC

The UCL Crypto Group is recruiting Ph.D. students willing to undertake a thesis in side-channel security or in protocol security. The Ph.D. thesis will take place in the dynamic research environment of the UCL Crypto Group (Université catholique de Louvain), with strong interactions with other Ph.D. students and post-doctoral researchers working on various aspects of cryptography.

The candidates should hold a master or engineering degree in mathematics, computer science or electronics, with strong interest in cryptography and security. A preliminary background in cryptography is useful, but not mandatory.

Candidates are invited to send a resume and motivation letter to Pr. Olivier Pereira – Pereira at uclouvain.be and to Pr. Francois-Xavier Standaert -- fstandae at uclouvain.be.

Closing date for applications: 1 April 2017

Open post-doctoral position: design of a security architecture for a critical infrastructure

The objective of this project is to design and analyze a security architecture operating critical equipment in the transportation area. It should among other things allow secure and automated updates in a robust way (e.g. supporting contexts where equipment is temporary out of reach).

The research will take place in the framework of a regionally-funded project involving a multidisciplinary consortium including several industrial partners. The researcher will also benefit from the dynamic research environment of the UCL Crypto Group (Université catholique de Louvain), with strong interactions with researchers working on related subjects. The researcher will be hired for a one-year contract that can be renewed up to two times.

The candidate should hold a PhD in cryptography with strong interests in protocol design and security analysis, as well as in practical aspects of applied cryptography. Fluent French is an asset, but not mandatory.

Candidates are invited to send a resume and motivation letter to Pr. Olivier Pereira – Pereira at uclouvain.be and to Pr. Francois-Xavier Standaert -- fstandae at uclouvain.be.

Closing date for applications: 1 April 2017

Open post-doctoral position: evaluation and assessment of side-channel vulnerabilities

The objective of this project is to develop new approaches and techniques in order to improve the efficiency and quality of side-channel resistance evaluations.

The research will take place in the framework of a European project involving high-level academic and industrial experts. The researcher will also benefit from the dynamic research environment of the UCL Crypto Group (Université catholique de Louvain), with strong interactions with researchers working on related subjects. The researcher will be hired for a one-year contract that can be renewed up to two times.

The candidate should hold a PhD in mathematics, computer science or electronics, with strong interests in implementation of cryptographic algorithms. A preliminary background in side-channel attacks is useful, but not mandatory.

Candidates are invited to send a resume and motivation letter to Pr. Francois-Xavier Standaert -- fstandae at uclouvain.be

Closing date for applications: 1 April 2017

Event date: 3 July to 5 July 2017
Submission deadline: 28 February 2017
Notification: 6 April 2017

We present novel variants of the dual-lattice attack against LWE in the presence of an unusually short secret. These variants are informed by recent progress in BKW-style algorithms for solving LWE. Applying them to parameter sets suggested by the homomorphic encryption libraries HElib and SEAL yields revised security estimates. Our techniques scale the exponent of the dual-lattice attack by a factor of $(2\,L)/(2\,L+1)$ when $\log q = \Theta{\left(L \log n\right)}$, when the secret has constant hamming weight \(h\) and where \(L\) is the maximum depth of supported circuits. They also allow to half the dimension of the lattice under consideration at a multiplicative cost of $2^{h}$ operations. Moreover, our techniques yield revised concrete security estimates. For example, both libraries promise 80 bits of security for LWE instances with $n=1024$ and $\log_2 q \approx {47}$, while the techniques described in this work lead to estimated costs of 68 bits (SEAL) and 62 bits (HElib).

The problem of securely outsourcing client data with search functionality has given rise to efficient solutions called Symmetric Searchable Encryption (SSE) schemes. These schemes are provably secure with respect to an explicit leakage profile; however, determining how much information can be inferred in practice from this leakage remains difficult. First, we refine and formalize the leakage hierarchy introduced by Cash et al. in 2015. Second, we further extend the analysis of existing attacks to better understand their real-world efficiency and the practicality of their hypothesis. Finally, we present the first complete practical attacks on L4, L3 and L2 leakage profiles. Our attacks are passive and only assume the very realistic knowledge of a small sample of plaintexts; moreover, we show their devastating effect on real-world datasets.

Blind signatures are at the core of e-cash systems and has numerous other applications. In this work we construct efficient blind and partially blind signature schemes over bilinear groups in the standard model. Our schemes yield short signatures consisting of only a couple of elements from the shorter source group and have very short communication overhead consisting of $1$ group element on the user side and $3$ group elements on the signer side. At $80$-bit security, our schemes yield signatures consisting of only $40$ bytes which is approximately $70\%$ shorter than the most efficient existing scheme with the same security in the standard model. Verification in our schemes requires only a couple of pairings. Our schemes compare favorably in every efficiency measure to all existing counterparts offering the same security in the standard model. In fact, the efficiency of our signing protocol as well as the signature size compare favorably even to many existing schemes in the random oracle model. For instance, our signatures are shorter than those of Brands' scheme which is at the heart of the U-Prove anonymous credential system used in practice. The unforgeability of our schemes is based on new intractability assumptions of a ``one-more'' type which we show are intractable in the generic group model, whereas their blindness holds w.r.t. malicious signing keys in the information-theoretic sense. We also give variants of our schemes for a vector of messages.

Many application domains depend on the collection of aggregate statistics from a large number of participants. In such situations, often the individual data points are not required. Indeed participants may wish to preserve the privacy of their specific data despite being willing to contribute to the aggregate statistics. We propose a protocol that allows a server to gather aggregate statistics, while providing anonymity to participants. Our protocol is information theoretically secure so that the server gains no information about participants’ data other than what is revealed by the aggregate statistics themselves.

Event date: 5 March to 7 March 2018
Submission deadline: 23 November 2017
Notification: 23 January 2018

Event date: 5 March to 7 March 2018
Submission deadline: 1 September 2017
Notification: 1 November 2017

Event date: 5 March to 7 March 2018
Submission deadline: 1 June 2017
Notification: 1 August 2017

Event date: 5 March to 7 March 2018
Submission deadline: 1 March 2017
Notification: 1 May 2017

Membership revocation is essential for cryptographic applications, from traditional PKIs to group signatures and anonymous credentials. Of the various solutions for the revocation problem that have been explored, dynamic accumulators are one of the most promising. We propose Braavos, a new, RSA-based, dynamic accumulator. It has optimal communication complexity and, when combined with efficient zero-knowledge proofs, provides an ideal solution for anonymous revocation. For the construction of Braavos we use a modular approach: we show how to build an accumulator with better functionality and security from accumulators with fewer features and weaker security guarantees. We then describe an anonymous revocation component (ARC) that can be instantiated using any dynamic accumulator. ARC can be added to any anonymous system, such as anonymous credentials or group signatures, in order to equip it with a revocation functionality. Finally, we implement ARC with Braavos and plug it into Idemix, the leading implementation of anonymous credentials. This work resolves, for the first time, the problem of practical revocation for anonymous credential systems.