International Association
for Cryptologic Research

Event date: 12 April to 13 April 2018
Submission deadline: 30 November 2017

Event date: 16 April to 20 April 2018
Submission deadline: 1 October 2017
Notification: 10 December 2017

We are looking for an excellent, motivated, self-driven doctoral student to work in the area of information security and cryptography. The position is for up to five years at the Department of Computer Science and Engineering, within the group of Prof. Katerina Mitrokotsa who is doing research in cryptographic protocols that guarantee reliable authentication, privacy-preservation and verifiable delegation of computation. The topic of this project is focusing on investigating security and privacy issues for resource-constrained devices (e.g., sensors) that rely on external untrusted servers in order to perform computations. More precisely, the student shall be working on investigating efficient authentication and verifiable delegation of computation mechanisms that provide: i) provable security guarantees, and ii) rigorous privacy guarantees. The overall aim of the PhD position will be to design and evaluate cryptographically reliable and privacy-preserving authentication and verifiable delegation of computation protocols. The research shall also consider the case where multiple clients outsource jointly computations to untrusted cloud servers. Experience in one or more domains such as cryptography, design of protocols, secure multi-party computation and differential privacy is beneficial. Mathematical maturity is essential.

The PhD student will be supervised by Prof. Katerina Mitrokotsa: http://www.cse.chalmers.se/~aikmitr/

Full-time temporary employment. PhD student positions are limited to five years. Starting salary is 27,835 SEK a month before tax. The position is intended to start in Sept 2017.

Closing date for applications: 31 May 2017

Contact: Katerina Mitrokotsa, Associate Professor, Chalmers Univ. of Technology, aikmitr (at) chalmers.se

More information: http://www.cse.chalmers.se/~aikmitr/PhD-Cryptography-Cloud.html

To protect integrated circuits against IP piracy, Physically Unclonable Functions (PUFs) are deployed. PUFs provide a specific signature for each integrated circuit. However, environmental variations, (e.g., temperature change), power supply noise and more influential IC aging affect the functionally of PUFs. Thereby, it is important to evaluate aging effects as early as possible, preferentially at design time. In this paper we investigate the effect of aging on the stability of two delay PUFs: arbiter-PUFs and loop-PUFs and analyze the architectural impact of these PUFS on reliability decrease due to aging.

We observe that the reliability of the arbiter-PUF gets worse over time, whereas the reliability of the loop-PUF remains constant. We interpret this phenomenon by the asymmetric aging of the arbiter, because one half is active (hence aging fast) while the other is not (hence aging slow). Besides, we notice that the aging of the delay chain in the arbiter-PUF and in the loop-PUF has no impact on their reliability, since these PUFs operate differentially.

Lizard is a lightweight stream cipher proposed by Hamann, Krause and Meier in IACR ToSC 2017. It has a Grain-like structure with two state registers of size 90 and 31 bits. The cipher uses a 120 bit Secret Key and a 64 bit IV. The authors claim that Lizard provides 80 bit security against key recovery attacks and a 60-bit security against distinguishing attacks. In this paper, we present an assortment of results and observations on Lizard. First, we show that by doing $2^{58}$ random trials it is possible to a set of $2^{64}$ triplets $(K,IV_0,IV_1)$ such that the Key-IV pairs $(K,IV_0)$ and $(K,IV_1)$ produce identical keystream bits. Second, we show that by performing only around $2^{28}$ random trials it is possible to obtain $2^{64}$ Key-IV pairs $(K_0,IV_0)$ and $(K_1,IV_1)$ that produce identical keystream bits. Thereafter, we show that one can construct a distinguisher for Lizard based on IVs that produce shifted keystream sequences. The process takes around $2^{51.5}$ random IV encryptions and around $2^{76.6}$ bits of memory. Finally, we propose a key recovery attack on a version of Lizard with the number of initialization rounds reduced to 223 (out of 256) based on IV collisions.

Cryptographic implementations are vulnerable to side-channel analysis. Implementors often opt for masking countermeasures to protect against these types of attacks. Masking countermeasures can ensure theoretical protection against value-based leakages. However, the practical effectiveness of masking is often halted by physical effects such as glitches couplings and distance-based leakages, which violate the independent leakage assumption (ILA) and result in security order reductions. This paper aims to address this gap between masking theory and practice in the following threefold manner. First, we perform an in-depth investigation of the device-specific effects that invalidate ILA in the AVR microcontroller ATMega163. Second, we provide an automated tool, capable of detecting ILA violations in AVR assembly code. Last, we craft the first (to our knowledge) "hardened" 1st-order ISW-based, masked Sbox implementation, which is capable of resisting 1st-order, univariate side-channel attacks. Enforcing the ILA in the masked RECTANGLE Sbox requires 1319 clock cycles, i.e. a 15-fold increase compared to a naive 1st-order ISW-based implementation.

Cut-and-choose (C&C) is the standard approach to making Yao’s garbled circuit two-party computation (2PC) protocol secure against malicious adversaries. Traditional cut-and-choose operates at the level of entire circuits, whereas the LEGO paradigm (Nielsen & Orlandi, TCC 2009) achieves asymptotic improvements by per- forming cut-and-choose at the level of individual gates. In this work we propose a unified approach called DUPLO that spans the entire continuum between these two extremes. The cut-and-choose step in our protocol operates on the level of arbitrary circuit “components,” which can range in size from a single gate to the entire circuit itself. With this entire continuum of parameter values at our disposal, we find that the best way to scale 2PC to computations of realistic size is to use C&C components of interme- diate size, and not at the extremes. On computations requiring hundreds of millions of gates or more, our more general approach to C&C gives almost an order of magnitude improvement over existing approaches. In addition to our technical contributions of modifying and optimizing previous proto- col techniques to work with general C&C components, we also provide an extension of the recent Frigate circuit compiler (Mood et al, EuroS&P 2016) to effectively express any C-style program in terms of components which can be processed efficiently using our protocol.

We study non-interactive computational intractability assumptions in prime-order cyclic groups. We focus on the broad class of computational assumptions, which we call target assumptions, where the adversary's goal is to compute a concrete group element and investigate the structure of this class.

Our analysis identifies two families of intractability assumptions, the $q$-Generalized Diffie-Hellman Exponent assumptions and the $q$-Simple Fractional assumptions that imply all other target assumptions. These two assumptions therefore serve as Uber assumptions that can underpin all the target assumptions where the adversary has to compute specific group elements. We also study the internal hierarchy among members of these two assumption families. We provide heuristic evidence that both families are necessary to cover the full class of target assumptions, and we show that the lowest level in the $q$-GDHE hierarchy (the $1$-GDHE assumption) is equivalent to the computational Diffie-Hellman assumption.

We generalize our results to the bilinear group setting. For the base groups our results translate nicely and a similar structure of non-interactive computational assumptions emerges. We also identify Uber assumptions in the target group but this requires replacing the $q$-GDHE assumption with a more complicated assumption, which we call the Bilinar Gap Assumption.

Our analysis can assist both cryptanalysts and cryptographers. For cryptanalysts, we propose the $q$-GDHE and the $q$-SDH assumptions are the most natural and important targets for cryptanalysis in prime-order groups. For cryptographers, we believe our classification can aid the choice of assumptions underpinning cryptographic schemes and be used as a guide to minimize the overall attack surface that different assumptions expose.

GGH13, CLT13 and GGH15 of multilinear maps suffer from zeroizing attacks. In this paper, we present a new construction of multilinear maps using a variant of ring-LWE. The security of our construction depends upon new hardness assumption.

As cryptography is the standard way of ensuring privacy, integrity and confidentiality of a public channel, steganography steps in to provide even stronger assumptions. Thus, in the case of cryptology, an attacker cannot obtain information about the payload while inspecting its encrypted content. In the case of steganography, one cannot prove the existence of the covert communication itself. The main purpose of the current paper is to provide insights into some of the existing techniques in steganography. A comparison between the performances of several steganography algorithms is accomplished, with focus on the metrics that characterize a steganography technique.

The impressive amount of recent technological advancements in the area of information systems have brought along, besides the multitude of positive aspects, some negative aspects too. The most obvious one is represented by the fact that the technological innovations are prone to various categories of threats. Making sure that information stays safe, unaltered and secret is an integral part of providing technology that behaves in the manner it is supposed to. Along with researching techniques of effectively securing the communication, other aspects that also deserve to receive attention are authentication, authorization and accounting. One security aspect that has been the most intensely researched in the past from the three, is authentication. From the various methods used in verifying the identity of users, one more recent one is biometrics that can significantly heighten the safety and security of a system. However, authenticating the user into an information system may not be entirely safe all the time. The aim of this paper is to present an overview of the different plausible methods of combining cryptography related concepts and biometrics techniques. This additional attachment of cryptography has proven to make the process of gainingaccess to an information system much more secure. The problem tackled in this paper will be presented from a two way perspective: on one hand, it will be discussed how biometrics can make use of cryptography-specific solutions in order to enhance its powers and, on the other hand, it will be presented how cryptography aspects can use the specific biometric data of a user to generate encryption keys that are much harder to decipher or to obtain. After this methods are presented, the theoretical basis for measuring performance of a biometric system will be presented and a survey on current performance results on fuzzy vault techniques will be enumerated and described.

ElsieFour (LC4) is a low-tech cipher that can be computed by hand; but unlike many historical ciphers, LC4 is designed to be hard to break. LC4 is intended for encrypted communication between humans only, and therefore it encrypts and decrypts plaintexts and ciphertexts consisting only of the English letters A through Z plus a few other characters. LC4 uses a nonce in addition to the secret key, and requires that different messages use unique nonces. LC4 performs authenticated encryption, and optional header data can be included in the authentication. This paper defines the LC4 encryption and decryption algorithms, analyzes LC4's security, and describes a simple appliance for computing LC4 by hand.

A Research Associate position is available within UCL’s Computer Science Department. This position is part of an £11M (total investment £16M) EPSRC funded Interdisciplinary Research Centre on Early-Warning Sensing Systems for Infectious Diseases. The purpose of this post is to investigate (i) how to design and develop novel privacy-enhancing protocols capable of supporting user data aggregation, for purposes of statistics extraction and training of machine learning models for infectious disease surveillance and epidemiology; (ii) meaningful user interfaces and appropriate incentives to maximize user adoption and retention.

The post-holder will be required to work as part of a multidisciplinary research team and will be responsible for tasks that include designing and implementing software to collect data for various sources on the web, such as Google searches and browser activity, develop privacy-preserving protocols for data aggregation, designing experiments to analyze the data and compare the results to existing surveillance information, designing real-time visualization tools to display the information, designing and implementing databases to store information and documenting and publishing the results.

This position is funded until 30 September 2018 in the first instance.

Closing date for applications: 6 May 2017

Contact: Emiliano De Cristofaro

https://emilianodc.com

More information: https://tinyurl.com/isense-privacy-position

The Cyber Security (CSec) research group and the Centre for Parallel Computing (CPC) at the University of Westminster are looking for one Research Associate in Cloud Security to carry out research within the EU funded H2020 COLA (Cloud Orchestration at the Level of Application) project. COLA will define and provide a reference implementation of a generic and pluggable framework that supports the optimal and secure deployment and run-time orchestration of cloud applications. The successful candidate will carry out tasks in relation to the design and development of novel secure and privacy-preserving cloud orchestration solutions, specifically targeting and supporting application developers. In addition to that, the successful candidate will be also expected to contribute in writing project deliverables and research papers related to the project.

We expect candidates to have a strong research background in network security and/or applied cryptography. Proven research in areas such as trusted computing, cloud security, safety verification, security verification, data privacy, cyber-physical and internet of things security and cloud or mobile security will be considered as a plus.

The primary objective of the Cyber Security Research Group at the University of Westminster is to bring together expertise in education, research and practice in the field of information security and privacy. The group members conduct research in areas spanning from the theoretical foundations of cryptography to the design and implementation of leading edge efficient and secure communication protocols. To this end, we welcome applications from candidates whose research areas complement the existing research of the group.

• Job reference number: 50046999
• Salary: £33,387 to £38,489 per annum
• Contract: Fixed Term until June 2019
• Closing date: 16th May 2017
• Interviews are likely to be held on: 31st of May 2017

Closing date for applications: 16 May 2017

Contact: For an informal discussion contact Dr Antonis Michalas (a.michalas (at) westminster.ac.uk) or Dr Tamas Kiss (T.Kiss (at) westminster.ac.uk).

More information: http://tinyurl.com/hdawr6e

Expression of Interest: Vienna Research Groups for Young Investigators Call 2017 - Mathematics and….

The Faculty of Informatics at the Vienna University of Technology is looking for outstanding young researchers from abroad to set up and manage an independent research group as part of the Vienna Science and Technology Fund’s (WWTF) Vienna Research Groups for Young Investigators (VRSYI) Call 2017 - Mathematics and… .

Applications are sought from researchers from abroad who have recently completed their PhD (2 – 8 years ago) with an excellent research track record. Selected candidates will, together with an experienced researcher of the Faculty of Informatics as a proponent, prepare a proposal to be submitted to the WWTF VRSYI Call 2017 - Mathematics and… . Should this proposal be successful, the proposed project will be funded to the amount of 1.6 million euro by the WWTF for a period of 6 – 8 years. The Vienna University of Technology will further offer the successful candidate a tenure-track position (assistant professor), which will be later transformed into a tenured position (associate professor) subject to a positive overall assessment, with subsequent possibility of promotion to full professor.

Applications from researchers working on mathematical methods for Security and Privacy, such as

- Cryptography

- Formal Methods for Security and Privacy

- Language-based Security

- Security and Privacy in Machine Learning

are welcome. These should be sent in digital format (a single pdf file) to Univ. Prof. Matteo Maffei (matteo.maffei (at) tuwien.ac.at). The deadline for applications is May 2, 2017. The application should consist of

- CV (including a list of publications)

- a brief outline of the intended research project

Further information on the call is available at:

https://www.wwtf.at/programmes/vienna_research_groups/index.php?lang=EN#VRG17

Closing date for applications: 2 May 2017

Contact: Univ. Prof. Matteo Maffei

Organisation

CEA Tech is the CEA’s technology research unit. In 2013, CEA Tech opened regional branch offices with one in South of France close to the Cadarache center. Based in Provence, the Secure Systems and Architectures (SAS) research team is located at Gardanne within the campus of the CMP (Center of Microelectronic of Provence) near a cluster of academic and industrial partners. Its research interest is mostly in the design and test of secure integrated circuits.

Job

The post-doctoral position (12 months) is financed by the PROSECCO project (ANR) that aims at developing tools that will automatically insert protections against side-channel and fault attacks in the compilation flow and formally prove the functional equivalence and the robustness of the protected software. The consortium is composed of the LIP6 (Univ. Paris 6) and the CEA.

The post-doc work will be focus on the security analysis of the code generated with the Prosecco flow according to different use cases (verify pin, AES, bootloader) and different threats (SCA, FA). This analysis will be conducted with state-of-the-art side channel and fault injection benches. Some intermediate security evaluations will also be conducted with \"low cost\" equipment setups. This work will imply a close interaction with the other teams. The retained candidate will bring to other tasks of the project a central expertise about physical attacks and countermeasures.

Applicant Profile

PhD in microelectronic, computer science or a related field with a focus on hardware security and physical attacks (SCA and/or FA).

Knowledges and experiences in some or all of the following fields will be an asset during the position: Hardware security, Physical attacks and countermeasures, Cryptography, Microprocessors, Software and compilation

Good programming practice. Written and spoken English.

A brief description of the PhD thesis, a publication list and some recommendations should be included to your application.

Job location : Gardanne (Fr)

Start date : 01/09/2017, (to be discussed)

Closing date for applications: 1 September 2017

Contact:

Pierre-Alain Moellic

pierre-alain.moellic (at) cea.fr

Singapore University of Technology and Design (SUTD) is a young university established in collaboration with MIT. Cyber security is one of its most important areas and grows very fast with rich research funding. It has the world’s best facilities in cyber-physical systems (CPS) including testbeds for Secure Water Treatment (SWaT), Water Distribution (WADI), Electric Power and Intelligent Control (EPIC), and IoT.

I am looking for PhD interns on cyber-physical system security (IoT, autonomous vehicle, and power grid etc.), especially on the topics such as 1) Lightweight and low-latency crypto algorithms for CPS devices, 2) Resilient authentication of devices and data in CPS, 3) Advanced SCADA firewall to filter more sophisticated attacking packets in CPS, 4) Big data based threat analytics for detection of both known and unknown threats, 5) Attack mitigation to increase the resilience of CPS. The attachment will be at least 3 months. Allowance will be provided for local expenses.

Interested candidates please send your CV with a research statement to Prof. Jianying Zhou.

Closing date for applications: 30 May 2017

Contact: Prof. Jianying Zhou

Email: jianying_zhou (at) sutd.edu.sg

More information: http://jianying.space/

Monero is a cryptocurrency that has rapidly gained popularity since its launch in April 2014. The source of its growth can be mainly attributed to its unique privacy properties that go well beyond the pseudonymity property of cryptocurrencies such as Bitcoin. In this work, we conduct a forensic analysis of the Monero blockchain. Our main goal is to investigate Monero’s untraceability guarantee, which essentially means that given a transaction input, the real output being redeemed in it should be anonymous among a set of other outputs. To this end, we develop three heuristics that lead to simple-to-implement attack routines.

We evaluate our attacks on the Monero blockchain and show that in 87% of cases, the real output being redeemed can be easily identified with certainty. Moreover, we have compelling evidence that two of our attacks also extend to Monero RingCTs — the second generation Monero that even hides the transaction value. Furthermore, we observe that for over 98% of the inputs that we have been able to trace, the real output being redeemed in it is the one that has been on the blockchain for the shortest period of time. This result shows that the mitigation measures currently employed in Monero fall short of preventing temporal analysis.

Motivated by our findings, we also propose a new mitigation strategy against temporal analysis. Our mitigation strategy leverages the real spending habit of Monero users.

Storing the large-scale data on the cloud server side becomes nowadays an alternative for the data owner with the popularity and maturity of the cloud computing technique, where the data owner can manage the data with limited resources, and the user issues the query request to the cloud server instead of the data owner. As the server is not completely trusted, it is necessary for the user to perform results authentication to check whether or not the returned results from the cloud server are correct. We investigate in this paper how to perform efficient data update for the result authentication of the outsourced univariate linear function query. We seek to outsource almost all the data and computing to the server, and as few data and computations as possible are stored and performed on the data owner side, respectively. We present a novel scheme to achieve the security goal, which is divided into two parts. The first part is a verification algorithm for the outsourced computing of line intersections, which enables the data owner to store most of the data on the server side, and to execute less of the computing of the line intersections. The second part is an authentication data structure Two Level Merkle B Tree for the outsourced univariate linear function query, where the top level is used to index the user input and authenticate the query results, and the bottom level is used to index the query condition and authenticate the query results. The authentication data structure enables the data owner to update the data efficiently, and to implement the query on the server side. The theoretic analysis shows that our proposed scheme works with higher efficiency.

In this paper we focus on three open questions regarding NIST SP 800-22 randomness test: the probability of false acceptance, the number of minimum sample size to achieve a given probability error and tests independence. We shall point out statistical testing assumptions, source of errors, sample constructions and a computational method for determining the probability of false acceptance and estimating the correlation between the statistical tests.