International Association
for Cryptologic Research

We present symbolic analysis techniques for detecting vulnerabilities that are due to adaptive side-channel attacks, and synthesizing inputs that exploit the identified vulnerabilities. We start with a symbolic attack model that encodes succinctly all the side-channel attacks that an adversary can make. Using symbolic execution over this model, we generate a set of mathematical constraints, where each constraint characterizes the set of secret values that lead to the same sequence of side-channel measurements. We then compute the optimal attack, i.e, the attack that yields maximum leakage over the secret, by solving an optimization problem over the computed constraints. We use information-theoretic concepts such as channel capacity and Shannon entropy to quantify the leakage over multiple runs in the attack, where the measurements over the side channels form the observations that an adversary can use to try to infer the secret. We also propose greedy heuristics that generate the attack by exploring a portion of the symbolic attack model in each step. We implemented the techniques in Symbolic PathFinder and applied them to Java programs encoding web services, string manipulations and cryptographic functions, demonstrating how to synthesize optimal side-channel attacks.

Searchable Encryption (SE) allows a user to upload data to the cloud and to search it in a remote fashion while preserving the privacy of both the data and the queries. Recent research results describe attacks on SE schemes using the access pattern, denoting the ids of documents matching search queries, which most SE schemes reveal during query processing. However SE schemes usually leak more than just the access pattern, and this extra leakage can lead to attacks (much) more harmful than the ones using basic access pattern leakage only. We remark that in the special case of Multi-User Searchable Encryption (MUSE), where many users upload and search data in a cloud-based infrastructure, a large number of existing solutions have a common leakage in addition to the well-studied access pattern leakage. We show that this \emph{seemingly small} extra leakage allows a very simple yet powerful attack, and that the privacy degree of the affected schemes have been overestimated. We also show that this new vulnerability affects existing software. Finally we formalize the newly identified leakage profile and show how it relates to previously defined ones.

The PhD subject we offer consists in studying how hardware attacks may be used as an entry point to attack IoT devices. It will involve an assessment of the threats in the context of IoT with both analysis and experimental validation of the attack paths. One objective is to design and test countermeasures and mitigation techniques that fit the constraints of IoT device (e.g. power and cost constraints, use of non-secure microcontrollers).

A focus will be put on fault injection techniques which consists in injecting faults into the computations of the targeted circuit for the purpose of either recovering a secret key or bypassing security checks (algorithm modification).

Closing date for applications: 30 June 2017

Contact: For further questions regarding the position or details on the research project, please contact:

- Dr. Jean-Max DUTERTRE from Mines Saint-Etienne:

- or Pr. Jean-Luc DANGER from Télécom ParisTech.

More information: http://www.emse.fr/~dutertre/doc_recherche/annonce_these_EDSIS_2017_SAS.pdf

Implementing cryptography on Internet-of-Things (IoT) devices, that is resilient against side channel analysis, has so far been a task only suitable for specialist software designers in interaction with access to a sophisticated testing facility. Recently a novel tool has been developed, ELMO, which offers the potential to enable non-specialist software developers to evaluate their code w.r.t. power analysis for a popular IoT processor. We explain a crucial extension of ELMO, which enables a user to test higher-order masking schemes much more efficiently than so far possible as well as improve the ease and speed of diagnosing masking errors.

Event date: 29 April to 3 May 2018

The O*NET Data Collection Program, which is sponsored by the U.S. Department of Labor Employment and Training Administration (https://www.doleta.gov/programs/onet/), is seeking the input of expert Mathematicians and Cryptographers. As the nation’s most comprehensive source of occupational data, O*NET is a free resource for millions of job seekers, employers, veterans, educators, and students at www.onetonline.org. O*NET particularly needs input from Cryptographers.

You have the opportunity to participate in this important initiative as it will help ensure that the complexities of your profession are described accurately in the O*NET Database for the American public for career exploration and job analysis.

Mathematicians

Description: Conduct research in fundamental mathematics or in application of mathematical techniques to science, management, and other fields. Solve problems in various fields using mathematical methods.

You are considered an Occupation Expert if you meet the following criteria:

• At least 5 years of experience with the occupation. Includes those who are now supervising, teaching, or training IF you have at least one year of practice during your career.
• Currently active in the occupation (practicing, supervising, teaching and/or training) and based in the U.S.

If you meet these criteria and are interested in participating as an occupation expert, please email or call Tammy Belcher at the O*NET Operations Center at RTI International (the O*NET data collection contractor) 877-233-7348 ext. 119 or tbelcher@onet.rti.org and provide the following:

• Name/ # years of experience
• Address with city and state
• Daytime phone number
• Email address
• Do you have at least one year of practice in the occupation and are you still active?

Process and Participation Incentive: A random sample of experts responding to this request will be invited to complete a set of questionnaires (paper or online versions available). $40.00 in cash and a certificate of appreciation from the U.S. Department of Labor will be included with the questionnaires.

We encourage you to consider helping to keep information about your profession accurate and current for the benefit of our colleagues and the nation. Thank you very much for your support.

(Dr. Laurie Cluff of RTI, International is leading this program of data collection from occupation experts. If you have questions or concerns, she may be reached by phone, at (919) 541-6514, or by e-mail, at lcluff@rti.org. Thank you for your time and consideration.)

Event date: 10 August to 11 August 2017
Submission deadline: 26 May 2017
Notification: 19 June 2017

Over the last few years, a new breed of machines have appeared in the quantum computing landscape, the so-called analog quantum computers of which the machines presently sold by the Canadian company D-Wave are the first instances. From an abstract point of view, such a machine may be seen as an oracle specialized in the resolution of an NP-hard optimization problem (of the spin-glass type) with an algorithm analogous to the well-known simulated annealing but with a quantum speedup (the precise characterization of which still being an open question). If the theory of quantum annealing is now relatively well understood by the physics community, the extent to which D-Wave machines implements it properly is still the subject of some controversy within that community. Still, quantum annealing machines do exists today at a non-trivial scale (between 500 and 1000 bits of internal state) and their technological path towards larger scales is much clearer than for their digital cousins. Furthermore, it is presently considered that a quantum annealing machines with an internal state between 6 to 10 kbits would be competitive with the most powerful classical computers for solving optimization problems. In this context, the present thesis aims at investigating polynomial transformation paths from some NP problems (not necessarily NP-hard and which selection will be done as part of the thesis work) towards the reference problem of the annealing machine. Thus, the main objective of this thesis is to develop a better understanding of the theoretical performances of these machines, as well as a first return on experience if access to a D-Wave machine (via an institution owning such a machine) is possible. Depending on the candidate profile, the subject will bend more towards either physical aspects, computational complexity theory aspects or more applicative aspects (operations research, cryptanalysis notably).

Closing date for applications: 31 December 2017

Contact: Renaud Sirdey

More information: http://www-instn.cea.fr/

We are looking for Research Fellow (Post-Doc), Research Associate, Research Assistant, PhD student (several positions) to join our group.

Candidates for research fellow/associate should have completed (or close to completing) a PhD in computer science, mathematics, or a related discipline. Research assistant are expected to have an honours degree or an equivalent qualification. Applicants should have solid experience in any of the following areas:

1. public key cryptography and provable security.

2. system and network security

3. software engineering

Successful candidates are expected to contribute to one of the following topics:

- applications of blockchain technology

- lattice-based cryptography

- mobile security

- network security

The post has a flexible starting date. The initial appointment will be for 12 months, with a strong possibility for further appointment.

Applicants for PhD studentship should possess:

- a bachelor degree in computer science with good programming skills; or

- a bachelor degree in mathematics with strong interest in cryptography.

Review of applications will start immediately until the positions are filled.

Closing date for applications: 1 November 2017

Contact: Contact: Daniel Xiapu Luo (http://www4.comp.polyu.edu.hk/~csxluo) (csxluo at comp dot polyu dot edu dot hk)

Man Ho Allen Au (http://www4.comp.polyu.edu.hk/~csallen/) (csallen at comp dot polyu dot edu dot hk)

We are looking for an excellent, motivated, self-driven doctoral student to work in the area of information security and cryptography. The position is for up to five years at the Department of Computer Science and Engineering, within the group of Prof. Katerina Mitrokotsa who is doing research in cryptographic protocols that guarantee reliable authentication, privacy-preservation and verifiable delegation of computation. The topic of this project is focusing on investigating security and privacy issues for resource-constrained devices (e.g., sensors) that rely on external untrusted servers in order to perform computations. More precisely, the student shall be working on investigating efficient authentication and verifiable delegation of computation mechanisms that provide: i) provable security guarantees, and ii) rigorous privacy guarantees. The overall aim of the PhD position will be to design and evaluate cryptographically reliable and privacy-preserving authentication and verifiable delegation of computation protocols. The research shall also consider the case where multiple clients outsource jointly computations to untrusted cloud servers. Experience in one or more domains such as cryptography, design of protocols, secure multi-party computation and differential privacy is beneficial. Mathematical maturity is essential.

The PhD student will be supervised by Prof. Katerina Mitrokotsa: http://www.cse.chalmers.se/~aikmitr/

Full-time temporary employment. PhD student positions are limited to five years. Starting salary is 27,835 SEK a month before tax. The position is intended to start in Sept 2017.

Submit your applications here: http://goo.gl/PfyRzY

Attention! You need to select project C4 in your application.

Closing date for applications: 31 May 2017

Contact: Katerina Mitrokotsa, Associate Professor, Chalmers Univ. of Technology

More information: http://www.cse.chalmers.se/~aikmitr/PhD-Cryptography-Cloud.html

Do you have a PhD degree in Computer Science with specialization in Network / Cybersecurity? Are you interested in breaking into the rapidly-growing automotive security market?

OnBoard Security, formerly the Embedded Security division of Security Innovation, is the leader in automotive cybersecurity and we are looking for a Researcher to work on exciting projects.

Position Overview

OnBoard Security delivers world-class research and consulting services in secure communications, network security architecture, PKI, and security for connected vehicles. You will support research projects on a variety of security and privacy topics relating to connected and automated vehicles. You will also help us out in our Connected Vehicle Security consulting business.

Required Qualifications

• PhD degree in Computer Science (specialization in network security is a plus) or 5 years in industry, including work in a research-aligned environment

• Publications in top-tier conferences (please attach your best publication to your application)

• Experience with simulation tools (e.g. VEINS)

• Good communication skills

About us

We can’t name all the customers we’ve worked with, but recent specific projects have included being technical editor of IEEE Std 1609.2, the standard for all communications security for connected vehicle; and serving as security lead for the New York City Connected Vehicle Pilot, shaping all aspects of application, communication and configuration security for an upcoming 8,000 vehicle deployment on the streets of New York. Our security middleware was selected by GM for inclusion in the MY 2017 Cadillac CTS, the first car to have DSRC installed for sale to the general public. On the research side, we are working on topics ranging from cryptography (e.g. Garbled Circuits) to network and system security (e.g. misbehavior detection) and privacy (e.g. pseudonym system).

OnBoard Security is an equal opportunity employer.

Closing date for applications: 1 August 2017

Contact: Jonathan Petit, Senior Director of Research

jobs (at) onboardsecurity.com

More information: http://www.onboardsecurity.com

WHO?
We are eciotify, a new venture supported by NBT AG. We envision a world whereby IoT devices are enabled to freely participate in an economy; buying, selling and trading their digital assets by our secure, low cost and inter-operable technologies.
As our Blockchain Expert you will be responsible for the developments of our Blockchain Technology.

WHAT?
Take an active role in decisions on designing new systems and architectures based on Blockchain technologies

MUST HAVES: 

• Significant experience in blockchain technologies (e.g. Ethereum, Hyperledger)
• In-depth knowledge in smart contract programming, ideally proven by some previous projects

WHY SHOULD YOU JOIN?

People matter for us!
Our employees are the foundation of everything we accomplish.
The only way to realize our full potential is by providing an inspiring work environment, by enabling our employees to grow and provide them with everything they need to become thought leaders in their field.

Be in the driver seat of your personal and professional development
We offer you responsible and versatile tasks in a highly motivated international team. You will find minimal hierarchies, quick decision-making, a great work environment atmosphere. If you are a self motivated thinker and doer, we will provide you with astonishing opportunities to grow on a personal and professional level! In collaboration with Professor Gajek, eciotify is providing a great R&D environment for the most curious minds! We also offer the possibility to make your PhD and are able to connect you with the international research community.

 

To sum it all up in one sentence:

Build cool stuff with us!

Closing date for applications: 15 June 2017

Contact: Dennis Wegener

Head of HR

buildcoolstuff (at) eciotify.io

More information: http://eciotify.io

The International Max Planck Research School for Computer Science (IMPRS-CS) is a graduate program jointly run by the Max Planck Institute for Informatics, the Max Planck Institute for Software Systems and Saarland University.

The IMPRS-CS offers a PhD program upon successful completion of which students receive a Doctoral Degree in Computer Science from Saarland University. The program is open to students who hold or are about to receive a research-oriented Masters degree in Computer Science (or an equivalent degree). Successful candidates will typically have ranked at or near the top of their classes, have already engaged in research and published their results, and be highly proficient in written and spoken English.

Admitted students receive a support contract that covers all living expenses and tuition fees. They enjoy a research-oriented education with close supervision by world-renowned scientists in a competitive, yet collaborative, environment rich in interaction with other students, post-docs, and scientists.

Applications are accepted all year round; the current round closes on July 15th, 2017.

Further information, including instructions on how to apply, can be found here: http://www.imprs-cs.de

,

Closing date for applications: 15 July 2017

Contact: Jennifer Gerling, IMPRS-CS Coordinator

E-Mail: imprs (at) mpi-inf.mpg.de

Phone: +49 681 9325 1800

More information: http://www.imprs-cs.de

The Fiat-Shamir construction (Crypto 1986) is an efficient transformation in the random oracle model for creating non-interactive proof systems and signatures from sigma-protocols. In classical cryptography, Fiat-Shamir is a zero-knowledge proof of knowledge assuming that the underlying sigma-protocol has the zero-knowledge and special soundness properties. Unfortunately, Ambainis, Rosmanis, and Unruh (FOCS 2014) ruled out non-relativizing proofs under those conditions in the quantum setting.

In this paper, we show under which strengthened conditions the Fiat-Shamir proof system is still post-quantum secure. Namely, we show that if we require the sigma-protocol to have computational zero-knowledge and perfect special soundness, then Fiat-Shamir is a zero-knowledge simulation-sound proof system (but not a proof of knowledge!). Furthermore, we show that Fiat-Shamir leads to a post-quantum secure strongly unforgeable signature scheme when additionally assuming a "dual-mode hard instance generator" for generating key pairs.

Finally, we study the extractability (proof of knowledge) property of Fiat-Shamir. While we have no proof of the extractability itself, we show that if we can prove extractability, then other desired properties such as simulation-sound extractability (i.e., non-malleability), and strongly unforgeable signatures follow.

The design of an efficient code-based signature scheme is by all means still an open problem. In this paper, we propose a simple and efficient scheme following the framework detailed by Lyubashevsky to construct an identification scheme. The scheme is based on quasi-cyclic codes and, while security relies on the ring algebra that is associated with them, the proposal benefits from the quasi-cyclic structure in reducing key and signature sizes.

Machine learning is widely used in practice to produce predictive models for applications such as image processing, speech and text recognition. These models are more accurate when trained on large amount of data collected from different sources. However, the massive data collection raises privacy concerns.

In this paper, we present new and efficient protocols for privacy preserving machine learning for linear regression, logistic regression and neural network training using the stochastic gradient descent method. Our protocols fall in the two-server model where data owners distribute their private data among two non-colluding servers who train various models on the joint data using secure two-party computation (2PC). We develop new techniques to support secure arithmetic operations on shared decimal numbers, and propose MPC-friendly alternatives to nonlinear functions such as sigmoid and softmax that are superior to prior work.

We implement our system in C++. Our experiments validate that our protocols are several orders of magnitude faster than the state of the art implementations for privacy preserving linear and logistic regressions, and scale to millions of data samples with thousands of features. We also implement the first privacy preserving system for training neural networks.

The efficient protection of security critical devices against side-channel analysis attacks is a fundamental need in the age of Internet of Things and ubiquitous computing. In this work, we introduce a configurable hardware design of Keccak (SHA-3) which can be tailored to fulfill the needs of a wide range of different applications. Our Keccak design is therefore equipped with generic side-channel protection capabilities. The design can thus be synthesized for any desired protection level by just changing one design parameter. Regardless of its generic appearance, the introduced Keccak design yields the smallest (15.7 kGE) firstorder protected Keccak implementation published to this date. Furthermore, it is to the best of our knowledge the first higher-order side-channel resistant implementation of Keccak. In total, we state results for four different Keccak variants up to the ninth protection order.

Zero-confirmation transactions, i.e., transactions that have been broadcast but are still pending to be included in the blockchain, have gained attention in order to enable fast payments in Bitcoin, shortening the time for performing payments. Fast payments are desirable in certain scenarios, for instance, when buying in vending machines, fast food restaurants, or withdrawing from an ATM. Despite being fast propagated through the network, zero-confirmation transactions are not protected against double-spending attacks, since the double spending protection Bitcoin offers relays on the blockchain and, by definition, such transactions are not yet included in it. In this paper, we propose a double-spending prevention mechanism for Bitcoin zero-confirmation transactions. Our proposal is based on exploiting the flexibility of the Bitcoin scripting language together with a well known vulnerability of the ECDSA signature scheme to discourage attackers from performing such an attack.

The Border Gateway Protocol (BGP) computes routes between the organizational networks that make up today's Internet. Unfortunately, BGP suffers from deficiencies, including slow convergence, security problems, a lack of innovation, and the leakage of sensitive information about domains' routing preferences. To overcome some of these problems, we revisit the idea of centralizing and using secure multi-party computation (MPC) for interdomain routing which was proposed by Gupta et al. (ACM HotNets'12). We implement two algorithms for interdomain routing with state-of-the-art MPC protocols. On an empirically derived dataset that approximates the topology of today's Internet (55,809 nodes), our protocols take as little as 6 s of topology-independent precomputation and only 3s of online time. We show, moreover, that when our MPC approach is applied at country/region-level scale, runtimes can be as low as 0.17 s online time and 0.20 s pre-computation time. Our results motivate the MPC approach for interdomain routing and furthermore demonstrate that current MPC techniques are capable of efficiently tackling real-world problems at a large scale.

This paper is devoted to the study of the problem of running compression algorithms in the encrypted domain, using a (somewhat) Fully Homomorphic Encryption (FHE) scheme. We do so with a particular focus on conservative compression algorithms. Despite of the encrypted domain Turing-completeness which comes with the magic of FHE operators, we show that a number of subtleties crop up when it comes to running compression algorithms and, in particular, that guaranteed conservative compression is not possible to achieve in the FHE setting. To illustrate these points, we analyze the most elementary conservative compression algorithm of all, namely Run-Length Encoding (RLE). We first study the way to regularize this algorithm in order to make it (meaningfully) fit within the constraints of a FHE execution. Secondly, we analyze it from the angle of optimizing the resulting structure towards (as much as possible) FHE execution efficiency. The paper is concluded by concrete experimental results obtained using the Fan-Vercauteren cryptosystem as well as the Armadillo FHE compiler.