IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
14 June 2017
Elette Boyle, Yuval Ishai, Rafael Pass, Mary Wootters
ePrint ReportTowards solving the above problem, we study a weaker secret key variant where the data is encoded and accessed by the same party. This primitive, that we call an oblivious locally decodable code (OLDC), is independently motivated by applications such as searchable sym- metric encryption. We reduce the public-key variant of PIR to OLDC using an ideal form of obfuscation that can be instantiated heuristically with existing indistinguishability obfuscation candidates, or alternatively implemented with small and stateless tamper-proof hardware.
Finally, a central contribution of our work is the first proposal of an OLDC candidate. Our candidate is based on a secretly permuted Reed-Muller code. We analyze the security of this candidate against several natural attacks and leave its further study to future work.
Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo
ePrint ReportFirst we show an attack that allows a buyer to learn partial information about the digital good being sold, without paying for it. This break in the zero-knowledge condition of ZKCP is due to the fact that in the protocols we attack, the buyer is allowed to choose common parameters that normally should be selected by a trusted third party.
We present ways to fix this attack that do not require a trusted third party.
Second, we show that ZKCP are not suited for the purchase of digital services rather than goods. Current constructions of ZKCP do not allow a seller to receive payments after proving that a certain service has been rendered, but only for the sale of a specific digital good. We define the notion of Zero-Knowledge Contingent Service Payment (ZKCSP) protocols and construct two new protocols, for either public or private verification.
We implemented and tested the attack on ZKCP, and our two new ZKCSP protocols, showing their feasibility for very realistic examples. We present code that learns, without paying, the value of a Sudoku cell in the "Pay-to-Sudoku" ZKCP implementation [17]. We also implement ZKCSP protocols for the case of Proof of Retrievability, where a client pays the server for providing a proof that the client's data is correctly stored by the server. A side product of our implementation effort is a new optimized circuit for SHA256 with less than a quarter than the number of AND gates of the best previously publicly available one. Our new SHA256 circuit may be of independent use for circuit-based MPC and FHE protocols that require SHA256 circuits.
Pramod Subramanyan, Rohit Sinha, Ilia Lebedev, Srinivas Devadas, Sanjit Seshia
ePrint ReportManaar Alam, Sarani Bhattacharya, Debdeep Mukhopadhyay, Sourangshu Bhattacharya
ePrint ReportJacob Alperin-Sheriff, Daniel Apon
ePrint ReportWe improve on their result, providing a verification key smaller by a linear factor, a significantly tighter reduction with only a constant loss, and signing and verification algorithms that could plausibly run in about 1 second. Our main idea is to change the scheme in a manner that allows us to replace the pseudorandom function evaluation with an evaluation of a much more efficient weak pseudorandom function.
As a matter of independent interest, we give an improved method of randomized inversion of the G gadget matrix [MP12], which reduces the noise growth rate in homomorphic evaluations performed in a large number of lattice-based cryptographic schemes, without incurring the high cost of sampling discrete Gaussians.
Björn Haase, Benoît Labrique
ePrint ReportYashvanth Kondi, Arpita Patra
ePrint ReportOur scheme directly finds application in ZK protocols where the verification function of the language is representable by a formulaic circuit. Such examples include Boolean formula satisfiability. The ZK protocols obtained by plugging in our scheme in the known paradigm of building ZK protocols from garbled circuits offer better proof size, while relying on standard assumptions. Furthermore, the adaptivity of our garbling scheme allows us to cast our ZK protocols in the offline-online setting and offload circuit dependent communication and computation to the offline phase. As a result, the online phase enjoys communication and computation (in terms of number of symmetric key operations) complexity that are linearly proportional to the witness size alone.
NYUAD-Center for Cyber Security
Job Posting
The goal of this research project is to provide a wider analysis of the existing cryptologic designs and their constructions in order to provide the possibility of new approaches to the designs and analysis of cryptographic components. The conducted research will be in the context of symmetric cryptology and secure hardware implementations. A particular focus will be on the design and analysis of symmetric-key primitives and components.
Required Qualifications
Candidates should have a Ph.D. degree or equivalent experience. Candidates should have a background in symmetric cryptology, hardware cryptology, hardware security or related areas. The following is a list of essential skills for the considered post: Circuit Analysis and Design, Cryptographic Hardware Design (Reconfigurable Hardware, random number generation, lightweight cryptographic design, ALTERA hardware, FPGAs and Verilog VHDL programming), and Cryptographic Design and Cryptanalysis
Terms of employment
The period of employment is one to two years from the initiation of the contract. This is extendable to additional year based on performance. The potential start date is August 2017. The location of the post is Center for Cyber Security in NYU Abu Dhabi.
Application Process
Submissions will be accepted through our online application no later than July 15, 2017. Please visit our website at https://apply.interfolio.com/37893 for instructions and information on how to apply. Please fill in the online application form, and attach all your materials in English. This includes a cover letter, research statement, curriculum vitae, diploma (an official translation into English), a list of publications and three letters of reference. Applicants will be prompted to enter the names and email addresses of three referees. Each referee will be contacted to upload his or her reference letter. Applications and enclosures received beyond the stated deadline will not be considered.
Closing date for applications: 15 August 2017
Contact: Hoda A.Alkhezaimi
More information: https://apply.interfolio.com/37893
13 June 2017
Varanasi, India, 9 January - 11 January 2018
Event CalendarSubmission deadline: 15 August 2017
Notification: 30 October 2017
Oslo, Norway, 14 September - 15 September 2017
Event CalendarSubmission deadline: 25 June 2017
NXP Semiconductors
Job PostingSoftware Security Engineer is responsible for
• Design of embedded software security architectures
• Risk and threats analysis of security systems
• Support the various HW and SW development teams of NXP with security reference designs
• End-to-end security architecture
• Root cause analysis of security defects and creation of counter measures
• Specification and design of innovative security concepts (whitebox cryptography, secure virtual machines, code obfuscators)
Hardware Security Engineer is responsible for
• Detailed implementation reviews
• Definition of security mechanisms in hardware, firmware, protocols, etc.
• Security requirements management by definition and linking of security mechanisms to functional requirements
• Detailed attack modeling and security mechanism specification for hardware and software blocks
• Root cause analysis of security defects
• Planning coordination and execution of pre-silicon vulnerability analysis
See for more information:
https://nxp.wd3.myworkdayjobs.com/en-US/careers/job/Hamburg/Hardware-Security-Architect--m-f-_R-10002704
https://nxp.wd3.myworkdayjobs.com/en-US/careers/job/Hamburg/Software-Security-Architect--m-f-_R-10002703
About us
NXP Semiconductors enables secure connections and infrastructure for a smarter world, advancing solutions that make lives easier, better and safer. As the world leader in secure connectivity solutions for embedded applications, we are driving innovation in the secure connected vehicle, end-to-end security & privacy and smart connected solutions markets.
Closing date for applications: 31 December 2017
Contact: Joppe Bos, Cryptographer, joppe.bos (at) nxp.com
08 June 2017
Crete, Greece, 28 September - 29 September 2017
Event CalendarSubmission deadline: 15 June 2017
Notification: 31 July 2017
RESCUE ETN Project
Job PostingAn innovative European training network RESCUE is to take on the key interdependent challenges in nanoelectronic systems design - reliability, security and quality.
• Application deadline: June 30, 2017
• Recruitment starts in September/October 2017
• Full-time employment contracts at the selected RESCUE host institution for 36 month.
More details http://rescue-etn.eu/
RESCUE Consortium
- Tallinn University of Technology, EE (Maksim Jenihhin)
- BTU Cottbus-Senftenberg, DE (H.T. Vierhaus)
- Delft University of Technology, NL (Said Hamdioui)
- Politecnico di Torino, IT (Matteo Sonza Reorda)
- Cadence Design Systems GmbH, DE (Anton Klotz)
- IROC Technologies, FR (Dan Alexandrescu)
- Intrinsic-ID B.V., NL (Georgios Selimis)
- IHP - Innovations for High Performance Microelectronics GmbH, DE (Milos Krstic)
- Robert Bosch GmbH, DE - Partner Organization (Herve Seudie)
Closing date for applications: 30 June 2017
More information: http://rescue-etn.eu/vacancies
Universiry of Abertay Dundee, Scotland
Job PostingAbertay was the first university in the world to offer degrees Ethical Hacking, and the University continues to be recognised as an international leader in its field. The University has long-established professional links with the United Kingdom thriving cybersecurity community. Abertay University is also home to the largest Student run Cyber-Security Conference in the United-Kingdom
Project Description
The Internet of Things (IoT) is expected to become a transformative technology that offers end-users the capability of sensing, actuating and improved communications. This will lead to significant improvements for Vehicular technologies, Health, Manufacturing (Industry 3.0), Farming, Energy Management, etc.
Computational intelligence approaches, examples of which include evolutionary computation, immune-inspired approaches, and swarm intelligence, are employed to develop scalable machine learning Intrusion Detection Systems.
In this project we will build and expand on existing research activities on Intrusion Detection within the Security Research Group and the Machine Learning Group at Abertay University and would aim to identify security risks in IoT networks and develop a machine learning (Deep Learning, Generative Adversarial Networks) methods for their mitigation.
The ideal student would have an interest in Wireless communications protocols, Linux configuration, and GPU Programming (CUDA) as well as
* A strong background in computing and mathematics (an understanding of machine learning is highly desirable).
* An ability to programme in a high-level computing language (such as Python, C or C++) and/or experience with Matlab (or similar).
*An interest in Security and Privacy applications and research (a background in Security is desirable, but not essential).
*Good numerical and verbal communication skills.
Applicants are encouraged to contact Dr Xavier Bellekens for advice on developing a proposal prior to submitting it.
Closing date for applications: 10 July 2017
Contact: Dr Xavier Bellekens (x.bellekens [AT] abertay.ac.uk )
More information: http://www.xavierbellekens.com/PhDApplication