IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
09 October 2017
Key Dependent Message Security and Receiver Selective Opening Security for Identity-Based Encryption
Fuyuki Kitagawa, Keisuke Tanaka
Our constructions of IBE are very simple. We construct our KDM secure IBE by transforming KDM secure secret-key encryption using IBE satisfying only ordinary indistinguishability against adaptive-ID attacks (IND-ID-CPA security). Our simulation-based RSO secure IBE is based only on IND-ID-CPA secure IBE.
We also demonstrate that our construction technique for KDM secure IBE is used to construct KDM secure public-key encryption. More precisely, we show how to construct KDM secure public-key encryption from KDM secure secret-key encryption and public-key encryption satisfying only ordinary indistinguishability against chosen plaintext attacks.
Kirsten Eisentraeger, Sean Hallgren, Travis Morrison
We also define the notion of a compact representation of an endomorphism, and use this to show that endomorphism rings always have polynomial representation size. We then reduce the endomorphism ring problem to computing maximal orders and Action-on-$\ell$-Torsion, thus laying the foundation for analysis of the hardness of endomorphism ring computation. This identifies these last two problems as one possible way to attack some systems, such as hash functions based on the $\ell$-isogeny graph of supersingular elliptic curves. This gives the potential to use algebraic tools in quaternion algebras to solve the problems. We also discuss how these reductions apply to attacks on a hash function of Charles, Goren, and Lauter.
Niels Samwel, Lejla Batina, Guido Bertoni, Joan Daemen, Ruggero Susella
In this paper we show that in use cases where power or electromagnetic leakage can be exploited, exactly the mechanism that makes EdDSA deterministic complicates its secure implementation. In particular, we break an Ed25519 implementation in WolfSSL, which is a suitable use case for IoT applications. We apply differential power analysis (DPA) on the underlying hash function, SHA-512, requiring only 4000 traces.
Finally, we present a tweak to the EdDSA protocol that is cheap and effective against the described attack while keeping the claimed advantage of EdDSA over ECDSA in terms of featuring less things that can go wrong e.g. the required high-quality randomness. However, we do argue with our countermeasure that some randomness (that need not be perfect) might be hard to avoid.
Marc Fischlin, Sogol Mazaheri
We present constructions of basic primitives for (public-key and private-key) encryption and for signatures. We also argue that the model captures attacks with malicious hardware tokens and show how to self-guard a PUF-based key exchange protocol.
Miguel Ambrona, Gilles Barthe, Romain Gay, Hoeteck Wee
Katriel Cohn-Gordon, Cas Cremers
Marcel Keller, Avishay Yanai
In this work we propose three techniques to construct a secure memory access, each appropriates to a different level of abstraction of the underlying garbling functionality. We provide a comparison between the techniques by several metrics. To the best of our knowledge, we are the first to construct, prove and implement a concretely efficient garbled-circuit-based actively secure RAM computation with dishonest majority.
Our construction is based on our third (most efficient) technique, cleverly utilizing the underlying SPDZ authenticated shares (Damgård et al., Crypto 2012), yields lean circuits and a constant number of communication rounds per physical memory access. Specifically, it requires no additional circuitry on top of the ORAM's, incurs only two rounds of broadcasts between every two memory accesses and has a multiplicative overhead of 2 on top of the ORAM's storage size.
Our protocol outperforms the state of the art in this settings when deployed over WAN. Even when simulating a very conservative RTT of 100ms our protocol is at least one order of magnitude faster than the current state of the art protocol of Keller and Scholl (Asiacrypt 2015).
Sondre R{\o}njom, Navid Ghaedi Bardeh, Tor Helleseth
Irene Giacomelli, Somesh Jha, Marc Joye, C. David Page, Kyonghwan Yoon
University of Luxembourg, CryptoLux team
He or she will contribute to a research project on future directions in one or more of the following topics:
o Design and Cryptanalysis of lightweight block ciphers, authenticated encryption schemes
o Side-channel attacks on symmetric cryptosystems and countermeasures
o Design and security analysis of IoT and blockchain security protocols
o Strong whitebox-cryptography
Your Profile
• M.Sc. degree in Computer Science, Applied Mathematics, Electrical Engineering, or a related field
• Strong mathematical and algorithmic CS background (complexity of algorithms; probability/statistics; discrete math; basic cryptography, algebra)
• Background in cryptography or information security or ethical hacking - a plus
• Good skills in programming, scripting languages . Math tools a plus.
• Commitment, team working and a critical mind
• Participation in competitions, Olympiads, CTFs - a big plus
• Fluent written and verbal communication skills in English are mandatory
We offer
Duration of Ph.D. is typically between 3-4 years. The University offers highly competitive salaries and is an equal opportunity employer. You will work in an exciting international environment and will have the opportunity to participate in the development of a newly created research center.
Applications, written in English, should be submitted online and should include:
• Curriculum Vitae (including your contact address, photo, work experience, publications)
• A research statement indicating your interest, prior research (if any) and your motivation (max 1 page)
Closing date for applications: 30 November 2017
Contact: Prof. Alex Biryukov (e-mail: name dot family name (at) uni.lu)
More information: https://www.cryptolux.org
07 October 2017
Singapore University of Technology and Design, Singapore
I am looking for highly motivated PhD interns (strong MSc students will also be considered) who are interested in conducting research in at least one of the following fields:
- blockchain security (Bitcoin, Ethereum, cryptocurrencies, smart contracts, ...)
- network and systems security (Internet, SSL/TLS, PKI, ...)
Candidates should have an excellent background in computer science (or related), ability to work on inter-disciplinary research projects, good design and programming skills, and a strong interest in at least one of the listed fields.
The attachment should be between 3 and 6 months, and an allowance will be provided for local expenses.
If you are interested please send your CV to Pawel Szalachowski.
Closing date for applications:
Contact: pawel (at) sutd.edu.sg
University of Illinois at Urbana - Champaign, USA
Closing date for applications: 15 November 2017
More information: https://jobs.illinois.edu
Indra Sistemas (Madrid, Spain)
We are looking for a senior research engineer for the cyber situational awareness research line. The candidate must prove the ability to undertake applied research and innovation, from exploratory thinking to prototyping and demonstration. The candidate should demonstrate the ability to generate new ideas, develop novel conceptual models and architectures and validate them with proof-of-concepts and functional prototypes. The candidate must have strong programming skills, in different languages and environments.
Minimum:
- Ph.D. in Computer Science or similar, cybersecurity topic.
- +5 years of experience in cybersecurity, having participated in projects in/for the private sector.
- Experience in complex systems modelling and design.
- Knowledge in vulnerability assessment, attack detection techniques, risk management, threat intelligence.
- Good track of scientific publications.
- Be eligible to obtain NATO/EU Security Clearance.
- English: C1 (CEFR). Fluent in Spanish is a plus, but not required.
Preferred:
- Knowledge in cyber situational awareness or related field, such as dynamic risk management, cyber mission impact assessment, predictive intelligence, visual analytics.
- Knowledge in big data, data mining, machine learning.
If you are interested, please submit your CV in PDF format to the contact person.
Closing date for applications: 31 December 2017
Contact: Dr. Jorge Lopez Hernandez-Ardieta
Head of Cybersecurity Product Innovation
jlhardieta at minsait.com
More information: http://www.indracompany.com/en
Cybernetica, Information Security Institute
SENIOR RESEARCHER
We are looking for applicants that complement our existing competencies and at the same time have necessary abilities to lead an independent industrial research group.
The list of potential topics of interest includes but is not limited to
• new directions in cryptography (especially post-quantum cryptography),
• cryptanalysis,
• formal methods (sociotechnical risk models, protocol analysis),
• privacy-preserving computations,
• data mining and/or machine learning for security,
• secure software and systems development,
• hardware-level and embedded systems security (Internet-of-Things, smart cards, side channel attacks).
We stress once more that the previous list is not exhaustive. We a looking for a candidate who creates synergies with our existing senior researchers.
Successful applicant has a
• PhD degree in computer science, mathematics, software engineering or in a closely related field, together with a
• proven track record showing academic and/or industrial performance in the field of computer security or cryptography.
We offer
• opportunity to integrate new research activities into Cybernetica\'s R&D portfolio, as well as to contribute to existing themes;
• to work with, learn from, and teach highly qualified professionals, both in research and development;
• to be part of, and improve the Estonian e-society;
• (reasonable) funds to set up your research environment, should your research topics require the purchase or rent of specialized hardware, high-performance computing resources, etc;
• funds to hire a junior researcher working on your research topics;
• being part of a growing team either in our Tallinn or Tartu office;
• flexible working hours.
Closing date for applications: 15 November 2017
Contact: Helena Sarapuu
Head of HR
Cybernetica AS
E-mail: job (at) cyber.ee
Address: Mäealuse 2/1, 12618 Tallinn, Estonia
More information: https://cyber.ee/en/research/
Singapore University of Technology and Design (SUTD)
I am looking for PhD interns with interest in cyber-physical system security (IoT, autonomous vehicle, and power grid etc.), especially on the topics such as 1) Lightweight and low-latency crypto algorithms for CPS devices, 2) Resilient authentication of devices and data in CPS, 3) Advanced SCADA firewall to filter more sophisticated attacking packets in CPS, 4) Big data based threat analytics for detection of both known and unknown threats, 5) Attack mitigation to increase the resilience of CPS. The attachment will be at least 3 months. Allowance will be provided for local expenses.
Interested candidates please send your CV with a research statement to Prof. Jianying Zhou.
Contact: Prof. Jianying Zhou
Email: jianying_zhou (at) sutd.edu.sg
Home: http://jianying.space/
Closing date for applications: 31 October 2017
Contact: Prof. Jianying Zhou
More information: http://jianying.space/
Putrajaya, Malaysia, 9 July - 11 July 2018
Submission deadline: 5 February 2018
Notification: 5 April 2018
1 October - 13 April 2018
Submission deadline: 13 April 2018
Notification: 13 June 2018
Marrakesh, Morocco, 7 May - 9 May 2018
Submission deadline: 7 January 2018
Notification: 20 February 2018
05 October 2017
Nico Döttling, Sanjam Garg, Mohammad Hajiabadi, Daniel Masny
In this work, we show that OTSE can be instantiated from hard learning problems such as the Learning With Errors (LWE) and the Learning Parity with Noise (LPN) problems. This immediately yields the first IBE construction from the LPN problem and a construction based on a weaker LWE assumption compared to previous works.
Finally, we show that the notion of one-time signatures with encryption is also useful for the construction of key-dependent-message (KDM) secure public-key encryption. In particular, our results imply that a KDM-secure public key encryption can be constructed from any KDM-secure secret-key encryption scheme and any public-key encryption scheme.