International Association for Cryptologic Research

# IACR News Central

Here you can see all recent updates to the IACR webpage. These updates are also available:

Now viewing news items related to:

21 July 2016
Job Posting Post-Doc Hongik University, Korea
Post-doctoral fellow position in Department of Computer and Information Communications Engineering at Hongik University in the field of information security including cryptography for at least two year appointment. Applicants should have their Ph.D degrees within five years as of June 30, 2016.

Please email with subject ‘Postdoc position’ statement of research, CV, recommendation letters or referees, and copies of 3 most significant publications to sohwang (at) hongik.ac.kr

Closing date for applications: 12 August 2016

Contact: Professor Seong Oun Hwang at sohwang (at) hongik.ac.kr

Job Posting Post doctorate fellow McMaster University, Hamilton, Ontario, Canada

The Department of Computing and Software at McMaster University in Hamilton, Ontario, Canada, invites applications for a 27-month postdoctoral researcher position in the area of post-quantum cryptography under the supervision of Dr. Douglas Stebila, to begin October 2016.

The successful applicant will have strong experience in one or more forms of post-quantum cryptography (lattice-based, code-based, isogenies, multivariate quadratic, or hash-based signatures). Applicants with either theoretical skills or practical implementation skills are welcome. Applicants must be cleared to graduate from their PhD program by the commencement of the position.

This research is part of a project whose overall goal is to develop practical post-quantum cryptography for the Internet and other applications, and is funded by an NSERC Discovery Accelerator Supplement award.

The researcher will be expected to teach one undergraduate course in each of the two years of the contract, and will have the opportunity to participate in the co-supervision of Masters or PhD students. There is also the potential to participate in industry collaborations.

McMaster University is one of Canada\'s top universities, ranked 4th in Canada and 96th in the world in the 2015 Academic Ranking of World Universities. Hamilton is Canada\'s 9th largest city and is located in the Greater Toronto Area, less than an hour to downtown Toronto by public transit. Hamilton is located along the Niagara escarpment, with more than 100 waterfalls in the city limits, and lots of outdoor activities in the many nearby parks and conservation areas.

Applications should include a CV, names of three references, and a brief statement of research interests and experience, and must be submitted online (http://www.workingatmcmaster.ca/careers/: Job ID # 9483).

Closing date for applications: 25 August 2016

Contact: Dr. Douglas Stebila (stebilad (at) mcmaster.ca)

Eurocrypt 2017 is the 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology. Eurocrypt 2017 is one of the three flagship conferences of the International Association for Cryptologic Research (IACR), and is organized by the Crypto Group at ENS Paris.

Eurocrypt 2017 will be held on April 30-May 4, 2017 in Paris at Maison de la Mutualité, which is located right in the center of Paris, within walking distance of Notre Dame. EuroS&P 2017 will also take place in Paris at the UPMC Jussieu Campus (about 10 minutes walk away) during April 26-28, which is right before EUROCRYPT 2017. The affiliated events will be organized jointly with EuroS&P on April 29-30, 2017, at the UPMC Jussieu Campus.

Proposals are solicited for affiliated events to be held in conjunction with EuroS&P and EUROCRYPT 2017. Each affiliated event provides a forum to address a specific topic at the forefront of security or cryptography research. This includes workshops, tutorials, etc. that can be annual events, one time events, or aperiodic.

Important Dates for Affiliated Events

Event proposal deadline: August 12, 2016
Affiliated event dates: April 29-30, 2017

Provided Services

The EuroS&P and EUROCRYPT organizers provide only the following services to associated events:
• Conference room with projector
• Coffee during 3 coffee breaks (8-9am, 10:30-11am, and 3:30-4:00pm)
• Registration (small, fixed fee, covering the rooms and coffee)
The EuroS&P and EUROCRYPT organizers do not provide lunch, dinner, proceedings, website, etc, but affiliated event organizers can arrange such things directly, if needed. Please use the last page of the submission form to mention any special requests your event might have.

Required Information for Proposing Event

Filling in the form below requires the following information:
• Name and acronym of the event
• Main affiliation (EuroS&P or EUROCRYPT)
• Type of event (Workshop, Tutorial, etc.)
• Abstract and Target audience
• Expected number of participants (e.g. a range)
• Will the event have a public call for contributions
• Will the event have proceedings
• List of event organizers and Contact email
• Expected event duration (up to 2 days) and the preferred date
• Information about past event instances
• Any special requests or additional information
Submission Form

Please submit event proposals using the following web form: http://goo.gl/forms/6JUV5DsV4DGKGzLy1. Please direct any questions to eurocrypt2017@iacr.org
Kalyna is an SPN-based block cipher that was selected during Ukrainian National Public Cryptographic Competition (2007-2010) and its slight modification was approved as the new encryption standard of Ukraine. In this paper, we focus on the key-recovery attacks on reduced-round Kalyna-128/256 and Kalyna-256/512 with meet-in-the-middle method. The differential enumeration technique and key-dependent sieve technique which are popular to analyze AES are used to attack them. Using the key-dependent sieve technique to improve the complexity is not an easy task, we should build some tables to achieve this. Since the encryption procedure of Kalyna employs a pre- and post-whitening operations using addition modulo $2^{64}$ applied on the state columns independently, we carefully study the propagation of this operation and propose an addition plaintext structure to solve this. For Kalyna-128/256, we propose a 6-round distinguisher, and achieve a 9-round (out of total 14-round) attack. For Kalyna-256/512, we propose a 7-round distinguisher, then achieve an 11-round (out of total 18-round) attack. As far as we know, these are currently the best results on Kalyna-128/256 and Kalyna-256/512.
ePrint Report Strong Hardness of Privacy from Weak Traitor Tracing Lucas Kowalczyk, Tal Malkin, Jonathan Ullman, Mark Zhandry
Despite much study, the computational complexity of differential privacy remains poorly understood. In this paper we consider the computational complexity of accurately answering a family $Q$ of statistical queries over a data universe $X$ under differential privacy. A statistical query on a dataset $D \in X^n$ asks "what fraction of the elements of $D$ satisfy a given predicate $p$ on $X$?'' Dwork et al. (STOC'09) and Boneh and Zhandry (CRYPTO'14) showed that if both $Q$ and $X$ are of polynomial size, then there is an efficient differentially private algorithm that accurately answers all the queries, and if both $Q$ and $X$ are exponential size, then under a plausible assumption, no efficient algorithm exists.

We show that, under the same assumption, if either the number of queries or the data universe is of exponential size, then there is no differentially private algorithm that answers all the queries. Specifically, we prove that if one-way functions and indistinguishability obfuscation exist, then:

1) For every $n$, there is a family $Q$ of $\tilde{O}(n^7)$ queries on a data universe $X$ of size $2^d$ such that no $\poly(n,d)$ time differentially private algorithm takes a dataset $D \in X^n$ and outputs accurate answers to every query in $Q$.

2) For every $n$, there is a family $Q$ of $2^d$ queries on a data universe $X$ of size $\tilde{O}(n^7)$ such that no $\poly(n,d)$ time differentially private algorithm takes a dataset $D \in X^n$ and outputs accurate answers to every query in $Q$.

In both cases, the result is nearly quantitatively tight, since there is an efficient differentially private algorithm that answers $\tilde{\Omega}(n^2)$ queries on an exponential size data universe, and one that answers exponentially many queries on a data universe of size $\tilde{\Omega}(n^2)$.

Our proofs build on the connection between hardness results in differential privacy and traitor-tracing schemes (Dwork et al., STOC'09; Ullman, STOC'13). We prove our hardness result for a polynomial size query set (resp., data universe) by showing that they follow from the existence of a special type of traitor-tracing scheme with very short ciphertexts (resp., secret keys), but very weak security guarantees, and then constructing such a scheme.
We show how to transform any semantically secure encryption scheme into a non-malleable one, with a black-box construction that achieves a quasi-linear blow-up in the size of the ciphertext. This improves upon the previous non-black-box construction of Pass, Shelat and Vaikuntanathan (Crypto '06). Our construction also extends readily to guarantee non-malleability under a bounded-CCA2 attack, thereby simultaneously improving on both results in the work of Cramer et al. (Asiacrypt '07).

Our construction departs from the oft-used paradigm of re-encrypting the same message with different keys and then proving consistency of encryption. Instead, we encrypt an encoding of the message; the encoding is based on an error-correcting code with certain properties of reconstruction and secrecy from partial views, satisfied, e.g., by a Reed-Solomon code.
The accuracy and the fast convergence of a leakage model are both essential components for the efficiency of side-channel analysis. Thus for efficient leakage estimation an evaluator is requested to pick a Probability Density Function (PDF) that constitutes the optimal trade-off between both aspects. In the case of parametric estimation, Gaussian templates are a common choice due to their fast convergence, given that the actual leakages follow a Gaussian distribution (as in the case of an unprotected device). In contrast, histograms and kernel-based estimations are examples for non-parametric estimation that are capable to capture any distribution (even that of a protected device) at a slower convergence rate. With this work we aim to enlarge the statistical toolbox of a side-channel evaluator by introducing new PDF estimation tools that fill the gap between both extremes. Our tools are designed for parametric estimation and can efficiently characterize leakages up to the fourth statistical moment. We show that such an approach is superior to non-parametric estimators in contexts where key-dependent information in located in one of those moments of the leakage distribution. Furthermore, we successfully demonstrate how to apply our tools for the (worst-case) information-theoretic evaluation on masked implementations with up to four shares, both in a profiled and non-profiled attack scenario. We like to remark that this flexibility capturing information from different moments of the leakage PDF can provide very valuable feedback for hardware designers to their task to evaluate the individual and combined criticality of leakages in their (protected) implementations.
ePrint Report Leakage-Abuse Attacks Against Searchable Encryption David Cash, Paul Grubbs, Jason Perry, Thomas Ristenpart
Schemes for secure outsourcing of client data with search capability are being increasingly marketed and deployed. In the literature, schemes for accomplishing this efficiently are called Searchable Encryption (SE). They achieve high efficiency with provable security by means of a quantifiable leakage profile. However, the degree to which SE leakage can be exploited by an adversary is not well understood. To address this, we present a characterization of the leakage profiles of in-the-wild searchable encryption products and SE schemes in the literature, and present attack models based on an adversarial server’s prior knowledge. Then we empirically investigate the security of searchable encryption by providing query recovery and plaintext recovery attacks that exploit these leakage profiles. We term these 'leakage-abuse attacks' and demonstrate their effectiveness for varying leakage profiles and levels of server knowledge, for realistic scenarios. Amongst our contributions are realistic active attacks which have not been previously explored.
Recently in two independent papers, Albrecht, Bai and Ducas and Cheon, Jeong and Lee presented two very similar attacks, that allow to break NTRU with larger parameters and GGH Multinear Map without zero encodings. They proposed an algorithm for recovering the NTRU secret key given the public key which apply for large NTRU modulus, in particular to Fully Homomorphic Encryption schemes based on NTRU. Hopefully, these attacks do not endanger the security of the NTRUE NCRYPT scheme, but shed new light on the hardness of this problem. The basic idea of both attacks relies on decreasing the dimension of the NTRU lattice using the multiplication matrix by the norm (resp. trace) of the public key in some subfield instead of the public key itself. Since the dimension of the subfield is smaller, the dimension of the lattice decreases, and lattice reduction algorithm will perform better. Here, we revisit the attacks on NTRU and propose another variant that is simpler and outperforms both of these attacks in practice. It allows to break several concrete instances of YASHE, a NTRU-based FHE scheme, but it is not as efficient as the hybrid method of Howgrave-Graham on concrete parameters of NTRU. Instead of using the norm and trace, we propose to use the multiplication by the public key in some subring and show that this choice leads to better attacks. We &#8730; can then show that for power of two cyclotomic fields, the time complexity is polynomialFinally, we show that, under heuristics, straightforward lattice reduction is even more efficient, allowing to extend this result to fields without non-trivial subfields, such as NTRU Prime. We insist that the improvement on the analysis applies even for relatively small modulus ; though if the secret is sparse, it may not be the fastest attack. We also derive a tight estimation of security for (Ring-)LWE and NTRU assumptions. when $q=2^{\Omega(\sqrt{n \log \log n})}$.
Cryptocurrencies like Bitcoin have proven to be very successful in practice and have gained lots of attention from the industries and the academia. The security of Bitcoin-like systems is based on the assumption that the majority of the computing power is under the control of honest players. However, this assumption has been seriously challenged recently and Bitcoin-like systems will fail when this assumption is broken.

We propose the first Bitcoin-like protocol that is secure in the presence of a malicious majority of computing power. On top of Bitcoin's brilliant ideas of utilizing the power of the honest miners, via their computing power together with blocks, to secure the blockchain, we further leverage the power of the honest users, via their coins together with transactions, to achieve this goal. In particular, we propose a novel strategy for selecting the best blockchain from many competing chains by carefully comparing coins in these blockchains. In addition, we rigorously prove important security properties of our protocol in an extension of the blockchain analysis framework by Garay et al [Eurocrypt 2015].
Most masking schemes used as a countermeasure against side-channel analysis attacks require an extensive amount of fresh random bits on the fly. This is burdensome especially for lightweight cryptosystems. Threshold implementations (TIs) that are secure against firstorder attacks have the advantage that fresh randomness is not required if the sharing of the underlying function is uniform. However, finding uniform realizations of nonlinear functions that also satisfy other TI properties can be a challenging task. In this paper, we discuss several methods that advance the search for uniformly shared functions for TIs. We focus especially on three-share implementations of quadratic functions due to their low area footprint. Our methods have low computational complexity even for 8-bit Boolean functions.
This paper describes highly-optimized AES-{128, 192, 256}-CTR assembly implementations for the popular ARM Cortex-M3 and M4 embedded microprocessors. These implementations are about twice as fast as existing implementations. Additionally, we provide the fastest bitsliced constant-time and masked implementations of AES-128-CTR to protect against timing attacks, power analysis and other (first-order) side-channel attacks. All implementations, including an architecture-specific instruction scheduler and register allocator, which we use to minimize expensive loads, are released into the public domain.
ePrint Report Tuple lattice sieving Shi Bai, Thijs Laarhoven, Damien Stehlé
Lattice sieving is asymptotically the fastest approach for solving the shortest vector problem (SVP) on Euclidean lattices. All known sieving algorithms for solving SVP require space which (heuristically) grows as $2^{0.2075 n + o(n)}$, where $n$ is the lattice dimension. In high dimensions, the memory requirement becomes a limiting factor for running these algorithms, making them uncompetitive with enumeration algorithms, despite their superior asymptotic time complexity. We generalize sieving algorithms to solve SVP with less memory. We consider reductions of tuples of vectors rather than pairs of vectors as existing sieve algorithms do. For triples, we estimate that the space requirement scales as $2^{0.1887 n + o(n)}$. The naive algorithm for this triple sieve runs in time $2^{0.5661 n + o(n)}$. With appropriate filtering of pairs, we reduce the time complexity to $2^{0.4812 n + o(n)}$ while keeping the same space complexity. We further analyze the effects of using larger tuples for reduction, and conjecture how this provides a continuous tradeoff between the memory-intensive sieving and the asymptotically slower enumeration.
Elliptic Curve Cryptography (ECC) has gained much recognition over the last decades and has established itself among the well known public-key cryptography schemes, not least due its smaller key size and relatively lower computational effort compared to RSA. The wide employment of Elliptic Curve Cryptography in many different application areas has been leading to a variety of implementation types and domains ranging from pure software approaches over hardware implementations to hardware/software co-designs. The following review provides an overview of state of the art hardware implementations of ECC, specifically in regard to their targeted design goals. In this context the suitability of the hardware/software approach in regard to the security challenges opposed by the low-end embedded devices of the Internet of Things is briefly examined. The paper also outlines ECC’s vulnerability against quantum attacks and references one possible solution to that problem.
19 July 2016
Job Posting Research and teaching assistants Goethe University Frankfurt
The chair of mobile business and multilateral security has multiple open positions for research and teaching assistants leading to a PhD degree. The candidates will work with BMBF projects, therefore fluency of German language is mandatory.

Closing date for applications: 27 July 2016

Contact: Prof. Dr. Kai Rannenberg

Job Posting Ph.D. position (structured Ph.D.), 3 years Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany
Research Training Group “UbiCrypt – Cryptography in Ubiquitous Computing”

The Horst Görtz Institute for IT-Security (HGI) at Ruhr-University Bochum is one of Europe’s leading research centers in IT security. The DFG, or German Research Foundation, awarded more than €4 million to the HGI for the establishment of the interdisciplinary research training group “New Challenges for Cryptography in Ubiquitous Computing”. We are looking for a candidate with outstanding Master/Diplom in the fields of computer science, electrical engineering, mathematics or related areas.

The research training group will study problems which are fundamental for securing the Internet of Things. The research is structured in three levels: cryptographic primitives, device and system level. The research topics range from cryptographic foundations such as fully homomorphic encryption for privacy in cloud computing, over security for medical implants to internet security solutions involving new national ID cards. A central goal of the doctoral training is an interdisciplinary and structured education at the highest scientific level. Establishing networks to top internationally research groups is part of the training.

A group of internationally renowned researchers together with excellent funding provides an extremely interesting scientific environment. The HGI is known for its good working atmosphere.

- Start: earliest possible

- Competitive salary (TV-L 13)

- Application: Send your documents by August 7, 2016, to grako (at) hgi.rub.de

- Required Documents: CV, certificates, transcript (Master or Diplom), motivation for applying (1 page), names of at least two people who can provide reference letters (email addresses are sufficient)

Further information: www.ubicrypt.org

Closing date for applications: 7 August 2016

18 July 2016
We study the question of how to build "compilers" that transform a unilaterally authenticated (UA) key-exchange protocol into a mutually-authenticated (MA) one. We present a simple and efficient compiler and characterize the UA protocols that the compiler upgrades to the MA model, showing this to include a large and important class of UA protocols. The question, while natural, has not been studied widely. Our work is motivated in part by the ongoing work on the design of TLS 1.3, specifically the design of the client authentication mechanisms including the challenging case of post-handshake authentication. Our approach supports the analysis of these mechanisms in a general and modular way, in particular aided by the notion of "functional security" that we introduce as a generalization of key exchange models and which may be of independent interest.
ePrint Report Keymill: Side-Channel Resilient Key Generator Mostafa Taha, Arash Reyhani-Masoleh, Patrick Schaumont
In the crypto community, it is widely acknowledged that any cryptographic scheme that is built with no countermeasure against side-channel analysis (SCA) can be easily broken. In this paper, we challenge this intuition. We investigate a novel approach in the design of cryptographic primitives that promotes inherent security against side-channel analysis without using redundant circuits. We propose Keymill, a new keystream generator that is immune against SCA attacks. Security of the proposed scheme depends on mixing key bits in a special way that expands the size of any useful key hypothesis to the full entropy, which enables SCA-security that is equivalent to the brute force. Doing so, we do not propose a better SCA countermeasure, but rather a new one. The current solution focuses exclusively on side-channel analysis and works on top of any unprotected block cipher for mathematical security. The proposed primitive is generic and can turn any block cipher into a protected mode using only 775 equivalent NAND gates, which is almost half the area of the best countermeasure available in the literature.
ePrint Report Differential Fault Analysis of SHA3-224 and SHA3-256 Pei Luo, Yunsi Fei, Liwei Zhang, A. Adam Ding
The security of SHA-3 against different kinds of attacks are of vital importance for crypto systems with SHA-3 as the security engine. In this paper, we look into the differential fault analysis of SHA-3, and this is the first work to conquer SHA3-224 and SHA3-256 using differential fault analysis. Comparing with one existing related work, we relax the fault models and make them realistic for different implementation architectures. We analyze fault propagation in SHA-3 under such single-byte fault models, and propose to use fault signatures at the observed output for analysis and secret retrieval. Results show that the proposed method can effectively identify the injected single-byte faults, and then recover the whole internal state of the input of last round $\chi$ operation ($\chi^{22}_i$) for both SHA3-224 and SHA3-256.
ePrint Report From 5-pass MQ-based identification to MQ-based signatures Andreas Hülsing, Joost Rijneveld, Simona Samardjiska, Peter Schwabe
This paper presents MQDSS, the first signature scheme with a security reduction based on the problem of solving a multivariate system of quadratic equations (MQ problem). In order to construct this scheme we give a new security reduction for the Fiat-Shamir transform from a large class of $5$-pass identification schemes and show that a previous attempt from the literature to obtain such a proof does not achieve the desired goal. We give concrete parameters for MQDSS and provide a detailed security analysis showing that the resulting instantiation MQDSS-31-64 achieves $128$ bits of post-quantum security. Finally, we describe an optimized implementation of MQDSS-31-64 for recent Intel processors with full protection against timing attacks and report benchmarks of this implementation.
We prove the related-key security of the Iterated Even-Mansour cipher under broad classes of related key derivation (RKD) functions. Our result extends the classes of RKD functions considered by Farshim and Procter (FSE, 15). Moreover, we present a far simpler proof which uses techniques similar to those used by Cogliati and Seurin (EUROCRYPT, 15) in their proof that the four-round Even-Mansour cipher is secure against XOR related-key attacks---a special case of our result and the result of Farshim and Proctor. Finally, we give a concrete example of a class of RKD functions covered by our result which does not satisfy the requirements given by Farshim and Procter and prove that the three-round Even-Mansour cipher is secure against this class of RKD functions.
ePrint Report Memory Erasability Amplification Jan Camenisch, Robert R. Enderlein, Ueli Maurer
Erasable memory is an important resource for designing practical cryptographic protocols that are secure against adaptive attacks. Many practical memory devices such as solid state drives, hard disks, or file systems are not perfectly erasable because a deletion operation leaves traces of the deleted data in the system. A number of methods for constructing a large erasable memory from a small one, e.g., using encryption, have been proposed. Despite the importance of erasable memory in cryptography, no formal model has been proposed that allows one to formally analyse such memory constructions or cryptographic protocols relying on erasable memory.

The contribution of this paper is three-fold. First, we provide a formal model of erasable memory. A memory device allows a user to store, retrieve, and delete data, and it is characterised by a leakage function defining the extent to which erased data is still accessible to an adversary.

Second, we investigate how the erasability of such memories can be amplified. We provide a number of constructions of memories with strong erasability guarantees from memories with weaker guarantees. One of these constructions of perfectly erasable memories from imperfectly erasable ones can be considered as the prototypical application of Canetti et al.'s All-or-Nothing Transform (AoNT). Motivated by this construction, we propose some new and better AoNTs that are either perfectly or computationally secure. These AoNTs are of possible independent interest.

Third, we show (in the constructive cryptography framework) how the construction of erasable memory and its use in cryptographic protocols (for example to achieve adaptive security) can naturally be composed to obtain provable security of the overall protocol.
The single cycle T-function is a particular permutation function with complex algebraic structures, maximum period and efficient implementation in software and hardware. In this paper, on the basis of existing methods, we present a new construction using a class of single cycle T-functions meeting certain conditions to construct a family of new single cycle T-functions, and we also give the numeration lower bound for the newly constructed single cycle T-functions.
One of the key questions in contemporary applied cryptography is whether there exist an efficient algorithm for solving the discrete logarithm problem in elliptic curves. The primary approach for this problem is to try to solve a certain system of polynomial equations. Current attempts try to solve them directly with existing software tools which does not work well due to their very loosely connected topology and illusory reliance on degree falls. A deeper reflection on what makes systems of algebraic equations efficiently solvable is missing. In this paper we propose a new approach for solving this type of polynomial systems which is radically diff erent than current approaches. We carefully engineer systems of equations with excessively dense topology obtained from a complete clique/biclique graphs and hypergraphs and unique special characteristics. We construct a sequence of systems of equations with a parameter K and argue that asymptotically when K grows the system of equations achieves a high level of saturation with lim_{K\to\infty} F/T = 1 which allows to reduce the "regularity degree" and makes that polynomial equations over finite fields may become efficiently solvable.
Silent Text, the instant messaging application by the company Silent Circle, provides its users with end-to-end encrypted communication on the Blackphone and other smartphones. The underlying protocol, SCimp, has received many extensions during the update to version 2, but has not been subjected to critical review from the cryptographic community. In this paper, we analyze both the design and implementation of SCimp by inspection of the documentation (to the extent it exists) and code. Many of the security properties of SCimp version 1 are found to be secure, however many of the extensions contain vulnerabilities and the implementation contains bugs that affect the overall security. These problems were fed back to the SCimp maintainers and some bugs were fixed in the code base. In September 2015, Silent Circle replaced SCimp with a new protocol based on the Signal Protocol.
Job Posting Research Assistants (PhD or Postdoc) Technische Universität Darmstadt, Germany

The Department of Computer Science of the Technische Universität Darmstadt invites applications for positions of

Research Assistants in Cryptography and Complexity Theory

both on doctoral and postdoctoral level, in the group of Professor Marc Fischlin. The positions are funded through various research projects, all in the area of complexity-based cryptography. These are: SecOBig for secure computation on Big Data, CROSSING about signature schemes supporting special operations, and CRISP about secure channels. More information about the projects and our research is available under www.cryptoplexity.de.

The starting date is immediate. The initial funding for the positions is for approximately two years, but the contract should be renewable, based upon availability of funding. Candidates are expected to perform scientific research in the areas of the projects, and to contribute to the teaching, research, and administrative tasks of the group.

Requirements: Master’s degree (or equivalent) in Computer Science, Mathematics, or a similar discipline; extensive knowledge in the areas of cryptography and IT security, for postdoctoral candidates proven in the form of publications in these areas; fluent English language skills; experience in IT system administration is welcome

Applications should include: a curriculum vitae, including references; copies of relevant diplomas and certificates; copies of 3 selected publications (for postdoctoral candidates) or, alternatively, a research statement.

The application data should be bundled into a single PDF file. Applications and enquires should be sent to: jobs (at) cryptoplexity.de. Applications should be received no later than September 30th, 2016, but review of applications will begin immediately on a rolling basis, and the positions may be filled earlier.

Closing date for applications: 30 September 2016

Contact: jobs (at) cryptoplexity.de

Job Posting Two Positions of Full Professorships (W3) Cybersecurity Technische Universität Darmstadt, Germany
We are looking for an experienced researcher with excellent scientific credentials, international visibility through publications and projects and substantial experience in the acquisition of external research funding. In particular, we are looking for a person with a distinguished research profile in cybersecurity, e.g. in one of the following research areas: Cryptography, Formal Foundations of IT-Security, Network Security, Security of Complex Software Systems, Security of Embedded Systems.

Closing date for applications: 31 August 2016

Contact: Informal enquiries by email may be addressed to Professor Johannes Buchmann: buchmann (at) cdc.informatik.tu-darmstadt.de

16 July 2016
Job Posting Research Associate (Post-Doc) University College London
We welcome applications for a position as postdoctoral researcher in cryptography. The successful candidate will work with Sarah Meiklejohn, George Danezis and Jens Groth on zero-knowledge proofs and privacy enhancement of distributed ledgers. The post has a flexible starting date and an initial duration of 2 years. Candidates must have (or be about to receive) a PhD.

University College London is one of Europe\'s highest ranked universities and recognized by the EPSRC and GCHQ as an Academic Centre of Excellence in Cyber Security Research. The Department of Computer Science is ranked as the best in the UK and is located at UCL\'s main campus in the centre of London.

Closing date for applications: 5 August 2016

Contact: Informal enquiries can be sent to Jens at j.groth AT ucl.ac.uk

Associate professor position in the field of Computer Security, offered by the Universitat Rovira i Virgili (Dept. Computer Engineering and Mathematics) within the Serra Húnter Programme (http://serrahunter.gencat.cat/en/index.html)

Description:

The Serra Húnter Programme (SHP) will offer 71 contracts in Catalan public universities (Spain). Associate professor: Implies proven ability to teach and undertake research. This is the first of the upper-level categories under permanent contract. In order to be hired as such, one must hold a doctoral qualification, three years of accredited teaching and research activity, and an accreditation in research from the Catalan University Quality Assurance Agency.

Nr of positions available : 1

Research Fields: Computer science - Other

Career Stage: Experienced researcher or 4-10 yrs (Post-Doc)

Research Profiles: Established Researcher (R3)and Leading Researcher (R4)

Benefits: Successful candidates will be hired by a Catalan university, and they are expected to cooperate with existing research groups or to develop new lines of research, complementary to those already in place. Salaries will be set according to Catalan university regulations. However, subject to negotiation, a salary supplement may be considered for those candidates with outstanding scientific experience, or start-up grants may be awarded in those cases where it is deemed appropriate.

Other job details

Type of Contract: Permanent

Status: Full-time

Working Hours (hours per week or free text): 37,5

Company/Institute: Universitat Rovira i Virgili

Country: SPAIN

City: Tarragona

Postal Code: 43003

Closing date for applications: 15 September 2016

Contact: Serra Húnter Programme

Via Laietana, 2

08005 - Barcelona

SPAIN

Associate professor position in the field of Computer Security, offered by the Universitat Rovira i Virgili (Dept. of Computer Engineering and Mathematics) within the Serra Húnter Programme (http://serrahunter.gencat.cat/en/index.html)

Description:

The Serra Húnter Programme (SHP) will offer 71 contracts in Catalan public universities (Spain). Associate professor: Implies proven ability to teach and undertake research. This is the first of the upper-level categories under permanent contract. In order to be hired as such, one must hold a doctoral qualification, three years of accredited teaching and research activity, and an accreditation in research from the Catalan University Quality Assurance Agency.

Nr of positions available : 1

Research Fields: Computer science - Other

Career Stage: Experienced researcher or 4-10 yrs (Post-Doc)

Research Profiles: Established Researcher(R3)and Leading Researcher (R4)

Benefits:

Successful candidates will be hired by a Catalan university, and they are expected to cooperate with existing research groups or to develop new lines of research, complementary to those already in place. Salaries will be set according to Catalan university regulations. However, subject to negotiation, a salary supplement may be considered for those candidates with outstanding scientific experience, or start-up grants may be awarded in those cases where it is deemed appropriate.

Type of Contract: Permanent

Status: Full-time

Working Hours (hours per week): 37,5

Company/Institute: Universitat Rovira i Virgili

Country: SPAIN

City: Tarragona

Postal Code: 43003

Closing date for applications: 15 September 2016

Contact: Serra Húnter Programme

Via Laietana, 2

08005 - Barcelona

SPAIN

email serrahunter (at) gencat.cat

http://serrahunter.gencat.cat/en/index.html