International Association for Cryptologic Research

IACR News Central

Here you can see all recent updates to the IACR webpage. These updates are also available:

Now viewing news items related to:

6 December 2017
L’Institut de Mathématiques de l’Université de Neuchâtel annonce la mise au concours de

Deux postes de maître-assistant(e) à 80%

Entrée en fonction : 1er août 2018

Durée d’engagement: 4 ans

Exigences légales : être titulaire d’un doctorat, depuis au plus 10 ans. (Une expérience post-doctorale, bien que souhaitée, n’est pas exigée).

Cahier des charges :

- enseignement en Bachelor et Master (en moyenne 3 heures/semaine). Non French speakers will be given one year to reach a level sufficient to teach in French.

- encadrement de thèses de Master en Mathématiques

- recherche intégrée dans une des six équipes de recherches de l’Institut : voir les thématiques sur

- participation à la vie de l’Institut (organisation de séminaires…)

Le dossier de candidature comprendra : un CV avec liste de publications, et un projet de recherches limité à 5 pages. Les candidatures seront adressées à Prof. Alain Valette, directeur de l’Institut : alain.valette (at) . Délai de candidature : 31 décembre 2017. Les candidat(e)s feront également envoyer deux lettres de références à la même adresse, avant le 15 janvier 2018.

Closing date for applications: 31 December 2017

Contact: Alain Valette (institute director) alain.valette (at)

More information:

A PhD student position with scholarship is available at the Department of Computer Science, University of York, UK, to work on Secure and Usable Human Verification of Machine-Assisted Cryptography.

The project aims to explore solutions with applications in various domains such as electronic voting systems (e.g. using direct recording electronic (DRE) machines) and end-to-end encrypted instant messaging protocols such as Signal (deployed widely, e.g. in WhatsApp, Facebook Messenger, and Google Allo).

The project is expected to investigate solutions from both the security and usability perspectives, and therefore students with background in at least one, and interest in both areas of cryptography and human-computer interaction, are sought.

Scholarships are available for both UK/EU and non-UK/EU students (under two different schemes) and are decided through a competitive process within the department.

The project will be supervised jointly by Dr. Siamak F. Shahandashti and Prof. Helen Petrie, and will start in October 2018. Deadline for applications is 19 January 2018.

More information about the project, the scholarship schemes, and the application process is available through the link provided below. For any further enquiries please get in touch.

Closing date for applications: 19 January 2018

Contact: Dr. Siamak F. Shahandashti: siamak.shahandashti (at)

More information:

Job Posting PhD student Universitat Pompeu Fabra, Barcelona, Spain
Applications are invited for a PhD position in the field of cryptography at the Department of Information and Communication Technologies at Universitat Pompeu Fabra in Barcelona, Spain, to be co-supervised by Dr. Vanesa Daza and Dr. Carla Ràfols. The topic of research are cryptographic protocols for blockchain technologies, with a special focus on Zero-Knowledge Proofs. The starting date will be around September 2018.

Only outstanding candidates which satisfy international mobility criteria will be considered (i.e. the applicant should not have resided or carried out their main activity in Spain for more than 12 months in the 3 years immediately prior to the recruitment date).

The contract will be for 3 years with a gross salary of €34,800, plus other advantages.

The candidate should hold or be about to receive a master\'s degree by September 2018 in computer science, mathematics or a related area. Specialization in cryptography (demonstrated by a relevant MSc) will be positively evaluated.

Interested candidates should send a motivation letter, a short CV, the grade transcripts of  undergraduate studies and master (if finished)  and two names of references at cryptophdapplications (at)

Closing date for applications: 15 January 2018

Contact: Carla Ràfols, Universitat Pompeu Fabra.

5 December 2017
This paper presents a new hard problem for use in cryptography, called Short Solutions to Nonlinear Equations (SSNE). This problem generalizes the Multivariate Quadratic (MQ) problem by requiring the solution be short; as well as the Short Integer Solutions (SIS) problem by requiring the underlying system of equations be nonlinear. The joint requirement causes common solving strategies such as lattice reduction or Gröbner basis algorithms to fail, and as a result SSNE admits shorter representations of equally hard problems. We show that SSNE can be used as the basis for a provably secure hash function. Despite failing to find public key cryptosystems relying on SSNE, we remain hopeful about that possibility.
ePrint Report Efficient Optimal Ate Pairing at 128-bit Security Level Md. Al-Amin Khandaker, Yuki Nanjo, Loubna Ghammam, Sylvain Duquesne, Yasuyuki Nogami, Yuta Kodera
Following the emergence of Kim and Barbulescu's new number field sieve (exTNFS) algorithm at CRYPTO'16 [21] for solving discrete logarithm problem (DLP) over the finite field; pairing-based cryptography researchers are intrigued to find new parameters that confirm standard security levels against exTNFS. Recently, Barbulescu and Duquesne have suggested new parameters [3] for well-studied pairing-friendly curves i.e., Barreto-Naehrig (BN) [5], Barreto-Lynn-Scott (BLS-12) [4] and Kachisa-Schaefer-Scott (KSS-16) [19] curves at 128-bit security level (twist and sub-group attack secure). They have also concluded that in the context of Optimal-Ate pairing with their suggested parameters, BLS-12 and KSS-16 curves are more efficient choices than BN curves. Therefore, this paper selects the atypical and less studied pairing-friendly curve in literature, i.e., KSS-16 which offers quartic twist, while BN and BLS-12 curves have sextic twist. In this paper, the authors optimize Miller's algorithm of Optimal-Ate pairing for the KSS-16 curve by deriving efficient sparse multiplication and implement them. Furthermore, this paper concentrates on the Miller's algorithm to experimentally verify Barbulescu et al.'s estimation. The result shows that Miller's algorithm time with the derived pseudo 8-sparse multiplication is most efficient for KSS-16 than other two curves. Therefore, this paper defends Barbulescu and Duquesne's conclusion for 128-bit security.
We address the problem of secure and verifiable delegation of general pairing computation. We first analyze some recently proposed pairing delegation schemes and present several attacks on their security and/or verifiability properties. In particular, we show that none of these achieve the claimed security and verifiability properties simultaneously. We then provide a fully verifiable secure delegation scheme ${\sf VerPair}$ under one-malicious version of a two-untrusted-program model (OMTUP). ${\sf VerPair}$ not only significantly improves the efficiency of all the previous schemes, such as fully verifiable schemes of Chevallier-Mames et al. and Canard {\em et al.} by eliminating the impractical exponentiation- and scalar-multiplication-consuming steps, but also offers for the first time the desired full verifiability property unlike other practical schemes. Furthermore, we give a more efficient and less memory consuming invocation of the subroutine ${\sf Rand}$ for ${\sf VerPair}$ by eliminating the requirement of offline computations of modular exponentiations and scalar-multiplications. In particular, ${\sf Rand}$ includes a fully verifiable partial delegation under the OMTUP assumption. The partial delegation of ${\sf Rand}$ distinguishes ${\sf VerPair}$ as a useful lightweight delegation scheme when the delegator is resource-constrained (e.g. RFID tags, smart cards or sensor nodes).
ePrint Report A Note on Stream Ciphers that Continuously Use the IV Matthias Hamann, Matthias Krause, Willi Meier
Time-memory-data tradeoff (TMD-TO) attacks limit the security level of many classical stream ciphers (like $E_0$, A5/1, Trivium, Grain) to $n/2$, where $n$ denotes the inner state length of the underlying keystream generator. This implies that to withstand TMD tradeoff attacks, the state size should be at least double the key size. In 2015, Armknecht and Mikhalev introduced a new line of research, which pursues the goal of reducing the inner state size of lightweight stream ciphers below this boundary by deploying a key-dependent state update function in a Grain-like stream cipher. Although their design Sprout was broken soon after publication, it has raised interest in the design principle, and a number of related ciphers have been suggested since, including Plantlet, a follow-up of Sprout, and the cipher Fruit.

In 2017, Hamann et al. showed that the initial hope of achieving full security against TMD-TO attacks by continuously using the secret key has failed. In particular, they demonstrated that there are generic distinguishing attacks against such ciphers with a complexity significantly smaller than that of exhaustive key search. However, by studying the assumptions underlying the applicability of these attacks, they came up with a new design idea for small-state stream ciphers, which is based on also continuously using the public IV as part of the state update. The authors conjectured that this design principle might allow to finally achieve full security against TMD-TO attacks.

In this note, we take their idea one step further. While Hamann et al. aimed for improving the security of small-state stream ciphers that continuously use the secret key against distinguishing, we explain here that also other stream cipher constructions can benefit from continuously using the IV. In particular, our approach allows for thwarting the well-known TMD-TO inner state recovery attacks of Babbage and Biryukov and Shamir without using the secret key more than once.
ePrint Report Attacks on the AJPS Mersenne-based cryptosystem Koen de Boer, Léo Ducas, Stacey Jeffery, Ronald de Wolf
Aggarwal, Joux, Prakash and Santha recently introduced a new potentially quantum-safe public-key cryptosystem, and suggested that a brute-force attack is essentially optimal against it. They consider but then dismiss both Meet-in-the-Middle attacks and LLL-based attacks. Very soon after their paper appeared, Beunardeau et al.\ proposed a practical LLL-based technique that seemed to significantly reduce the security of the AJPS system. In this paper we do two things. First, we show that a Meet-in-the-Middle attack can also be made to work against the AJPS system, using locality-sensitive hashing to overcome the difficulty that Aggarwal et al.\ saw for such attacks. We also present a quantum version of this attack. Second, we give a more precise analysis of the attack of Beunardeau et al., confirming and refining their results.
Logic encryption is a hardware security technique that uses extra key inputs to prevent unauthorized use of a circuit. With the discovery of the SAT-based attack, new encryption techniques such as SARLock and Anti-SAT are proposed, and further combined with traditional logic encryption techniques, to guarantee both high error rates and resilience to the SAT-based attack. In this paper, the SAT-based bit-flipping attack is presented. It first separates the two groups of keys via SAT-based bit-flippings, and then attacks the traditional encryption and the SAT-resilient encryption, by conventional SAT-based attack and by-passing attack, respectively. The experimental results show that the bit-flipping attack successfully returns a circuit with the correct functionality and significantly reduces the executing time compared with other advanced attacks.
A range of zero-permission sensors are found in modern smartphones to enhance user experience. These sensors can lead to unintentional leakage of user private data. In this paper, we combine leakage from a pool of zero-permission sensors, to reconstruct user's secret PIN. By harvesting the power of machine learning algorithms, we show a practical attack on the full four-digit PIN space. Able to classify all 10,000 PIN combinations, results show up to 83.7\% success within 20 tries in a single user setting. Latest previous work demonstrated 74\% success on a reduced space of 50 chosen PINs, where we report 99.5\% success with a single try in a similar setting. Moreover, we extend the PIN recovery attack from a single user to a cross-user scenario. Firstly, we show that by training on several users, the PIN recovery success can be boosted, when a target user is part of the training pool. On the other hand, PIN recovery is still possible when training pool is mutually exclusive to the target user, albeit with low success rate.
2 December 2017
Job Posting Research Fellow Institute of Computer Science, University of Tartu, Tartu, Estonia
The cryptography group (more precisely, the group of cryptographic protocols, led by Helger Lipmaa) at the Institute of Computer Science of the University of Tartu seeks a research fellow in cryptography. The position will be permanent, but initially, the salary is guaranteed for five years (up to the end of the year 2022). The person, once hired, will be expected to help the group leader to apply for additional grants. The teaching load will be minimal. In the case of an excellent candidate, an early promotion is possible.

The successful candidate must have a Ph.D. and a strong track record in cryptography, but there are no other formal requirements. The salary will depend on the experience and strength of the applicant. We expect research experience in cryptographic protocol design (including but not only zero knowledge, e-voting, privacy-preserving data mining and machine learning, blockchain, secure computation). Interests in various codes used in cryptographic contexts (e.g., non-malleable, locally decodable, locally recoverable, locally testable, batch, PIR, or just error-correction codes) are appreciated.

The group of Lipmaa currently hires 5 more researchers, and more people will be hired in the near future. The department also has a quantum cryptography group (led by Dominique Unruh).

For any inquiries or to apply for the position, submit a full research curriculum vitae (cv), names of two references, and a research statement to Prof Helger Lipmaa starting your email subject line with [Research fellow].

The call for expressions of interest will remain open end of January, but we encourage to contact us before January 15.

Closing date for applications: 26 January 2018

Contact: Helger Lipmaa, lead research fellow, helger.lipmaa (at)

More information:

Job Posting Research Scientist in Post-Quantum Cryptography Temasek Laboratories, National University of Singapore

Temasek Laboratories at National University of Singapore, Singapore is seeking highly motivated professionals in conducting research in the area of post-quantum cryptography.

Applicants are expected to have a PhD degree in Mathematics/Computer Science and a strong background in algebra and number theory in Bachelor degree or higher degree courses.

A preferred candidate is expected to be proficient in Magma or SAGE package, a team worker and able to conduct independent research.

Interested candidates kindly email their CV to Dr Chik How Tan tsltch (at)

Closing date for applications: 28 February 2018

Contact: Dr Tan Chik How tsltch (at)

Job Posting Ph.D. students Oregon State University
We are looking for hardworking and self-driven PhD students to work in the areas of applied cryptography beginning from Fall 2018. OSU offers a competitive salary with an excellent working environment, all within a close proximity of high-tech industry and natural beauties of Oregon. Portland area (closeby) is known as Silicon Forest, and harbors major tech and research companies (e.g., Intel, HP, Galois, Siemens, Google, etc.). The qualified candidate will have opportunities for research internship and joint-projects with lead-industrial companies. Potential topics include:

Trustworthy Unmanned Aerial Systems

• New cryptographic frameworks to protect aerial drones

• Cryptographic policy enforcement for lawful interception via trusted execution environments and OS security mechanisms

Trustworthy Machine Learning (TML)

• Privacy-Preserving Machine Learning

• Harnessing trusted-hardware and hardware-acceleration for TML

Breach-Resilient Cyber-Infrastructures:

• New searchable encryption and Oblivious RAM schemes

• Augmentation of privacy enhancing technologies with trusted execution environments

Secure and Reliable Internet of Things and Systems (IoTs)

• Post-Quantum public key infrastructure for IoT

• Light-weight cryptography for medical devices

The candidate should fulfill the following requirements:

• A BS degree in computer science, electrical engineering or mathematics with a high-GPA.

• Very good programming skills (e.g., C, C++), familiarity with OS/Systems.

• Good Academic Writing and Presentation Skills.

• MS degree in computer science, electrical engineering or mathematics is a big plus. Publications in security and privacy are highly desirable.

Please send (by e-mail) the following documents: (i) Transcripts, (ii) Curriculum vitae , (iii) Three reference letters, (iv) Research statement, (v) GRE and TOEFL/IELTS scores

Please see:

Closing date for applications: 15 January 2018

Contact: Dr. Attila A. Yavuz

attila.yavuz (at)

SYmmetric and Lightweight cryptography Lab (SYLLAB) at Nanyang Technological University (NTU), Singapore, is seeking highly motivated candidates for 2 research fellow positions (from fresh post-docs to senior research fellows) in the areas of symmetric key cryptography and machine learning. The research team will be supported by a Temasek Laboratories funding from Singapore. Salaries are competitive and are determined according to the successful applicants accomplishments, experience and qualifications. Interested applicants should send their detailed CVs, cover letter and references to Prof. Thomas Peyrin (thomas.peyrin (at)

Candidates are expected to have a strong backgroung in symmetric-key cryptography and/or machine learning, with good experience in programming with C/C++ and/or Python.

Review of applications starts immediately and will continue until positions are filled (ideally, the positions would start early 2018).

Closing date for applications: 31 March 2018

Contact: Thomas Peyrin - thomas.peyrin (at)

SYmmetric and Lightweight cryptography Lab (SYLLAB) at Nanyang Technological University (NTU), Singapore, is seeking highly motivated candidates for 2 Ph.D. student positions in the areas of symmetric key cryptography and machine learning. Interested applicants should send their detailed CVs, cover letter and references to Prof. Thomas Peyrin (thomas.peyrin (at) preferably as soon as possible and before end of March 2018 (the 4-year PhD scholarships are to start in August 2018).

Candidates are expected to have a strong backgroung in computer science and mathematics, with some experience in programming with C/C++ and/or Python. Experience with machine learning software libraries is a plus.

More information about graduate admissions at NTU can be found here:

Closing date for applications: 31 March 2018

Contact: Thomas Peyrin - thomas.peyrin (at)

1 December 2017
ePrint Report Itsuku: a Memory-Hardened Proof-of-Work Scheme Fabien Coelho, Arnaud Larroche, Baptiste Colin
Proof-of-Work (PoW) schemes allow to limit access to resources or to share rewards for crypto-currency mining. The MTP-Argon2 PoW by Biryukov and Khovratovich is loosely based on the Argon2 memory-hard password hashing function. Several attacks have been published. We introduce a new transposed parallel implementation attack which achieves higher performance by circumventing apparent bandwidth requirements. We then present Itsuku, a new scheme that fixes known issues by changing MTP-Argon2 parameters and adds new operations to improve memory hardness. Our scheme is built on a simple security criterion: any implementation which requires half the memory or less should induce at least a times-64 computation cost for difficulty d <= 100. The Itsuku proof size is typically 1/16 th of the initial scheme, while providing better memory hardness. We also describe high-end hardware designs for MTP-Argon2 and Itsuku.
30 November 2017
ePrint Report Cryptocurrency Voting Games Sanjay Bhattacherjee, Palash Sarkar
This work shows that weighted majority voting games occur in cryptocurrencies. In particular, two such games are highlighted. The first game, which we call the Rule Game, pertains to the scenario where the entities in the system engage in a voting procedure to accept or reject a change of rules. The second game, which we call the Attack Game, refers to the scenario where a group of entities in a cryptocurrency system can form a coalition to engage in double spending. For the Rule Game we provide analysis to argue that the Coleman’s preventive power measure is the appropriate tool for measuring a player’s influence in the game while for the Attack Game, we define a notion of stability based on the notion of minimal winning coalitions. For both the Rule Game and the Attack Game, we show how to analyse the games based on a snapshot of real world data for Bitcoin which is presently the most popular of all the cryptocurrencies.
Bit permutations are a common choice for diffusion function in lightweight block ciphers, owing to their low implementation footprint. In this paper, we present a novel Side-Channel Assisted Differential-Plaintext Attack (SCADPA), exploiting specific vulnerabilities of bit permutations. SCADPA is a chosen-plaintext attack, knowledge of the ciphertext is not required. Unlike statistical methods, commonly used for distinguisher in standard power analysis, the proposed method is more differential in nature. The attack shows that diffusion layer can play a significant role in distinguishing the internal cipher state. We demonstrate how to practically exploit such vulnerability to extract the secret key. Results on microcontroller-based PRESENT-80 cipher lead to full key retrieval using as low as 17 encryptions. It is possible to automate the attack by using a thresholding method detailed in the paper. Several case studies are presented, using various attacker models and targeting different encryption modes (such as CTR and CBC). We provide a discussion on how to avoid such attack from the design point of view.
Adaptive security embodies one of the strongest notions of security that allows an adversary to corrupt parties at any point during protocol execution and gain access to its internal state. Since it models real-life situations such as "hacking", adaptively-secure multiparty computation (MPC) protocols are desirable. Such protocols demand primitives such as oblivious transfer (OT) and commitment schemes that are adaptively-secure as building blocks. Efficient realisations of these primitives have been found to be challenging when no erasures is assumed. In this paper, we provide efficient constructions for these primitives that are Universally-Composable.

$Adaptively-Secure$ $Oblivious$ $Transfer.$ We present the first $round$ $optimal$ adaptively-secure OT based on the 2-round static OT protocol of $Peikert$ et al. (Crypto 2008). Our protocol is in the programmable random oracle (PRO) model. It incurs a minimal communication overhead of one $\kappa$ bit string and computational overhead of 5 random oracle queries over its static counterpart, where $\kappa$ is the security parameter. Additionally, we present a construction of adaptively-secure 1-out-of-$N$ OT by extending the result of $Naor$ et al. (Journal of Cryptology 2005) that transforms $\log N$ copies of 1-out-of-2 OTs to one 1-out-of-$N$ OT. Based on PRO assumption, we prove that the transformation is adaptively-secure at the expense of $\mathcal{O}(\log N)$ exponentiations whereas, the existing state-of-the-art protocols for adaptively-secure 1-out-of-$N$ OT incur at least $\mathcal{O}(N)$ exponentiations. Interestingly, it can be established that our transformation continues to be adaptively-secure, despite replacing the adaptively-secure 1-out-of-2 OTs in the above result with statically-secure OTs, that support equivocation of receiver's view irrespective of equivocation of sender's view.

$Adaptively-Secure$ $Commitment$ $Scheme.$ We provide a $round$ $optimal$ non-interactive commitment scheme (NICOM) based on the observable random oracle (ORO) assumption in the CRS model. Our construction incurs communication of 4$\kappa$ bit strings and computation of 4 exponentiations and 2 random oracle queries for committing to an arbitrary length message. Additionally, we present a statically-secure scheme for one-time generation of CRS that can be reused for multiple commitments. This eliminates the need of a trusted CRS setup for the commitment scheme, thereby reducing the assumptions solely to ORO. The static version of our NICOM finds applications in secure two-party computation (2PC) protocols that adopt offline-online paradigm, where the CRS can be generated in the offline phase.
ePrint Report Chameleon: A Hybrid Secure Computation Framework for Machine Learning Applications M. Sadegh Riazi, Christian Weinert, Oleksandr Tkachenko, Ebrahim M. Songhori, Thomas Schneider, Farinaz Koushanfar
We present Chameleon, a novel hybrid (mixed-protocol) framework for secure function evaluation (SFE) which enables two parties to jointly compute a function without disclosing their private inputs. Chameleon combines the best aspects of generic SFE protocols with the ones that are based upon additive secret sharing. In particular, the framework performs linear operations in the ring $\mathbb{Z}_{2^l}$ using additively secret shared values and nonlinear operations using Yao's Garbled Circuits or the Goldreich-Micali-Wigderson protocol. Chameleon departs from the common assumption of additive or linear secret sharing models where three or more parties need to communicate in the online phase: the framework allows two parties with private inputs to communicate in the online phase under the assumption of a third node generating correlated randomness in an offline phase. Almost all of the heavy cryptographic operations are precomputed in an offline phase which substantially reduces the communication overhead. Chameleon is both scalable and significantly more efficient than the ABY framework (NDSS'15) it is based on. Our framework supports signed fixed-point numbers. In particular, Chameleon's vector dot product of signed fixed-point numbers improves the efficiency of mining and classification of encrypted data for algorithms based upon heavy matrix multiplications. Our evaluation of Chameleon on a 5 layer convolutional deep neural network shows 110x and 3.5x faster executions than Microsoft CryptoNets (ICML'16) and MiniONN (CCS'17), respectively.
ePrint Report MILP-aided Cryptanalysis of Round Reduced ChaCha Najwa Aaraj, Florian Caullery, Marc Manzano
The inclusion of ChaCha20 and Poly1305 into the list of supported ciphers in TLS 1.3 necessitates a security evaluation of those ciphers with all the state-of-the-art tools and innovative cryptanalysis methodologies. Mixed Integer Linear Programming (MILP) has been successfully applied to find more accurate characteristics of several ciphers such as SIMON and SPECK. In our research, we use MILP-aided cryptanalysis to search for differential characteristics, linear approximations and integral properties of ChaCha. We are able to find differential trails up to 2 rounds and linear trails up to 1 round. However, no integral distinguisher has been found, even for 1 round.
ePrint Report Kayawood, a Key Agreement Protocol Iris Anshel, Derek Atkins, Dorian Goldfeld, Paul E Gunnells
Public-key solutions based on number theory, including RSA, ECC, and Diffie-Hellman, are subject to various quantum attacks, which makes such solutions less attractive long term. Certain group theoretic constructs, however, show promise in providing quantum-resistant cryptographic primitives because of the infinite, non-cyclic, non-abelian nature of the underlying mathematics. This paper introduces Kayawood Key Agreement protocol (Kayawood, or Kayawood KAP), a new group-theoretic key agreement protocol, that leverages the known NP-Hard shortest word problem (among others) to provide an Elgamal-style, Diffie-Hellman-like method. This paper also (i) discusses the implementation of and behavioral aspects of Kayawood, (ii) introduces new methods to obfuscate braids using Stochastic Rewriting, and (iii) analyzes and demonstrates Kayawood's security and resistance to known quantum attacks.
4-bit Linear Relations play an important role in Cryptanalysis of 4-bit Bijective Crypto S-boxes. 4-bit finite differences also a major part of cryptanalysis of 4-bit substitution boxes. Count of existence of all 4-bit linear relations, for all of 16 input and 16 output 4-bit bit patterns of 4-bit bijective crypto S-boxes said as S-boxes has been reported in Linear Cryptanalysis of 4-bit S-boxes. Count of existing finite differences from each element of output S-boxes to distant output S-boxes have been noted in Differential Cryptanalysis of S-boxes. In this paper a brief review of these cryptanalytic methods for 4-bit S-boxes has been introduced in a very lucid and conceptual manner. Two new Analysis Techniques, one to search for the existing Linear Approximations among the input Boolean Functions (BFs) and output BFs of a particular 4-bit S-Box has also been introduced in this paper. The search is limited to find the existing linear relations or approximations in the contrary to count the number existent linear relations among all 16 4-bit input and output bit patterns within all possible linear approximations. Another is to find number of balanced 4-bit BFs in difference output S-boxes. Better the number of Balanced BFs, Better the security.
ePrint Report A Practical Cryptanalysis of WalnutDSA Daniel Hart, DoHoon Kim, Giacomo Micheli, Guillermo Pascual Perez, Christophe Petit, Yuxuan Quek
We present a practical cryptanalysis of WalnutDSA, a digital signature algorithm trademarked by SecureRF. WalnutDSA uses techniques from permutation groups, matrix groups, and braid groups, and is designed to provide post-quantum security in lightweight IoT device contexts. The attack given in this paper bypasses the E-Multiplication and cloaked conjugacy search problems at the heart of the algorithm and forges signatures for arbitrary messages in approximately two minutes. We also discuss potential countermeasures to the attack.
Job Posting Ph.D. Student and Post-Doc Positions University of Helsinki, Finland

Secure Systems group in University of Helsinki, Department of Computer Science, seeks Ph.D. students and Post-Docs to research optimisations of functional encryption schemes for hardware based implementations and to develop hardware (FPGA) designs for their efficient computation.

A candidate applying for a Ph.D. student position is expected to have completed a Master degree in computer science, electrical engineering or other relevant fields. Experience in cryptology, cryptographic engineering and/or hardware design are major advantages. Additionally, Post-Docs are expected to have finished their Ph.D. degrees by the beginning of the work contract and to have a good publication record in cryptography and/or hardware cryptographic engineering. Your host will be Dr. Kimmo Järvinen, Senior Researcher in Secure Systems group in Department of Computer Science.

The positions are part of Functional ENcryption TEChnology (FENTEC) which is a project within the Horizon 2020 Research Innovation Action that begins in January 2018 for a duration of 3 years. The project aims to advance the state of art in functional encryption and make the paradigm ready for a wide-spread integration in emerging technologies. The consortium consists of the academic partners Edinburg University, ENS Paris, Flensburg University, Helsinki University and KU Leuven as well as the industrial partners ATOS, Kudelski Group (former Nagravision), WALLIX and XLAB.

Please send your CV with a cover letter. Post-Docs are asked to add two letters of recommendation. The positions are vacant until they are filled.

Closing date for applications: 28 February 2018

Contact: Dr. Kimmo Järvinen (kimmo.u.jarvinen (at)

Job Posting Ph.D. student Grenoble Institute of Technology, LIG Laboratory
Grenoble Institute of Technology and LIG Laboratory invite applications for a PhD Student position in the area of measurements for cybersecurity and Domain Name System (DNS) abuse.

- Position: PhD Student Grenoble INP

- Contract: fixed-term 36 months

- Start date: ASAP

- Location: Grenoble, Rhône-Alpes, France

- Hosting institution: LIG laboratory, Université Grenoble Alpes, Grenoble Institute of Technology

- Scientific advisors: Maciej Korczynski and Andrzej Duda @LIG/UGA

- Project partners: SIDN (.nl registry) and AFNIC (.fr registry)

- Application deadline: 31/12/2017

Job description

The candidate will join a research project about cybersecurity and domain name abuse. The goal of the project is to develop large-scale Internet measurement and classification methods in the fight against Internet-scale attacks, such as phishing, drive-by-downloads, and spam. The successful candidate will collect and study empirical data, and will work on real-world security problems that will help operators such as domain registries and hosting providers to effectively mitigate security incidents.

Skills & Expertise

The position requires strong competences in programming (Python, C/C++) and excellent written and oral communication skills in English. Research experience in the field of network security and data analytics is considered as a plus.

The candidate must have a master’s degree (or equivalence) in network or information security, computer science, telecommunication engineering or in a related study with excellent results. The candidate must have a high motivation for research, and enjoy working in an international team.

How to Apply

Applicants should send a detailed curriculum vitae along with a letter of application, transcripts for undergraduate and graduate studies to maciej.korczynski (at) Email subject must start with [DNS abuse]. References or letters of recommendation are appreciated.

Closing date for applications: 31 December 2017

Contact: Maciej Korczynski, maciej.korczynski (at)

More information:

Job Posting PhD interns on cyber-physical system security Singapore University of Technology and Design (SUTD)
Singapore University of Technology and Design (SUTD) is a young university which was established in collaboration with MIT. iTrust is a Cyber Security Research Center with about 15 multi-discipline faculty members from SUTD. It has the world\'s best facilities in cyber-physical systems (CPS) including testbeds for Secure Water Treatment (SWaT), Water Distribution (WADI), Electric Power and Intelligent Control (EPIC), and IoT. (See more info at

I am looking for PhD interns with interest in cyber-physical system security (IoT, water, power grid, transportation, and autonomous vehicle etc.), including the topics such as 1) Lightweight and resilient authentication of devices and data in CPS, 2) Advanced SCADA firewall to filter more sophisticated attacking packets in CPS, 3) AI-based threat analytics for detection of attacks to CPS, 4) Securing maritime navigation systems. The attachment will be at least 3 months. Allowance will be provided for local expenses.

Interested candidates please send your CV with a research statement to Prof. Jianying Zhou.

Contact: Prof. Jianying Zhou

Email:  jianying_zhou (at)


Closing date for applications: 31 January 2018

Contact: jianying_zhou (at)

More information:

Job Posting PhD student Universitat Pompeu Fabra, Barcelona, Spain
Applications are invited for a PhD position in the field of cryptography at the Department of Information and Communication Technologies at Universitat Pompeu Fabra in Barcelona, Spain, to be co-supervised by Dr. Vanesa Daza and Dr. Carla Ràfols. Research in cryptographic protocols for blockchain technologies, with a special focus on Zero-Knowledge Proofs. The starting date will be around September 2017.

Only outstanding candidates which satisfy international mobility criteria will be considered (i.e. the applicant should not have resided or carried out their main activity in Spain for more than 12 months in the 3 years immediately prior to the recruitment date).

The contract will be for 3 years with a gross salary of €34,800, plus other advantages.

The candidate should hold or be about to receive a master\'s degree by September 2018 in computer science, mathematics or a related area. Specialization in cryptography (demonstrated by a relevant MSc) will be positively evaluated.

Further enquiries about the project and conditions should be sent to cryptophdapplications (at)

Closing date for applications: 15 January 2018

Contact: Carla Ràfols, Universitat Pompeu Fabra

Job Posting Automotive Security & Privacy Continental Automotive Singapore

• Define security tests for backend, Smartphone & Connectivity

• Develop countermeasures for detected vulnerabilities

• Develop tools to demonstrate the efficiency of the security mechanisms

• Develop and refine the Security and Privacy concept for connected services between vehicle and backend services

• Implementation of novel Security & Privacy mechanisms


• University degree in computer science, electrical engineering or mathematics with a deep focus on security, privacy, cryptology, or similar

• In-­depth Experiences with projects related to cloud security, smartphone security and backend security

• Knowledge of Security Risk Analysis methods (e.g. STRIDE)

• Knowledge of Security Source Code Analysis methods

• Knowledge of Quantum cryptography is preferred

• An application with several years of experience in the field of Automotive Security and Privacy is preferred

• Good & open communication

• Mobility to collaborate creatively in international teams

Closing date for applications: 31 March 2018

More information:

29 November 2017
Recently, Albrecht, Davidson, Larraia, and Pellet-Mary constructed a variant of the GGH13 without ideals and presented the distinguishing attacks in simplified branching program and obfuscation security models. However, it is not clear whether a variant of the CGH annihilation attack can be used to break an IO candidate using this new variant. This paper adaptively extends the CGH attack into the branch program obfuscator based on GGH13 without ideals. To achieve this goal, we introduce approximate eigenvalue of matrix and build a relationship between the determinant and the rank of a matrix with perturbation. Our result shows that the structural vulnerability of GGH13 encodings are beyond the presence of ideal.

newer items   older items