International Association
for Cryptologic Research

The University of Luxembourg seeks to hire an outstanding post-doctoral researcher at its Interdisciplinary Centre for Security, Reliability and Trust (SnT). The successful candidate will participate in the activities of the Security and Trust of Software Systems (SaToSS) research group (http://satoss.uni.lu/), led by Prof. Dr. Sjouke Mauw.

The position is within the national project PrivDA, whose goal is to develop models and techniques for privacy-preserving data publication from dynamic social networks, accounting for the presence of active adversaries (adversaries with the ability to alter the network structure).

We welcome applications from candidates who have completed a Ph. D. degree in Computer Science or Mathematics by May 2018.

Preference will be given to applicants with proven interest in graph theory and/or data privacy and/or social network analysis.

The intended start day is June 1st, 2018.

The University offers a two-year employment contract, which may be extended up to five years.

Closing date for applications: 30 April 2018

Contact: Yunior Ramirez-Cruz, e-mail: yunior.ramirez (at) uni.lu

Sjouke Mauw, e-mail: sjouke.mauw (at) uni.lu

More information: http://emea3.mrted.ly/1rxbi

In recent years, awareness of communication security has vastly increased. In Web communication for example, TLS usage has become ubiquitous. TLS is, however, not always the only or best method. Sometimes more lightweight or message oriented security methods are preferable. This applies especially in the Internet of Things (IoT) or in industrial networks, but also for communication in Cloud environments or service-oriented architectures. However, using these alternative security methods still require manual and error-prone configuration.

The successful candidate for this PhD fellowship position will contribute to a flexible security framework, which assists developers in creating secure services, but also supports automatic service-usage in machine-to-machine communication.

One focus of this PhD project might be: lightweight security mechanisms, security specification languages, security negotiation protocols, code generation for secure communication stubs etc.

Closing date for applications: 15 April 2018

Contact: Nils Gruschka, +47 22840858, nils.gruschka (at) ifi.uio.no

More information: https://www.jobbnorge.no/en/available-jobs/job/149459/phd-research-fellowship-in-cybersecurity

This position is available immediately in Professor Mosca’s Research group. You will be working with a team of researchers and developers from academia and industry on the Open Quantum Safe project You will help integrate new post-quantum cryptographic algorithms into the libOQS open-source library, and design and implement techniques for evaluating and benchmarking these cryptographic algorithms in a variety of contexts. You will be required to participate in weekly sprint meetings and perform software development tasks assigned by the project team lead, ensuring that all code contributions developed by self or integrated from 3rd party contribution sources adhere to a cohesive design and framework. In addition to algorithm research, tasks cover all aspects of the software development lifecycle and include design, programming cryptographic algorithms, integrating other cryptographic implementations into the libOQS framework, integrating libOQS into 3rd party opensource projects, testing, benchmarking and documentation.

Qualifications:

• Undergraduate or Graduate degree in Mathematics, Computer Science or Electrical and Computer Engineering

• Essential: C and C++ programming experience, at least 3 years.

• Essential: Familiarity with cryptographic algorithms including public key and symmetric key cryptography, digital signatures, message digest and hashing algorithms

• Essential: Familiarity with version control systems (Git & Github workflow)

The Institute for Quantum Computing (IQC) is a world-leading institute for research in quantum information at the University of Waterloo.

The appointment will be for 12 months with the possibility of extension, pending on research funding. The salary is competitive and commensurate with experience. The University of Waterloo respects, appreciates and encourages diversity. All qualified candidates are encouraged to apply; however, Canadian citizens and permanent residents will be given priority

Closing date for applications: 24 August 2018

Contact: Michele Mosca

michele.mosca (at) uwaterloo.ca

More information: https://services.iqc.uwaterloo.ca/applications/positions/open-quantum-safe-liboqs-cryptographi-x9y4/

Sparx is a family of ARX-based block ciphers designed according to the long-trail strategy (LTS) that were both introduced by Dinu et al. at ASIACRYPT'16. Similar to the wide-trail strategy, the LTS allows provable upper bounds on the length of differential characteristics and linear paths. Thus, the cipher is a highly interesting target for third-party cryptanalysis. However, the only third-party cryptanalysis on Sparx-64/128 to date was given by Abdelkhalek et al. at AFRICACRYPT'17 who proposed impossible-differential attacks on 15 and 16 (out of 24) rounds.

In this paper, we present chosen-ciphertext differential attacks on 16 rounds of Sparx-64/128. First, we show a truncated-differential analysis that requires $2^{32}$ chosen ciphertexts and approximately $2^{93}$ encryptions. Second, we illustrate the effectiveness of boomerangs on Sparx by a rectangle attack that requires approximately $2^{59.6}$ chosen ciphertexts and about $2^{122.2}$ encryption equivalents. Finally, we also considered a yoyo attack on 16 rounds that, however, requires the full codebook and approximately $2^{126}$ encryption equivalents.

We consider all LWE- and NTRU-based encryption, key encapsulation, and digital signature schemes proposed for standardisation as part of the Post-Quantum Cryptography process run by the US National Institute of Standards and Technology (NIST). In particular, we investigate the impact that different estimates for the asymptotic runtime of (block-wise) lattice reduction have on the predicted security of these schemes. Relying on the ``LWE estimator'' of Albrecht et al., we estimate the cost of running primal and dual lattice attacks against every LWE-based scheme, using every cost model proposed as part of a submission. Furthermore, we estimate the security of the proposed NTRU-based schemes against the primal attack under all cost models for lattice reduction.

In this paper, we propose an efficient revocable Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme. We base on the direct revocation approach, by embedding the revocation list into ciphertext. However, since the revocation list will grow longer as time goes by, we further leverage this by proposing a secret key time validation technique so that users will have their keys expired on a date and the revocation list only needs to include those user keys revoked before their intended expired date (e.g. those user keys which have been stolen before expiry). These keys can be removed from the revocation list after their expiry date in order to keep the revocation list short, as these keys can no longer be used to decrypt ciphertext generated after their expiry time. This technique is derived from Hierarchical Identity-based Encryption (HIBE) mechanism and thus time periods are in hierarchical structure: year, month, day. Users with validity of the whole year can decrypt any ciphertext associated with time period of any month or any day within the year. By using this technique, the size of public parameters and user secret key can be greatly reduced. A bonus advantage of this technique is the support of discontinuity of user validity (e.g. taking no-paid leave).

In this paper we describe symbolic side-channel analysis techniques for detecting and quantifying information leakage, given in terms of Shannon and Min Entropy. Measuring the precise leakage is challenging due to the randomness and noise often present in program executions and side-channel observations. We account for this noise by introducing additional (symbolic) program inputs which are interpreted probabilistically, using symbolic execution with parameterized model counting. We also explore an approximate sampling approach for increased scalability. In contrast to typical Monte Carlo techniques, our approach works by sampling symbolic paths, representing multiple concrete paths, and uses pruning to accelerate computation and guarantee convergence to the optimal results. The key novelty of our approach is to provide bounds on the leakage that are provably under- and over-approximating the real leakage. We implemented the techniques in the Symbolic PathFinder tool and we demonstrate them on Java programs.

Event date: 28 May to 1 June 2018
Submission deadline: 1 May 2018
Notification: 8 May 2018

Masking is a very common countermeasure against side channel attacks. When combining Boolean and arithmetic masking, one must be able to convert between the two types of masking, and the conversion algorithm itself must be secure against side-channel attacks. An efficient high-order Boolean to arithmetic conversion scheme was recently described at CHES 2017, with complexity independent of the register size. In this paper we describe a simplified variant with fewer mask refreshing, and still with a proof of security in the ISW probing model. In practical implementations, our variant is roughly 25% faster.

In 2006, Groth, Ostrovsky and Sahai designed one non-interactive zero-knowledge (NIZK) proof system [new version, J. ACM, 59(3), 1-35, 2012] for plaintext being zero or one using bilinear groups with composite order. Based on the system, they presented the first perfect NIZK argument system for any NP language and the first universal composability secure NIZK argument for any NP language in the presence of a dynamic/adaptive adversary. This resolves a central open problem concerning NIZK protocols. In this note, we remark that in their proof system the prover has not to invoke the trapdoor key to generate witnesses. The mechanism was dramatically different from the previous works, such as Blum-Feldman-Micali proof system and Blum-Santis-Micali-Persiano proof system. We would like to stress that the prover can cheat the verifier to accept a false claim if the trapdoor key is available to him.

In multi-prover interactive proofs, the verifier interrogates the provers and attempts to steal their knowledge. Other than that, the verifier's role has not been studied. Augmentation of the provers with non-local resources results in classes of languages that may not be NEXP. We have discovered that the verifier plays a much more important role than previously thought. Simply put, the verifier has the capability of providing non-local resources for the provers intrinsically. Therefore, standard MIPs may already contain protocols equivalent to one in which the prover is augmented non-locally. Existing MIPs' proofs of soundness implicitly depend on the fact that the verifier is not a non-local resource provider. The verifier's non-locality is a new unused tool and liability for protocol design and analysis. Great care should have been taken when claiming that ZKMIP = MIP and MIP = NEXP. For the former case, we show specific issues with existing protocols and revisit the proof of this statement. For the latter case, we exhibit doubts that we do not fully resolve. To do this, we define a new model of multi-prover interactive proofs which we call ``correlational confinement form'' (CCF-MIP).

Special purpose factoring algorithms have discouraged the adoption of multi-power RSA, even in a post-quantum setting. We revisit the known attacks and find that a general recommendation against repeated factors is unwarranted. We find that one-terabyte RSA keys of the form $n = p_1^2p_2^3p_3^5p_4^7\cdots p_i^{\pi_i}\cdots p_{20044}^{225287}$ are competitive with one-terabyte RSA keys of the form $n = p_1p_2p_3p_4\cdots p_i\cdots p_{2^{31}}$. Prime generation can be made to be a factor of 100000 times faster at a loss of at least $1$ but not more than $17$ bits of security against known attacks. The range depends on the relative cost of bit and qubit operations under the assumption that qubit operations cost $2^c$ bit operations for some constant $c$.

Vehicular communication (V2X) technologies allow vehicles to exchange information about the road conditions and their own status, and thereby enhance transportation safety and efficiency. For broader deployment, however, such technologies are expected to address security and privacy concerns, preventing abuse by users and by the system's entities. In particular, the system is expected to enable the revocation of malicious vehicles, e.g., in case they send invalid information to their peers or to the roadside infrastructure; it should also prevent the system from being misused for tracking honest vehicles.Both features are enabled by Vehicular Public Key Infrastructure (VPKI) solutions such as Security Credential Management Systems (SCMS), one of the leading candidates for protecting V2X communication in the United States. Unfortunately, though, SCMS's original revocation mechanism can lead to large Certification Revocation Lists (CRLs), which in turn impacts the bandwidth usage and processing overhead of the system. In this article, we propose a novel design called Activation Codes for Pseudonym Certificates (ACPC), which can be integrated into SCMS to address this issue. Our proposal is based on activation codes, short bitstrings without which certificates previously issued to a vehicle cannot be used by the latter, which are periodically distributed to non-revoked vehicles using an efficient broadcast mechanism. As a result, the identifiers of the corresponding certificates do no need to remain on the CRL for a long time, reducing the CRLs' size and streamlining their distribution and verification of any vehicle's revocation status. Besides describing ACPC in detail, we also compare it to similar-purpose solutions such as Issue First Activate Later (IFAL) and Binary Hash Tree based Certificate Access Management (BCAM).This analysis shows that our proposal not only brings security improvements (e.g., in terms of resilience against colluding system authorities), but also leads to processing and bandwidth overheads that are orders of magnitude smaller than those observed in the state of the art.

Services provided as free by Online Social Networks (OSN) come with privacy concerns. Users' information kept by OSN providers are vulnerable to the risk of being sold to the advertising firms. To protect user privacy, existing proposals utilize data encryption, which prevents the providers from monetizing users' information. Therefore, the providers would not be financially motivated to establish secure OSN designs based on users' data encryption. Addressing these problems, we propose the first Privacy Preserving Group-Based Advertising (PPAD) system that gives monetizing ability for the OSN providers. PPAD performs profile and advertisement matching without requiring the users or advertisers to be online, and is shown to be secure in the presence of honest but curious servers that are allowed to create fake users or advertisers. We also present advertisement accuracy metrics under various system parameters providing a range of security-accuracy trade-offs.

This paper proposes DeepMarks, a novel end-to-end framework for systematic fingerprinting in the context of Deep Learning (DL). Remarkable progress has been made in the area of deep learning. Sharing the trained DL models has become a trend that is ubiquitous in various fields ranging from biomedical diagnosis to stock prediction. As the availability and popularity of pre-trained models are increasing, it is critical to protect the Intellectual Property (IP) of the model owner. DeepMarks introduces the first fingerprinting methodology that enables the model owner to embed unique fingerprints within the parameters (weights) of her model and later identify undesired usages of her distributed models. The proposed framework embeds the fingerprints in the Probability Density Function (pdf) of trainable weights by leveraging the extra capacity available in contemporary DL models. DeepMarks is robust against fingerprints collusion as well as network transformation attacks, including model compression and model fine-tuning. Extensive proof-ofconcept evaluations on MNIST and CIFAR10 datasets, as well as a wide variety of deep neural networks architectures such as Convolutional Neural Networks (CNNs) and Wide Residual Networks (WRNs), corroborate the effectiveness and robustness of DeepMarks framework

We revisit the notion of proxy re-encryption (PRE), an enhanced public-key encryption primitive envisioned by Blaze et al. (Eurocrypt'98) and formalized by Ateniese et al. (NDSS'05) for delegating decryption rights from a delegator to a delegatee using a semi-trusted proxy. PRE notably allows to craft re-encryption keys in order to equip the proxy with the power of transforming ciphertexts under a delegator's public key to ciphertexts under a delegatee's public key, while not learning anything about the underlying plaintexts.

We study an attractive cryptographic property for PRE, namely that of forward secrecy. In our forward-secret PRE (fs-PRE) definition, the proxy periodically evolves the re-encryption keys and permanently erases old versions while the delegator's public key is kept constant. As a consequence, ciphertexts for old periods are no longer re-encryptable and, in particular, cannot be decrypted anymore at the delegatee's end. Moreover, delegators evolve their secret keys too, and, thus, not even they can decrypt old ciphertexts once their key material from past periods has been deleted. This, as we will discuss, directly has application in short-term data/message-sharing scenarios.

Technically, we formalize fs-PRE. Thereby, we identify a subtle but significant gap in the well-established security model for conventional PRE and close it with our formalization (which we dub fs-PRE^+). We present the first provably secure and efficient constructions of fs-PRE as well as PRE (implied by the former) satisfying the strong fs-PRE^+ and PRE^+ notions, respectively. All our constructions are instantiable in the standard model under standard assumptions and our central building block are hierarchical identity-based encryption (HIBE) schemes that only need to be selectively secure.

One of the main challenges that hinder further adaption of decentralized cryptocurrencies is scalability. Because current cryptocurrencies require that all transactions are processed and stored on a distributed ledger -- the so-called blockchain -- transaction throughput is inherently limited. An important proposal to significantly improve scalability are \emph{off-chain protocols}, where the massive amount of transactions is executed without requiring the costly interaction with the blockchain. Examples of off-chain protocols include payment channels and networks, which are currently deployed by popular cryptocurrencies such as Bitcoin and Ethereum. A further extension of payment networks envisioned for cryptocurrencies are so-called state channel networks. In contrast to payment networks that only support carrying out off-chain payments between users, state channel networks allow execution of arbitrary complex smart contracts. The main contribution of this work is to give the first full specification for general state channel networks. Moreover, we provide formal security definitions and develop security proofs showing that our construction satisfies security against powerful adversaries. An additional benefit of our construction over most existing payment networks is the use of channel virtualization, which further reduces latency and costs in complex channel networks.

Event date: 17 December to 19 December 2018
Submission deadline: 20 July 2018
Notification: 31 August 2018

The IACR Fellows Program recognizes outstanding IACR members for technical and professional contributions to the field of cryptology. Today we are pleased to announce four members that have been elevated to the rank of Fellow for 2018:

• Juan Garay: For fundamental contributions at the interface of cryptography and distributed computing, and for service to the cryptographic research community.
• Yuval Ishai: For essential contributions to the theory of cryptographic protocols, low-complexity cryptography, and other foundations of cryptography.
• Paul Kocher: For fundamental contributions to the study of side-channel attacks and countermeasures, cryptography in practice, and for service to the IACR.
• Stafford Tavares: For significant contributions to the design and analysis of block ciphers, for founding the SAC conference, and for service to the IACR.

Congratulations to the new fellows! More information about the IACR Fellows Program can be found at https://iacr.org/fellows/.

At Graz University of Technology one position with tenure track to a position as Associate Professor in the area of Cybersecurity is open to be filled.

The position, initially restricted to six years and offering the possibility of a qualification agreement for a tenured position, is 40 hours per week and the successful candidate is expected to start on September 1, 2018, at the Institute of Applied Information Processing and Communications. Upon agreement on a qualification agreement, the candidate will be appointed as assistant professor. As soon as the qualification agreement has been fulfilled, the position will be converted into a tenured position as associate professor.

Required academic qualification:

PhD or equivalent in computer science

The successful candidate should also possess the following qualifications:

• Research focus on an area of cybersecurity that fits and strengthens the existing research at the institute
• Excellent scientific track record with publications at international top conferences/journals
• Motivation, experience and didactic skills for teaching in English
• Experience in the acquisition of research projects
• Network in the international scientific community

The position will involve the following duties:

• Research on cybersecurity
• Scientific publications at international top conferences/journals
• Acquisition and management of third party funding for research (EU, FFG, FWF, industrial projects)
• Supervision of students
• Independent teaching in the bachelor and master programs
• Service in the academic administration

Closing date for applications: 30 April 2018

Contact: Stefan Mangard

More information: https://www.iaik.tugraz.at/content/about_iaik/jobs/tenure_track/