International Association
for Cryptologic Research

The Nanyang Technological University in Singapore is offering scholarship for Ph.D students on the field of cryptography, inclusive of symmetric-key cryptography, cryptanalysis, lightweight cryptography etc.

The Ph.D. program at NTU is usually for 4 years, which comprises some coursework in the first year and intensive research for all years. The research scholarship offers full coverage of tuition fees, support of conference trips, tax-free living allowance of 2000 SGD/month for the first year, and 2500 SGD/month for the subsequence years after passing the Ph.D candidate qualification examination, further top-up is possible for exceptional good candidates, Singapore citizens and permanent residents. For more information about the requirements of admission and application procedure, refer to here: http://admissions.ntu.edu.sg/graduate/Pages/home.aspx

These positions will be available until filled. For the Jan 2019 intake, submit by 30th September 2018, and by 31st March 2019 for the August 2019 intake. More information about the CATF research team can be found here: http://catf.crypto.sg

Closing date for applications: 31 December 2019

Contact: Jian Guo, Assistant Professor, guojian (at) ntu.edu.sg for more information.

Ant Financial is a technology company that brings inclusive financial services to the world.Ant Financial, officially founded in October 2014, originated from Alipay founded in 2004.

Ant Financial is dedicated to bringing the world more equal opportunities through building a technology-driven open ecosystem and working with other financial institutions to support the future financial needs of society.

We are hiring:

- Applied Cryptography

- Crypto-currencies, smart-contracts, financial cryptography

- Privacy enhancing technologies

- Distributed consensus protocols

- Cybersecurity

Requirements:

- M.S. or Ph.D. in Cryptographic, System Security, Computer Science or related field, or equivalent experience.

- Good programming skills - C/C++, Go

- Good knowledge in Blockchain technology

- Chinese Mandarin can be used as work language

Interested candidates kindly contact Email: lewis.ls (at) antfin.com

Closing date for applications: 31 October 2018

More information: https://www.antfin.com/index.htm?locale=en_US

Event date: 8 October to 12 October 2018
Submission deadline: 8 June 2018
Notification: 8 July 2018

Event date: 5 November to 7 November 2018
Submission deadline: 10 June 2018
Notification: 10 August 2018

PhD position on Contactless Electronic Payments at Surrey Centre for Cyber Security, Univ. of Surrey, UK

A fully-funded PhD in contactless electronic payments and their security.

Tax-free stipend of 22,000 GBP per year + annual increments. UK citizenship is required.

The project focuses on the cryptographic design and provable security of extensions of the contactless version of the EMV (Europay, Mastercard and Visa) protocol-suite. The main aim is to protect against threats linked to impersonation and therefore fraudulent payments, stemming from relay attacks, but it is not restricted to this. A second goal is that this EMV-enhancement also gives a second authentication-factor to the payment procedure. The project has Consult Hyperion as an industrial partner, which is a company with world-class experience in EMV security.

To apply, please contact Dr Ioana Boureanu, at i.boureanu (at) surrey.ac.uk

Closing date for applications: 25 May 2018

Contact: Ioana Boureanu, at i.boureanu (at) surrey.ac.uk

More information: https://jobs.surrey.ac.uk/vacancy.aspx?ref=007318

Founded in 2015 by Charles Hoskinson and Jeremy Wood, IOHK is a technology company committed to using peer-to-peer innovations to provide financial services to the three billion people who don’t have them. We are an engineering company that builds cryptocurrencies and block chains for academic institutions, government entities and corporations. We are a decentralized company that loves small innovative teams forming and executing ideas that cause cascading disruption.

Job Description

We are looking for a talented, specialised Security Manager to join our growing in-house Security team. The prospective candidate will oversee and coordinate the security process, from research to product development, and will be working with internal teams on embedding Security across IOHK’s project line.

The prospective candidate will be expected to assemble a team and work directly with research, engineering and Project Management (BA’s, Test and Quality, Cryptography and management teams throughout the current and future set of projects

The individual should have an excellent understanding of Security requirements in the Development lifecycle and have an excellent and detailed understanding of the threats and risks that need to be addressed in the development life cycle, specifically in the blockchain / cryptocurrency area.

Closing date for applications: 24 June 2018

Contact: David Rountree

Technical Recruiter

david.rountree (at) iohk.io

More information: https://iohk.io/careers/#op-250078-security-team-manager

The Department of Computer, Control and Management Engineering Antonio Ruberti (DIAG) of Sapienza University of Rome invites outstanding candidates to express their interests for 1 full-time tenured position (full professor) in Cyber Security. The position is funded under the program ``Departments of Excellence´´ of the Italian Ministry of Education and Research that will help consolidating and strengthening the research group in Cyber Security at DIAG-Sapienza.

Profile

Candidates will hold a PhD from a leading research university, an established teaching experience, an appropriate record of publications in highly ranked international journals and conferences, an appropriate record of national and international grants as principle investigator, and an adequate record of supervision of PhD students or similar experience in leading research teams in industrial research. Candidates will also have either a tenured position status in a university or have recently obtained the appropriate national qualification (ASN) in the Academic Discipline ``Information Processing Systems´´ (ING-INF/05) of the Italian University System.

Position

Successful candidates will be engaged in first-class research in the area of Cyber Security, will supervise Master Thesis and PhD students in their fields, will contribute to the Master degree in Cyber Security at Sapienza University of Rome, and will be involved in collaborations with industry and public bodies. Appointments are full-time. The salary is competitive. We especially welcome expressions of interests from female scholars.

Expression of Interest

Application to be sent at recruitment (at) diag.uniroma1.it must contain the following:

1. Curriculum vitae

2. 3-page (max) research and teaching statement including the candidate research program that intends to pursue while at Sapienza.

Expressions of interest should preferably be sent before the end of May 2018. For further information, please consult recruitment (at) diag.uniroma1.it

Closing date for applications: 31 May 2018

Contact: recruitment (at) diag.uniroma1.it

The goal of this PhD project is to study different constructions for hash chains, signature schemes and their surrounding protocols within blockchain technology. Analysis of their combined properties will be conducted from a cryptographic point of view, with emphasis on efficiency, privacy and anonymity. Modern methods of analysis will be applied to obtain high assurance of security. This project will be run in close conjunction with networking and security researchers and relate to application-oriented blockchain projects as target areas.

The research will be carried out within a program of 6 PhD projects under the heading of Trust and Transparency in Digital Society Through Blockchain Technology. This multi-disciplinary program includes technological aspects (cryptographic mechanisms, networking requirements, identity management), societal aspects and application areas. The program team involves 12 professors across several different departments and faculties. It is expected that the PhD fellow for this project will collaborate actively with other PhD fellows involved in the overall program and contribute to plenary meetings of the program. This program forms part of the NTNU Digital Transformation initiative.

Closing date for applications: 27 May 2018

Contact: For further information about the position, please contact Professor Kristian Gjøsteen (kristian.gjosteen (at) ntnu.no), or Professor Colin Boyd (colin.boyd (at) ntnu.no) for information about the Trust and Transparency in Digital Society Through Blockchain Technology project.

More information: https://www.jobbnorge.no/en/available-jobs/job/151330/

We are looking for hardworking and self-driven PhD students to work in the areas of applied cryptography beginning from August 2018 or January 2019. University of South Florida is a Rank 1 Research University and offers a competitive salary with an excellent working environment, all within a close proximity of high-tech industry and beautiful beaches of Sunny Florida. Tampa/Orlando area is a key part of Florida High Technology Corridor, and harbors major tech and research companies. The qualified candidate will have opportunities for research internship and joint-projects with lead-industrial companies. Topics:

Trustworthy Unmanned Aerial Systems

• New cryptographic frameworks to protect aerial drones

Trustworthy Machine Learning (TML)

• Privacy-Preserving Machine Learning

• Adversarial Machine Learning

Breach-Resilient Cyber-Infrastructures:

• New searchable encryption and Oblivious RAM schemes

• Augmentation of privacy enhancing technologies with trusted execution environments

Secure and Reliable IoT and Cryptocurrencies

• Post-Quantum public key infrastructure for IoT

• Use of Blockchain for Cyber Security

Requirements:

• A BS degree in computer science, electrical engineering or mathematics with a high-GPA.

• Very good programming skills (e.g., C, C++), familiarity with OS/Systems.

• Good Academic Writing and Presentation Skills.

• MS degree in computer science, electrical engineering or mathematics is a big plus. Publications in security and privacy are highly desirable.

Please send (by e-mail): (i) Transcripts, (ii) Curriculum vitae, (iii) Three reference letters, (iv) Research statement, (v) GRE and TOEFL scores

Closing date for applications: 15 September 2018

Contact: Dr. Attila A. Yavuz

attila.yavuz (at) gmail.com

More information: http://web.engr.oregonstate.edu/~yavuza/article/PositionDescrption_at_USF.pdf

The proceedings for Crypto 2018 are now available via SpringerLink. Through our agreement with Springer, IACR members can access these proceedings for free by logging into this access page. The conference will be held April 29 - May 3 in Tel Aviv.

In this paper, we study several related computational problems for supersingular elliptic curves, their isogeny graphs, and their endomorphism rings. We prove reductions between the problem of path finding in the $\ell$-isogeny graph, computing maximal orders isomorphic to the endomorphism ring of a supersingular elliptic curve, and computing the endomorphism ring itself. We also give constructive versions of Deuring's correspondence, which associates to a maximal order in a certain quaternion algebra an isomorphism class of supersingular elliptic curves. The reductions are based on heuristics regarding the distribution of norms of elements in quaternion algebras.

We show that conjugacy classes of maximal orders have a representative of polynomial size, and we define a way to represent endomorphism ring generators in a way that allows for efficient valuation at points on the curve. We relate these problems to the security of the Charles-Goren-Lauter hash function. We provide a collision attack for special but natural parameters of the hash function and prove that for general parameters its preimage and collision resistance are also equivalent to the endomorphism ring computation problem.

S-boxes are important parts of modern ciphers. To construct S-boxes having cryptographic parameters close to optimal is an unsolved problem at present time. In this paper some new methods for generating such S-boxes are introduced.

At ACISP 2017, Wu et al. presented an identity-based encryption with equality test (IBEET) that considers to prevent insider attacks. To analyze its security, they proposed a new security notion for IBEET, which is slightly weaker than the indistinguishability under adaptive identity and chosen ciphertext attacks (IND-ID-CCA2) for traditional identity-based encryption. Then, they claimed that their proposed scheme achieves this new security notion under the Bilinear Diffie-Hellman (BDH) assumption in the random oracle model.

In this paper, we demonstrate that their scheme does not achieve the claimed security requirement by presenting an attack. Our attack algorithm is very simple: It requires only a pair of message and ciphertext, and takes one exponentiation and two bilinear map evaluations. Subsequently, we present a modification of their IBEET construction and show that it satisfies their security notion under the BDH assumption and the existence of strong pseudorandom permutation and existentially unforgeable message authentication code in the random oracle model. We remark that our modification has better efficiency than the original construction.

In Public-Key Encryption, traditionally no security is expected if honest parties use keys provided by an adversary. In this work, we re-examine this premise. While using untrusted keys may seem nonsensical at first glance, we argue the use of providing certain security guarantees even in such situations. We propose Chosen Object Attack (COA) security as a broad generalization of various notions of security that have been considered in the literature, including CCA security, key anonymity and robustness, along with concerns arising from untrusted keys. The main premise of this definition is that any of the objects in a cryptographic scheme could be adversarialy generated, and that should not compromise the security of honest parties in a way an idealized scheme would not have.

Our contributions are threefold.

• Firstly, we develop a comprehensive security definition for PKE in the real/ideal paradigm. Our definition subsumes CCA2 security, Anonymity and Robustness as special cases, and also addresses security concerns in complex application scenarios where the keys may be malicious (without having to explicitly model the underlying attack scenarios). To avoid impossibility results associated with simulation-based security, we use the notion of indistinguishability-preserving security (IND-PRE) from the “Cryptographic Agents” framework (Agrawal et al., EUROCRYPT 2015). Towards this, we extend this framework to accommodate adversarially created objects. Our definition can alternately be interpreted as the union of all possible game-based security definitions. We remark that the agents framework as extended in this work is applicable to primitives other than Public-Key Encryption, and would be of broader significance.

• Secondly, and somewhat surprisingly, we show that in the case of PKE, the above comprehensive definition is implied by a simpler definition (which we call COA security) that combines a traditional game-based definition with a set of consistency requirements. The proof of this implication relies on an extensive analysis of all possible executions involving arbitrarily many keys and ciphertexts, generated, transferred between parties and used in an arbitrary and adaptive manner.

• Thirdly, we consider constructions. Interestingly, using the above security definition, we show that the Cramer-Shoup cryptosystem (with minor modifications) already meets our definition. Further, we present transformations from any Anonymous CCA2-secure PKE scheme to a COA-secure PKE. Under mild correctness conditions on the Anonymous CCA2-secure PKE scheme, our transformation can be instantiated quite efficiently and is arguably a viable enhancement for PKE schemes used in practice.

During the last decade, constant-time cryptographic software has quickly transitioned from an academic construct to a concrete security requirement for real-world libraries. Most of OpenSSL's constant-time code paths are driven by cryptosystem implementations enabling a dedicated flag at runtime. This process is perilous, with several examples emerging in the past few years of the flag either not being set or software defects directly mishandling the flag.

In this work, we propose a methodology to analyze security-critical software for side-channel insecure code path traversal.

Applying our methodology to OpenSSL, we identify three new code paths during RSA key generation that potentially leak critical algorithm state.

Exploiting one of these leaks, we design, implement, and mount a single trace cache-timing attack on the GCD computation step. We overcome several hurdles in the process, including but not limited to:

(1) granularity issues due to word-size operands to the GCD function;

(2) bulk processing of desynchronized trace data;

(3) non-trivial error rate during information extraction; and

(4) limited high-confidence information on the modulus factors.

Formulating lattice problem instances after obtaining and processing this limited information, our attack achieves roughly a 28 % success rate for key recovery using the empirical data from roughly 10K trials.

Event date: 6 September to 7 September 2018
Submission deadline: 18 June 2018

The Cryptolux/SnT team of the University of Luxembourg is offering one Ph.D. student position in Applied Cryptography for the FinCrypt project funded by the Luxembourg research fund (FNR). The project will study security, scalability and privacy of distributed ledgers and smart contracts. Candidates with expertise or interest in the following areas are welcome to apply:

- Applied Cryptography (SK or PK)

- Crypto-currencies, smart-contracts, financial cryptography

- Privacy enhancing technologies

- Distributed consensus protocols

- Cybersecurity

We offer:

You will work in an exciting international environment and will carry leading edge research in these hot research areas. Luxembourg’s financial center is one of the largest in Europe and our team is part of Security and Trust (SnT) research center (>200 people researching all aspects of IT security). The University offers highly competitive salaries (about 34,000 euro/year gross + benefits) and is an equal opportunity employer.

Applications, written in English, should be submitted by e-mail, and will be considered on receipt therefore applying before the deadline is highly encouraged.

Closing date for applications: 31 May 2018

Contact: Prof. Alex Biryukov

More information: https://www.cryptolux.org/index.php/Vacancies

Event date: 29 October to 31 October 2018
Submission deadline: 8 June 2018
Notification: 20 July 2018

Postdoc research fellow positions available at CMU. Sample research topics include: secure multi-party computation, zero-knowledge proofs, blockchains and cryptocurrencies, and, non-malleable cryptography. However working in any topic within cryptography is possible. Must have a strong publication record in Crypto/Eurocrypt/TCC/STOC/FOCS. Dates are open.

Closing date for applications: 1 November 2018

Contact: Please contact Vipul Goyal at vipul (at) cmu.edu

More information: http://www.cs.cmu.edu/~goyal/

The cryptography group at the Institute of Science and Technology Austria (IST Austria) seeks two postdoctoral researchers, supported by an EU H2020 project (ERC-CoG TOCNeT) on provable security. IST Austria is a recently established basic research institute in the woods of Vienna.

The candidates should have a strong record in cryptography, witnessed by publications at top cryptography (Crypto,Eurocrypt,TCC,...) and/or security conferences (CCS,S&P,...). Current topics investigated in our group include

• Sustainable Blockchains
• Memory-Hard Functions
• Leakage-Resilient Cryptography
• Lattice-Based Cryptography
• Adaptive Security
• Pseudoentropy

The post-doctoral position is provided for up to four years with very competitive salary. The starting dates are flexible. There is no fixed deadline, applications will be considered until the position is filled.

Applications should include CV and a statement of research experience and interests. Please send applications to Krzysztof Pietrzak.

Closing date for applications: 1 September 2018

Contact: Krzysztof Pietrzak pietrzak (at) ist.ac.at

More information: http://pub.ist.ac.at/crypto/