International Association
for Cryptologic Research

Private linear key agreement (PLKA) enables a group of users to agree upon a common session key in a broadcast encryption (BE) scenario, while traitor tracing (TT) system allows a tracer to identify conspiracy of a troop of colluding pirate users. This paper introduces a key encapsulation mechanism in BE that provides the functionalities of both PLKA and TT in a unified cost-effective primitive. Our PLKA based traitor tracing offers a solution to the problem of achieving full collusion resistance property and public traceability simultaneously with significant efficiency and storage compared to a sequential improvement of the PLKA based traitor tracing systems. Our PLKA builds on a prime order multilinear group setting employing indistinguishability obfuscation (iO) and pseudorandom function (PRF). The resulting scheme has a fair communication, storage and computational efficiency compared to that of composite order groups. Our PLKA is adaptively chosen ciphertext attack (CCA)-secure and based on the hardness of the multilinear assumption, namely, the Decisional Hybrid Diffie-Hellman Exponent (DHDHE) assumption in standard model and so far a plausible improvement in the literature. More precisely, our PLKA design significantly reduces the ciphertext size, public parameter size and user secret key size. We frame a traitor tracing algorithm with shorter running time which can be executed publicly.

A searchable symmetric encryption (SSE) scheme enables a client to store data on an untrusted server while supporting keyword searches in a secure manner. Recent experiments have indicated that the practical relevance of such schemes heavily relies on the tradeoff between their space overhead, locality (the number of non-contiguous memory locations that the server accesses with each query), and read efficiency (the ratio between the number of bits the server reads with each query and the actual size of the answer). These experiments motivated Cash and Tessaro (EUROCRYPT '14) and Asharov et al. (STOC '16) to construct SSE schemes offering various such tradeoffs, and to prove lower bounds for natural SSE frameworks. Unfortunately, the best-possible tradeoff has not been identified, and there are substantial gaps between the existing schemes and lower bounds, indicating that a better understanding of SSE is needed.

We establish tight bounds on the tradeoff between the space overhead, locality and read efficiency of SSE schemes within two general frameworks that capture the memory access pattern underlying all existing schemes. First, we introduce the ``pad-and-split'' framework, refining that of Cash and Tessaro while still capturing the same existing schemes. Within our framework we significantly strengthen their lower bound, proving that any scheme with locality $L$ must use space $\Omega ( N \log N / \log L )$ for databases of size $N$. This is a tight lower bound, matching the tradeoff provided by the scheme of Demertzis and Papamanthou (SIGMOD '17) which is captured by our pad-and-split framework.

Then, within the ``statistical-independence'' framework of Asharov et al. we show that their lower bound is essentially tight: We construct a scheme whose tradeoff matches their lower bound within an additive $O(\log \log \log N)$ factor in its read efficiency, once again improving upon the existing schemes. Our scheme offers optimal space and locality, and nearly-optimal read efficiency that depends on the frequency of the queried keywords: For a keyword that is associated with $n = N^{1 - \epsilon(n)}$ document identifiers, the read efficiency is $\omega(1) \cdot \epsilon(n)^{-1}+ O(\log\log\log N)$ when retrieving its identifiers (where the $\omega(1)$ term may be arbitrarily small, and $\omega(1) \cdot \epsilon(n)^{-1}$ is the lower bound proved by Asharov et al.). In particular, for any keyword that is associated with at most $N^{1 - 1/o(\log \log \log N)}$ document identifiers (i.e., for any keyword that is not exceptionally common), we provide read efficiency $O(\log \log \log N)$ when retrieving its identifiers.

We consider information-theoretic secure two-party computation in the plain model where no reliable channels are assumed, and all communication is performed over the binary symmetric channel (BSC) that flips each bit with fixed probability. In this reality-driven setting we investigate feasibility of communication-optimal noise-resilient semi-honest two-party computation i.e., efficient computation which is both private and correct despite channel noise.

We devise an information-theoretic technique that converts any correct, but not necessarily private, two-party protocol that assumes reliable channels, into a protocol which is both correct and private against semi-honest adversaries, assuming BSC channels alone. Our results also apply to other types of noisy-channels such as the elastic-channel.

Our construction combines tools from the cryptographic literature with tools from the literature on interactive coding, and achieves, to our knowledge, the best known communication overhead. Specifically, if $f$ is given as a circuit of size $s$, our scheme communicates $O(s + \kappa)$ bits for $\kappa$ a security parameter. This improves the state of the art (Ishai et al., CRYPTO' 11) where the communication is $O(s) + \text{poly}(\kappa \cdot \text{depth}(s))$.

Refreshing algorithms are a critical ingredient for secure masking. They are instrumental in enabling sound composability properties for complex circuits, and their randomness requirements dominate the performance overheads in (very) high-order masking. In this paper, we improve a proposal of mask refreshing algorithms from EUROCRYPT 2017, that has excellent implementation properties in software and hardware, in two main directions. First, we provide a generic proof that this algorithm is secure at arbitrary orders -- a problem that was left open so far. We introduce Parametrized Non-Interference as a new technical ingredient for this purpose, that may be of independent interest. Second, we use automated tools to further explore the design space of such algorithms and provide the best known parallel mask refreshing gadgets for concretely relevant security orders. Incidentally, we also prove the security of a recent proposal of mask refreshing with improved resistance against horizontal attacks from CHES 2017.

Post-quantum cryptography has attracted much attention from worldwide cryptologists. However, most research works are related to public-key cryptosystem due to Shor's attack on RSA and ECC ciphers. At CRYPTO 2016, Kaplan et al. breaks many secret-key (symmetric) systems using quantum period finding algorithm, which arises researcher's attentions to evaluate the symmetric systems against quantum attackers.

In this paper, we continue to study the symmetric ciphers against quantum attackers. First, we convert the classical advanced slide attacks (introduced by Biryukov and Wagner) to a quantum one, that gains an exponential speed-up of the time complexity. Thus, we could break 2/4K-Feistel and 2/4K-DES in polynomial time. Second, we give a new quantum key-recovery attack on full-round GOST, a Russian standard, with $2^{112}$ Grover iterations, which is faster than a quantum brute force search attack by a factor $2^{16}$.

By representing data in a unary way, the identity of the bits can be used as a printing pad to stain the data with the identity of its handlers. Passing data will identify its custodians, its pathway, and its bona fide. This technique will allow databases to recover from a massive breach as the thieves will be caught when trying to use this 'sticky data'. Heavily traveled data on networks will accumulate the 'fingerprints' of its holders, to allow for a forensic analysis of fraud attempts, or data abuse. Special applications for the financial industry, and for intellectual property management. Fingerprinting data may be used for new ways to balance between privacy concerns and public statistical interests. This technique might restore the identification power of the US Social Security Number, despite the fact that millions of them have been compromised. Another specific application regards credit card fraud. Once the credit card numbers are 'sticky' they are safe. The most prolific application though, may be in conjunction with digital money technology. The BitMint protocol, for example, establishes its superior security on 'sticky digital coins'. Advanced fingerprinting applications require high quality randomization. The price paid for the fingerprinting advantage is a larger data footprint -- more bits per content. Impacting both storage and transmission. This price is reasonable relative to the gained benefit.

Secure multi-party computation (MPC) is a general cryptographic technique that allows distrusting parties to compute a function of their individual inputs, while only revealing the output of the function. It has found applications in areas such as auctioning, email filtering, and secure teleconference. Given their importance, it is crucial that the protocols are specified and implemented correctly. In the programming language community, it has become good practice to use computer proof assistants to verify correctness proofs. In the field of cryptography, EasyCrypt is the state of the art proof assistant. It provides an embedded language for probabilistic programming, together with a specialized logic, embedded into an ambient general purpose higher-order logic. It allows us to conveniently express cryptographic properties. EasyCrypt has been used successfully on many applications, including public-key encryption, signatures, garbled circuits and differential privacy. Here we show for the first time that it can also be used to prove security of MPC against a malicious adversary. We formalize additive and replicated secret sharing schemes and apply them to Maurer’s MPC protocol for secure addition and multiplication. Our method extends to general polynomial functions. We follow the insights from EasyCrypt that security proofs can often be reduced to proofs about program equivalence, a topic that is well understood in the verification of programming languages. In particular, we show that for a class of MPC protocols in the passive case the non-interference-based (NI) definition is equivalent to a standard simulation-based security definition. For the active case, we provide a new non-interference based alternative to the usual simulation-based cryptographic definition that is tailored specifically to our protocol.

MapReduce programming paradigm allows to process big data sets in parallel on a large cluster. We focus on a scenario where the data owner outsources her data on an honest-but-curious server. Our aim is to evaluate grouping and aggregation with SUM, COUNT, AVG, MIN, and MAX operations for an authorized user. For each of these five operations, we assume that the public cloud provider and the user do not collude i.e., the public cloud does not know the secret key of the user. We prove the security of our approach for each operation.

Event date: 17 November 2018
Submission deadline: 7 August 2018
Notification: 4 September 2018

Event date: 30 July to 3 August 2018

In CRYPTO 2016, Cogliati and Seurin have proposed a highly secure nonce-based MAC called Encrypted Wegman-Carter with Davies-Meyer ($\textsf{EWCDM}$) construction, as $\textsf{E}_{K_2}\bigl(\textsf{E}_{K_1}(N)\oplus N\oplus \textsf{H}_{K_h}(M)\bigr)$ for a nonce $N$ and a message $M$. This construction achieves roughly $2^{2n/3}$ bit MAC security with the assumption that $\textsf{E}$ is a PRP secure $n$-bit block cipher and $\textsf{H}$ is an almost xor universal $n$-bit hash function. In this paper we propose Decrypted Wegman-Carter with Davies-Meyer ($\textsf{DWCDM}$) construction, which is structurally very similar to its predecessor $\textsf{EWCDM}$ except that the outer encryption call is replaced by decryption. The biggest advantage of $\textsf{DWCDM}$ is that we can make a truly single key MAC: the two block cipher calls can use the same block cipher key $K=K_1=K_2$. Moreover, we can derive the hash key as $K_h=\textsf{E}_K(1)$, as long as $|K_h|=n$. Whether we use encryption or decryption in the outer layer makes a huge difference; using the decryption instead enables us to apply an extended version of the mirror theory by Patarin to the security analysis of the construction. $\textsf{DWCDM}$ is secure beyond the birthday bound, roughly up to $2^{2n/3}$ MAC queries and $2^n$ verification queries against nonce-respecting adversaries. $\textsf{DWCDM}$ remains secure up to $2^{n/2}$ MAC queries and $2^n$ verification queries against nonce-misusing adversaries.

A postdoctoral research fellow position in cybersecurity is available in the Virginia Modeling, Analysis and Simulation Center (VMASC) at Old Dominion University, for an initial appointment of one year, renewable based on the performance.

The incumbent is expected to participate in the cybersecurity research lab at VMASC led by Dr. Sachin Shetty

Responsibilities include conducting fundamental research in Blockchain for IoT security and publishing in leading conferences and journals, participation in proposal development, and some supervision of graduate students. This position is ideally suited for a recent Ph.D. graduate who plans to pursue a future research career. A completed Ph.D. degree in ECE or CS is required by the time of the appointment. Solid background in network security, distributed systems, protocols and algorithms, is highly desirable.

Closing date for applications: 30 July 2018

Contact: Sachin Shetty, Ph.D.

Associate Professor

Virginia Modeling, Analysis and Simulation Center

Center for Cybersecurity Education and Research

Dept. of Modeling, Simulation and Visualization Engineering

Old Dominion University

1030 University Blvd

Suffolk, VA 23435

Email- sshetty (at) odu.edu

Web: https://www.odu.edu/~sshetty

More information: http://www.lions.odu.edu/~sshetty/PostDoc_ODU_2018.htm

The goal of this PhD research is to investigate possibility of integrating additional cryptographic concepts that are not yet present in the existing blockchain technologies and services, but have been developed by cryptographers for many years.

The applicants should have a master’s degree in mathematics, computer science, communications technology or related areas with an average grade of B or better. Candidates completing their MSc degree in the Spring 2018 are encouraged to apply.

Knowledge in cryptography and strong programming skills is desirable.

Closing date for applications: 10 June 2018

Contact: For further information about the position, please contact Professor Danilo Gligoroski, danilog (at) ntnu.no

More information: https://www.jobbnorge.no/en/available-jobs/job/153395/

Event date: 6 September to 7 September 2018
Submission deadline: 16 June 2018
Notification: 16 July 2018

Event date: 4 March to 8 March 2019
Submission deadline: 14 September 2018
Notification: 19 November 2018

Surrey Centre for Cyber Security (SCCS) at the University of Surrey invites applications for a full-time one-year Post-doc/Research fellow position in Wireless Security. The post is part of the funded Innovate UK project “SAFRON: Safe Operational Radio Network for mixed-priority communications to trains using a shared architecture”. SAFRON will create a prototype to demonstrate how wireless networks (e.g. WiFi, LTE, and 5G) can be used for train to trackside communications for mixed applications including safety-related and mission critical.

Successful applicants will have core skills in key management and network authentication standards (e.g. IPSEC) and wireless communications. Experience in tunnelling techniques is advantageous (e.g. L2TP or GRE). A PhD and/or industrial experience would be desirable since the project is research oriented and in collaboration with industry. A graduate with an appropriate background would also be considered.

The successful applicant will be working under supervision of Dr Helen Treharne and Dr Mark Manulis and will benefit from the environment provided by the Surrey Centre for Cyber Security, an Academic Centre of Excellence in Cyber Security Research recognized by the British Government.

Salary: 31604 GBP – 34520 GBP depending on qualifications

Expected start date: 1 August 2018

Applicants should submit their applications through the University portal via: https://jobs.surrey.ac.uk/vacancy.aspx?ref=038718

Closing date for applications: 20 June 2018

Contact: Dr. Mark Manulis --- m.manulis (at) surrey.ac.uk

More information: https://jobs.surrey.ac.uk/vacancy.aspx?ref=038718

This is a joint project between Simula@UiB and NTNU and others, funded by the Research Council of Norway. The main objective of this project is to develop cryptographic protocols and primitives that realize trusted and secure communication in an IoT ecosystem.

We are entering the era of the Internet of Things (IoT). The IoT connects not only classical computing and communication devices, but all kinds of other gadgets that we use in our everyday lives. For IoT, security concerns go beyond traditional privacy or denial of service; also the immediate physical security of humans is at stake, and the cost of security failures becomes much more severe. Moreover, the IoT will be comprised of heterogeneous and lightweight devices, many of which may be unable to perform the complex computations required by modern security protocols.

The constrained IoT environment poses novel challenges for cryptographic protocol design and analysis. The PhD fellow will study protocols implementing either traditional trusted third party trust mechanism and/or newer (but less well-understood) notions of distributed trust. In both cases the protocols will rely on quantum-safe primitives. Of particular interest is the construction of security proofs for such light-weight protocols, requiring tight proofs as well as high assurance (e.g. automatic verification of security proofs).

Closing date for applications: 18 June 2018

Contact: Professor Kristian Gjøsteen (kristian.gjosteen (at) ntnu.no)

More information: https://www.jobbnorge.no/ledige-stillinger/stilling/153293/

The positions are connected to the project «Secure, Usable and Robust Cryptographic Voting Systems». This is a joint project between NTNU and the University of Luxembourg, funded by the Research Council of Norway and the Luxembourg National Research Fund. The goal of the project is to study the security of cryptographic voting schemes.

Traditional voting has some significant limitations. From a security viewpoint, it has relied heavily on trust in the election officials, which in turn restricts independent verifiability and high assurance regarding confidentiality of votes. In addition, traditional voting has problems regarding errors in counting, accessibility, and timeliness.

Although cryptographic voting systems have been proposed almost 30 years ago, and deployed in many countries more recently, there remain major obstacles to their widespread adoption. As we have seen in recent years, voting systems sometimes fail and they are susceptible to a range of attacks, even in established democracies.

This project will investigate the security of voting systems and increase our assurance in state-of-the-art voting systems. In particular, the project will study user confidence in cryptographic voting systems, security proofs for such systems, as well as options for long-term security (including post-quantum security).

Security proofs will be a particular focus for one PhD fellow, while long-term security will be a particular focus for the other PhD fellow.

Closing date for applications: 18 June 2018

Contact: Professor Kristian Gjøsteen (kristian.gjosteen (at) ntnu.no), or Professor Colin Boyd (colin.boyd (at) ntnu.no).

More information: https://www.jobbnorge.no/ledige-stillinger/stilling/153300/

The position is connected to the project «Secure, Usable and Robust Cryptographic Voting Systems». This is a joint project between NTNU and the University of Luxembourg, funded by the Research Council of Norway and the Luxembourg National Research Fund. The goal of the project is to study the security of cryptographic voting schemes.

Traditional voting has some significant limitations. From a security viewpoint, it has relied heavily on trust in the election officials, which in turn restricts independent verifiability and high assurance regarding confidentiality of votes. In addition, traditional voting has problems regarding errors in counting, accessibility, and timeliness.

Although cryptographic voting systems have been proposed almost 30 years ago, and deployed in many countries more recently, there remain major obstacles to their widespread adoption. As we have seen in recent years, voting systems sometimes fail and they are susceptible to a range of attacks, even in established democracies.

This project will investigate the security of voting systems and increase our assurance in state-of-the-art voting systems. In particular, the project will study user confidence in cryptographic voting systems, security proofs for such systems, as well as options for long-term security (including post-quantum security).

Closing date for applications: 18 June 2018

Contact: Professor Kristian Gjøsteen (kristian.gjosteen (at) ntnu.no) or Professor Colin Boyd (colin.boyd (at) ntnu.no).

More information: https://www.jobbnorge.no/ledige-stillinger/stilling/153320/

Surrey Centre for Cyber Security (SCCS) and Surrey Space Centre (SSC) at the University of Surrey invite applications for a fully-funded PhD position in Satellite System Security to work on an industry-funded research project TargetSat: Security of COTS-based Satellite Systems.

The project is funded by the NCC Group and aims to develop understanding of security risks and requirements associated with the use of commercial off-the-shelf components (incl. operating systems and software) in satellites and ground control systems, identify weaknesses and vulnerabilities in existing single and multi-satellite architectures and communication protocols, and propose mitigating countermeasures. An appropriate test-bed facility will be developed as part of this project.

Successful applicants are expected to be familiar with:

• Linux-based OS systems, incl. kernel programming

• System- / network-level attacks (e.g. buffer overflows, command injection), penetration testing

• Programming languages: C/C++, Assembly, or Python

We particularly welcome applications from ongoing students who are projected to complete their degree in 2018.

This PhD studentship includes a tax-free PhD stipend of GBP 20,000 per year for 3.5 years of PhD studies. This stipend is significantly higher than an average PhD stipend in the UK. Additional funding is available to support conference travel, etc.

Closing and starting dates: This is a “rolling advert” with a nominal closing date. Applications are welcome at any time and the timing of the selection process will be dependent on the applications received. Planned start date is October 2018.

Applications should be sent via https://jobs.surrey.ac.uk/Vacancy.aspx?id=4966

Closing date for applications: 30 September 2018

Contact: Informal inquiries can be directed to Dr Mark Manulis (m.manulis (at) surrey.ac.uk)

More information: https://jobs.surrey.ac.uk/Vacancy.aspx?id=4966