International Association
for Cryptologic Research

The University of Luxembourg/ Centre for Security and Trust is seeking to hire two post-docs and two PhDs to perform research in secure, verifiable voting schemes, quantum information assurance and quantum resistant crypto.

The Applied Security and Information Assurance (APSIA) research group, headed by Prof P Y A Ryan, invites applications for two PhD and two post-doc positions, details below. The APSIA team of SnT is a dynamic and growing research group, some 20 strong, conducting research on security-critical systems, information assurance, cryptography, crypto protocols and privacy.

The Interdisciplinary Centre for Security, Reliability and Trust (SnT) carries out interdisciplinary research in secure, reliable and trustworthy ICT systems and services, often in collaboration with industrial, governmental and international partners.

The successful candidate will join the APSIA group and will be part of the joint Luxembourg National Research Fund (FNR) and Norwegian RCN project “SURCVS” and will conduct research on the design and evaluation of secure yet usable voting systems. The project will be conducted jointly with the NTNU in Oslo. The candidate will be supervised by Prof. Peter Y. A. Ryan and Dr. Peter Roenne.

The candidate’s tasks include the following:

Conducting research on the following topics in verifiable, coercion resistant voting systems:

Formal definitions of relevant properties such verifiability, privacy, receipt-freeness and coercion resistance.

Modelling complex socio-technical systems, taking account of human aspects of security and trust.

Exploring quantum-safe algorithms and everlasting privacy for voting systems.

Providing guidance to M.Sc. students

Disseminating results through scientific publications and talks at conferences

Closing date for applications: 20 July 2018

Contact: peter.ryan (at) ui.lu or peter.roenne (at) uni.lu

More information: http://emea3.mrted.ly/1vjtw

The University of Luxembourg/ Centre for Security and Trust is seeking to hire a post-doc to perform research in secure, verifiable voting schemes, quantum information assurance and quantum resistant crypto.

The Applied Security and Information Assurance (APSIA) research group, headed by Prof P Y A Ryan, invites applications for two PhD and two post-doc positions, details below. The APSIA team of SnT is a dynamic and growing research group, some 20 strong, conducting research on security-critical systems, information assurance, cryptography, crypto protocols and privacy.

The position will be for an initial two year, but potentially extendable to five years.

See also: https://wwwen.uni.lu/snt/research/apsia/we_are_hiring

The Interdisciplinary Centre for Security, Reliability and Trust (SnT) carries out interdisciplinary research in secure, reliable and trustworthy ICT systems and services, often in collaboration with industrial, governmental and international partners.

The successful candidate will join the APSIA group led by Prof. Peter Y. A. Ryan. The candidate will be part of the joint Luxembourg National Research Fund (FNR) and Norwegian RCN project “SURCVS” and will conduct research on the design and evaluation of secure yet usable voting systems. The project will be conducted jointly with the NTNU in Oslo. The candidate’s tasks include the following:

Conducting research on the following topics in verifiable, coercion resistant voting systems:

Formal definitions of relevant properties such as verifiability, privacy, receipt-freeness and coercion resistance.

Modelling complex socio-technical systems, taking account of human aspects of security and trust.

Exploring quantum-safe algorithms and everlasting privacy for voting systems.

Coordinating research projects and delivering outputs

Collaborating with partners in the SURCVS project

Providing guidance to PhD and MSc students

Disseminating results through scientific publications

Closing date for applications: 20 July 2018

Contact: Peter.Ryan (at) uni.lu or Peter.Roenne (at) uni.lu.

More information: http://emea3.mrted.ly/1vjs5

The Information Assurance Platform (IAP) is distributed ledger technology enabled platform that provides tools for building and enhancing cybersecurity applications. The company has raised investment capital.

This position is available full time or part time, on a work remotely basis (telecommuting).

The position is focused on computational integrity and privacy systems for providing tools to enhance corporate and organisational transparency with data privacy and confidentiality.

Applicants should be familiar with cutting edge scalable computational integrity and privacy research and other systems of CIP such as PCP, LPCP, MPC, KOE based systems, CLP, pairing based systems (KOE or otherwise), IP, IVC, and the state of the art including zero knowledge proofs as applicable.

The position is not required to invent, recreate or improve existing cryptography; rather, to research, understand, explain and translate, and knowledge transfer to other positions within the company for practical use in applications.

All applicants are welcome.

Closing date for applications: 30 December 2018

Contact: Please share your professional details to team [at] iap.network. All information held in strictest confidence.

More information: https://iap.network

Dual receiver encryption (DRE), proposed by Diament et al. at ACM CCS 2004, is a special extension notion of public-key encryption, which enables two independent receivers to decrypt a ciphertext into a same plaintext. This primitive is quite useful in designing combined public key cryptosystems and denial of service attack-resilient protocols. Up till now, a series of DRE schemes are constructed from bilinear pairing groups and lattices. In this work, we introduce a construction of lattice-based DRE. Our scheme is indistinguishable against chosen-ciphertext attacks (IND-CCA) from the standard Learning with Errors (LWE) assumption with a public key of bit-size about $2nm\log q$, where $m$ and $q$ are small polynomials in $n$. Additionally, for the DRE notion in the identity-based setting, identity-based DRE (IB-DRE), we also give a lattice-based IB-DRE scheme that achieves chosen-plaintext and adaptively chosen identity security based on the LWE assumption with public parameter size about $(2\ell +1)nm\log q$, where $\ell$ is the bit-size of the identity in the scheme.

At Indocrypt 2016, Ashur et al. showed that linear hulls are sometimes formed in a single round of a cipher (exemplifying on Simon ciphers) and showed that the success rate of an attack may be influenced by the quality of the estimation of one-round correlations. This paper improves the understanding regarding one-round linear hulls and trails, being dedicated to the study of one-round linear hulls of the DES cipher, more exactly of its $f$-function. It shows that, in the case of DES, the existence of one-round hulls is related to the number of active Sboxes and its correlation depends on a fixed set of key bits. All the ideas presented in this paper are followed by examples and are verified experimentally.

Event date: 16 September to 21 September 2018

Event date: 17 June to 20 June 2019
Submission deadline: 28 February 2019

Event date: 4 December to 7 December 2018
Submission deadline: 30 June 2018
Notification: 15 August 2018

A postdoctoral research fellow position in cybersecurity is available in the Virginia Modeling, Analysis and Simulation Center (VMASC) at Old Dominion University , for an initial appointment of one year, renewable based on the performance.

The incumbent is expected to participate in the cybersecurity research lab at VMASC led by Dr. Sachin Shetty

Responsibilities include conducting fundamental research in IoT security and publishing in leading conferences and journals, participation in proposal development, and some supervision of graduate students. This position is ideally suited for a recent Ph.D. graduate who plans to pursue a future research career. A completed Ph.D. degree in ECE or CS is required by the time of the appointment. Solid background in network security, game theory, distributed systems, protocols and algorithms, is highly desirable.

Closing date for applications: 1 September 2018

Contact: Dr. Sachin Shetty (sshetty (at) odu.edu)

More information: http://ww2.odu.edu/~sshetty/PostDoc_Cyber_2018.htm

This work advances the study of secure stream-based channels (Fischlin et al., CRYPTO ’15) by considering the multiplexing of many data streams over a single channel. This is an essential feature of real-world protocols such as TLS. Our treatment adopts the definitional perspective of Rogaway and Stegers (CSF ’09), which offers an elegant way to reason about what standardizing documents actually provide: a partial specification of a protocol that admits a collection of compliant, fully realized implementations. We formalize partially specified channels as the component algorithms of two parties communicating over a channel. Each algorithm has an oracle that services specification detail queries; intuitively, the algorithms abstract the things that are explicitly specified, while the oracle abstracts the things that are not. Our security notions, which capture a variety of privacy and integrity goals, allow the adversary to respond to these oracle queries; security relative to our notions implies that the channel withstands attacks in the presence of worst-case (i.e., adversarial) realizations of the specification details. Our formalization is flexible enough to provide the first provable security treatment of the TLS 1.3 record layer that does not elide optional behaviors and unspecified details.

Constructing indistinguishability obfuscation (iO) [BGI+01] is a central open question in cryptography. We provide new methods to make progress towards this goal. Our contributions may be summarized as follows:

1. Bootstrapping. In a recent work, Lin and Tessaro [LT17] (LT) show that iO may be constructed using i) Functional Encryption (FE) for polynomials of degree $L$ , ii) Pseudorandom Generators (PRG) with blockwise locality $L$ and polynomial expansion, and iii) Learning With Errors (LWE). Since there exist constructions of FE for quadratic polynomials from standard assumptions on bilinear maps [Lin17, BCFG17], the ideal scenario would be to set $L=2$, yielding iO from widely believed assumptions.

Unfortunately, it was shown soon after [LV17,BBKK17 ] that PRG with block locality $2$ and the expansion factor required by the LT construction, concretely $\Omega(n \cdot 2^{b(3+\epsilon)})$, where $n$ is the input length and $b$ is the block length, do not exist. While [LV17, BBKK17] provided strong negative evidence for constructing iO based on bilinear maps, they could not rule out the possibility completely; a tantalizing gap has remained. Given the current state of lower bounds, the existence of $2$ block local PRG with expansion factor $\Omega(n \cdot 2^{b(1+\epsilon)})$ remains open, although this stretch does not suffice for the LT bootstrapping, and is hence unclear to be relevant for iO.

In this work, we improve the state of affairs as follows.

(a) Weakening requirements on PRGs: In this work, we show that the narrow window of expansion factors left open by lower bounds do suffice for iO . We show a new method to construct FE for $NC_1$ from i) FE for degree $L$ polynomials, ii) PRGs of block locality $L$ and expansion factor $\Omega(n \cdot 2^{b(1+\epsilon)})$, and iii) LWE (or RLWE ). Our method of bootstrapping is completely different from all known methods. This re-opens the possibility of realizing iO from $2$ block local PRG, SXDH on Bilinear maps and LWE.

(b)Broadening class of sufficient PRGs: Our bootstrapping theorem may be instantiated with a broader class of pseudorandom generators than hitherto considered for iO, and may circumvent lower bounds known for the arithmetic degree of iO -sufficient PRGs [LV17 , BBKK17]; in particular, these may admit instantiations with arithmetic degree $2$, yielding iO with the additional assumptions of SXDH on Bilinear maps and LWE. In more detail, we may use the following two classes of PRG:

i) Non-Boolean PRGs: We may use pseudorandom generators whose inputs and outputs need not be Boolean but may be integers restricted to a small (polynomial) range. Additionally, the outputs are not required to be pseudorandom but must only satisfy a milder indistinguishability property. We tentatively propose initializing these PRGs using the multivariate quadratic assumption (MQ) which has been widely studied in the literature [MI88 , Wol05 , DY09] and against the general case of which, no efficient attacks are known.

ii) Correlated Noise Generators: We introduce an even weaker class of pseudorandom generators, which we call correlated noise generators (CNG) which may not only be non-Boolean but are required to satisfy an even milder (seeming) indistinguishability property.

(c) Assumptions and Efficiency. Our bootstrapping theorems can be based on the hardness of the Learning With Errors problem (LWE) or its ring variant (RLWE) and can compile FE for degree $L$ polynomials directly to FE for $NC_1$. Our method for bootstrapping to $NC_1$ does not go via randomized encodings as in previous works, which makes it simpler and more efficient than in previous works.

2. Instantiating Primitives. In this work, we provide the first direct candidate of FE for constant degree polynomials from new assumptions on lattices. Our construction is new and does not go via multilinear maps or graded encoding schemes as all previous constructions. Our construction is based on the ring learning with errors assumption (RLWE) as well as new untested assumptions on NTRU rings.

We provide a detailed security analysis and discuss why previously known attacks in the context of multilinear maps, especially zeroizing attacks and annihilation attacks, do not appear to apply to our setting. We caution that the assumptions underlying our construction must be subject to rigorous cryptanalysis before any confidence can be gained in their security. However, their significant departure from known multilinear map based constructions make them, we feel, a potentially fruitful new direction to explore. Additionally, being based entirely on lattices, we believe that security against classical attacks will likely imply security against quantum attacks.

The Internet of Things (IoT) technology has expanded widely across the world, promising new data management opportunities for industries, companies and individuals in different sectors, such as health services or transport logistics. This trend relies on connecting devices/things to collect, exchange and store data. The exponentially increasing number of IoT devices, their origin diversity, their limited capabilities in terms of resources, as well as the ever-increasing amount of data, raise new challenges for security and privacy protection, precluding traditional access control solutions to be integrated to this new environment. In this paper, we propose a reliable server-aided policy-based access control mechanism, named CHARIOT, that enables an IoT platform to verify credentials of different devices requesting access (read/write) to the data stored within it. CHARIOT permits IoT devices to authenticate themselves to the platform without compromising their privacy by using attribute-based signatures. Our solution also allows secure delegation of costly computational operations to a cloud server, hence relieving the workload at IoT devices' side.

Recently, the Boomerang Connection Table was introduced by Cid et al.~as a tool to better evaluate the probability of a boomerang distinguisher. To compute the BCT of an $n$-bit to $n$-bit S-box, the inventors of the BCT proposed an algorithm that takes $O(2^{3n})$ time. We show that one can construct the same table in only $O(2^{2n})$ time.

Overstretched NTRU, an NTRU variant with a large modulus, has been used as a building block for several cryptographic schemes in recent years. Recently, two lattice subfield attacks and a subring attack were proposed that broke some suggested parameters for overstretched NTRU. These attacks work by decreasing the dimension of the lattice to be reduced, which improves the performance of the lattice basis reduction algorithm. However, there are a number of conflicting claims in the literature over which of these attacks has the best performance. These claims are typically based on experiments more than analysis. Furthermore, the metric for comparison has been unclear in some prior work. In this paper, we argue that the correct metric should be the lattice dimension. We show both analytically and experimentally that the subring attack succeeds on a smaller dimension lattice than the subfield attack for the same problem parameters, and also succeeds with a smaller modulus when the lattice dimension is fixed.

Demanding computations are increasingly outsourced to cloud platforms. For such outsourced computations, the efficient verifiability of results is a crucial requirement. When sensitive data is involved, the verification of a computation should preserve the privacy of the input values: it should be context hiding. Context hiding verifiability is enabled by existing homomorphic authenticator schemes. However, until now, no context hiding homomorphic authenticator scheme supports multiple independent clients, e.g. multiple keys. Multi-key support is necessary for datasets involving input authenticated by different clients, e.g. multiple hospitals in e-health scenarios. In this paper, we propose the first perfectly context hiding, publicly verifiable multi-key homomorphic authenticator scheme supporting linear functions. Our scheme is provably unforgeable in the standard model, and succinct. Verification time depends only linearly on the number of clients, in an amortized sense.

Dynamic searchable symmetric encryption (DSSE) is a useful cryptographic tool in the encrypted cloud storage. However, it has been reported that DSSE usually suffers from the file-injection attacks and content leak of deleted documents. To mitigate these attacks, forward security and backward security have been proposed. Nevertheless, the existing forward/backward-secure DSSE schemes can only support single keyword queries. To address this problem, in this paper, we propose two DSSE schemes supporting range queries. One is forward-secure and supports a large number of documents. The other can achieve both forward security and backward security, while it can only support a limited number of documents. Finally, we also give the security proofs of the proposed DSSE schemes in the random oracle model.

We construct a verifable delay function (or unique publicly verifiable proof of sequential work) by showing how the Rivest-Shamir-Wagner time-lock puzzle can be made publicly verifiable.

Concretely, we give a statistically sound public-coin protocol to prove that a tuple $(N,x,T,y)$ satisfies $y=x^{2^T}\pmod N$ where the prover doesn't know the factorization of $N$ and its running time is dominated by solving the puzzle, that is, compute $x^{2^T}$, which is conjectured to require $T$ sequential squarings.

The motivation for this work comes from the Chia blockchain design, which uses a VDF as a key ingredient. For typical parameters, our proofs are of size around $10KB$ and verification cost around three RSA exponentiations.

Homomorphic encryption schemes allow to perform computations over encrypted data. In schemes based on RLWE assumption the plaintext data is a ring polynomial. In many use cases of homomorphic encryption only the degree-0 coefficient of this polynomial is used to encrypt data. In this context any computation on encrypted data can be performed. It is trickier to perform generic computations when more than one coefficient per ciphertext is used.

In this paper we introduce a method to efficiently evaluate low-degree multivariate polynomials over encrypted data. The main idea is to encode several messages in the coefficients of a plaintext space polynomial. Using ring homomorphism operations and multiplications between ciphertexts, we compute multivariate monomials up to a given degree. Afterwards, using ciphertext additions we evaluate the input multivariate polynomial. We perform extensive experimentations of the proposed evaluation method. As example, evaluating an arbitrary multivariate degree-3 polynomial with 100 variables over Boolean space takes under 13 seconds.

Dear IACR members,

This year holds again great promise for cryptology research with the ongoing interest in blockchain technology and cryptocurrencies. As a sign of this, the word "crypto" has received a new interpretation in newspapers, by the public, and by your favorite search engine: Crypto no longer stands first for the conference that we have held in Santa Barbara since 1981.

This message contains information about recent some developments in IACR. The Board of Directors held a virtual meeting back in March (using Zoom teleconference!) and an in-person meeting at Eurocrypt in Tel-Aviv.

Crypto 2018

The Crypto 2018 conference will accommodate seven "workshops" or affiliated events, taking place from Friday to Sunday before the main conference. Registrations are flowing in at a steady pace. Together with the general chair Tal Rabin, I urge you to register and book your trips early.

https://crypto.iacr.org/2018/

The cutoff date for discounted early registration is July 5th!

Task force on diversity

The IACR has established a task force on diversity, whose goal is to:
a) support women attending IACR events;
b) promote and support IACR and other events that advance diversity (defined broadly);
c) improve diversity, especially representation of women and people from Asia, within IACR governance.

This is a community effort. Tal Rabin and Douglas Stebila are leading the task force and are looking forward to receiving your help, suggestions, and comments.

Code of Conduct for IACR events

The IACR has adopted a code of conduct for its conferences. All events of the IACR must refer to this code of conduct, which starts as follows:

The IACR is committed to providing an experience free of harassment and discrimination in its events, respecting the dignity of every participant. Participants who violate this code may be sanctioned and/or expelled from the event, at the discretion of the General Chair(s). Serious incidents may be referred to the IACR Ethics Committee for further possible action.

You can find the full text in the General Chair guidelines, section 8.10, on the website under:

https://www.iacr.org/docs/minutes/

For supporting this on behalf of the Board, the role of a Code-of-Conduct Liaison has been created. This is a person participating as observer in the Board. The Board has appointed Tal Rabin to this role.

IACR Schools in Cryptology

Cryptology Schools typically provide multiple days of intensive learning and constitute an efficient way to provide high-quality training for graduate students, as well as for professionals. The IACR sponsors such schools with financial contributions. The next schools in 2018 are:

Symmetric Proof Techniques
July 29-August 3, 2018, Bertinoro, Italy.
https://spotniq.school/


School on Modern Cryptography
July 30-August 3, 2018, Buenos Aires, Argentina.
http://www.dc.uba.ar/events/eci/2018/cursos

If you are interested to organize an IACR Cryptology School, please apply by June 30. More information is available on the website at https://iacr.org/schools/

To find out more about your IACR and the discussions of the Board of Directors, read the minutes of meeting at https://www.iacr.org/docs/minutes/

Best regards,

Christian Cachin
IACR President

Event date: 22 April to 24 April 2019