International Association
for Cryptologic Research

Dissidents, journalists, and others require technical means to protect their privacy in the face of compelled access to their digital devices (smartphones, laptops, tablets, etc.). For example, authorities increasingly force disclosure of all secrets, including passwords, to search devices upon national border crossings. We therefore present the design, implementation, and evaluation of a new system to help victims of compelled searches. Our system, called BurnBox, provides self-revocable encryption: the user can temporarily disable their access to specific files stored remotely, without revealing which files were revoked during compelled searches, even if the adversary also compromises the cloud storage service. They can later restore access. We formalize the threat model and provide a construction that uses an erasable index, secure erasure of keys, and standard cryptographic tools in order to provide security supported by our formal analysis. We report on a prototype implementation, which showcases the practicality of BurnBox.

Since Gentry discovered in 2009 the first fully homomorphic encryption scheme, the last few years have witnessed dramatic progress on designing more efficient homomorphic encryption schemes, and some of them have been implemented for applications. The main bottlenecks are in bootstrapping and large cipher expansion (the ratio of the size of ciphertexts to that of messages). Ducas and Micciancio (2015) show that homomorphic computation of one bit operation on LWE ciphers can be done in less than a second, which is then reduced by Chillotti et al. (2016, 2017) to 13ms. This paper presents a compact fully homomorphic encryption scheme that has the following features: (a) its cipher expansion is 6 with private-key encryption and 20 with public-key encryption; (b) all ciphertexts after any number (unbounded) of homomorphic bit operations have the same size and are always valid with the same error size; (c) its security is based on the LWE and RLWE problems (with binary secret keys) and the cost of breaking the scheme by the current approaches is at least $2^{160}$ bit operations. The scheme protects function privacy and provides a simple solution for secure two-party computation and zero knowledge proof of any language in NP.

Two, three-year PhD scholarships, covering international tuition fees and a stipend of $27,500 per year.

Project Aim

The aim of the project is to develop practical obfuscation techniques based on a theoretical foundation.

The theoretical work will be led by Prof Steven Galbraith while Associate Prof. Giovanni Russello will lead the practical aspects.

Experience

The ideal candidate will have an undergraduate degree in computer science, engineering or mathematics and have written a master thesis in some topic related to security, cryptography, or the underlying mathematics. We are looking for candidates with experience in some or all of the following:

- Hands-on experience with standard obfuscators and de-obfuscator tools

- Understanding of cryptography and its applications

- Understanding of ARM and/or X86 architecture and respective instruction set

- Experience in coding in C/C++ and assembly

- Understanding of compilers and run-time code optimisations

Application Process:

Please send an email to g.russello (at) auckland.ac.nz with a short CV and an unofficial transcript of grades in your degree.

Successful applicants will be asked to provide further information (such as an IELTS English language test and official transcripts of their degrees) at a later stage of the application process.

Closing date for applications: 2 September 2018

Contact: g.russello (at) auckland.ac.nz

The research conducted by the University of Auckland’s team will focus on applied cryptography for retrieval and processing of encrypted data in outsourced and untrusted environments. We are looking to apply encrypted search techniques to SGX environments and blockchain technologies. This involves a substantial program of research to develop, implement and apply to industrial case studies.

Applicants are required to have completed (or be close to completing) a Master degree (or equivalent) with outstanding grades in Computer Science, Mathematics, or closely related areas. Additional knowledge in related disciplines such as, e.g., complexity theory or IT security is welcome.

The candidate should be able not only to design but also implement working prototypes of the crypto scheme developed during the research period. Good knowledge of C/C++ and Linux is a must.

The STRATUS project will provide a stipend of 27,000 NZD p.a. and cover the costs of the tuition fee for 3 years.

Closing date for applications: 31 December 2018

Contact: Dr. Giovanni Russello

The University of Luxembourg/ Centre for Security and Trust is seeking to hire two post-docs and two PhDs to perform research in secure, verifiable voting schemes, quantum information assurance and quantum resistant crypto.

The Applied Security and Information Assurance (APSIA) research group, headed by Prof P Y A Ryan, invites applications for two PhD and two post-doc positions, details below. The APSIA team of SnT is a dynamic and growing research group, some 20 strong, conducting research on security-critical systems, information assurance, cryptography, crypto protocols and privacy.

The Interdisciplinary Centre for Security, Reliability and Trust (SnT) carries out interdisciplinary research in secure, reliable and trustworthy ICT systems and services, often in collaboration with industrial, governmental and international partners.

The successful candidate will join the APSIA group and will be part of the joint Luxembourg National Research Fund (FNR) and Norwegian RCN project “SURCVS” and will conduct research on the design and evaluation of secure yet usable voting systems. The project will be conducted jointly with the NTNU in Oslo. The candidate will be supervised by Prof. Peter Y. A. Ryan and Dr. Peter Roenne.

The candidate’s tasks include the following:

Conducting research on the following topics in verifiable, coercion resistant voting systems:

Formal definitions of relevant properties such verifiability, privacy, receipt-freeness and coercion resistance.

Modelling complex socio-technical systems, taking account of human aspects of security and trust.

Exploring quantum-safe algorithms and everlasting privacy for voting systems.

Providing guidance to M.Sc. students

Disseminating results through scientific publications and talks at conferences

Closing date for applications: 20 July 2018

Contact: peter.ryan (at) ui.lu or peter.roenne (at) uni.lu

More information: http://emea3.mrted.ly/1vjtw

The University of Luxembourg/ Centre for Security and Trust is seeking to hire a post-doc to perform research in secure, verifiable voting schemes, quantum information assurance and quantum resistant crypto.

The Applied Security and Information Assurance (APSIA) research group, headed by Prof P Y A Ryan, invites applications for two PhD and two post-doc positions, details below. The APSIA team of SnT is a dynamic and growing research group, some 20 strong, conducting research on security-critical systems, information assurance, cryptography, crypto protocols and privacy.

The position will be for an initial two year, but potentially extendable to five years.

See also: https://wwwen.uni.lu/snt/research/apsia/we_are_hiring

The Interdisciplinary Centre for Security, Reliability and Trust (SnT) carries out interdisciplinary research in secure, reliable and trustworthy ICT systems and services, often in collaboration with industrial, governmental and international partners.

The successful candidate will join the APSIA group led by Prof. Peter Y. A. Ryan. The candidate will be part of the joint Luxembourg National Research Fund (FNR) and Norwegian RCN project “SURCVS” and will conduct research on the design and evaluation of secure yet usable voting systems. The project will be conducted jointly with the NTNU in Oslo. The candidate’s tasks include the following:

Conducting research on the following topics in verifiable, coercion resistant voting systems:

Formal definitions of relevant properties such as verifiability, privacy, receipt-freeness and coercion resistance.

Modelling complex socio-technical systems, taking account of human aspects of security and trust.

Exploring quantum-safe algorithms and everlasting privacy for voting systems.

Coordinating research projects and delivering outputs

Collaborating with partners in the SURCVS project

Providing guidance to PhD and MSc students

Disseminating results through scientific publications

Closing date for applications: 20 July 2018

Contact: Peter.Ryan (at) uni.lu or Peter.Roenne (at) uni.lu.

More information: http://emea3.mrted.ly/1vjs5

The Information Assurance Platform (IAP) is distributed ledger technology enabled platform that provides tools for building and enhancing cybersecurity applications. The company has raised investment capital.

This position is available full time or part time, on a work remotely basis (telecommuting).

The position is focused on computational integrity and privacy systems for providing tools to enhance corporate and organisational transparency with data privacy and confidentiality.

Applicants should be familiar with cutting edge scalable computational integrity and privacy research and other systems of CIP such as PCP, LPCP, MPC, KOE based systems, CLP, pairing based systems (KOE or otherwise), IP, IVC, and the state of the art including zero knowledge proofs as applicable.

The position is not required to invent, recreate or improve existing cryptography; rather, to research, understand, explain and translate, and knowledge transfer to other positions within the company for practical use in applications.

All applicants are welcome.

Closing date for applications: 30 December 2018

Contact: Please share your professional details to team [at] iap.network. All information held in strictest confidence.

More information: https://iap.network

Dual receiver encryption (DRE), proposed by Diament et al. at ACM CCS 2004, is a special extension notion of public-key encryption, which enables two independent receivers to decrypt a ciphertext into a same plaintext. This primitive is quite useful in designing combined public key cryptosystems and denial of service attack-resilient protocols. Up till now, a series of DRE schemes are constructed from bilinear pairing groups and lattices. In this work, we introduce a construction of lattice-based DRE. Our scheme is indistinguishable against chosen-ciphertext attacks (IND-CCA) from the standard Learning with Errors (LWE) assumption with a public key of bit-size about $2nm\log q$, where $m$ and $q$ are small polynomials in $n$. Additionally, for the DRE notion in the identity-based setting, identity-based DRE (IB-DRE), we also give a lattice-based IB-DRE scheme that achieves chosen-plaintext and adaptively chosen identity security based on the LWE assumption with public parameter size about $(2\ell +1)nm\log q$, where $\ell$ is the bit-size of the identity in the scheme.

At Indocrypt 2016, Ashur et al. showed that linear hulls are sometimes formed in a single round of a cipher (exemplifying on Simon ciphers) and showed that the success rate of an attack may be influenced by the quality of the estimation of one-round correlations. This paper improves the understanding regarding one-round linear hulls and trails, being dedicated to the study of one-round linear hulls of the DES cipher, more exactly of its $f$-function. It shows that, in the case of DES, the existence of one-round hulls is related to the number of active Sboxes and its correlation depends on a fixed set of key bits. All the ideas presented in this paper are followed by examples and are verified experimentally.

Event date: 16 September to 21 September 2018

Event date: 17 June to 20 June 2019
Submission deadline: 28 February 2019

Event date: 4 December to 7 December 2018
Submission deadline: 30 June 2018
Notification: 15 August 2018

A postdoctoral research fellow position in cybersecurity is available in the Virginia Modeling, Analysis and Simulation Center (VMASC) at Old Dominion University , for an initial appointment of one year, renewable based on the performance.

The incumbent is expected to participate in the cybersecurity research lab at VMASC led by Dr. Sachin Shetty

Responsibilities include conducting fundamental research in IoT security and publishing in leading conferences and journals, participation in proposal development, and some supervision of graduate students. This position is ideally suited for a recent Ph.D. graduate who plans to pursue a future research career. A completed Ph.D. degree in ECE or CS is required by the time of the appointment. Solid background in network security, game theory, distributed systems, protocols and algorithms, is highly desirable.

Closing date for applications: 1 September 2018

Contact: Dr. Sachin Shetty (sshetty (at) odu.edu)

More information: http://ww2.odu.edu/~sshetty/PostDoc_Cyber_2018.htm

This work advances the study of secure stream-based channels (Fischlin et al., CRYPTO ’15) by considering the multiplexing of many data streams over a single channel. This is an essential feature of real-world protocols such as TLS. Our treatment adopts the definitional perspective of Rogaway and Stegers (CSF ’09), which offers an elegant way to reason about what standardizing documents actually provide: a partial specification of a protocol that admits a collection of compliant, fully realized implementations. We formalize partially specified channels as the component algorithms of two parties communicating over a channel. Each algorithm has an oracle that services specification detail queries; intuitively, the algorithms abstract the things that are explicitly specified, while the oracle abstracts the things that are not. Our security notions, which capture a variety of privacy and integrity goals, allow the adversary to respond to these oracle queries; security relative to our notions implies that the channel withstands attacks in the presence of worst-case (i.e., adversarial) realizations of the specification details. Our formalization is flexible enough to provide the first provable security treatment of the TLS 1.3 record layer that does not elide optional behaviors and unspecified details.

Constructing indistinguishability obfuscation (iO) [BGI+01] is a central open question in cryptography. We provide new methods to make progress towards this goal. Our contributions may be summarized as follows:

1. Bootstrapping. In a recent work, Lin and Tessaro [LT17] (LT) show that iO may be constructed using i) Functional Encryption (FE) for polynomials of degree $L$ , ii) Pseudorandom Generators (PRG) with blockwise locality $L$ and polynomial expansion, and iii) Learning With Errors (LWE). Since there exist constructions of FE for quadratic polynomials from standard assumptions on bilinear maps [Lin17, BCFG17], the ideal scenario would be to set $L=2$, yielding iO from widely believed assumptions.

Unfortunately, it was shown soon after [LV17,BBKK17 ] that PRG with block locality $2$ and the expansion factor required by the LT construction, concretely $\Omega(n \cdot 2^{b(3+\epsilon)})$, where $n$ is the input length and $b$ is the block length, do not exist. While [LV17, BBKK17] provided strong negative evidence for constructing iO based on bilinear maps, they could not rule out the possibility completely; a tantalizing gap has remained. Given the current state of lower bounds, the existence of $2$ block local PRG with expansion factor $\Omega(n \cdot 2^{b(1+\epsilon)})$ remains open, although this stretch does not suffice for the LT bootstrapping, and is hence unclear to be relevant for iO.

In this work, we improve the state of affairs as follows.

(a) Weakening requirements on PRGs: In this work, we show that the narrow window of expansion factors left open by lower bounds do suffice for iO . We show a new method to construct FE for $NC_1$ from i) FE for degree $L$ polynomials, ii) PRGs of block locality $L$ and expansion factor $\Omega(n \cdot 2^{b(1+\epsilon)})$, and iii) LWE (or RLWE ). Our method of bootstrapping is completely different from all known methods. This re-opens the possibility of realizing iO from $2$ block local PRG, SXDH on Bilinear maps and LWE.

(b)Broadening class of sufficient PRGs: Our bootstrapping theorem may be instantiated with a broader class of pseudorandom generators than hitherto considered for iO, and may circumvent lower bounds known for the arithmetic degree of iO -sufficient PRGs [LV17 , BBKK17]; in particular, these may admit instantiations with arithmetic degree $2$, yielding iO with the additional assumptions of SXDH on Bilinear maps and LWE. In more detail, we may use the following two classes of PRG:

i) Non-Boolean PRGs: We may use pseudorandom generators whose inputs and outputs need not be Boolean but may be integers restricted to a small (polynomial) range. Additionally, the outputs are not required to be pseudorandom but must only satisfy a milder indistinguishability property. We tentatively propose initializing these PRGs using the multivariate quadratic assumption (MQ) which has been widely studied in the literature [MI88 , Wol05 , DY09] and against the general case of which, no efficient attacks are known.

ii) Correlated Noise Generators: We introduce an even weaker class of pseudorandom generators, which we call correlated noise generators (CNG) which may not only be non-Boolean but are required to satisfy an even milder (seeming) indistinguishability property.

(c) Assumptions and Efficiency. Our bootstrapping theorems can be based on the hardness of the Learning With Errors problem (LWE) or its ring variant (RLWE) and can compile FE for degree $L$ polynomials directly to FE for $NC_1$. Our method for bootstrapping to $NC_1$ does not go via randomized encodings as in previous works, which makes it simpler and more efficient than in previous works.

2. Instantiating Primitives. In this work, we provide the first direct candidate of FE for constant degree polynomials from new assumptions on lattices. Our construction is new and does not go via multilinear maps or graded encoding schemes as all previous constructions. Our construction is based on the ring learning with errors assumption (RLWE) as well as new untested assumptions on NTRU rings.

We provide a detailed security analysis and discuss why previously known attacks in the context of multilinear maps, especially zeroizing attacks and annihilation attacks, do not appear to apply to our setting. We caution that the assumptions underlying our construction must be subject to rigorous cryptanalysis before any confidence can be gained in their security. However, their significant departure from known multilinear map based constructions make them, we feel, a potentially fruitful new direction to explore. Additionally, being based entirely on lattices, we believe that security against classical attacks will likely imply security against quantum attacks.

The Internet of Things (IoT) technology has expanded widely across the world, promising new data management opportunities for industries, companies and individuals in different sectors, such as health services or transport logistics. This trend relies on connecting devices/things to collect, exchange and store data. The exponentially increasing number of IoT devices, their origin diversity, their limited capabilities in terms of resources, as well as the ever-increasing amount of data, raise new challenges for security and privacy protection, precluding traditional access control solutions to be integrated to this new environment. In this paper, we propose a reliable server-aided policy-based access control mechanism, named CHARIOT, that enables an IoT platform to verify credentials of different devices requesting access (read/write) to the data stored within it. CHARIOT permits IoT devices to authenticate themselves to the platform without compromising their privacy by using attribute-based signatures. Our solution also allows secure delegation of costly computational operations to a cloud server, hence relieving the workload at IoT devices' side.

Recently, the Boomerang Connection Table was introduced by Cid et al.~as a tool to better evaluate the probability of a boomerang distinguisher. To compute the BCT of an $n$-bit to $n$-bit S-box, the inventors of the BCT proposed an algorithm that takes $O(2^{3n})$ time. We show that one can construct the same table in only $O(2^{2n})$ time.

Overstretched NTRU, an NTRU variant with a large modulus, has been used as a building block for several cryptographic schemes in recent years. Recently, two lattice subfield attacks and a subring attack were proposed that broke some suggested parameters for overstretched NTRU. These attacks work by decreasing the dimension of the lattice to be reduced, which improves the performance of the lattice basis reduction algorithm. However, there are a number of conflicting claims in the literature over which of these attacks has the best performance. These claims are typically based on experiments more than analysis. Furthermore, the metric for comparison has been unclear in some prior work. In this paper, we argue that the correct metric should be the lattice dimension. We show both analytically and experimentally that the subring attack succeeds on a smaller dimension lattice than the subfield attack for the same problem parameters, and also succeeds with a smaller modulus when the lattice dimension is fixed.

Demanding computations are increasingly outsourced to cloud platforms. For such outsourced computations, the efficient verifiability of results is a crucial requirement. When sensitive data is involved, the verification of a computation should preserve the privacy of the input values: it should be context hiding. Context hiding verifiability is enabled by existing homomorphic authenticator schemes. However, until now, no context hiding homomorphic authenticator scheme supports multiple independent clients, e.g. multiple keys. Multi-key support is necessary for datasets involving input authenticated by different clients, e.g. multiple hospitals in e-health scenarios. In this paper, we propose the first perfectly context hiding, publicly verifiable multi-key homomorphic authenticator scheme supporting linear functions. Our scheme is provably unforgeable in the standard model, and succinct. Verification time depends only linearly on the number of clients, in an amortized sense.

Dynamic searchable symmetric encryption (DSSE) is a useful cryptographic tool in the encrypted cloud storage. However, it has been reported that DSSE usually suffers from the file-injection attacks and content leak of deleted documents. To mitigate these attacks, forward security and backward security have been proposed. Nevertheless, the existing forward/backward-secure DSSE schemes can only support single keyword queries. To address this problem, in this paper, we propose two DSSE schemes supporting range queries. One is forward-secure and supports a large number of documents. The other can achieve both forward security and backward security, while it can only support a limited number of documents. Finally, we also give the security proofs of the proposed DSSE schemes in the random oracle model.