International Association
for Cryptologic Research

There is a vacancy for a position as a researcher in Cryptology at the Department of Informatics in the Selmer Center for secure and reliable communications. The position is for a period of 2 years and is connected to the project Modern Methods and Tools for Theoretical and Applied Cryptology (CryptoWorld) funded by the Norwegian Research Council.

For more details see

https://www.jobbnorge.no/en/available-jobs/job/160195/researcher-position-in-cryptology

Closing date for applications: 1 December 2018

Contact: Prof. Tor Helleseth

More information: https://www.jobbnorge.no/en/available-jobs/job/160195/researcher-position-in-cryptology

The Information Security & Cryptography Group led by Prof. Michael Backes at the CISPA Helmholtz Center for Information Security is looking for multiple fully-funded Ph.D. students working on machine learning privacy and/or biomedical privacy.

The Information Security & Cryptography group is one of the world-leading research groups concentrating on cutting-edge research in security and privacy. As part of CISPA, the group is located at Saarbruecken, Germany. CISPA is the newest member of the Helmholtz Association, the largest scientific organization in Germany fully committed to scientific excellence and to tackling the grand research challenges in their respective fields. CISPA as the first investment of Helmholtz in computer science is one of the top research centers in information security, it is constantly ranked top-3 in the field worldwide, see, e.g., CSrankings.org (http://csrankings.org/#/index?sec&world).

Requirements:

• A bachelor/master degree in Computer Science, Information Security, Mathematics with excellent grades
• Excellent English
• Excellent programming skills
• Good knowledge about machine learning and/or cryptography

What we offer:

• Full-time working contract
• Excellent research environment
• Strong supervision
• World-class collaborations

To apply, please send your

• CV
• Transcripts
• Motivation letter
• Contact information of two references

to yang.zhang (at) cispa.saarland

Closing date for applications: 1 April 2019

Contact: Yang Zhang, yang.zhang (at) cispa.saarland

We are looking for hardworking and self-driven PhD students to work in the areas of applied cryptography beginning from Fall 2019 (August 2019). University of South Florida is a Rank 1 Research University and offers a competitive salary with an excellent working environment, all within a close proximity of high-tech industry and beautiful beaches of Sunny Florida. Tampa/Orlando area is a key part of Florida High Technology Corridor, and harbors major tech and research companies. The qualified candidate will have opportunities for research internship and joint-projects with lead-industrial companies.

Topics: Secure and Reliable Blockchain and Cryptocurrencies

• Post-quantum secure blockchains

• Use of blockchains to enhance cyber-security of critical infrastructures

Secure and Reliable Internet of Things and Systems

• Post-quantum secure IoTs and secure voting systems

• Cryptographic primitives for IoTs

Trustworthy Machine Learning (TML)

• Privacy-preserving machine learning

• Adversarial machine learning

Breach-Resilient Cyber-Infrastructures:

• New searchable encryption and Oblivious RAM schemes

• Privacy Enhancing Technologies for genomic and medical data

Requirements:

• A BS degree in computer science, electrical engineering or mathematics with a high-GPA.

• Very good programming skills (e.g., C, C++), familiarity with OS/Systems.

• Good Academic Writing and Presentation Skills.

• MS degree in computer science, electrical engineering or mathematics is a big plus. Publications in security and privacy are highly desirable.

Please send (by e-mail): (i) Transcripts, (ii) Curriculum vitae, (iii) Three reference letters, (iv) Research statement, (v) GRE and TOEFL scores,

Closing date for applications: 1 February 2019

Contact: Dr. Attila A. Yavuz is an Assistant Professor and the Director of Applied Cryptography Research Laboratory in the Department of Computer Science and Engineering at University of South Florida.

http://www.csee.usf.edu/~attilaayavuz/

attilaayavuz (at) usf.edu

More information: http://www.csee.usf.edu/~attilaayavuz/article/PositionDescrption_at_USF_Fall2019.pdf

Singapore University of Technology and Design (SUTD) is a young university which was established in collaboration with MIT. I am looking for promising PhD students who are interested in working in the area of cyber security. The position is fully funded up to 4 years with very competitive scholarship and overseas research attachment opportunities.

Candidates should have an excellent background (with Bachelor or Master degree and CGPA>80%) in mathematics or computer science/engineering and the ability to work on inter-disciplinary research projects. Acquaintance with cryptography and network/system security concepts as well as some programming skills will be considered as strong assets.

For the Sept 2019 intake, the application deadline is 31st Dec 2018. More information of the PhD program is available at https://istd.sutd.edu.sg/phd/phd-overview/.

Interested candidates please send your CV to Prof. Jianying Zhou

Closing date for applications: 31 December 2018

Contact: Jianying Zhou

More information: http://jianying.space/

Within the Faculty of Electrical Engineering, Mathematics and Computer Science, the Services and Cyber-Security (SCS) research group is looking for a highly motivated Assistant Professor in Digital Security & Privacy (broadly conceived).

For more information, please check the link provided below.

Closing date for applications: 1 December 2018

More information: https://www.utwente.nl/en/organization/careers/vacancy/!/562764/assistant-professor-in-digital-security-privacy

The Faculty of Mathematics, Informatics and Mechanics at University of Warsaw (MIM UW) invites applications for assistant professor (“adiunkt” in Polish) positions in computer science with specialization “computer systems”, starting on 1st Feb 2019 or on 1st Oct 2019.

The successful candidate will be required to conduct research and teach in some of the following areas: concurrent programming, operating systems, computer networks, web applications, security of computer systems or cryptography. The contract is for 4 years, with a possible extension to indefinite employment after a positive result of an employee evaluation.

MIM UW is one of the strongest computer science faculties in Europe. It is known for talented students (e.g., two wins and 13 times in top ten at the ACM International Collegiate Programming Contest) and strong research teams, especially in theoretical aspects of computer science like algorithms, logic and automata, cryptography (e.g., 9 ERC grants in these fields). For an overview of research areas represented in the Faculty, see http://www.mimuw.edu.pl/en/dziedziny-badan

Requirements:

- PhD degree in computer science or mathematics

- Strong publication record in international computer science journals/conferences

- Teaching experience

- Mobility record (participation in conferences, postdoc positions, etc.)

Deadline for applications: 30th November 2018.

Closing date for applications: 30 November 2018

Contact: Lukasz Kowalik (kowalik (at) mimuw.edu.pl) or Aleksy Schubert (alx (at) mimuw.edu.pl)

More information: https://www.mimuw.edu.pl/rozne/konkursy-pliki/2018/praca-adiunkt-nauk-sys-komp-II-30-11-2018-en.pdf

The Network and Information Security Group (NISEC) is currently looking for up to 2 motivated and talented researchers (Postdoctoral Researchers) to contribute to research projects related to applied cryptography, security and privacy.

The successful candidates will be working on the following topics (but not limited to):

• Analysis and design of Searchable Encryption schemes and data structures enabling efficient search operations on encrypted data;
• Restricting the type of access given when granting access to search over one\'s data;
• Processing of encrypted data in outsourced and untrusted environments;
• Applying encrypted search techniques to SGX environments;
• Revocable Attribute-Based Encryption schemes and their application to cloud services;
• Privacy-Preserving Analytics;
• IoT Security.

The positions are strongly research focused. Activities include conducting both theoretical and applied research, the design of secure and/or privacy-preserving protocols, software development and validation, reading and writing scientific articles, presentation of the research results at seminars and conferences in Finland and abroad, acquiring (or assisting in acquiring) further funding.,

Closing date for applications: 20 November 2018

Contact:

Antonis Michalas

antonis.michalas (at) tut.fi

www.amichalas.com

Project Description

In the last decade, the energy sector has been undertaking a significant shift in the way electricity is generated, traded and consumed. With the introduction of smart meters - devices that can measure and communicate users\' electricity consumption every several minutes - more and more innovative services become available to users.

One of these services is the peer-to-peer (p2p) electricity trading that allows users to trade electricity among themselves (via trading platforms), rather than buying from (or selling to) their suppliers. For example, a user with a solar panel can sell directly his/her excess electricity to another user, and vice versa. Such markets have huge potentials as, apart from bringing extra profit to their participants, they can also contribute to increasing the uptakes of renewables.

However, such p2p trading requires complex interactions and data exchanges among various existing and new market players, inevitably introducing several security and privacy issues. Considering the time and computational constraints of the market operations, as well as the interconnectedness and interdependence between different market players, ensuring secure data exchanges in p2p markets is not trivial. Entities need to authenticate each other and be assured of the integrity of the messages they receive. Similarly, ensuring that personal data of users are not revealed to any party is not straightforward. Examples of personal data are users\' names, addresses, electricity consumption, preferences, monthly bills, etc.

The aim of this project is to apply (a combination of) various (computationally-demanding) advanced cryptographic technologies, such as blockchain, smart contracts and secure multiparty computation, to design p2p electricity trading solutions that achieve a good balance between security, user privacy, usability and energy efficiency.

Funding

Fully funded PhD opportunity for an UK/EU student: untaxed stipend of £14,777 per annum + tuition fees

Closing date for applications: 30 November 2018

Contact: Dr Mustafa A. Mustafa email: mustafa.mustafa(at)manchester.ac.uk

More information: http://www.cs.manchester.ac.uk/study/postgraduate-research/projects/description/?projectid=18311

Kanazawa University, Japan, invites applications for an associate professor position or a tenure-track assistant professor position in advanced research area of information security, such as IT Security and Cryptography.

An appointee is expected on duty on April 1st, 2019 or at an early possible time after that.

Research budget: In case of tenure-track assistant professor, Kanazawa University plans to provide a start-up research fund of approximately 800,000 JPY in the first year in addition to faculty research expense.

Closing date for applications: 4 January 2019

Contact: Masahiro Mambo (Contact information can be found below.)

More information: http://www.t.kanazawa-u.ac.jp/collegeschool/20_se/en/position/20190104_ec_tt_en.pdf

We introduce a new form of encryption that we name matchmaking encryption (ME). Using ME, sender S and receiver R, each characterized by its own attributes, can both specify policies the other party must satisfy in order for the message to be revealed. The main security guarantee is that of privacy-preserving policy matching: During decryption nothing is leaked beyond the fact that a match occurred/did not occur. ME opens up new and innovative ways of secretly communicating, and enables several new applications where both participants can specify fine-grained access policies to encrypted data. For instance, in social matchmaking, S can encrypt a file containing his/her personal details and specify a policy so that the file can be decrypted only by his/her ideal partner. On the other end, a receiver R will be able to decrypt the file only if S corresponds to his/her ideal partner defined through a policy. On the theoretical side, we put forward formal security definitions for ME, as well as generic frameworks for constructing ME from functional encryption. These constructions need to face the main technical challenge of simultaneously checking the policies established by S and R to avoid any leakage. On the practical side, we construct an efficient scheme for the identity-based setting, with provable security in the random oracle model under the standard BDH assumption. We implement and evaluate our scheme and provide experimental evidence that our construction is practical. We also apply identity-based ME to a concrete use case, in particular for creating an anonymous bulletin board over a Tor network.

This paper demonstrates how to achieve simulation-based strong attribute hiding against adaptive adversaries for predicate encryption (PE) schemes supporting expressive predicate families under standard computational assumptions in bilinear groups. Our main result is a simulation-based adaptively strongly partially-hiding PE (PHPE) scheme for predicates computing arithmetic branching programs (ABP) on public attributes, followed by an inner-product predicate on private attributes. This simultaneously generalizes attribute-based encryption (ABE) for boolean formulas and ABP’s as well as strongly attribute-hiding PE schemes for inner products. The proposed scheme is proven secure for any a priori bounded number of ciphertexts and an unbounded (polynomial) number of decryption keys, which is the best possible in the simulation-based adaptive security framework. This directly implies that our construction also achieves indistinguishability-based strongly partially-hiding security against adversaries requesting an unbounded (polynomial) number of ciphertexts and decryption keys. The security of the proposed scheme is derived under (asymmetric version of) the well-studied decisional linear (DLIN) assumption. Our work resolves an open problem posed by Wee in TCC 2017, where his result was limited to the semi-adaptive setting. Moreover, our result advances the current state of the art in both the fields of simulation-based and indistinguishability-based strongly attribute-hiding PE schemes. Our main technical contribution lies in extending the strong attribute hiding methodology of Okamoto and Takashima [EUROCRYPT 2012, ASIACRYPT 2012] to the framework of simulation-based security and beyond inner products.

Threshold Implementations are well-known as a provably firstorder secure Boolean masking scheme even in the presence of glitches. A precondition for their security proof is a uniform input distribution at each round function, which may require an injection of fresh randomness or an increase in the number of shares. However, it is unclear whether violating the uniformity assumption causes exploitable leakage in practice. Recently, Daemen undertook a theoretical study of lossy mappings to extend the understanding of uniformity violations. We complement his work by entropy simulations and practical measurements of Keccak’s round function. Our findings shed light on the necessity of mixing operations in addition to bit-permutations in a cipher’s linear layer to propagate randomness between S-boxes and prevent exploitable leakage. Finally, we argue that this result cannot be obtained by current simulation methods, further stressing the continued need for practical leakage measurements.

Event date: 26 November to 28 November 2019
Submission deadline: 8 June 2019
Notification: 29 July 2019

Event date: 17 July to 19 July 2019
Submission deadline: 12 January 2019
Notification: 1 March 2019

In the situation where there are one sender and multiple receivers, a receiver selective opening (RSO) attack for a public key encryption (PKE) scheme considers adversaries that can corrupt some of the receivers and get their secret keys and plaintexts. Security against RSO attacks for a PKE scheme ensures confidentiality of ciphertexts of uncorrupted receivers. Simulation-based RSO security against chosen ciphertext attacks (SIM-RSO-CCA) is the strongest security notion in all RSO attack scenarios. Jia, Lu, and Li (INDOCRYPT 2016) proposed the first SIM-RSO-CCA secure PKE scheme. However, their scheme used indistinguishablility obfuscation, which is not known to be constructed from any standard computational assumption. In this paper, we give two contributions for constructing SIM-RSO-CCA secure PKE from standard computational assumptions. Firstly, we propose a generic construction of SIM-RSO-CCA secure PKE using an IND-CPA secure PKE scheme and a non-interactive zero-knowledge proof system satisfying one-time simulation soundness. Secondly, we propose an efficient and concrete construction of SIM-RSO-CCA secure PKE based on the decisional Diffie-Hellman (DDH) assumption. Moreover, we give a method for efficiently expanding the plaintext space of the DDH-based construction. By applying this method to the construction, we obtain the first DDH-based SIM-RSO-CCA secure PKE scheme supporting a super-polynomially large plaintext space with compact ciphertexts.

Inoue and Minematsu [Cryptology ePrint Archive: Report 2018/1040] presented efficient forgery attacks against OCB2, and Poettering [Cryptology ePrint Archive: Report 2018/1087] presented a distinguishing attack. In this short note, based on these results, we show a plaintext recovery attack against OCB2 in the chosen plaintext and ciphertext setting.

In this paper we investigate the impact of decryption failures on the chosen-ciphertext security of (Ring/Module)-Learning With Errors and (Ring/Module)-Learning with Rounding based primitives. Our analysis is split in three parts: First, we introduce a technique to increase the failure rate of these schemes called failure boosting. Based on this technique we investigate the minimal effort for an adversary to obtain a failure in 3 cases: when he has access to a quantum computer, when he mounts a multi-target attack or when he can only perform a limited number of oracle queries. Secondly, we examine the amount of information that an adversary can derive from failing ciphertexts. Finally, these techniques are combined in an attack on (Ring/Module)-Learning with Errors and (Ring/Module)-Learning with Rounding based schemes with decryption failures. We provide both a theoretical analysis as well as an implementation to calculate the security impact and show that an attacker can significantly reduce the security of several candidates of the NIST post-quantum standardization process if sufficient oracle queries can be performed.

This paper describes two FPGA implementations for the encryption and authentication of data, based on the AES algorithm running in Galois/Counter mode (AES-GCM). Both architectures are protected against side-channel analysis attacks through the use of a threshold implementation (TI). The first architecture is fully unrolled and optimized for throughput. The second architecture uses a round-based structure, fits on a relatively small FPGA board, and is evaluated for side-channel attack resistance. We perform a Test Vector Leakage Assessment (TVLA), which shows no first-order leakage in the power consumption of the FPGA. To the best of our knowledge, our work is (1) the first to describe a throughput-optimized FPGA architecture of AES-GCM, protected against first-order side-channel information leakage, and (2) the first to evaluate the side-channel attack resistance of a TI-protected AES-GCM implementation.

OCB2 is a widely standardized mode of operation of a blockcipher that aims at providing authenticated encryption. A recent report by Inoue and Minematsu (IACR EPRINT report 2018/1040) indicates that OCB2 does not meet this goal. Concretely, by describing simple forging attacks the authors evidence that the (sub)goal of authenticity is not reached. The report does not question the confidentiality offered by OCB2.

In this note we show how the attacks of Inoue and Minematsu can be extended to also break the confidentiality of OCB2. We do this by constructing an IND-CCA adversary that requires minimal resources and achieves an overwhelming distinguishing advantage.

We study the problem of discrete distribution testing in the two-party setting. For example, in the standard closeness testing problem, Alice and Bob each have $t$ samples from, respectively, distributions $a$ and $b$ over $[n]$, and they need to test whether $a=b$ or $a,b$ are $\varepsilon$-far (in the $\ell_1$ distance) for some fixed $\varepsilon>0$. This is in contrast to the well-studied one-party case, where the tester has unrestricted access to samples of both distributions, for which optimal bounds are known for a number of variations. Despite being a natural constraint in applications, the two-party setting has evaded attention so far.

We address two fundamental aspects of the two-party setting: 1) what is the communication complexity, and 2) can it be accomplished securely, without Alice and Bob learning extra information about each other's input. Besides closeness testing, we also study the independence testing problem, where Alice and Bob have $t$ samples from distributions $a$ and $b$ respectively, which may be correlated; the question is whether $a,b$ are independent of $\epsilon$-far from being independent. Our contribution is three-fold:

$\bullet$ Communication: we show how to gain communication efficiency as we have more samples, beyond the information-theoretic bound on $t$. Furthermore, the gain is polynomially better than what one may obtain by adapting one-party algorithms.

For the closeness testing, our protocol has communication $s = \tilde{\Theta}_{\varepsilon}\left(n^2/t^2\right)$ as long as $t$ is at least the information-theoretic minimum number of samples. For the independence testing over domain $[n] \times [m]$, where $n\ge m$, we obtain $s = \tilde{O}_{\varepsilon}(n^2 m/t^2 + n m/t + \sqrt{m})$.

$\bullet$ Lower bounds: we prove tightness of our trade-off for the closeness testing, as well as that the independence testing requires tight $\Omega(\sqrt{m})$ communication for unbounded number of samples. These lower bounds are of independent interest as, to the best of our knowledge, these are the first 2-party communication lower bounds for testing problems, where the inputs represent a set of i.i.d. samples.

$\bullet$ Security: we define the concept of secure distribution testing and argue that it must leak at least some minimal information when the promise is not satisfied. We then provide secure versions of the above protocols with an overhead that is only polynomial in the security parameter.