International Association
for Cryptologic Research

Cryptography, Security & Privacy Research Group at Koç University has multiple openings at every level. Accepted applicants may receive competitive scholarships including monthly stipend, tuition waiver, housing (accommodation) support, health insurance, computer, travel support, and lunch meal card.

Your duties include performing research on cryptography, security, and privacy in line with our research group's focus, assist teaching, and collaborate with other graduate and undergraduate students.

For applying online, and questions about the application-process for M.Sc. and Ph.D. positions, visit

https://gsse.ku.edu.tr/en/admissions/application-requirements

All applications must be completed online. Applications with missing documents will not be considered.

For more information about joining our group and projects, visit

https://crypto.ku.edu.tr/work-with-us/

Admission Requirements:

1. CV
2. Recommendation Letters (2 for MSc, 3 for Ph.D)
3. TOEFL (for those whose native language is not English, Internet Based: Minimum Score 80)
4. GRE scores (required from non-Turkish nationals)
5. Official transcripts from all the universities attended
6. Statement of Purpose
7. Area of Interest Form filled online

Closing date for applications:

Contact: https://gsse.ku.edu.tr/en/admissions/how-to-apply/

More information: https://gsse.ku.edu.tr/en/admissions/application-requirements

We are hiring a fixed term (4 year) lecturer in the area of Cybersecurity.

We invite applicants with a back ground (i.e. PhD) in either cybersecurity or statistics/AI/data science (assuming they are interested in a cybersecurity angle to their work).

The minimum monthly gross salary for this position amounts to € 3.889,50 (14 times per year) and can increase to € 4.309,30 (B1 lit. c) maximum in the case of consideration of previous occupational experience. The four-year fixed-term employment contract is expected to commence in August 2020 (but this is negotiable).

The position is within the newly established Cybersecurity group headed by Elisabeth Oswald. The group's research agenda evolves around data centric aspects of applied cryptography and more generally cybersecurity; this includes research around side channels, crypto (for privacy), and more generically the intersection between security/statistics/data science/AI.

The position holder is expected to contribute to teaching (4 contact hrs per week during term time, subject specific teaching only; the group leads on the newly established MSc on AI and Cybersecurity) and develop their own research agenda.

Closing date for applications:

Contact: Elisabeth Oswald (Elisabeth.Oswald @ aau.at)

More information: http://www.cybersecurityresearch.at

Event date: 23 September to 25 September 2020
Submission deadline: 1 June 2020
Notification: 26 June 2020

Event date: 2 December to 4 December 2020
Submission deadline: 26 August 2020
Notification: 26 October 2020

At the Technical Faculty of IT and Design, Department of Electronic Systems, one or more positions as Assistant Professor in Cyber Security are open for appointment from September 1, 2020, or soon hereafter. The positions are available for a period of 4 years. The workplace is at Aalborg University Copenhagen.

JOB DESCRIPTION

We seek to appoint one or more Assistant Professors in Cyber Security. The selected candidate(s) will join a team of academics with a comprehensive research and teaching portfolio in the area of cyber security, and participate in the starting up of a new M.Sc. programme in Cybersecurity, which is taught in English.

The position(s) require internationally recognized research experience in one or more of the following areas:

Network security, Network Traffic Analysis and Anomaly Detection, including applied machine learning

DNS traffic analysis and detection of malicious domains, Honeypots and sandboxing

Security and privacy challenges in Internet of Things and Cloud solutions, Privacy enhancing technologies, Privacy by design, Secure Digital Identities, and Identity and Access management.

The main tasks and responsibilities include:

Research, including publication of results and co-supervision of research students

Teaching and assessment of students

Acquiring research funding and coordinating profitable projects

Strengthening of our relationship with private industry partners within the field.

For more information please see: https://www.stillinger.aau.dk/vis-stilling/?vacancy=1096542

Closing date for applications:

Contact: Jens Myrup Pedersen, email: jens@es.aau.dk.

More information: https://www.stillinger.aau.dk/vis-stilling/?vacancy=1096542

In this paper we analyse the algorithm Chaskey - a lightweight MAC algorithm for 32-bit micro controllers - with respect to rotational cryptanalysis. We perform a related-key attack over Chaskey and find a distinguisher by using rotational probabilities. Having a message $m$ we can forge and present a valid tag for some message under a related key with probability $2^{-57}$ for 8 rounds and $2^{-86}$ for all 12 rounds of the permutation for keys in a defined weak-key class. This attack can be extended to full key recovery with complexity $2^{120}$ for the full number of rounds. To our knowledge this is the first published attack targeting all 12 rounds of the algorithm. Additionally, we generalize the Markov theory with respect to a relation between two plaintexts and not their difference and apply it for rotational pairs.

This work introduces an extension of the UC framework with an abstract notion of time that allows for modeling relative delays in communication and sequential computation without requiring parties to keep track of a clock. The potential uses of this extension are demonstrated by: (1) formalizing a functionality for (semi-)synchronous secure message transmission; (2) formalizing the notion of time-lock puzzles in the UC setting and showing how to realize it in the restricted programmable and observable global random oracle model; (3) showing that UC time-lock puzzles yield UC-secure fair coin flips; (4) showing that UC-secure two-party computation realizing a new notion of output-independent abort can be obtained leveraging composable time-lock puzzles. Finally, we show that a programmable random oracle is necessary to obtain UC-secure fair coin flip, secure two-party computation with output-independent abort or time-lock puzzles, which yields a new separation between programmable and non-programmable random oracles.

Higher-order differential attacks are among the most powerful attacks against low-degree ciphers and hash functions. Predicting the evolution of the algebraic degree of the cipher (as a function of the number of rounds) is the main obstacle in assessing the feasibility of these attacks. For an SPN cipher over a finite field $\mathbb F$ of characteristic 2 with round function of algebraic degree $\delta$, it is a common belief that the degree of the cipher grows almost exponentially with $\delta$. However, for an iterated Even--Mansour cipher whose round function can be described as an invertible low-degree polynomial over $\mathbb F_{2^n}$ it has recently been shown that the algebraic degree grows linearly with the number of rounds, and not exponentially.

In this paper we generalise these results for SPN ciphers, showing that the growth of the algebraic degree is often linear for SPN ciphers with low-degree S-Boxes as well. We prove that the initial exponential growth of the degree turns into a linear growth after a certain number of rounds. Our analysis includes iterated Even--Mansour and MiMC-like ciphers as a special case, but most notably it also applies to SPN ciphers designed to be competitive for recent applications like MPC, FHE, SNARKs, and STARKs (e.g., HadesMiMC). Our findings have been practically verified on small-scale ciphers.

We provide two new constructions of non-interactive zero-knowledge arguments (NIZKs) for NP from discrete-logarithm-style assumptions over cyclic groups, without relying on pairings. A previous construction from (Canetti et al., Eurocrypt'18) achieves such NIZKs under the assumption that no efficient adversary can break the key-dependent message (KDM) security of (additive) ElGamal with respect to all (even inefficient) functions over groups of size $2^\lambda$, with probability better than $\mathsf{poly}(\lambda)/2^{\lambda}$. This is an extremely strong, non-falsifiable assumption. In particular, even mild (polynomial) improvements over the current best-known attacks on the discrete logarithm problem would already contradict this assumption. (Canetti et al. STOC'19) describe how to improve the assumption to rely only on KDM security with respect to efficient functions while additionally assuming public-key encryption schemes, therefore obtaining an assumption that is (in spirit) falsifiable.

Our first construction improves this state of affairs. We provide a construction of NIZKs for NP under the CDH assumption together with the assumption that no efficient adversary can break the key-dependent message one-wayness of ElGamal with respect to efficient functions over groups of size $2^\lambda$, with probability better than $\mathsf{poly}(\lambda)/2^{c\lambda}$ (denoted $2^{-c\lambda}$-OWKDM), for a constant $c = 3/4$. Unlike the previous assumption, our assumption leaves an exponential gap between the best-known attack and the required security guarantee.

Our second construction is interested in the case where CDH does not hold. Namely, as a second contribution, we construct an infinitely often NIZK argument system for NP (where soundness and zero-knowledge are only guaranteed to hold for infinitely many security parameters), under the assumption that CDH is easy together with the $2^{-c\lambda}$-OWKDM security of ElGamal with $c = 28/29+o(1)$ and the existence of low-depth pseudorandom generators (PRG).

Combining our two results, we obtain a construction of (infinitely-often) NIZKs for NP under the $2^{-c\lambda}$-OWKDM security of ElGamal with $c = 28/29+o(1)$ and the existence of low-depth PRG, independently of whether CDH holds. To our knowledge, since neither OWKDM security of ElGamal nor low-depth PRGs are known to imply public key encryption, this provides the first construction of NIZKs from concrete and falsifiable Minicrypt-style assumptions.