International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2012-06-18
14:49 [Job][New] Post-doc, Universite catholique de Louvain

  Wireless sensor nodes (WSN) are likely to be one of the more vulnerable parts of a sensor network. These devices can be attacked by standard network based approaches but also by physical means if they are left unattended in remote sites. While much research effort has been spent on improving the network security of WSN, the protection of the nodes and especially their protection against physical attacks has been, until now, neglected.

The objective of this project is to prevent physical attacks against sensor nodes, by developing means to improve the tamper resistance of these low cost devices without significantly increasing their cost. In a first phase that took place over the last 20 months, the project allowed defining cost effective countermeasures for the selected cryptographic primitives and designing a secure co-processor to be integrated in a sensor node prototype. The second phase will entail the analysis of the manufactured device\'s actual resistance against side-channel attacks and its integration in the prototype.

The research will take place in the framework of a European project involving high-level academic and industrial experts. The researcher will also benefit from the dynamic research environment of the UCL Crypto Group (Université catholique de Louvain), with strong interactions with researchers working on related subjects.

The candidate should hold a PhD in electronics, computer science or mathematics, with strong interests in algorithms and signal processing. A preliminary background in cryptology and side-channel attacks is an important asset.

11:04 [Event][Update] ESTEL-SEC 2012: ESTEL Security and Privacy Special Track

  Submission: 15 July 2012
Notification: 27 August 2012
From October 2 to October 5
Location: Rome, Italy
More Information: http://estel-sec.dti.unimi.it/


11:03 [Job][New] Ph.D. Student, Post-Doc, Intel Collaborative Research Institute
for Secure Computing (ICRI-SC) at TU-Darmstadt


 

The Intel Collaborative Research Institute for Secure Computing (ICRI-SC) conducts security research for mobile and embedded systems and supports industry and scientific research to improve the reliability of mobile and embedded devices as well as the ecosystem around them. We are currently looking for highly skilled scientific personnel to complete our team.

Your Profile

Applicants should hold Diploma, Master or PhD Degree in Computer Science or Electrical Engineering and bring well-founded knowledge and experience in IT-Security. In particular, we are looking for candidates that have expertise in one or more of the following areas:

  • Mobile operating system security (e.g., Android, iOS)
  • Embedded system security and embedded processors (e.g., ARM and Intel Atom)
  • Lightweight Cryptography with focus on emerging technologies such as RFID and NFC
  • Hardware security (e.g., Physically Unclonable Functions)
  • Trusted Computing
  • Design, development, analysis of System-on-Chip (SoC) IP blocks and associated tools

How to Apply

Your application should include your current curriculum vitae, MSc/Diploma certificates and grades, a letter of motivation stating your interest in the position and your research interests, and at least two letters of recommendation.





2012-06-13
10:57 [Job][New] PhD studentship in Applied Cryptography, Royal Holloway, University of London

  Applications are invited for a PhD studentship to work on a collaborative research project between Thales UK Research and Technology (TRT) and the Information Security Group at Royal Holloway, University of London.

The project is concerned with the application of cryptographic techniques to protect data in scenarios such as cloud computing, outsourcing, or other situations where secure storage and access to data is required on potentially untrusted platforms. There has been a lot of recent research into developing theoretical techniques that support these objectives, including searchable encryption and predicate encryption schemes in particular. The project will investigate the practical issues concerning the selection, implementation and deployment of such schemes for a variety of real application scenarios.

The student will spend most of the time in the academic setting of the ISG, but will be required to spend a minimum of three months at Thales UK’s Reading-based research and technology facility.

We are looking for a strong candidate with background in mathematics, computer science or electronic engineering (knowledge of cryptography is desirable, but not essential). The successful candidate will have good programming skills, communication and team-working skills; a strong interest in security is also desirable.

Funding Notes: The studentship is funded by the UK EPSRC and TRT and will pay university fees plus a stipend of £19,590 per annum) for three years. Note that there are rules for eligibility (please visit http://www.epsrc.ac.uk/funding/students/Pages/eligibility.aspx BEFORE applying for the position).

Application: Informal inquiries to Prof. Keith Martin (keith.martin(at)rhul.ac.uk) or Dr Carlos Cid (carlos.cid(at)rhul.ac.uk).



05:26 [Job][New] Postdoctoral and Research Fellowships, Queensland University of Technology, Brisbane, Australia

 

The Queensland University of Technology (QUT) in Brisbane, Australia, invites applications for its 2012 Vice-Chancellor\'s Research Fellowships. Up to 10 fellowships are available across the university. Areas of interest include all aspects of information security.

QUT has an active research group in cryptography, network security, and digital forensics, with a leading national profile and strong international links.

Applicants for a Postdoctoral Fellowship should have completed (or be under examination for) a PhD and be early career researchers (less than five years in an academic role). Applicants for a Research Fellowship should be established researchers with between five and ten years of research experience since completion of their PhD. Fellows will be offered an appointment on a fixed-term full-time basis for a period of 3 years. Fellowships include a research support grant of $20,000.





2012-06-12
08:23 [PhD][Update] Nicky Mouha: Automated Techniques for Hash Function and Block Cipher Cryptanalysis

  Name: Nicky Mouha
Topic: Automated Techniques for Hash Function and Block Cipher Cryptanalysis
Category:secret-key cryptography

Description:

Cryptography is the study of mathematical techniques that ensure the confidentiality and integrity of information. This relatively new field started out as classified military technology, but has now become commonplace in our daily lives. Cryptography is not only used in banking cards, secure websites and electronic signatures, but also in public transport cards, car keys and garage door openers.

Two building blocks in the domain of cryptography are block ciphers and (cryptographic) hash functions. Block ciphers use a secret key to transform a plaintext into a ciphertext, in such a way that this secret key is needed to recover the original plaintext. Hash functions transform an arbitrary-length message into a fixed-length hash value. These hash values can serve as "fingerprints" for the original messages: it should be infeasible to find two distinct messages with the same hash value (a collision).

Yet, Wang et al. recently showed that finding collisions is feasible for MD5 and SHA-1, two of the most commonly used hash functions today. Although the SHA-2 family currently remains unbroken, its design is very similar. For this reason, the United States National Institute of Standards and Technology (NIST) launched an international competition for a new hash function standard: SHA-3.

The research performed in this Ph.D. thesis closely follows the evaluation period of the SHA-3 competition. Results were obtained for hash functions ARIRANG, BLAKE, ESSENCE, Hamsi, Khichidi-1, LUX, Sarmal, Skein and TIB3. Outside of the competition, results were also obtained for a simplified version of the hash function HAS-V. In the area of cryptographic theory, observations were made on the resistance of regular hash functions against the birthday attack.

The most commonly used hash functions: MD5, SHA-1 and SHA-2, as well two out of the five SHA-3 finalists (BLAKE and Skein) use operations such as addition modulo 2 to the power o[...]


08:20 [Event][New] ESTEL-SEC 2012: ESTEL Security and Privacy Special Track

  Submission: 20 July 2012
Notification: 25 August 2012
From October 2 to October 5
Location: Rome, Italy
More Information: http://estel-sec.dti.unimi.it/


06:17 [Pub][ePrint] The Discrete Logarithm Problem in non-representable rings, by Matan Banin and Boaz Tsaban

  Bergman\'s Ring $E_p$, parameterized by a prime number $p$,

is a ring with $p^5$ elements that cannot be embedded in a ring of matrices over any commutative ring.

This ring was discovered in 1974.

In 2011, Climent, Navarro and Tortosa described an efficient implementation of $E_p$

using simple modular arithmetic, and suggested that this ring may be a useful source

for intractable cryptographic problems.

We present a deterministic polynomial time reduction of the Discrete Logarithm Problem in $E_p$

to the classical Discrete Logarithm Problem in $\\Zp$, the $p$-element field.

In particular, the Discrete Logarithm Problem in $E_p$ can be solved, by conventional computers,

in sub-exponential time.

Along the way, we collect a number of useful basic reductions for the toolbox of discrete logarithm solvers.



06:17 [Pub][ePrint] DECT Security Analysis, by Erik Tews

  DECT is a standard for cordless phones. The intent of this thesis is to evaluate DECT security in a comprehensive way. To secure conversations over the air, DECT uses two proprietary algorithms, namely the DECT Standard Authentication Algorithm (DSAA) for authentication and key derivation, and the DECT Standard Cipher (DSC) for encryption. Both algorithms have been kept secret and were only available to DECT device manufacturers under a None Disclosure Agreement (NDA). The reader is first introduced into the DECT standard. The two algorithms DSAA and DSC have been reverse engineered and are then described in full detail. At first, attacks against DECT devices are presented, that are based on faults made by the manufacturers while implementing the DECT standard. In the next Chapters, attacks against the DSAA and the DSC algorithm are described, that recover the secret keys used by these algorithms faster than by brute force. Thereafter, a attack against the DECT radio protocol is described, that decrypts encrypted DECT voice calls. Finally, an outlook over the next release of the DECT standard is presented, that is expected to counter all attacks against DECT, that are described in this thesis.



06:17 [Pub][ePrint] Revisiting Dedicated and Block Cipher based Hash Functions, by Anupam Pattanayak

  A hash function maps a variable length input into a fixed length output. The hash functions that are used in the information security related applications are referred as cryptographic hash functions. Hash functions are being used as building blocks of many complex cryptographic mechanisms and protocols. Construction of a hash function consists of two components. First component is a compression function and the second component is a domain extender. The various hash function design philosophies try to design the compression function from different angles. Two major categories of hash functions are: dedicated hash functions, and block cipher-based hash functions. These two kinds of design philosophies have been revisited in this paper. Two dedicated has functions from MD4 family - MD4, and SHA-256 constructions have been detailed in this paper. To limit the scope of this paper in this framework, discussions on attacks on hash functions, and SHA-3 finalists have been excluded here.

Keywords: