International Association for Cryptologic Research

# IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-11-08
08:50 [Job][New]

Responsibilities:

CloudFlare is looking for a talented security engineer to join our team. We are working on a number of ambitious projects to secure the web and protect our customers from threats of all sorts. The role of security engineer at CloudFlare is more that of a builder than a breaker. You will have to approach problems with creativity and flexibility and be able to identify and use the best tools for the job or build better ones from scratch. At CloudFlare, we are serious about protecting our customers and advancing the state of the art in computer security.

Requirements:

Strong systems-level programming skills?

Deep understanding of networking protocols (TCP/IP, SSL/TLS, DNS)

Experience with cryptographic libraries and APIs

Expert in C/C++ and performance analysis

Proficiency in Go and/or Lua or willingness to learn

Strong understanding of security concepts (key management, access control, authentication)

Understanding of Linux internals

Interest in advancements in security and cryptography

Bonus Points:

Contributions to the open source community

Knowledge or expertise in White-box cryptography

Experience with DNSSEC

Familiarity with compilers or code generation tools

Experience with cryptographic hardware (TPM, HSM, etc.)

Healthy sense of paranoia

08:48 [Job][New]

to appear

2013-11-07
07:17 [Pub][ePrint]

Certificateless public key cryptography is an attractive paradigm since it eliminates the use of certificates in traditional public key cryptography and alleviates the inherent key escrow problem in identity-based cryptography. Recently, Xiong et al. proposed a certificateless signature scheme and proved that their scheme is existentially unforgeable against adaptive chosen message attack under the random oracle model. He et al. pointed out that Xiong et al.\'s scheme is insecure against the Type II adversary. But, their forged signatures are not random, and their improved scheme has the same security defects as Xiong et al.\'s scheme. In this paper, we present two malicious-but-passive KGC attack methods on Xiong et al.\'s scheme and our results show that their scheme is insecure against malicious-but-passive KGC attack.

07:17 [Pub][ePrint]

Bilinear maps, or pairings, initially proposed in a cryptologic context for cryptanalytic purposes, proved afterward to be an amazingly flexible and useful tool for the construction of cryptosystems with unique features. Yet, they are notoriously hard to implement efficiently, so that their effective deployment requires a careful choice of parameters and algorithms. In this paper we review the evolution of pairing-based cryptosystems, the development of efficient algorithms and the state of the art in pairing computation, and the challenges yet to be addressed on the subject, while also presenting some new algorithmic and implementation refinements in affine and projective coordinates.

07:17 [Pub][ePrint]

We study a classical problem of privacy amplification, where two parties Alice and Bob share a weak secret X of min-entropy k, and wish to agree on secret key $R$ of length $m$ over a public communication channel completely controlled by a computationally unbounded attacker Eve.

Despite being extensively studied in the literature, the design of (efficient) \"optimal\" privacy amplification protocols is still open. Part of the reason is that there are quite a few important efficiency/security goals when designing privacy amplification protocols. The most basic such goal is to minimize the {\\em entropy loss} L=k-m, and it is known that the optimal value for L=O(\\lambda), where \\eps=2^{-\\lambda} is the desired security of the protocol. Other important considerations include (1) minimizing the number of communication rounds, (2) achieving strongest security notion called {\\em post-application robustness}, and (3) ensuring that the protocol $P$ does not leak some useful information\'\' about the source $X$ (this is called {\\em source privacy}). Additionally,

when trying to extract a key R which is much shorter than the source length |X| (and, often, the min-entropy bound k), \"Goal (0)\" of minimizing the entropy loss is replaced by asking (4) if P can be made {\\em locally computable} (meaning it reads only O(|R|) bits of X; this is called the {\\em Bounded Retrieval Model} (BRM)), and/or (5) if P can be sequentially run to extract the optimal number t = \\Theta(k/\\lambda) of session keys R_1,...,R_t of length m=O(\\lambda) each.

As a result, {\\em all} existing protocols in the literature fail to achieve at least two of Goals (0)-(3) (or, when |R|

07:17 [Pub][ePrint]

We study the problem of verifiable delegation of computation over

outsourced data, whereby a powerful worker maintains a large data

structure for a weak client in a verifiable way. Compared to the

well-studied problem of verifiable computation, this setting imposes

additional difficulties since the verifier needs to verify consistency

of updates succinctly and without maintaining large state. In particular,existing general solutions are far from practical in this setting.

We present a scheme for verifiable evaluation of hierarchical set

operations (unions, intersections and set-differences) applied to a

collection of dynamically changing sets of elements from a given

domain. That is, we consider two types of queries issued by the

client: updates (insertions and deletions) and data queries, which

consist of circuits\'\' of unions, intersections, and set-differences

on the current collection of sets.

This type of queries comes up in database queries, keyword search and

numerous other applications, and indeed our scheme can be effectively

used in such scenarios. The verification cost incurred is proportional

only to the size of the final outcome set and to the size of the query, and is independent of the cardinalities of the involved sets. The cost of updates is optimal ($O(1)$ modular operations per update).

Our construction extends that of [Papamanthou et al., Crypto 2011]

and relies on a modified version of the \\emph{extractable collision-resistant hash function} (ECRH) construction, introduced in [Bitansky et al., ITCS 2012] that can be used to succinctly hash univariate polynomials.

07:17 [Pub][ePrint]

Although NFC mobile services have great potential for growth, they have raised a number of issues which are of concern to researchers and are preventing the wide adoption of this technology within society. Dynamic relationships of NFC ecosystem players in an NFC transaction process make them partners in a way that sometimes requires that they share access permission to applications that are running in the service environment. One of the technologies that can be used to ensure secure NFC transactions is cloud computing. This offers a wider range of advantages than the use of a Secure Element (SE) as a single entity in an NFC enabled mobile phone. In this paper, we propose a protocol for NFC mobile payments based on cloud Wallet model. In our protocol, the SE in the mobile device is used for customer authentication whereas the customer\'s banking credentials are stored in a cloud under the control of the Mobile Network Operator (MNO). The proposed protocol eliminates the requirement for a shared secret between the Point of Sale (PoS) and the MNO before execution of the protocol, a mandatory requirement in the earlier version of this protocol. This makes it more practicable and user friendly. A detailed analysis of the protocol discusses multiple attack scenarios.

07:17 [Pub][ePrint]

We study homomorphic authenticated encryption, where privacy

and authenticity of data are protected simultaneously. We define homomorphic versions

of various security notions for privacy and authenticity, and investigate

relations between them. In particular, we show that it is possible to

give a natural definition of IND-CCA for homomorphic authenticated encryption, unlike

the case of homomorphic encryption. Also, we construct a homomorphic

authenticated encryption scheme supporting arithmetic circuits on $\\ZZ_Q$

for smooth modulus $Q$, which is chosen-ciphertext secure both for privacy

and authenticity. Our scheme is based on the error-free approximate GCD assumption.

2013-11-06
18:12 [Job][New]

We will be awarding 10 fully-funded studentships (generous stipend and college fees for four years) to outstanding candidates to join the Royal Holloway Centre for Doctoral Training in Cyber Security in October 2014.

We will consider applications from candidates with undergraduate and masters\\\' qualifications in a wide range of disciplines, including, but not limited to, mathematics, computer science, and electrical and electronic engineering.

Please see the Entry Requirements at http://www.rhul.ac.uk/isg/cybersecuritycdt/entryrequirements.aspx and instructions on How to Apply at http://www.rhul.ac.uk/isg/cybersecuritycdt/howtoapply.aspx. Funding is provided by the EPSRC, and thus is subject to their eligibility conditions. For further details, please visit the CDT Funding page at http://www.rhul.ac.uk/isg/cybersecuritycdt/funding.aspx.

Closing date for receiving applications is the 30th March 2014. We will however assess applications on an ongoing basis, and we reserve the right to make an offer to outstanding candidates before the closing date.

14:47 [Job][New]

The Interdisciplinary Centre for Security, Reliability and Trust (SnT, www.securityandtrust.lu) at University of Luxembourg is looking for a PhD candidate in privacy-preserving recommender systems. The PhD topic is related to investigate the privacy issues in recommender systems and propose efficient and secure mechanisms to achieve the maximum privacy. The candidate is expected to design new privacy-preserving recommender systems for both horizontally and vertically partitioned dataset, prove their privacy properties, and study their asymptotical performances.

The student will work closely with the team members of the APSIA group, led by Prof. Peter Y. A. Ryan. Moreover, the student will be encouraged to collaborate with researchers from the group of Prof. Jiuyong Li at University of South Australia (UniSA), Australia.

To formally apply for this position: http://emea3.mrted.ly/9lwj

2013-11-05
07:43 [Job][New]

Worcester Polytechnic Institute (WPI) invites applications for a faculty position in the Department of Electrical & Computer Engineering at all ranks, commensurate with qualifications.

Required qualifications for the position include; an earned Ph.D. in Electrical & Computer Engineering, or a closely related field. Areas of particular interest include, but are not limited to: security engineering, hardware and embedded systems security, and mobile and cyber-physical systems security.

The successful candidate will be expected to establish and maintain a high quality, self-sustaining research program. WPI offers ample opportunity for collaboration with current department faculty as well as appropriate cross-campus, interdisciplinary research groups in various topics in security. In addition to excellence in teaching and research, candidates should look forward to engaging undergraduate and graduate students in a classroom and projects intensive environment, and expanding our graduate research program.

Qualified applicants should submit a detailed curriculum vitae, a brief statement of specific teaching and research objectives, and four letters of recommendation at least one of which addresses teaching experience or potential, via https://careers.wpi.edu/. Review of applications will begin on November 1, 2013 and will continue until the position is filled.