International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2011-09-07
07:09 [Event][New] Stream Ciphers: Special Issue on "Stream Ciphers" in the journal CCDS, Springer

  Submission: 31 December 2011
Notification: 20 March 2012
From December 31 to December 31
Location: Kolkata, India
More Information: http://www.isical.ac.in/~subho/ccdscfp.txt


05:15 [Job][New] Senior Lecturer/Associate Professor, Queensland University of Technology, Brisbane, Australia

 

The Computer Science Discipline within the Faculty of Science and Technology at Queensland University of Technology, Brisbane, Australia, is seeking an experienced academic with an established research reputation to make significant contributions to network security research activities and to teaching in data communications.

Appointee(s) will undertake their research in QUT\'s Information Security Institute, a multi-disciplinary institute bringing together information security researchers from computer science, mathematics, engineering, business, and law, with a leading national profile and strong international links.





2011-09-06
08:37 [Job][Update] Access Management and Cryptographic Operations Manager, A major UK payments/ credit organisation - Hampshire

  The team will deliver Access Management and Cryptographic Services for key services such as our Authorisations, Mobile Gateway and Clearing and Settlement services.

Key Activities

  • Delivery of Access Management services across the Production and Corporate estate in conjunction with Corporate IT.
  • Delivery and administration of recertification and compliance programmes that meet the departmental goals.
  • Delivery of Cryptographic Key Management services with ITS Technologies team for the business and production services. Typically these activities will include Key Management Ceremonies and cryptographic token management.
  • Participate in project engagement process and perform delegated Operational Acceptance process tasks to ensure that all projects delivered meet our Operational and Compliance requirements.
  • Develop the Access Management and Cryptographic service strategy to improve service controls, service delivery and cost.
  • Develop and maintain the IT Security Standards in relation to the assigned services to ensure that they meet the Corporate Key Control requirements.
  • Operate the Corporate Key Controls Exceptions process as non Compliance is established via the operation of the framework.
  • Participate in the regular Security Resource Board framework to establish project effort and resource allocation.
  • Demonstrable experience relating to service, change and problem management and governance, such as ITIL incident and change management, Prince, Patch Management, Data Centre Operations processes, PCI DSS, SAS70 and COBIT and COSO based controls.
  • Experience across a wide variety of technology disciplines and deep understanding of Networks, HSMs, Key Ceremonies, Cisco devices, Microsoft Windows, Solaris and AIX.
  • Good understanding of middleware and application server products.
  • Familiar with Security Industry standard methods, and security practices CIA, AAA etc



2011-09-05
10:53 [Job][New] Access Management and Cryptographic Operations Manager, A major UK payments/ credit organisation - Hampshire

  The team will deliver Access Management and Cryptographic Services for key services such as our Authorisations, Mobile Gateway and Clearing and Settlement services.

Key Activities

Delivery of Access Management services across the Production and Corporate estate in conjunction with Corporate IT.

Delivery and administration of recertification and compliance programmes that meet the departmental goals.

Delivery of Cryptographic Key Management services with ITS Technologies team for the business and production services. Typically these activities will include Key Management Ceremonies and cryptographic token management.

Participate in project engagement process and perform delegated Operational Acceptance process tasks to ensure that all projects delivered meet our Operational and Compliance requirements.

Develop the Access Management and Cryptographic service strategy to improve service controls, service delivery and cost.

Develop and maintain the IT Security Standards in relation to the assigned services to ensure that they meet the Corporate Key Control requirements.

Operate the Corporate Key Controls Exceptions process as non Compliance is established via the operation of the framework.

Participate in the regular Security Resource Board framework to establish project effort and resource allocation.

Demonstrable experience relating to service, change and problem management and governance, such as ITIL incident and change management, Prince, Patch Management, Data Centre Operations processes, PCI DSS, SAS70 and COBIT and COSO based controls.

Experience across a wide variety of technology disciplines and deep understanding of Networks, HSMs, Key Ceremonies, Cisco devices, Microsoft Windows, Solaris and AIX.

Good understanding of middleware and application server products.

Familiar with Security Industry standard methods, and security practices CIA, AAA etc

Pleas



2011-09-04
14:50 [PhD][Update] Jens Groth: Honest Verifier Zero-Knowledge Arguments Applied

  Name: Jens Groth
Topic: Honest Verifier Zero-Knowledge Arguments Applied
Category:foundations





2011-09-03
20:31 [PhD][New] Jens Groth: Honest Verifier Zero-Knowledge Arguments Applied

  Name: Jens Groth
Topic: Honest Verifier Zero-Knowledge Arguments Applied
Category: foundations



17:50 [News] Distinguished Lectures Online: Gus Simmons and Ron Rivest

  The distinguished lectures of Gus Simmons (1994) and Ron Rivest (2011) are now online on the IACR web page. You also find slides, abstracts or notes of other, previously held lectures there.



2011-09-02
17:26 [PhD][Update] Thomas Schneider: Engineering Secure Two-Party Computation Protocols - Advances in Design, Optimization, and Applications of Efficient Secure Function Evaluation

  Name: Thomas Schneider
Topic: Engineering Secure Two-Party Computation Protocols - Advances in Design, Optimization, and Applications of Efficient Secure Function Evaluation
Category:cryptographic protocols

Description:

Secure two-party computation, called Secure Function Evaluation (SFE), enables two mutually mistrusting parties (client & server) to evaluate an arbitrary function $f$ on their respective private inputs $x,y$ while revealing nothing but the result $z=f(x,y)$. Although such generic techniques were widely believed to be inefficient, the rapidly growing speed of computers and communication networks, algorithmic improvements, automatic generation and optimizations of SFE protocols have made them usable in practical application scenarios.

This thesis presents the following advances in the design, optimization and applications of efficient SFE protocols.

Circuit Optimizations and Constructions. The complexity of today's most efficient SFE protocols depends linearly on the size of the boolean circuit representation of the evaluated function. Further, recent techniques for SFE based on improved Garbled Circuits (GCs) allow for very efficient secure evaluation of XOR gates.
We give transformations that substantially reduce the size of boolean circuits if the costs for evaluating XOR gates are lower than for other types of gates. Our optimizations provide more efficient circuits for standard functionalities such as integer comparison and fast multiplication.
Applications that benefit from our improvements are secure first-price auctions.

Hardware-Assisted GC Protocols. We improve the deployability of SFE protocols by using tamper-proof Hardware (HW) tokens.
In particular, GCs can be generated by a tamper-proof HW token which is provided by the server to a client but not trusted by the client. The presented HW-assisted SFE protocol makes the communication between client and server independent of the size of the evaluated function. Further, we show how GCs can be evaluated in HW in a leakage resilient way, so-called One-Time Programs.
As application we show how the combination of GCs and tamper-proof HW allows to[...]


14:08 [PhD][New] Hans Ulrich Simon

  Name: Hans Ulrich Simon




2011-09-01
05:03 [Job][New] Post-Doc in Software Security/Cryptography, University of Arizona, Tucson AZ

  A Postdoc position in the area of Software Security at the University of Arizona

**Call for applications**

Expected funding duration: 24 Months

Starting date: Immediate

**Project description**

This project aims to investigate innovative approaches to protecting the integrity and confidentiality of a piece of software against an attacker (the man-at-the-end, MATE) who has physical access to the software and so is able to inspect, modify, and execute it. One important goal of the project is to derive a fundamental basis of MATE defense principles and metrics.

**Key tasks to be performed**

Develop MATE attack models that formally characterize the process of device compromise. Design novel MATE defense algorithms. Provide attack tools to allow easy testing of these defenses. Devise community standards for defense evaluation. Investigate different approaches to constructing and validating metrics for obfuscation, tamper-proofing, and software watermarking.

**Applicant profile**

The applicant must have a PhD in Computer Science or other strongly related field. A successful candidate should have a technical background in one or more of computer security, cryptography, and programming languages/compilers.

**Location**

The work will be carried out at the University of Arizona, under the supervision of a team of researchers from the Computer Science and Electrical and Computer Engineering departments.



2011-08-31
16:49 [PhD][Update] Emiliano De Cristofaro: Sharing Sensitive Information with Privacy

  Emiliano De Cristofaro
Sharing Sensitive Information with Privacy
cryptographic protocols

Modern society is increasingly dependent on (and fearful of) massive amounts and availability of electronic information. There are numerous everyday scenarios where sensitive data must be --- sometimes reluctantly or suspiciously --- shared between entities without mutual trust. This prompts the need for mechanisms to enable limited (privacy-preserving) information sharing. A typical scenario involves two parties: one seeks information from the other, that is either motivated, or compelled, to share only the requested information. We define this problem as privacy-preserving sharing of sensitive information and are confronted with two main technical challenges: (1) how to enable this type of sharing such that parties learn no information beyond what they are entitled to, and (2) how to do so efficiently, in real-world practical terms.

This dissertation presents a set of efficient and provably secure cryptographic protocols for privacy-preserving sharing of sensitive information. In particular, Private Set Intersection (PSI) techniques are appealing whenever two parties wish to compute the intersection of their respective sets of items without revealing to each other any ot[...]