International Association
for Cryptologic Research

The PhD candidate will be based in the Department of Informatics and the Cyber Security group at Kings College London. They will explore cryptocurrencies (and the blockchain) from a system security and applied cryptography perspective.

Some topics explored in the past by this research group include smart contract security, so-called layer 2 protocols, undermining the incentive structure of nakamoto-style consensus, etc.

The candidate is expected to have at least a bachelors degree in computer science, mathematics, or related field. They should have an interest in applied cryptography, information security and privacy enhancing technologies. Prior knowledge on the blockchain is not necessary, but desirable.

Funding is available (including a stipend) for a 4-year PhD at UK/EU rates. Start date will be agreed between candidate and Patrick McCorry.

Closing date for applications:

Contact: Patrick McCorry, Assistant Professor (Lecturer) at Kings College London.

Please e-mail stonecoldpat (at) gmail.com for further enquiries.

School of Information Technology Management of Ryerson University invites applications for two postdoctoral positions in Cybersecurity for an initial appointment of one year, renewable for two more years based on performance. Preferred areas of research interest would be secure cryptographic implementation, IoT security, blockchain technology, and post-quantum cryptography.

Candidates are required to have a Ph.D. in Computer Science, ECE or a related area, by the time of appointment and an outstanding research record. Solid background in cryptography, network security, distributed systems, protocols and algorithms, is highly desirable.

Responsibilities include conducting fundamental research in informations system security, publishing in leading conferences and journals, and participation in proposal development. The incumbent is expected to take part in the activities of the Cybersecurity Research Lab at the Ryerson University.

Required application materials include: a curriculum vita; a three-page research statement; and copies of three recent publications. Review of applications will start immediately and continue until both positions are filled. Priority will be given to those candidates who submit their application materials by September 1st, 2018.

For further information, you may contact Dr. Atefeh Mashatan at amashatan @ ryerson.ca

Closing date for applications: 1 January 2019

Singapore University of Technology and Design (SUTD) is a young university which was established in collaboration with MIT. iTrust is a Cyber Security Research Center with about 15 inter-disciplinary faculty members from SUTD. It has the world\'s best facilities in cyber-physical systems (CPS) including testbeds for Secure Water Treatment (SWaT), Water Distribution (WADI), Electric Power and Intelligent Control (EPIC), and IoT. (See more info at https://itrust.sutd.edu.sg/research/testbeds/.)

I am looking for PhD interns with interest in cyber-physical system security (IoT, water, power grid, transportation, and autonomous vehicle etc.). The attachment will be at least 3 months. Allowance will be provided for local expenses.

Interested candidates please send your CV with a research statement to Prof. Jianying Zhou.

Closing date for applications: 30 September 2018

Contact: Prof. Jianying Zhou

Email: jianying_Zhou (at) sutd.edu.sg

More information: http://jianying.space/

Order-revealing encryption (ORE) is a popular primitive for outsourcing encrypted databases, as it allows for efficiently performing range queries over encrypted data. Unfortunately, a series of works, starting with Naveed et al. (CCS 2015), have shown that when the adversary has a good estimate of the distribution of the data, ORE provides little protection. In this work, we consider the case that the database entries are drawn identically and independently from a distribution of known shape, but for which the mean and variance are not (and thus the attacks of Naveed et al. do not apply). We define a new notion of security for ORE, called parameter-hiding ORE, which maintains the secrecy of these parameters. We give a construction of ORE satisfying our new definition from bilinear maps.

The US federal court system is exploring ways to improve the accountability of electronic surveillance, an opaque process often involving cases sealed from public view and tech companies subject to gag orders against informing surveilled users. One judge has proposed publicly releasing some metadata about each case on a paper cover sheet as a way to balance the competing goals of (1) secrecy, so the target of an investigation does not discover and sabotage it, and (2) accountability, to assure the public that surveillance powers are not misused or abused.

Inspired by the courts' accountability challenge, we illustrate how accountability and secrecy are simultaneously achievable when modern cryptography is brought to bear. Our system improves configurability while preserving secrecy, offering new tradeoffs potentially more palatable to the risk-averse court system. Judges, law enforcement, and companies publish commitments to surveillance actions, argue in zero-knowledge that their behavior is consistent, and compute aggregate surveillance statistics by multi-party computation (MPC). We demonstrate that these primitives perform efficiently at the scale of the federal judiciary. To do so, we implement a hierarchical form of MPC that mirrors the hierarchy of the court system. We also develop statements in succinct zero-knowledge (SNARKs) whose specificity can be tuned to calibrate the amount of information released. All told, our proposal not only offers the court system a flexible range of options for enhancing accountability in the face of necessary secrecy, but also yields a general framework for accountability in a broader class of "secret information processes."

Whenever you communicate with someone electronically there are intermediaries that process and carry your communication, helping it reliably get to the intended destination, or storing it until the recipient goes online to collect it. We hope that these intermediaries behave properly, but sometimes they get hacked, or the people running them act maliciously, and your communications can then be tampered with and eavesdropped, with potentially severe consequences. End-to-end encryption is designed to protect against such threats and has been available for decades, but it’s still rarely used because it interferes with modern ways of working. For example, if the company that provides your email service can’t read it, you can’t search it without downloading it all; with collaboration applications, like Google Docs or chat applications, current end-to-end encryption approaches won‘t even work. Even if data is encrypted end-to-end, analysis of the meta-data can still violate privacy, for example disclosing who is working with whom. Anonymous communication systems like Tor can help protect meta-data but the delay that the most secure systems (e.g. Loopix) introduce would prevent standard collaboration technologies from working properly. This project will develop techniques to build collaboration applications that are end-to-end secure, and protect privacy. We will quantify how secure and effective they are, working with investigative journalists who need high levels of security in their collaboration applications.

Funding is available for a 4-year PhD studentship working on this project, providing a standard stipend and fees (at UK/EU rate). The project will be supervised by Dr Steven Murdoch and will start in October 2018 (unless agreed otherwise).

Closing date for applications: 12 August 2018

Contact: Steven Murdoch, s.murdoch (at) ucl.ac.uk

More information: http://www.cs.ucl.ac.uk/prospective_students/phd_programme/funded_scholarships/#c31028

Skills & Requirements

Education– Minimum of a MS in computer science or mathematics. PhD in CS or mathematics desired but optional.

Required Technical Expertise

Significant fundamental or applied research focus in cryptography, and in particular, secure computation.

Demonstrated capability to take theoretical constructions and turn them into working implementations, and then optimize them toward practical use.

A pragmatic understanding of building practical, performant systems that incorporate such advanced cryptosystems into a smoothly integrated whole that meets the needs of our clients.

Required General Skills– Must work well with customers, including building rapport, identifying needs, and communicating with strong written, verbal, and presentation skills. Must be highly motivated and able to self-manage to deadlines and quality goals expected by those customers.

We’re looking for people who can invent, learn, think, and inspire. We reward creativity and thrive on collaboration. If you are interested, please submit your cover letter and resume to us.

More About Galois

At Galois, we maintain a unique organizational structure tailored to the needs of the innovative projects we deliver. Our organizational structure is collaborative, one-level flat, and based on principles of well-defined accountabilities and authorities, transparency, and stewardship. We aspire to provide employees with something that matters to them beyond just a paycheck — whether it be opportunities to learn, career growth, a sense of community, or whatever else brings them value as a person.

We believe in individual freedom in the roles we choose, and in the projects we pursue — our research focus areas are the intersection of staff interests and corporate strategy. We choose practices that best suit the project, team, and leaders, with company-wide standards kept to a minimum to ensure we are making the right choices for the situation rather than just business-as-usual choices.

Closing date for applications: 30 September 2018

Contact: Please apply online via:

https://galois-inc.hiringthing.com/job/76985/cryptography-and-secure-computation-researcher-portland

More information: https://galois-inc.hiringthing.com/job/76985/cryptography-and-secure-computation-researcher-portland

The Digital Security Department at EURECOM is seeking applications for a postdoctoral research position in the field of Big Data privacy. The position is available immediately and is for one year. The contract is renewable (at least for one more year) based on availability of funding and mutual interest. Applicants should hold a doctoral degree in applied cryptography or in a related area and have an adequate experience demonstrated through a strong publication record Some background in machine learning is appreciated. The working language in the group is English. The position will be funded by an EU-H2020 project.

Applications should be sent via email to melek[dot]onen[at]eurecom[dot]fr and should include a CV, a list of publications (with the top 3 ones highlighted), a short research proposal, and contact information for one or two persons who are willing to give references.

Closing date for applications: 1 January 2019

Contact: Melek Önen

Address: EURECOM,

Campus SophiaTech

450 Route des Chappes, Sophia-Antipolis France

Email: melek[dot]onen[at]eurecom[dot]fr

More information: http://www.eurecom.fr/~onen/EURECOM_PostDoc_privacy_onen.pdf

Post-doc information Assurance, APSIA Research Group University of Luxembourg and Centre for Security and Trust

The Applied Security and Information Assurance (APSIA) is seeking to recruit a highly motivated post-doc with a strong research profile to complement and strengthen the group’s existing expertise. Applications from candidates with expertise in the core areas of the group are welcome, but consideration will also be given to candidates with expertise that would extend our expertise, for example: post-quantum security, FinTech and Distributed Ledger Technologies.

The APSIA team, led by Prof. Peter Y. A. Ryan, is part of the SnT and is a dynamic and growing research group, some 20 strong, performing cutting edge research in information assurance, cryptography, and privacy. The group specializes in the mathematical modelling of security mechanisms and systems, especially crypto protocols (classical and quantum), and socio-technical systems. The group is particularly strong in verifiable voting systems.

For further information you may check: www.securityandtrust.lu and https://wwwen.uni.lu/snt/research/apsia.

Research Associates (Postdocs) in Information Assurance (M/F)

Ref: 50013420 (R-STR-5004-00-B)

Fixed Term Contract 2 years (CDD), full-time position (40 hrs/week),

Number of positions: 1

Start day: Summer\\autumn 2018 upon agreement.

Your Role

The successful candidate will contribute to the research goals of the APSIA group. The APSIA Group specializes in the design and analysis of secure systems:

Cryptographic Protocols (classical and quantum)

Cryptographic Algorithms and Primitives

Verifiable Voting Schemes

Socio-Technical Analysis of Security

Privacy Enhancing Technologies

Closing date for applications: 17 August 2018

Contact: P Y A Ryan

Peter.Ryan (at) uni.lu.

More information: http://emea3.mrted.ly/1wfwn

The Chair for Security Engineering at Ruhr-Universität Bochum is searching for highly motivated and qualified PhD candidates in system security engineering and applied cryptography. Specific topics include:

• Implementation of security architectures in hardware and software

• Technologies and countermeasures against microarchitectural attacks

• Security-oriented software compilation

• Tools and frameworks for secure hardware implementations

• Applied and Post-Quantum Cryptography

If you would describe yourself highly motivated, knowledgeable in security and willing to perform creative and deep research, please consider this job opening. You have a degree in IT-security, computer science, electronics or applied mathematics. Prior experience in low-level programming, code analysis, cryptography and/or machine learning are an asset. Publications at relevant conferences such as USENIX Security, CCS, S&P, CHES, CRYPTO, EUROCRYPT are expected.

Please provide a resume, transcripts, a motivational statement and contact information of at least two references.

Closing date for applications: 10 August 2018

Contact: Tim Güneysu tim.gueneysu (at) rub.de

More information: https://www.stellenwerk-bochum.de/

Event date: 1 October 2018
Submission deadline: 1 October 2018
Notification: 15 December 2018

Inner product functional encryption (IPFE), introduced by Abdalla et al. (PKC2015), is a kind of functional encryption supporting only inner product functionality. All previous IPFE schemes are bounded schemes, meaning that the vector length that can be handled in the scheme is fixed in the setup phase. In this paper, we propose the first unbounded IPFE schemes, in which we do not have to fix the lengths of vectors in the setup phase and can handle (a priori) unbounded polynomial lengths of vectors. Our first scheme is private-key based and fully function hiding. That is, secret keys hide the information of the associated function. Our second scheme is public-key based and provides adaptive security in the indistinguishability based security definition. Both our schemes are based on SXDH, which is a well-studied standard assumption, and secure in the standard model. Furthermore, our schemes are quite efficient, incurring an efficiency loss by only a small constant factor from previous bounded function hiding schemes.

Password managers (aka stores or vaults) allow a user to store and retrieve (usually high-entropy) passwords for her multiple password-protected services by interacting with a "device" serving the role of the manager (e.g., a smartphone or an online third-party service) on the basis of a single memorable (low-entropy) master password. Existing password managers work well to defeat offline dictionary attacks upon web service compromise, assuming the use of high-entropy passwords is enforced. However, they are vulnerable to leakage of all passwords in the event the device is compromised, due to the need to store the passwords encrypted under the master password and/or the need to input the master password to the device (as in smartphone managers). Evidence exists that password managers can be attractive attack targets.

In this paper, we introduce a novel approach to password management, called SPHINX, which remains secure even when the password manager itself has been compromised. In SPHINX the information stored on the device is information theoretically independent of the user's master password --- an attacker breaking into the device learns no information about the master password or the user's site-specific passwords. Moreover, an attacker with full control of the device, even at the time the user interacts with it, learns nothing about the master password --- the password is not entered into the device in plaintext form or in any other way that may leak information on it. Unlike existing managers, SPHINX produces strictly high-entropy passwords and makes it compulsory for the users to register these randomized passwords with the web services, hence fully defeating offline dictionary attack upon service compromise. The design and security of SPHINX is based on the device-enhanced PAKE model of Jarecki et al. that provides the theoretical basis for this construction and is backed by rigorous cryptographic proofs of security.

While SPHINX is suitable for different device and online platforms, in this paper, we report on its concrete instantiation on smartphones given their popularity and trustworthiness as password managers (or even two-factor authentication). We present the design, implementation and performance evaluation of SPHINX, offering prototype browser plugins, smartphone apps and transparent device-client communication. Based on our inspection analysis, the overall user experience of SPHINX improves upon current managers. We also report on a lab-based usability study of SPHINX, which indicates that users' perception of SPHINX security and usability is high and satisfactory when compared to regular password-based authentication. Finally, we discuss how SPHINX may be extended to an online service for the purpose of back-up or as an independent password manager.

In the last decade, location information became easily obtainable using off-the-shelf mobile devices. This gave a momentum to developing Location Based Services (LBSs) such as location proximity detection, which can be used to find friends or taxis nearby. LBSs can, however, be easily misused to track users, which draws attention to the need of protecting privacy of these users.

In this work, we address this issue by designing, implementing, and evaluating multiple algorithms for Privacy-Preserving Location Proximity (PPLP) that are based on different secure computation protocols. Our PPLP protocols are well-suited for different scenarios: for saving bandwidth, energy/computational power, or for faster runtimes. Furthermore, our algorithms have runtimes of a few milliseconds to hundreds of milliseconds and bandwidth of hundreds of bytes to one megabyte. In addition, the computationally most expensive parts of the PPLP computation can be precomputed in our protocols, such that the input-dependent online phase runs in just a few milliseconds.

The current state of the art of Boolean masking for the modular addition operation in software has a very high performance overhead. Firstly, the instruction count is very high compared to a normal addition operation. Secondly, until recently, the entropy consumed by such protections was also quite high. Our paper significantly improves both aspects, by applying the Threshold Implementation (TI) methodology with two shares and by reusing internal values as randomness source in such a way that the uniformity is always preserved. Our approach performs considerably faster compared to the previously known masked addition and subtraction algorithms by Coron et al. and Biryukov et al. improving the state of the art by 36%, if we only consider the number of ARM assembly instructions. Furthermore, similar to the masked adder from Biryukov et al. we reduce the amount of randomness and only require one bit additional entroy per addition, which is a good trade-off for the improved performance. We applied our improved masked adder to ChaCha20, for which we provide two new first-order protected implementations and achieve a 36% improvement over the best published result for ChaCha20 using an ARM Cortex-M4 microprocessor.

eSTREAM brought to the attention of the cryptographic community a number of stream ciphers including Grain v0 and its revised version Grain v1. The latter was selected as a finalist of the competition's hardware-based portfolio. The Grain family includes two more instantiations, namely Grain 128 and Grain 128a.

The scope our paper is to provide an insight on how to obtain secure configurations of the Grain family of stream ciphers. We propose different variants for Grain and analyze their security with respect to slide attacks. More precisely, as various attacks against initialization algorithms of Grain were discussed in the literature, we study the security impact of various parameters which may influence the LFSR's initialization scheme.

Recently there has been much academic and industrial interest in practical implementations of *zero knowledge proofs*. These techniques allow a party to *prove* to another party that a given statement is true without revealing any additional information. In a Bitcoin-like system, this allows a payer to prove validity of a payment without disclosing the payment's details.

Unfortunately, the existing systems for generating such proofs are very expensive, especially in terms of memory overhead. Worse yet, these systems are "monolithic", so they are limited by the memory resources of a single machine. This severely limits their practical applicability.

We describe DIZK, a system that *distributes* the generation of a zero knowledge proof across machines in a compute cluster. Using a set of new techniques, we show that DIZK scales to computations of up to billions of logical gates (100x larger than prior art) at a cost of 10$\mu$s per gate (100x faster than prior art). We then use DIZK to study various security applications.

In this note we give a precise formulation of "resistance to arbitrary side information" and show that several relaxations of differential privacy imply it. The formulation follows the ideas originally due to Dwork and McSherry, stated implicitly in [Dwork06]. This is, to our knowledge, the first place such a formulation appears explicitly. The proof that relaxed definitions satisfy the Bayesian formulation is new.

Lattice-based cryptographic primitives are believed to have the property against attacks by quantum computers. In this work, we present a KEA-style authenticated key exchange protocol based on the ring learning with errors problem whose security is proven in the BR model with weak perfect forward secrecy. With properties of KEA such as implicit key authentication and simplicity, our protocol also enjoys many properties of lattice-based cryptography, namely asymptotic efficiency, conceptual simplicity, worst-case hardness assumption, and resistance to attacks by quantum computers. Our lattice-based authenticated key exchange protocol is more efficient than the protocol of Zhang et al. (EUROCRYPT 2015) with more concise structure, smaller key size and lower bandwidth. Also, our protocol enjoys the advantage of optimal online efficiency and we improve our protocol with pre-computation.

Resistance against differential cryptanalysis is an important design criteria for any modern block cipher and most designs rely on finding some upper bound on probability of single differential characteristics. However, already at EUROCRYPT'91, Lai et al. comprehended that differential cryptanalysis rather uses differentials instead of single characteristics.

In this paper, we consider exactly the gap between these two approaches and investigate this gap in the context of recent lightweight cryptographic primitives. This shows that for many recent designs like Midori, Skinny or Sparx one has to be careful as bounds from counting the number of active S-boxes only give an inaccurate evaluation of the best differential distinguishers. For several designs we found new differential distinguishers and show how this gap evolves. We found an 8-round differential distinguisher for Skinny-64 with a probability of $2^{-56.93}$, while the best single characteristic only suggests a probability of $2^{-72}$. Our approach is integrated into publicly available tools and can easily be used when developing new cryptographic primitives.

Moreover, as differential cryptanalysis is critically dependent on the distribution over the keys for the probability of differentials, we provide experiments for some of these new differentials found, in order to confirm that our estimates for the probability are correct. While for Skinny-64 the distribution over the keys follows a Poisson distribution, as one would expect, we noticed that Speck-64 follows a bimodal distribution, and the distribution of Midori-64 suggests a large class of weak keys.