International Association
for Cryptologic Research

We propose a framework for achieving a public-key encryption (PKE) scheme that satisfies key dependent message security against chosen ciphertext attacks (KDM-CCA security) based on projective hash function. Our framework can be instantiated under the decisional diffie-hellman (DDH), quadratic residuosity (QR), and decisional composite residuosity (DCR) assumptions. The constructed schemes are KDM-CCA secure with respect to affine functions and compatible with the amplification method shown by Applebaum (EUROCRYPT 2011). Thus, they lead to PKE schemes satisfying KDM-CCA security for all functions computable by a-priori bounded size circuits. They are the first PKE schemes satisfying such a security notion in the standard model using neither non-interactive zero knowledge proof nor bilinear pairing.

The above framework based on projective hash function captures only KDM-CCA security in the single user setting. However, we can prove the KDM-CCA security in the multi user setting of our concrete instantiations by using their algebraic structures explicitly. Especially, we prove that our DDH based scheme satisfies KDM-CCA security in the multi user setting with the same parameter setting as in the single user setting.

Ever since the foundational work of Goldwasser and Micali, simulation has proven to be a powerful and versatile construct for formulating security in various areas of cryptography. However security definitions based on simulation are generally harder to work with than game based definitions, often resulting in more complicated proofs. In this work we challenge this viewpoint by proposing new simulation-based security definitions for secure channels that in many cases lead to simpler proofs of security. We are particularly interested in definitions of secure channels which reflect real-world requirements, such as, protecting against the replay and reordering of ciphertexts, accounting for leakage from the decryption of invalid ciphertexts, and retaining security in the presence of ciphertext fragmentation. Furthermore we show that our proposed notion of channel simulatability implies a secure channel functionality that is universally composable. To the best of our knowledge, we are the first to study universally composable secure channels supporting these extended security goals. We conclude, by showing that the Dropbear implementation of SSH-CTR is channel simulatable in the presence of ciphertext fragmentation, and therefore also realises a universally composable secure channel. This is intended, in part, to highlight the merits of our approach over prior ones in admitting simpler security proofs in comparable settings.

In this work we develop a new theory for concretely efficient, large-scale MPC with active security. Current practical techniques are mostly in the strong setting of all-but-one corruptions, which leads to protocols that scale badly with the number of parties. To work around this issue, we consider a large-scale scenario where a small minority out of many parties is honest and design scalable, more efficient MPC protocols for this setting. Our results are achieved by introducing new techniques for information-theoretic MACs with short keys and extending the work of Hazay et al. (CRYPTO 2018), which developed new passively secure MPC protocols in the same context. We further demonstrate the usefulness of this theory in practice by analyzing the concrete communication overhead of our protocols, which improve upon the most efficient previous works.

Attribute-based signature (ABS) schemes are advanced signature schemes that simultaneously provide fine-grained authentication while protecting privacy of the signer. Previously known expressive ABS schemes support either the class of deterministic finite automata and circuits from standard assumptions or Turing machines from the existence of indistinguishability obfuscations.

In this paper, we propose the first ABS scheme for a very general policy class, all deterministic Turin machines, from a standard assumption, namely, the Symmetric External Diffie-Hellman (SXDH) assumption. We also propose the first ABS scheme that allows nondeterministic finite automata (NFA) to be used as policies. Although the expressiveness of NFAs are more restricted than Turing machines, this is the first scheme that supports nondeterministic computations as policies.

Our main idea lies in abstracting ABS constructions and presenting the concept of history of computations; this allows a signer to prove possession of a policy that accepts the string associated to a message in zero-knowledge while also hiding the policy, regardless of the computational model being used. With this abstraction in hand, we are able to construct ABS for Turing machines and NFAs using a surprisingly weak NIZK proof system. Essentially we only require a NIZK proof system for proving that a (normal) signature is valid. Such a NIZK proof system together with a base signature scheme are, in turn, possible from bilinear groups under the SXDH assumption, and hence so are our ABS schemes.

We present hash functions that are almost optimally one-way in the quantum setting. Our hash functions are based on the Merkle-Damgård construction iterating a Davies-Meyer compression function, which is built from a block cipher. The quantum setting that we use is a natural extention of the classical ideal cipher model. Recent work has revealed that symmetric-key schemes using a block cipher or a public permutation, such as CBC-MAC or the Even-Mansour cipher, can get completely broken with quantum superposition attacks, in polynomial time of the block size. Since many of the popular schemes are built from a block cipher or a permutation, the recent findings motivate us to study such schemes that are provably secure in the quantum setting. Unfortunately, no such schemes are known, unless one relies on certain algebraic assumptions. In this paper we present hash constructions that are provably one-way in the quantum setting without algebraic assumptions, solely based on the assumption that the underlying block cipher is ideal. To do this, we reduce one-wayness to a problem of finding a fixed point and then bound its success probability with a distinguishing advantage. We develop a generic tool that helps us prove indistinguishability of two quantum oracle distributions.

We put forward the notion of universal proxy re-encryption (UPRE). A UPRE scheme enables us to convert a ciphertext under a (delegator) public key of any existing public-key encryption (PKE) scheme into another ciphertext under a (delegatee) public key of any existing PKE scheme (possibly different from the delegator one). Such a conversion is executed by a third party called proxy that has a re-encryption key generated from the delegator's secret key and the delegatee public key. Proxy re-encryption is a related notion, but it can neither convert ciphertexts into ones of possibly different PKE schemes nor treat general PKE schemes.

Our contributions are twofold. One is a definitional work. We define the syntax and security of UPRE. The other is showing the feasibility of UPRE. More precisely, we present three generic constructions of UPRE. One is a UPRE based on probabilistic indistinguishability obfuscation (PIO). It can re-encrypt ciphertexts polynomially many times. Another is a relaxed variant of UPRE based on function secret sharing (FSS). It can re-encryption ciphertexts constant times. The relaxed variant means that decryption algorithms for re-encrypted ciphertext are slightly modified though we use only original delegatee secret keys for decryption. The other is the relaxed variant of UPRE based on oblivious transfer and garbled circuits. It can re-encryption ciphertexts polynomially many times.

The supported PKE schemes by the first and second generic constructions vary in the underlying hard problems or cryptographic tools. The third generic construction supports any CPA-secure PKE. The security levels of our UPRE schemes vary in the underlying hard problems or cryptographic tools that they rely on.

Worcester Polytechnic Institute (WPI) is inviting applications for a tenure track faculty position in the Department of Electrical and Computer Engineering at the Assistant, Associate, or Full Professor level.

The successful candidate will have a strong background in the broad area of Cybersecurity and privacy, with expertise subdomains including Blockchains and decentralized trust, secure computation, hardware security and side-channel analysis, adversarial learning, and security in the cloud and IoT devices.

Candidates must have a Ph.D. degree in Electrical Engineering, Computer Engineering or related areas with outstanding academic credentials that clearly demonstrate their ability to conduct independent and successful research in their areas of expertise and to build cross-disciplinary research programs. Applicants must show potential for an innovative and sustainable research and teaching career. WPI expects faculty to be involved in a balance of research, teaching and service activities, including mentoring student project and thesis work at the undergraduate, master’s and doctoral levels.

Applications should include curriculum vitae, statements of teaching and research interests, and a list of five professional references. This search will remain open until the position is filled.

Closing date for applications: 1 July 2019

Contact: Berk Sunar, sunar\'at\'wpi.edu

More information: https://careers.wpi.edu/postings/6131

Overview

ALIBABA GROUP’S MISSION IS TO MAKE IT EASY TO DO BUSINESS ANYWHERE. Our businesses are comprised of core commerce, cloud computing, digital media and entertainment, and innovation initiatives. An ecosystem has developed around our platforms and businesses that consists of consumers, merchants, brands, retailers, other businesses, third-party service providers and strategic alliance partners.

The Group

We are a cryptography research group that aim to secure data sharing in Alibaba. We do research in state-of-the-art cryptographic techniques, and integrate them in Alibaba’s daily business. Our group is looking for talented developers to join our team as (senior) cryptography engineers. The job involves studying advanced cryptography techniques and developing libraries and applications based on them.

Requirement and responsibilities:

1. Good knowledge of C/C++/Java/Python (at least one of them)
2. Solid cryptography background, e.g., good knowledge of symmetric/asymmetric encryption, hash algorithms, etc.
3. Enthusiastic in learning advanced crypto schemes, and able to apply them in practice.
4. Strong interest in information security, and willingness to devote into the business of data privacy protection in the big data era.

Any knowledge below is a strong plus (but not required):

1. Publication in top-tier security conferences
2. Experience in secure processing of big data
3. Knowledge of machine learning
4. Knowledge and practice in state-of-the-art crypto techniques: homomorphic encryption, multiparty computation, post-quantum cryptography, differential privacy, etc.

Location:

Hangzhou or Beijing in China (strong applicants can be based in US depending on the interviews)

Closing date for applications: 1 July 2019

Contact: Cheng Hong (Email: vince.hc (at) alibaba-inc.com)

The Information Security Group is currently looking for up to 3 motivated and talented researchers (Postdoctoral Researchers and/or Doctoral Students) to contribute to research projects related to applied cryptography, security and privacy. The successful candidates will be working on the following topics (but not limited to):

• Analysis and design of Searchable Encryption schemes and data structures enabling efficient search operations on encrypted data;
• Restricting the type of access given when granting access to search over one\'s data;
• Processing of encrypted data in outsourced and untrusted environments;
• Applying encrypted search techniques to SGX environments;
• Revocable Attribute-Based Encryption schemes and their application to cloud services;
• Privacy-Preserving Analytics;
• IoT Security.

The positions are strongly research focused. Activities include conducting both theoretical and applied research, design of secure and/or privacy-preserving protocols, software development and validation, reading and writing scientific articles, presentation of the research results at seminars and conferences in Finland and abroad, acquiring (or assisting in acquiring) further funding.

Closing date for applications: 11 October 2018

Contact: For more information please contact: Antonis Michalas antonios.michalas (at) tut.fi

More information: https://tut.rekrytointi.com/paikat/?o=A_A&jid=42

Event date: 3 July to 5 July 2019
Submission deadline: 15 February 2019
Notification: 1 April 2019

Event date: 10 June to 14 June 2019

Event date: 20 May to 22 May 2019
Submission deadline: 1 December 2018

The registration for the upcoming Asiacrypt 2018 is open at https://asiacrypt.iacr.org/2018/registration.html.

The deadline for early registration is October 31, 2018.

Asiacrypt 2018 will be held in Brisbane, Australia, December 2-6. Looking forward to see you at the conference!

We are offering postdoc positions in the Cryptography and Data Security Group at the Department of Mathematics, Informatics and Mechanics, University of Warsaw, Poland. More information about our group can be found at http://www.crypto.edu.pl/.

Successful candidates can work on several projects related to cryptography, in particular on smart contracts, blockchain, leakage-resilient and tamper-resilient algorithms, and on countermeasures against hardware Trojans.

The salary will depend on qualifications and will be in the range of approximately PLN 7000 - 8,500 (net/month).

Successful candidates can start from October 2018 or later.

Closing date for applications: 1 February 2019

Contact: Stefan Dziembowski

More information: http://www.crypto.edu.pl/positions

Overview

Algorand is the next generation blockchain platform and digital currency. Possessing a thorough and thoughtfully constructed decentralized economy where all transactions are safe, fast and uncensored while scalable to billions of users, Algorand will help unleash the economic potential of people across the globe as we democratize access to financial instruments.

The Team

The Algorand team combines technological luminaries and proven business leaders. Algorand is founded by Silvio Micali, MIT Ford Professor of Engineering and recipient of the Turing Award in Computer Science.

Our office is located in the heart of downtown Boston. All positions are in this location, though remote work is possible for exceptional candidates.

The Role

This is a senior level role where you will have the opportunity to influence the design and implementation of Algorand’s core cryptographic protocols and schemes.

You’ll be working closely with senior cryptographers at the company to research and prototype new cryptographic schemes and protocols. This involves contribution to cutting-edge research, and industry standards.

Cryptography research engineers are expected to have deep domain knowledge or cryptography, math, algorithms, and be comfortable studying research papers and prototyping.

Responsibilities

You will join a small, extremely capable, and enthusiastic Boston-based team. Your ideas and your innovation will help shape the new blockchain and cryptocurrency ecosystem of tomorrow. The current suite of projects are implemented in primarily Go and C++.

The core product will be open sourced.

Closing date for applications: 1 July 2019

Contact: Sergey Gorbunov, sergey (at) algorand.com

More information: https://www.algorand.com/careers/

Event date: 3 December to 4 December 2018
Submission deadline: 1 October 2018

Event date: 8 April to 12 April 2019
Submission deadline: 16 November 2018
Notification: 17 December 2018

A paper by Karati and Sarkar at Asiacrypt'17 has pointed out the potential for Kummer lines in genus one, by observing that its SIMD-friendly arithmetic is competitive with the status quo. A more recent preprint explores the connection with (twisted) Edwards curves. In this paper we extend this work and significantly simplify their treatment. We show that their Kummer line is the x-line of a Montgomery curve translated by a point of order two, and exhibit a natural isomorphism to a twisted Edwards curve. Moreover, we show that the Kummer line presented by Gaudry and Lubicz can be obtained via the action of a point of order two on the y-line of an Edwards curve. The maps connecting these curves and lines are all very simple. As an example, we present the first implementation of the qDSA signature scheme based on the squared Kummer line. Finally we present close estimates on the number of isomorphism classes of Kummer lines.

This paper shows the security against quantum chosen-ciphertext attacks (QCCA security) of the KEM in Saito, Yamakawa, and Xagawa (EUROCRYPT 2018) in the QROM. The proof is very similar to that for the CCA security in the QROM, easy to understand, and as tight as the original proof.

Since $(t,n)$-threshold secret sharing (SS) was initially proposed by Shamir and Blakley separately in 1979, it has been widely used in many aspects. Later on, Asmuth and Bloom presented a $(t,n)$-threshold SS scheme based on the Chinese Remainder Theorem(CRT) for integers in 1983. However, compared with the most popular Shamir's $(t,n)$-threshold SS scheme, existing CRT based schemes have a lower information rate, moreover, they are harder to construct. To overcome these shortcomings of the CRT based scheme, 1) we first propose a generalized $(t,n)$-threshold SS scheme based on the CRT for the polynomial ring over a finite field. We show that our scheme is ideal, i.e., it is perfect in security and has the information rate 1. By comparison, we show that our scheme has a better information rate and is easier to construct compared with existing threshold SS schemes based on the CRT for integers. 2) We show that Shamir's scheme, which is based on the Lagrange interpolation polynomial, is a special case of our scheme. Therefore, we establish the connection among threshold schemes based on the Lagrange interpolation, schemes based on the CRT for integers and our scheme. 3) As a natural extension of our threshold scheme, we present a weighted threshold SS scheme based on the CRT for polynomial rings, which inherits the above advantages of our threshold scheme over existing weighted schemes based on the CRT for integers.