International Association
for Cryptologic Research

The Coefficients H Technique (also called H-technique), by Patarin, is a tool to obtain upper bound on the distinguishing advantage. The tool is known for providing quite simpler and tight bound proofs as compared to some other well-known tools such as Game-playing technique and Random Systems methodology. In this paper, we aim to provide a brief survey on the H-technique. The survey is in three parts: First, we redevelop the necessary nomenclatures and tools required to study the security of symmetric key designs. Second, we give a full description of the H-technique and show that it can provide optimal bounds on the distinguishing advantage. Third, we give simpler proofs for some popular symmetric key designs, across different paradigms, using the H-technique.

Indistinguishability obfuscation constructions based on matrix branching programs generally proceed in two steps: first apply Kilian's randomization of the matrix product computation, and then encode the matrices using a multilinear map scheme. In this paper we observe that by applying Kilian's randomization after encoding, the complexity of the best attacks is significantly increased for CLT13. This implies that much smaller parameters can be used, which improves the efficiency of the constructions by several orders of magnitude.

As an application, we describe the first concrete implementation of non-interactive Diffie-Hellman key exchange secure against existing attacks. Key exchange was originally the most straightforward application of multilinear maps; however it was quickly broken for the three known families of multilinear maps (GGH13, CLT13 and GGH15). Here we describe the first implementation of key exchange based on CLT13 that is resistant against the Cheon et al. attack. For N=4 users and a medium (62 bits) level of security, our implementation requires 8 GB of public parameters, and a few minutes for the derivation of a shared key. Without Kilian's randomization of encodings our construction would be completely unpractical, as it would require more than 100 TB of public parameters.

Direct Anonymous Attestation (DAA) is an anonymous signature scheme, which is designed to allow the Trusted Platform Module (TPM), a small chip embedded in a host computer, to attest to the state of the host system, while preserving the privacy of the user. DAA provides two signature modes: fully anonymous signatures and pseudonymous signatures. To generate a DAA signature, the calculations are divided between the TPM and the host. One goal for designing new DAA schemes is to reduce the signing burden on the TPM as much as possible, since the TPM has only limited resources when compared to the host and the computational overhead of the TPM dominates the whole signing performance. In an optimal DAA scheme, the signing workload on the TPM will be no more than that required for a normal signature. DAA has developed about fifteen years, but no scheme has achieved this optimal signing efficiency for both signature modes. In this paper, we propose the first DAA scheme which achieves this optimal TPM signing efficiency for both signature modes. In particular, the TPM takes only a single exponentiation in a prime-order group when generating a DAA signature. Additionally, this single exponentiation can be precomputed, which enables our scheme to achieve fast online signing time. Our DAA scheme is provably secure under the DDH, DBDH and q-SDH assumptions in the Universally Composable (UC) security model. Our scheme can be implemented using the existing TPM 2.0 commands, and thus is compatible with the TPM 2.0 specification. There are three important use cases for DAA: quoting platform configuration register values, certifying a key and signing a message. We have implemented and benchmarked the commands needed for these use cases on an Infineon TPM 2.0 chip. Based on these benchmark results, our scheme is about twice as fast as the existing DAA schemes supported by TPM 2.0 in terms of signing efficiency. In addition, our DAA scheme supports selective attribute disclosure, which can satisfy more application requirements. We also extend our DAA scheme to support signature-based revocation and to guarantee privacy against subverted TPMs. The two extended DAA schemes keep the TPM signing efficiency optimal for both signature modes, and outperform existing related schemes in terms of signing performance.

This paper introduces Freestyle, a randomized, and variable round version of the ChaCha cipher. Freestyle demonstrates the concept of hash based halting condition, where a decryption attempt with an incorrect key is likely to take longer time to halt. This makes it resistant to key-guessing attacks i.e. brute-force and dictionary based attacks. Freestyle uses a novel approach for ciphertext randomization by using random number of rounds for each block of message, where the exact number of rounds are unknown to the receiver in advance. Due to its inherent random behavior, Freestyle provides the possibility of generating up to $2^{256}$ different ciphertexts for a given key, nonce, and message; thus resisting key and nonce reuse attacks. This also makes cryptanalysis through known-plaintext, chosen-plaintext, and chosen-ciphertext attacks difficult in practice. Freestyle is highly customizable, which makes it suitable for both low-powered devices as well as security-critical applications. It is ideal for: (i) applications that favor ciphertext randomization and resistance to key-guessing and key reuse attacks; and (ii) situations where ciphertext is in full control of an adversary for carrying out an offline key-guessing attack.

To deal with message streams, which is required by many symmetric cryptographic functionalities (MAC, AE, HASH), we propose a lightweight round function called Thin Sponge. We give a framework to construct all these functionalities (MAC, AE, and HASH) using the same Thin Sponge round function. Besides the common security assumptions behind traditional symmetric algorithms, the security of our schemes depends on the hardness of problems to find collisions of some states. We give a class of constructions of Thin Sponge, which is improvement of the round function of Trivium and ACORN. We give simple criteria for determining parameters. According to these criteria, we give an example, which achieves all functionalities in a single round function and hence can be realized by the same hardware. Our algorithm is also efficient in software.

A landmark security property of smart contracts is liquidity: in a non-liquid contract, it may happen that some funds remain frozen. The relevance of this issue is witnessed by a recent liquidity attack to the Ethereum Parity Wallet, which has frozen 160M USD within the contract, making this sum unredeemable by any user. We address the problem of verifying liquidity of Bitcoin contracts. Focussing on itML, a contracts DSL with a computationally sound compiler to Bitcoin, we study various notions of liquidity. Our main result is that liquidity of BitML contracts is decidable, in all the proposed variants. To prove this, we first transform the infinite-state semantics of BitML into a finite-state one, which focusses on the behaviour of any given set of contracts, abstracting the moves of the context. With respect to the chosen contracts, this abstraction in sound and complete. Our decision procedure for liquidity is then based on model-checking the finite space of states of the abstraction. The computational soundness of the BitML compiler allows to lift this result from the symbolic to the computational level: if our decision procedure establishes that a contract is liquid, then it will be such also under a computational adversary, and vice versa.

The Cryptology Group at CWI in Amsterdam has an opening for a PhD position (4 yrs) in the area of ``mathematical aspects of cryptology,`` e.g., the intersection between algebraic coding theory and secure multiparty computation. The successful applicant will also be part of the Mathematical Institute, Leiden University.

Requirements:

You should hold a Master degree (or expect to obtain it soon) in mathematics or computer science (or a comparable subject) with excellent grades, and you should have successfully demonstrated your research abilities, e.g. by completion of an (undergraduate) research project with outstanding results. Furthermore, preferably, you:

• have some background in cryptography;

• enjoy mathematics;

• possess good academic writing and presentation skills;

• are fluent in spoken and written English.

Application:

Your application should include the following information:

• a curriculum vitae;

• a letter of motivation (at most 1 page) explaining why you are interested in this position;

• a list of all university courses taken, including a transcript of grades;

• a report from an undergraduate research project you have done;

• the name and contact details (including email address) of two to three referees who can provide details about your profile (one of whom should be the main supervisor of your Master thesis).

The applications will be reviewed upon receipt and until the position is filled.

Closing date for applications: 1 February 2019

Contact: Please send your application to Ronald Cramer (CWI & Leiden U) and Serge Fehr (CWI & Leiden U), using ``Application CWI PhD Position`` as subject. Email: {cramer,fehr} (at) cwi.nl

We have 1 year Post-doc Position on Constraint Programming for Cryptanalysis of Symmetric Encryption Schemes in LIMOS, Clermont-Ferrand, France

Your Profile:

A PhD in Computer Science, Applied Mathematics, Cryptography or related field.

Competitive research record in symmetric cryptography or in constraint programming.

Commitment, team working and a critical mind.

Fluent written and verbal communication skills in English are essential

Closing date for applications: 1 September 2019

Contact: email your cover letter, your CV, your PhD, reports of the reviewers of your PhD, a selection of your best papers related to the post-doc offer, some recommandation

letters, contact information for 3 referees and any information that might help us to choose you.

More information: http://sancy.univ-bpclermont.fr/~lafourcade/post-doc-LIMOS.pdf

Rambus is seeking for a dynamic, highly motivated, experienced Senior Security Engineer. The ideal candidate will be team oriented, and have a strong knowledge of the HW security including side-channel analysis and fault analysis. In addition, She/he possesses an in-depth knowledge of front end digital design process and related design flows.

Responsibilities

• Design and implement secure cryptographic hardware IP blocks as part of cryptography research’s security IP portfolio.
• Implement fault and side-channel analysis countermeasures and verify resistance to state-of-the-art attack techniques
• Invent, patent and publish new techniques in the fields of DPA countermeasures, fault resistance and efficient hardware designs
• Supports FAEs, customers, and Rambus sales and marketing team in Europe and Asia and work closely with our offices in Sunnyvale, San Francisco, and Bangalore
• Collaborates with different teams to support all technical aspects of the sales cycle
• Represent Rambus CRD at international workshops, conferences and trade shows.
• Author technical collateral and whitepapers on CRD’s cryptographic hardware technologies

Closing date for applications:

More information: https://careers.rambus.com/jobs/smts-ii-security-engineering-rotterdam-netherlands

We are looking for research fellow (post-doc), research associate, research assistant, research assistant, project interns, phd students to join our group.

Candidates for research fellow/associate should have completed (or close to completing) a PhD degree in computer science, mathematics or a related discipline. Research assistants/project interns are expected to have an honours degree or an equivalent qualification.

Research Fellow/Associates are expected to have solid experience in Public Key Cryptography and Provable Security. Research assistants and project interns should have respectable academic record and an interest in the above area. Specific topic of interest:

- Lattice-Based Anonymous Credentials

- Empirical Analysis on Strength of Ideal Lattice

- Ring Signatures & Linkable Ring Signatures

- Different kinds of zero-knowledge proof/argument systems

- Transaction Privacy in Public and Consortium Blockchain

These positions have flexible starting dates. The initial appointment will be for 12 months, with a strong possibility for further appointment.

Closing date for applications: 31 March 2019

Contact: Dr. Man Ho Au (csallen (at) comp.polyu.edu.hk)

More information: http://www.comp.polyu.edu.hk/~csallen

Event date: 5 August to 8 August 2019
Submission deadline: 20 March 2019
Notification: 25 April 2019

Event date: 15 May to 17 May 2019
Submission deadline: 25 January 2019
Notification: 1 March 2019

The discrete logarithm problem in an interval of size $N$ in a group $G$ is: Given $g, h \in G$ and an integer $ N$ to find an integer $0 \le n \le N$, if it exists, such that $h = g^n$. Previously the best low-storage algorithm to solve this problem was the van Oorschot and Wiener version of the Pollard kangaroo method. The heuristic average case running time of this method is $(2 + o(1)) \sqrt{N}$ group operations.

We present two new low-storage algorithms for the discrete logarithm problem in an interval of size $N$. The first algorithm is based on the Pollard kangaroo method, but uses 4 kangaroos instead of the usual two. We explain why this algorithm has heuristic average case expected running time of $(1.715 + o(1)) \sqrt{N}$ group operations. The second algorithm is based on the Gaudry-Schost algorithm and the ideas of our first algorithm. We explain why this algorithm has heuristic average case expected running time of $(1.661 + o(1)) \sqrt{N}$ group operations. We give experimental results that show that the methods do work close to that predicted by the theoretical analysis.

This is a revised version since the published paper that contains a corrected proof of Theorem 6 (the statement of Theorem 6 is unchanged). We thank Ravi Montenegro for pointing out the errors.

In a seminal work, Katz (Eurocrypt 2007) showed that parties being able to issue tamper-proof hardware can implement universally composable secure computation without a trusted setup. Our contribution to the line of research initiated by Katz is a construction for general, information-theoretically secure, universally composable two-party computation based on a single stateful tamper-proof token. We provide protocols for multiple one-time memories, multiple commitments in both directions, and also bidirectional oblivious transfer. From this, general secure two-party computation (and even one-time programs) can be implemented by known techniques. Moreover, our protocols have asymptotically optimal communication complexity.

The central part of our work is a construction for oblivious affine function evaluation (OAFE), which can be seen as a generalization of the oblivious transfer primitive: Parametrized by a finite field F and a dimension k, the OAFE primitive allows a designated sender to choose an affine function f:F->F^k, such that hidden from the sender a designated receiver can learn f(x) for exactly one input x in F of his choice. All our abovementioned results build upon this primitive and it may also be of particular interest for the construction of garbled arithmetic circuits.

Post-doctoral Research Fellow in Post-Quantum Cryptography, Mathematics Department, University of Auckland.

Two years duration

The aim of this role is to conduct research at an international level on post-quantum cryptography and related mathematics. The successful applicant will be working in collaboration with Professor Steven Galbraith, his students, and other collaborators. The ability to work as part of a team and independently is essential. PhD in Mathematics or a related discipline (eg Computer Science) desired.

The Mathematics department at the University of Auckland was ranked 45th worldwide in the 2018 QS World University Rankings. Professor Galbraith\'s research group contains approx 6 post-grad students working in mathematical crypto.

The minimum salary for a research fellow at the University of Auckland in 2019 is NZD 81963.00.

Closing date for applications: 15 January 2019

Contact: Steven Galbraith

Professor of Pure Mathematics

s.galbraith (at) auckland.ac.nz

More information: https://opportunities.auckland.ac.nz/jobid/20285/1/1

Ada Lovelace Post-Doc Fellowships with the Quantum Software Consortium (QSC).

QSC is a project of University of Amsterdam, Leiden University, Delft University of Technology, Centrum Wiskunde & Informatica (CWI) and Vrije Universiteit Amsterdam, funded by NWO.

We are inviting applications for our program of prestigious 3 year Ada Lovelace postdoctoral Fellowships, which has the explicit aim of hiring talented female researchers.

The consortium is organized around three themes of algorithmic development: for quantum computers, for quantum networks, and for quantum(-safe) cryptography. A fourth hardware theme, the demonstrator, provides a distributed quantum computing network linking the three sites of the consortium and The Hague, to test designs arising from the three software themes. World class hardware for demonstrating quantum algorithms is furthermore available via QuTech, Leiden, and Amsterdam outside this proposal.

The subject matter of a candidate’s proposed research is free, as long as it contributes to the scientific program of the QSC. The first call for Ada Lovelace Fellowships will be open until January 31th 2019. Candidates can be proposed in the following two ways:

(1) proposal by one of the QSC Senior Researchers.

(2) application by the candidate, accompanied by a supporting letter by a QSC Senior Researcher.

In both cases, the proposal should include CV and list of publications, description of proposed research, description of embedding in the QSC (preferred location, collaborators), up to three names of scientists who can be contacted for reference letters

You can submit your application to the QSC office. Email: office (at) quantumsc.nl. Deadline for applications is January 31st 2019. In the current round up to two fellowships can be granted.

Closing date for applications: 31 January 2019

Contact: Ronald Cramer (cramer (at) cwi.nl, cramer (at) math.leidenuniv.nl)

More information: http://quantumsc.nl/Research/Overview/

TAMIS research group at IRISA (Rennes, France) is seeking two motivated researchers (1 Ph.D. and 1 research engineer) in the area of side-channel analysis for malware detection.

The project targets to build a malware detection framework using side-channel information.

We are looking for team players who are motivated to drive top-quality research and save the world. The area of research lies between two fields and we expect at least competences in one of them: security on embedded devices and/or malware analysis.

The positions are available from March 2019, but starting dates are negotiable.

The Ph.D. position is estimated for 3 years. The initial contract for the research engineer will be one year, but extendable for 3 years in case of successful performance.

Review of applications will start immediately until position is filled.

Interested candidates should contact us asap and send their detailed CVs, cover letter and references.

Closing date for applications: 1 March 2019

Contact: Annelie Heuser, annelie.heuser (at) irisa.fr

More information: http://www.annelieheuser.com/AH/AHMA.html

NTU Postdoctoral Fellowship 2018.

The fellowship provides post-doc scholars from around the world with the opportunity to conduct one year of independent investigations at NTU in Singapore and one year at a Wallenberg AI, Autonomous Systems and Software Program (WASP) research partner institution in Sweden e.g., Chalmers University of Technology and collaborate with Katerina Mitrokotsa and her group focusing on security and privacy and cryptography.

The official call closes on the 30th of Nov. 2018.

Please contact Katerina Mitrokotsa in case you are interested to work with her until the 27th of Nov. 2018

Closing date for applications: 30 November 2018

Contact: Katerina Mitrokotsa

Associate Professor

Chalmers University of Technology

Department of Computer Science & Engineering

aikmitr (at) chalmers.se

More information: http://www.ntu.edu.sg/ppf/Pages/home.aspx

Locations:

Beijing, Shenzhen & Singapore.

Duties & Responsibilities:

• Formulate research problems based on real-world security requirements and conduct high-quality research independently.

o Understand business requirements from the products of Huawei and translate them into technical requirements and research topics.

o Design innovative solutions for security requirements from Huawei’s products while fulfilling various constraints from all aspects, including compliance, manufacturing process, hardware capability, performance, cost, etc.

o Design and develop prototypes; deliver research results and provide competitive solution to the product lines.

• Contribute to the research activities in applied cryptography team; participate or lead research subjects.
• Work on IP (Intellectual Property, i.e. patents) and standardization.
• Develop collaborations with industry peers and academia.
• Participate and contribute in corporate direction and strategy over security technology.

Skills / Qualifications:

• M.sc or Ph.D. in Mathematics, Cryptography, Computer Science, Computer Engineering, Electrical Engineering, or related field with 2-5 years of experience in information security or applied cryptography.
• Programming skills in at least one language. C, C++, Java, or Shell codes, etc.
• Good written and verbal communications skills.
• Self-motivated with strong sense of responsibility.
• Strong interpersonal and problem solving skills.
• Knowledge in one or more of the following areas is preferred:

o Deep understanding of elliptic curves, bilinear pairing and underline algebra.

o Lattice-based algorithms & post-quantum cryptographic algorithms.

o Blockchain and other distributed ledger technology.

o Privacy protection algorithms such as Homomorphic Encryption, Multiparty Computation & Zero-Knowledge Proofs.

o Symmetric-key cryptography, including white-box crypto algorithm.

Closing date for applications: 30 March 2019

Contact: Shuang Wu, wu.shuang (at) huawei.com

Several full-time research positions in cryptography, blockchain, and formal verification are available at Computer Science, Aarhus University at several levels.

We are looking for:

• PhD students

• Postdocs

• Assistant Professors (tenure track)

• Associate Professors

We are hiring within the following topics:

• Consensus protocols for blockchains

• Blockchain technology

• Game theoretic analysis of cryptographic protocols and blockchains

• Privacy-enhancing technologies

• Differential Privacy

• Zero-knowledge proofs

• Efficient implementation of secure multiparty computation

• Theory of secure multiparty computation

• Secure multiparty computation for the blockchain

• Cryptographic security models

• Formally verified cryptographic implementations

• Language design and semantics for smart contracts

• Formal verification of cryptographic protocols, including blockchain and secure multiparty computation

Applying

If you are interested in a PhD or postdoc position contact us as soon as possible. Positions will stay open until suitable candidates are found. PhD students will later formally apply here: http://phd.scitech.au.dk/for-applicants/ (Deadline February 2019). Assistant Professor or Associate Professor applications are sent here: http://cs.au.dk/about-us/vacancies/scientific-positions/stillinger/Vacancy/show/1009431/5283/ (deadline January, 2019), but feel free to contact us for more information if you are interested in applying.

Closing date for applications: 1 February 2019

Contact: any of:

• Ivan Damgård, ivan (at) cs.au.dk

• Jesper Buus Nielsen, jbn (at) cs.au.dk

• Claudio Orlandi, orlandi (at) cs.au.dk

• Bas Spitters, spitters (at) cs.au.dk