*06:04* [Job][New]
PhD position on Privacy Engineering, *University of Ulm, Institute of Distributed Systems, Germany*
As part of our participation in the just starting EU FP7 project PRIPARE on privacy engineering and privacy by design, we have an open PhD position in this area.Evaluation of applications is continuing until the position is filled.

*06:04* [Job][New]
Ph.D. student, *DemTech/IT University of Copenhagen*
I am looking for a PhD student to join the DemTech research project (www.demtech.dk). DemTech\\\'s broad mission is about the role of technology in democratic processes. We work on topics ranging from software engineering and requirements engineering, information security, and program verification, cryptography, in particular ever lasting privacy, but also logic methods, concurrency, and computational social choice. The successful candidate will join an international group consisting of faculty, post-docs, and PhD students. DemTech is working with many governmental institutions around the world. The position runs for three or four years. The application deadline is **13th October 2013, at 23:59 CET**

Please note that this is a strict deadline.

*15:17* [Pub][ePrint]
Decomposition formula of the Jacobian group of plane curve, by Koh-ichi Nagao
We give an algorithm for decomposing given element of Jacobian gruop into the sum of the decomposed factor, which consists of certain subset of the points of curve.

*15:17* [Pub][ePrint]
Equations System coming from Weil descent and subexponential attack for algebraic curve , by Koh-ichi Nagao
Faug\\\'ere et al. shows that the decomposition problem of an element of elliptic curve over binary field $F_{2^n}$ reduces to solving low degree equations system over $bF_2$ coming from Weil descent. Using this method, the discrete logarithm problem of elliptic curve over $F_{2^n}$ reduces to linear constrains, i.e., solving equations system using linear algebra of monomial modulo field equations, and its complexity is expected to be subexponential of input size $n$. However, it is pity that at least using linear constrains, it is exponential. Petit et al. shows that assuming first fall degree assumption and using Gr\\\"obner basis computation, its complexity is heuristically subexponential.

On the other hands, the author shows that the decomposition problem of Jacobian of plane curve over $F_{p^n}$ also essentially reduces to solving low degree equations system over $F_p$ coming from Weil descent.

In this paper, we generalize ($p>2$ cases, Jacobian cases) and revise (precise estimation of first fall degree) the results of Petit et al. and show that the discrete logarithm problem

of elliptic curve over small characteristic field $F_{p^n}$ is subexponential of input size $n$, and the discrete logarithm problem of Jacobian of small genus curve over small characteristic field $F_{p^n}$ is also subexponential of input size $n$,

under first fall degree assumption.

*15:17* [Pub][ePrint]
Puzzle Encryption Algorithm, by Gregory Alvarez and Charles Berenguer
This document describes the symmetric encryption algorithm called Puzzle. It is free and open. The objective of this paper is to get an opinion about its security from the cryptology community. It is separated in two parts, a technical description of the algorithm and its cryptanalysis. The algorithm has some interesting properties :The block size is variable and unknown from an attacker. The size of the key has no limit and is unknown from an attacker. The key size does not affect the algorithm speed (using a 256 bit key is the same as using a 1024 bit key). The algorithm is much faster than the average cryptographic function. Experimental test showed 600 Mo/s - 4 cycles/byte on an Intel Core 2 Duo P8600 2.40GHz and 1,2 Go/s - 2 cycles/byte on an Intel i5-3210M 2.50GHz. Both CPU had only 2 cores.

*15:17* [Pub][ePrint]
More Efficient Oblivious Transfer and Extensions for Faster Secure Computation, by Gilad Asharov and Yehuda Lindell and Thomas Schneider and Michael Zohner
Protocols for secure computation enable parties to compute a joint function on their private inputs without revealing anything but the result. A foundation for secure computation is oblivious transfer (OT), which traditionally requires expensive public key cryptography. A more efficient way to perform many OTs is to extend a small number of base OTs using OT extensions based on symmetric cryptography. In this work we present optimizations and efficient implementations of OT and OT extensions in the semi-honest model. We propose a novel OT protocol with security in the standard model and improve OT extensions with respect to communication complexity, computation complexity, and scalability. We also provide specific optimizations of OT extensions that are tailored to the secure computation protocols of Yao and Goldreich-Micali-Wigderson and reduce the communication complexity even further. We experimentally verify the efficiency gains of our protocols and optimizations. By applying our implementation to current secure computation frameworks, we can securely compute a Levenshtein distance circuit with 1.29 billion AND gates at a rate of 1.2 million AND gates per second. Moreover, we demonstrate the importance of correctly implementing OT within secure computation protocols by presenting an attack on the FastGC framework.

*15:17* [Pub][ePrint]
Formally Proved Security of Assembly Code Against Leakage, by Pablo Rauzy and Sylvain Guilley and Zakaria Najm
In his keynote speech at CHES 2004, Kocher advocated that side-channel attacks were an illustration that formal cryptography was not as secure as it was believed because some assumptions (e.g., no auxiliary information is available during the computation) were not modeled.This failure is due to the fact that formal methods work with models rather than implementations.

Of course, we can use formal methods to prove non-functional security properties such as the absence of side-channel leakages.

But a common obstacle is that those properties are very low-level and appear incompatible with formalization.

To avoid the discrepancy between the model and the implementation, we apply formal methods directly on the implementation.

Doing so, we can formally prove that an assembly code is leak-free, provided that the hardware it runs on satisfies a finite (and limited) set of properties that we show are realistic.

We apply this technique to prove that a PRESENT implementation in 8~bit AVR assembly code is leak-free.