*09:36*[Event][New] Summer school on Design and security of crypto algorithms and devices

From June 1 to June 6

Location: ?ibenik, Croatia

More Information: http://summerschool-croatia14.cs.ru.nl

Get an update on changes of the IACR web-page here. For questions, contact *newsletter (at) iacr.org*.
You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

From June 1 to June 6

Location: ?ibenik, Croatia

More Information: http://summerschool-croatia14.cs.ru.nl

The Vernam Lab at WPI in Worcester, MA has *two* open PhD positions in applied cryptography:

1) Design and implementation of fully homomorphic encryption schemes.

2) Cache timing attacks on virtualized servers; analysis and countermeasures.

Candidates should have a degree in electronics or computer science with strong interest in algorithms and signal processing. Prior experience in side channel analysis and embedded software or hardware design is an asset. We offer a competitive salary and an international cutting-edge research program in an attractive working environment.

WPI is one of the highest-ranked technical colleges in the US. Located in the greater Boston area, it maintains close interaction with many of the nearby universities and companies.

The Horst Görtz Institute for IT-Security (HGI) at Ruhr-University Bochum is one of Europe’s leading research centers in IT security. The DFG, or German Research Foundation, awarded more than €4 million to the HGI for the establishment of the interdisciplinary research training group “New Challenges for Cryptography in Ubiquitous Computing”. We are looking for candidates with outstanding Master/Diplom in the fields of computer science, electrical engineering, mathematics or related areas.

The research training group will study problems which are fundamental for securing the Internet of Things. The research is structured in three levels: cryptographic primitives, device and system level. The research topics range from cryptographic foundations such as fully homomorphic encryption for privacy in cloud computing, over security for medical implants to internet security solutions involving new national ID cards. A central goal of the doctoral training is an interdisciplinary and structured education at the highest scientific level. Establishing networks to top internationally research groups is part of the training.

A group of internationally renowned researchers together with excellent funding provides an extremely interesting scientific environment. The HGI is known for its good working atmosphere.

- Salary: TV-L 13 (approx. 2000€/month)
- Limited: 2 years
- Application: Send your documents by November 15, 2013, to
*grako (at) hgi.rub.de* - Required Documents: CV, certificates, transcript (Master or Diplom), motivation for applying (1 page), names of at least two people who can provide reference letters (email addresses are sufficient)

2013-10-21

New York University, one of the largest and most highly regarded private universities, is seeking to add several tenured/tenure-track faculty members to its Electrical and Computer Engineering (ECE) Department as part of a major multi-year growth phase.

The faculty and students of the school are at the forefront of the high-tech start-up culture in New York City and have access to world-class research centers in cyber security (crissp.poly.edu) and wireless communications (nyuwireless.com), among other areas. We enjoy close collaborations with the Langone School of Medicine, the Courant Institute and other schools of NYU. The ECE Department invites outstanding applications for tenure-track or tenured faculty appointments in all areas of ECE, with particular emphasis on Computer Engineering and RF/Analog Circuits. Candidates with a strong record of interdisciplinary research and funding in emerging areas are preferred. Candidates must have a PhD degree in ECE or related discipline and must have the ability to develop and lead high-quality research and attract external funding. Applicants should include a cover letter, current resume, research and teaching statements, and letters from at least three references. All application materials should be submitted electronically.

Applications received by January 17, 2014 will receive full consideration. NYU is an affirmative action, equal opportunity employer.

We are seeking for up to three researchers who would

- Conduct research in any area of mathematical cryptology
- Supervise minor and major theses
- Organize student seminars

**Junior research position.**

The length of this contract is for up to three years. A subsequent application for a tenure track position is possible. Applications will be accepted up to January 31, 2014. Results will be announced by the end of March, 2014. The starting day is negotiable, but must be before October 1, 2014.

**Senior research position.**

The deadlines and the contract length are the same as in the case of Junior research position. Successful candidates may apply in the future for the position of Full or Associate Professor.

(An Assistant Professor position is available too, under different conditions. See a different call.)

**Environment and mission**

The school of mathematics has carried a program called Mathematical methods of information security for more than 10 years. The program is organized both at a bachelor level (3 years) and a master degree level (additional two years). Each of these levels is completed by both final exams and a minor thesis. Besides specifically cryptographic subjects the curriculum emphasizes mathematics that is relevant for cryptography (computer algebra, number theory, elliptic curves, complexity, probability).

The program produces 7-15 students a year, and their position at the job market seems to be very favorable. Our aim is to strengthen the research associated with this program. The criteria are the quality of the research program and the ability to involve students in research. Communication language is English (or Czech or Slovak).

We are seeking a researcher who would

- Conduct research in any area of mathematical cryptology
- Supervise minor and major theses
- Organize student seminars

This is a non-tenure track position. It can become tenure after successful habilitation. The starting day is negotiable, but must be between January 1 and July 31, 2014.

**Environment and mission**

The school of mathematics has carried a program called Mathematical methods of information security for more than 10 years. The program is organized both at a bachelor level (3 years) and a master degree level (additional two years). Each of these levels is completed by both final exams and a minor thesis. Besides specifically cryptographic subjects the curriculum emphasizes mathematics that is relevant for cryptography (computer algebra, number theory, elliptic curves, complexity, probability).

The program produces 7-15 students a year, and their position at the job market seems to be very favorable. Our aim is to strengthen the research associated with this program. The criteria are the quality of the research program and the ability to involve students in research. Communication language is English (or Czech or Slovak).

2013-10-18

ERCIM (European Research Consortium for Informatics and Mathematics) currently invites applications for one year postdoctoral fellowships in Computer Science, Information Technology, and Applied Mathematics. Fellowships must be hosted at one of the ERCIM member institutions, including the Norwegian University of Science and Technology (NTNU) in Trondheim, Norway.

The information security group at NTNU (http://www.item.ntnu.no/research/infosec) welcomes applications from candidates interested in projects in cryptology and related areas. Applications must be made directly to ERCIM. Informal enquiries regarding the information security group can be made to any of the group professors.

2013-10-15

In January 2013, the Stribog hash function officially replaced GOST R 34.11-94 as the new Russian cryptographic hash standard GOST R 34.11-2012. Stribog is an AES-based primitive and is considered as an asymmetric reply to the new SHA-3 selected by NIST. In this paper we investigate the structural integral properties of reduced version of the Stribog compression function and its internal permutation. Specifically, we present a forward and backward higher order integrals that can be used to distinguish 4 and 3.5 rounds, respectively. Moreover, using the start from the middle approach, we combine the two proposed integrals to get 6.5-round and 7.5-round distinguishers for the internal permutation and 6-round and 7-round distinguishers for the compression function.

A PAKR (Password-Authenticated Key Retrieval) protocol and its multi-server system allow one party (say, client), who has a rememberable password, to retrieve a long-term static key in an exchange of messages with at least one other party (say, server) that has a private key associated with the password. In this paper, we analyze the only one PAKR (named as PKRS-1) standardized in IEEE 1363.2 [9] and its multi-server system (also, [11]) by showing that any passive/active attacker can find out the client\'s password and the static key with off-line dictionary attacks. This result is contrary to the security statement of PKRS-1 (see Chapter 10.2 of IEEE 1363.2 [9]).

We initiate the study of {\\em extractability obfuscation}, a notion first suggested by Barak et al. (JACM 2012): An extractability obfuscator eO for a class of algorithms M guarantees that if an efficient attacker A can distinguish between obfuscations eO(M_1), eO(M_2) of two algorithms M_1,M_2 \\in M, then A can efficiently recover (given M_1 and M_2) an input on which M_1 and M_2 provide different outputs.

- We rely on the recent candidate virtual black-box obfuscation constructions to provide candidate constructions of extractability obfuscators for NC^1; next, following the blueprint of Garg et~al. (FOCS 2013), we show how to bootstrap the obfuscator for NC^1 to an obfuscator for all non-uniform polynomial-time Turing machines. In contrast to the construction of Garg et al., which relies on indistinguishability obfuscation for NC^1, our construction enables succinctly obfuscating non-uniform {\\em Turing machines} (as opposed to circuits), without turning running-time into description size.

- We introduce a new notion of {\\em functional witness encryption}, which enables encrypting a message m with respect to an instance x, language L, and function f, such that anyone (and only those) who holds a witness w for x\\in L can compute f(m,w) on the message and particular known witness. We show that functional witness encryption is, in fact, equivalent to extractability obfuscation.

- We demonstrate other applications of extractability extraction, including the first construction of fully (adaptive-message) indistinguishability-secure functional encryption for an unbounded number of key queries and unbounded message spaces.

- We finally relate indistinguishability obfuscation and extractability obfuscation and show special cases when indistinguishability obfuscation can be turned into extractability obfuscation.

Boldyreva et al. introduced the notion of multiple forking (MF) as an extension of (general) forking to accommodate nested oracle replay attacks. The primary objective of a (multiple) forking algorithm is to separate out the oracle replay attack from the actual simulation of protocol to the adversary, and this is achieved through the intermediary of a so-called wrapper algorithm. Multiple forking has turned out to be a useful tool in the security argument of several cryptographic protocols. However, a reduction employing the MF Algorithm incurs a significant degradation of O(q^2n), where q denotes the upper bound on the underlying random oracle calls and n, the number of forkings. In this work we take a closer look at the reasons for the degradation with a tighter security bound in mind. We nail down the exact set of conditions for the success of the MF Algorithm. A careful analysis of the protocols (and corresponding security argument) employing multiple forking allow us to relax the overly restrictive conditions of the original MF Algorithm. To achieve this, we club two consecutive invocations of the underlying wrapper into a single logical unit of wrapper Z. We then use Z to formulate the notion of \"dependency\" and \"independency\" among different rounds of the wrapper in the MF Algorithm. The (in)dependency conditions lead to a general framework for multiple forking and significantly better bound for the MF Algorithm. Leveraging (in)dependency to the full reduces the degradation from O(q^2n) to O(q^n). Finally, we study the effect of these observations on the security of the existing schemes. We conclude that by careful design of the protocol (and the wrapper in the security reduction) it is possible to harness our observations to the full extent.