16:48 [Job][New]
Fully funded Ph.D., Ecole normale supérieure (Paris Area, France)
The objective of this thesis is the forensic reconstruction of partially erased data of various types. The problem that we will tackle is formalized as follows: We consider a data object instance as the result of a function F(t,r) where t encodes the objet type and r is a random number. The OS can create objects, erase them or update them. Erasure is done by forgetting the object’s reference and hence implicitly recycling the space on which it was written. The problem consists in reconstructing algorithmically erased data objects of various types and modeling the conditions under which various assortments of types subject to a given number of rewriting cycles can still be recovered. The methods that will be developed will subsequently be applied to iOS and Android.The candidate should have solid programming and algorithmic skills. Prior knowledge of reverse engineering tools such as IDA Pro is a plus. The candidate will interact with zero-day exploit hunters and physical reverse engineering experts and will have access to very advanced computing and forensic facilities. This proposal is reserved to French nationals only and is fully funded.
Interested candidates should contact directly david.naccache (at) ens.fr
16:17 [Pub][ePrint]
Tightly-Secure Signatures From Lossy Identification Schemes, by Michel Abdalla and Pierre-Alain Fouque and Vadim Lyubashevsky and Mehdi Tibouchi
In this paper we present three digital signature schemes with tight security reductions. Our first signature scheme is a particularly efficient version of the short exponent discrete log based scheme of Girault et al. (J. of Cryptology 2006). Our scheme has a tight reduction to the decisional Short Discrete Logarithm problem, while still maintaining the non-tight reduction to the computational version of the problem upon which the original scheme of Girault et al. is based. The second signature scheme we construct is a modification of the scheme of Lyubashevsky (Asiacrypt 2009) that is based on the worst-case hardness of the shortest vector problem in ideal lattices. And the third scheme is a very simple signature scheme that is based directly on the hardness of the Subset Sum problem.We also present a general transformation that converts what we term lossy identification schemes into signature schemes with tight security reductions. We believe that this greatly simplifies the task of constructing and proving the security of
such signature schemes.
15:08 [Job][New]
Post-Doc, EPFL, Switzerland
The Laboratory for Security and Cryptography (LASEC) at EPFL is hiring a post doctoral researcher. Applicants are encouraged to apply to job_lasec (at) epfl.ch by sending a detailed CV and a research plan.LASEC is active in research on cryptography and security. More specifically, our main interests currently span (but are not limited to) the following:
- hardware implementation and embedded systems,
- homomorphic and functional encryption,
- provable security.
We strongly encourage the application by researchers who have proved
excellence in one of these domains.
The selection of applicants will be made on a competitive basis.
Besides conducting top-quality research, postdocs are required to
participate the the lab activities such as training students at all levels,
running projects, fund raising, etc.
EPFL is a top-ranked research and teaching institution that attracts
some of the best intellects in the world. EPFL offers excellent
facilities, environment, and salaries. EPFL\\\'s campus is a multi
cultural, idyllic spot overlooking Lake Geneva and facing the Alps.
Information about EPFL: http://www.epfl.ch
16:17 [Pub][ePrint]
A generic view on trace-and-revoke broadcast encryption schemes, by Dennis Hofheinz and Christoph Striecks
At Eurocrypt 2011, Wee presented a generalization of threshold public key encryption, threshold signatures, and revocation schemes arising from threshold extractable hash proof systems. In particular, he gave instances of his generic revocation scheme from the DDH assumption (which led to the Naor-Pinkas revocation scheme), and from the factoring assumption (which led to a new revocation scheme). We expand on Wee\'s work in two directions:(a) We propose threshold extractable hash proof instantiations from the \"Extended Decisional Diffie-Hellman\" (EDDH) assumption due to Hemenway and Ostrovsky (PKC 2012). This in particular yields EDDH-based variants of threshold public key encryption, threshold signatures, and revocation schemes. In detail, this yields a DCR-based revocation scheme.
(b) We show that our EDDH-based revocation scheme allows for a mild form of traitor tracing (and, thus, yields a new trace-and-revoke scheme). In particular, compared to Wee\'s factoring-based scheme, our DCR-based scheme has the advantage that it allows to trace traitors.
16:17 [Pub][ePrint]
How to Keep a Secret: Leakage Deterring Public-key Cryptography, by Aggelos Kiayias and Qiang Tang
How is it possible to prevent the sharing of cryptographicfunctions? This question appears to be fundamentally hard to address
since in this setting the owner of the key {\\em is} the adversary:
she wishes to share a program or device that (potentially only
partly) implements her main cryptographic functionality. Given that
she possesses the cryptographic key, it is impossible for her to be
{\\em prevented} from writing code or building a device that uses
that key. She may though be {\\em deterred} from doing so.
We introduce {\\em leakage-deterring} public-key cryptographic
primitives to address this problem. Such primitives have the feature
of enabling the embedding of owner-specific private data into the
owner\'s public-key so that given access to {\\em any} (even
partially functional) implementation of the primitive, the recovery
of the data can be facilitated. We formalize the notion of
leakage-deterring in the context of encryption, signature, and
identification and we provide efficient generic constructions that
facilitate the recoverability of the hidden data while retaining
privacy as long as no sharing takes place.