International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-06-19
20:08 [Job][New]

Post-doctoral positions are available in the AriC team, on functional cryptography and/or lattice-based cryptography.

An emerging group on cryptography is looking for excellent researchers to participate to projects on functional encryption and/or lattice-based cryptography, from the algorithmic foundations to the design and implementation of advanced cryptographic primitives.

Candidates must hold (or be close to holding) a PhD thesis related to cryptology, with an emphasis on its mathematical aspects. A strong research record is expected (i.e., publications in first-tier conferences or journals).

Applications should include a CV and recommendation letters. They should be sent before July 31, 2014 but will be considered until the positions are filled. Post-doc duration is negotiable. Salary can be adjusted for senior post-docs.

20:08 [Job][New]

The Information Security Centre of Excellence (ISCX), University of New Brunswick, Fredericton, Canada is seeking a full-time postdoctoral fellow to work with the Centre to carry out research, design and development for the Intelligent Tools for an Automated Security

Analysis and Risk Management for Large-Scale Systems project. The proposed toolset will incorporate a set of techniques for automated risk identification, security assessment and mitigation planning. Within this toolset a risk management methodology will be provided to

support a process of identifying system threats and assessing the corresponding risks. The risk management toolset will also be equipped with means to trace and analyze roots of these threats for proper selection of follow-up mitigation strategies. This project is funded under the Atlantic Innovation Foundation program. For more information about ISCX, please see www.iscx.ca.

Applicants should have a Ph.D. and expertise in one or both of following research areas:

• Information and Network Security, and network technologies and tools.

• Machine learning and data mining techniques and tools.

The following skills and experiences are very helpful:

• Development under Linux operating system

• Malware detection and analysis concepts and tools

Successful applicants will assist in one or more of following tasks:

• Developing novel learning and mining techniques for malware detection and analysis

• Develop security data-mining approaches for risk mitigation, automated understanding and predictive analytics.

• Preparing technical documents and writing and submitting the research results for publication.

The post-doc appointment is for two years and can be extended for two more year depending upon the availability of funding.

Applications will be considered until the available position is filled. To apply send your curriculum vita that in

20:07 [Job][New]

ID Quantique SA is a dynamic company specialising in quantum-safe network encryption solutions as well as hardware random number generators. Its products are used by customers in the financial and government sector worldwide. The company is based in Geneva, Switzerland.

Main Responsabilities:

•Provide internal expertise on cryptographic algorithms and protocols.

•Participation in internal as well as collaborative interdisciplinary R&D projects in the field of quantum-safe cryptography primitives, protocols and solutions.

•Implementation of cryptographic protocols.

•Monitoring of vulnerabilities and attacks relevant to the company’s products and services.

•Engagement with customers in the context of pre-sales activities.

2014-06-17
19:27 [Job][New]

The working group „Codes and Cryptography“ of the Department for Computer Science at the University of Paderborn is looking for a Research Assistant (PhD student) working in public key cryptography, more specifically in pairing based cryptography. The position also includes teaching duties.

Candidates should be proficient in complexity theory, cryptography, and number theory. A Master in Computer Science or a similar field is a condition of employment. It is expected of any candidate that a doctorate\\\'s degree will be pursued.

Applications, preferably by email, with the usual documents can be sent until June 30th, 2014.

19:26 [Job][New]

The IMDEA Software Institute (Madrid, Spain) has openings for two Ph.D. positions. We are looking for highly motivated students with a background in at least one of the following fields:

• cryptography,
• programming languages,
• verification

and an interest in carrying out research at their intersection.

The positions are within the computer-assisted cryptography group. The group is actively working on:

• the development of new programming languages and verification methods for the design and analysis of cryptographic systems,
• the implementation of computer-aided tools for cryptographic proofs, including EasyCrypt and ZooCrypt, and
• their application to the formal verification of descriptions and implementations of cryptographic standards and systems.

The positions start from September 1, 2014 (negotiable); it is expected that students will complete their Ph.D. in 4 years. The salary is around 24K euros per year, which provides for very comfortable living in Madrid; in addition, students will have access to a generous health package. The working language is English.

Applications should arrive no later than July 6, 2014 and should include a CV, a cover letter, and the names and contact details for two references. Later applications will be considered until the positions are filled.

19:25 [Event][New]

From October 8 to October 10
Location: Chennai, India

18:17 [Pub][ePrint]

Secure two-party computation allows two mutually distrusting parties to jointly compute an arbitrary function on their private inputs without revealing anything but the result. An interesting target for deploying secure computation protocols are mobile devices as they contain a lot of sensitive user data. However, their resource restrictions make this a challenging task.

In this work, we optimize and implement the secure computation protocol by Goldreich-Micali-Wigderson~(GMW) on mobile phones. To increase performance, we extend the protocol by a trusted hardware token (i.e., a smartcard). The trusted hardware token allows to pre-compute most of the workload in an initialization phase, which is executed locally on one device and can be pre-computed independently of the later communication partner. We develop and analyze a proof-of-concept implementation of generic secure two-party computation on Android smart phones making use of a microSD smartcard. Our use cases include private set intersection for finding shared contacts and private scheduling of a meeting with location preferences. For private set intersection, our token-aided implementation on mobile phones is up to two orders of magnitude faster than previous generic secure two-party computation protocols on mobile phones and even as fast as previous work on desktop computers.

15:17 [Pub][ePrint]

Certificateless public key cryptography eliminates inherent key escrow problem in identity-based cryptography, and does not yet requires certificates as in the traditional public key infrastructure. However, most of certificateless signature schemes without random oracles have been demonstrated to be insecure. In this paper, we propose a new certificateless signature scheme and prove that our new scheme is existentially unforgeable against adaptively chosen message attack in the standard model. Performance analysis shows that our new scheme has shorter system parameters, shorter length of signature, and higher computational efficiency than the previous schemes in the standard model.

15:17 [Pub][ePrint]

We propose an efficient Key-policy Attribute-based Encryption (KP-ABE)

scheme for general (monotone) Boolean circuits based on secret sharing and on a very particular and simple form of leveled multilinear maps,

called chained multilinear maps. The number of decryption key components is substantially reduced in comparison with the current scheme based on leveled multilinear maps, and the size of the multilinear map (in terms of bilinear map components) is less than the Boolean circuit depth, while it is quadratic in the Boolean circuit depth for the current scheme based on leveled multilinear map. Moreover, it is much easier to find chained multilinear maps than leveled multilinear maps. Selective security of the proposed schemes in the standard model is proved, under the decisional multilinear Diffie-Hellman assumption.

15:17 [Pub][ePrint]

In a homomorphic signature scheme, given a vector of signatures $\\vec{\\sigma}$ corresponding to a dataset of messages $\\vec{\\mu}$, there is a {\\it public} algorithm that allows to derive a signature $\\sigma\'$ for message $\\mu\'=f(\\vec{\\mu})$ for any function $f$.

Given the tuple $(\\sigma\', \\mu\', f)$ anyone can {\\it publicly}

verify the result of the computation of function $f$.

Along with the standard notion of unforgeability

for signatures, the security of homomorphic signatures guarantees that no adversary is able to make a forgery $\\sigma^*$ for $\\mu^* \\neq f(\\vec{\\mu})$.

We construct the first homomorphic signature scheme for evaluating arbitrary functions. In our scheme, the public parameters and the size of the resulting signature grows linearly

with the depth of the circuit representation of $f$. Our scheme is secure in the standard model assuming hardness of

finding {\\it Small Integer Solutions} in hard lattices.

Furthermore, our construction has asymptotically fast verification

which immediately leads to a new solution for verifiable outsourcing with pre-processing phase. Previous state of the art constructions were limited to evaluating polynomials of constant degree, secure in random oracle model

without asymptotically fast verification.

15:17 [Pub][ePrint]

We present the design, implementation and evaluation of the root of trust for the Trusted Execution Environment (TEE) provided by ARM TrustZone based on SRAM Physical Unclonable Functions (PUFs). We first implement a building block which provides the foundations for the root of trust: secure key storage and truly random source. The building block doesn\'t require on or off-chip secure non-volatile memory to store secrets, but provides a high-level security: resistance to physical attackers capable of controlling all external interfaces of the system on chip (SoC). Based on the building block, we build the root of trust consisting of seal/unseal primitives for secure services running in the TEE, and a software-only TPM service running in the TEE which provides rich TPM functionalities for the rich OS running in the normal world of TrustZone. The root of trust resists software attackers capable of compromising the entire rich OS. Besides, both the building block and the root of trust run on the powerful ARM processor. In one word, we leverage the SRAM PUF, commonly available on mobile devices, to achieve a low-cost, secure, and efficient design of the root of trust.