*15:02* [Job][New]
Post-Doc, *LORIA-CNRS, University of Lorraine, Nancy, France*
**Provably secure e-voting**We are looking for one postdoctoral researcher to join the ProSecure project at Loria, Nancy, in the Cassis team, for 1 or 2 years.

**Context**

One important family of protocols is e-voting. Electronic voting protocols should offer the same guarantees than more traditional voting systems. In particular, they should offer both vote privacy and verifiability : anyone should be able to check that the result corresponds to the votes. Surprisingly, even defining a crucial property such as vote privacy has not yet reached a consensus in the scientific community. Moreover, existing voting systems should still be improved in terms of verifiability, coercion-resistance, or usability. To achieve a high level of trust, these systems should be proved secure rigorously.

**Objectives**

One objective is to propose well-founded definitions of crucial properties in e- voting such as privacy, receipt-freeness, coercion-resistance, and verifiability and apply them on various e-voting protocols including well-known schemes such as Helios or Civitas. In particular, our team is developing a variant of Helios named Belenios. This scheme has been proved to be ballot private and fully verifiable. More security properties are yet to be proved and several enhancement of the protocol are planned. Belenios benefits from the support of an engineer that develops and maintains it.

The post-doc researcher is expected to contribute autonomously to the development of new results for defining and proving cryptographic security properties and for designing a both practical and secure voting scheme. The postdoc researcher should have a good publication record and a strong expertise in cryptography.

*14:33* [Job][Update]
Doctoral Researcher in the collaborative research center CROSSING, *Technische Universität Darmstadt, Germany*
Collaborative Research Centers are institutions funded by the German Research Foundation (DFG) and are established at universities to pursue a scientifically ambitious, complex, long?term research program. The goal of the center CROSSING is to provide cryptography-based security solutions enabling trust in new and next generation computing environments. In the center researchers from different areas such as Cryptography, IT-Security, Quantum Physics, and Software Engineering will collaborate. The available doctoral positions are distributed over the aforementioned areas, and will be affiliated with the research training school of the center.

As part of its research program CROSSING will develop an open-source software called OpenCCE which will allow users to deploy the developed solutions in a secure and easy way.

Applicants should upload their applications on www.crossing.tu-darmstadt.de/de/crossing/jobs/application/ including the usual documents and indicating the applicant’s area of interest. Applications will be considered until the positions are filled.

For more information about CROSSING and the application process please visit www.crossing.tu-darmstadt.de.

TU Darmstadt has a large interest in increasing the number of female researchers, and hence particularly encourages female candidates to apply. Applicants with a degree of disability of 50% or more will be preferred in case they are otherwise equally qualified to the other candidates. It is generally possible to work part time.

*09:17* [Pub][ePrint]
Revocation in Publicly Verifiable Outsourced Computation, by James Alderman and Carlos Cid and Jason Crampton and Christian Janson
The combination of software-as-a-service and the increasing use of mobile devices gives rise to a considerable difference in computational power between servers and clients. Thus, there is a desire for clients to outsource the evaluation of complex functions to an external server. Servers providing such a service may be rewarded per computation, and as such have an incentive to cheat by returning garbage rather than devoting resources and time to compute a valid result.In this work, we introduce the notion of Revocable Publicly Verifiable Computation (RPVC), where a cheating server is revoked and may not perform future computations (thus incurring a financial penalty). We introduce a Key Distribution Center (KDC) to efficiently handle the generation and distribution of the keys required to support RPVC. The KDC is an authority over entities in the system and enables revocation. We also introduce a notion of blind verification such that results are verifiable (and hence servers can be rewarded or punished) without learning the value.

We present a rigorous definitional framework, define a number of new security models and present a construction of such a scheme built upon Key-Policy Attribute-based Encryption.

*09:17* [Pub][ePrint]
The Multiple Number Field Sieve with Conjugation Method, by Cécile Pierrot
In this short paper, we propose a variant of the Number Field Sieve to compute discrete logarithms in medium characteristic finite fields.We propose an algorithm that combines two recent ideas, namely the Multiple variant of the Number Field Sieve taking advantage of a large number of number fields in the sieving phase and the Conjugation Method giving a new polynomial selection for the classical Number Field Sieve. The asymptotic complexity of our improved algorithm is L_Q (1/3, (8 (9+4 \\sqrt{6})/15)^1/3), where F_Q is the target finite field and (8 (9+4 \\sqrt{6})/15)^1/3) is approximately equal to 2.156. This has to be compared with the complexity of the previous state-of-the-art algorithm for medium characteristic finite fields, the Number Field Sieve with Conjugation Method, that has a complexity of approximately L_Q(1/3, 2.201).

*09:17* [Pub][ePrint]
Balanced permutations Even-Mansour ciphers, by Shoni Gilboa and Shay Gueron
The $r$-rounds Even-Mansour block cipher uses $r$ public permutations of $\\{0, 1\\}^n$ and $r+1$ secret keys. An attack on this construction was described in \\cite{DDKS}, for $r = 2, 3$. Although this attack is only marginally better than brute force, it is based on an interesting observation (due to \\cite{NWW}): for a \"typical\" permutation $P$, the distribution of $P(x) \\oplus x$ is not uniform. To address this, and other potential threats that might stem from this observation in this (or other) context, we introduce the notion of a ``balanced permutation\'\' for which the distribution of $P(x) \\oplus x$ is uniform, and show how to generate families of balanced permutations from the Feistel construction.

This allows us to define a $2n$-bit block cipher from the $2$-rounds Even-Mansour scheme. The cipher uses public balanced permutations of $\\{0, 1\\}^{2n}$, which are based on two public permutations of $\\{0, 1\\}^{n}$.

By construction, this cipher is immune against attacks that rely on the non-uniform behavior of $P(x) \\oplus x$. We prove that this cipher is indistinguishable from a random permutation of $\\{0, 1\\}^{2n}$,

for any adversary who has oracle access to the public permutations and to an encryption/decryption oracle, as long as the number of queries is $o (2^{n/2})$. As a practical example, we discuss the properties and the performance of a $256$-bit block cipher that is based on AES.

*09:17* [Pub][ePrint]
Graded Multilinear Maps from Lattices, by Craig Gentry and Sergey Gorbunov and Shai Halevi
Graded multilinear encodings have found extensive applications in cryptography ranging fromnon-interactive key exchange protocols, to broadcast and attribute-based encryption, and even to software obfuscation.

Despite seemingly unlimited applicability, essentially only two candidate constructions are known (GGH and CLT). In this work, we describe a new graded multilinear encoding scheme from lattices.

Our construction encodes Learning With Errors (LWE) samples

in short square matrices of higher dimensions. Addition and multiplication of the encodings corresponds naturally to addition and multiplication

of the LWE secrets. Comparisons of any two encodings

can be performed publicly at any level.

The security of our scheme relies on a hardness of a natural problem which can be thought of as analogous to standard LWE problem.

*09:17* [Pub][ePrint]
Universally Composable Secure Group Communication, by TIAN Youliang, PENG Changgen
This paper analyzes group communication within the universally composable framework. We first propose the group communication

model, identity-based signcrytion model and group key distribution model in the UC framework by

designing the ideal functionality $\\mathcal {F}_{SAGCOM}$, $\\mathcal

{F}_{IDSC}$ and $\\mathcal {F}_{GKD}$, respectively. Then, we construct

a UC secure identity-based signcryption protocol $\\pi_{IDSC}$. Moreover,

we shows that the identity-based signcryption $\\pi_{IDSC}$ securely realizes the ideal functionality $\\mathcal {F}_{IDSC}$ if

and only if the corresponding protocol IDSC is secure. Finally, based on the identity-based protocol, we propose a group communication scheme

$\\pi_{SAGCOM}$, which can securely realizes the ideal functionality

$\\mathcal {F}_{SAGCOM}$ in the $(\\mathcal {F}_{IDSC},\\mathcal

{F}_{GKD})$-hybrid model.

*09:17* [Pub][ePrint]
An Equivalent Condition on the Switching Construction of Differentially 4-uniform Permutations on $\\gf_{2^{2k}}$ from the Inverse Function, by Xi Chen, Yazhi Deng, Min Zhu and Longjiang Qu
Differentially 4-uniform permutations on $\\gf_{2^{2k}}$ with high nonlinearity are often chosen as Substitution boxes in block ciphers. Recently, Qu et al. used the powerful switching method to construct such permutations from the inverse function [9],[10]. More precisely, they studied the functions of the form G(x)=1/x+f(1/x),where f is a Boolean function. They proved that if f is a preferred Boolean function (PBF), then G is a permutation polynomial over $\\gf_{2^n}$ whose differential uniformity is at most 4. However, as pointed out in [9],f is a PBF is a sufficient but not necessary condition. In this paper, a sufficient and necessary condition for G to be a differentially 4-uniform permutation is presented. We also show that G can not be an almost perfect nonlinear (APN) function. As an application, a new class of differentially 4-uniform permutations where f are not PBFs are constructed. By comparing this family with previous constructions, the number of permutations here is much bigger. The obtained functions in this paper may provide more choices for the design of Substitution boxes.