Lucky Microseconds: A Timing Attack on Amazon’s s2n Implementation of TLS

Over the summer, Kenny Paterson and me spent some time looking at Amazon’s (Amazon Web Services – Labs to be precise) implementation of TLS. This implementation — called s2n — was released in June with the intent of providing a clean, easy to read, small implementation of a core subset of the TLS protocol.

Continue reading “Lucky Microseconds: A Timing Attack on Amazon’s s2n Implementation of TLS”

Postdoc at Royal Holloway on Multilinear Maps

The multilinear maps project I worked on previously is looking for a new postdoc. See ad below. It’s not necessarily very long, but it’s a nice gig: it’s on an interesting topic, the ISG is a good department and Kenny is a very nice boss. If you have questions, you can get in touch with Kenny. or, if that’s better for you, feel free to get in touch with me as well.

Postdoctoral Research Assistant

Information Security

  • Location: Egham
  • Salary: £33,476 to £39,528 per annum – including London Allowance Fixed Term
  • Closing Date: Wednesday 04 November 2015
  • Interview Date: To be confirmed
  • Reference: 1015-296
  • Full time fixed term until 31st July 2017

Applications are invited for the post of Postdoctoral Research Assistant in the Information Security Group.

The Postdoctoral Research Assistant will work alongside Professor Kenny Paterson, Dr Enrique Larraia, and the Visiting Researchers Professor Dennis Hofheinz (TU Karlsruhe) and Professor Steven Galbraith (Auckland) on topics within the following areas: the construction and analysis of multilinear maps; the development of sound abstractions of current and future proposals for multilinear maps that are suitable for use by cryptographers; the development of cryptographic schemes making use of multilinear maps; and the formal security analyses of these schemes.

Applicants should have already completed, or be close to completing, a PhD in a relevant discipline. Applicants should have an outstanding research track record in Cryptography, ideally with significant experience in cryptanalysis of lattice-based schemes and/or the analysis of cryptographic schemes using provable security techniques. Applicants should be able to demonstrate scientific creativity, research independence, and the ability to communicate their ideas effectively in written and verbal form.

This is a time post, immediately available until the 31st July 2017. This post is based in Egham, Surrey where the College is situated in a beautiful, leafy campus near to Windsor Great Park and within commuting distance from London.

For an informal discussion about the post, please contact Professor Kenny Paterson on

To view further details of this post and to apply please visit . The Human Resources Department can be contacted with queries by email at: or via telephone on: +44 (0)1784 41 4241.

Please quote the reference: 1015-296

Closing Date: Midnight, 4th November 2015

ENS Lyon Monthly Lattice and Crypto Meetings

Fabien Laguillaumie, Benoît Libert and Damien Stehlé are organising “soft-monthly” (that’s a word!) meetings on lattice cryptography which look very nice. Below the announcement from the c2 list slightly edited for style.

Dear all,

We are setting up a “soft-monthly” meeting on lattices and cryptography, at ENS Lyon. The meetings will consist of several talks on related topics, with a format that will hopefully encourage interactions (blackboard, long time slots).

The first meeting, on September 30th and October 1st, will be on Lattice-based and code-based group signatures.

Tentative program

We 30/09, 2:30pm – 3:30pm: Benoît Libert

Tutorial on group signatures

We 30/09, 4:00pm – 5:30pm: Khoa Nguyen

Group signatures from lattices: simpler, tighter, shorter, ring-based

Th 01/10, 10:15am – 11:15am: Khoa Nguyen

A provably secure group signature scheme from code-based assumptions

Th 1:30pm -3:00pm: Philippe Gaborit

Dynamic traceable signature on lattices with non-frameability property

Th 3:30pm – 5pm: Fabrice Mouhartem

Lattice-based group signatures for dynamic groups


ENS de Lyon, Monod campus, main building, level 1, room 116.


Everyone is welcome. Two caveats:

  1. speakers are told the audience is somewhat familiar with lattices and crypto
  2. please send me ( an email, so that the size of the room fits with the number of participants.


You may contact


Best regards Damien

First CoDiMa Training School in Computational Discrete Mathematics

This winter school sounds excellent:

We have just finalised the date and location for the First CoDiMa Training School in Computational Discrete Mathematics which will take place at the University of Manchester on November 16th-20th, 2015. This school is intended for post-graduate students and researchers from UK institutions. It will start with the 2-days hands-on Software Carpentry workshop covering basic concepts and tools, including working with the command line, version control and task automation, continued with introductions to GAP and SageMath systems, and followed by the series of lectures and exercise classes on a selection of topics in computational discrete mathematics.

The School’s website and the registration details will be announced shortly. In the meantime, if you’re interested in attending, please keep the dates in your diary and check for updates on our website and on our Twitter @codima_project, or tell us about your interest writing to contact at so that we will be able to notify you when the registration will begin.

PolyBoRi is dead, it needs your help

On the Sage development list a discussion is going on what to do about PolyBoRi. For those who do not know PolyBoRi, for computing Gröbner bases for Boolean polynomials it is pretty much the only (open-source) game in town (as far as I know):

The core of PolyBoRi is a C++ library, which provides high-level data types for Boolean polynomials and monomials, exponent vectors, as well as for the underlying polynomial rings and subsets of the powerset of the Boolean variables. As a unique approach, binary decision diagrams are used as internal storage type for polynomial structures.

On top of this C++-library we provide a Python interface. This allows parsing of complex polynomial systems, as well as sophisticated and extendable strategies for Gröbner base computation. PolyBoRi features a powerful reference implementation for Gröbner basis computation.

Boolean polynomials show up a lot in cryptography and other areas of computer science.

The trouble with PolyBoRi is that both authors of PolyBoRi – Alexander Dreyer and Michael Brickenstein – left academia and have jobs now which have nothing to do with PolyBoRi. Hence, PolyBoRi is currently not maintained. This is a big problem. In particular, there are some issues with PolyBoRi which cannot be ignored forever:

  • PolyBoRi uses Python (yay) but only Python 2. At some point the world – i.e. Sage – will switch to Python 3 and PolyBoRi is the only obstacle to that switch except for the Sage Python library itself.
  • PolyBoRi uses Scons as a build system. Everybody would be a lot happier if it was switched to using autotools (which are a lot more awesome than many people realise).

In the long-term the Singular team might get involved and keep PolyBoRi alive, but this is not certain. Also, there is a push for a decision about what to do with PolyBoRi in Sage now.

The current proposal on the table is to drop PolyBoRi from the default Sage installation, i.e. to demote it to an optional package. In my mind, this would be very bad as Sage and PolyBoRi benefit from the tight integration that currently exists. Also, in my experience, optional packages tend to simply not work that well as they are not tested in each release.

Hence, if you care about PolyBoRi you should consider to

  1. let us know in the relevant thread on the mailing list if you use PolyBoRi in Sage.
  2. volunteer to help to autotool-ify PolyBoRi if you speak autotools. (If you don’t speak autotools, you should learn, they are awesome.)
  3. volunteer to help to port PolyBoRi from Python 2 to Python 3.

I’m up for getting involved, but I don’t want to take on the responsibility alone.

Update (2015-06-13): A fair share of work has already been done by Andrew. Still, anyone up for helping out?