17th IMA Conference on Cryptography and Coding

IMA-CC is a crypto and coding theory conference biennially held in the UK. It was previously held in Cirencester. So you might have heard of it as the “Cirncester” conference. However, it has been moved to Oxford, so calling it Cirencester now is a bit confusing. Anyway, it is happening again this year. IMA is a small but fine conference with the added perk of being right before Christmas. This is great because around that time of the year Oxford is a fairly Christmas-y place to be.

16 – 18 December 2019, St Anne’s College, University of Oxford

Continue reading “17th IMA Conference on Cryptography and Coding”

Advertisements

Postdoc Position at Royal Holloway on Key Exchange

Carlos and I have a postdoc position on designing cryptographic key exchange protocols that support incorporating key material from, erm, … diverse sources. This is part of a consortium that looks at integrating some quantum cryptography with post-quantum cryptography, but there is no need to think so narrowly about the problem. That is, the project is about incorporating randomness from wherever it might come and what security goals can be achieved depending on what is compromised. More generally, if you enjoy cryptographic protocols, not limited to key exchange protocols, this might be a fitting postdoc position. Get in touch with Carlos or me, if you’re unsure on whether the position is a good fit.

Location: Egham
Salary: £39,479 to £41,743 per annum – including London Allowance
Closing Date: Tuesday 12 March 2019
Interview Date: To be confirmed
Reference: 0219-048

The Information Security Group at Royal Holloway University of London is seeking to recruit a postdoctoral research assistant (PDRA) to work in the area of cryptography. The position is available for immediate start, for up to 26 months (until 31 March 2021).

The PDRA will work alongside Prof. Carlos Cid, Dr. Martin Albrecht and other cryptographic researchers at Royal Holloway on topics connected to the design and analysis of cryptographic key exchange protocols that support incorporating key material from diverse sources. This post is part of the AQuaSec project, a Innovate UK-funded research project with 17 partners from industry and academia, aiming to develop technologies for quantum-safe communications by integrating post-quantum cryptography with techniques from quantum cryptography.

Applicants for this role should have already completed, or be close to completing, a PhD in a relevant discipline, with an outstanding research track record in cryptography. Applicants should be able to demonstrate scientific creativity, research independence, and the ability to communicate their ideas effectively in written and verbal form. Salary is £39,479 per annum, inclusive of London Allowance. This post is appointed at Grade 7, Spine point 34.

Established in 1990, the Information Security Group at Royal Holloway was one of the first dedicated academic groups in the world to conduct research and teaching in information security. The ISG is today a world-leading interdisciplinary research group with 20 full-time members of staff, several postdoctoral research assistants and over 50 PhD students working on a range of subjects in cyber security, in particular cryptography.

In return we offer a highly competitive rewards and benefits package including:

  • Generous annual leave entitlement
  • Training and Development opportunities
  • Pension Scheme with generous employer contribution
  • Various schemes including Cycle to Work, Season Ticket Loans and help with the cost of Eyesight testing.
  • Free parking
  • Competitive Maternity, Adoption and Shared Parental Leave provisions

The post is based in Egham, Surrey where the College is situated in a beautiful, leafy campus near to Windsor Great Park and within commuting distance from London.

To view further details of this post and to apply please visit https://jobs.royalholloway.ac.uk. For queries on the application process the Human Resources Department can be contacted by email at: recruitment@rhul.ac.uk. Informal enquiries can be made to Prof. Carlos Cid at carlos.cid@rhul.ac.uk.

Please quote the reference: 0219-048

Closing Date: Midnight, 12 March 2019

Interview Date: To be confirmed

PS: I will have two more postdoc positions, on lattice-based cryptography in the next few weeks/months.

10 PhD Positions at Royal Holloway’s Centre for Doctoral Training in Cyber Security

At Royal Holloway we are now taking applications for ten fully-funded PhD positions in Information Security. See the CDT website and the ISG website for what kind of research we do. In particular, check out our past and current CDT students to get an idea of how broad and diverse the areas of information security are in which they work.

Note that most of these positions are reserved for UK residents, which does, however, not mean nationality (see CDT website for details) and there might also be some wiggle room for EU residents.

Continue reading “10 PhD Positions at Royal Holloway’s Centre for Doctoral Training in Cyber Security”

NTT Considered Harmful?

In a typical Ring-LWE-based public-key encryption scheme, Alice publishes

(a, b) = (a, a \cdot s + e) \in \mathbb{Z}_q[x]/(x^n+1)

(with n a power of two1) as the public key, where s, e are both “small” and secret. To encrypt, Bob computes

(c_{0}, c_{1}) = (v \cdot a + e', v \cdot b + e'' + \textnormal{Encode}(m))

where v, e', e'' are small, m is the message \in \{0,1\}^n and \textnormal{Encode}(\cdot) some encoding function, e.g. \sum_{i=0}^{n-1} \lfloor \frac{q}{2} \rfloor m_i x^i . To decrypt, Alice computes

c_{0} \cdot s - c_{1} = (v \cdot a + e')\cdot s - v \cdot (a\cdot s + e) + e'' + \textnormal{Encode}(m),

which is equal to e' \cdot s - v \cdot e + e'' + \textnormal{Encode}(m). Finally, Alice recovers m from the noisy encoding of m where e' \cdot s - v \cdot e + e'' is the noise. In the Module-LWE variant the elements essentially live in \left(\mathbb{Z}_q[x]/(x^n+1)\right)^k, e.g. a is not a polynomial but a vector of polynomials.

Thus, both encryption and decryption involve polynomial multiplication modulo x^n+1. Using schoolbook multiplication this costs \mathcal{O}(n^2) operations. However, when selecting parameters for Ring-LWE, we can choose q \equiv 1 \bmod 2n which permits to use an NTT to realise this multiplication (we require \equiv \bmod 2n to use the negacyclic NTT which has modular reductions modulo x^n+1 baked in). Then, using the NTT we can implement multiplication by

  1. evaluation (perform NTT),
  2. pointwise multiplication,
  3. interpolation (perform inverse NTT).

Steps (1) and (3) take \mathcal{O}(n \log n) operations by using specially chosen evaluation points (roots of one). Step (2) costs \mathcal{O}(n) operations.

This is trick is very popular. For example, many (but not all!) Ring-LWE based schemes submitted to the NIST PQC competition process use it, namely NewHope, LIMA (go LIMA!), LAC, KCL, HILA5, R.EMBLEM, Ding Key-Exchange, CRYSTALS-KYBER, CRYSTALS-DILITHIUM (sorry, if I forgot one). Note that since steps (1) and (3) are the expensive steps, it makes sense to remain in the NTT domain (i.e. after applying the NTT) and only to convert back at the very end. For example, it is faster for Alice to store s, e in NTT domain and, since the NTT maps uniform to uniform, to sample a in NTT domain directly, i.e. to just assume that a random vector a is already the output of an NTT on some other random vector.

This post is about two recent results I was involved in suggesting that this is not necessarily always the best choice (depending on your priorities.)

Warning: This is going to be one of those clickbait-y pieces where the article doesn’t live up to the promise in the headline. The NTT is fine. Some of my best friends use the NTT. In fact I’ve implemented and used the NTT myself.

Continue reading “NTT Considered Harmful?”

10 PhD Positions at Royal Holloway’s Centre for Doctoral Training in Cyber Security

At Royal Holloway we have ten PhD positions in Information Security. The catch is that almost all of those positions are reserved for UK residents. Note that this does not mean nationality, see funding page (there might also be some wiggle room in some cases). For more information see the CDT website and the ISG website for what kind of research we do.

Welcome to the EPSRC Centre for Doctoral Training (CDT) in Cyber Security at Royal Holloway. The Centre was established in 2013, and has as its main objective to produce cohorts of highly-trained researchers with a broad understanding of cyber security.

The CDT is hosted by the Information Security Group (ISG), and provides multidisciplinary training to annual cohorts of around ten students each. The students follow a 4-year doctoral programme: the first phase consists of a taught component comprising 25 per cent of the programme. The remaining three years follow the more traditional path of doctoral studies, with each student undertaking research in an advanced topic in the field of cyber security. See the CDT Course of Study page for more information about the programme.

CDT recruitment typically runs from November to April, to select students for the CDT cohort to start the following September. Selected applicants are awarded fully-funded PhD studentships (stipend and College fees) for four years. We consider applications from candidates with undergraduate and masters qualifications in a wide range of disciplines, including, but not limited to, mathematics, computer science, and electrical and electronic engineering.

We are now open to receive applications for students to start their PhD studies in September 2018.

Please explore the links below to learn more about the entry requirements, funding and eligibility, and how to apply to Royal Holloway’s CDT in Cyber Security.

Postdoc at Royal Holloway on Post-Quantum Cryptography in Hardware

Together with Carlos Cid, we have a two-year postdoc position available. The position is focused on hardware implementations of post-quantum cryptography such as lattice-based, code-based, hash-based or mq-based schemes. If you are interested, feel free to get in touch with Carlos or me. If you know of somone who might be interested, we would appreciate if you could make them aware of this position.

Continue reading “Postdoc at Royal Holloway on Post-Quantum Cryptography in Hardware”

Postdoc at Royal Holloway on Quantum-Safe Cryptography in Hardware

Together with Carlos Cid, we have a two-year postdoc position available. The position is focused on hardware implementations of quantum-safe cryptography such as lattice-based, code-based, hash-based or mq-based schemes. If you are interested, feel free to get in touch with Carlos or me. If you know of somone who might be interested, we would appreciate if you could make them aware of this position.

Continue reading “Postdoc at Royal Holloway on Quantum-Safe Cryptography in Hardware”