International Association for Cryptologic Research

International Association
for Cryptologic Research


Updates on the COVID-19 situation are on the Announcement channel.

Here you can see all recent updates to the IACR webpage. These updates are also available:

email icon
via email
RSS symbol icon
via RSS feed
Twitter bird icon
via Twitter
Weibo icon
via Weibo
Facebook icon
via Facebook

24 February 2021

Shuo Sun, Yongbin Zhou, Yunfeng Ji, Rui Zhang, Yang Tao
ePrint Report ePrint Report
Gaussian sampling over the integers is one of the fundamental building blocks of lattice-based cryptography. In particular, it can't be avoided in trapdoor sampling until now. However, it's still a challenging work how to construct a generic, efficient, and isochronous Gaussian sampler. In this paper, our contribution is three-fold.

First, we propose a secure, efficient exponential Bernoulli sampling algorithm. It can be applied to Gaussian samplers based on rejection samplings. We apply it to FALCON, a candidate of round 3 of the NIST post-quantum cryptography standardization project, and reduce its signature generation time by 13.66%-15.52%.

Second, we develop a new Gaussian sampler based on rejection sampling. Our Algorithm can securely sample from Gaussian distributions with different standard deviations and arbitrary centers. We apply it to PALISADE (S&P'18), an open-source lattice cryptography library. The new implementation of trapdoor sampling in PALISADE has better performance while resisting timing attacks.

Third, we improve the efficiency of the COSAC sampler (PQC'20). The new COSAC sampler is 1.46x-1.63x faster than the original and has the lowest expected number of trials among all Gaussian samplers based on rejection samplings. But it needs a more efficient algorithm sampling from the normal distribution to improve its performance.
Tatsuki Ono, Song Bian, Takashi Sato
ePrint Report ePrint Report
The module learning with errors (MLWE) problem is one of the most promising candidates for constructing quantum-resistant cryptosystems. In this work, we propose an open-source framework to automatically adjust the level of parallelism for MLWE-based key exchange protocols to maximize the protocol execution efficiency. We observed that the number of key exchanges handled by primitive functions in parallel, and the dimension of the grids in the GPUs have significant impacts on both the latencies and throughputs of MLWE key exchange protocols. By properly adjusting the related parameters, in the experiments, we show that performance of MLWE based key exchange protocols can be improved across GPU platforms.
Guilherme Perin, Lichao Wu, Stjepan Picek
ePrint Report ePrint Report
Deep learning-based side-channel analysis (SCA) became the de facto standard in the profiling SCA. Still, this does not mean it is trivial to find neural networks that perform well for any setting. Based on the developed neural network architectures, we can distinguish between small neural networks that are easier to tune and less prone to overfitting but can have insufficient capacity to model the data. On the other hand, large neural networks would have sufficient capacity but can overfit and are more difficult to tune. This always brings an interesting trade-off between simplicity and performance.

This paper proposes using a pruning strategy and recently proposed Lottery Ticket Hypothesis to improve the deep learning-based SCA. We demonstrate that we can find smaller neural networks that perform on the level of larger networks, where we manage to reduce the number of weights by more than 90% on average. Additionally, we show that pruning can help prevent overfitting and the effects of imbalanced data, reaching top attack performance for small networks when larger networks do not manage to break the target at all.
Xu Liu, Mingqiang Wang
ePrint Report ePrint Report
Xagawa and Yamakawa (PQCrypto 2019) proved the transformation SXY can tightly turn DS secure PKEs into IND-qCCA secure KEMs in the quantum random oracle model (QROM). But transformations such as KC, TPunc that turn PKEs with standard security (OW-CPA or IND-CPA) into DS secure PKEs still suffer from quadratic security loss in the QROM. In this paper, we give a tighter security reduction for the transformation KC that turns OW-CPA secure deterministic PKEs into modified DS secure PKEs in the QROM. We use the Measure-Rewind-Measure One-Way to Hiding Lemma recently introduced by Kuchta et al. (EUROCRYPT 2020) to avoid the square-root advantage loss. Moreover, we extend it to the case that underlying PKEs are not perfectly correct. Combining with other transformations, we finally obtain a generic KEM from any IND-CPA secure PKE. Our security reduction has roughly the same tightness as the result of Kuchta et al. without any other assumptions and we achieve the stronger IND-qCCA security. We also give a similar result for another KEM transformation achieving the same security notion from any OW-CPA secure deterministic PKE.
Karim Baghery, Cyprien Delpech de Saint Guilhem, Emmanuela Orsini, Nigel P. Smart, Titouan Tanguy
ePrint Report ePrint Report
This paper introduces M-Circuits, a program representation which generalizes arithmetic and binary circuits. This new representation is motivated by the way modern multi-party computation (MPC) systems based on linear secret sharing schemes actually operate. We then show how this representation also allows one to construct zero knowledge proof (ZKP) systems based on the MPC-in-the-head paradigm. The use of the M-Circuit program abstraction then allows for a number of program-specific optimizations to be applied generically. It also allows to separate complexity and security optimizations for program compilation from those for application protocols (MPC or ZKP).
Raghvendra Rohit, Kai Hu, Sumanta Sarkar, Siwei Sun
ePrint Report ePrint Report
Being one of the winning algorithms of the CAESAR competition and currently a second round candidate of the NIST lightweight cryptography standardization project, the authenticated encryption scheme Ascon (designed by Dobraunig, Eichlseder, Mendel, and Schl{\"{a}}ffer) has withstood extensive self and third-party cryptanalysis. The best known attack on Ascon could only penetrate up to $7$ (out of $12$) rounds due to Li et al. (ToSC Vol I, 2017). However, it violates the data limit of $2^{64}$ blocks per key specified by the designers. Moreover, the best known distinguishers of Ascon in the AEAD context reach only 6 rounds. To fill these gaps, we revisit the security of 7-round Ascon in the nonce-respecting setting without violating the data limit as specified in the design. First, we introduce a new superpoly-recovery technique named as \textit{partial polynomial multiplication} for which computations take place between the so-called degree-$d$ homogeneous parts of the involved Boolean functions for a $2d$-dimensional cube. We apply this method to 7-round Ascon and present several key recovery attacks. Our best attack can recover the 128-bit secret key with a time complexity of about $2^{123}$ 7-round Ascon permutations and requires $2^{64}$ data and $2^{101}$ bits memory. Also, based on division properties, we identify several 60 dimensional cubes whose superpolies are constant zero after 7 rounds. We further improve the cube distinguishers for 4, 5 and 6 rounds. Although our results are far from threatening the security of full 12-round Ascon, they provide new insights in the security analysis of Ascon.
Jan-Pieter D'Anvers, Senne Batsleer
ePrint Report ePrint Report
Many lattice-based encryption schemes are subject to a very small probability of decryption failures. It has been shown that an adversary can efficiently recover the secret key using a number of ciphertexts that cause such a decryption failure. In PKC~2019, D'Anvers~et~al. introduced `failure boosting', a technique to speed up the search for decryption failures. In this work we first improve the state-of-the-art multitarget failure boosting attacks. We then improve the cost calculation of failure boosting and extend the applicability of these calculations to permit cost calculations of real-world schemes. Using our newly developed methodologies we determine the multitarget decryption failure attack cost for all parameter sets of Saber and Kyber, showing among others that the quantum security of Saber can theoretically be reduced from 172 bits to 145 bits in specific circumstances. We then discuss the applicability of decryption failure attack in real-world scenarios, showing that an attack might not be practical to execute.
Jan Czajkowski
ePrint Report ePrint Report
In this paper we prove quantum indifferentiability of the sponge construction instantiated with random (invertible) permutations. With this result we bring the post-quantum security of the standardized SHA-3 hash function to the level matching its security against classical adversaries. To achieve our result, we generalize the compressed-oracle technique of Zhandry (Crypto'19) by defining and proving correctness of a compressed permutation oracle. We believe our technique will find applications in many more cryptographic constructions.
Yaroslav Balytskyi, Manohar Raavi, Anatoliy Pinchuk, Sang-Yoon Chang
ePrint Report ePrint Report
Quantum Key Distribution or QKD provides symmetric key distribution using the quantum mechanics/channels with new security properties. The security of QKD relies on the difficulty of the quantum state discrimination problem. We discover that the recent developments in PT symmetry can be used to expedite the quantum state discrimination problem and therefore to attack the BB84 QKD scheme. We analyze the security of the BB84 scheme and show that the attack significantly increases the eavesdropping success rate over the previous Hermitian quantum state discrimination approach. We design and analyze the approaches to attack BB84 QKD protocol exploiting an extra degree of freedom provided by the PT-symmetric quantum mechanics.
Hamidreza Amini Khorasgani, Hemanta K. Maji, Hai H. Nguyen
ePrint Report ePrint Report
Noise, which cannot be eliminated or controlled by parties, is an incredible facilitator of cryptography. For example, highly efficient secure computation protocols based on independent samples from the doubly symmetric binary source (BSS) are known. A modular technique of extending these protocols to diverse forms of other noise without incurring any loss of round and communication complexity is the following strategy. Parties, beginning with multiple samples from an arbitrary noise source, non-interactively, albeit, securely, simulate the BSS samples. After that, they can use custom-designed efficient multi-party solutions for BSS.

Khorasgani, Maji, and Nguyen (EPRINT--2020) introduce the notion of secure non-interactive simulation (SNIS) as a natural cryptographic extension of concepts like non-interactive simulation and non-interactive correlation distillation in theoretical computer science and information theory. In SNIS, the parties apply local reduction functions to their samples to produce the samples of another distribution. This work studies the decidability problem of whether a sample from the noise $(X,Y)$ can securely and non-interactively simulate BSS samples. As is standard in analyzing non-interactive simulations, our work relies on Fourier analytic techniques to approach this decidability problem. Our work begins by algebraizing the simulation-based security definition of SNIS. Then, using this algebraized definition of security, we analyze the properties of the Fourier spectrum of the reduction functions.

Given $(X,Y)$ and BSS with parameter $\epsilon$, our objective is to distinguish between the following two cases. (A) Does there exist a SNIS from BSS$(\epsilon)$ to $(X,Y)$ with $\delta$-insecurity? (B) Do all SNIS from BSS$(\epsilon)$ to $(X,Y)$ incur $\delta'$-insecurity, where $\delta'>\delta$? We prove that there exists a bounded computable time algorithm achieving this objective for the following cases. (1) $\delta=\bigO{1/n}$ and $\delta'=$ positive constant, and (2) $\delta=$ positive constant, and $\delta'=$ another (larger) positive constant. We also prove that $\delta=0$ is achievable only when $(X,Y)$ is another BSS, where $(X,Y)$ is an arbitrary distribution over $\minusoo\times\minusoo$. Furthermore, given $(X,Y)$, we provide a sufficient test determining if simulating BSS samples incurs a constant-insecurity, irrespective of the number of samples of $(X,Y)$.

Technically, our work proceeds by demonstrating that the weight of the Fourier spectrum of the reduction functions is at most $\bigO{\delta}$ on higher-order components, where $\delta$ is the insecurity of the SNIS.

23 February 2021

National Yunlin University of Science and Technology, Douliou, Yunlin County, Taiwan
Job Posting Job Posting

Keywords: Post-quantum cryptography, multivariate cryptography, multi-party computation, cryptographic protocols.

National Yunlin University of Science and Technology, Douliou, Yunlin County, Taiwan. YUNTECH is looking forward to recruiting young, talented and self-motivated students on two Ph.D. positions at PhD program of “Electrical Engineering and Computer Science” and “Information Management” to work on any of the following areas of applied cryptography under the supervision of Dr. Saru Kumari. Dr. Saru Kumari will join YUNTECH on 1st August 2021.

    Design of post-quantum cryptographic protocols
    Software and hardware implementation of post-quantum cryptographic protocols
    Multi-party computation
    Cryptographic protocols and their implementation
    Privacy-preserving cryptographic protocols for cloud/edge/fog computing
    Multivariate cryptographic protocols
Requisites for Ph.D. students:
    A bachelor & master degree in Computer Science/Information Security
    Strong mathematical background
    Proficient written and verbal communication skills in English
    Basic knowledge of blockchain technology
    Elementary knowledge of crypto-currencies and their security

What we provide: As one of the best engineering and technology universities, YUNTECH provides students with excellent academic and practical training, an excellent research environment, and strong supervision by world-class scholars. We help graduates to develop their career in information and telecommunication industry and semiconductor industry, the outstanding industry of Taiwan in the world. Students recommended by Dr Kumari will get a full tuition waiver and a monthly stipend.

How to apply:
    CV (highlighting their interests and strengths)
    via email with the subject line:- “Application for Ph.D. in applied cryptography at YUNTECH”, to Dr Saru Kumari at keeping cc Hsin-I Huang (Sandy) at

        Application guide:

        Application deadline: May 21, 2021.

      Closing date for applications:

      Contact: Dr Saru Kumari at keeping cc Hsin-I Huang (Sandy) at

      More information:

Villanova University, Philadelphia, PA, USA
Job Posting Job Posting
There is one Ph.D. position opening at Dr. Jiafeng Harvest Xie's research group at the Department of Electrical and Computer Engineering of Villanova University, Villanova, PA (west of Philadelphia), USA. The research topics of this position primarily focused on cryptanalysis of the post-quantum cryptosystems. Interested ones are warmly welcomed to send their resume/CV to Dr. Xie through email:

Requirements: preferred to be at the majors of Cryptography, Mathematics, Computer Science, Computer Engineering, Electrical Engineering and related others. Familiar with cryptanalysis and fault attack/detection will be desirable. Proficiency in programming languages such as C/C++ etc. Good at English communication and writing. Great enthusiasm of doing research oriented tasks. Excellent team work member.

Degree: both B.S. and M.S. graduates or similar are warmly welcomed to apply. Start date: Fall 2021. It is always better to apply as early as possible. Positions are open until they are filled.

The 2021 U.S. News & World Report ranks Villanova as tied for the 53th best National University in the U.S (Famous Alumni includes the Current First Lady of the United States, etc.).

Brief introduction of Dr. Xie: Dr. Jiafeng Harvest Xie is currently an Assistant Professor at the Department of Electrical and Computer Engineering of Villanova University. His research interests include cryptographic engineering, hardware security, and VLSI digital design. He is the Best Paper Awardee of IEEE HOST 2019. He has served the Associate Editor for Microelectronics Journal, IEEE Access, and IEEE Trans. Circuits and Systems II. He has also been awarded the 2019 IEEE Access Outstanding Associate Editor.

Closing date for applications:

Contact: Jiafeng Xie

More information:

IRISA, Rennes, France
Job Posting Job Posting
We aim to analyze and protect post-quantum schemes against side-channel attacks (starting with code-based cryptosystems), in particular implementations submitted to NIST. Having found flaws in these implementations, we will design countermeasures at the compilation (assembly language) level, to appropriately harden the code while preserving the algorithm. During the project, the candidate will work on countermeasures specific to post-quantum schemes and their actual implementation at the compilation level. More than the binaries, the methodology, the tools, and the solutions to various faced practical issues will be of great interest to the community. Depending on the background and interests of the candidate, we are open to adjustments to the research strategies.


  • PhD in related research areas
  • integration into the research environment
  • willingness to supervise Ph.D. student(s)
  • motivation to publish in A/A∗conferences

    Closing date for applications:

    Contact: Annelie Heuser,

  • Expand
    Kudelski Security, Switzerland and USA
    Job Posting Job Posting

    Kudelski Security, a division of the Kudelski Group, is an innovative, independent Swiss provider of tailored cyber and media security solutions to enterprises and public sector institutions. Founded in 2012, Kudelski Security is headquartered in Phoenix, Arizona and Cheseaux-sur-Lausanne, Switzerland, and has offices all around the globe. For more information, please visit:

    The Kudelski Security Research Team is looking for one (or more) researchers experienced with cryptography. You’ll join a multi-disciplinary team with members focused on cutting edge areas such as cryptography, quantum security, privacy preserving technologies, and AI security just to name a few. The position can be on-site or remote, and includes attractive salary and benefits depending on your seniority level.

    Principal Duties:

  • A 50% split between activities generating revenue and research
  • Security audit of source code and architecture of cryptographic implementations
  • Create viable research projects from your own ideas or from other researchers and engineers
  • Identify areas of interest for further research and development
  • Create new intellectual property
  • Manage the lifecycle of research projects
  • Represent Kudelski Security in public forums (blogs, conferences, journals) through original publications
  • Mentor team members in your area


  • Proven experience demonstrating knowledge of cryptography (such as blog posts, published source code, academic papers, etc.)
  • At minimum Bachelor’s degree in computer science, computer engineering, information security or related field of study
  • Good knowledge of a modern programming language such as Go, Rust, Python as well as C/C++
  • Comfortable reading code developed in multiple programming languages
  • 5+ years of experience in cybersecurity, research, or applied cryptography
  • Strong written and verbal communication skills in English
  • Ability to interface effectively with customers and internal stakeholders

    For further information:

    Closing date for applications:


    More information:

  • Expand
    Lucerne University of Applied Sciences and Arts, Rotkreuz, Switzerland
    Job Posting Job Posting
    We are seeking a research associate to work research projects in IT security and practical aspects of quantum cryptography. This position is part of the Swiss National Science Foundation Practice-to-Science grant “Quantum cryptography in practice”. Candidates should have good software engineering skills and a strong background in IT security and/or cryptography; knowledge in quantum information advantageous. Both junior and more senior candidates are considered. For junior candidates, there exists the possibility to combine the employment with enrollment in a study-programm towards a Master of Science in Engineering (MSE) Further information and an online application form please check the link above.

    Closing date for applications:

    Contact: Dr. Esther Hänggi

    More information:

    Lucerne University of Applied Sciences and Arts, Rotkreuz, Switzerland
    Job Posting Job Posting
    We are seeking a highly motivated PhD student to work on practical aspects of quantum cryptography. The position is part of the Swiss National Science Foundation Practice-to-Science grant “Quantum cryptography in practice”. This project investigates practical quantum key distribution and quantum random number generation protocols, analyzes their security and develops secure and efficient alternative protocols. It devises methods to assess and quantify the quality and “quantumness” of quantum random number generators. The PhD student will be employed and hosted at the Lucerne School of Computer Science and Information Technology in Roktkreuz, Switzerland and will be enrolled in the doctoral programm of ETH Zurich. For further information and an online application form please use the link above.

    Closing date for applications:

    Contact: Dr. Esther Hänggi

    More information:

    University of St. Gallen, School of Computer Science, Switzerland
    Job Posting Job Posting
    We are looking for a bright and motivated research engineer in the area of cryptography, security and privacy to join the team of Prof. Mitrokotsa at the cybersecurity chair (Univ. of St. Gallen). As a research engineer in the Cyber Security chair you will establish and work in a state-of-the-art IoT (Internet of Things) lab with smart devices (ranging from Raspberry Pi's, sensors, RFID tags, RFID readers) and you will work with world-leading researchers to implement, test, and showcase secure and privacy-preserving protocols and algorithms. Many projects are done in collaboration with other academic and industrial partners.
    Responsibilities: More specifically, the job includes:
    • Development and implementation of concepts and research results, both individually and in collaboration with researchers and PhD students,
    • Run of experiments and simulation of realistic conditions to test the performance of developed algorithms and protocols,
    • Development, maintenance and organization of software,
    • Support to BSc, MSc and PhD students, postdocs and researchers who use the lab,
    • Responsibility for the daily routines in the lab, for example purchases, installations, bookings, inventory,
    • Producing media content for our group web page and social media platforms.
    Your profile:
    • The successful applicant is expected to hold or to be about to receive a M.Sc. degree in Computer Science, Electrical Engineering, Applied Mathematics or similar fields, preferably with a focus in Security and Privacy for Computer Science Systems.
    • We are looking for a strongly motivated and self-driven person who is able to work and learn new things independently. Good command of English is required.
    • You should have a good academic track record and well developed analytical and problem solving skills.
    • Excellent programming skills and familiarity with cryptographic libraries.
    • Previous experience in implementation projects with C++, Matlab, Python is desired.
    Inria and ENS, Paris, France
    Job Posting Job Posting

    We are looking for talented and motivated Post-docs to work on the ERC Advanced Grant project PARQ: Lattices in a Parallel and Quantum World. The project aims at studying the best parallel and quantum algorithms for lattice problems, and proposing automated tools to select safe parameters for lattice-based cryptography. It is hosted by the Inria cryptography team Cascade, located at ENS in downtown Paris. (see )

    The ideal candidates should have a PhD degree from a leading university, and a proven record of lattice-related publications in top venues. We offer a competitive salary and a budget for conference travel and research visits. Positions can be filled from April 1st, 2021. If you're interested, please send as soon as possible (and before June 1st, 2021):

    • Your curriculum vitae
    • Your two best publications
    • Research statement
    • Reference letters if possible

    To apply:

    Closing date for applications:

    Contact: Phong Q. Nguyen ( Phong.Nguyen at )

    More information:

    University College Cork, Ireland
    Job Posting Job Posting

    The School of Computer Science & IT at University College Cork is a partner in the Science Foundation Ireland Centre for Research Training on Artificial Intelligence, which funds a number of 4-year PhD scholarships. The scholarships include full payment of university fees and a monthly tax-free stipend of €1,500, as well as a budget for equipment, travel, and training.

    We are currently looking for candidates interested to work on privacy-preserving machine learning/artificial intelligence. Topics of interests include: advanced encryption for neural networks; anonymity and differential privacy; model ownership (watermarking and fingerprinting) and related attacks.

    Interested candidates should write to Dr Paolo Palmieri ( Expressions of interest for the 2021-2022 call need to be received by February 26, 2021. Early applications will be given priority.

    Applicants should include:

    1. a brief cover letter (1 page max) explaining their interest in the project topic, and mentioning any previous experience in privacy/cryptography/security;
    2. a curriculum vitae, mentioning the final grade/CGPA for each degree.
    Shortlisted students will be asked to submit a full application (including academic transcripts, evidence of English language proficiency, and references) at a later stage.

    Closing date for applications:

    Contact: Dr. Paolo Palmieri (

    University of Calgary, Calgary, AB, Canada
    Job Posting Job Posting
    The Department of Electrical and Computer Engineering in the Schulich School of Engineering at the University of Calgary is pleased to invite applications for a tenure-track Assistant Professor position in Secure Software Systems with an anticipated start date of July 1, 2021. Candidates with an earned doctoral degree in Software Engineering or a related discipline, or those who will have earned a doctoral degree by the anticipated start date, and who have the potential for excellence in research and teaching are invited to apply. The successful candidate should have research experience in one of the following topics:
  • engineering safe, dependable, and secure software systems
  • privacy and security in software
  • security testing
  • secure software defined network
  • cybersecurity
  • The successful candidate will have a demonstrated record of high-quality research publications. They are expected to demonstrate the potential to establish an externally funded research program, and to achieve international recognition within five years. They will have the ability to attract excellent trainees, students, and future researchers. The successful candidates will develop and teach a range of undergraduate and graduate courses in the Software Engineering Program. The successful candidate will have excellent written and oral communication skills and provide evidence of successful teaching ability. Candidates should be eligible for registration as a Professional Engineer with the Association of Professional Engineers and Geoscientists of Alberta (APEGA). Experience working in industry or on industrial projects is an asset.

    Closing date for applications:

    Contact: Prof. Andy Knight (Department Head) Email:

    More information:

    Next ►