IACR News

Updates on the COVID-19 situation are on the Announcement channel.

Here you can see all recent updates to the IACR webpage. These updates are also available:

23 October 2020

Job Posting
TU Darmstadt has an opening for a tenure-track assistant professorship (W2) in Quantum Computing in the Computer Science Department. Areas of interest are:

• Quantum algorithms
• Quantum engineering
• Quantum programming systems
• Quantum compilers
• Simulation of quantum computers

Closing date for applications:

Job Posting

The IMDEA Software Institute offers an intern position in the area of security and privacy in blockchain, in the context of the project SLN: Scalability for the Lightning Network. The intern will work under the supervision of Pedro Moreno-Sanchez.

Who should apply?: Applicants should have finished (or be close to finish) a master degree in Computer Science. Experience in cryptography, distributed systems or blockchain is highly valued.

Working at IMDEA Software: The positions are based in Madrid, Spain where the IMDEA Software Institute is situated. Salaries are internationally competitive and include attractive conditions such as access to an excellent public healthcare system. The working language at the institute is English. Knowledge of Spanish is not required.

Dates: The position has guaranteed funding for 6 months. There exists the possibility to stay afterwards as PhD student. The preferred starting date is early 2021.

How to apply?: Applicants interested in the position should submit their application at https://careers.software.imdea.org/ using reference code 2020-10-intern-blockchain. Deadline for applications is November 30th, 2020. Review of applications will begin immediately.

Closing date for applications:

University Jean Monnet, Laboratory Hubert Curien, SESAM team, Saint-Etienne, France
Job Posting
We are looking for candidates for a PhD position in the field of design and modeling phase-locked loops (PLL) as a source of randomness in logic devices, implementation of true random number generators (TRNG) based on PLLs in FPGAs and ASICs, analysis of statistical properties of the generated numbers, statistical modeling of the proposed TRNGs and construction of efficient embedded tests dedicated to the proposed generators and based on their stochastic models. Desired profile: Master degree is required. Required skills: a) good knowledge of digital electronics and embedded systems; b) knowledge of FPGA design tools (Intel, Xilinx or Microsemi) as well as simulation tools (Modelsim); c) good level of English. Other useful skills: d) data acquisition and data analysis (use of tcl and python languages in particular); e) signal processing, mathematical modeling, statistics; f) basic knowledge in information security.

Closing date for applications:

Contact: fischer(at)univ-st-etienne.fr

University of Surrey, Department of Computer Science, UK
Job Posting
Permanent Lecturer (equiv. to Assistant Professor) position in Computer Science at the University of Surrey, UK.

Topics of interest: distributed/concurrent systems, blockchain, internet data science or social computing, with links to security and/or AI.

See https://jobs.surrey.ac.uk/vacancy.aspx?ref=045220

Closing date for applications:

Contact: Informal inquiries to Mark Manulis (m dot manulis at surrey dot ac dot uk)

Ruhr University Bochum, Germany
Job Posting
We are looking for outstanding Post-Doc to work on physical (hardware) security.

The group offers excellent working environment as a part of Horst Görtz Institut for IT Security (HGI https://hgi.rub.de/en/ ) including more than 200 scientists active in several different aspects of IT security and cryptography.

The candidate should have a PhD in IT-security, electrical engineering, computer engineering, or computer science with excellent publication records.

Since the position is funded by a national project, having the ability to fluently talk, write, and read in German is a must. The position is for two years, with an option to extend.

Send your application in a single pdf file to amir.moradi (at) rub.de

Closing date for applications:

NYU Shanghai
Job Posting
NYU Shanghai is currently inviting applications for a Tenured or Tenure-track position in Computer Science Theory. The search is not restricted to any rank and outstanding candidates at all levels are encouraged to apply. We seek candidates who have completed a PhD in Computer Science, or a closely related discipline. We invite candidates with a strong research record in CS theory to apply, including research in algorithms, data structures, computational complexity, cryptography, learning theory, and so on. NYU Shanghai is the third degree-granting campus within New York University’s global network. It is the first higher education joint venture in China authorized to grant degrees that are accredited in the U.S. as well as in China. All teaching is conducted in English. A research university with liberal arts and science at its core, it resides in one of the world's great cities with a vibrant intellectual community. NYU Shanghai recruits scholars of the highest caliber who are committed to NYU's global vision of transformative teaching and innovative research and who embody the global society in which we live. Applicants will submit a cover letter, curriculum vitae, statement of research, and a statement of teaching interests. Additionally, applicants will be prompted to enter the names and email addresses of at least three referees. Each referee will be contacted to upload a reference letter through Interfolio. Applications may be received until February 1, 2021. Review of applications will begin on January 1, 2021.

Closing date for applications:

Contact: shanghai.faculty.recruitment@nyu.edu

Center for Information Security and Trust, IT University of Copenhagen
Job Posting

The Center for Information Security and Trust (CISAT) at the Computer Science Department of the IT University of Copenhagen invites highly motivated individuals to apply for a Postdoc position starting in January 2021 or soon thereafter for a duration of 2 years.

The position is in the context of the project “Enabling User-Accountable Mechanisms for Decision Systems”, which looks at ways to provide dispute resolution capabilities to decision systems (e.g. voting protocols) by combining cryptographic techniques for human senses with advanced cryptographic protocols.

Closing date for applications:

Contact: Rosario Giustolisi (rosg@itu.dk) or Carsten Schürmann (carsten@itu.dk)

Lund University, Sweden
Job Posting
Lund University was founded in 1666 and is repeatedly ranked among the world’s top 100 universities. The University has 40 000 students and more than 8 000 staff based in Lund, Helsingborg and Malmö.
• The research project is in the area of post-quantum cryptography and aims to investigate how the problem "Learning-With-Errors" (LWE) or related problems can be used to develop new cryptographic primitives. This includes examining existing primitives that base their security on the LWE problem as well as trying to find new, more effective primitives. One such primitive is fully homomorphic encryption.
• Work duties: The main duties of doctoral students are to devote themselves to their research studies which includes participating in research projects and third cycle courses. The work duties can also include teaching and other departmental duties (no more than 20%).
• Admission requirements: A second-cycle qualification, or similar, and at least 60 second-cycle credits in subjects of relevance to electrical engineering, or a MSc in computer science or electrical engineering, Also, very good oral and written proficiency in English, and strong knowledge and skills in the following areas: cryptology, coding theory, abstract algebra, number theory, discrete mathematics, programming in C, Java, Python, or other languages.
• Terms of employment: This is a full-time, fixed-term employment including 4 years research (maximum of 5 years including 20% departmental duties). Doctoral students are employed with competitive salary (about 31kSEK per month before tax).
• Last application date: 12.Nov.2020

Closing date for applications:

Contact: Thomas johansson (thomas@eit.lth.se)

• Athena Research Center
Job Posting
As part of the project LOCARD (https://locard.eu/) Athena Research Center (https://www.athenarc.gr/) we are offering 2 funded positions for PhD students and 2 for postdocs in the fields of security, machine learning, malware, and cryptography.
Interested candidates are advised to contact the coordinator (see details below) for further clarifications.

PhD candidates are expected to hold a Master’s degree (or equivalent) in Computer Science or related disciplines and with a strong interest in the field of security in the aforementioned fields. Excellent working knowledge of English is required.

Post-Doc candidates are expected to hold a PhD degree the fields of Computer Security of Machine Learning, have experience in EU funded projects and excellent working knowledge of English.

Closing date for applications:

Contact: Prof. Constantinos Patsakis (kpatsak@unipi.gr)

National Institute of Technology Jamshedpur, Jamshedpur, India
Job Posting
Two JRF positions are available in DRDO Sponsored Research Project at the Department of Mathematics, NIT Jamshedpur, India. Title of the Project: Security Analysis & Development of Multivariate Post-Quantum Cryptography Schemes. Essential Qualification: M.Sc. in Mathematics/Applied Mathematics/Pure Mathematics/Mathematics & Computing or equivalent degree with at least 60% marks (or a CGPA of 7.0 on a 10-point scale) with NET/GATE. Desirable : Candidates with sound knowledge of Cryptology and Network Security as well as knowledge in mathematical software such as SageMath/MAGMA will be preferred.

Closing date for applications:

Contact: Sumit Kumar Debnath (PI)

Kristian Gjøsteen, Thomas Haines, Morten Rotvold Solberg
ePrint Report
The long term privacy of voting systems is of increasing concern as quantum computers come closer to reality. Everlasting privacy schemes offer the best way to manage these risks at present. While homomorphic tallying schemes with everlasting privacy are well developed, most national elections, using electronic voting, use mixnets. Currently the best candidate encryption scheme for making these kinds of elections everlastingly private is PPATC, but it has not been shown to work with any mixnet of comparable efficiency to the current ElGamal mixnets. In this work we give a paper proof, and a machine checked proof, that the variant of Wikstrom's mixnet commonly in use is safe for use with the PPATC encryption scheme.
Anders Dalskov, Daniel Escudero, Marcel Keller
ePrint Report
In this work we introduce a novel four-party honest-majority MPC protocol with active security that achieves comparable efficiency to equivalent protocols in the same setting, while having a much simpler design and not relying on function-dependent preprocessing. Our initial protocol satisfies security with abort, but we present some extensions to achieve guaranteed output delivery. Unlike previous works, we do not achieve this by delegating the computation to one single party that is identified to be honest, which is likely to hinder the adoption of these technologies as it centralizes sensitive data. Instead, our novel approach guarantees termination of the protocol while ensuring that no single party (honest or corrupt) learns anything beyond the output.

We implement our four-party protocol with abort in the MP-SPDZ framework for multiparty computation and benchmark multiple applications like MNIST classification training and ImageNet inference. Our results show that our four-party protocol performs similarly to an efficient honest-majority three-party protocol that only provides semi-honest/passive security, which suggest that adding a fourth party can be an effective method to achieve active security without harming performance.
Pratyay Mukherjee
ePrint Report
In a threshold symmetric-key encryption (TSE) scheme, encryption/decryption is performed by interacting with any threshold number of parties who hold parts of the secret-keys. Security holds as long as the number of corrupt (possibly colluding) parties stay below the threshold. Recently, Agrawal et al. [CCS 2018] (alternatively called DiSE) initiated the study of TSE. They proposed a generic TSE construction based on any distributed pseudorandom function (DPRF). Instantiating with DPRF constructions by Naor, Pinkas and Reingold [Eurocrypt 1999] (also called NPR) they obtained several efficient TSE schemes with various merits. However, their security models and corresponding analyses consider only static (and malicious) corruption, in that the adversary fixes the set of corrupt parties in the beginning of the execution before acquiring any information (except the public parameters) and is not allowed to change that later.

In this work we augment the DiSE TSE definitions to the fully adaptive (and malicious) setting, in that the adversary is allowed to corrupt parties dynamically at any time during the execution. The adversary may choose to corrupt a party depending on the information acquired thus far, as long as the total number of corrupt parties stays below the threshold. We also augment DiSE’s DPRF definitions to support adaptive corruption. We show that their generic TSE construction, when plugged-in with an adaptive DPRF (satisfying our definition), meets our adaptive TSE definitions.

We provide an efficient instantiation of the adaptive DPRF, proven secure assuming decisional Diffie-Hellman assumption (DDH), in the random oracle model. Our construction borrows ideas from Naor, Pinkas and Reingold’s [Eurocrypt 1999] statically secure DDH-based DPRF (used in DiSE) and Libert, Joye and Yung’s [PODC 2014] adaptively secure threshold signature. Similar to DiSE, we also give an extension satisfying a strengthened adaptive DPRF definition, which in turn yields a stronger adaptive TSE scheme. For that, we construct a simple and efficient adaptive NIZK protocol for proving a specific commit-and-prove style statement in the random oracle model assuming DDH.
Zichen Gui, Kenneth G. Paterson, Sikhar Patranabis, Bogdan Warinschi
ePrint Report
This paper initiates a new direction of research for searchable symmetric encryption (SSE). We provide comprehensive security models and notions for SSE in the simulation tradition that encompass leakage from the whole SSE system, including accesses to encrypted indices and the encrypted database documents themselves. We provide static and dynamic SSE constructions targeting our new notions. Our constructions involve a combination of novel techniques: bucketization to hide volumes of responses to queries; delayed, pseudorandom write-backs to disrupt access patterns; and indistinguishable search and update operations. The oblivious operations make it easy to establish strong versions of forward and backward security for our dynamic SSE scheme and rule out file-injection attacks. Our implementation of the dynamic SSE scheme demonstrates that it offers very strong security against general classes of leakage-abuse attack with moderate overhead. Our schemes scale smoothly to databases containing hundreds of thousand of documents and millions of keyword-document pairs.
Joël Alwen, Daniel Jost, Marta Mularczyk
ePrint Report
The Messaging Layer Security (MLS) protocol is a new complex open standard for end-to-end (E2E) secure group messaging being developed by the IETF. Its primary security goal is to provide E2E privacy and authenticity for messages in long lived sessions whenever possible. This, despite the participation (at times) of malicious insiders that can interact with the PKI at will, actively deviate from the protocol, leak honest parties' states, and fully control the network.

The cryptographic core of the MLS protocol (from which it inherits essentially all of its efficiency and security properties) is a Continuous Group Key Agreement (CGKA) protocol. CGKA protocols provide asynchronous E2E secure group management by allowing group members to agree on a fresh independent symmetric key after every change to the group's state (e.g. when someone joins/leaves the group).

In this work, we make progress towards a precise understanding of the insider security of MLS in the form of 3 contributions. On the theory side, we overcome several subtelties to formulate the first notion of insider security for a CGKA (or group messaging) protocol. Next, we isolate the core components of MLS to obtain a CGKA protocol we dubbed Insider Secure TreeKEM (ITK). Finally, we give a rigorous proof that ITK provides (adaptive) insider security. In particular, this work also initiates the study of insider secure CGKA protocols, a primitive of interest in its own right.
Chris Brzuska, Geoffroy Couteau
ePrint Report
Constructing one-way function from average-case hardness is a long-standing open problem. A positive result would exclude Pessiland (Impagliazzo ’95) and establish a highly desirable win-win situation: either (symmetric) cryptography exists unconditionally, enabling many of the important primitives which are used to secure our communications, or all NP problems can be solved efficiently on the average, which would be revolutionary for algorithmists and industrials. Motivated by the strong interest of establishing such win-win results and the lack of progress on this seemingly very hard question, we initiate the investigation of weaker yet meaningful candidate win-win results. Specifically, we study the following type of win-win results: either there are fine-grained one-way functions (FGOWF), which relax the standard notion of a one-way function by requiring only a fixed polynomial gap (as opposed to superpolynomial) between the running time of the function and the running time of an inverter, or nontrivial speedups can be obtained for all NP problems on the average. We obtain three main results: – We introduce the Random Language Model (RLM), which captures idealized average-case hard languages, analogous to how the random oracle model captures idealized one-way functions. In the RLM, we rule out an idealized version of Pessiland, where ideally hard languages would exist yet even weak forms of cryptography would fail. Namely, we provide a construction of a FGOWF (with quadratic hardness gap) and prove its security in the RLM. – On the negative side, we prove a strong oracle separation: we show that there is no black-box proof that either FGOWF exist, or non-trivial speedup can be obtained for all NP languages on average (i.e., there is no exponentially average-case hard NP languages). – We provide a second strong negative result for an even weaker candidate win-win result: there is no black-box proof that either FGOWF exist, or non-trivial speedups can be obtained for all NP languages on average when amortizing over many instances (i.e., there is no exponentially average-case hard NP languages whose hardness amplifies optimally through parallel repetitions). This separation forms the core technical contribution of our work.

Our results lay the foundations for a program towards building fine-grained one-way functions from strong forms of average-case hardness, following the template of constructions in the Random Language Model. We provide a preliminary investigation of this program, showing black-box barriers toward instantiating our idealized constructions from natural hardness properties.
We present an honest-majority Distributed Key Generation protocol (DKG) based on Shamir's $(k,n)$-threshold secret sharing in the setting of Very Hard Homogenous Spaces (VHHS). DKG's in the DLOG setting use Pedersen commitments, for which there is no known analogue in the VHHS setting. As a replacement, we introduce a new primitive called piecewise verifiable proofs, which allow a prover to prove that a list of NP-statements is valid with respect to a common witness, and such that the different statements can be verified individually. Our protocol is robust and actively secure in the Quantum Random Oracle Model. For $n$ participants, the total runtime of our protocol is\break $2+\lambda+n(1+4\lambda)$ group action evaluations, where $\lambda$ is the underlying security parameter, and is thus independent of the threshold $k$. When instantiated with CSIDH-512, this amounts to approximately $4.5+18n$ seconds.