International Association
for Cryptologic Research

Event date: 24 August to 28 August 2026
Submission deadline: 11 May 2026
Notification: 25 June 2026

Event date: 24 August to 28 August 2026
Submission deadline: 2 February 2026
Notification: 19 March 2026

The post-quantum cryptography research group at Monash University, Australia, has multiple Ph.D. student scholarship openings for research projects including in particular the following areas:

1. FHE Private Computation and zk-SNARKs: to devise practical cryptographic tools for securing FHE-based private cloud computation applications, including theory and application of zk-SNARKs,

2. Design of practical Post-Quantum Symmetric-key-based digital signatures (including Legendre PRF based) with privacy enhanced properties using MPC and SNARK techniques,

3. Design of practical lattice-based cryptographic protocols,

4. Secure and efficient implementation of lattice-based cryptography.

Students will have the opportunity to work in an excellent research environment. Monash University is among the leading universities in Australia and is located in Melbourne, ranked as Australia's most liveable city and among the most liveable cities in the world.

Applicants should have (or expected to complete in the next 12 months) a Masters or Honours equivalent qualification with a research thesis, with excellent grades in mathematics, theoretical computer science, cryptography, or closely related areas. They should have excellent English verbal and written communication skills. Programming experience and skills, especially in Sagemath/python/Magma and/or C/C++, are also highly desirable.

To apply: please fill in the following form - applicants will be assessed as they are received:

https://docs.google.com/forms/d/e/1FAIpQLSetFZLvDNug5SzzE-iH97P9TGzFGkZB-ly_EBGOrAYe3zUYBw/viewform?usp=sf_link

Closing date for applications:

Contact: Ron Steinfeld

More information: https://docs.google.com/forms/d/e/1FAIpQLSetFZLvDNug5SzzE-iH97P9TGzFGkZB-ly_EBGOrAYe3zUYBw/viewform?usp=sf_link

We study several asymmetric structured key agreement schemes based on noncommutative matrix operations, including the recent proposal of Lizama as well as the strongly asymmetric algorithms SAA-3 and SAA-5 of Accardi et al.\ We place them in a common algebraic framework for public key agreement and identify simple structural conditions under which an eavesdropper can reconstruct an effective key-derivation map and reduce key recovery to solving linear systems over finite fields. We then show that the three matrix-based schemes mentioned above all instantiate our algebraic framework and can therefore be broken in polynomial time from public information alone. In particular, their security reduce to the hardness of linear-algebraic problems and does not exceed that of the underlying discrete logarithm problem. Our results demonstrate that the weakness of these schemes is structural rather than parametric, and that minor algebraic modifications are insufficient to repair them.

We prove that SVP$_p$ is NP-hard to approximate within a factor of $2^{\log^{1 - \varepsilon} n}$, for all constants $\varepsilon > 0$ and $p > 2$, under standard deterministic Karp reductions. This result is also the first proof that \emph{exact} SVP$_p$ is NP-hard in a finite $\ell_p$ norm. Hardness for SVP$_p$ with $p$ finite was previously only known if NP $\not \subseteq$ RP, and under that assumption, hardness of approximation was only known for all constant factors. As a corollary to our main theorem, we show that under the Sliding Scale Conjecture, SVP$_p$ is NP-hard to approximate within a small polynomial factor, for all constants $p > 2$. Our proof techniques are surprisingly elementary; we reduce from a regularized PCP instance directly to the shortest vector problem by using simple gadgets related to Vandermonde matrices and Hadamard matrices.

We consider the following problem: given two random polynomials $x$ and $y$ in the ring $\F_2[X]/(X^n+1)$, our goal is to compute the expectation and variance of the weight of their product $x\cdot y$, where the weight of a binary polynomial is defined as the number of its nonzero coefficients.

We consider two models for random polynomials $x$ and $y$: (1) the uniform slice case with fixed weights $w_x,w_y$, and (2) the binomial case where their coefficients are independent Bernoulli variables with success probabilities $p_x$ and $p_y$ respectively.

Our work finds a direct application in the accurate analysis of the decryption failure rate for the HQC code-based encryption scheme. The original construction relied on heuristic arguments supported by experimental data. Later, Kawachi provided a formally proven security bound, albeit a much weaker one than the heuristic estimate in the original construction. A fundamental limitation of both analyses is their restriction to the binomial case, a simplification that compromises the resulting security guarantees. Our analysis provides the first precise computation of the expectation and variance of weight($x\cdot y$) across both the uniform slice and binomial models. The results confirm the soundness of the HQC security guarantees and allow for a more informed choice of the scheme parameters that optimizes the trade-off security and efficiency.

We initiate the holistic study of Policy Compliant Secure Messaging (PCSM). A content policy is a predicate over messages deciding which messages are considered harmful and which not. A PCSM protocol is a type of end-to-end encrypted (E2EE) messaging system that guarantees E2EE privacy and authenticity for all policy compliant messages but detects and verifiably reports harmful content prior to its delivery. This stands in contrast to prior content moderation systems for E2EE messaging where detection relies on receivers reporting the harmful content themselves which makes them unsuited for most PCSM applications (e.g., for preventing the wilful distribution of harmful content). Our holistic PCSM notion explicitly captures several new roles such as policy creator, auditor and judge, to more accurately separate and model the different goals and security concerns of stakeholders when deploying PCSM.

We present efficient PCSM constructions for arbitrary policy classes, as well as for hash-based ones, achieving various levels of security, while maintaining the core security properties of the underlying E2EE layer. For hash-based PCSM, we encapsulate Apple’s recent PSI protocol used in their content moderation system, and we properly adapt it to realize the desired PCSM functionality, and analyze the resulting protocol’s security. To our knowledge, our work is the first that rigorously study Apple’s PSI for server-side content moderation within the broader context of secure messaging, addressing the diverse goals and security considerations of stakeholders when deploying larger systems.

Recent advances in quantum computing pose a threat to the security of digital communications, as large-scale quantum machines can break commonly used cryptographic algorithms, such as RSA and ECC. To mitigate this risk, post-quantum cryptography (PQC) schemes are being standardized, with recent NIST recommendations selecting two lattice-based algorithms: ML-KEM for key encapsulation and ML-DSA for digital signatures. Two computationally intensive kernels dominate the execution of these schemes: the Number-Theoretic Transform (NTT) for polynomial multiplication and the Keccak-f1600 permutation function for polynomial sampling and hashing. This paper presents PQCUARK, a scalar RISC-V ISA extension that accelerates these key operations. PQCUARK integrates two novel accelerators within the core pipeline: (i) a packed SIMD butterfly unit capable of performing NTT butterfly operations on 2×32bit or 4×16bit polynomial coefficients, and (ii) a permutation engine that delivers two Keccak rounds per cycle, hosting a private state and a direct interface to the core Load Store Unit, eliminating the need for a custom register file interface. We have integrated PQCUARK into an RV64 core and deployed it on an FPGA. Experimental results demonstrate that PQCUARK provides up to 10.1× speedup over the NIST baselines and 2.3× over the optimized software, and it outperforms similar state-of-the-art approaches between 1.4-12.3× in performance. ASIC synthesis in GF22-FDSOI technology shows a moderate core area increase of 8% at 1.2 GHz, with PQCUARK units being outside the critical path.

Authenticated Private Information Retrieval (APIR) enables a client to retrieve a record from a public database and verify that the record is “authentic” without revealing any information about which record was requested. In this work, we propose Tapir: the first two-server APIR scheme to achieve both sublinear communication and computation complexity for queries, while also supporting dates. Our scheme builds upon the unauthenticated two-server PIR scheme SinglePass (Lazzaretti and Papamanthou, USENIX’24). Due to its modular design, Tapir provides different trade-offs depending on the underlying vector commitment scheme used.

Moreover, Tapir is the first APIR scheme with preprocessing to support appends and edits in time linear in the database partition size. This makes it an ideal candidate for transparency applications that require support for integrity, database appends, and private lookups. We provide a formal security analysis and a prototype implementation that demonstrates our scheme’s efficiency. Tapir incurs as little as 0.11 % online bandwidth overhead for databases of size $2^{22}$, compared to the unauthenticated SinglePass. For databases of size $\geq 2^{20}$, our scheme, when instantiated with Merkle trees, outperforms all prior multi-server APIR schemes with respect to online runtime.

Verifiable Random Functions (VRFs) play a fundamental role in modern blockchain designs because of their applications in leader election protocols. In such contexts, however, the original definition by Micali, Rabin and Vadhan (FOCS 99), falls short at guaranteeing fairness when keys are sampled maliciously. The elegant notion of unbiasable VRF, recently proposed by Giunta and Stewart (Eurocrypt 24), addresses these concerns while remaining simple to state and easy to realize, at least in the random oracle model. Achieving unbiasability in the standard model is a different story, though: all known constructions rely on compilers that invariably reduce the efficiency of the VRF from which one starts. In this paper, we look at the unbiasability of existing VRFs in the standard model. Our findings are mostly negative; we show that, essentially, all known constructions are not natively unbiasable. We do so by showing classes of attacks that (almost) completely cover the set of existing VRF constructions. On the positive side, we show that some concrete schemes (and notably the well-known Dodis-Yampolskiy VRF) can be modified to achieve meaningful notions of unbiasability, while retaining their original efficiency.

We propose two novel instantiations for the NICE-PAKE and TEMPO protocols, which were presented by Alnahawi et al. (ePrint:2024/1957), and Arriaga, Barbosa and Jarecki (ePrint:2025/1399) repectively. Our instantiations are not formally analyzed yet, but build upon known KEM security assumptions and well-studied PAKE designs. Therefore, we believe there is a great chance that a formal proof in the Universal Composability (UC) framework should also hold.

Our constructions combines three concepts: 1) Lattice KEMs with Splittable public keys of the form As+e as introduced in Arriaga et al. (AC24:ABJS), Alnahawi et al. (ePrint:2024/1957) and Arriaga et al. (ePrint:2025/1399). 2) The Programmable Only Once Function (POPF) realized as a 2-round Feistel (2F) as in McQuoid, Rosulek and Roy (CCS20:MRR) and Arriaga , Barbosa and Jarecki (ePrint:2025/231). 3) Rerandomizable KEM as introduced in Duverger et al. (CCS25:DFJ+).

Similar to the aforementioned works, our goal is to eliminate the usage of the Ideal Cipher (IC) in (O)EKE-style KEM-based PQC PAKEs, the motivation of which is adequately and extensively explained in the cited literature. Our main contribution lies within the following two aspects: 1) Mitigating malicious public key generation attacks in the NICE-PAKE construction. 2) Defining a mechanism to realize the missing group operation in the 2F public key authentication step in NoIC-PAKE. Briefly put, we utilize the rerandomization procedure of (CCS25:DFJ+) to sample a second uniform MLWE sample, which is in turn used to shift the initiator's public key forming another fresh sample that yields indistinguishable from uniform. By doing so, we assume that we can enhance the security of NICE-PAKE to withstand a certain class of attacks, and reduce the computational complexity of the 2F instantiation relying on obfuscation in the OQUAKE variant of the 2F PAKE, which was introduced by Vos et al. (ePrint:2025/1343).

Obviously, we cannot ascertain the security of our proposed constructions without conducting a complete and thorough formal analysis. Hence, remaining open questions and future work include defining an indistinguishable UC simulator in the ideal UC world that is also capable of extracting adversarial password guesses. Further, we need to identify the concrete KEM properties required to prove security in UC via the common game-hopping reductionist proof approach.

The rapid pace of artificial intelligence (AI) and machine learning techniques has necessitated the development of large-scale models that rely on energy-intensive data centers, thereby raising environmental sustainability. Simultaneously, the increasing significance of privacy rights has led to the emergence of Privacy-Preserving Machine Learning (PPML) technologies, which aim to ensure data confidentiality. Although homomorphic encryption (HE) facilitates computations on encrypted data, it entails considerable computational costs and challenges, which impede the effective deployment of privacy-enhancing applications with large models.

To create a more sustainable and secure AI world, we propose LIME, a pure HE-based PPML solution, by integrating two techniques: element-wise channel-to-slot packing (ECSP) and power-of-two channel pruning (PCP). ECSP leverages abundant slots to pack multiple samples within ciphertexts, facilitating batch inference. PCP prunes the channels of convolutional layers by powers of two, thereby reducing computational demands and enhancing the packing capabilities of pruned models. Additionally, we implement the ReLU-before-addition block in ResNet to mitigate accuracy degradation caused by approximations with quadratic polynomials.

We evaluated LIME using ResNet-20 on CIFAR-10, VGG-11 on CIFAR-100, and ResNet-18 on Tiny-ImageNet. Using the original models, LIME attains up to 2.1% and 8.4% accuracy improvements over the methods of Lee et al. (IEEE ACCESS’21) and AESPA (arXiv:2201.06699), which employ high- and low-degree polynomial ReLU approximations, respectively. Even with 75% parameter pruning, LIME retains higher accuracy than AESPA. Using the state-of-the-art ORION (ASPLOS '25) as the convolution backend and evaluating on the original models, LIME achieves speedups of 41.5$\times$ and 8$\times$ over ORION integrated with Lee et al. and AESPA, respectively. For models pruned by 90%, these speedups increase to 202.5$\times$ and 35.1$\times$, respectively.

This paper articulates short- and long-term research problems in AI agent security and privacy, using the lens of computer systems security. This approach examines end-to-end security properties of entire systems, rather than AI models in isolation. While we recognize that hardening a single model is useful, it is important to realize that it is often insufficient. By way of an analogy, creating a model that is always helpful and harmless is akin to creating software that is always helpful and harmless. The collective experience of decades of cybersecurity research and practice shows that this is insufficient. Rather, constructing an informed and realistic attacker model before building a system, applying hard-earned lessons from software security, and continuous improvement of security posture is a tried-and-tested approach to securing real computer systems. A key goal is to examine where research challenges arise when applying traditional security principles in the context of AI agents. A secondary goal of this report is to distill these ideas for AI and ML practitioners and researchers. We discuss the challenges of applying security principles to agentic computing, present 11 case studies of real attacks on agentic systems, and define a series of new research problems specific to the security of agentic systems.

Join our team as a PhD student in post-quantum cryptography at the Department of Digital Security, Radboud University, The Netherlands. Two open positions within the PQ-HINTS project of Simona Samardjiska funded through the NWO VIDI Talent program, the first one starting in spring 2026, and the second around a year later. The goal of the project is understanding the impact of learning partial information on the private key in post-quantum cryptography. Determining how much leaked information is enough to mount a successful attack is of great importance both in evaluation and protection of post-quantum crypto implementations. You will be working on providing a strong mathematical framework for partial key exposure and using it to improve the efficiency of digital signatures and their implementations while offering strong security guarantees. You will pursue your PhD in a vibrant international research environment. At DiS and Radboud we value diversity, so we particularly encourage candidates with diverse backgrounds, cultures, and perspectives to apply. Requirements: A master degree in mathematics, computer science or a relevant discipline; Solid programming skills and excellent knowledge of algebra and combinatorics; good command of spoken and written English; ability to work in a team. To react to this post, please send your CV and a short motivation to simonas@cs.ru.nl. Don't hesitate to contact me if you have any questions, for example job conditions and environment. The call is open until the positions are filled (expected early 2026).

Closing date for applications:

Contact: Simona Samardjiska, Radboud University

There are several openings for postdoctoral positions for the 2026-2027 academic year at the new Columbia-Ethereum Research Center for Blockchain Protocol Design (see below for more information about the center). Inquiries and application materials can be sent to Tim Roughgarden at tr@cs.columbia.edu.

-----
Blockchain technology creates the abstraction of a “computer in the sky”---a global and shared programmable virtual machine that combines the general-purpose functionality of a computer with the decentralization and fault-tolerance of the Internet. A blockchain protocol plays a role similar to that of an operating system---an intermediate layer that insulates the application layer (i.e., smart contracts) from the hardware layer (i.e., the Internet) and acts as the “master program” that coordinates the execution of all the virtual machine’s system and user-installed programs. Blockchain technology can be viewed as adding state and data processing capabilities to traditional Internet infrastructure and, among other applications, it enables stronger forms of ownership of digital assets than society has ever had before.

Blockchain protocol design requires innovation in and the synthesis of a number of technically challenging fields, including distributed systems, game theory and mechanism design, cryptography, and more. The Columbia-Ethereum Center for Blockchain Protocol Design brings together the multi-disciplinary expertise at Columbia to advance the performance, security, robustness, and economics of this societally important technology.

The Center’s activities include research grants for Columbia faculty, students, and their collaborators; postdoctoral and graduate student fellowships; an industry research-in-residence program; and several events, including the Columbia Cryptoeconomics Workshop and an annual summer school.

Closing date for applications:

Contact: Tim Roughgarden (tr@cs.columbia.edu).

More information: https://www.engineering.columbia.edu/research-innovation/institutes-centers-initiatives/computational-sciences-ai/blockchain-protocol-design

The Real-World Crypto Group at FAU invites applications for 1 PhD and 1 Postdoctoral position (full-time, E13 TV-L), starting early 2026.

About the Positions

The positions are funded for three years and focus on:

• Interoperable secure messaging (in collaboration with Paul Grubbs, University of Michigan)
• Private and anonymous communication

Research Topics

• End-to-end encryption and interoperability
• Anonymous messaging
• Security of deployed protocols
• Provable security and protocol design

PhD Position

• MSc degree in computer science or related field
• Interest in applied cryptography and IT security
• Motivation to complete a PhD within three years

Postdoctoral Position

• PhD in cryptography, mathematics, computer science, or related field
• Experience in applied cryptography and IT security

Good English skills are expected; German is not required.

Group & Location

We're a young, motivated, international team working on strengthening security and privacy in practice and improving methods for that in theory. The Nuremberg region offers excellent transport links (including an international airport and fast trains to Munich, Frankfurt, and Berlin), proximity to international companies, and easy access to the Franconian Switzerland climbing and outdoor area.

How to Apply

Please submit your application by 31 January 2026 to paul.roesler@fau.de.

Your application should include:

• Cover letter (indicate PhD or Postdoc)
• CV
• Degree certificates and transcripts
• At least one reference contact
• Short statement of research interests

Interviews will be held in mid February, online or in person in Erlangen.

Equal Opportunity

FAU encourages applications from women and gives preference to candidates with disabilities in cases of equal qualification.

Closing date for applications:

Contact: Paul Rösler

More information: https://roeslpa.de/application.html

Large language model (LLM) agents represent the next generation of artificial intelligence (AI) systems, integrating LLMs with external tools and memory components to execute complex reasoning and decision-making tasks. These agents are increasingly deployed in domains such as healthcare, finance, cybersecurity, and autonomous vehicles, where they interact dynamically with external knowledge sources, retain memory across sessions, and autonomously generate responses and actions. While their adoption brings transformative benefits, it also exposes them to new and critical security risks that remain poorly understood. Among these risks, memory poisoning attacks pose a severe and immediate threat to the reliability and security of LLM agents. These attacks exploit the agent’s ability to store, retrieve, and adapt knowledge over time, leading to biased decisions, manipulation of real-time behavior, security breaches, and system-wide failures. The goal of this project is to develop a theoretical foundation for understanding and mitigating memory poisoning in LLM agents. This position, funded by the Swedish Research Council (VR), offers an exciting opportunity to work at the forefront of AI security, tackling some of the most pressing challenges in the field. Full information and application link: https://liu.se/en/work-at-liu/vacancies/27883

Closing date for applications:

Contact: Khac-Hoang Ngo, Assistant Professor, khac-hoang.ngo@liu.se

More information: https://liu.se/en/work-at-liu/vacancies/27883

TT-logic is a cutting-edge start-up, part of Nanyang Technological University (NTU) in Singapore (through its incubator NTUitive). The company specializes in developing interpretable, compact and verifiable neural network models that can be deployed with privacy-preserving inference. We provide transparent, understandable, and secure AI solutions to clients, leveraging TTnet, a technology developed at NTU.

Job Summary:
Thanks to a recently awarded tech-development grant, we are seeking a talented and motivated Fully Homomorphic Encryption (FHE) Engineer to join our team. Your role will be to implement and optimize TTnet privacy-preserving inference through Zama's Concrete-ML library and other FHE libraries, manage cryptographic parameters, and compilation. You will help finalize prototypes and ship reproducible, containerized, and well-documented packages. You will collaborate with a Machine Learning engineer and our full-stack engineers to integrate your FHE pipeline into deployable privacy-preserving pilots in clients' environments.

This role offers an exciting opportunity to work with cutting-edge technology, shape the future of XAI/privacy-preserving AI, and contribute to the success of a promising startup.

Qualifications:

• Bachelor, Master or PhD degree in Computer Science, Software Engineering, Cryptography, or a related field.
• Experience with Concrete-ML library from Zama or other FHE/crypto libraries.
• Hands-on Docker and CI/CD experience, comfort with Linux tooling, clear documentation.
• Effective communication and interpersonal skills to collaborate with other engineers.

Closing date for applications:

Contact: Please submit your resume, cover letter, and any relevant supporting documents (links to code/repos welcome) to thomas.peyrin@ntu.edu.sg with the subject line "FHE Engineer - Application". Only shortlisted candidates will be contacted for further steps in the selection process.

More information: https://syllab-ntu.github.io/syllab/2026_FHE_engineer/

Applications are invited for the MS and PhD positions at the Department of Computer Science and Engineering, National Sun Yat-sen University, Kaohsiung, Taiwan. The successful candidates will work at the CANSEC Lab on the diverse topics in applied cryptology.
(Note: Candidates must comprehend formal security analysis, secure coding, and effective security integration in the application domains.)

Responsibilities: Apart from academic work, student must involve in several activities in a group or individually, such as (not limited to):

Design and implementation of safety protocol.

Assesment of the security and performance metric.

Research meeting with the supervisor.

Requirements: (02 MS and 01 PhD positions)
Apart from the university's basic admission policies (https://cse.nsysu.edu.tw/?Lang=en), students are desired to have following key requirements:

Strong motivation on applied cryptography.

Knowledge of modern technology, such as C-V2X, 5G/6G, Cloud computing, IoT.

Knowledge of basic mathematics.

Knowledge of at least two programming languages, such as Python/Java/C/C++.

Master's thesis must match the research field: Cryptography/Information Security. (for Phd positions)

Scholarship:

Fully-funded MS (up to 2 years) and PhD programs (up to 3 years) through university grants and standard project funding; additional financial support available for exceptional PhD students.

Deadline for CV submission: December 31, 2025.
Deadline for online application: Jan~March, 2026.
Joining CANSEC-Lab@NSYSU: Fall 2026.

Closing date for applications:

Contact: Arijit Karati (arijit.karati@mail.cse.nsysu.edu.tw)

More information: https://cse.nsysu.edu.tw/p/412-1205-16761.php?Lang=en

We are seeking multiple students to join us and do research in design, analysis, implementation and/or application of post-quantum cryptography.

PQC-X is a newly founded lab led by Prof. Jintai DING, a globally recognized leader in Post-quantum Cryptography. Our doctoral programme is a strategic research collaboration between the Xi’an Jiaotong-Liverpool University and the University of Liverpool. You will be formally registered with the two universities as a doctoral student. Successful completion of the programme will lead to a doctoral degree awarded by the University of Liverpool and recognised by the Chinese Ministry of Education.

What we offer:

World-class supervision from leading cryptography experts.

Vibrant research environment and access to top-tier collaboration network.

Excellent candidates will be fully funded.

General requirements: We are looking for motivated, talented, and hardworking applicants who have

Bachelor’s and/or master’s degrees in Cryptography, Mathematics, or Computer Science, or closely related areas, from a reputable university.

Solid foundation in cryptography, mathematics, or computer science.

Strong interest in cryptography.

Coding skill is a plus.

English language requirements: IELTS/TOEFL/PTE.

Please refer to https://www.xjtlu.edu.cn/en/admissions/doctoral for more information.

For Inquiries, please contact Associate Professor Zhang.

Closing date for applications:

Contact: wenbin[.]zhang[at]xjtlu[.]edu[.]cn