International Association
for Cryptologic Research

We address the problem of constructing zkSNARKs whose SRS is $\mathit{universal}$ – valid for all relations within a size-bound – and $\mathit{updatable}$ – a dynamic set of participants can add secret randomness to it indefinitely thus increasing confidence in the setup. We investigate formal frameworks and techniques to design efficient universal updatable zkSNARKs with linear-size SRS and their commit-and-prove variants.

We achieve a collection of zkSNARKs with different tradeoffs. One of our constructions achieves the smallest proof size and proving time compared to the state of art for proofs for arithmetic circuits. The language supported by this scheme is a variant of R1CS, called R1CS-lite, introduced by this work. Another of our constructions supports directly standard R1CS and improves on previous work achieving the fastest proving time for this type of constraint systems.

We achieve this result via the combination of different contributions: (1) a new algebraically-flavored variant of IOPs that we call $\mathit{Polynomial}$ $\mathit{Holographic}$ $\mathit{IOPs}$ (PHPs), (2) a new compiler that combines our PHPs with $\mathit{commit}$-$\mathit{and}$-$\mathit{prove}$ $\mathit{\ zkSNARKs}$ for committed polynomials, (3) pairing-based realizations of these CP-SNARKs for polynomials, (4) constructions of PHPs for R1CS and R1CS-lite, (5) a variant of the compiler that yields a commit-and-prove universal zkSNARK.

Private Information Retrieval (PIR) is one of the promising techniques to preserve user privacy in the presence of trusted-but- curious servers. The information-theoretically private query construction assures the highest user privacy over curious and unbounded computation servers. Therefore, the need for information-theoretic private retrieval was fulfilled by various schemes in a variety of PIR settings. To augment previous work, we propose a combination of new bit connection methods called rail-shape and signal-shape and new quadratic residuosity assumption based family of trapdoor functions for generic single database Private Block Retrieval (PBR). The main goal of this work is to show that the possibility of mapping from computationally bounded privacy to information-theoretic privacy or vice-versa in a single database setting using newly constructed bit connection and trapdoor function combinations. The proposed bit connection and trapdoor function combinations have achieved the following results. • Single Database information-theoretic PBR (SitPBR): The proposed combinations are used to construct SitPBR in which the user privacy is preserved through the generation of information-theoretic queries and data privacy is preserved using quadratic residuosity assumption. • Single Database computationally bounded PBR (ScPBR): The proposed combinations are used to construct ScPBR in which both user privacy and data privacy are preserved using a well-known intractability assumption called quadratic residuosity assumption. • Map(SitPBR)→ScPBR: The proposed combinations can be used to transform (or map) SitPBR into ScPBR scheme by choosing appropriate function parameters. • Map(ScPBR)→SitPBR: The proposed combinations can be used to transform (or map) ScPBR into SitPBR scheme by choosing appropriate function parameters. All the proposed schemes are single round, memoryless and plain database schemes (at their basic constructions).

PhD candidate to work on Cryptography secured against physical attacks. The traditional application of cryptography is the protection of communication lines. In modern applications the attacker often has physical access to the device that is executing the cryptographic algorithm, and can measure side channels (execution time, power consumption, electro-magnetic radiation) or perform fault attacks. With the advent of the IOT, the interest in embedded cryptographic systems and side-channel/fault attacks on these systems is steadily increasing. Protection against side channel attacks (SCA) is usually done via masking, i.e. by randomizing any sensitive data manipulated during computations. Protection against fault injection attacks (FA)is typically done either by duplication or by using infection, i.e., ensuring that any induced fault results in a garbage output. The research direction of combined countermeasures -that is, countermeasures against both SCA and FA -is quite young and experimental. We are looking for a postdoc to work on: (1) formal security definitions and methods to defend implementations against combined attacks as well as new countermeasures against combined attacks which have improved performance and a more realistic adversary model. (2) the development of robust automated verification tools capable of handling entire and practical implementations. (3) defining metrics for combined security and to develop procedures for their evaluation using verification tools. Specific Skills Required: The candidates should hold a PhD degree with aproven research track record in any aspects of Cryptography or Embedded Security. We are especially looking for researchers with a broad research spectrum, going from mathematical aspects, to implementations on FPGA and physical attacks evaluation.

Closing date for applications:

Contact: jobs-cosic@esat.kuleuven.be

More information: https://www.esat.kuleuven.be/cosic/vacancies/

We are looking for a Post-Doc in post-quantum cryptography, including cryptanalysis, secure implementation, hardness of underlying problems, novel primitives and protocols. We are in particular interested in people who have hands on experience with the design, implementation and/or analysis of cryptosystems submitted to NIST's post-quantum standardization effort. Strong background in mathematics is an absolute must, together with computer science and cryptography. A proven research track record in any aspects of post-quantum cryptography is required. We are especially looking for researchers with a broad research spectrum, going from mathematical aspects, to very practical such as implementation aspects

Closing date for applications:

Contact: jobs-cosic@esat.kuleuven.be

More information: https://www.esat.kuleuven.be/cosic/vacancies/

PhD position on Cybersecurity Attacks on the Electric Supply System (CYPRESS project) We haven an open PhD position in the domain of cybersecurity of critical infrastructures –more particular of the electric energy supply system. The position is funded by the federal ETF project CYPRESS. This is a fundamental research project, in collaboration with other Belgian research groups, with the ambition to contribute to the cyber-physical reliability management of the electric transmission grid. The three goals of the projects are to: (i) improve modeling practice, (ii) perform cyber-physical risk assessment, and (iii) develop appropriate mitigation approaches. The cyber-physical risks considered in the projects range from simple bugs and configuration errors to malicious tampering and cybersecurity attacks. The security researcher that will be working on this project, will focus in particular on the security evaluation of critical (embedded) components in the electric energy supply system and corresponding countermeasures to mitigate these security threats. The security evaluation work in the CYPRESS project includes both risk and threat modeling as well as actual lab work (i.e. embedded security analysis –hacking–of the components in a lab setup). Candidates must hold a master’s degree in electronics engineering or computer science, have good grades and have a keen interest in cryptography and embedded security. The applicant should have a strong background in C and C++. Prior research experience in embedded security, reverse-engineering and/or hacking of IoT devices is an advantage.

Closing date for applications:

Contact: jobs-cosic@esat.kuleuven.be

More information: https://www.esat.kuleuven.be/cosic/vacancies/

HashCloak Inc is a R&D lab and consultancy focused on privacy, anonymity and scalability for blockchains and cryptocurrencies. Our team is well-known for working on state of the art Ethereum projects such as Ethereum 2.0, Shyft Network and Althea, for pioneering optimistic rollups and bringing forth the first empirical analysis of Ethereum's privacy guarantees and applications.

We are hiring our very first research engineer that will help us bring our internal research projects to the world. As a research engineer at HashCloak, you will have the opportunity to work on anonymous networking, private information retrieval, zero-knowledge proofs and many more exciting areas at the intersection pf cryptography, game theory and finance!

You will be working with a small, young and international team based in different time zones around the world. We are a remote-only company and have a very flexible and relaxed culture.

As our first research engineer, you will have many of the following qualifications:

• Master's degree or above in cryptography, computer science, mathematics or related fields
• 3+ years programming experience in a systems programming language such as C/C++, Go (Preferred), Rust (Preferred).
• Knowledge of one or more of the following: anonymous networking, zero-knowledge proofs, PIR, MPC
• Knowledge of secure software practices
• Experience in deploying production-ready applications

At HashCloak, you will have the following responsibilities:

• Implement PoCs and prototypes for our internal research projects
• Conducting research in one of the previously mentioned fields
• Collaborate with our clients and research partners
• Write papers targeted at top conferences as well as blog posts targeted at general audiences
• Contribute to open source projects that we use in our research
• Stay up to date on research and development in the blockchain and cryptography ecosystems

For consideration, please send a CV/Resume with a link to Github or any other website that showcases code you have written to careers@hashcloak.com with the subject line "Rese

Closing date for applications:

Contact: Mikerah Quintyne-Collins - CEO and Founder

Multiple positions are available. Candidates should have the expertise on applied crypto, ML, IoT/CPS security and programming skill.

Interested candidates please send your CV with a research statement to Prof. Jianying Zhou. Only short-listed candidates will be contacted for interview.

Closing date for applications:

Contact: Prof. Jianying Zhou (jianying_zhou@sutd.edu.sg)

More information: http://jianying.space/

(COVID-19 may slow down the process, but our hiring is not disrupted) The Cryptanalysis Taskforce at Nanyang Technological University in Singapore led by Prof. Jian Guo is seeking for candidates to fill 3 post-doctoral research fellow positions on symmetric-key cryptography, including but not limited to the following sub-areas:

• tool aided cryptanalysis, such as MILP, CP, STP, and SAT
• machine learning aided cryptanalysis and designs
• privacy-preserving friendly symmetric-key designs
• quantum cryptanalysis
• theory and Proof
• cryptanalysis against SHA-3 and AES

Established in 2014, the Cryptanalysis Taskforce is a group dedicated for research in symmetric-key cryptography. Since then, the team has been active in both publications in and services for IACR. It has done quite some cryptanalysis work on various important targets such as SHA-3, and is expanding its interests to the areas mentioned above, with strong funding support from the university and government agencies in Singapore. We offer competitive salary package with extremely low tax, as well as excellent environment dedicating for research in Singapore. The contract will be initially for 2 years, and has the possibility to be extended. Candidates are expected to have proven record of publications in IACR conferences. Interested candidates are to send their CV and 2 reference letters to Jian Guo. Review of applicants will start immediately until the positions are filled. More information about the Cryptanalysis Taskforce research group can be found via http://team.crypto.sg

Closing date for applications:

Contact: Asst Prof. Jian Guo, guojian@ntu.edu.sg

More information: http://team.crypto.sg

This paper presents a constant time hardware implementation of the NIST round 2 post-quantum cryptographic algorithm Streamlined NTRU Prime. We implement the entire KEM algorithm, including all steps for key generation, encapsulation and decapsulation, and all en- and decoding. We focus on optimizing the resources used, as well as applying optimization and parallelism available due to the hardware design. We show the core en- and decapsulation requires only a fraction of the total FPGA fabric resource cost, which is dominated by that of the hash function, and the en- and decoding algorithm. For the NIST Security Level 3, our implementation uses a total of 1841 slices on a Xilinx Zynq Ultrascale+ FPGA, together with 14 BRAMs and 19 DSPs. The maximum achieved frequency is 271 MHz, at which the key generation, encapsulation and decapsulation take 4808 μs, 524 μs and 958 μs respectively. To our knowledge, this work is the first full hardware implementation where the entire algorithm is implemented.

In this work, we propose different techniques that can be used to implement the ROLLO, and partially RQC, family of algorithms in a standalone, efficient and constant time library. For simplicity, we focus our attention on one specific instance of this family, ROLLO-I-128. For each of these techniques, we present explicit code (with intrinsics when required), or pseudo-code and performance measures to show their impact. More precisely, we use a combination of original and known results and describe procedures for Gaussian reduction of binary matrices, generation of vectors of given rank, multiplication with lazy reduction and inversion of polynomials in a composite Galois field. We also carry out a global performance analysis to show the impact of these improvements on ROLLO-I-128. Through the SUPERCOP framework, we compare it to other 128-bit secure KEMs in the NIST competition. To our knowledge, this is the first optimized full constant time implementation of ROLLO-I-128.

Side-channel attacks based on machine learning have recently been introduced to recover the secret information from software and hardware implementations of mathematically secure algorithms. Convolutional Neural Networks (CNNs) have proven to outperform the template attacks due to their ability of handling misalignment in the symmetric algorithms leakage data traces. However, one of the limitations of deep learning algorithms is the requirement of huge datasets for model training. For evaluation scenarios, where limited leakage trace instances are available, simple machine learning with the selection of proper feature engineering, data splitting, and validation techniques, can be more effective. Moreover, limited analysis exists for public-key algorithms, especially on non-traditional implementations like those using Residue Number System (RNS). Template attacks are successful on RNS-based Elliptic Curve Cryptography (ECC), only if the aligned portion is used in templates. In this study, we present a systematic methodology for the evaluation of ECC cryptosystems with and without countermeasures against machine learning side-channel attacks using two attack models. RNS-based ECC datasets have been evaluated using four machine learning classifiers and comparison is provided with existing state-of-the-art template attacks. Moreover, we analyze the impact of raw features and advanced hybrid feature engineering techniques, along with the effect of splitting ratio. We discuss the metrics and procedures that can be used for accurate classification on the imbalance datasets. The experimental results demonstrate that, for ECC RNS datasets, the efficiency of simple machine learning algorithms is better than the complex deep learning techniques when such datasets are not so huge.

I describe a non-interactive transaction scheme for Mimblewimble protocol, so as to overcome the usability issue of the Mimblewimble wallet. With the Diffie–Hellman, we can use an Ephemeral Key shared between the sender and the receiver, a public nonce R is added to the output for that, removing the interactive cooperation procedure. And an additional one-time public key P' is used to lock the output to make it only spendable for the receiver, i.e. the owner of P'. The new data R and P' can be committed into the bulletproof to avoid the miner’s modification. Furtherly, to keep Mimblewimble privacy character, the Stealth Address is used in this new transaction scheme. All the cost of these new features is 66-bytes additional data (the public nonce R and the one-time public key P') in each output, and 64-bytes additional signature data in each input. That is about 12% payload size increasing in a typical single input double outputs Mimblewimble transaction.

This paper constructs unbounded simulation sound proofs for boolean circuit satisfiability under standard assumptions with proof size O(n+d) bilinear group elements, where d is the depth and n is the input size of the circuit. Our technical contribution is to add unbounded simulation soundness to a recent NIZK of González and Ràfols (ASIACRYPT'19) with very small overhead. We give two different constructions: the first one is more efficient but not tight, and the second one is tight. Our new scheme can be used to construct Signatures of Knowledge based on standard assumptions that also can be composed universally with other cryptographic protocols/primitives.

As an independent contribution we also detail a simple formula to encode Boolean circuits as Quadratic Arithmetic Programs.

We present the implementation of Grover's algorithm in a quantum simulator to perform a quantum search for preimages of two scaled hash functions, whose design only uses modular addition, word rotation, and bitwise exclusive or. Our implementation provides the means to assess with precision the scaling of the number of gates and depth of a full-fledged quantum circuit designed to find the preimages of a given hash digest. The detailed construction of the quantum oracle shows that the presence of AND gates, OR gates, shifts of bits and the reuse of the initial state along the computation, require extra quantum resources as compared with other hash functions based on modular additions, XOR gates and rotations. We also track the entanglement entropy present in the quantum register at every step along the computation, showing that it becomes maximal at the inner core of the first action of the quantum oracle, which implies that no classical simulation based on Tensor Networks would be of relevance. Finally, we show that strategies that suggest a shortcut based on sampling the quantum register after a few steps of Grover's algorithm can only provide some marginal practical advantage in terms of error mitigation.

In the conference “Fast Software Encryption 2015”, a new line of research was proposed by introducing the first small-state stream cipher (SSC). The goal was to design lightweight stream ciphers for hardware application by going beyond the rule that the internal state size must be at least twice the intended security level. Time-memory-data trade-off (TMDTO) attacks and fast correlation attacks (FCA) were successfully applied to all proposed SSCs which can be implemented by less than 1000 gate equivalents in hardware. It is possible to increase the security of stream ciphers against FCA by exploiting more complicated functions for the nonlinear feedback shift register and the output function, but we use lightweight functions to design the lightest SSC in the world while providing more security against FCA. Our proposed cipher provides 80-bit security against TMDTO distinguishing attacks, while Lizard and Plantlet provide only 60-bit and 58-bit security against distinguishing attacks, respectively. Our main contribution is to propose a lightweight round key function with a very long period that increases the security of SSCs against FCA.

Circular security is the most elementary form of key-dependent message (KDM) security, which allows us to securely encrypt only a copy of secret key bits. In this work, we show that circular security is ¥emph{complete} for KDM security in the sense that an encryption scheme satisfying this security notion can be transformed into one satisfying KDM security with respect to all functions computable by a-priori bounded-size circuits (bounded-KDM security). This result holds in the presence of any number of keys and in any of secret-key/public-key and CPA/CCA settings. Such a completeness result was previously shown by Applebaum (EUROCRYPT 2011) for KDM security with respect to projection functions (projection-KDM security) that allows us to securely encrypt both a copy and a negation of secret key bits.

Besides amplifying the strength of KDM security, our transformation in fact can start from an encryption scheme satisfying circular security against ¥emph{CPA} attacks and results in one satisfying bounded-KDM security against ¥emph{CCA} attacks. This result improves the recent result by Kitagawa and Matsuda (TCC 2019) showing a CPA-to-CCA transformation for KDM secure public-key encryption schemes.

We are seeking multiple Ph.D. students and Post-Doc scholars on architectural and hardware security for a joint funded project of Prof. Amro Awad and Prof. Aydin Aysu at NC State University. The positions are in the broad area of computer architecture and hardware security. The candidates will be part of a project that is collaborative between two research groups (led by Prof. Awad and Prof. Aysu) at NC State and are expected to work on the intersection between hardware security and emerging computing architectures.

The project will explore the security aspects of hardware accelerators. The goal of this project is to identify efficient solutions for defending against a wide set of attacks (e.g., side-channel attacks) targeting hardware accelerators. We will also investigate different challenges and security concerns related to the programming models and run-time environments of particular interest to our funding agency. More information will be shared with the applicants.

PhD Applicants: Following are the minimum requirements for PhD applicants:

GPA >= 3.8 -- among top 10% of your graduating class.

Strong background in computer architecture (experience in GPUs/FPGAs is preferred)

Familiarity with Linux environment, and background in OS (experience in device drivers is preferred)

Self-motivated and independent

US citizenship is preferred due to the nature of the project, but exceptions will be made on a case-by-case basis.

Post-Doc Applicants:

We are also hiring post-doctoral scholars to lead some of the efforts in this project. Post-Doc candidates should have PhD with focus on computer architecture or systems with familiarity with hardware accelerators (e.g., FPGA and GPUs). The positions are available immediately and thus candidates who are already in the US are preferred.

Links to research groups:

Prof. Awad: https://sacagroup.github.io/

Prof. Aysu: https://research.ece.ncsu.edu/aaysu/

Closing date for applications:

Contact: Amro Awad (ajawad@ncsu.edu) and Aydin Aysu (aaysu@ncsu.edu)

The IMDEA Software Institute offers a postdoc position in the area of cryptography, in the context of the project "Cryptographic Primitives for Randomness Generation and Privacy". The postdoc will work under the supervision of Dario Fiore and Ignacio Cascudo, in the following topics and their application to blockchain systems: Zero knowledge proofs, and Random beacon generation.

Who should apply? Applicants should have a PhD in cryptography or a related topic. Experience in the research topics of the projects is highly valued.

Working at IMDEA Software The position is based in Madrid, Spain, where the IMDEA Software Institute is situated. The institute provides for travel expenses and an internationally competitive salary. The working language at the institute is English.

Dates The position has guaranteed funding for at least 2 years. The preferred starting date is around the end of 2020, but starting dates in early 2021 are also possible.

How to apply? Applicants interested in the position should submit their application at https://careers.software.imdea.org/ using reference code 2020-09-postdoc-cryptoprimitives. Deadline for applications is October 23rd, 2020. Review of applications will begin immediately.

Closing date for applications:

Contact: For enquiries about the position, please contact: dario.fiore (at) imdea.org and/or ignacio.cascudo (at) imdea.org

More information: https://software.imdea.org/open_positions/2020-09-postdoc-cryptoprimitives.html

Cryptography, Security & Privacy Research Group at Koç University has one opening at the post-doctoral researcher level. Accepted applicants may receive competitive salary, housing (accommodation) support, health insurance, computer, travel support, and lunch meal card.

Your duties include performing research on cryptography, security, and privacy in line with our research group's focus, and direct graduate and undergraduate students in their research and teaching. The project funding is related to cryptography, game theory and mechanism design, and blockchain technologies.

Applicants are expected to have already obtained their Ph.D. degrees in Computer Science or related discipline with a thesis topic related to the duties above.

For more information about joining our group and projects, visit

https://crypto.ku.edu.tr/work-with-us/

Submit your application via email including

• full CV,
• sample publications,
• a detailed research proposal,
• and 2-3 reference letters sent directly by the referees.

Application and start dates are flexible.

Closing date for applications:

Contact: Assoc. Prof. Alptekin Küpçü
https://mysite.ku.edu.tr/akupcu/

More information: https://crypto.ku.edu.tr/work-with-us/

The Network and Information Security Group is currently looking for several motivated and talented PostDoctoral researchers to contribute to research projects related to applied cryptography, hardware security, security and privacy. The successful candidates will primarily be working on the following topics (but not limited to):

• Differential Privacy;
• Functional Encryption;
• Privacy-Preserving Analytics;
• Privacy-Preserving Machine Learning;
• Searchable Encryption and data structures enabling efficient search operations on encrypted data;
• Processing of encrypted data in outsourced and untrusted environments;
• IoT Security and Applications to Smart Cities.

Programming skills is a must.

The positions are principa research-focused. Activities include:

• Conducting both theoretical and applied research;
• Design of secure and/or privacy-preserving protocols;
• Software development and validation;
• Reading and writing scientific articles;
• Presentation of the research results at seminars and conferences in Finland and abroad;
• Acquiring (or assisting in acquiring) further funding.

Successful candidates will be working in EU and industrial research projects. Topics will be spanning from the theoretical foundations of cryptography to the design and implementation of provable secure communication protocols with direct applications to smart cities, cloud computing and eHealth.

To apply please send the following:

• Your latest CV;
• A research statement (max 2 pages long);
• The three best papers you have co-authored.

Closing date for applications:

Contact:

• Antonis Michalas (Provable Security and Privacy): antonios.michalas@tuni.fi