International Association
for Cryptologic Research

Abstract. In this paper, we present different implementations of point multiplication over Curve448. Curve448 has recently been recommended by NIST to provide 224-bit security over elliptic curve cryptography. Although implementing high-security cryptosystems should be considered due to recent improvements in cryptanalysis, hardware implementation of Curve488 has been investigated in a few studies. Hence, in this study, we propose three variable-base-point FPGA-based Curve448 implementations, i.e., lightweight, area-time efficient, and high-performance architectures, which aim to be used for different applications. Synthesized on a Xilinx Zynq 7020 FPGA, our proposed high-performance design increases 12% throughput with executing 1,219 point multiplication per second and increases 40% efficiency in terms of required clock cycles\timesutilized area compared to the best previous work. Furthermore, the proposed lightweight architecture works in 250 MHz and saves 96% of resources with the same performance. Additionally, our area-time efficient design considers a trade-off between time and required resources, which shows a 48% efficiency improvement with 52% fewer resources. Finally, effective side-channel countermeasures are added to our proposed designs, which also outperform previous works.

An extensive research of MPC protocols in different adversarial settings over the past few years has led to various improvements in this domain. Goyal et al(2019) in their paper addressed the issue of an efficient MPC protocol in active adversarial setting by removing the dependency on multiplication depth $D_m$ in the arithmetic circuit. This development was followed by Hirt et al.(2020) which proposed an efficient MPC protocol tolerating mixed adversary with communication complexity of $O((c_i + c_m + c_o)nk + c_iBA(k) + D_m(n^3k + nBA(k)))$ bits, where $D_m$ is the multiplicative depth of the circuit. Additionally, Hirt et al., proposed an open problem to construct a protocol for the mixed adversarial setting, independent of the multiplicative depth $D_m$, with linear communication complexity. In this paper, we resolve this problem in the affirmative by providing an efficient MPC protocol in the mixed adversarial setting independent of the multiplicative depth of the circuit.

Efficient computation of polynomial multiplication for characteristic three fields, $\mathbb{F}_{3^{n}}$ for $n\geq1$, is an important attribute for many cryptographic protocols. In this paper, we propose three new polynomial multiplication algorithms over $\mathbb{F}_{3}[x]$ and show that they are more efficient than the current state-of-the-art algorithms. We first examine through the well-known multiplication algorithms in $\mathbb{F}_{3}[x]$ including Karatsuba-2-way and 3-way split formulas along with the recent enhancements. Then, we propose a new 4-way split polynomial multiplication algorithm and an improved version of it which are both derived by using interpolation in $\mathbb{F}_{9}$. Moreover, we propose a 5-way split multiplication algorithm, and then compare the efficiencies of these algorithms altogether. We apply the proposed algorithms to the NTRU Prime protocol, a post-quantum key encapsulation mechanism (KEM), submitted to the NIST PQC Competition by Bernstein et al., performing polynomial multiplication in characteristic three fields in its decapsulation phase. We observe that the new hybrid algorithms provide a $12.9\%$ reduction in the arithmetic complexity. Furthermore, we implement these new hybrid methods on Intel (R) Core (TM) i7-9750H architecture using C and obtain a $37.3\%$ reduction in the implementation cycle count.

Homomorphic encryption (HE) is a promising cryptographic primitive that enables computation over encrypted data, with various applications to medical, genomic, and financial tasks. In such applications, data typically contain some errors from their true values. The CKKS encryption scheme proposed by Cheon et al. (Asiacrypt 2017) supports approximate computation over encrypted data. However, HE schemes including CKKS commonly suffer from slow encryption speed and large ciphertext expansion compared to symmetric cryptography.

To address these problems, in particular, focusing on the client-side online computational overload and the ciphertext expansion, we propose a novel hybrid framework that supports CKKS. Since it seems to be infeasible to design a stream cipher operating on real numbers, we combine the CKKS and the FV homomorphic encryption schemes, and use a stream cipher using modular arithmetic in between. The proposed framework is thus dubbed the CKKS-FV transciphering framework. As a result, real numbers can be encrypted without significant ciphertext expansion or computational overload on the client side.

As a stream cipher to instantiate the CKKS-FV framework, we propose a new HE-friendly cipher, dubbed HERA, and analyze its security and efficiency. HERA is a stream cipher that features a simple randomized key schedule (RKS). Compared to recent HE-friendly ciphers such as FLIP and Rasta using randomized linear layers, HERA needs smaller number of random bits, leading to efficiency improvement on both the client and the server sides.

Our implementation shows that the CKKS-FV framework using HERA is $3.634$ to $398$ times faster on the client-side, compared to the environment where CKKS is only used, in terms of encryption time. Our framework also enjoys $2.4$ to $436.7$ times smaller ciphertext expansion according to the plaintext length.

The standard model security of the Fiat-Shamir transform has been an active research area for many years. In breakthrough results, Canetti {\it et al.} (STOC'19) and Peikert-Shiehian (Crypto'19) showed that, under the Learning-With-Errors ($\LWE{}$) assumption, it provides soundness by applying correlation-intractable (CI) hash functions to so-called trapdoor $\Sigma$-protocols. In order to be compatible with CI hash functions based on standard LWE assumptions with polynomial approximation factors, all known such protocols have been obtained via parallel repetitions of a basic protocol with binary challenges. In this paper, we consider languages related to Paillier's composite residuosity assumption (DCR) for which we give the first trapdoor $\Sigma$-protocols providing soundness in one shot, via exponentially large challenge spaces. This improvement is analogous to the one enabled by Schnorr over the original Fiat-Shamir protocol in the random oracle model. Using the correlation-intractable hash function paradigm, we then obtain simulation-sound NIZK arguments showing that an element of $\mathbb{Z}_{N^2}^\ast$ is a composite residue. As a main application, we build logarithmic-size ring signatures (assuming a common reference string) which yield the shortest signature length among schemes based on standard assumptions in the standard model. We prove security under the DCR and LWE assumptions, while keeping the signature size comparable with that of random-oracle-based schemes.

We propose an improvement for the inner product argument of Bootle et al. (EUROCRYPT’16). The new argument replaces the unstructured common reference string (the commitment key) by a structured one. We give two instantiations of this argument, for two different distributions of the CRS. In the designated verifier setting, this structure can be used to reduce verification from linear to logarithmic in the circuit size. The argument can be compiled to the publicly verifiable setting in asymmetric bilinear groups. The new common reference string can easily be updateable. The argument can be directly used to improve verification of Bulletproofs range proofs (IEEE SP’18). On the other hand, to use the improved argument to prove circuit satisfiability with logarithmic verification, we adapt recent techniques from Sonic (ACM CCS’19) to work with the new common reference string. The resulting argument is secure under standard assumptions (in the Random Oracle Model), in contrast with Sonic and recent works that improve its efficiency (Plonk, Marlin, AuroraLight), which, apart from the Random Oracle Model, need either the Algebraic Group Model or Knowledge Type assumptions.

Protecting the privacy of voters is a basic requirement of any electronic voting scheme, and formal definitions can be used to prove that a scheme satisfies privacy. In this work, we provide new game-based definitions of ballot secrecy for electronic voting schemes. First, we propose an intuitive definition in the honest model, i.e., a model in which all election officials are honest. Then, we show that this definition can be easily extended to the malicious ballot box setting and a setting that allows for a distributed tallier. In fact, to the best of our knowledge, we provide the first game-based definition of ballot secrecy that models both a malicious ballot box and a malicious subset of talliers. We demonstrate that our definitions of ballot secrecy are satisfiable, defining electronic voting scheme constructions which we prove satisfy our definitions. Finally, we revisit existing definitions, exploring their limitations and contextualising our contributions to the field.

TCC 2020 will take place virtually on Nov 16-19 2020.

The registration to TCC 2020 and its virtual affiliated event is open: https://tcc.iacr.org/2020/registration.php

The affiliated event "Matches made in heaven: Cryptography and Theoretical Computer Science" will focus on the tight relationship between these areas (check out the speakers at https://tcc.iacr.org/2020/program.php, a web page with abstract and title is coming soon) and will take place before and after TCC talks.

TU Darmstadt has an opening for a tenure-track assistant professorship (W2) in Quantum Computing in the Computer Science Department. Areas of interest are:

• Quantum algorithms
• Quantum engineering
• Quantum programming systems
• Quantum compilers
• Simulation of quantum computers

Application Deadline is November 22nd, 2020. For information about the process please follow the URL.

Closing date for applications:

Contact: For further information or questions please contact Prof. Dr. Felix Wolf, e-mail: wolf@cs.tu-darmstadt.de

More information: https://www.tu-darmstadt.de/universitaet/karriere_an_der_tu/stellenangebote/aktuelle_stellenangebote/stellenausschreibungen_detailansichten_1_379840.en.jsp

The IMDEA Software Institute offers an intern position in the area of security and privacy in blockchain, in the context of the project SLN: Scalability for the Lightning Network. The intern will work under the supervision of Pedro Moreno-Sanchez.

Who should apply?: Applicants should have finished (or be close to finish) a master degree in Computer Science. Experience in cryptography, distributed systems or blockchain is highly valued.

Working at IMDEA Software: The positions are based in Madrid, Spain where the IMDEA Software Institute is situated. Salaries are internationally competitive and include attractive conditions such as access to an excellent public healthcare system. The working language at the institute is English. Knowledge of Spanish is not required.

Dates: The position has guaranteed funding for 6 months. There exists the possibility to stay afterwards as PhD student. The preferred starting date is early 2021.

How to apply?: Applicants interested in the position should submit their application at https://careers.software.imdea.org/ using reference code 2020-10-intern-blockchain. Deadline for applications is November 30th, 2020. Review of applications will begin immediately.

Closing date for applications:

Contact: For enquiries about the positions, please contact: pedro(dot)moreno(at)imdea(dot)org

More information: http://software.imdea.org/open_positions/2020-10-intern-blockchain.html

We are looking for candidates for a PhD position in the field of design and modeling phase-locked loops (PLL) as a source of randomness in logic devices, implementation of true random number generators (TRNG) based on PLLs in FPGAs and ASICs, analysis of statistical properties of the generated numbers, statistical modeling of the proposed TRNGs and construction of efficient embedded tests dedicated to the proposed generators and based on their stochastic models. Desired profile: Master degree is required. Required skills: a) good knowledge of digital electronics and embedded systems; b) knowledge of FPGA design tools (Intel, Xilinx or Microsemi) as well as simulation tools (Modelsim); c) good level of English. Other useful skills: d) data acquisition and data analysis (use of tcl and python languages in particular); e) signal processing, mathematical modeling, statistics; f) basic knowledge in information security.

Closing date for applications:

Contact: fischer(at)univ-st-etienne.fr

More information: https://laboratoirehubertcurien.univ-st-etienne.fr/en/teams/secure-embedded-systems-hardware-architectures/job-opportunities-2.html

Permanent Lecturer (equiv. to Assistant Professor) position in Computer Science at the University of Surrey, UK.

Topics of interest: distributed/concurrent systems, blockchain, internet data science or social computing, with links to security and/or AI.

Closing deadline: November 22, 2020

See https://jobs.surrey.ac.uk/vacancy.aspx?ref=045220

Closing date for applications:

Contact: Informal inquiries to Mark Manulis (m dot manulis at surrey dot ac dot uk)

More information: https://jobs.surrey.ac.uk/vacancy.aspx?ref=045220

We are looking for outstanding Post-Doc to work on physical (hardware) security.

The group offers excellent working environment as a part of Horst Görtz Institut for IT Security (HGI https://hgi.rub.de/en/ ) including more than 200 scientists active in several different aspects of IT security and cryptography.

The candidate should have a PhD in IT-security, electrical engineering, computer engineering, or computer science with excellent publication records.

Since the position is funded by a national project, having the ability to fluently talk, write, and read in German is a must. The position is for two years, with an option to extend.

Send your application in a single pdf file to amir.moradi (at) rub.de

Closing date for applications:

Contact: Amir Moradi

More information: https://www.seceng.rub.de/moradi/

NYU Shanghai is currently inviting applications for a Tenured or Tenure-track position in Computer Science Theory. The search is not restricted to any rank and outstanding candidates at all levels are encouraged to apply. We seek candidates who have completed a PhD in Computer Science, or a closely related discipline. We invite candidates with a strong research record in CS theory to apply, including research in algorithms, data structures, computational complexity, cryptography, learning theory, and so on. NYU Shanghai is the third degree-granting campus within New York University’s global network. It is the first higher education joint venture in China authorized to grant degrees that are accredited in the U.S. as well as in China. All teaching is conducted in English. A research university with liberal arts and science at its core, it resides in one of the world's great cities with a vibrant intellectual community. NYU Shanghai recruits scholars of the highest caliber who are committed to NYU's global vision of transformative teaching and innovative research and who embody the global society in which we live. Applicants will submit a cover letter, curriculum vitae, statement of research, and a statement of teaching interests. Additionally, applicants will be prompted to enter the names and email addresses of at least three referees. Each referee will be contacted to upload a reference letter through Interfolio. Applications may be received until February 1, 2021. Review of applications will begin on January 1, 2021.

Closing date for applications:

Contact: shanghai.faculty.recruitment@nyu.edu

More information: https://apply.interfolio.com/80168

The Center for Information Security and Trust (CISAT) at the Computer Science Department of the IT University of Copenhagen invites highly motivated individuals to apply for a Postdoc position starting in January 2021 or soon thereafter for a duration of 2 years.

The position is in the context of the project “Enabling User-Accountable Mechanisms for Decision Systems”, which looks at ways to provide dispute resolution capabilities to decision systems (e.g. voting protocols) by combining cryptographic techniques for human senses with advanced cryptographic protocols.

Closing date for applications:

Contact: Rosario Giustolisi (rosg@itu.dk) or Carsten Schürmann (carsten@itu.dk)

More information: https://candidate.hr-manager.net/ApplicationInit.aspx?cid=119&ProjectId=181223&DepartmentId=3439&MediaId=5

Lund University was founded in 1666 and is repeatedly ranked among the world’s top 100 universities. The University has 40 000 students and more than 8 000 staff based in Lund, Helsingborg and Malmö.

The research project is in the area of post-quantum cryptography and aims to investigate how the problem "Learning-With-Errors" (LWE) or related problems can be used to develop new cryptographic primitives. This includes examining existing primitives that base their security on the LWE problem as well as trying to find new, more effective primitives. One such primitive is fully homomorphic encryption.

Work duties: The main duties of doctoral students are to devote themselves to their research studies which includes participating in research projects and third cycle courses. The work duties can also include teaching and other departmental duties (no more than 20%).

Admission requirements: A second-cycle qualification, or similar, and at least 60 second-cycle credits in subjects of relevance to electrical engineering, or a MSc in computer science or electrical engineering, Also, very good oral and written proficiency in English, and strong knowledge and skills in the following areas: cryptology, coding theory, abstract algebra, number theory, discrete mathematics, programming in C, Java, Python, or other languages.

Terms of employment: This is a full-time, fixed-term employment including 4 years research (maximum of 5 years including 20% departmental duties). Doctoral students are employed with competitive salary (about 31kSEK per month before tax).

Last application date: 12.Nov.2020

Closing date for applications:

Contact: Thomas johansson (thomas@eit.lth.se)

More information: https://lu.varbi.com/en/what:job/jobID:358175/

As part of the project LOCARD (https://locard.eu/) Athena Research Center (https://www.athenarc.gr/) we are offering 2 funded positions for PhD students and 2 for postdocs in the fields of security, machine learning, malware, and cryptography.
Interested candidates are advised to contact the coordinator (see details below) for further clarifications.

PhD candidates are expected to hold a Master’s degree (or equivalent) in Computer Science or related disciplines and with a strong interest in the field of security in the aforementioned fields. Excellent working knowledge of English is required.

Post-Doc candidates are expected to hold a PhD degree the fields of Computer Security of Machine Learning, have experience in EU funded projects and excellent working knowledge of English.

Deadline for applications 3/11/2020.

Closing date for applications:

Contact: Prof. Constantinos Patsakis (kpatsak@unipi.gr)

More information: https://www.imsi.athenarc.gr/el/announcements/announcement/464

Two JRF positions are available in DRDO Sponsored Research Project at the Department of Mathematics, NIT Jamshedpur, India. Title of the Project: Security Analysis & Development of Multivariate Post-Quantum Cryptography Schemes. Essential Qualification: M.Sc. in Mathematics/Applied Mathematics/Pure Mathematics/Mathematics & Computing or equivalent degree with at least 60% marks (or a CGPA of 7.0 on a 10-point scale) with NET/GATE. Desirable : Candidates with sound knowledge of Cryptology and Network Security as well as knowledge in mathematical software such as SageMath/MAGMA will be preferred.

Closing date for applications:

Contact: Sumit Kumar Debnath (PI)

More information: http://www.nitjsr.ac.in/uploads/index.php?id=3524&category=notifications

The long term privacy of voting systems is of increasing concern as quantum computers come closer to reality. Everlasting privacy schemes offer the best way to manage these risks at present. While homomorphic tallying schemes with everlasting privacy are well developed, most national elections, using electronic voting, use mixnets. Currently the best candidate encryption scheme for making these kinds of elections everlastingly private is PPATC, but it has not been shown to work with any mixnet of comparable efficiency to the current ElGamal mixnets. In this work we give a paper proof, and a machine checked proof, that the variant of Wikstrom's mixnet commonly in use is safe for use with the PPATC encryption scheme.

In this work we introduce a novel four-party honest-majority MPC protocol with active security that achieves comparable efficiency to equivalent protocols in the same setting, while having a much simpler design and not relying on function-dependent preprocessing. Our initial protocol satisfies security with abort, but we present some extensions to achieve guaranteed output delivery. Unlike previous works, we do not achieve this by delegating the computation to one single party that is identified to be honest, which is likely to hinder the adoption of these technologies as it centralizes sensitive data. Instead, our novel approach guarantees termination of the protocol while ensuring that no single party (honest or corrupt) learns anything beyond the output.

We implement our four-party protocol with abort in the MP-SPDZ framework for multiparty computation and benchmark multiple applications like MNIST classification training and ImageNet inference. Our results show that our four-party protocol performs similarly to an efficient honest-majority three-party protocol that only provides semi-honest/passive security, which suggest that adding a fourth party can be an effective method to achieve active security without harming performance.