International Association
for Cryptologic Research

The Naval Postgraduate School (NPS) is accepting applications for the position of Assistant or Associate Professor (tenure-track) in the Department of Computer Science. We encourage all qualified candidates to apply and are especially interested in candidates with a background in artificial intelligence, data science, distributed systems, machine learning, or security. We seek to fill the position by June 2021 and will consider applications beginning 30 March 2021. Additional position details can be found at: https://main.hercjobs.org/jobs/14480892

Closing date for applications:

Contact: Geoff Xie, Search Committee Chair

More information: https://main.hercjobs.org/jobs/14480892

Postdoc positions are available in the Cryptology and Data Security research group at the Institute of Computer Science, University of Bern, led by Christian Cachin.

Our research addresses all aspects of security in distributed systems, especially cryptographic protocols, consistency, consensus, and cloud-computing security. We are particularly interested in blockchains, distributed ledger technology, cryptocurrencies, and their security and economics.

Candidates should have a strong background in computer science. They should like conceptual, rigorous thinking for working theoretically, or be interested in building innovative systems for working practically. Demonstrated expertise in cryptography, distributed computing, or blockchain technology is a plus. Applicants should hold a Ph.D., with contributions in the relevant research topics.

Positions are available starting immediately and come with a competitive salary. The selection process runs until suitable candidates have been found. The University of Bern conducts excellent research and lives up its vision that “Knowledge generates value”. The city of Bern lies in the center of Switzerland and offers some of the highest quality of life worldwide.

If you are interested, please apply be sending email with one single PDF file and subject line set to Application for Postdoc addressed directly to Prof. Christian Cachin at crypto (at) inf.unibe.ch.

Closing date for applications:

Contact: For more information, please contact Christian Cachin (https://crypto.unibe.ch/cc/).

More information: https://crypto.unibe.ch/jobs/

The Cybersecurity - Identity Management group at the Hasso-Plattner-Institute (HPI), University of Potsdam is looking for a motivated PhD student or Postdoc in the area of cryptography and privacy.

Your future tasks

• Development and analysis of provably secure cryptographic protocols for real-world problems. Topics of interest include (but are not limited to):
  • Privacy-enhancing technologies
  • Password-based cryptography
  • Foundations and solutions for real-world cryptography
• Publish and present results at top-tier international conferences
• Participate in teaching activities

Your skills

• Master’s degree (or PhD for postdoctoral position) in Computer Science, Mathematics, or a related area by the time of appointment
• Profound knowledge in the areas of cryptography and IT security (for postdoctoral candidates proven in the form of publications in these areas)
• Excellent English language skills

We look forward to your application including a CV and motivation letter. Applications for the PhD position should also include a list of attended Master courses and grades, whereas applications for the Postdoc position should include contact information for two references. Please submit your application documents in a single PDF file via email.

Closing date for applications:

Contact: Anja Lehmann (anja.lehmann [at] hpi.de)

More information: https://hpi.de/lehmann/home.html

The APSIA group led by Peter Y.A. Ryan is offering a post-doc position in a research project on future-proofing privacy of secure electronic voting led by Johannes Müller. The position is fully funded for 2 years and may be extended up to 5 years.

Your Role

The candidate will shape research directions and produce results in one or more of the following topics:

• Protocol security
• Post-quantum cryptography
• Information-theoretic security
• Implementation of security protocols

Your Profile

• A PhD degree in Computer Science, Applied Mathematics or a related field
• Competitive research record in (applied) cryptography or protocol security
• Experience with secure e-voting or protocol security proofs is a plus
• Experience with post-quantum cryptography or information-theoretic security is a plus
• Experience with implementation of security protocols is a plus

Please apply online formally through the HR system (see link). Applications by email will not be considered.

Closing date for applications:

Contact: Johannes Müller

More information: https://recruitment.uni.lu/en/details.html?id=QMUFK026203F3VBQB7V7VV4S8&nPostingID=57676&nPostingTargetID=80219&mask=karriereseiten&lg=UK

We are looking for an assistant/associate professor to extend and complement the cryptology research and teaching of the Cyber Security Section at DTU Compute. The position is available from August 1 2021 or according to mutual agreement.

Closing date for applications:

Contact: Professor Lars Ramkilde Knudsen, lrkn@dtu.dk. Please use the above link when applying for the position. Applications sent by email will not be considered.

More information: https://www.dtu.dk/english/about/job-and-career/vacant-positions/job?id=fa3c2175-2322-42c9-b822-167147cf4e70

We introduce the first construction for secure two-party computation of Poisson regression, which enables two parties who hold shares of the input samples to learn only the resulting Poisson model while protecting the privacy of the inputs.

Our construction relies on new protocols for secure fixed-point exponentiation and correlated matrix multiplications. Our secure exponentiation construction avoids expensive bit decomposition and achieves orders of magnitude improvement in both online and offline costs over state of the art works. As a result, the dominant cost for our secure Poisson regression are matrix multiplications with one fixed matrix. We introduce a new technique, called correlated Beaver triples, which enables many such multiplications at the cost of roughly one matrix multiplication. This further brings down the cost of secure Poisson regression.

We implement our constructions and show their extreme efficiency. Our secure exponentiation for 20-bit fractional precision takes less than 0.07ms. One iteration of Poisson regression on a dataset with 10,000 samples with 1000 binary features, requires 16.47s offline time, 23.73s online computation and 7.279MB communication. For several real datasets this translates into training that takes seconds and only a couple of MB communication.

Iterative methods are a standard technique in many areas of scientific computing. The key idea is that a function is applied repeatedly until the resulting sequence converges to the correct answer. When applying such methods in a secure computation methodology (for example using MPC, FHE, or SGX) one either needs to perform enough steps to ensure convergence irrespective of the input data, or one needs to perform a convergence test within the algorithm, and this itself leads to a leakage of data. Using the Banach Fixed Point theorem, and its extensions, we show that this data-leakage can be quantified. We then apply this to a secure (via MPC) implementation of the PageRank methodology. For PageRank we show that allowing this small amount of data-leakage produces a much more efficient secure implementation, and that for many underlying graphs this `leakage' is already known to any attacker.

Bitcoin transfers value on a public ledger of transactions anyone can verify. Coin ownership is defined in terms of public keys. Despite potential use for private transfers, research has shown that users’ activity can often be traced in practice. Businesses have been built on dragnet surveillance of Bitcoin users because of this lack of strong privacy, which harms its fungibility, a basic property of functional money. Although the public nature of this design lacks strong guarantees for privacy, it does not rule it out. A number of methods have been proposed to strengthen privacy. Among these is CoinJoin, an approach based on multiparty transactions that can introduce ambiguity and break common assumptions that underlie heuristics used for deanonymization. Existing implementations of CoinJoin have several limitations which may partly explain the lack of their widespread adoption. This work introduces WabiSabi, a new protocol for centrally coordinated CoinJoin implementations utilizing keyed verification anonymous credentials and homomorphic value commitments. This improves earlier approaches which utilize blind signatures in both privacy and flexibility, enabling novel use cases and reduced overhead.

Threshold ECDSA signatures provide a higher level of security to a crypto wallet since it requires more than t parties out of n parties to sign a transaction. The state-of-the-art bandwidth efficient threshold ECDSA used the additive homomorphic Castagnos and Laguillaumie (CL) encryption based on an unknown order group G, together with a number of zero-knowledge proofs in G. In this paper, we propose compact zero-knowledge proofs for threshold ECDSA to lower the communication bandwidth, as well as the computation cost. The proposed zero-knowledge proofs include the discrete-logarithm relation in G and the well-formedness of a CL ciphertext.

When applied to two-party ECDSA, we can lower the bandwidth of the key generation algorithm by 47%, and the running time for the key generation and signing algorithms are boosted by about 35% and 104% respectively. When applied to threshold ECDSA, our first scheme is more optimized for the key generation algorithm (about 70% lower bandwidth and 70% faster computation in key generation, at a cost of 20% larger bandwidth in signing), while our second scheme has an all-rounded performance improvement (about 60% lower bandwidth, 27% faster computation in key generation without additional cost in signing).

The Brakerski-Gentry-Vaikuntanathan (BGV) and Brakerski/Fan-Vercauteren (BFV) schemes are the two main homomorphic encryption (HE) schemes to perform exact computations over finite fields and integers. Although the schemes work with the same plaintext space, there are significant differences in their noise management, algorithms for the core homomorphic multiplication operation, message encoding, and practical usability. The main goal of our work is to revisit both schemes, focusing on closing the gap between the schemes by improving their noise growth, computational complexity of the core algorithms, and usability. The other goal of our work is to provide both theoretical and experimental performance comparison of BGV and BFV.

More precisely, we propose an improved variant of BFV where the encryption operation is modified to significantly reduce the noise growth, which makes the BFV noise growth somewhat better than for BGV (in contrast to prior results showing that BGV has smaller noise growth for larger plaintext moduli). We also modify the homomorphic multiplication procedure, which is the main bottleneck in BFV, to reduce its algorithmic complexity. Our work introduces several other novel optimizations, including lazy scaling in BFV homomorphic multiplication and an improved BFV decryption procedure in the Residue Number System (RNS) representation. We also develop a usable variant of BGV as a more efficient alternative to BFV for common practical scenarios.

We implement our improved variants of BFV and BGV in PALISADE and evaluate their experimental performance for several benchmark computations. Our results suggest that BGV is faster for intermediate and large plaintext moduli, which are often used in practical scenarios with ciphertext packing, while BFV is faster for small plaintext moduli.

Anonymous tokens have recent applications in private Internet browsing and anonymous statistics collection. We develop new schemes in order to include public metadata such as expiration dates for tokens. This inclusion enables planned mass revocation of tokens without distributing new keys, which for natural instantiations can give 77 - 90 % amortized traffic savings compared to Privacy Pass (Davidson et al., 2018) and PrivateStats (Huang et al., 2021), respectively. By transforming the public key, we are able to append public metadata to several existing protocols without having to change the security proofs in any substantial way.

Additional contributions include expanded definitions and a description of how anonymous tokens can improve the privacy in dp3t-like digital contact tracing applications. We also show how to create efficient and conceptually simple tokens with public metadata and public verifiability from pairings.

We study when (dual) Vandermonde systems of the form ${V}_T^{{(\intercal)}} \cdot \vec{z} = s\cdot \vec{w}$ admit a solution $\vec{z}$ over a ring $\mathcal{R}$, where ${V}_T$ is the Vandermonde matrix defined by a set $T$ and where the "slack" $s$ is a measure of the quality of solutions. To this end, we propose the notion of $(s,t)$-subtractive sets over a ring $\mathcal{R}$, with the property that if $S$ is $(s,t)$-subtractive then the above (dual) Vandermonde systems defined by any $t$-subset $T \subseteq S$ are solvable over $\mathcal{R}$. The challenge is then to find large sets $S$ while minimising (the norm of) $s$ when given a ring $\mathcal{R}$.

By constructing families of $(s,t)$-subtractive sets $S$ of size $n = $ poly over cyclotomic rings $\mathcal{R} = \mathbb{Z}[\zeta_{p^\ell}]$ for prime $p$, we construct Schnorr-like lattice-based proofs of knowledge for the SIS relation ${A} \cdot \vec{x} = s \cdot \vec{y} \bmod q$ with $O(1/n)$ knowledge error, and $s = 1$ in case $p = $ poly. Our technique slots naturally into the lattice Bulletproof framework from Crypto'20, producing lattice-based succinct arguments for NP with better parameters.

We then give matching impossibility results constraining $n$ relative to $s$, which suggest that our Bulletproof-compatible protocols are optimal unless fundamentally new techniques are discovered. Noting that the knowledge error of lattice Bulletproofs is \(\Omega(\log k/n)\) for witnesses in \(\mathcal{R}^k\) and subtractive set size \(n\), our result represents a barrier to practically efficient lattice-based succinct arguments in the Bulletproof framework.

Beyond these main results, the concept of $(s,t)$-subtractive sets bridges group-based threshold cryptography to lattice settings, which we demonstrate by relating it to distributed pseudorandom functions.

Company's mission: Original solutions for the security and economic demands of data and data owners.

Seniority level: Open to discussion. Lack of industry experience can be compensated by academic achievements.

Industry: Information Technology, Cybersecurity, Data Science.

Available employment types: full-time, part-time, in-person, remote.

Responsibilities:

• Stay current with advances in cryptography, related areas, and the underlying mathematical subjects.
• Understand and implement existing cryptographic constructions in the literature and industry.
• Help to design and to evaluate new cryptographic schemes and protocols.

Minimum Qualifications:

• Ph.D. in Computer Science, Mathematics, Engineering, or another related field.
• Fluency in at least one of the following programming languages: C, C++, Python, Ruby, Go, Java.
• Reasonable proficiency in several topics in discrete mathematics (in particular, logic, group theory, probability, number theory, and linear algebra).

Preferred:

• Track record of peer-reviewed publications related to cryptography and mathematics in general.
• Experience with cryptanalysis.

Benefits:

• Work with challenging problems for deploying real-world applications of significant impact in the industry.
• Direct contact with crypto experts in in-depth discussions and analysis of ongoing projects.
• Learn from veterans from the industry of new technologies.
• Incentives for writing scientific papers, patents, and participating in academic conferences and other related events.
• Budget for investing in continued education (books, courses, seminars, certifications, among others).
• Visa sponsorship (when applicable).
• Dental, vision, and health insurance (for full-time employees).
• Salary to be defined according to the seniority and employment level.

Closing date for applications:

Contact: David Silva, david@x-logos.com

DFINITY has a world-class team of computer science researchers that is experiencing rapid growth as we approach the Internet Computer’s public launch. We have multiple openings across a broad range of seniority and fields with a focus on security and practical performance. Below are some examples of relevant research areas - but unique combinations or variations are ok.

• Cryptography
• Distributed systems
• Formal verification
• Networking
• Computer
• Operating systems
• Embedded system
• Pen testing

Please see our careers page for more information.

Closing date for applications:

Contact: Jens Groth: jens AT dfinity.org

More information: https://dfinity.org/careers

Do you like designing and implementing secure systems? Are you passionate about code simplicity, quality, and performance? Do you think that cryptographic tools such as zero-knowledge proofs and threshold crypto are heavily under-utilized? This is a unique opportunity to work with exceptional engineering teams creating the Internet Computer and bring advanced cryptographic algorithms to practical use. For more information about the position, please refer to our careers page.

Closing date for applications:

Contact: Jens Groth: jens AT dfinity.org

More information: https://dfinity.org/careers

We would like to announce open postdoc and (fully-funded) phd positions.

We are searching for candidates who are enthusiastic about driving forward the field of quantum cryptography (including post-quantum crypto), especially provable quantum security. The research takes place in the context of an ERC project that targets formally verified quantum cryptographic proofs.

For more information, see the link below. Please forward this to anyone potentially interested, and do not hesitate to contact me.

Closing date for applications:

Contact: Dominique Unruh, unruh@ut.ee

More information: https://crypto.cs.ut.ee/Main/PostdocInPost-QuantumCryptography

We revisit private optimization and learning from an information processing view. The main contribution of this paper is twofold. First, different from the classic cryptographic framework of operation-by-operation obfuscation, a novel private learning and inference framework via either data-dependent or random transformation on the sample domain is proposed. Second, we propose a novel security analysis framework, termed probably approximately correct (PAC) inference resistance, which bridges the information loss in data processing and prior knowledge. Through data mixing, we develop an information theoretical security amplifier with a foundation of PAC security.

We study the applications of such a framework from generalized linear regression models to modern learning techniques, such as deep learning. On the information theoretical privacy side, we compare three privacy interpretations: ambiguity, statistical indistinguishability (Differential Privacy) and PAC inference resistance, and precisely describe the information leakage of our framework. We show the advantages of this new random transform approach with respect to underlying privacy guarantees, computational efficiency and utility for fully connected neural networks.

We propose a novel MPC framework, Manticore, in the multiparty setting, with full threshold and semi-honest security model, supporting a combination of real number arithmetic (arithmetic shares), Boolean arithmetic (Boolean shares) and garbled circuits (Yao shares). In contrast to prior work [MZ17, MR18], Manticore never overflows, an important feature for machine learning applications. It achieves this without compromising efficiency or security. Compared to other overflow-free recent techniques such as MP-SPDZ [EGKRS20] that convert arithmetic to Boolean shares, we introduce a novel highly efficient modular lifting/truncation method that stays in the arithmetic domain. We revisit some of the basic MPC operations such as real-valued polynomial evaluation, division, logarithm, exponential and comparison by employing our modular lift in combination with existing efficient conversions between arithmetic, Boolean and Yao shares. Furthermore, we provide a highly efficient and scalable implementation supporting logistic regression models with real-world training data sizes and high numerical precision through PCA and blockwise variants (for memory and runtime optimizations). On a dataset of 50 million rows and 50 columns distributed among two players, it completes in one day with at least 10 decimal digits of precision.Our logistic regression solution placed first at Track 3 of the annual iDASH’2020 Competition. Finally, we mention a novel oblivious sorting algorithm built using Manticore.

Gaussian sampling over the integers is one of the fundamental building blocks of lattice-based cryptography. In particular, it can't be avoided in trapdoor sampling until now. However, it's still a challenging work how to construct a generic, efficient, and isochronous Gaussian sampler. In this paper, our contribution is three-fold.

First, we propose a secure, efficient exponential Bernoulli sampling algorithm. It can be applied to Gaussian samplers based on rejection samplings. We apply it to FALCON, a candidate of round 3 of the NIST post-quantum cryptography standardization project, and reduce its signature generation time by 13.66%-15.52%.

Second, we develop a new Gaussian sampler based on rejection sampling. Our Algorithm can securely sample from Gaussian distributions with different standard deviations and arbitrary centers. We apply it to PALISADE (S&P'18), an open-source lattice cryptography library. The new implementation of trapdoor sampling in PALISADE has better performance while resisting timing attacks.

Third, we improve the efficiency of the COSAC sampler (PQC'20). The new COSAC sampler is 1.46x-1.63x faster than the original and has the lowest expected number of trials among all Gaussian samplers based on rejection samplings. But it needs a more efficient algorithm sampling from the normal distribution to improve its performance.

The module learning with errors (MLWE) problem is one of the most promising candidates for constructing quantum-resistant cryptosystems. In this work, we propose an open-source framework to automatically adjust the level of parallelism for MLWE-based key exchange protocols to maximize the protocol execution efficiency. We observed that the number of key exchanges handled by primitive functions in parallel, and the dimension of the grids in the GPUs have significant impacts on both the latencies and throughputs of MLWE key exchange protocols. By properly adjusting the related parameters, in the experiments, we show that performance of MLWE based key exchange protocols can be improved across GPU platforms.