International Association
for Cryptologic Research

Event date: 6 September 2021
Submission deadline: 21 May 2021
Notification: 2 July 2021

Event date: 10 January to 12 January 2022
Submission deadline: 1 September 2021
Notification: 1 November 2021

Cryptography, Security & Privacy Research Group at Koç University has one opening at the post-doctoral researcher level. Accepted applicants may receive competitive salary, housing (accommodation) support, health insurance, computer, travel support, and lunch meal card.

Your duties include performing research on cryptography, security, and privacy in line with our research group's focus, as well as directing graduate and undergraduate students in their research and teaching. The project funding is related to cryptography, game theory and mechanism design, and blockchain technologies.

Applicants are expected to have already obtained their Ph.D. degrees in Computer Science or related discipline with a thesis topic related to the duties above.

For more information about joining our group and projects, visit

https://crypto.ku.edu.tr/work-with-us/

Submit your application via email including

• full CV,
• 1-3 sample publications where you are the main author,
• a detailed research proposal,
• and 2-3 reference letters sent directly by the referees.

Application and start dates are flexible.

Closing date for applications:

Contact: Assoc. Prof. Alptekin Küpçü
https://member.acm.org/~kupcu

More information: https://crypto.ku.edu.tr/work-with-us/

Cryptography, Security & Privacy Research Group at Koç University has multiple openings at every level. Accepted Computer Science and Engineering applicants may receive competitive scholarships including monthly stipend, tuition waiver, housing (accommodation) support, health insurance, computer, travel support, and lunch meal card.

Your duties include performing research on cryptography, security, and privacy in line with our research group's focus, assist teaching, as well as collaborating with other graduate and undergraduate students. Computer Science, Mathematics, Cryptography, or related background is necessary.

For applying online, and questions about the application-process for M.Sc. and Ph.D. positions, visit

https://gsse.ku.edu.tr/en/admissions/application-requirements

All applications must be completed online. Applications with missing documents will not be considered. Applications via e-mail will not be considered. Application Requirements:

1. CV
2. Recommendation Letters (2 for MSc, 3 for PhD)
3. TOEFL (for everyone whose native language is not English, Internet Based: Minimum Score 80)
4. GRE scores (required from non-Turkish nationals)
5. Official transcripts from all the universities attended
6. Statement of Purpose
7. Area of Interest Form filled online

https://gsse.ku.edu.tr/en/admissions/how-to-apply/

We also have non-thesis Cyber Security M.Sc. program:

https://cybersecurity.ku.edu.tr/tuition/

For more information about joining our group and projects, visit

https://crypto.ku.edu.tr/work-with-us/

Closing date for applications:

Contact: https://gsse.ku.edu.tr/en/admissions/how-to-apply/

More information: https://gsse.ku.edu.tr/en/admissions/application-requirements

Cryptography, Security & Privacy Research Group at Koç University has multiple openings for summer research interns (at both undergraduate and graduate level). Apply via:

http://kusrp.ku.edu.tr

For more information about joining our group and projects, visit

https://crypto.ku.edu.tr/work-with-us/

All applications must be completed online. Applications with missing documents will not be considered. Applications via e-mail will not be considered. Application Requirements:

1. CV
2. 2 Recommendation Letters
3. Official transcripts from all the universities attended
4. Statement of Purpose
5. Application Form filled online

Deadline is 11 April 2021.

Closing date for applications:

Contact: http://kusrp.ku.edu.tr

More information: http://kusrp.ku.edu.tr

We introduce a class of interactive protocols, which we call sumcheck arguments, that establishes a novel connection between the sumcheck protocol (Lund et al. JACM 1992) and folding techniques for Pedersen commitments (Bootle et al. EUROCRYPT 2016).

Informally, we consider a general notion of bilinear commitment over modules, and show that the sumcheck protocol applied to a certain polynomial associated with the commitment scheme yields a succinct argument of knowledge for openings of the commitment. Building on this, we additionally obtain succinct arguments for the NP-complete language R1CS over certain rings.

Sumcheck arguments enable us to recover as a special case numerous prior works in disparate cryptographic settings (such as discrete logarithms, pairings, groups of unknown order, lattices), providing one abstract framework to understand them all. Further, we answer open questions raised in prior works, such as obtaining a lattice-based succinct argument from the SIS assumption for satisfiability problems over rings.

We elaborate an approach for determining the order of an elliptic curve from the family $\mathcal{E}_p = \{E_a: y^2 = x^3 + a \pmod p, a \not = 0\}$ where $p$ is a prime number $> 3$. The essence of this approach consists in combining the well-known Hasse bound with an explicit formula for that order reduced to modulo $p$. It allows to advance an efficient technique of complexity $O(\log^2 p)$ for computing simultaneously the six orders associated with the family $\mathcal{E}_p$ when $p \equiv 1 \pmod 3$, thus improving the best known algorithmic solution for that problem with an order of magnitude.

The high demand for customer-centric applications such as secure cloud storage laid the foundation for the development of user-centric security protocols with multiple security features in recent years. But, the current state-of-art techniques primarily emphasized only one type of security feature i.e., either homomorphism or non-malleability. In order to fill this gap and provide a common platform for both homomorphic and non-malleable cloud applications, we have introduced a new public key based probabilistic encryption switching (i.e., homomorphism to/from non-malleability property switching during the encryption phase without changing the underlying security structure) scheme by introducing a novel Contiguous Chain Bit Pair Encryption (CC-BPE) and Discrete Chain Bit Pair Encryption (DC-BPE) techniques for plaintext bits encryption and using quadratic residuosity based trapdoor function of Freeman et al. [13] for intermediate ciphertext connections. The proposed scheme generates O ( m +2 log N ) bits of ciphertext where m &#8712; N and m < n , n &#8712; N is the plaintext size, N is the RSA composite. This security extension would be helpful to cover both homomorphism and non-malleability cloud applications. The superior performance of the proposed scheme has been tested in comparison to existing methods and is reported in this paper.

Key-Alternating Feistel (KAF) ciphers are a popular variant of Feistel ciphers whereby the round functions are defined as $x \mapsto F(k_i \oplus x)$, where k_i are the round keys and F is a public random function. Most Feistel ciphers, such as DES, indeed have such a structure. However, the security of this construction has only been studied in the classical CPA/CCA models. We provide the first security analysis of KAF ciphers in the key-dependent message (KDM) attack model, where plaintexts can be related to the private key. This model is motivated by cryptographic schemes used within application scenarios such as full-disk encryption or anonymous credential systems.

We show that the four-round KAF cipher, with a single function $F$ reused across the rounds, provides KDM security for a non-trivial set of KDM functions. To do so, we develop a generic proof methodology, based on the H-coefficient technique, that can ease the analysis of other block ciphers in such strong models of security.

Blockchain has been widely used in finance, logistics, copyright and other fields with its outstanding characteristics such as non-centralization, collective maintenance, openness, transparency and non-tamperability. However, as transactions are stored in plaintext in the blockchain for public verification, the anonymity and privacy of users can not be guaranteed and this hampers many financial applications. How to protect the privacy of transactions is worthy further research.

In this paper, we have proposed two regulatory and efficient confidential transaction schemes using homomorphic encrytion and zero-knowledge proof. The first one improves the efficiency of the existing ElGamal based scheme while preserves its privacy. The second one employs the Paillier encryption with homomorphic property and it empowers regulators with greater power to obtain transaction-related specific content. The core of ElGamal based scheme is the Modified ElGamal algorithm, which changes the form of the standard ElGamal algorithm and expands it into four ciphertexts such that $(m,r)$ in the transaction can be decrypted. The Paillier based scheme is mainly to combine Paillier encryption with ElGamal encryption. Contrast to other ElGamal based scheme, the combination makes any token amount can be directly decrypted without calculating a discrete logarithm problem. As any $(m,r)$ in transactions can be decrypted directly, game theory is applied to further reduce transaction size. In our construction, transactions are about 1.1KB.

The Department of Mathematics in the School of Sciences and Humanities at Nazarbayev University invites applications for several positions in applied mathematics at the rank of Instructor or Assistant Professor. The department currently has 23 members. Faculty specializations include statistics, numerical analysis, applied mathematics, analysis, and algebra/number theory, including cryptography. Appointments are for three years with the possibility of renewal.

Responsibilities of these positions:

• Teach undergraduate courses in mathematics;
• Advise students in academic matters;
• Administrative and service work at the departmental, school, and university level;
• Faculty appointed at the Assistant Professor level will also be expected to teach graduate courses in mathematics, supervise undergraduate and graduate student research and capstone projects, apply for grants, and develop new courses.

Applicants should submit a cover letter, a curriculum vitae, research and teaching statements, and contact information for at least three references, who will be asked to submit letters of recommendation. At least one of the letters of recommendation should address the candidate's teaching.

Closing date for applications:

Contact: Daniel Oliveira da Silva at daniel.dasilva@nu.edu.kz

More information: https://jobs.smartrecruiters.com/NazarbayevUniversity1/743999738292544-instructor-and-assistant-professor-position-department-of-mathematics-school-of-sciences-and-humanities

The Department of Computer Science at the University of Surrey, UK seeks to recruit Early Career Fellows (Lecturer A), on a full-time basis, for a period of up to five years. There are 3 positions with one being in cyber security, which includes cryptography. These positions are particularly well suited for recent PhD graduates or post-docs who want to develop their independent research agenda. The Department will seek to establish a long-term career planning for these post holders, with appropriate mentoring in place. Deadline for applications: 26th March 2021 Applicants will need to submit a research concept. Please follow the link for more information and application guidelines.

Closing date for applications:

Contact: Informal inquiries can be sent to Mark Manulis (m dot manulis at surrey dot uc dot uk)

More information: https://jobs.surrey.ac.uk/vacancy.aspx?ref=013021

Following the current direction in Deep Learning (DL), more recent papers have started to pay attention to the efficiency of DL in breaking cryptographic implementations. Several works focus on techniques to boost the efficiency of existing architectures by data augmentation, regularization, etc. In this work, we investigate using mixup data augmentation \cite{zhang2017mixup} in order to improve the efficiency of DL-based Side-Channel Attacks (SCAs). We validated the soundness of the mixup on real traces collected from the ChipWhisperer board \cite{cw} and from the ASCAD database \cite{benadjila2020deep}. The obtained results have proven that using mixup data augmentation decreases the number of measurements needed to reveal the secret key compared to the non-augmented case.

We propose Veksel, a simple generic paradigm for constructing efficient non-interactive coin mixes. The central component in our work is a concretely efficient proof $\pi_{one-many}$ that a homomorphic commitment $c^*$ is a rerandomization of a commitment $c \in \{c_1, \ldots, c_\ell \}$ without revealing $c$. We formalize anonymous account-based cryptocurrency as a universal composability functionality and show how to efficiently instantiate the functionality using $\pi_{one-many}$ in a straightforward way (Veksel). We instantiate and implement $\pi_{one-many}$ from Strong-RSA, DDH and random oracles targeting $\approx 112$ bits of security. The resulting NIZK has constant size ($|\pi_{one-many}| = 5.3 \text{KB}$) and constant proving/verification time ($\approx 90 \text{ms}$), on an already accumulated set. Compared to Zerocash---which offers comparable marginal verification cost and an anonymity set of every existing transaction---our transaction are larger ($6.2$ KB) and verification is slower. On the other hand, {\name} relies on more well-studied assumptions, does not require an expensive trusted setup for proofs and is arguably simpler (from an implementation standpoint). Additionally we think that $\pi_{one-many}$ might be interesting in other applications, e.g. proving possession of some credential posted on-chain.

The State-Separating Proofs (SSP) framework by Brzuska et al. (ASIACRYPT’18) proposes a novel way to perform modular, code-based game-playing proofs. In this work, we demonstrate the potential of SSP for guiding the development of formally verified security proofs of composed real-world protocols in the EasyCrypt proof assistant. In particular, we show how to extract an EasyCrypt formalization skeleton from an SSP formalization. As a concrete example, we study the Cryptobox protocol, a KEM-DEM construction that combines DH key agreement with authenticated encryption. We develop a Cryptobox formalization using SSP both on paper and in EasyCrypt, exploring the usefulness of the SSP method in conjunction with an automated proof construction and verification tool.

We present Spectrum, a high-bandwidth, metadata-private file broadcasting system with malicious security guarantees. In Spectrum, a small number of publishers broadcast to many subscribers via two or more non-colluding servers. Subscribers generate indistinguishable cover traffic, hiding which users are publishers, for full metadata privacy.

Spectrum builds on prior work that uses DC-nets for anonymous broadcast. Existing anonymous broadcast systems do not optimize for a setting where there are fewer publishers compared to subscribers -- a common situation in real-world broadcasts. To prevent disruption by malicious clients sending malformed requests, we develop a blind request authentication protocol that allows servers to reject malicious clients deviating from protocol. We also ensure security against malicious servers deviating from protocol and potentially colluding with clients. Our techniques for providing malicious security are applicable to other systems for anonymous broadcast and may be of independent interest.

We implement and evaluate Spectrum. Compared to the state-of-the-art in cryptographic anonymous communication systems, Spectrum is 3--140X faster (and commensurately cheaper). Deployed on two commodity servers, Spectrum allows publishers to share 500 MB in 1h 24m with an anonymity set of 10,000 (for a total cost of about $1.93). This corresponds to an anonymous upload of a full-length 720p documentary movie.

As the world adopts Artificial Intelligence (AI), the privacy risks are many. AI can improve our lives, but may leak or misuse our private data. Private AI is based on Homomorphic Encryption (HE), a new encryption paradigm which allows the cloud to operate on private data in encrypted form, without ever decrypting it, enabling private training and private prediction with AI algorithms. The 2016 ICML CryptoNets [26] paper demonstrated for the first time evaluation of neural net predictions on homomorphically encrypted data, and opened new research directions combining machine learning and cryptography. The security of Homomorphic Encryption is based on hard problems in mathematics involving lattices, a candidate for post-quantum cryptography. This paper gives an overview of my Invited Plenary Lecture at the International Congress of Industrial and Applied Mathematics (ICIAM), explaining Homomorphic Encryption, Private AI, and real-world applications.

What is the funniest number in cryptography? 0. The reason is that for all x, x*0 = 0, i.e., the equation is always satisfied no matter what x is. This article discusses crypto bugs in four BLS signatures’ libraries (ethereum/py ecc, supranational/blst, herumi/bls, sigp/milagro bls) that revolve around 0. Furthermore, we develop ”splitting zero” attacks to show a weakness in the proof-of-possession aggregate signature scheme standardized in BLS RFC draft v4. Eth2 bug bounties program generously awarded $35,000 in total for the reported bugs.

Succinct non-interactive arguments of knowledge (SNARKs) enable non-interactive efficient verification of NP computations and admit short proofs. However, all current SNARK constructions assume that the statements to be proven can be efficiently represented as either Boolean or arithmetic circuits over finite fields. For most constructions, the choice of the prime field $\mathbb{F}_{p}$ is limited by the existence of groups of matching order for which secure bilinear maps exist.

In this work, we overcome such restrictions and enable verifying computations over rings. We construct the first designated-verifier SNARK for statements which are represented as circuits over a broader kind of commutative rings, namely those containing big enough \emph{exceptional set}. Exceptional sets consist of elements such that their pairwise differences are invertible. Our contribution is threefold: We fist introduce Quadratic Ring Programs (QRPs) as a characterization of NP where the arithmetic is over a ring and we generalize pre-existent assumptions employed in field-restricted SNARKs to the ring context.

We construct ring SNARKs from framework based on encodings, inspired by the Pinocchio. Our scheme is modular, based on generic encodings over rings and allows for various instantiations in order to adapt to different settings. Finally, we propose two applications for our SNARKs. In the first one, we instantiate our construction for the Galois Rings $GR(2^k, d)$, i.e. the degree-$d$ Galois extension of $\mathbb{Z}_{2^k}$. This allows us to naturally prove statements about circuits over $\mathbb{Z}_{2^{64}}$, which closely matches real-life computer architectures such as standard CPUs. Our second application is verifiable computation over encrypted data, specifically for evaluations of Ring-LWE-based homomorphic encryption schemes.

The increasing deployment of end-to-end encrypted communications services has ignited a debate between technology firms and law enforcement agencies over the need for lawful access to encrypted communications. Unfortunately, existing solutions to this problem suffer from serious technical risks, such as the possibility of operator abuse and theft of escrow key material. In this work we investigate the problem of constructing law enforcement access systems that mitigate the possibility of unauthorized surveillance. We first define a set of desirable properties for an abuse-resistant law enforcement access system (ARLEAS), and motivate each of these properties. We then formalize these definitions in the Universal Composability framework, and present two main constructions that realize this definition. The first construction enables prospective access, allowing surveillance only if encryption occurs after a warrant has been issued and activated. The second, more powerful construction, allows retrospective access to communications that occurred prior to a warrant's issuance. To illustrate the technical challenge of constructing the latter type of protocol, we conclude by investigating the minimal assumptions required to realize these systems.