International Association
for Cryptologic Research

The cryptography research group at Fujitsu Laboratories of America is looking for a security researcher to help us broaden the scope of our lab's work. We are looking for a researcher who can both help support our business and do fundamental research across a number of areas including applied cryptography, blockchain, and systems security. A broad overview of our recent research interests can be found here: https://www.fujitsu.com/us/about/businesspolicy/tech/rd/research/computer-security/cryptography-and-privacy/.

We are looking for someone who will accelerate our security research around our business interests in the area and establish our presence in systems security academic venues. We offer competitive salary, benefits package, and flexible work schedule. This is a full-time permanent position based on Sunnyvale, CA. Candidates should have (or should soon have) a PhD degree in computer security or a closely related field. Preference will be given to candidates with strong publication records in top tier crypto/security conferences. Interested candidates are encouraged to apply by sending their CV to Arnab Roy by email.

Closing date for applications:

Contact: Arnab Roy

CSEM is a private, non-profit research, technology and innovation center. Our division of Integrated and Wireless Systems, in collaboration with the HexHive lab, EPFL, is looking for a PhD Candidate in Embedded security.

We have a multidisciplinary competence in the area of embedded, low-power embedded systems, spanning the full stack from HW, through firmware, to communication technologies, embedded intelligence, and security.
This offers an exciting opportunity for a candidate interested in HW design, cryptography, and security to address research questions that are relevant to practical applications in the domain of low-power embedded systems and Internet of Things (IoT), thanks to the immediate feedback and guidance from CSEM's researchers and engineers.

Your mission will contribute to applied research and development in one or more of these of these research directions of interest:

• Side channel-resistant implementations of cryptographic HW accelerators, with an emphasis on minimization of overhead and trade-offs between overhead and security level.
• HW-accelerated implementations of post-quantum cryptography for constrained platforms. Investigation of alternative cryptographic primitives to PQC key encapsulation and signature schemes with lower implementation overheads, suited for IoT.
• Identification, design, and implementation of HW (cyber)security features for constrained embedded platforms for practically relevant security profiles, with an emphasis on design minimalism.
• Research on tools automatizing the design of side-channel- secure processor instructions and/or HW accelerators.

Your profile.

• A Masters (or equivalent) degree in Electrical Engineering, Electronics or Computer Science
• Good background in applied cryptography and security
• Solid background in HW design and resource trade-offs
• Solid background with programming in C
• Familiarity with embedded development is an advantage
• Fluency in English is required, proficiency in French is an advantage

Closing date for applications:

Contact:

For more information please contact Damian Vizar damian[dot]vizar [at]csem[dot]ch

You need to apply to the EPFL, IC faculty's doctoral school by April 15th: https://www.epfl.ch/education/phd/edic-computer-and-communication-sciences/edic-computer-and-communication-sciences/edic-how-to-apply/

We would like to announce one open (3-year) PhD position in Symmetric cryptography in the Caramba team in Nancy, France. The aim of this PhD research project is to build new symmetric primitives which designs are based on strong security proofs while the proposed concrete instances are justified by careful security analyses.
The highly motivated candidate should have a master degree (or equivalent) in Computer Science or Mathematics and at least basic knowledge in symmetric key cryptology.
The application deadline is May 10th 2021 and the candidates must apply via http://doctorat.univ-lorraine.fr/fr/les-ecoles-doctorales/iaem/offres-de-these/design-et-cryptanalyses-de-nouveaux-schemas-de. Further details on the project and on the requirements are also available on this page.

Closing date for applications:

Contact: Marine Minier (marine dot minier at loria dot fr) and Virginie Lallemand (virginie dot lallemand at loria dot fr)

More information: http://doctorat.univ-lorraine.fr/fr/les-ecoles-doctorales/iaem/offres-de-these/design-et-cryptanalyses-de-nouveaux-schemas-de

The Strategic Centre for Research in Privacy-Preserving Technologies and Systems (SCRIPTS) of the Nanyang Technological University in Singapore is looking for candidates to fill several PhD student positions on the topic of privacy preserving technologies and machine learning. Interested candidates are expected to have a honors degree (second upper classes or above, or equivalence) in Computer Science/Engineering, or Mathematics. Knowledge/research experience in cryptography or machine learning will be a plus. We offer scholarships covering tuition fee and attractive living allowances. Interested candidates can send their CV and degree transcripts to Asst Prof Jian Guo through guojian@ntu.edu.sg.

Closing date for applications:

Contact: Asst Prof Jian Guo

More information: http://scripts.ntu.edu.sg

The Services and Cybersecurity (SCS) chair at the University of Twente (The Netherlands) invites applications for a 4-years Ph.D. position on the topic of ‘modeling IoT device behavior for threat detection and response’.

More information:
https://www.utwente.nl/en/organisation/careers/!/2021-308/phd-position-on-modeling-iot-device-behavior-for-threat-detection-and-response

Deadline for applications: 23 April 2021, 23:59 CET

Closing date for applications:

Contact: Dr. Andrea Continella (a.continella@utwente.nl)

More information: https://www.utwente.nl/en/organisation/careers/!/2021-308/phd-position-on-modeling-iot-device-behavior-for-threat-detection-and-response

SETS invites applications from citizens of India for filling up the position of Project Associate – III and Project Associate – II for
a Research & Development project in the area of Quantum Key distribution for a project titled “: Metro Area Quantum Access Network (MAQAN)”.

Short description of the project:
Metro Area Quantum Access Network (MAQAN) ensures secure
key exchange between point-multipoint using Quantum mechanisms. In this project, SETS focus would be on developing
an efficient post-processing module required for field-deployable QKD systems. The post-processing module includes interfacing with quantum components, sifting, error parameter estimation, clock synchronization, authentication, privacy amplification, error correction, error verification, along with Quantum-safe Post Quantum Crypto primitives.
Project Associate - III
i. PhD in Engineering/ Science (Physics/Electronics)
ii. First Class M. Tech /M. E (Microelectronics and Photonics/Laser and Electro optics/Applied Electronics/VLSI Design/Electronic & Instrumentation/ Communication System/ Computer Science/ Cyber-Security).
i. MTech/ ME with minimum two years’ experience (or)
ii. PhD in Science with minimum one year experience (or)
iii. PhD in Engineering
Candidates with experience in Quantum Key Distribution, Integration of Optoelectronic Hardware with FPGA, Post Quantum Cryptography, Quantum Network testbed creation and System Design & Development using FPGAs. Hands-on exposure of FPGA boards and Xilinx Vivado tools using Verilog/VHDL/HLS.
Remuneration: Consolidated salary would be in the range of Rs. 50,000 to 60,000 per month.
Project Associate - II
Same as above but relaxation in terms of work experience (1 year work experience with masters or direct PhD) with skills in verilog and coding.
Remuneration: Consolidated salary would be in the range of Rs. 40,000 to 50,000 per month.

Closing date for applications:

Contact:
Name: Mr Dillibabu
Email : hr_qkd2_2021@setsindia.net , dillibabu@setsindia.net

More information: https://www.setsindia.in/careers

About the Role: The candidate is expected to research cryptographic protocols that will be useful in blockchain applications or more generally. They will additionally dedicate some fraction of their time to projects that more directly benefit Ethereum. There is a lot of flexibility to work on topics they find interesting and also to collaborate with other teams for example in academia. We have a culture of open source and no patents will be put on any work they produce. The role is remote. The position is permanent however the details of the contract will depend on the location and personal circumstances of the candidate.

Requirements: The successful candidate will have a PhD in either cryptography, consensus, or a closely related field. They will have a strong track record of publishing in top tier conferences and a clear vision of how they wish to continue their research for the benefit of blockchain and other communities. They will be comfortable working both independently and as part of a larger team. The candidate should be able to prototype their protocols/algorithms in a programming language of their choice or else be open to learning.

The focus of this position is on lattice-based cryptography. The candidate should have good experience in one of the following areas and be familiar with others:

Design and analysis of lattice-based signature schemes;

Design and analysis of lattice-based encryption schemes (including FHE);

Lattice-based MPC tools;

Parameter selection for lattice-based schemes, both already deployed and perspective (e.g. NIST PQ candidates);

Implementation of lattice-based schemes in software or hardware.

Interested candidates that have more diverse skills but do not fit the above requirements should also consider applying as there may be other roles within the foundation.

If you have contributed to any open source projects then please additionally discuss this in a short document or provide links to your contributions.

Closing date for applications:

Contact: Please email cryptography@ethereum.org with a CV and a short document (either 1 or 2 pages) detailing how you have personally contributed to the most interesting of your publications.

University of Hamburg is a University of Excellence and one of the most research-focused universities in Germany. The research group “Security in Distributed Systems” is working on the intersection of security and privacy research, with a focus on distributed systems, data protection, anonymity, and cryptography.

Your Profile
We are looking for a new member of our team that will be working as a full-time PhD candidate in research and teaching. Your tasks will include:

• Development, implementation, analysis, and evaluation of complex and secure IT-systems
• Working with bleeding-edge technology and research literature from security, cryptography, and privacy
• Publication of research results in national/international venues
• Support for teaching

Required Qualifications
Completed MSc degree (or equivalent) in IT-Security, computer science or a strongly related field. You are highly motivated, curious, reliable, and creative. You must be interested in system security, applied cryptography and/or privacy research. You must have experience in security in open and distributed communication systems and fundamental knowledge in cryptography and IT-Security. Experience with machine-learning and advanced software engineering skills, especially with a focus on application security and cryptography are a bonus. Programming skills in higher languages like C/C++ and Python are required.
Languages: German and English

We offer great and flexible working conditions in a highly motivated team of researchers with many opportunities for collaboration. The university supports their employees with many interesting opportunities for personal development.

Closing date for applications:

Contact: Prof. Hannes Federrath
https://www.inf.uni-hamburg.de/inst/ab/snp/team/federrath.html

More information: https://www.uni-hamburg.de/stellenangebote/ausschreibung.html?jobID=9c1f97982796ef784ab5f91ec0edfe0ab550b3d9

A sequence of recent works by Heath and Kolesnikov have explored modifying existing interactive protocols for privacy-preserving computation (secure multiparty computation, private function evaluation and zero-knowledge proofs) to be more communication efficient when applied to disjunctive statements, such that the cost only depends on the size of the largest clause in the disjunction.

In this work, we focus on the specific case of zero-knowledge proofs for disjunctive statements. We design a general framework that compiles a large class of unmodified $\Sigma$-protocols, each for an individual statement, into a new $\Sigma$-protocol that proves a disjunction of these statements. Our framework can be used both when each clause is proved with the same $\Sigma$-protocol and when different $\Sigma$-protocols are used for different clauses. The resulting $\Sigma$-protocol is concretely efficient and has communication complexity proportional to the communication required by the largest clause, with additive terms that are only logarithmic in the number of clauses.

We show that our compiler can be applied to many well-known $\Sigma$-protocols, including classical protocols (e.g. Schnorr and Guillou-Quisquater) and modern MPC-in-the-head protocols such as the recent work of Katz, Kolesnikov and Wang and the Ligero protocol of Ames et al. Finally, since all of the protocols in our class can be made non-interactive in the random oracle model using the Fiat-Shamir transform, our result yields the first non-interactive zero-knowledge protocol for disjunctions where the communication only depends on the size of the largest clause.

We present a construction of indistinguishability obfuscation for null quantum circuits (null-iO) with respect to a classical oracle, assuming the quantum hardness of the learning with errors (LWE) problem. Heuristically instantiating the classical oracle with quantum-secure indistinguishability obfuscation for classical circuits gives us the first candidate construction of null-iO for quantum circuits. This scheme establishes the feasibility of a series of new cryptographic primitives that, prior to our work, were unknown to exist even making heuristic assumptions. Specifically, we obtain (in some cases additionally assuming indistinguishability obfuscation for classical circuits):

* A witness encryption (WE) scheme for QMA.

* A publicly-verifiable non-interactive zero-knowledge (NIZK) argument for QMA.

* A two-message publicly-verifiable witness-indistinguishable (ZAPR) argument for QMA.

* An attribute-based encryption (ABE) scheme for BQP.

* A secret sharing scheme for monotone QMA.

University of Lübeck is a modern and renowned research university specialized in Computer Science and Engineering, Medicine and Life Sciences.

The young and growing Institute for IT Security performs cutting-edge research in security-critical applications and their protection in insecure environments. Explored methods range from secure computation methods and cryptographic protocols to software and hardware mechanisms for protecting system security. In addition, we analyze security of existing systems as well as the improvement and automation of analysis techniques for protocols and implementations.

Your Profile:
In order to complement our team, we are looking for a full-time PhD researcher in one the following topics:

• Analysis and design of trusted execution environments and secure microarchitectures
• Secure distributed computing
• Automated code analysis and application security analysis

Required Qualifications:
As ideal candidate, you are highly motivated, independent and able to perform creative and deep research. Your main areas of interest are in system security and/or applied cryptography and you have experience in the areas of cryptography, algorithms, code analysis, embedded programming, and/or machine learning.
You have a MSc degree in Computer Science, Applied Mathematics, Information and Computer Engineering, or comparable related field and an excellent command of written and spoken English.

We offer excellent working conditions in an international team of cutting-edge researchers and ample opportunity to collaborate with renowned researchers worldwide.

Closing date for applications:

Contact: Thomas Eisenbarth: its.bewerbungen@uni-luebeck.de
Please apply by April 15 and mention position code 1011/21.

More information: https://www.its.uni-luebeck.de/en/jobs.html

Modern implementations of homomorphic encryption (HE) rely heavily on polynomial arithmetic over a finite field. This is particularly true of the CKKS, BFV, and BGV HE schemes. Two of the biggest performance bottlenecks in HE primitives and applications are polynomial modular multiplication and the forward and inverse number- theoretic transform (NTT). Here, we introduce Intel® Homomorphic Encryption Acceleration Library (Intel® HEXL), a C++ library which provides optimized implementations of polynomial arithmetic for Intel® processors. Intel HEXL takes advantage of the recent Intel® Advanced Vector Extensions 512 (Intel® AVX512) instruction set to provide state- of-the-art implementations of the NTT and modular multiplication. On the forward and inverse NTT, Intel HEXL provides up to 7.2x and 6.7x speedup, respectively, over a native C++ implementation. Intel HEXL also provides up to 6.0x speedup on the element-wise vector-vector modular multiplication, and 1.7x speedup on the element-wise vector- scalar modular multiplication. Intel HEXL is available open-source at https://github.com/intel/hexl under the Apache 2.0 license.

We propose an efficient quantum algorithm for a specific quantum state discrimination problem. An immediate corollary of our result is a polynomial time quantum algorithm for the Dihedral Coset Problem with a smooth modulus. This, in particular, implies that $\text{poly}(n)$-unique-SVP is in BQP.

The Ring-LWE over two-to-power cyclotomic integer rings has been the hard computational problem for lattice cryptographic constructions. Its hardness and the conjectured hardness of approximating ideal SIVP for ideal lattices in two-to-power cyclotomic fields have been the fundamental open problems in lattice cryptography and the complexity theory of computational problems of ideal lattices. In this paper we present a general theory of sublattice attack on the Ring-LWE with not only the Gaussian error distribution but also general error distributions. By the usage of our sublattice attack we prove that the decision Ring-LWE over two-to-power cyclotomic integer rings with certain polynomially bounded modulus parameters when degrees d_n = 2^{n−1} going to the infinity can be solved by a polynomial (in d_n) time algorithm for wide error distributions with widths in the range of Peikert-Regev-Stephens-Davidowitz hardness reduction results in their STOC 2017 paper. Hence we also prove that approximating idealSIV Ppoly(dn) with some polynomial factors for ideal lattices in two-to-power cyclotomic fields can be solved within quantum polynomial time. Therefore the lattice cryptographic constructions can not be based on the ”hardness” of Ring-LWE over two-to-power cyclotomic integer rings even in the classical computational model.

Digital signatures are used to verify the authenticity of digital messages, that is, to know with a high level of certainty, that a digital message was created by a known sender and was not altered in any way. This is usually achieved by using asymmetric cryptography, where a secret key is used by the signer, and the corresponding public key is used by those who wish to verify the signed data. In many use-cases, such as blockchain, the history and order of the signed data, thus the signatures themselves, are important. In blockchains specifically, the threat is forks, where one can double-spend its crypto-currency if one succeeds to publish two valid transactions on two different branches of the chain. We introduce a single private/public key pair signature scheme using verifiable random function, that binds a signer to its signature history. The scheme enforces a single ordered signatures' history using a deterministic verifiable chain of signature functions that also reveals the secret key in case of misbehaviors.

Blockchain-based cryptocurrencies offer an appealing alternative to Fiat currencies, due to their decentralized and borderless nature. However the decentralized settings make the authentication process more challenging: Standard cryptographic methods often rely on the ability of users to reliably store a (large) secret information. What happens if one user's key is lost or stolen? Blockchain systems lack of fallback mechanisms that allow one to recover from such an event, whereas the traditional banking system has developed and deploys quite effective solutions.

In this work, we develop new cryptographic techniques to integrate security policies (developed in the traditional banking domain) in the blockchain settings. We propose a system where a smart contract is given the custody of the user's funds and has the ability to invoke a two-factor authentication (2FA) procedure in case of an exceptional event (e.g., a particularly large transaction or a key recovery request). To enable this, the owner of the account secret-shares the answers of some security questions among a committee of users. When the 2FA mechanism is triggered, the committee members can provide the smart contract with enough information to check whether an attempt was successful, and nothing more.

We then design a protocol that securely and efficiently implements such a functionality: The protocol is round-optimal, is robust to the corruption of a subset of committee members, supports low-entropy secrets, and is concretely efficient. As a stepping stone towards the design of this protocol, we introduce a new threshold homomorphic encryption scheme for linear predicates from bilinear maps, which might be of independent interest.

To substantiate the practicality of our approach, we implement the above protocol as a smart contract in Ethereum and show that it can be used today as an additional safeguard for suspicious transactions, at minimal added cost. We also implement a second scheme where the smart contract additionally requests a signature from a physical hardware token, whose verification key is registered upfront by the owner of the funds. We show how to integrate the widely used universal two-factor authentication (U2F) tokens in blockchain environments, thus enabling the deployment of our system with available hardware.

Code that is highly optimized poses a problem for program-level verification: programmers can employ various clever tricks that are non-trivial to reason about. For cryptography on low-power devices, it is nonetheless crucial that implementations be functionally correct, secure, and efficient. These are usually crafted in hand-optimized machine code that eschew conventional control flow as much as possible.

We have formally verified such code: a library which implements elliptic curve cryptography on 8-bit AVR microcontrollers. The chosen implementation is the most efficient currently known for this microarchitecture. It consists of over 3000 lines of assembly instructions. Building on earlier work, we use the Why3 platform to model the code and prove verification conditions, using automated provers. We expect the approach to be re-usable and adaptable, and it allows for validation. Furthermore, an error in the original implementation was found and corrected, at the same time reducing its memory footprint. This shows that practical verification of cutting-edge code is not only possible, but can in fact add to its efficiency—and is clearly necessary.

Anonymous identity-based identification scheme in the ad-hoc group is a multi-party cryptographic primitive that allows participants to form an ad-hoc group and prove membership anonymously in such a group. In this paper, we cryptanalyze an ad-hoc anonymous identity-based identification scheme proposed by Barapatre and Rangan and show that the scheme is not secure against key-only universal impersonation attack. We note that anyone can impersonate as a valid group member to convince the honest verifier successfully, even without knowing the group secret key. Moreover, we proposed a fix on the scheme and provide a security proof for our fixed scheme. The fixed scheme we proposed fulfills the security requirements of an ad-hoc anonymous identity-based identification scheme that are correctness, soundness, and anonymity.

Data trading is an emerging business, in which data sellers provide buyers with, for example, their private datasets and get paid from buyers. In many scenarios, sellers prefer to sell pieces of data, such as statistical results derived from the dataset, rather than the entire dataset. Meanwhile, buyers wish to hide the results they retrieve. Since it is not preferable to rely on a trusted third party (TTP), we are wondering, in the absence of TTP, whether there exists a \emph{practical} mechanism satisfying the following requirements: the seller Sarah receives the payment if and only if she \emph{obliviously} returns the buyer Bob the \emph{correct} evaluation result of a function delegated by Bob on her dataset, and Bob can only derive the result for which he pays. Despite a lot of attention data trading has received, a \emph{desirable} mechanism for this scenario is still missing. This is due to the fact that general solutions are inefficient when the size of datasets is considerable or the evaluated function is complicated, and that existing efficient cryptographic techniques cannot fully capture the features of our scenario or can only address very limited computing tasks.

In this paper, we propose the \emph{first desirable} mechanism that is practical and supports a wide variety of computing tasks --- evaluation of arbitrary functions that can be represented as polynomials. We introduce a new cryptographic notion called \emph{blind polynomial evaluation} and instantiate it with an explicit protocol. We further combine this notion with the blockchain paradigm to provide a \emph{practical} framework that can satisfy the requirements mentioned above.

Uncloneable encryption, introduced by Broadbent and Lord (TQC'20), is an encryption scheme with the following attractive feature: an adversary cannot create multiple ciphertexts which encrypt to the same message as the original ciphertext. The constructions proposed by Broadbent and Lord have the disadvantage that they only guarantee one-time security; that is, the encryption key can only be used once to encrypt the message.

In this work, we study uncloneable encryption schemes, where the encryption key can be re-used to encrypt multiple messages. We present two constructions from minimal cryptographic assumptions: (i) a private-key uncloneable encryption scheme assuming post-quantum one-way functions and, (ii) a public-key uncloneable encryption scheme assuming a post-quantum public-key encryption scheme.