International Association
for Cryptologic Research

We present a novel protocol XORBoost for both training gradient boosted tree models and for using these models for inference in the multiparty computation (MPC) setting. Similarly to [AEV20], our protocol is the first one supporting training for generically split datasets (vertical and horizontal splitting, or combination of those) while keeping all the information about the features and thresholds associated with the nodes private, thus, having only the depths and the number of the binary trees as public parameters of the model. By using optimization techniques reducing the number of oblivious permutation evaluations as well as the quicksort and real number arithmetic algorithms from the recent Manticore MPC framework [CDG+21], we obtain a scalable implementation operating under information-theoretic security model in the honest-but-curious setting with a trusted dealer. On a training dataset of 25,000 samples and 300 features in the 2-player setting, we are able to train 10 regression trees of depth 4 in less than 5 minutes per tree (using histograms of 128 bins).

We consider the problem of round-optimal unbounded MPC: in the first round, parties publish a message that depends only on their input. In the second round, any subset of parties can jointly and securely compute any function $f$ over their inputs in a single round of broadcast. We do not impose any a-priori bound on the number of parties nor on the size of the functions that can be computed. Our main result is a semi-malicious two-round protocol for unbounded MPC in the plain model from the hardness of the standard learning with errors (LWE) problem. Prior work in the same setting assumes the hardness of problems over bilinear maps. Thus, our protocol is the first example of unbounded MPC that is post-quantum secure. The central ingredient of our protocol is a new scheme of attribute-based secure function evaluation (AB-SFE) with public decryption. Our construction combines techniques from the realm of homomorphic commitments with delegation of lattice basis. We believe that such a scheme may find further applications in the future.

The Kannan-Fincke-Pohst lattice enumeration algorithm is the classical method for solving the shortest vector problem in lattices. It is also a fundamental tool for most lattice reduction algorithms that provide speed-length tradeoffs. As this algorithm allows efficient parallel implementations, it is likely that implementing it on modern graphics processing units (GPUs) can significantly improve performance. We provide such an implementation that is compatible with the fplll lattice reduction library [fplll16] and achieves a considerable speedup in higher lattice dimensions, compared to current, multithreaded versions. For this, we use the CUDA technology that provides an abstract language for programming GPUs.

[fplll16] The FPLLL development team. “fplll, a lattice reduction library”. 2016. URL: https://github.com/fplll/fplll

Multivariate cryptography is dominated by schemes supporting various tweaks, or ``modifiers,'' designed to patch certain algebraic weaknesses they would otherwise exhibit. Typically these modifiers are linear in nature--- either requiring an extra composition with an affine map, or being evaluated by a legitimate user via an affine projection. This description applies to the minus, plus, vinegar and internal perturbation modifiers, to name a few. Though it is well-known that combinations of various modifiers can offer security against certain classes of attacks, cryptanalysts have produced ever more sophisticated attacks against various combinations of these linear modifiers.

In this article, we introduce a more fundamentally nonlinear modifier, called Q, that is inspired from relinearization. The effect of the Q modifier on multivariate digital signature schemes is to maintain inversion efficiency at the cost of slightly slower verification and larger public keys, while altering the algebraic properties of the public key. Thus the Q modifier is ideal for applications of digital signature schemes requiring very fast signing and verification without key transport. As an application of this modifier, we propose new multivariate digital signature schemes with fast signing and verification that are resistant to all known attacks.

We formally prove that the C implementation of the X25519 key-exchange protocol in the TweetNaCl library is correct. We prove both that it correctly implements the protocol from Bernstein's 2006 paper, as standardized in RFC 7748, as well as the absence of undefined behavior like arithmetic overflows and array out-of-bounds errors. We also formally prove, based on the work of Bartzia and Strub, that X25519 is mathematically correct, i.e., that it correctly computes scalar multiplication on the elliptic curve Curve25519.

The proofs are all computer-verified using the Coq theorem prover. To establish the link between C and Coq we use the Verified Software Toolchain (VST).

At EUROCRYPT 2021, Bao et al. proposed an automatic method for systematically exploring the configuration space of meet-in-the-middle (MITM) preimage attacks. We further extend it into a constraint-based framework for finding exploitable MITM characteristics in the context of key-recovery and collision attacks by taking the subtle peculiarities of both scenarios into account. Moreover, to perform attacks based on MITM characteristics with nonlinear constrained neutral words, which have not been seen before, we present a procedure for deriving the solution spaces of neutral words without solving the corresponding nonlinear equations or increasing the overall time complexities of the attack. We apply our method to concrete symmetric-key primitives, including SKINNY, ForkSkinny, Romulus, Saturnin, Grostl, Whirlpool, and hashing modes with AES-256. As a result, we identify the first 23-round key-recovery attack on SKINNY-$n$-$3n$ and the first 24-round key-recovery attack on ForkSkinny-$n$-$3n$ in the single-key model with extremely low memories. Moreover, improved (pseudo) preimage or collision attacks on round-reduced Whirlpool, Grostl, and hashing modes with AES-256 are obtained. In particular, employing the new representation of the \texttt{AES} key schedule due to Leurent and Pernot (EUROCRYPT 2021), we identify the first preimage attack on 10-round \texttt{AES}-256.

Given two ciphertexts generated with a public-key encryption scheme, the problem of plaintext equality consists in determining whether the ciphertexts hold the same value. Similarly, the problem of plaintext inequality consists in deciding whether they hold a different value. Previous work has focused on building new schemes or extending existing ones to include support for plaintext equality/inequality. We propose generic and simple zero-knowledge proofs for both problems, which can be instantiated with various schemes. First, we consider the context where a prover with access to the secret key wants to convince a verifier, who has access to the ciphertexts, on the equality/inequality without revealing information about the plaintexts. We also consider the case where the prover knows the encryption’s randomness instead of the secret key. For plaintext equality, we also propose sigma protocols that lead to non-interactive zero-knowledge proofs. To prove our protocols’ security, we formalize notions related to malleability in the context of public-key encryption and provide definitions of their own interest.

We extend the prior provable related-key security analysis of (generalized) Feistel networks (Barbosa and Farshim, FSE 2014; Yu et al., Inscrypt 2020) to the setting of expanding round functions, i.e., n-bit to m-bit round functions with n < m. This includes Expanding Feistel Networks (EFNs) that purely rely on such expanding round functions, and Alternating Feistel Networks (AFNs) that alternate expanding and contracting round functions. We show that, when two independent keys $K_1,K_2$ are alternatively used in each round, (a) $2\lceil\frac{m}{n}\rceil+2$ rounds are sufficient for related-key security of EFNs, and (b) a constant number of 4 rounds are sufficient for related-key security of AFNs. Our results complete the picture of provable related-key security of GFNs, and provide additional theoretical support for the AFN-based NIST format preserving encryption standards FF1 and FF3.

As people become more and more privacy conscious, the need for end-to-end encryption (E2EE) has become widely recognized. We study the security of SFrame, an E2EE mechanism recently proposed to IETF for video/audio group communications over the Internet. Although a quite recent project, SFrame is going to be adopted by a number of real-world applications. We inspected the original specification of SFrame. We found a critical issue that will lead to an impersonation (forgery) attack by a malicious group member with a practical complexity. We also investigated the several publicly-available SFrame implementations, and confirmed that this issue is present in these implementations.

Large semigroups and groups of transformations of finite affine space of dimension n with the option of computability of the composition of n arbitrarily chosen elements in polynomial time are described in the paper. Constructions of such families are given together with effectively computed homomorphisms between members of the family. These algebraic platforms allow us to define protocols for several generators of subsemigroup of affine Cremona semigroups with several outputs. Security of these protocols rests on the complexity of the word decomposition problem, It allows to introduce algebraic protocols expanded to cryptosystems of El Gamal type which are not a public key system. In particular symbiotic combination of these protocol of Noncommutative cryptography with one time pad encryption is given. Some of these nonclassical multivariate cryptosystems are implemented with platforms of cubical transformations.

Micro-architectural timing channels are one of the most popular side channels in modern processors exploited by attackers. The presence of such timing channels enables attackers to recover sensitive information by exploiting dynamic software properties (e.g. time, cache misses, and memory access statistics). In the recent decade, the security research community has identified numerous shreds of evidence of practical timing attacks, with more recent and critical attacks reflected in Spectre, and Meltdown. In this project, we will design a secure processor against timing side channels. Our goal is to use a set of ML and computer architecture techniques to propose a countermeasure to deal with realistic timing-channel attacks. SOC group at the National University of Singapore(NUS) opens a few positions for post-doc researchers and Ph.D. on the topic of Timing side channels. We are looking for team players who are motivated and able to drive top-quality research. The area of research lies between several fields and we expect in some of the following fields: • Micro-architecture • Side-channel analysis • Machine learning • Security We will look for applications until the positions are filled. However, prospective applicants are highly encouraged to submit their applications by 31st May 2021. As one of the top universities in the world for computer science (Ranked number 4), NUS provides excellent future career training and opportunities, research environment, and facilities to international and national academic researchers. Competitive salary, tax benefit, and welfare package will be provided. Note the start date of the post-doc and Ph.D. could be flexible but no later than the end of this year (2021). Applicants should prepare and send their CV and cover letter to the following contact email.

Closing date for applications:

Contact: Arash Pashrashid (pashrashid.arash@u.nus.edu)

We are looking for a bright and motivated PhD student to work in the topics of information security and cryptography. The student is expected to work on topics that include security and privacy issues for resource-constrained devices (e.g., sensors) that rely on external untrusted servers in order to perform computations. More precisely, the student shall be working on investigating efficient authentication and verifiable delegation of computation mechanisms that provide: i) provable security guarantees, and ii) rigorous privacy guarantees. The position is funded with a competitive salary.
Research area: Research areas include but are not limited to:

• Verifiable computation
• Secure Multi Party Computation
• Privacy-preserving authentication
• Cryptographic primitives

Your Profile:

• A MsC degree in Computer Science, Applied Mathematics or a relevant field;
• Strong mathematical and algorithmic CS background;
• Excellent programming skills;
• Excellent written and verbal communication skills in English

Final Deadline for applications: 15 April 2021
Starting date: By mutual agreement
Apply online: https://jobs.unisg.ch/offene-stellen/phd-position-in-applied-cryptography-and-information-security-m-w-d/09f75f22-649c-48a6-9aa4-659bbd686a84

Closing date for applications:

Contact: Katerina Mitrokotsa

More information: https://jobs.unisg.ch/offene-stellen/phd-position-in-applied-cryptography-and-information-security-m-w-d/09f75f22-649c-48a6-9aa4-659bbd686a84

The Applied Cryptography Lab at the Friedrich-Alexander-University Erlangen-Nürnberg (FAU) invites applications for a Post-doc position. We are interested in the theory and application of provably secure cryptography. Topics of interest include (but are not limited to):

• privacy-enhancing-technologies
• cryptocurrencies
• password-based cryptography
• proof systems

Work Environment: The Applied Cryptography Lab is part of FAU, which is one of the largest universities in Germany. With its five faculties, FAU offers a scope of subjects ranging from the Humanities to Law and Economics as well as Sciences, Medicine, and Engineering. FAU’s mission statement “Advance through Networks” reflects the close collaboration between the single disciplines. FAU has been ranked the third year in a row the most innovative University in Germany.

Requirements: Candidates for this position should hold a Ph.D. degree in Computer Science or a related discipline (mathematics, ...). The ideal candidate shows strong enthusiasm about research, publishes at leading venues in cryptography or IT security, and has excellent teamworking abilities.

Program details and contact for application/questions: Funding is available for at least 36 months; the salary range is between 32.671 - 78.136 EUR year, depending on your background and experience. Prospective applicants should apply with a cover letter, a research statement, and an academic CV that includes the contact information for two references. Please send a single PDF file and include [PostDoc] in the subject. Applications will be accepted until the position is filled.

Closing date for applications:

Contact: Dominique Schroeder

More information: https://www.chaac.tf.fau.eu

The Applied Cryptography Lab at the Friedrich-Alexander-University Erlangen-Nürnberg (FAU) invites applications for a Ph.D. position in Computer Science. We are interested in the theory and application of provably secure cryptography. Topics of interest include (but are not limited to):

• privacy-enhancing-technologies
• cryptocurrencies
• password-based cryptography
• proof systems

Work Environment: The Applied Cryptography Lab is part of FAU, which is one of the largest universities in Germany. With its five faculties, FAU offers a scope of subjects ranging from the Humanities to Law and Economics as well as Sciences, Medicine, and Engineering. FAU’s mission statement “Advance through Networks” reflects the close collaboration between the single disciplines. FAU has been ranked the third year in a row the most innovative University in Germany.

Requirements: Candidates for this position should have a master or comparable degree in Computer Science or a related discipline (mathematics, ...). Knowledge of one or several of the areas cryptography, IT security, complexity theory, privacy,... is desired. The ideal candidate shows strong enthusiasm about research and has excellent teamworking abilities.

Program details and contact for application/questions: The project start date is as soon as possible. Funding is available for at least 36 months; an extension is possible. Prospective applicants should apply with a cover letter, a list of attended (Master) courses, and an academic CV. Please send a single PDF file and include [PhD] in the subject. Applications will be accepted until the position is filled.

Closing date for applications:

Contact: Dominique Schröder

More information: https://www.chaac.tf.fau.eu

The CHES Test-of-Time Award is given yearly. An award will be given in year X to honor a paper published at (T)CHES in years X-21 to X-19 which has had a lasting impact on the field with respect to academia and/or industry.

Nominations for the 2021 award (for papers published in 2000-2002) are welcomed by the selection committee. Deadline for nomination is May 3, 2021 23:59 AoE.

The proceedings of the relevant conferences can be found here:

• CHES 2000: https://link.springer.com/book/10.1007/3-540-44499-8
• CHES 2001: https://link.springer.com/book/10.1007/3-540-44709-1
• CHES 2002: https://link.springer.com/book/10.1007/3-540-36400-5

In order to nominate please send an email to the chair of selection committee with the following contents:

email subject line: ches test of time award nomination
mention: paper title and publication year
provide short justification why the paper should receive the award by providing number of citations, describing influence in industry, etc. in a max. 2 pages document or text in the email body

More information about the CHES Test-of-Time award can be found here: https://ches.iacr.org/testoftime.shtml

The 2021 Selection Committee:

• Benedikt Gierlichs (chair)
• Ingrid Verbauwhede
• Jean-Sébastien Coron
• David Naccache
• Berk Sunar

As a Rust Engineer at Wickr, you will help build the next generation of Technology! This critical Engineering position will have the unique ability to work with our cryptography team on the design and test of new products and features. Then partner with entire production engineering team to implement those products and features.

You not only create and deliver, you have the opportunity to see your hard work in use by everyday users. Opportunities like this do not come around often and take the right person to deliver results. While Wickr is expanding exponentially, we are keeping our start-up feel, mentality and fun environment. You still have time to join as a groundbreaking team member for an organization that holds over 91 patents on crypto protocols.

Responsibilities:

> Work with our cryptographers to create prototypes of cutting edge cryptographic and security features such as advanced encryption, signature, and key agreement schemes.

> Work with our core engineering team to convert prototypes of new network protocols and security features into production ready implementations that can be used by Wickr applications.

> Help develop a new cross platform Wickr protocol library in Rust.

> Write benchmarks and optimize code to help our team take full advantage of new features.

> Write code that is modular and well-covered by automated unit and integration tests.

> Help write and test FFI wrappers for our Rust libraries in Java, Swift, and C++.

POSITION REQUIREMENTS

> Bachelor’s degree or equivalent in Computer Science, Engineering or related field.

> 4+ years of experience developing software libraries in a low-level language such as C and C++.

> Minimum of 2 years’ experience writing Rust code in a production environment.

> Experience working in an agile software development environment.

> Experience contributing to open source libraries is a plus.

> Experience working with Java, Swift, or NodeJS is a plus.

> Interest in cryptography and secure coding practices is a plus.

> Be a self-starter who is willing to take ownership of your work.

> Excellent communicator in both verbal

Closing date for applications:

Contact: Please enter your application into the careers page and our Technical Recruiter will contact you, if qualified. You can also find him on LinkedIn https://www.linkedin.com/in/mike-schultz-1509a22/

More information: https://wickr.com/careers/

The objective of thisproject is to address the challenges to enable high capacity IoT networks with low energy consumption and highly secure communication. For this, we aim to develop and demonstrate efficient algorithms for the maximization of the capacity of IoT networks. At the same time, we envision to alleviate the battery issue by developing intelligent methods for energy harvesting and power control. We will also investigate the robustness capabilities of the IoT network to maintain high security levels against different kind of attacks and vulnerabilities. -The candidate must hold (or about to complete) a PhD in the related fields. The candidate will take part in the EXAF-JFD Project is expected to have hands-on experience in fields related to wireless communications. The main duties are: -Publish in high impact journals in the field. -Supervise graduate and undergraduate students. -Contribute to teaching or other training activities (if applicable) The successful candidate will be employed by Mohammed VI Polytechnic University (UM6P) based at Benguerir (50 km north of Marrakech), Morocco. The net salary per month is 2000 USD.

Closing date for applications:

Contact: For more information an application , please visit: https://www.abg.asso.fr/fr/recruteurOffres/show/id_offre/97229

The cryptography research group at Fujitsu Laboratories of America is looking for a security researcher to help us broaden the scope of our lab's work. We are looking for a researcher who can both help support our business and do fundamental research across a number of areas including applied cryptography, blockchain, and systems security. A broad overview of our recent research interests can be found here: https://www.fujitsu.com/us/about/businesspolicy/tech/rd/research/computer-security/cryptography-and-privacy/.

We are looking for someone who will accelerate our security research around our business interests in the area and establish our presence in systems security academic venues. We offer competitive salary, benefits package, and flexible work schedule. This is a full-time permanent position based on Sunnyvale, CA. Candidates should have (or should soon have) a PhD degree in computer security or a closely related field. Preference will be given to candidates with strong publication records in top tier crypto/security conferences. Interested candidates are encouraged to apply by sending their CV to Arnab Roy by email.

Closing date for applications:

Contact: Arnab Roy

CSEM is a private, non-profit research, technology and innovation center. Our division of Integrated and Wireless Systems, in collaboration with the HexHive lab, EPFL, is looking for a PhD Candidate in Embedded security.

We have a multidisciplinary competence in the area of embedded, low-power embedded systems, spanning the full stack from HW, through firmware, to communication technologies, embedded intelligence, and security.
This offers an exciting opportunity for a candidate interested in HW design, cryptography, and security to address research questions that are relevant to practical applications in the domain of low-power embedded systems and Internet of Things (IoT), thanks to the immediate feedback and guidance from CSEM's researchers and engineers.

Your mission will contribute to applied research and development in one or more of these of these research directions of interest:

• Side channel-resistant implementations of cryptographic HW accelerators, with an emphasis on minimization of overhead and trade-offs between overhead and security level.
• HW-accelerated implementations of post-quantum cryptography for constrained platforms. Investigation of alternative cryptographic primitives to PQC key encapsulation and signature schemes with lower implementation overheads, suited for IoT.
• Identification, design, and implementation of HW (cyber)security features for constrained embedded platforms for practically relevant security profiles, with an emphasis on design minimalism.
• Research on tools automatizing the design of side-channel- secure processor instructions and/or HW accelerators.

Your profile.

• A Masters (or equivalent) degree in Electrical Engineering, Electronics or Computer Science
• Good background in applied cryptography and security
• Solid background in HW design and resource trade-offs
• Solid background with programming in C
• Familiarity with embedded development is an advantage
• Fluency in English is required, proficiency in French is an advantage

Closing date for applications:

Contact:

For more information please contact Damian Vizar damian[dot]vizar [at]csem[dot]ch

You need to apply to the EPFL, IC faculty's doctoral school by April 15th: https://www.epfl.ch/education/phd/edic-computer-and-communication-sciences/edic-computer-and-communication-sciences/edic-how-to-apply/

We would like to announce one open (3-year) PhD position in Symmetric cryptography in the Caramba team in Nancy, France. The aim of this PhD research project is to build new symmetric primitives which designs are based on strong security proofs while the proposed concrete instances are justified by careful security analyses.
The highly motivated candidate should have a master degree (or equivalent) in Computer Science or Mathematics and at least basic knowledge in symmetric key cryptology.
The application deadline is May 10th 2021 and the candidates must apply via http://doctorat.univ-lorraine.fr/fr/les-ecoles-doctorales/iaem/offres-de-these/design-et-cryptanalyses-de-nouveaux-schemas-de. Further details on the project and on the requirements are also available on this page.

Closing date for applications:

Contact: Marine Minier (marine dot minier at loria dot fr) and Virginie Lallemand (virginie dot lallemand at loria dot fr)

More information: http://doctorat.univ-lorraine.fr/fr/les-ecoles-doctorales/iaem/offres-de-these/design-et-cryptanalyses-de-nouveaux-schemas-de