International Association
for Cryptologic Research

We present an implementation of the hash-based post-quantum signature scheme SPHINCS+ that enables heavily memory-restricted devices to sign messages by streaming-out a signature during its computation and to verify messages by streaming-in a signature. We demonstrate our implementation in the context of Trusted Platform Modules (TPMs) by proposing a SPHINCS+ integration and a streaming extension for the TPM specification. We evaluate the overhead of our signature-streaming approach for a stand-alone SPHINCS+ implementation and for its integration in a proof-of-concept TPM with the proposed streaming extension running on an ARM Cortex-M4 platform. Our streaming interface greatly reduces the memory requirements without introducing a significant performance penalty. This is achieved not only by removing the need to store an entire signature but also by reducing the stack requirements of the key generation, sign, and verify operations. Therefore, our streaming interface enables small embedded devices that do not have sufficient memory to store an entire SPHINCS+ signature or that previously were only able to use a parameter set that results in smaller signatures to sign and verify messages using all SPHINCS+ variants. Since the streaming concept aggravates fault attacks on hash-based signature schemes, we briefly discuss countermeasures to attenuate such attacks in a signature-streaming scenario.

The BeleniosVS electronic voting scheme offers an attractive mix of verifiability and privacy properties. Moreover, using the ProVerif protocol-verification tool, BeleniosVS has automatic machine-aided analysis of (end-to-end) verifiability in 96 different threat models with the machine-aided analysis finding proofs in 22 cases and finding attacks in the remaining 74 cases. The high number of threat models covered by ProVerif delivers a much richer security analysis than the norm.

We revisit the BeleniosVS scheme and propose several refinements to the ProVerif security model and scheme which increase the number of threat models in which the scheme has verifiability from 22 to 28. Our new ProVerif security model also implies end-to-end verifiability but the requirements are easier to satisfy. Interestingly, in all six improvements, both the changes to the security model and one or more changes to the scheme are necessary to prove verifiability.

In this paper, we present a new secret trapdoor function for the design of multivariate schemes that we call ``Onyx'', suitable for encryption and signature. It has been inspired by the schemes presented in Ariadne Thread and Pepper: New mul-tivariate cryptographic schemes with public keys in degree 3. . From this idea, we present some efficient encryption and signature multivariate schemes with explicit parameters that resist all known attacks. In particular they resist the two main (and often very powerful) attacks in this area: the Gröbner attacks (to compute a solution of the system derived from the public key) and the MinRank attacks (to recover the secret key). Specific attacks due to the properties of the function and its differential are also addressed in this paper. The ``Onyx'' schemes have public key equations of degree 3. Despite this, the size of the public key may still be reasonable since we can use larger fields and smaller extension degrees. Onyx signatures can be as short as the ``birthday paradox'' allows, i.e. twice the security level, or even shorter thanks to the Feistel-Patarin construction, like many other signatures schemes based on multivariate equations.

This paper describes Djed, an algorithmic stablecoin protocol that behaves like an autonomous bank that buys and sells stablecoins for a price in a range that is pegged to a target price. It is crypto-backed in the sense that the bank keeps a volatile cryptocurrency in its reserve. The reserve is used to buy stablecoins from users that want to sell them. And revenue from sales of stablecoins to users are stored in the reserve. Besides stablecoins, the bank also trades reservecoins in order to capitalize itself and maintain a reserve ratio significantly greater than one. To the best of our knowledge, this is the first stablecoin protocol where stability claims are precisely and mathematically stated and proven. Furthermore, the claims and their proofs are formally verified using two different techniques: bounded model checking, to exhaustively search for counter-examples to the claims; and interactive theorem proving, to build rigorous formal proofs using a proof assistant with automated theorem proving features.

We construct a simple public-coin zero-knowledge proof system solely based on symmetric primitives, from which we can apply the Fiat-Shamir heuristic to make it non-interactive. Our construction can be regarded as a simplified cut-and-choose-based malicious secure twoparty computation for the zero-knowledge functionality. Our protocol is suitable for pedagogical purpose for its simplicity (code is only 728 lines).

Physically Unclonable Functions (PUFs) and True Random Number Generators (TRNGs) are two highly useful hardware primitives to build up the root-of-trust for an embedded device. PUFs are designed to offer repetitive and instance-specific randomness, whereas TRNGs are expected to be invariably random. In this paper, we present a dual-mode PUF-TRNG design that utilises two different hardware-intrinsic properties, i.e. oscillation frequency of the Transition Effect Ring Oscillator (TERO) cell and the propagation delay of a buffer within the cell to serve the purpose of both PUF and TRNG depending on the exact requirement of the application. The PUF design is also proposed to have a built-in resistance to machine learning (ML) and deep learning (DL) attacks, whereas the TRNG exhibits sufficient randomness.

This paper introduces the concept of information with a foreseeable lifespan and explains who to achieve this primitive via a new method for encoding and storing information in DNA-RNA sequences.

The storage process can be divided into three time-frames. Within the first (life), we can easily read out the stored data with high probability. The second time-frame (agony) is a parameter-dependent state of uncertainty; the data is not easily accessible, but still cannot be guaranteed to be inaccessible. During the third (death), the data can with high probability not be recovered without a large computational effort which can be controlled via a security parameter. The quality of such a system, in terms of a foreseeable lifespan, depends on the brevity of the agony time-frame, and we show how to optimise this.

In the present paper, we analyse the use of synthetic DNA and RNA as a storage medium since it is a suitable information carrier and we can manipulate the RNA nucleotide degradation rate to help control the lifespan of the message embedded in the synthesized DNA/RNA molecules. Other media such as Bisphenol A thermal fax paper or unstable nonvolatile memory technologies can be used to implement the same principle but the decay models of each of those phenomena should be re-analysed and the formulae given in this paper adapted correspondingly.

Open vote network is a secure multi-party protocol allowing to compute a sum of integer votes without revealing their values. As such, it has several applications in social choice and financial applications.

An inherent limitation of OV-Net is its lack of robustness against denial-of-service attacks, which occur when at least one of the voters initiates the protocol but (maliciously or accidentally) does not complete it. Unfortunately such a situation is very likely to occur in any real-world implementation of the protocol. This will cost serious time delays from either waiting for the failing parties and perhaps having to perform extra protocol rounds with the remaining participants.

This paper provides a solution to this problem by extending OV-Net with mechanisms tolerating a number of unresponsive participants. The price to pay is a carefully controlled privacy loss, an increase in computation, and a statistical loss in the accuracy.

Two main classes of optical TEMPEST attacks against the confidentiality of information processed/delivered by devices have been demonstrated in the past two decades; the first class includes methods for recovering content from monitors, and the second class includes methods for recovering keystrokes from physical and virtual keyboards. In this paper, we identify a new class of optical TEMPEST attacks: recovering sound by analyzing optical emanations from a device’s power indicator LED. We analyze the response of the power indicator LED of various devices to sound and show that there is an optical correlation between the sound that is played by connected speakers and the intensity of their power indicator LED due to the facts that: (1) the power indicator LED of various devices is connected directly to the power line, (2) the intensity of a device’s power indicator LED is correlative to the power consumption, and (3) many devices lack a dedicated means of countering this phenomenon. Based on our findings, we present the Glowworm attack, an optical TEMPEST attack that can be used by eavesdroppers to recover sound by analyzing optical measurements obtained via an electro-optical sensor directed at the power indicator LED of various devices (e.g., speakers, USB hub splitters, and microcontrollers). We propose an optical-audio transformation (OAT) to recover sound in which we isolate the speech from optical measurements obtained by directing an electro-optical sensor at a device’s power indicator LED Finally, we test the performance of the Glowworm attack in various experimental setups and show that an eavesdropper can apply the attack to recover speech from speakers’ power LED indicator with good intelligibility from a distance of 15 meters and with fair intelligibility from 35 meters.

The Institute of Information Security and the Perceptual User Interfaces Group at University of Stuttgart, Germany invite applications for a PhD position on "Privacy-Preserving Attentive User Interfaces" at the intersection of Security/Privacy/Cryptography, Machine Learning, and Human-Computer Interaction.

Apply if you belong to the top 5% of students in your peer group, are highly motivated and capable of addressing and solving scientifically challenging problems, and if you are interested in doing research in an internationally oriented, interdisciplinary, and highly successful team. We value strong analytical skills. Knowledge of cryptography, in particular, privacy enhancing technologies such as Multi Party Computation and Differential Privacy, is an asset. Knowledge of German is not required.

The University of Stuttgart is an equal opportunity employer. Applications from women are strongly encouraged. Severely challenged persons will be given preference in the case of equal qualifications.

To apply, please send email with subject "PhD position: Privacy-Preserving Attentive User Interfaces" and a single PDF file containing the following documents to ralf.kuesters@sec.uni-stuttgart.de:

• Cover letter (explaining your scientific background and your motivation to apply)
• Curriculum Vitae
• List of publications (if any)
• Copies of transcripts and certificates (Bachelor and Master)
• Names and contact addresses of at least two references

The deadline for applications is

September 12th, 2021.

Late applications will be considered until the position is filled.

See https://sec.uni-stuttgart.de/ for more information about the Institute of Information Security (Prof. Küsters) and http://www.perceptualui.org/ for the Perceptual User Interfaces Group (Prof. Bulling).

Closing date for applications:

Contact: Prof. Dr. Ralf Küsters

ralf.kuesters@sec.uni-stuttgart.de

More information: https://sec.uni-stuttgart.de/

Join https://ist.ac.at/en/research/kokoris-group/ and work on decentralized systems. This position is in support of the Marie Skłodowska-Curie fellowship and is intended to support candidates in order to either strengthen their academic profile or pivot their career towards entrepreneurship or social impact. More info at https://ist.ac.at/en/education/postdocs/ist-bridge/ Deadlines: 05/11/21 – 05/05/22 – 05/11/22 – 05/05/23 – 05/11/23 Competitive salary and full social coverage.

Closing date for applications:

Contact: Lefteris Kokoris-Kogias

More information: https://twitter.com/LefKok/status/1427299702530363405

Microsoft Research India is looking for an experienced Research Software Development Engineer to work on building and deploying next generation systems. The engineer should have expertise in computer systems with a passion for deploying solutions at scale.  You will be working closely with a team of researchers and engineers to design and deploy new innovative solutions that significantly improve the state of the art. Responsibilities: We are looking for an engineer with proven skills to deliver on the ambitious goals of the team. Qualifications Required Skills & Qualifications: •Strong technical skills involving design and coding •Strong programming skills in C/C++/C# or a similar language •Effective communication and collaboration •5+ years of industry experience in software development Desired Skills & Qualifications: •BS or MS in Computer Science •Familiarity with privacy-preserving technologies, such as multi-party computation, homomorphic encryption, or differential privacy is a plus Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. Benefits/perks listed below may vary depending on the nature of your employment with Microsoft and the country where you work.

Closing date for applications:

Contact: https://careers.microsoft.com/us/en/job/1129518/Research-SDE

More information: https://careers.microsoft.com/us/en/job/1129518/Research-SDE

The position for a research assistant is open in Cryptography and Information Security (CrIS) Lab at IISc. CrIS lab is associated to the Department of Computer Science and Automation (CSA). The research focus of the lab include secure multiparty computation, fault-tolerant distributed computing, and privacy preserving machine learning, but is not limited to them.

This position is open for post-graduate (MSc/MS/MTech/Dual degree/Integrated Mtech) students interested in getting more research experience. Applicants who have credited a cryptography course in their home institute and/or who have worked on a related topic for their master's thesis are preferred.

You can apply through and find further details regarding opportunities at CrIS here -
https://www.csa.iisc.ac.in/~cris/opportunities.html

Closing date for applications:

Contact: Arpita Patra

More information: https://www.csa.iisc.ac.in/~cris/about.html

There are two postdoctoral positions open in Cryptography and Information Security (CrIS) Lab at IISc. CrIS lab is associated to the Department of Computer Science and Automation (CSA). The research focus of the lab include secure multiparty computation, fault-tolerant distributed computing, and privacy preserving machine learning, but is not limited to them.

The applicant is expected to have completed a PhD degree (recently) in Cryptography or a related subject with strong publication records. A background in theoretical aspects of secure multiparty computation and/or experience in coding for practical aspects of secure computation is expected. Postdoctoral fellows are expected to actively interact with PhD students and contribute to the lab's projects. The tenure of the position is for one year and can be extended further.

You can apply through and find further details regarding opportunities at CrIS here -
https://www.csa.iisc.ac.in/~cris/opportunities.html

Closing date for applications:

Contact: Arpita Patra

More information: https://www.csa.iisc.ac.in/~cris/about.html

InfoSec Global is a company that works on creating Cryptographic Lifecycle Management. This includes Crypto Analytics Tools, adaptation our Crypto Agility Platform, preparing for and migrating to Post-Quantum Cryptography, implementing Cryptographic Libraries. We work on innovative cryptography and crypto management tools, bringing them to life and moving it from static to dynamic. For more information, please visit our website infosecglobal.com We are looking to hire a Cryptographic Engineer to our core cryptographic team, whose work will be focused around our innovative product AgileSec platform and cryptographic development in general. As a Cryptographic Engineer in our team, your responsibilities will include: • Working on cryptographic SDKs • Working on cryptographic library implementation • Deriving and encoding cryptographic policies • Crypto Automation • Implementing cryptographic algorithms Required Qualifications: • Bachelor’s or Master’s degree • Experience working with Git • Experience working with SDKs • Knowledge of C and other programming languages • Extensive software development experience Preferred Qualifications: • Knowledge and experience working with cryptographic engines • Knowledge and experience working with TLS stack • Ability to write clear technical documentation This is a full-time role at the Toronto (HQ) office. Currently, the work would be performed remotely for the time being. The employee will be eligible for health benefits after the probation period. Also, the employee should have a Canadian PR or Citizenship status.

Closing date for applications:

Contact: Vladimir Soukharev

More information: https://www.infosecglobal.com/

We are looking for a Ph.D. student or postdoc in cryptography, for research projects on public key encryption with enhanced functionality and secure outsourced storage.

For more information about our research group, see https://itsc.uni-wuppertal.de/en/

Prerequisites for a Ph.D. candidate:

• M.Sc. or similar degree in computer science
• Strong background in cryptography and theoretical computer science

Prerequisites for a postdoc position: Ph.D. in public key cryptography or a closely related area

The official job announcement can be found at https://stellenausschreibungen.uni-wuppertal.de/ (unfortunately in German only). This announcement is in German only. However, German language skills are not required, the working language in the group is English.

If you have questions, please contact Tibor Jager by e-mail.

Closing date for applications:

Contact: Tibor Jager, see group web page for e-mail address.

More information: https://itsc.uni-wuppertal.de/en/

Proof systems allow one party to prove to another party that a certain statement is true. Most existing practical proof systems require that the statement will be represented in terms of polynomial equations over a finite field. This makes the process of representing a statement that one wishes to prove or verify rather complicated, as this process requires a new set of equations for each statement. Various approaches to deal with this problem have been proposed. We present Cairo, a practically-efficient Turing-complete STARK-friendly CPU architecture. We describe a single set of polynomial equations for the statement that the execution of a program on this architecture is valid. Given a statement one wishes to prove, Cairo allows writing a program that describes that statement, instead of writing a set of polynomial equations.

Nonlinear feedback shift registers (NFSRs) are used in many stream ciphers as their main building blocks. In particular, Galois NFSRs with terminal bits are used in the typical stream ciphers Grain and Trivium. One security criterion for the design of stream ciphers is to assure their used NFSRs are nonsingular. The nonsingularity is well solved for Fibonacci NFSRs, whereas it is not for Galois NFSRs. In addition, some types of Galois NFSRs equivalent to Fibonacci ones have been found. However, there exist new types of such Galois NFSRs remains unknown. The paper first considers the nonsingularity of Galois NFSRs. Some necessary/sufficient conditions are presented. The paper then concentrates on the equivalence between Galois NFSRs and Fibonacci ones. Some necessary conditions for Galois NFSRs equivalent to Fibonacci ones are provided. The Galois NFSRs with terminal bits equivalent to a given Fibonacci one are enumerated. Moreover, two classes of nonsingular Galois NFSRs with terminal bits are found to be the new types of Galois NFSRs equivalent to Fibonacci ones.

This paper introduces fast algorithms for performing group operations on Edwards curves using FFT-based multiplication. Previously known algorithms can use such multiplication too, but better results can be achieved if particular properties of FFT-based arithmetic are accounted for. The introduced algorithms perform operations in extended Edwards coordinates and in Montgomery single coordinate.

We report the discovery of new results relating $L$-functions, which typically encode interesting information about mathematical objects, obtained in a \emph{semi-automated} fashion using an algebraic sieving technique.

Algebraic sieving initially comes from cryptanalysis, where it is used to solve factorization, discrete logarithms, or to produce signature forgeries in cryptosystems such as RSA. We repurpose the technique here to provide candidate identities, which can be tested and ultimately formally proven.

A limitation of our technique is the need for human intervention in the post-processing phase, to determine the most general form of conjectured identities, and to provide a proof for them. Nevertheless we report 29 identities that hitherto never appeared in the literature, 9 of which we could completely prove, the remainder being numerically valid over all tested values.

This work complements other instances in the literature where this type of automated symbolic computation has served as a productive step toward theorem proving; it can be extremely helpful in figuring out what it is that one should attempt to prove.