IACR News
Here you can see all recent updates to the IACR webpage. These updates are also available:
11 October 2021
IDEAS NCBR Ltd. (https://ideas-ncbr.pl/en)
Closing date for applications:
Contact: Prof. Stefan Dziembowski
NTNU - Norwegian University of Science and Technology, Trondheim, Norway
The Department of Mathematical Sciences at NTNU is looking for a post-doc in public-key cryptography. The position is hosted by Jiaxin Pan. It is funded by a project from the Research Council of Norway with focus on provable security. Potential topics are, but not limited to, digital signatures, zero-knowledge proofs, and post-quantum cryptography.
The candidate will work on theoretical aspects of public-key cryptography and is expected to publish at IACR conferences (such as Crypto, Eurocrypt, Asiacrypt, etc.) and renowned security conferences (such as IEEE S&P, ACM CCS, etc.). Thus, a track record of publications at these conferences is expected for the successful candidate.
Further details: The position holder will participate in many activities of the Cryptology Lab (NaCl) at NTNU which has 9 faculty members working on both applied and theoretical aspects of cryptology. The working place is in Trondheim, Norway. Trondheim is a modern European city with a rich cultural scene. It offers great opportunities for education (including international schools) and possibilities to enjoy nature, culture and family life and has low crime rates and clean air quality.
Application: More details are given here: https://www.jobbnorge.no/en/available-jobs/job/213223/postdoctoral-fellow-in-cryptography. We can only accept applications from this jobbnorge.no page.
Application deadline: 7th November 2021.
Starting date: May 2022, but it can be flexible. We encourage candidates who finish their PhD within (or before) 2022 to apply.
Duration: The position is for 3 years. The department might offer you 1 year in addition with teaching duties.
Closing date for applications:
Contact: Jiaxin Pan (first.last@ntnu.no)
More information: https://www.jobbnorge.no/en/available-jobs/job/213223/postdoctoral-fellow-in-cryptography
07 October 2021
Julien Duman, Kathrin Hövelmanns, Eike Kiltz, Vadim Lyubashevsky, Gregor Seiler, Dominique Unruh
The preference for using Ring/Module-LWE is due to the fact that this problem is at least as hard as NTRU, is more flexible in the algebraic structure due to the fact that no polynomial division is necessary, and that the decryption error is independent of the message. And indeed, the practical NTRU encryption schemes in the literature generally lag their Ring/Module-LWE counterparts in either compactness or speed, or both.
In this paper, we put the efficiency of NTRU-based schemes on equal (even slightly better, actually) footing with their Ring/Module-LWE counterparts. We provide several instantiations and transformations, with security given in the ROM and the QROM, that detach the decryption error from the message, thus eliminating the adversary's power to have any effect on it, which ultimately allows us to decrease parameter sizes. The resulting schemes are on par, compactness-wise, with their counterparts based on Ring/Module-LWE. Performance-wise, the NTRU schemes instantiated in this paper over NTT-friendly rings of the form $Z_q[X]/(X^d-X^{d/2}+1)$ are the fastest of all public key encryption schemes, whether quantum-safe or not. When compared to the NIST finalist NTRU-HRSS-701, our scheme is $15\%$ more compact and has a $15$X improvement in the round-trip time of ephemeral key exchange, with key generation being $35$X faster, encapsulation being $6$X faster, and decapsulation enjoying a $9$X speedup.
Julien Duman, Eike Kiltz, Kathrin Hövelmanns, Vadim Lyubashevsky, Gregor Seiler
To obtain even more confidence in the security of KEMs in the multi-user setting, it is a common design paradigm to also ``domain separate'' the random oracles of each user by including his public key as an input to the hash function. We are not aware of any formal analysis of this technique, but it was at least informally thought to be a computationally cheap way to add security. This design principle was carried over into the FO transformations used by several schemes in the NIST post-quantum standardization effort -- notably the lattice-based schemes Kyber and Saber, which are two of the four KEM finalists.
In this work, we formally analyze domain separation in the context of the FO transformation in the multi-user setting. We first show that including the public key in the hash function is indeed important for the tightness of the security reductions in the ROM and the QROM. At the same time, we show that including the \emph{entire} public key into the hash function is unnecessarily wasteful -- it is enough to include just a small (e.g. $32$ byte) unpredictable part of the key to achieve the same security. Reducing the input of the hash function results in a very noticeable improvement in the running time of the lattice-based KEMs. In particular, using this generic transform results in a 2X - 3X speed-up over the current (Round 3) key generation and encapsulation procedures in Kyber, and up to a $40\%$ improvement in the same functions in Saber.
Yan Ji, Konstantinos Chalkias
Saikrishna Badrinarayanan, Peihan Miao, Tiancheng Xie
Finally, we implement our UPSI with addition protocols and compare with the state-of-the-art PSI protocols. Our protocols compare favorably when the total set size is sufficiently large, the new updates are sufficiently small, or in networks with low bandwidth.
Xavier Bonnetain, André Schrottenloher, Ferdinand Sibleyras
We study the 2XOR-Cascade construction of Ga{\v{z}}i and Tessaro (EUROCRYPT~2012). It is a key length extension technique which provides an n-bit block cipher with 5n/2 bits of security out of an n-bit block cipher with 2n bits of key, with a security proof in the ideal model. We show that the offline-Simon algorithm of Bonnetain et al. (ASIACRYPT~2019) can be extended to, in particular, attack this construction in quantum time Õ(2^n), providing a 2.5 quantum speedup over the best classical attack.
Regarding post-quantum security of symmetric ciphers, it is commonly assumed that doubling the key sizes is a sufficient precaution. This is because Grover's quantum search algorithm, and its derivatives, can only reach a quadratic speedup at most. Our attack shows that the structure of some symmetric constructions can be exploited to overcome this limit. In particular, the 2XOR-Cascade cannot be used to generically strengthen block ciphers against quantum adversaries, as it would offer only the same security as the block cipher itself.
Zhaomin Yang, Xiang Xie, Huajie Shen, Shiying Chen, Jun Zhou
The core technique in this paper is a new and efficient functional bootstrapping algorithm that avoids the negacyclicity constraint of the evaluated functions, which enables us to extract bits blocks homomorphically. This new functional bootstrapping algorithm could be applied to BFV and TFHE schemes as well, and is of independent interest.
Sébastien Canard, Nicolas Desmoulins, Sébastien Hallay, Adel Hamdi, Dominique Le Hello
Subhadeep Banik, Khashayar Barooti, Serge Vaudenay, Hailun Yan
Jan Richter-Brockmann, Ming-Shing Chen, Santosh Ghosh, Tim Güneysu
Besides the arithmetic optimizations, we present a united hardware design of BIKE with shared resources and shared sub-modules among KEM functionalities. On Xilinx Artix-7 FPGAs, our light-weight implementation consumes only 3 777 slices and performs a key generation, encapsulation, and decapsulation in 3 797 µs, 443 µs, and 6 896 µs, respectively. Our high-speed design requires 7 332 slices and performs the three KEM operations in 1 672 µs, 132 µs, and 1 892 µs, respectively.
Hanlin Liu, Yu Yu
(Time-space tradeoff). We obtain the same time-space tradeoffs for LPN and LWE as those given by Esser et al. (Crypto 2018), but without resorting to any heuristics. For any $2\leq c\in\mathbb{N}$, our algorithm solves the LPN problem with time/sample complexity $2^{\frac{\log c(1+\epsilon)n}{\log n}}\cdot 2^{O(n^{\frac{1}{1+\epsilon}})}$ and space complexity $2^{\frac{\log c(1+\epsilon)n}{(c-1)\log n}}$, where one can use Grover's quantum algorithm or Dinur et al.'s dissection technique (Crypto 2012) to further accelerate/optimize the time complexity.
(Time/sample optimization). A further adjusted variant of our algorithm solves the LPN problem with sample, time and space complexities all kept at $2^{\frac{(1+\epsilon)n}{\log n}}$ for $\epsilon\to 0^+$, saving factor $2^{\Omega(n^{\frac{1}{1+\epsilon}})}$ in time/sample compared to the original BKW, and the variant of Devadas et al. (TCC 2017). This benefits from a careful analysis of the error distribution among the correlated candidates, and therefore avoids repeating the same process $2^{\Omega(n^{\frac{1}{1+\epsilon}})}$ times on fresh new samples.
(Sample reduction) Our algorithm provides an alternative to Lyubashevsky's BKW variant (RANDOM 2005) for LPN with a restricted amount of samples. In particular, given $Q=n^{1+\epsilon}$ (resp., $Q=2^{n^{\epsilon}}$) samples, our algorithm saves a factor of $2^{\Omega(n)/(\log n)^{1-\kappa}}$ (resp., $2^{\Omega(n^{\kappa})}$) for constant $\kappa \to 1^-$ in running time while consuming roughly the same space, compared with Lyubashevsky's algorithm.
We seek to bridge the gaps between theoretical and heuristic LPN solvers, but take a different approach from Devadas et al. (TCC 2017). We exploit weak yet sufficient conditions (e.g., pairwise independence), and the analysis uses only elementary tools (e.g., Chebyshev's inequality).
Dan Boneh, Wilson Nguyen, Alex Ozdemir
06 October 2021
IRIF, Université de Paris, Paris, France
Closing date for applications:
Contact: Geoffroy Couteau
More information: https://www.irif.fr/postes/postdoc
Microsoft Research, Redmond, WA
Digital identities are foundational to the modern web and to the many services enabled by various cloud providers. The Cryptography and Privacy Research Group at Microsoft Research, Redmond, is creating new privacy and transparency technologies for the digital identity ecosystem, with the goal of giving users more control over their identity and visibility into its usage. We are looking for a research intern for the spring of 2022 to work with us on privacy-preserving and auditable data structures and applications to future digital identity ecosystems.
More information and application at https://careers.microsoft.com/us/en/job/1177611/Research-Intern-Privacy-and-Cryptography
Closing date for applications:
Contact: Kim Laine (kim.laine@microsoft.com) or Esha Ghosh (esha.ghosh@microsoft.com)
The University of Manchester, Department of Computer Science, Manchester, UK
We are looking for a Research Associate (PostDoc) in Secure & Privacy-preserving AI Models to join our ambitious EnnCore (https://enncore.github.io/) project.
You will enjoy designing, developing and evaluating novel AI models (deep neural networks) that are privacy-preserving and robust against attacks. The project will involve the continuous interaction with experts in explainable AI and formal software verification. You will also have the opportunity to build use cases and to collaborate with domain experts in areas such as cancer research and energy trading. You will design, develop and evaluate new models in the context of their accuracy, privacy-protection and robustness. This position may include research on a diverse set of techniques such as federated learning, homomorphic encryption, multiparty computation and adversarial methods. The post is initially for one year, with the possibility for extensions.
You should have a PhD or equivalent in Computer Science or a closely related field together with a track record of international publications in applied machine learning or secure computation. Examples of fields of interests are:
(1) Federated Learning
(2) Homomorphic Encryption
(3) Secure Multiparty Computation
(4) Differential Privacy
(5) Safety Mechanisms in AI Systems
(6) Adversarial Methods
Closing date for applications:
Contact: Dr Mustafa A. Mustafa
mustafa.mustafa@manchester.ac.uk
More information: https://www.jobs.manchester.ac.uk/displayjob.aspx?jobid=21038
Heliax, Anoma Protocol, Remote
Closing date for applications:
Contact: jobs@heliax.dev
More information: https://heliax.dev/jobs/zero-knowledge-cryptographer-protocol-developer/
New Jersey Institute of Technology (NJIT), USA
Details: NJIT is a Rank 1 Research University, situated in New York Metropolitan area, and is about 7 miles away from the beautiful New York City. New York Metropolitan area is a key part of the US and is the hub of several major tech and research companies. The qualified candidates will have opportunities for research internships and joint projects with lead-industrial companies.
The position is looking for highly motivated graduate as well as undergraduate students to explore, design, and implement algorithms for databases, secure computing, IoT, blockchain, and machine learning. Topics are as follows:
1. GDPR compliance trustworthy database systems
a. The implication of privacy laws in database systems
b. Design of new modules for GDPR compliance secure databases
2. Trustworthy data-driven systems
a. Application of blockchains in data-driven systems
b. Applications of security techniques in data-driven system pipeline
3. Scalable and trustworthy database processing
a. Use of encryption and secret-sharing techniques
b. Use of secure hardware
Outcome: The work will expose the student to novel data management algorithms, programming with secure hardware (Intel SGX), cluster computing frameworks such as MapReduce and Spark, and the basics of secure computing using cryptographic techniques.
Requirements:
1. You will need to be highly enthusiastic, learner, and also be interested in coding/prototyping algorithms and systems
2. Adequate knowledge of algorithms, programming, and relational database systems
3. Knowledge of Java, SQL, and C/C++
4. You must be an Undergraduate/Master student in computer science or a related field
Closing date for applications:
Contact: Shantanu Sharma shantanu[DOT]sharma[AT]njit[DOT]edu Please send your CV and other information (e.g., GitHub account, sample projects, etc.) to: Shantanu Sharma
More information: https://web.njit.edu/~ss797/
University of Stuttgart, Institute of Information Security
fully-funded Postdoc position in formal verification.
The successful candidate is expected to work on tool-supported formal verification of security-critical systems and security protocols.
The position is available immediately with an internationally competitive salary (German public salary scale TV-L E13 or TV-L E14, depending on the candidate's qualification, ranging from about 4.600 Euro to 6.200 Euro monthly gross salary). The appointment period follows the German Wissenschaftszeitvertragsgesetz (WissZeitVg), ranging from one year to up to six years.
The Institute of Information Security offers a creative international environment for top-level international research in Germany's high-tech region.
The successful candidate should have a Ph.D. (or should be very close to completion thereof) in Computer Science, Mathematics, Information Security, or a related field. We value strong analytical skills and
- solid knowledge of logic, proofs and/or formal verification techniques (Theorem Proving, Type Checking, etc.),
- solid programming experience.
Knowledge in security is not required, but a plus. Knowledge of German is not required.
See https://www.sec.uni-stuttgart.de/institute/job-openings/ for details of how to apply.
The deadline for applications is
October 31st, 2021.
Late applications will be considered until the position is filled.Closing date for applications:
Contact: Prof. Dr. Ralf Küsters
University of Stuttgart
Institute of Information Security
ralf.kuesters@sec.uni-stuttgart.de
More information: https://www.sec.uni-stuttgart.de/institute/job-openings/
05 October 2021
Thomas Agrikola, Geoffroy Couteau, Sven Maier
We initiate the theoretical study of this question, and derive negative and positive results on the existence of such a protocol. We refute the feasibility of asymptotically secure anonymous transfer, where the message will be received with overwhelming probability while at the same time the identity of the sender remains hidden with overwhelming probability. On the other hand, resorting to fine-grained cryptography, we provide a heuristic instantiation (assuming ideal obfuscation) which guarantees that the message will be correctly received with overwhelming probability and the identity of the sender leaks with vanishing probability. Our results provide strong foundations for the study of the possibility of anonymous communications through authenticated channels, an intriguing goal which we believe to be of fundamental interest.