## IACR News

Updates on the COVID-19 situation are on the Announcement channel.

Here you can see all recent updates to the IACR webpage. These updates are also available:

#### 15 November 2021

###### Clemens Hlauschek, Norman Lahr, Robin Leander Schröder
ePrint Report
Well before large-scale quantum computers will be available, traditional cryptosystems must be transitioned to post-quantum secure schemes. The NIST PQC competition aims to standardize suitable cryptographic schemes. Candidates are evaluated not only on their formal security strengths, but are also judged based on the security of the optimized implementation, for example, with regard to resistance against side-channel attacks.

HQC is a promising code-based key encapsulation scheme and selected as an alternate candidate in the third round of the competition, which puts it on track for getting standardized separately to the finalists, in a fourth round.

Despite having already received heavy scrutiny with regard to side channel attacks, in this paper, we show a novel timing vulnerability in the optimized implementations of HQC, leading to a full secret key recovery. The attack is both practical, requiring only approx. 866,000 idealized decapsulation timing oracle queries in the 128-bit security setting, and structurally different from previously identified attacks on HQC: Previously, exploitable side-channel leakages have been identified in the BCH decoder of a previously submitted version, in the ciphertext check as well as in the PRF of the Fujisaki-Okamoto (FO) transformation employed by several NIST PQC KEM candidates. In contrast, our attack uses the fact that the rejection sampling routine invoked during the deterministic re-encryption of the KEM decapsulation leaks secret-dependent timing information. These timing leaks can be efficiently exploited to recover the secret key when HQC is instantiated with the (now constant-time) BCH decoder, as well as with the RMRS decoder of the current submission. Besides a detailed analysis of the new attack, we discuss possible countermeasures and their limits.

#### 14 November 2021

###### Novosibirsk, Russia, 7 June - 9 June 2022
Event Calendar
Event date: 7 June to 9 June 2022
###### Florida Atlantic University, Boca Raton, FL
Job Posting
The Department of Mathematical Sciences at Florida Atlantic University invites applications for two tenure-track positions at the assistant professor level in the area of cryptology, starting in August 2022.   We will consider applicants knowledgeable in the general area of cryptology. Preferences will be given to candidates with several broad areas of interest including, but not limited to, mathematical foundations of public-key cryptography, post-quantum cryptography (e.g., based on error-correcting codes, lattice problems, or polynomial systems of equations), and algorithmic number theory. In general, we will give higher priority to the overall originality and promise of the candidate’s work rather than to the sub-area specialization.   Responsibilities for this position will be teaching, scholarly research, and professional service.   The successful candidate is expected to apply for and secure external research funding, and actively participate in interdisciplinary programs. Applicants must possess a Ph.D. in Mathematics or a closely related field. Women, minorities, individuals with disabilities, veterans, and candidates who are from historically underrepresented backgrounds in STEM fields are encouraged to apply.   We seek candidates who through their research (working with both undergraduate and graduate students), teaching, and/or service can contribute to the diversity and academic excellence of our department, and who is committed to working with diverse faculty, students, staff, and the broader community.   Minimum Qualification:    Applicants must possess a Ph.D. in Mathematics or a closely related field.   Women, minorities, individuals with disabilities, veterans, and candidates who are from historically underrepresented backgrounds in STEM fields are encouraged to apply.  EOE

Closing date for applications:

Contact: For more information and to apply, visit www.fau.edu/jobs and go to Apply Now REQ11778.

###### Dept. of Computer Science, Aarhus University, Denmark
Job Posting
The Cryptography & Security Group at Aarhus University invites applications from Ph.D. holders in areas of Cryptography & Distributed Ledger technology.

The Cryptography & Security group is focused on the design of cryptographic protocols, distributed ledger technology as well as the development of fundamental cryptographic techniques. Note that this call is open ended, please send your application as soon as possible.

We currently have two open Postdoc positions. The successful candidate will work either with Prof. Ivan Damgård on the SecureDNA project or Prof. Jesper Buus Nielsen as part of the Cobra Research center. He or she will contribute to either of these research projects, as described in more detail here:

SecureDNA: improve efficiency and security of the SecureDNA system by conducting fundamental research in areas such as adaptive protocol security as well as the design of post-quantum cryptographic primitives, e.g., design of threshold PRF and OPRF. Work with the SecureDNA developers towards implementation of these improvements.

Cobra: Design and analysis of blockchain consensus protocols. Design and analysis of cryptographic tools for blockchains, e.g., zero-knowledge, MPC for blockchain, anonymous payments. Design and analysis of layer 2 protocols for blockchains.

The candidate is expected to spend part of the research time collaborating with Concordium Research on blockchain related research topics and can expect to coordinate part of the daily collaboration between COBRA and Concordium Research. There is also time for independent research and no restrictions on collaboration with other researchers.

Requirements: a Ph.D. degree in Computer Science, Applied Mathematics, or a related field. Competitive research record in cryptography or information security. Strong mathematical and algorithmic CS background. Fluent written and verbal communication skills in English

We offer a one-year employment contract, which is extendable based on performance, and highly competitive salaries.

Send your application with all material collected in a single pdf file to the contact person below.

Closing date for applications:

Contact: Malene Andersen, malene.andersen@cs.au.dk

###### University of Wollongong, Australia
Job Posting
The School of Computing and Information Technology (SCIT) at the University of Wollongong is looking to recruit an enthusiastic staff member to support teaching and research within SCIT, particularly in the cybersecurity domain, which includes flexible delivery, online degrees and micro-credentials. SCIT aims to maintain its position as a world class Research School and this position is expected to contribute towards that aim.

Closing date for applications:

Contact: Prof Willy Susilo

###### TU Wien
Job Posting
The Security and Privacy Research Unit at TU Wien (https://secpriv.wien) is offering a fully funded PhD position within the Christian Doppler Laboratory on Blockchain Technologies for the Internet of Things (CDL-BOT, https:// www.cdl-bot.at/en) under the supervision of Univ.-Prof. Dr. Matteo Maffei.

The successful candidate will conduct world-class research on the formal verification of security properties in cryptocurrencies, smart contracts, and DeFi applications.

The Security and Privacy group at TU Wien is internationally renowned, regularly publishes in top security and privacy venues, and consists of an international and diverse team with various expertise in the field of cryptography, security, and privacy.

We offer:
• An international environment: the working language is English, knowledge of German is not required.
• Continuing personal and professional education and flexible working hours
• Central location of workplace with very good accessibility (U1/U2/U4 Karlsplatz)
• A creative environment in one of the most liveable cities in the world
• A highly competitive salary
Interested candidates should send the application material to matteo.maffei@tuwien.ac.at. The application material should include:
• a motivation letter
• Bachelor and Master transcripts of records
• a publication list
• a curriculum vitae
• contact information for two referees
Applications received by November 19th will receive full consideration, but they will be accepted until the position is filled.

Additional details on the call are available at https://secpriv.wien/work/Bot.pdf

Closing date for applications:

Contact: Univ.-Prof. Dr. Matteo Maffei (matteo.maffei@tuwien.ac.at)

###### Institute of Information Security and Dependability at KIT, Germany
Job Posting
The Institute of Information Security and Dependability at KIT is looking for a Post-Doc with expertise in privacy-preserving cryptographic protocols with a focus on secure multi-party computation, ideally, having hands-on experiences with MPC-compilers. A track record in this field is expected, including publications at reputable conferences such as Crypto, Eurocrypt, ACM CCS, PETS, etc.

You will be a member of the KASTEL Security Research Labs (https://zentrum.kastel.kit.edu) and the Topic "Engineering Secure Systems" of the Helmholtz Association. KASTEL brings together security researchers belonging to various disciplines and offers excellent funding opportunities for your research projects.

Your research will be dealing with cryptographic protocols for privacy-preserving computations, e.g., applied to mobility systems. It will result in both theoretical security concepts (protocol designs, security proofs, etc.) and their practical implementation (e.g., a demonstrator) for some application domain. The contract will initially be limited to 1 year, but can be extended by several years (depending on the candidates performance).

If you are interested, please send me an email and formally apply using the link: ogy.de/cryptojob. Besides your CV including a list of your publications, please also include the names of three references.

Closing date for applications:

Contact: Andy Rupp (andy.rupp@rub.de)

###### Ruhr-Universitaet, Faculty of Computer Science, Bochum, Germany
Job Posting

TENURE TRACK AND FULL PROFESSORSHIP FOR PRIVACY

The Horst Görtz Institute for IT Security (HGI) in Bochum, Germany is one of the most renowned institutes in the field of IT Security in Europe. The HGI currently hosts 26 faculty members, maintains extensive networks and has produced numerous successful start-ups. HGI is home to the Cluster of Excellence "CASA: Cyber Security in the Age of Large-Scale Adversaries", funded with approximately 30 million euros. This outstanding environment offers excellent working conditions in a highly topical and exciting field. In addition, there is a very good working atmosphere in a young and diverse group of researchers.

The Faculty of Computer Science at Ruhr-Universität Bochum invites applications for an Assistant Professorship with tenure track and a tenured Full Professorship for Privacy. Applicants should have an excellent track record in research and teaching in at least one of the following areas:

• Cryptographic tools for privacy
• Differential privacy and private data analysis
• Machine learning and privacy
• Anonymous communication and censorship resistance
• Game theory approaches for privacy
• Data protection technologies.

We are looking for a scientist with an internationally visible research profile, who complements already existing focus areas. We expect a willingness to cooperate with the HGI as well as an active role in current and planned projects, especially in the Cluster of Excellence "CASA: Cyber Security in the Age of Large Scale Adversaries". The Max Planck Institute for Security and Privacy offers additional possibilities for collaboration.

Official job adds can be found here https://www.stellenwerk-bochum.de/en/node/407452 . Applications are requested by December 15, 2021 to the Dean of the Faculty of Computer Science at Ruhr-Universität Bochum, Alexander May, e-mail: career-casa@rub.de. Further information can be found on our homepages at https://informatik.rub.de/en/ https://casa.rub.de/en/

Closing date for applications:

Contact: Alexander May, Dean of the Faculty of Computer Science at Ruhr-Universitaet Bochum, Germany

• ###### Australian National University, School of Computing, Canberra, Australia
Job Posting

Based in the School of Computing at the Australian National University several fully funded PhD positions are available in on a project called “Efficient privacy-persevering proofs for secure e-government and e-voting.” The positions are for 3 years.

You will work on applying formal methods, particularly interactive theorem provers, to cryptography. The main focus of the project is verifying zero-knowledge proof systems.

The PhD student is expected to have a master's degree or equivalent, and a strong background in one or more of cryptography, formal methods, and mathematics.

Closing date for applications:

Contact: Thomas Haines

###### University of Leuven (Campus Diepenbeek)
Job Posting
In the Science, Engineering and Technology Group, Faculty of Engineering Technology, Department of Electrical Engineering (ESAT), Campus Diepenbeek at KU Leuven, a full-time vacancy for academic staff or tenure track (professor) is available in the area of hardware security for the Internet of Things (IoT). We are looking for internationally oriented candidates with an excellent research record in this area and a strong affinity with industrial applications. Besides scientific research, the candidate will be teaching in the field of embedded systems and digital hardware design (including FPGA design) within the Faculty of Engineering Technology at Campus Diepenbeek. KU Leuven (https://www.kuleuven.be/english) is a research-intensive, internationally orientated university that carries out both fundamental and applied scientific research. Our university is highly focused on interdisciplinary and multidisciplinary research and strives for international excellence. In this regard, the university actively works together with research partners in Belgium and abroad and provides its students with an academic education that is based on high-quality scientific research.
The department of Electrical Engineering (also known as ESAT (https://www.esat.kuleuven.be/english) of the KU Leuven conducts research at a high international level. It is also responsible for education in the domains of electrical engineering, electronics, and information processing. The department is also co-founder of many spin-off companies. With more than 300 PhD students, 200 master students, and 100 staff members, ESAT is a strong international research and educational department.
The applicant will join the Embedded Systems & Security (ES&S) group (https://iiw.kuleuven.be/onderzoek/ess) that is part of the COSIC research group (https://www.esat.kuleuven.be/cosic).

Closing date for applications:

Contact: Prof. Georges Gielen, Chair, Departement Electrical Engineering-ESAT, georges.gielen(AT)kuleuven.be

#### 10 November 2021

###### University of Neuchatel, Switzerland
Job Posting
We are looking for a PhD student to join our group on reinforcement learning and decision making under uncertainty more generally, at the University of Neuchatel, Switzerland. We expect the candidate to perform research in one the following domains. Theory of differntial privacy. Algorithms for differentially private machine learning. Algorithms for fairness in machine learning. Interactions between machine learning and game theory. Inference of human models of fairness or privacy. Mechanism design and incentives.

Closing date for applications:

Contact: Christos Dimitrakakis

###### University of Southern Queensland
Job Posting
ESSENTIAL CRITERIA 1. An extended Degree or higher qualification (eg Masters), or equivalent experience*, in Computing or a relevant discipline area from a recognised tertiary institution. Progression towards completion of a Doctoral qualification would be highly regarded. 2. Professional experience, or demonstrated deep knowledge, in a relevant discipline such as Cyber Security and/or Artificial Intelligence/Machine Learning. 3. Demonstrated research experience and expertise in privacy-preserving machine learning including privacy-preserving federated learning are the most desirable. Privacy preservation such as Secure Multi-party. 4. Computation or Differential Privacy, secure data sharing such a Secret Sharing, (distributed) machine learning, AI modelling for the healthcare domain. High Level computational and programming skills (e.g., Java, Python, or C/C++) 5. Experience in mobile app development, cloud-based solution design and deployment. deploying and IT solution in the healthcare domain, project management and coordination working with multidisciplinary researchers. Research Fellow Level A Position Description l Date – April 2021 RESEARCH FELLOW 6. Proven track record of publications in peer reviews journals and/or authorship of scientific papers, report and grant applications. 7. A record of science innovation and creativity, including the ability and willingness to incorporate novel ideas and approaches into scientific investigations as well as real-world deployment. 8. Knowledge and ability to engage in research that provides the opportunity to collaborate with others, advances knowledge, and engages with industry. 9. Willingness to engage in capacity building learning and teaching (academic) development activities. 10. High level oral and written communication and interpersonal skills, relating well to people at all levels using diplomacy, tact and sound judgement, with an ability to build constructive and effective relationships. 11. Alignment with the core University values of Respect, Integrity, and Excellence.

Closing date for applications:

###### Università di Roma Tor Vergata
Job Posting
Open 3 years long post-doc position at the Math Department of the University Tor Vergata on isogeny based cryptography. Here is the official call (download bando.pdf and see position reference number 1817). Unfortunately the call is in Italian, but the research project is in English. https://web.uniroma2.it/it/contenuto/procedure_pubbliche_selettive_per_il_reclutamento_di_n__56_ricercatori_con_contratto_a_tempo_determinato_ai_sensi_dellra The Department has a big research group in Algebra and Geometry. Among the people interested in elliptic curves, there are myself and Rene' Schoof. The salary is between 1300 and 1400 euro per month after taxes, but if you come from abroad you pay less taxes and get more money. The teaching duties are about 30 hours per year. The successful candidate will have to work for six months in the company Thales Alenia Spazio, checking if isogeny based protocols are suitable for space communications (the company might asks to look also into other protocols). The position comes with some money for traveling and inviting people. In particular, there might be the possibility of spending six months at IBM working with Luca De Feo. The deadline is unfortunately very soon. The call closes the 18th of November, the successful candidate should start working here ideally as early as January or February.

Closing date for applications:

Contact: Giulio Codogni

###### Lund University, Sweden
Job Posting
Doctoral student in Electrical Engineering with focus on security for production systems and principles for protected data analytics on cloud resources. The research project will be in the field of protected cloud based data analytics in online production systems. The research is system oriented and we will work with combinations between well established computer/communication security solutions and novel data protection. Especially, the research is directed towards principles utilizing state replication for protected sharing of data among multiple stakeholders as well as using machine learning for advanced access protection profile generation.

Closing date for applications:

Contact: Prof. Christian Gehrmann

#### 08 November 2021

###### Robin M. Berger, Marcel Tiepelt
ePrint Report
SPHINCS+ is a state-of-the-art hash based signature scheme, the security of which is either based on SHA-256, SHAKE-256 or on the Haraka hash function. In this work, we perform an in-depth analysis of how the hash functions are embedded into SPHINCS+ and how the quantum pre-image resistance impacts the security of the signature scheme. Subsequently, we evaluate the cost of implementing Grover’s quantum search algorithm to find a pre-image that admits a universal forgery. In particular, we provide quantum implementations of the Haraka and SHAKE-256 hash functions in Q# and consider the efficiency of attacks in the context of fault-tolerant quantum computers. We restrict our findings to SPHINCS+-128 due to the limited security margin of Haraka. Nevertheless, we present an attack that performs better, to the best of our knowledge, than previously published attacks. We can forge a SPHINCS + -128-Haraka signature in about $1.5 \cdot 2^{90}$ surface code cycles and $2.03 \cdot 10^{6}$ physical qubits, translating to about $1.55 \cdot 2^{101}$ logical-qubit-cycles. For SHAKE-256, the same attack requires $8.65 \cdot 10^{6}$ qubits and $1.6 \cdot 2^{84}$ cycles resulting in about $1.17 \cdot 2^{99}$ logical-qubit-cycles.
###### Nan Li, Yingjiu Li, Atsuko Miyaji, Yangguang Tian, Tsz Hon Yuen
ePrint Report
Ring signature allows a signer to generate a signature on behalf of a set of public keys, while a verifier can verify the signature without identifying who the actual signer is. In Crypto 2021, Yuen et al. proposed a new type of ring signature scheme called DualRing. However, it lacks forward security. The security of DualRing cannot be guaranteed if the signer's secret key is compromised. In this work, we introduce forward-secure DualRing. The singer can periodically update his secret key using our proposed split-and-combine" method to mitigate the security risks caused by the leakage of secret keys. We present a practical scheme based on the discrete logarithm assumption. We show a detailed evaluation to validate its practicality.
###### Meghal Gupta, Rachel Yun Zhang
ePrint Report
In interactive coding, Alice and Bob wish to compute some function $f$ of their individual private inputs $x$ and $y$. They do this by engaging in a non-adaptive (fixed order, fixed length) interactive protocol to jointly compute $f(x,y)$. The goal is to do this in an error-resilient way, such that even given some fraction of adversarial corruptions to the protocol, both parties still learn $f(x,y)$.

In this work, we study the optimal error resilience of such a protocol in the face of adversarial bit flip or erasures. While the optimal error resilience of such a protocol over a large alphabet is well understood, the situation over the binary alphabet has remained open. In this work, we resolve this problem of determining the optimal error resilience over binary channels. In particular, we construct protocols achieving $\frac16$ error resilience over the binary bit flip channel and $\frac12$ error resilience over the binary erasure channel, for both of which matching upper bounds are known. We remark that the communication complexity of our binary bit flip protocol is polynomial in the size of the inputs, and the communication complexity of our binary erasure protocol is linear in the size of the minimal noiseless protocol computing $f$.
###### Meghal Gupta, Yael Tauman Kalai, Rachel Zhang
ePrint Report
An error correcting code ($\mathsf{ECC}$) allows a sender to send a message to a receiver such that even if a constant fraction of the communicated bits are corrupted, the receiver can still learn the message correctly. Due to their importance and fundamental nature, $\mathsf{ECC}$s have been extensively studied, one of the main goals being to maximize the fraction of errors that the $\mathsf{ECC}$ is resilient to.

For adversarial erasure errors (over a binary channel) the maximal error resilience of an $\mathsf{ECC}$ is $\frac12$ of the communicated bits. In this work, we break this $\frac12$ barrier by introducing the notion of an interactive error correcting code ($\mathsf{iECC}$) and constructing an $\mathsf{iECC}$ that is resilient to adversarial erasure of $\frac35$ of the total communicated bits. We emphasize that the adversary can corrupt both the sending party and the receiving party, and that both parties' rounds contribute to the adversary's budget.

We also prove an impossibility (upper) bound of $\frac23$ on the maximal resilience of any binary $\mathsf{iECC}$ to adversarial erasures. In the bit flip setting, we prove an impossibility bound of $\frac27$.
###### Eldon Chung, Maciej Obremski, Divesh Aggarwal
ePrint Report
The known constructions of negligible error (non-malleable) two-source extractors can be broadly classified in three categories:

(1) Constructions where one source has min-entropy rate about $1/2$, the other source can have small min-entropy rate, but the extractor doesn't guarantee non-malleability.

(2) Constructions where one source is uniform, and the other can have small min-entropy rate, and the extractor guarantees non-malleability when the uniform source is tampered.

(3) Constructions where both sources have entropy rate very close to $1$ and the extractor guarantees non-malleability against the tampering of both sources.

We introduce a new notion of collision resistant extractors and in using it we obtain a strong two source non-malleable extractor where we require the first source to have $0.8$ entropy rate and the other source can have min-entropy polylogarithmic in the length of the source.

We show how the above extractor can be applied to obtain a non-malleable extractor with output rate $\frac 1 2$, which is optimal. We also show how, by using our extractor and extending the known protocol, one can obtain a privacy amplification secure against memory tampering where the size of the secret output is almost optimal.
###### Amirhossein Ebrahimi, Francesco Regazzoni, Paolo Palmieri
ePrint Report
In a differential cryptanalysis attack, the attacker tries to observe a block cipher's behavior under an input difference: if the system's resulting output differences show any non-random behavior, a differential distinguisher is obtained. While differential cryptanlysis has been known for several decades, Gohr was the first to propose in 2019 the use of machine learning (ML) to build a distinguisher. In this paper, we present the first Partial Differential (PD) ML-distinguisher, and demonstrate its effectiveness on lightweight cipher SPECK32/64. As a PD-ML-distinguisher is based on a selection of bits rather than all bits in a block, we also study if different selections of bits have different impact in the accuracy of the distinguisher, and we find that to be the case. More importantly, we also establish that certain bits have reliably higher effectiveness than others, through a series of independent experiments on different datasets, and we propose an algorithm for assigning an effectiveness score to each bit in the block. By selecting the highest scoring bits, we are able to train a partial ML-distinguisher over 8-bits that is almost as accurate as an equivalent ML-distinguisher over the entire 32 bits (68.8% against 72%), for six rounds of SPECK32/64. The reduced input size implies a significant reduction in the complexity of achieving a distinguisher, and also leads to a reduction in the number of bits of possible subkeys to be guessed in a potential subsequent key recovery attack. These results may therefore open the way to the application of (partial) ML-based distinguishers to ciphers whose block size has so far been considered too large.